A Non-Cooperative Game based Model for the Cybersecurity of Autonomous Systems Farha Jahan ∗ , Weiqing Sun ∗ , and Quamar Niyaz † ∗ College of Engineering, The University of Toledo, Toledo, OH 43606, USA † College of Engineering and Sciences, Purdue University Northwest, Hammond, IN 46323, USA farha.jahan@rockets.utoledo.edu, weiqing.sun@utoledo.edu, qniyaz@pnw.edu Abstract—Autonomous systems (AS) would soon revolutionize the way we live and work. The days are not so far when these systems, from delivery drones to driverless cars, would be seen around us. These systems are connected and rely heavily on the communication network for the information exchange, hence prone to several attacks. Human lives will be at risk if these systems are compromised. Cybersecurity modeling and attack analysis of AS needs the utmost attention of the research com- munity. Primarily, a typical AS has three modules – perception, cognition, and control – and each one of them comes with their own vulnerabilities. In this work, we propose a new AS architecture that may prove useful in AS cybersecurity modeling. We also model the attacks on them, and defense mechanisms applied to these modules using a non-cooperative non-zero sum game. Finally, we solve this game to obtain optimal strategies to maintain a secure system state. Index Terms—autonomous systems, cybersecurity, game the- ory, Nash Equilibrium I. I NTRODUCTION The world is progressing towards the era of AS. Au- tonomous operations with voluminous data processing, inte- grated AI, and high definition imaging would develop new areas of applications for UAVs (Unmanned Autonomous Ve- hicles) that would change the outlook of this booming industry. These AS would increase efficiency and task productivity with improved safety in work environments. For example, any accident investigation that could manually take three hours to collect information could be done in less than an hour using a drone, reducing the traffic delays and saving time and money [1]. The driverless cars are estimated to save around millions of lives worldwide by avoiding accidents caused by human errors [2]. As the level of autonomy of these systems moves towards full automation, attack vectors and their impact would increase as well, which may result in deadly consequences [3]. Attacks with increased complexity are on the rise in recent days. It is critical to consider the security of these systems and explore the solutions thereby. Also, the research community lacks generalized modeling of cyberattacks on AS. One approach could be to apply game theory in this regard [4]. The main contributions of this paper are multi-fold. First, we model a generalized AS architecture based on common modules of AS such as a driverless car, robot, and drones. An attack on an autonomous system can be on any of its modules, and, based on the defensive measures, the impact would vary accordingly. Second, we propose a strategic non- cooperative non-zero sum game for modeling attacks on an AS to numerically compute the mixed strategies that achieve the Nash Equilibrium (NE) and the expected payoffs of the players. The AS would act as a defender while an adversary could be an individual attacker, a network node, or another AS. A game-theoretic framework can be used to analyze the system’s response and payoffs for both the players in an attack situation when certain measures are in action. Third, we have taken into account the probability of a successful attack in defense and no defense scenarios and the cost of damage in our computation. In addition, we consider the game as a ’non-zero sum’, which maps to the real world more realistically than the works of [5], [6]. Fourth, we extend the works in [7] to a n ×n bimatrix game represented in a normal form. This method is easier than the algebraic/differential method to calculate the mixed strategies of n × n games where n> 2. Although various works have analyzed the threat and attack modeling of these systems individually, the research community lacks a generalized security modeling of these systems. Also, Section II discuss various cyber attack-defense game, but to the best of our knowledge, none has proposed a game related to the security of the autonomous system. The rest of the paper is organized as follows. A summary of related work is provided in Section II. In Section III, we discuss the high-level architecture of an AS. The architecture will give us an idea to design the game, proposed in Section IV for which we evaluate the payoffs and Nash equilibrium. In Section V, we validate our approach through a case study. Finally, we conclude the paper in Section VI. II. RELATED WORK Various game models have been applied in network security to model attacks as well as propose secure design or operation for specific cyber-physical systems (CPS). However, there are limited works that attempt to address the cybersecurity issue of AS. An early work from 2015 developed a game- based security framework for multi-agent AS [8]. The work leverages the cyber-physical nature of AS to formulate a min-max model-based predictive control (MPC) problem and proposes a dynamic signaling game model to solve it. Another relevant work in 2018 applied a robust deep reinforcement learning (DRL) model in combination with long-short term memory (LSTM) and game theory for security and safety in autonomous vehicle systems [9]. Several works have attempted to apply game theory principles to secure design, operation, 202 2020 Symposium on Security and Privacy Workshops (SPW) © 2020, Weiqing Sun. Under license to IEEE. DOI 10.1109/SPW50608.2020.00049