Honeypot Game Theory against DoS Attack in UAV Cyber

A space called Unmanned Aerial Vehicle (UAV) cyber is a new environment where UAV, Ground Control Station (GCS) and business processes are integrated. Denial of service (DoS) attack is a standard network attack method, especially suitable for attacking the UAV cyber. It is a robust security risk for UAV cyber and has recently become an active research area. Game theory is typically used to simulate the existing offensive and defensive mechanisms for DoS attacks in a traditional network. In addition, the honeypot, an effective security vulnerability defense mechanism, has not been widely adopted or modeled for defense against DoS attack UAV cyber. With this motivation, the current research paper presents a honeypot game theory model that considers GCS and DoS attacks, which is used to study the interaction between attack and defense to optimize defense strategies. The GCS and honeypot act as defenses against DoS attacks in this model, and both players select their appropriate methods and build their benefit function models. On this basis, a hierarchical honeypot and G2A network delay reward strategy are introduced so that the defender and the attacker can adjust their respective strategies dynamically. Finally, by adjusting the degree of camouflage of the honeypot for UAV network services, the overall revenue of the defender can be effectively improved. The proposed method proves the existence of a mixed strategy Nash equilibrium and compares it with the existing research on no delay rewards and no honeypot defense scheme. In addition, this method realizes that the UAV cyber still guarantees a network delay of about ten milliseconds in the presence of a DoS attack. The results demonstrate that our methodology is superior to that of previous studies.


Introduction
UAVs differ from conventional information infrastructure because they have more application scenarios and can be used for military and civil purposes.Among them, military applications are primarily shown as decoy and fire guidance, as well as reconnaissance and surveillance.Civil use, notably for the creation of movies and television programs, navigation, traffic monitoring, protection of agricultural plants, mobile communications, fire detection, and human search and rescue.UAVs are also utilized in the fight against the new crown epidemic.UAVs are given more critical tasks, playing a bigger and bigger role as their use increases [1].With the production scale application of modern information technology in manufacturing UAVs, UAV cyber security has emerged as a crucial area for research and development.
Cyber security is constantly evolving in response to increasingly sophisticated cyber attacks, so it is necessary to develop new ways to enhance the protection of UAVs.DoS attacks are now the leading cyber security issue for UAVs, gradually providing ineffective passive defense methods like firewalls, virus protection, and security scans.Their distinctive features are as follows.First, malicious code could be hidden in installed software, waiting for an opportunity to launch an attack.Second, because UAVs are not connected to public cyberspace, they can still be attacked.Third, it is tenacious and covert to avoid being discovered.The DoS attack is complicated to defend against because it can be launched to interfere with UAV service by inserting specific false information.
As an active defense technology [2], honeypot is suitable for solving UAV cyber security issues such as various communication protocols, seriously lacking or conveying security authentication mechanisms, and other related problems.Therefore, the honeypot effectively complements UAV cyber security against DoS attacks [3].Unlike traditional security tools like firewalls and intrusion detection, honeypots could use GCS, UAV network services, or information as bait to detect and analyze the attacks.As we all know, there is almost no research on the use of honeypots in the UAV DoS attack and defense game.This study is motivated by the fact that the honeypot has not yet been applied to UAV cyber security.This paper introduces a honeypot game theory to lessen the possibility of maliciously stopping UAVs for DoS attacks.The attack-defense game theory is implemented to study the information security transmission problem of GCS in UAV cyber, specifically for DoS attacks, to reduce the risk of malicious interference in the information transmission process between UAV and GCS.Therefore, this paper proposes a honeypot game model against DoS attacks in UAV cyber.The GCS and honeypot are regarded as the defense.By employing a deception strategy, the honeypot could confuse the attackers and increases the attack's cost.This paper uses the UAV network transmission delay as a reward evaluation to dynamically adjust the deception strategy of the honeypot.Concerning the UAV communication network, we also want to maintain low transmission delay while enhancing the payoff of GCS.The main contributions are summarized below.
1.In this article, it incorporates an attack-defense game model into the UAV cyber to study the respective benefit functions of the defender and the attacker, and it utilizes mixed Nash equilibrium strategy analysis to show that Nash equilibrium may be obtained when the predicted benefits of the attacker and the defender are equal.2. This article also proposes using honeypots in the attack-defense game model to bait attackers, decrease the security impact of UAVs on cyberspace, and improve the security of data transmission in the G2A network.3.This article uses the network delay generated after GCS or honeypot, is attacked by DoS as a reward evaluation value to adjust the deception strategy of the hierarchical honeypot dynamically and comprehensively consider the network delay and the security of UAV information transmission.Under the condition of ensuring lower network delay, the security performance of information transmission in UAV cyber is improved.
The rest of this paper is organized as follows: Section 2 provides a summary of the related work.Section 3 describes the network model of the UAV range, the model of the UAV network data link, and the reward model based on a DoS attack are all described.Section 4 describes the honeypot offensedefense game problem and proves the existence of the Nash equilibrium solution.Section 5, this paper conducts extensive numerical simulations using an OPNET-based UAV network co-simulation with MATLAB to evaluate the proposed approach.Finally, Section 6 concludes the paper.

