Passenger spoofing attack for artificial Intelligence-based Mobility-as-a-Service

Mobility-as-a-Service (MaaS), a new mobility service model that integrates multiple mobility providers, relies on many data processing technologies to manage multi-modal transport. Artificial Intelligence (AI) is one of the technologies to improve the services matching to passengers based on their implicit experience and preference. However, incorporating AI into MaaS may also introduce loopholes to the system. One may use the loophole in the heterogeneity of passenger experience and preference by falsifying data to prioritize their journey, which jeopardizes the trustworthiness of MaaS. In this paper, we investigate the cyber security risks in MaaS, focusing on the spoofing attack in which malicious passengers are prioritized by falsifying data to gain an advantage in journey planning. The spoofing attack is based on reinforcement learning that learns to reduce passenger satisfaction about the MaaS and its profit by requesting travel with falsifying passenger states. We conduct experiments based on New York City dataset to evaluate the spoofing attack. The experiment results indicate that the attack can reduce about 70% of the profit. By investigating the cyber security risks in MaaS, we could enhance the knowledge and understanding of the risks for building a secure and trustworthy MaaS.