A Game-Theoretic Approach to Cross-Layer Security Decision-Making in Industrial Cyber-Physical Systems

Current security measures in industrial cyber-physical systems (ICPS) lack the active decision capability to defend against highly-organized cyber-attacks. In this paper, a security decision-making approach based on stochastic game model is proposed to characterize the interaction between attackers and defenders in ICPSs and generate optimal defense strategies to minimize system losses. The major distinction of this approach is that it presents a practical way to build a cross-layer security game model for ICPSs by means of quantitative vulnerability analysis and time-based unified payoff quantification. A case study on a hardware-in-the-loop simulation testbed is carried out to demonstrate the feasibility of the proposed approach.

[1]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[2]  Zhao Yang Dong,et al.  Exploring Reliable Strategies for Defending Power Systems Against Targeted Attacks , 2011, IEEE Transactions on Power Systems.

[3]  N. Lawrence Ricker,et al.  Model predictive control of a continuous, nonlinear, two-phase reactor , 1993 .

[4]  S. Shankar Sastry,et al.  Understanding the physical and economic consequences of attacks on control systems , 2009, Int. J. Crit. Infrastructure Prot..

[5]  Tingwen Huang,et al.  Reinforcement Learning in Energy Trading Game Among Smart Microgrids , 2016, IEEE Transactions on Industrial Electronics.

[6]  Okyay Kaynak,et al.  Industrial Cyberphysical Systems: A Backbone of the Fourth Industrial Revolution , 2017, IEEE Industrial Electronics Magazine.

[7]  Chunjie Zhou,et al.  Assessing the Physical Impact of Cyberattacks on Industrial Cyber-Physical Systems , 2018, IEEE Transactions on Industrial Electronics.

[8]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[9]  A. M. Fink,et al.  Equilibrium in a stochastic $n$-person game , 1964 .

[10]  Sarangapani Jagannathan,et al.  Optimal defense and control of dynamic systems modeled as cyber-physical systems , 2015 .

[11]  Svein J. Knapskog,et al.  On Stochastic Modeling for Integrated Security and Dependability Evaluation , 2006, J. Networks.

[12]  Shen Yin,et al.  Recursive Total Principle Component Regression Based Fault Detection and Its Application to Vehicular Cyber-Physical Systems , 2018, IEEE Transactions on Industrial Informatics.

[13]  Zhilong Chen,et al.  Using game theory to optimize allocation of defensive resources to protect multiple chemical facilities in a city against terrorist attacks , 2016 .

[14]  Stavros Ntalampiras,et al.  Detection of Integrity Attacks in Cyber-Physical Critical Infrastructures Using Ensemble Modeling , 2015, IEEE Transactions on Industrial Informatics.

[15]  Michail Maniatakos,et al.  The Cybersecurity Landscape in Industrial Control Systems , 2016, Proceedings of the IEEE.

[16]  Marilyn Wolf,et al.  Safety and Security in Cyber-Physical Systems and Internet-of-Things Systems , 2018, Proceedings of the IEEE.

[17]  Okyay Kaynak,et al.  Data-Driven Monitoring and Safety Control of Industrial Cyber-Physical Systems: Basics and Beyond , 2018, IEEE Access.

[18]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[19]  Chris Hankin Game Theory and Industrial Control Systems , 2016, Semantics, Logics, and Calculi.

[20]  Shaolei Ren,et al.  Game Theory for Cyber Security and Privacy , 2017, ACM Comput. Surv..

[21]  Lei Guo,et al.  Resilient Control of Networked Control System Under DoS Attacks: A Unified Game Approach , 2016, IEEE Transactions on Industrial Informatics.

[22]  Shen Yin,et al.  Cyber-physical system based factory monitoring and fault diagnosis framework with plant-wide performance optimization , 2018, 2018 IEEE Industrial Cyber-Physical Systems (ICPS).

[23]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[24]  Quanyan Zhu,et al.  Game-Theoretic Methods for Robustness, Security, and Resilience of Cyberphysical Control Systems: Games-in-Games Principle for Optimal Cross-Layer Resilient Control Systems , 2015, IEEE Control Systems.