Related Work
In this section, this paper briefly summarizes related work on UAV cyber security issues, a honeypot for DoS attacks, and modeling attack and defense processes using game theory.

Security Issues in UAV Cyber
This study is related to the recent global increase in malicious UAV activities, including the filming of the White House in the United States by an illegally controlled DJI UAV [4], the filming of Kuala Lumpur Airport in Malaysia by an illegally controlled UAV [5], and the illegal intrusion of the Japanese Prime Minister's residence by a UAV carrying radioactive materials [6].
Existing studies focus on UAV penetration.For example, Watkins et al. [7] discussed vulnerabilities in UAV components, including vulnerabilities in wireless cyber, GPS, embedded systems, and navigation systems.In their study of three typical UAVs attacks, Liu et al. [8] examined wireless signal spoofing, GPS spoofing, and an assault on wireless sensor hacking.Trust in the GCS is key to the attack's success.This paper compares UAVs with traditional infrastructure in terms of security threat, security protection, and security management, as shown in Table 1.Several possible security threats related to UAV cyber security are summarized as follows: (i) The variety of UAV software may lead to unknown vulnerabilities; (ii) UAV communication protocols lack encryption, and attackers capture control data and commands sent from the GCS to the UAV for replay or data forgery attack; (iii) As the wireless environment is open, a malicious attacker can send a false wireless control command to take over the UAV illegally.

Honeypot for Denial of Service Attack
Existing studies focus on the discovery of security threats and attacks in UAV cyber, as well as the use of different security protection mechanisms for tampering with physical layer DoS attacks and the resource consumption of link layer DoS attack.Anti-UAV security research schemes include Wi-Fi jamming and cracking [9][10][11], replay [12,13], buffer overflow [14,15], ARP cache poisoning [16,17], injection and modification [18], and civilian GPS spoofing [19][20][21][22].In addition, honeypot solutions for DoS attacks have been studied in [23].The study suggests a method for simulating a product network in order to set up a honeypot, record an attack, and capture it.Although the honeypot can detect the attack early, the honeypot is not set according to the essential characteristics of the system, resulting in a low imitation degree.Therefore, the honeypot may effectively defend against DoS attacks in UAV cyber as an active defense technology.
The developer tool kit (DTK) [24], launched on UNIX platforms by Cohen in 1997, was the most influential early honeypot software tool.It records the behavior of tool vulnerabilities by simulating many vulnerabilities on the system.Up to now, various honeypots have appeared in the fields of industrial control systems, IP voice and other fields in terms of simulation level and captured data quality, such as MiniCPS [25], IoTPOT [26], Iotcandyjar [27], Artemisa [28] and many innovative honeypot products.In addition, the creation technique of the deception simulation environment determines the veracity of the honeypot.It should be mentioned that the honeypot study of UAVs has not received enough attention.
To the best of our knowledge, most research on DoS attacks is based on the energy-sensitive and resource-constrained characteristics of UAV networks.Wood et al. [29] studied various DoS attacks that may occur at various layers in sensor networks.Simple DoS attack attempts to deplete the available resources of the victim node by sending many unnecessary packets, thereby preventing legitimate network users from accessing services or resources to which they are entitled.Therefore, methods to protect local devices from DoS attacks at the source include source-based DWARD [30], traceback [31], path identification [32], etc. Raymond et al. [33] also explored defense mechanisms in wireless networks.However, the traditional method of defending against DoS attacks requires constant system traffic monitoring, which consumes resources and is unsuitable for UAVs.It should be mentioned that as an effective security vulnerability defense tool, it seems that there is no honeypot supports UAVspecific protocols.The use of honeypot as defense against UVA-based DoS attacks may have gone unnoticed in earlier research.

