Proactive Population-Risk Based Defense Against Denial of Cyber-Physical Service Attacks
Jeffrey Pawlick, Quanyan Zhu

TL;DR
This paper introduces a game-theoretic model to quantify and mitigate the risk of physical denial-of-service attacks in IoT-enabled cyber-physical systems, demonstrating that active defense strategies are highly effective.
Contribution
It develops a Poisson signaling game model to analyze botnet recruitment and evaluates legal and economic mechanisms for proactive defense in IoT cyber-physical systems.
Findings
Legislating minimum security levels has limited impact.
Active defense incentives can arbitrarily reduce botnet activity.
Defenders can effectively bound botnet activity.
Abstract
While the Internet of things (IoT) promises to improve areas such as energy efficiency, health care, and transportation, it is highly vulnerable to cyberattacks. In particular, DDoS attacks work by overflowing the bandwidth of a server. But many IoT devices form part of cyber-physical systems (CPS). Therefore, they can be used to launch a "physical" denial-of-service attack (PDoS) in which IoT devices overflow the "physical bandwidth" of a CPS. In this paper, we quantify the population-based risk to a group of IoT devices targeted by malware for a PDoS attack. To model the recruitment of bots, we extend a traditional game-theoretic concept and create a "Poisson signaling game." Then we analyze two different mechanisms (legal and economic) to deter botnet recruitment. We find that 1) defenders can bound botnet activity and 2) legislating a minimum level of security has only a limited…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSmart Grid Security and Resilience · Network Security and Intrusion Detection · Information and Cyber Security
