The use of unmanned aerial vehicles (UAVs) as delivery systems of online goods is rapidly becoming a global norm, as corroborated by Amazon's "Prime Air" and Google's "Project Wing" projects. However, the real-world deployment of such drone delivery systems faces many cyber-physical security challenges. In this paper, a novel mathematical framework for analyzing and enhancing the security of drone delivery systems is introduced. In this regard, a zero-sum network interdiction game is formulated between a vendor, operating a drone delivery system, and a malicious attacker. In this game, the vendor seeks to find the optimal path that its UAV should follow, to deliver a purchase from the vendor's warehouse to a customer location, to minimize the delivery time. Meanwhile, an attacker seeks to choose an optimal location to interdict the potential paths of the UAVs, so as to inflict cyber or physical damage to it, thus, maximizing its delivery time. First, the Nash equilibrium point of this game is characterized. Then, to capture the subjective behavior of both the vendor and attacker, new notions from prospect theory are incorporated into the game. These notions allow capturing the vendor's and attacker's i) subjective perception of attack success probabilities, and ii) their disparate subjective valuations of the achieved delivery times relative to a certain target delivery time. Simulation results have shown that the subjective decision making of the vendor and attacker leads to adopting risky path selection strategies which inflict delays to the delivery, thus, yielding unexpected delivery times which surpass the target delivery time set by the vendor.
Abstract-Data injection attacks have recently emerged as a significant threat on the smart power grid. By launching data injection attacks, an adversary can manipulate the real-time locational marginal prices to obtain economic benefits. Despite the surge of existing literature on data injection, most such works assume the presence of a single attacker and assume no cost for attack or defense. In contrast, in this paper, a model for data injection attacks with multiple adversaries and a single smart grid defender is introduced. To study the defender-attackers interaction, two game models are considered. In the first, a Stackelberg game model is used in which the defender acts as a leader that can anticipate the actions of the adversaries, that act as followers, before deciding on which measurements to protect. The existence and properties of the Stackelberg equilibrium of this game are studied. To find the equilibrium, a distributed learning algorithm that operates under limited system information is proposed and shown to converge to the game solution. In the second proposed game model, it is considered that the defender cannot anticipate the actions of the adversaries. To this end, we proposed a hybrid satisfaction equilibrium -Nash equilibrium game and defined its equilibrium concept. A search algorithm is also provided to find the equilibrium of the hybrid game. Numerical results using the IEEE 30-bus system are used to illustrate and analyze the strategic interactions between the attackers and defender. Our results show that by defending a very small set of measurements, the grid operator can achieve an equilibrium through which the optimal attacks have no effect on the system. Moreover, our results show how, at equilibrium, multiple attackers can play a destructive role towards each other, by choosing to carry out attacks that cancel each other out, leaving the system unaffected. In addition, we compared the obtained equilibrium strategies under the Stackelberg and the hybrid models and we characterized the amount of loss that the defender endures due to its inability to anticipate the attackers' actions.
Abstract-Outsourcing integrated circuit (IC) manufacturing to offshore foundries has grown exponentially in recent years. Given the critical role of ICs in the control and operation of vehicular systems and other modern engineering designs, such offshore outsourcing has led to serious security threats due to the potential of insertion of hardware trojans -malicious designs that, when activated, can lead to highly detrimental consequences. In this paper, a novel game-theoretic framework is proposed to analyze the interactions between a hardware manufacturer, acting as attacker, and an IC testing facility, acting as defender. The problem is formulated as a noncooperative game in which the attacker must decide on the type of trojan that it inserts while taking into account the detection penalty as well as the damage caused by the trojan. Meanwhile, the resource-constrained defender must decide on the best testing strategy that allows optimizing its overall utility which accounts for both damages and the fines. The proposed game is based on the robust behavioral framework of prospect theory (PT) which allows capturing the potential uncertainty, risk, and irrational behavior in the decision making of both the attacker and defender. For both, the standard rational expected utility (EUT) case and the PT case, a novel algorithm based on fictitious play is proposed and shown to converge to a mixed-strategy Nash equilibrium. For an illustrative case study, thorough analytical results are derived for both EUT and PT to study the properties of the reached equilibrium as well as the impact of key system parameters such as the defender-set fine. Simulation results assess the performance of the proposed framework under both EUT and PT and show that the use of PT will provide invaluable insights on the outcomes of the proposed hardware trojan game, in particular, and system security, in general.
Competitive resource allocation between adversarial decision makers arises in a wide spectrum of realworld applications such as in communication systems, cyberphysical systems security, as well as financial and political competition. Hence, developing analytical tools to model and analyze competitive resource allocation is crucial for devising optimal allocation strategies and anticipating the potential outcomes of the competition. To this end, the Colonel Blotto game is one of the most popular game-theoretic frameworks for modeling and analyzing such competitive resource allocation problems. However, in many practical competitive situations, the Colonel Blotto game does not admit solutions in deterministic strategies and, hence, one must rely on analytically complex mixed-strategies with their associated tractability, applicability, and practicality challenges. In this regard, in this paper, a generalization of the Colonel Blotto game which enables the derivation of deterministic, practical, and implementable equilibrium strategies is proposed while accounting for scenarios with heterogeneous battlefields. In addition, the proposed generalized game factors in the consumed/destroyed resources in each battlefield, a feature that is not considered in the classical Blotto game. For this generalized game, the existence of a Nash equilibrium in pure strategies is shown. Then, closedform analytical expressions of the equilibrium strategies are derived and the outcome of the game is characterized, based on the number of each player's resources and each battlefield's valuation. The generated results provide invaluable insights on the outcome of the competition. For example, the results show that, when both players are fully rational, the more resourceful player can achieve a better total payoff at the Nash equilibrium, a result that is not mimicked in the classical Blotto game.
In this paper, a general model for cyber-physical systems (CPSs), that captures the diffusion of attacks from the cyber layer to the physical system, is studied. In particular, a game-theoretic approach is proposed to analyze the interactions between one defender and one attacker over a CPS. In this game, the attacker launches cyber attacks on a number of cyber components of the CPS to maximize the potential harm to the physical system while the system operator chooses to defend a number of cyber nodes to thwart the attacks and minimize potential damage to the physical side. The proposed game explicitly accounts for the fact that both attacker and defender can have different computational capabilities and disparate levels of knowledge of the system. To capture such bounded rationality of attacker and defender, a novel approach inspired from the behavioral framework of cognitive hierarchy theory is developed. In this framework, the defender is assumed to be faced with an attacker that can have different possible thinking levels reflecting its knowledge of the system and computational capabilities. To solve the game, the optimal strategies of each attacker type are characterized and the optimal response of the defender facing these different types is computed. This general approach is applied to smart grid security considering wide area protection with energy markets implications. Numerical results show that a deviation from the Nash equilibrium strategy is beneficial when the bounded rationality of the attacker is considered. Moreover, the results show that the defender's incentive to deviate from the Nash equilibrium decreases when faced with an attacker that has high computational ability.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.