Game Theory for Modeling
The application of game theory in DoS modeling is studied in [34] and [35].In [36], La et al. introduced a two-player zero-sum game to deal with DoS traffic injection.In [37], Liu et al. proposed a dynamic attack-based game model to compute Nash equilibrium to solve the attack detection problem.Neither study could balance the energy consumption rate and attack detection rate.Therefore, the honeypot can consume fewer resources while protecting the UAV network.The attacker's choice can be influenced or interfered with by it, and the intent also can be detected by it.However, the current study on the honeypot attack and defense game focuses on smart grids, intelligent transportation, and cloud computing.Ashok et al. [38] discussed cyber-physical security from the perspective of coordinated cyber attacks.They introduced a game-theoretic approach to improving the cyber defense performance of intelligent grids, aiming at the problem that the national grid and other critical infrastructures face the threat of cyber attack.Koutsoukos et al. [39] proposed a traffic signal detection model based on game theory to protect the traffic network from cyber threats.The model obtains the optimal defense strategy under high computational load through a heuristic algorithm.Xiao et al. [40] proposed a bounded rational game model based on prospect theory, which uses prospect theory to describe the bounded rational game process between the defender and the attacker of the cloud storage system.The simulation results show that exploiting the attacker's bounded rational behavior can improve the defender's profit.Compared with the above studies, this study is oriented towards the field of UAV and introduces honeypot technology as an active defense mechanism to trap DoS attacks.
There is currently little research on the implementation of a honeypot to enhance the security of UAV cyber, and the majority of studies in the field of UAV cyber security mainly address the issue of attack detection.Then this paper considers applying the honeypot to the game model to deceive the attacker and increase the cost.

Game Model for UAV Range
In this section, the UAV range is a virtual simulation environment for simulating UAV cyber.Next, this paper describes its network model, and network data link model, and finally introduces the reward model for the DoS attack.This paper places the relevant symbol definitions in Table 2.  Channel gain between UAV and honeypot ω q u (t) Represents the signal-to-noise ratio between GCS and UAV when the UAV network communication is under DoS attack ξ q u (t) Represents the signal-to-noise ratio between GCS and UAV when the UAV network communication is not under a DoS attack

Network Model
Fig. 1 depicts the four components of this game model: GCS, honeypot, malicious GCS, and UAV.Among them, the GCS is deployed by the service provider within the operating range of the UAV to provide efficient computing caching services for the UAV, such as UAV navigation and route conditions information sharing, which is essential for flight.This paper defines GCS in the same area as Q = {1, 2, 3, . . ., Q}.Each GCS in the network is equipped with a cache server to provide cache services for the UAV network.This paper considers that the attacker can gain control of GCS through vulnerabilities and implement a DoS attack.At the same time, the UAV receives a large amount of garbage data, causing network interruption and security incidents.This paper defines the malicious GCS as A = {1, 2, 3, . . ., A}.It affects the network transmission quality by interfering with the downlink.Generally speaking, UAVs need to obtain some services in real-time during the navigation process, such as map navigation, airborne missions, collision warning, etc.Then, this paper defines UAV as U = {1, 2, 3, . . ., U}, assuming that each UAV can obtain cache services from multiple GCS, and attackers may have hacked some.Then, this paper feeds back the network delay of the UAV to the GCS, and it judges whether it is under DoS attack according to the network delay.This paper deploys the honeypot near the GCS to hide the identity and define the honeypot as H = {1, 2, 3, . . ., H}.When the UAV sends a request to the GCS, the honeypot and the GCS respond to the network request of the UAV at the same time, and the honeypot can transmit some information that hackers are interested in, such as the location information of the UAV user, or the UAV management background.Once the honeypot is successfully trapped, then this paper considers it to increase the attack cost.

