The vulnerability of Mobility-as-a-Service (MaaS) systems to Denial-of-Service (DoS) attacks is studied. We use a queuing-theoretical framework to model the redispatch process used by operators to maintain a high service availability, as well as potential cyber-attacks on this process. It encompasses a customer arrival rate model at different sections of an urban area to pick up vehicles to travel within the network. Expanding this re-balance model, we analyze DoS cyber-attacks of MasS systems by controlling a fraction of the cars maliciously through fake reservations (so called Zombies) placed in the system (similar to the computer science field where a Zombie is a computer that a remote attacker has accessed for malicious purpose). The attacker can the use the block-coordinate descent algorithm proposed in the present work to derive optimal strategies to minimize the efficiency of the MaaS system, thereby allowing us to quantify the economic loss of such system under attack. The technique is shown to work well and enables us to arbitrarily deplete taxi availabilities based on the attacker’s choice and the radius of attacks, which is demonstrated by drawing a “Cal” logo in Manhattan. Finally, a cost-benefit analysis from 75 million taxi trips shows diminishing returns for the attacker and that countermeasures raising the attack cost to more than $15 protect MaaS systems in NYC from Zombies.
Copyright. All Rights Reserved.