ZUbers against ZLyfts Apocalypse: An Analysis Framework for DoS Attacks on Mobility-As-A-Service Systems

Abstract

The vulnerability of Mobility-as-a-Service (MaaS) systems to Denial-of-Service (DoS) attacks is studied. We use a queuing-theoretical framework to model the re-dispatch process used by operators to maintain a high service availability, as well as potential cyber-attacks on this process. It encompasses a customer arrival rate model at different sections of an urban area to pick up vehicles traveling within the network. Expanding this re-balance model, we analyze DoS cyber-attacks of MaaS systems by controlling a fraction of the cars maliciously through fake reservations (so called Zombies) placed in the system (similar to the computer science field where a Zombie is a computer that a remote attacker has accessed for malicious purpose). The attacker can then use the block-coordinate descent algorithm proposed in the present work to derive optimal strategies to minimize the efficiency of the MaaS system, thereby allowing us to quantify the economic loss of such systems under attack. The technique is shown to work well and enables us to arbitrarily deplete taxi availabilities based on the attacker's choice and the radius of attacks, which is demonstrated by drawing a "Cal" logo in Manhattan. Finally, a cost-benefit analysis using data from 75 million taxi trips shows diminishing returns for the attacker and that countermeasures raising the attack cost to more than $15 could protect MaaS systems in NYC from Zombies.