UAV Network Data Link Model
In this section, this paper assumes that the UAV is waiting to take off, and the network data transmission model is the line of sight (LOS) wireless transmission model.This paper applies it to network communication between UAV and GCS [41].First of all, this paper makes a relevant definition of the defender.At a particular time, the position of UAV is defined as (x u , y u , z u ), where z u = 0, q is a fixed position, which is defined as x q , y q , and the distance between GCS and UAV is d q,u (t) = The honeypot is also a fixed location, and its location is defined as This paper defines the confounding deception quality of a hierarchical honeypot as η h ∈ [0, 10] and believes that η h , between 7 and 10, represents the selection of a highly interactive honeypot.It makes the attacker easy to believe honeypot and attack.
Then this paper defines the attacker.Attack is assumed to be (x a , y a ), the initial position at the time.The hacker obtains permission to control the GCS by attacking.Thereby they can send a large amount of junk information to UAV, causing it to failure to receive average data.The distance between a and u is This paper defines the channel gain between q and u as α q,u (t), and the calculation formula is shown in .
where λ represents the channel power gain, ε is the path loss exponent, and ε > 1.
Similarly, this paper defines the channel gain between a and u as β a,u (t), and the calculation formula is shown in .The channel gain between h and u is defined as γ h,u (t), and the calculation formula is shown in .
where m a = {0, 1}, 0 means no DoS attack, and 1 means DoS attack.This paper defines the power of network transmission between q and u as p q , q ∈ (1, 2, 3, . . ., Q), the power of network transmission between h and u as p h , h ∈ (1, 2, 3, . . ., H), and the power of network transmission between a and u as p a , a ∈ (1, 2, 3, . . ., A).From the point of view of the signal noise ratio (SNR), this paper defines the background noise as N, assuming that the DoS attack will occur between 1 q and 1 a, affecting the data link layer of the wireless network.This paper defines the SNR of u at the time as ω q u (t).Then its calculation formula is as follows: The attacker has attacked h with a DoS without interfering with regular network communication if the data connection layer of the interaction between q and u is standard.Then, this paper defines q and SNR as ξ q u (t), and its calculation formula is as follows: where ψ {−q, u} (t) represents the channel interference generated by other q except the current q, since there is no other redundant q interference at present, here is ψ {−q, u} (t) = 0.
In addition, from the point of view of the transmission rate of the data link layer, if the data link layer of q interacting with u is abnormal, it means that q may be DoS attacked.That is, there is real noise.According to Shannon's theorem, this paper can define the transmission rate of the data link layer between q and u as C ω q u (t) (B), and its calculation formula is as follows: Analogously, if the network data link layer of q is normal, this paper defines the data transmission rate of interaction between q and u as C ξ q u (t) (B), and its calculation formula is as follows: (3-7)

Reward Strategy Based on Network Delay
This paper also needs to consider the delay of the communication network after the DoS attack q as a reward signal.When initiates a DoS attack and affects data transmission, q and h need to consider how to adjust the transmission strategy to obtain adequate data transmission.This paper wants q to transmit as much information as possible to u in a time period, but a can affect the quality of network information transmission.Therefore, this paper defines the computational data sent by q to u request as V = {1, 2, 3, . . ., V }, and the data size as K v .
When this paper assumes the first case, q is under DoS attack, the network transmission delay is t ω q u (t) , and its calculation formula is as follows: This paper also assumes the second case, when q is not under DoS attack, the network transmission delay is t ξ q u (t) , and its calculation formula is as follows: In addition, this paper uses the network transmission delay value as a reward.When the network transmission delay value is significant, the reward value is small, indicating that the trapping effect of h is not good.At this time, the defense parameters of h are evaluated.When the network transmission delay is slight, the reward value is enormous, indicating that the trapping effect of h is good.Then, this paper defines the reward value as τ , and its calculation formula is as follows: where σ represents the parameters of h to adjust the defense, σ = t u −t 0 , t 0 = t ω q u , t ξ q u , and t u represents the actual transmission delay of the UAV receiving the requested network data.The following table provides the honeypot deception quality update calculation formula: (3-11) [41].
This paper analyzes the above formula.If the actual network transmission delay of the environment is much smaller than the specified, then the possibility of a DoS attack on the network communication is less.It means that the h adjustment parameter is more extensive now, indicating that the reward value is higher, η < 0 and the updated η h is lower.Vice versa, this paper needs to go through multiple rounds of iterations, and both the offensive and defensive sides constantly adjust their strategies to achieve a more stable balance.

