Anibal Sanjab

Prospect theory for enhanced cyber-physical security of drone delivery systems: A network interdiction game

The use of unmanned aerial vehicles (UAVs) as delivery systems of online goods is rapidly becoming a global norm, as corroborated by Amazons “Prime Air” and Googles “Project Wing” projects. However, the real-world deployment of such drone delivery systems faces many cyber-physical security challenges. In this paper, a novel mathematical framework for analyzing and enhancing the security of drone delivery systems is introduced. In this regard, a zero-sum network interdiction game is formulated between a vendor, operating a drone delivery system, and a malicious attacker. In this game, the vendor seeks to find the optimal path that its UAV should follow, to deliver a purchase from the vendors warehouse to a customer location, to minimize the delivery time. Meanwhile, an attacker seeks to choose an optimal location to interdict the potential paths of the UAVs, so as to inflict cyber or physical damage to it, thus, maximizing its delivery time. First, the Nash equilibrium point of this game is characterized. Then, to capture the subjective behavior of both the vendor and attacker, new notions from prospect theory are incorporated into the game. These notions allow capturing the vendors and attackers i) subjective perception of attack success probabilities, and ii) their disparate subjective valuations of the achieved delivery times relative to a certain target delivery time. Simulation results have shown that the subjective decision making of the vendor and attacker leads to adopting risky path selection strategies which inflict delays to the delivery, thus, yielding unexpected delivery times which surpass the target delivery time set by the vendor.

On bounded rationality in cyber-physical systems security: Game-theoretic analysis with application to smart grid protection

In this paper, a general model for cyber-physical systems (CPSs), that captures the diffusion of attacks from the cyber layer to the physical system, is studied. In particular, a game-theoretic approach is proposed to analyze the interactions between one defender and one attacker over a CPS. In this game, the attacker launches cyber attacks on a number of cyber components of the CPS to maximize the potential harm to the physical system while the system operator chooses to defend a number of cyber nodes to thwart the attacks and minimize potential damage to the physical side. The proposed game explicitly accounts for the fact that both attacker and defender can have different computational capabilities and disparate levels of knowledge of the system. To capture such bounded rationality of attacker and defender, a novel approach inspired from the behavioral framework of cognitive hierarchy theory is developed. In this framework, the defender is assumed to be faced with an attacker that can have different possible thinking levels reflecting its knowledge of the system and computational capabilities. To solve the game, the optimal strategies of each attacker type are characterized and the optimal response of the defender facing these different types is computed. This general approach is applied to smart grid security considering wide area protection with energy markets implications. Numerical results show that a deviation from the Nash equilibrium strategy is beneficial when the bounded rationality of the attacker is considered. Moreover, the results show that the defenders incentive to deviate from the Nash equilibrium decreases when faced with an attacker that has high computational ability.

Game theory for secure critical interdependent gas-power-water infrastructure

A citys critical infrastructure such as gas, water, and power systems, are largely interdependent since they share energy, computing, and communication resources. This, in turn, makes it challenging to endow them with fool-proof security solutions. In this paper, a unified model for interdependent gas- power-water infrastructure is presented and the security of this model is studied using a novel game-theoretic framework. In particular, a zero-sum noncooperative game is formulated between a malicious attacker who seeks to simultaneously alter the states of the gas-power-water critical infrastructure to increase the power generation cost and a defender who allocates communication resources over its attack detection filters in local areas to monitor the infrastructure. At the mixed strategy Nash equilibrium of this game, numerical results show that the expected power generation cost deviation is 35% lower than the one resulting from an equal allocation of resources over the local filters. The results also show that, at equilibrium, the interdependence of the power system on the natural gas and water systems can motivate the attacker to target the states of the water and natural gas systems to change the operational states of the power grid. Conversely, the defender allocates a portion of its resources to the water and natural gas states of the interdependent system to protect the grid from state deviations.

Hardware Trojan Detection Game: A Prospect-Theoretic Approach

Outsourcing integrated circuit (IC) manufacturing to offshore foundries has grown exponentially in recent years. Given the critical role of ICs in the control and operation of vehicular systems and other modern engineering designs, such offshore outsourcing has led to serious security threats due to the potential of insertion of hardware trojans—malicious designs that, when activated, can lead to highly detrimental consequences. In this paper, a novel game-theoretic framework is proposed to analyze the interactions between a hardware manufacturer, acting as an attacker, and an IC testing facility, acting as a defender. The problem is formulated as a noncooperative game in which the attacker must decide on the type of trojan that it inserts while taking into account the detection penalty as well as the damage caused by the trojan. Meanwhile, the resource-constrained defender must decide on the best testing strategy that allows optimizing its overall utility which accounts for both damages and the fines. The proposed game is based on the robust behavioral framework of prospect theory (PT) which allows capturing the potential uncertainty, risk, and irrational behavior in the decision making of both the attacker and defender. For both the standard rational expected utility (EUT) case and the PT case, a novel algorithm based on fictitious play is proposed and shown to converge to a mixed-strategy Nash equilibrium. For an illustrative case study, thorough analytical results are derived for both EUT and PT to study the properties of the reached equilibrium as well as the impact of key system parameters such as the defender-set fine. Simulation results assess the performance of the proposed framework under both EUT and PT and show that the use of PT will provide invaluable insights on the outcomes of the proposed hardware trojan game, in particular, and system security, in general.