Automated Adversary Emulation for Cyber-Physical Systems via Reinforcement Learning

Adversary emulation is an offensive exercise that provides a comprehensive assessment of a system’s resilience against cyber attacks. However, adversary emulation is typically a manual process, making it costly and hard to deploy in cyber-physical systems (CPS) with complex dynamics, vulnerabilities, and operational uncertainties. In this paper, we develop an automated, domain-aware approach to adversary emulation for CPS. We formulate a Markov Decision Process (MDP) model to determine an optimal attack sequence over a hybrid attack graph with cyber (discrete) and physical (continuous) components and related physical dynamics. We apply model-based and model-free reinforcement learning (RL) methods to solve the discrete-continuous MDP in a tractable fashion. As a baseline, we also develop a greedy attack algorithm and compare it with the RL procedures. We summarize our findings through a numerical study on sensor deception attacks in buildings to compare the performance and solution quality of the proposed algorithms.

[1]  Ron Alford,et al.  Automated Adversary Emulation : A Case for Planning and Acting with Unknowns , 2018 .

[2]  Hung T. Nguyen,et al.  Targeted cyber-attacks: Unveiling target reconnaissance strategy via Social Networks , 2016, 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[3]  Doug Miller,et al.  Analysis of automated adversary emulation techniques , 2017, SummerSim.

[4]  Mohammad Abdullah Al Faruque,et al.  GAN-Sec: Generative Adversarial Network Modeling for the Security Analysis of Cyber-Physical Production Systems , 2019, 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[5]  Richard S. Sutton,et al.  Reinforcement Learning: An Introduction , 1998, IEEE Trans. Neural Networks.

[6]  Doug Miller,et al.  Intelligent, automated red team emulation , 2016, ACSAC.

[7]  Ahmad Alsheikh,et al.  Automatic Hybrid Attack Graph (AHAG) Generation for Complex Engineering Systems , 2019, Processes.

[8]  Soummya Kar,et al.  Optimal Attack Strategies Subject to Detection Constraints Against Cyber-Physical Systems , 2016, IEEE Transactions on Control of Network Systems.

[9]  Sudip Saha,et al.  Identifying vulnerabilities and hardening attack graphs for networked systems , 2016, 2016 IEEE Symposium on Technologies for Homeland Security (HST).

[10]  Vikas Chandan,et al.  Online Learning for Commercial Buildings , 2019, e-Energy.

[11]  Tamer Basar,et al.  Dynamic Games in Cyber-Physical Security: An Overview , 2019, Dyn. Games Appl..

[12]  James L. Kirtley,et al.  Identifying and Anticipating Cyberattacks That Could Cause Physical Damage to Industrial Control Systems , 2019, IEEE Power and Energy Technology Systems Journal.

[13]  Demosthenis Teneketzis,et al.  Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs , 2015, MTD@CCS.

[14]  Warren B. Powell,et al.  What you should know about approximate dynamic programming , 2009, Naval Research Logistics (NRL).

[15]  Saurabh Bagchi,et al.  A Game-Theoretic Framework for Securing Interdependent Assets in Networks , 2018 .

[16]  Stefan Rass,et al.  Game Theory for Security and Risk Management: From Theory to Practice , 2018 .