Optimal Defensive Strategy of Honeypot in UAV Cyber
This section describes how to model the network interaction problem between q, h and a in the UAV range as an attack and defense game model and build a benefit function model for both parties.This section also sets up the rules of network delay reward evaluation.The defender and attacker can dynamically adjust their strategies and use the mixed strategy Nash equilibrium theory to obtain the optimal solution.The specific analysis is as follows.At the same time, this paper puts the definitions of symbols in Table 3 for easy reading.The parameter of interaction degree between honeypot and drone y h Parameters for the degree of IP address emulation in the honeypot for GCS

Problem Description of Honeypot Game for UAV Cyber
Above all, this paper takes a as the attacker, q and h as the defender.At the same time, it introduces a honeypot trapping strategy.Hence, this paper wants to find their optimal Nash equilibrium through the benefit function of the offense and defense and the reward strategy of network delay.
Then this paper establishes the game model.As far as the defender is concerned, this paper defines the transmission cost per unit of data link layer as π q , π q = π h .Therefore, when the transmission power of each unit network is p q , the total transmission cost of q is φ q = p q π q , and the total transmission cost of the attacker can also be calculated as φ a = p a π a .Similarly, this paper uses g q = {0, 1} to indicate whether q communicates with the network.When g q = 1, it means that q transmits data to u.When g q = 0, it means that no data is transmitted.At the same time, g a = {0, 1} is used to indicate whether a DoS attack is performed.When g a = 1, it means that a conducts a DoS attack on the UAV.When g a = 0, it means there is no DoS attack.Specifically, this paper treats the game model as a zero-sum game model, defined as = {Q, H, A} , p q , p h q∈Q,h∈H , {p a } a∈A , R q q∈Q , {R a } a∈A , in which the attacker and the defender obtain more excellent benefits through mutual restriction.Therefore, the benefits of q are not only related to their benefits and costs but also related to the cost of a.This paper defines the benefit function of q as R q q∈Q , and its calculation formula is as follows: where this paper defines κ as the adjustment parameter of the honeypot trapping rate, η h ∈ [1, 100] represents the decoy quality of the honeypot, and its calculation formula is as follows: Specifically, when the network data transmission delay is high, h appropriately improves the interactivity and IP address emulation, and increases the attack cost by deceiving the DoS attacker.In addition, this paper also defines the benefit function of a as {R a } a∈A , and its calculation formula is as follows: {R a } a∈A = φ q g q − κη h g q − φ h g q − φ a g a − Blb 1 + p q α q,u (t) g q N + p a β a,u (t) + p h γ h,u (t) ( In summary, Since the two sides are antagonistic, any one of them changing its strategy will change the benefits of both parties involved in the game.The advantage of using a zero-sum game to model this attack-defense interaction is that one party's gain is the other's loss, which better reflects the degree of opposition.Therefore, the zero-sum game can better reflect the confrontation between q and a so that both parties can maximize their utility.

Offensive and Defensive Utility Function Matrix
In the process of analyzing the offensive and defensive game of the UAV range, q and a have their strategies.Since both sides have two strategies to choose from, there are four strategies after the combination.The details of these four strategies are as follows.
In the first strategy S 1 , q transmits network data to u, and a initiates a DoS attack.This paper defines the benefit function of q as R q,q∈Q , and its calculation formula is shown in .The benefit function of a is defined as R a,a∈A , and its calculation formula is shown in (4)(5).
In the second strategy S 2 , q does not transmit network data to u, and a initiates a DoS attack.This paper defines the benefit function of q as R q,q∈Q , its calculation formula is shown in (4)(5)(6).The benefit function of a is defined as R a,a∈A , and its calculation formula is shown in (4)(5)(6)(7).
In the third strategy S 3 , q transmits network data to u, and a does not initiate a DoS attack.This paper defines the benefit function of q as R q,q∈Q , and its calculation formula is shown in (4)(5)(6)(7)(8).The benefit function of a is defined as R a,a∈A , and its calculation formula is shown in (4)(5)(6)(7)(8)(9).
In the fourth strategy S 4 , q does not transmit network data to u, and a does not initiate a DoS attack.This paper defines the benefit function of q as R q,q∈Q = 0, and the benefit function of a is defined as R a,a∈A = 0.
Then, this paper assumes that in one case, the transmission benefits of GCS and honeypot outweigh the cost of maintaining security, and GCS has reason to have network interactions with UAV.Finally, this paper shows the payoff function matrix of the offensive and defensive sides under different strategies in Table 4.

