ZUbers against ZLyfts Apocalypse: An Analysis Framework for DoS Attacks on Mobility-as-a-Service Systems
Alex Bayen

Citation
Alex Bayen. "ZUbers against ZLyfts Apocalypse: An Analysis Framework for DoS Attacks on Mobility-as-a-Service Systems". Talk or presentation, 4, November, 2015.

Abstract
The vulnerability of Mobility-as-a-Service (MaaS) systems to Denial-of-Service (DoS) attacks is studied. We use a queuing-theoretical framework to model the redispatch process used by operators to maintain a high service availability, as well as potential cyber-attacks on this process. It encompasses a customer arrival rate model at different sections of an urban area to pick up vehicles to travel within the network. Expanding this re-balance model, we analyze DoS cyber-attacks of MasS systems by controlling a fraction of the cars maliciously through fake reservations (so called Zombies) placed in the system (similar to the computer science field where a Zombie is a computer that a remote attacker has accessed for malicious purpose). The attacker can the use the block-coordinate descent algorithm proposed in the present work to derive optimal strategies to minimize the efficiency of the MaaS system, thereby allowing us to quantify the economic loss of such system under attack. The technique is shown to work well and enables us to arbitrarily deplete taxi availabilities based on the attacker’s choice and the radius of attacks, which is demonstrated by drawing a “Cal” logo in Manhattan. Finally, a cost-benefit analysis from 75 million taxi trips shows diminishing returns for the attacker and that countermeasures raising the attack cost to more than $15 protect MaaS systems in NYC from Zombies.

Electronic downloads

Internal. This publication has been marked by the author for FORCES-only distribution, so electronic downloads are not available without logging in.

Citation formats

• HTML

  Alex Bayen. <a
  href="http://www.cps-forces.org/pubs/90.html"
  ><i>ZUbers against ZLyfts Apocalypse: An Analysis
  Framework for DoS Attacks on Mobility-as-a-Service
  Systems</i></a>, Talk or presentation,  4,
  November, 2015.

• Plain text

  Alex Bayen. "ZUbers against ZLyfts Apocalypse: An
  Analysis Framework for DoS Attacks on Mobility-as-a-Service
  Systems". Talk or presentation,  4, November, 2015.

• BibTeX

  @presentation{Bayen15_ZUbersAgainstZLyftsApocalypseAnalysisFrameworkForDoS,
      author = {Alex Bayen},
      title = {ZUbers against ZLyfts Apocalypse: An Analysis
                Framework for DoS Attacks on Mobility-as-a-Service
                Systems},
      day = {4},
      month = {November},
      year = {2015},
      abstract = {The vulnerability of Mobility-as-a-Service (MaaS)
                systems to Denial-of-Service (DoS) attacks is
                studied. We use a queuing-theoretical framework to
                model the redispatch process used by operators to
                maintain a high service availability, as well as
                potential cyber-attacks on this process. It
                encompasses a customer arrival rate model at
                different sections of an urban area to pick up
                vehicles to travel within the network. Expanding
                this re-balance model, we analyze DoS
                cyber-attacks of MasS systems by controlling a
                fraction of the cars maliciously through fake
                reservations (so called Zombies) placed in the
                system (similar to the computer science field
                where a Zombie is a computer that a remote
                attacker has accessed for malicious purpose). The
                attacker can the use the block-coordinate descent
                algorithm proposed in the present work to derive
                optimal strategies to minimize the efficiency of
                the MaaS system, thereby allowing us to quantify
                the economic loss of such system under attack. The
                technique is shown to work well and enables us to
                arbitrarily deplete taxi availabilities based on
                the attacker�s choice and the radius of attacks,
                which is demonstrated by drawing a �Cal� logo
                in Manhattan. Finally, a cost-benefit analysis
                from 75 million taxi trips shows diminishing
                returns for the attacker and that countermeasures
                raising the attack cost to more than $15 protect
                MaaS systems in NYC from Zombies.},
      URL = {http://cps-forces.org/pubs/90.html}
  }
  

Posted by Carolyn Winter on 4 Nov 2015.
Groups: forces
For additional information, see the Publications FAQ or contact webmaster at cps-forces org.