Bayesian Game for Cyber Deception Against Remote Attack on Automotive Systems

Cyber deception is a highly recommended technique in cyber defense and is being used more and more by cyber security experts to provide a more optimal network security defense. We propose a deception model adapted to cyber attacks on automotive systems that will not only thwart cyber attacks but also deceive the attacker who initiates the attack so that he is convinced of the success of his attack. However, the proposed model will allow the deception defense to lure the attacker into providing an optimal response while assuming that the attacker has beliefs about the possible responses for a given attack and also has a priority on responses with a high level of impact. Our aim is to build optimal responses to the defender that will satisfy the attacker's beliefs. We model this problem using a two-player Bayesian game where the attacker has uncertainty about the nature of the responses proposed by the deception defense. For a given attack, we find the optimal strategies or responses for the deception defense using Bayesian Nash equilibrium and then implement an algorithm to generalize the model over a finite set of attacks. We show that from the results of the model, the attacker's expected payoff on his belief update is always greater than his expected payoff on his belief initial, which justifies the optimality of the response provided. We then present a numerical result that effectively validates our deception approach on remote attacks that are very prevalent in automotive systems.