Table 4: Attack and defense payoff function matrix
Benefits

Mixed Strategy Nash Equilibrium Analysis
In the last subsection, this paper regards UAV cyber's offensive and defensive game as a zerosum game.Both offensive and defensive sides have their strategies combined into four situations.Meanwhile, this paper assumes that the hackers and honeypot deployers in the game are rational, and they have to consider the cost.With the same benefits, participants need to consider lower-cost attack and defense methods.As a result, both players in the game must select an effective tactic to maximize their gains.Because both sides have their optimal strategies, this paper needs to use mixed strategy Nash equilibrium analysis to solve the problem.
To evaluate the UAV range honeypot game, this paper defines the probability distribution of the participants on χ as f , f = (f 1 , f 2 , f 3 , . . .f r ) ∈ R ≥ 0, where R t=1 f t = 1.Then, this paper defines the probability of safe network transmission as F T and the probability of unsafe transmission as F NT .
Analogously, we define the probability of a launching a DoS attack as F A and the probability of not launching a DoS attack as F NA , as shown in Table 5.

Table 5:
Benefit function matrix of offensive and defensive strategies Specifically, according to the definition of mixed Nash equilibrium, when the expected benefits of the defender and the attacker are equal, the players no longer care about the choice of strategy.Therefore, in the honeypot game model of the UAV range, the mixed strategy gives the attacker the same expected benefit when generating a DoS attack or not generating a DoS attack.
When this paper sets E (F A ) − E (F NA ) = 0 and E (F T ) − E (F NT ) = 0, the mixed Nash equilibrium strategies of both sides of the game are obtained, and their calculation formulas are as follows: In summary, this paper obtains the probability of each strategy by calculating and getting the mixed Nash equilibrium, that is, the obtained probability set, in the process of the offensive and defensive game of the UAV range.In this probability set, the benefits of both parties can reach the optimal situation simultaneously.Assuming that both parties abide by the regulations, neither party will change the strategy to break the balance, that is, to achieve the mixed Nash equilibrium of the honeypot attack and defense game in the UAV range.

