Detection and Mitigation of Attacks on Transportation Networks as a Multi-Stage Security Game

In recent years, state-of-the-art traffic-control devices have evolved from standalone hardware to networked smart devices. Smart traffic control enables operators to decrease traffic congestion and environmental impact by acquiring real-time traffic data and changing traffic signals from fixed to adaptive schedules. However, these capabilities have inadvertently exposed traffic control to a wide range of cyber-attacks, which adversaries can easily mount through wireless networks or even through the Internet. Indeed, recent studies have found that a large number of traffic signals that are deployed in practice suffer from exploitable vulnerabilities, which adversaries may use to take control of the devices. Thanks to the hardware-based failsafes that most devices employ, adversaries cannot cause traffic accidents directly by setting compromised signals to dangerous configurations. Nonetheless, an adversary could cause disastrous traffic congestion by changing the schedule of compromised traffic signals, thereby effectively crippling the transportation network. To provide theoretical foundations for the protection of transportation networks from these attacks, we introduce a game-theoretic model of launching, detecting, and mitigating attacks that tamper with traffic-signal schedules. We show that finding optimal strategies is a computationally challenging problem, and we propose efficient heuristic algorithms for finding near optimal strategies. We also introduce a Gaussian-process based anomaly detector, which can alert operators to ongoing attacks. Finally, we evaluate our algorithms and the proposed detector using numerical experiments based on the SUMO traffic simulator

A Minimax Game for Resilient-by-design Adaptive Traffic Control Systems

Connected and Autonomous Vehicles (CAVs) with their evolving data gathering capabilities will play a significant role in road safety and efficiency applications supported by Intelligent Transport Systems (ITS), such as Adaptive Traffic Signal Control (ATSC) for urban traffic congestion management. However, their involvement will expand the space of security vulnerabilities and create larger threat vectors. We perform the first detailed security analysis and implementation of a new cyber-physical attack category carried out by the network of CAVs on ITS, namely, coordinated Sybil attacks, where vehicles with forged or fake identities try to alter the data collected by the ATSC algorithms to sabotage their decisions. Consequently, a novel, game-theoretic mitigation approach at the application layer is proposed to minimize the impact of Sybil attacks. The devised minimax game model enables the ATSC algorithm to generate optimal decisions under a suspected attack, improving its resilience. Extensive experimentation is performed on a traffic dataset provided by the City of Montreal under real-world intersection settings to evaluate the attack impact. Our results improved time loss on attacked intersections by approximately 48.9%. Substantial benefits can be gained from the mitigation, yielding more robust control of traffic across networked intersections

Security Risk Analysis of the Shorter-Queue Routing Policy for Two Symmetric Servers

In this article, we study the classical shortest queue problem under the influence of malicious attacks, which is relevant to a variety of engineering system including transportation, manufacturing, and communications. We consider a homogeneous Poisson arrival process of jobs and two parallel exponential servers with symmetric service rates. A system operator route incoming jobs to the shorter queue; if the queues are equal, the job is routed randomly. A malicious attacker is able to intercept the operator's routing instruction and overwrite it with a randomly generated one. The operator is able to defend individual jobs to ensure correct routing. Both attacking and defending induce technological costs. The attacker's (resp. operator's) decision is the probability of attacking (resp. defending) the routing of each job. We first quantify the queuing cost for given strategy profiles by deriving a theoretical upper bound for the cost. Then, we formulate a non-zero-sum attacker-defender game, characterize the equilibria in multiple regimes, and quantify the security risk. We find that the attacker's best strategy is either to attack all jobs or not to attack, and the defender's strategy is strongly influenced by the arrival rate of jobs. Finally, as a benchmark, we compare the security risks of the feedback-controlled system to a corresponding open-loop system with Bernoulli routing. We show that the shorter-queue policy has a higher (resp. lower) security risk than the Bernoulli policy if the demand is lower (resp. higher) than the service rate of one server