Numerical Results
In this section, this paper mainly introduces the experimental simulation environment and the result analysis.This paper uses Matlab R2016a to conduct the simulation environment of the UAV cyber evolutionary game experiment.The test running environment is Intel(R) Xeon(R) CPU E5-1603 @ 2.80 GHz processor, the running memory is 8 GB, and the operating system is Windows 10 64-bit.In addition, the scene of the UAV range consists of GCS, honeypot, malicious ground station and UAV.Where GCS provides network data transmission services for UAV, the honeypot is responsible for disguising as GCS to trick attackers into conducting DoS attacks.Expressly, the number of GCSs, UAVs, and malicious GCSs is set to 1, whereas the number of honeypots is set to 3.
To investigate the advantages of GCS during a DoS assault, this paper adopted the honeypot defense strategy (UDRH) proposed in this paper and compared it with the no honeypot defense scheme (NHDS) in [42].As shown in Fig. 2.This paper can see that the change range is relatively gentle in the early stage of the iteration, and the attacker and defender continue to interact and play the game.In the case of a DoS attack, the benefits of GCS tend to be those without a DoS attack, indicating that the honeypot defense strategy can resist to a certain extent.DoS attacks improve the defense's effectiveness.In the absence of DoS attacks, the benefits of GCS are higher overall.By contrast, the overall benefit of GCS in the UDRH strategy was higher than that of the NHDS strategy.In particular, this paper divides the hierarchical honeypot into three types: high, middle and low, and their deception quality is 1-10.To this end, this paper can analyze the cyber security probability and DoS attack probability from Fig. 3.In general, this paper equates the degree of emulation of a honeypot with its trapping quality, which is mainly determined by its interactivity.When the deception quality is between 7-10, it is a highly interactive honeypot, and the probability of the UAV communication network being attacked by DoS is reduced.In addition, as the degree of honeypot camouflage has increased, network transmission security has improved, significantly reducing the probability of a DoS attack.The honeypot protects the security of UAV cyber, making it difficult for the attacker to conduct a DoS attack effectively.
In Fig. 4, this paper analyzes the network security probability under the UDRH strategy.With the change of iteration time, it is higher when there is no DoS attack than when there is a DoS attack.It shows that the attacker floods the communication channel between the UAV and the GCS with garbage data.As a result, the UAV cannot usually receive messages, reducing the cyber security rate.Meanwhile, in the presence or absence of a DoS attack, the UDRH strategy has a higher network security rate than the NHDS, which shows that honeypot defense is of great significance for improving UAV cyber security performance.In addition, after a period of iteration, the cyber security probability of the UDRH strategy under the presence or absence of a DoS attack is equal, reaching the final balance.5 that the network transmission delay changes with the iteration time.In the presence of a DoS attack, the network transmission delay is higher than when there is no DoS attack.It shows that the DoS attack intensity is high.However, this paper adopts a reward adjustment strategy.After a period of iteration, the network transmission delay continues to approach the situation without a DoS attack.The honeypot defense strategy can resist the DoS attack.If the honeypot is absent compared to the NHDS scheme, there is a higher chance that the UAV network transmission may be interrupted.
In this paper, Fig. 6 compares the expected benefits of the defender with the degree of honeypot camouflage under different schemes.The honeypot strategy based on the zero-sum game proposed in this paper has apparent advantages over the other two schemes.It can improve the expected benefits of the defense more efficiently.The NHDS is that in the case of no honeypot defense, the mixed Nash equilibrium strategy selects its actions, resulting in lower expected returns.While adopting the honeypot defensive technique, the drone reward scheme (DRS) [43] lacks the time-delay feedback evaluation to dynamically change attack and defense strategies.In addition, when the degree of camouflage of the honeypot is low, the expected benefits of the UDRH and the DRS are similar.However, as the degree of honeypot camouflage increases, the expected benefit value of UDRH and DRS gradually increases.Simultaneously, the advantages of UDRH are steadily reflected.UAV gives a promising future to brilliant intelligent cities.With the advances in UAV technology, UAVs will become a part of the human environment.However, due to the openness of the G2A network, the transmission of UAV security information has become a challenging issue.UAV is vulnerable to cyber attacks, causing harm such as loss of confidential data and productivity.Given the vulnerability of UAVs to DoS attacks, a method to reduce the impact of UAV network delay in the environment of cyber attacks is proposed.This paper uses hierarchical honeypots and delayed rewards to establish a honeypot game model.The experimental results show that this method is suitable for effectively mitigating the impact of G2A network communication by DoS attack.In the offensive and defensive game model we use, the ground station's strategy is choosing network transmission, and the strategy of the malicious ground station is choosing a DoS attack.It is regarded as a zero-sum game model.Among them, the behavior of defender is to improve its confusion, while the attacker mainly provides prerequisites for the network delay.Finally, we give a detailed analysis of the experiment.In the presence of a DoS attack, the UDRH strategy can guarantee that the G2A network delay is about 10.2 milliseconds, while the G2A network delay under the NHDS strategy is about 58.6 milliseconds.For the future, it is intended to improve the security of UAV cyber through the analysis of honeypot data.

Figure 1 :
Figure 1: Game model of UAV range

Figure 2 :
Figure 2: GCS benefit in the case of a DoS attack

Figure 3 :
Figure 3: The deceptive quality of hierarchical honeypot

Figure 4 :
Figure 4: Variation of cyber security rate with iteration time

Figure 5 :
Figure 5: Variation of network transmission delay with iteration time

Figure 6 :
Figure 6: Comparison of benefits under different schemes

Table 1 :
Comparison between UAV and traditional infrastructure

Table 2 :
List of symbols

Table 3 :
List of symbols