Quantitative cyber-physical security analysis methodology for industrial control systems based on incomplete information Bayesian game

Abstract Industrial control systems (ICSs) are distributed complex cyber physical systems (CPSs). The core parts of ICSs are usually ultimate targets of attackers but being protected strictly and difficult to attack directly. Attackers tend to take cyber-physical attacks via multiple attack-steps from outer nodes with less protection. Then, threats propagate from one node to another until reaching the core assets or being detected. This paper develops a unified methodology which can model and analyze the cyber-physical attacks on ICSs quantitatively and automatically. We define the weighted colored Petri net and propose the basic cyber-physical attack models. Second, we propose the method to calculate the weights in attack models by modeling threat propagation between two nodes as mixed-strategy Bayesian attack-defense game with incomplete information and solving the refined Bayesian Nash Equilibrium. Results show that weights in the cyber-physical attack model (CPAM) are nearly stable even when parameters change. Moreover, we build threat propagation matrix and security state vector and further design the cyber-physical attack path analysis algorithm which can discover possible attack paths with specific attack losses. The case study verifies our methodology and evaluations show that our methodology has good time performance within limited node number. This work can help protect ICSs more efficiently.

[1]  Thomas H. Morris,et al.  Modeling Cyber-Physical Vulnerability of the Smart Grid With Incomplete Information , 2013, IEEE Transactions on Smart Grid.

[2]  Xiang Li,et al.  Vulnerability of Interdependent Networks with Heterogeneous Cascade Models and Timescales , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[3]  Kan Chen,et al.  A Collaborative Intrusion Detection Mechanism Against False Data Injection Attack in Advanced Metering Infrastructure , 2015, IEEE Transactions on Smart Grid.

[4]  Ing-Ray Chen,et al.  Behavior Rule Specification-Based Intrusion Detection for Safety Critical Medical Cyber Physical Systems , 2015, IEEE Transactions on Dependable and Secure Computing.

[5]  Sumayah Al-Rabiaah,et al.  The “Stuxnet” Virus of 2010 As an Example of A “APT” and Its “Recent” Variances , 2018, 2018 21st Saudi Computer Society National Computer Conference (NCC).

[6]  Deepa Kundur,et al.  A Flocking-Based Paradigm for Hierarchical Cyber-Physical Smart Grid Modeling and Control , 2014, IEEE Transactions on Smart Grid.

[7]  Yang Wen,et al.  The Algorithm of Color Petri Nets Transform into the Place/ Transition Nets and Its Implementation , 2012, 2012 11th International Symposium on Distributed Computing and Applications to Business, Engineering & Science.

[8]  Edward A. Lee,et al.  Aspect-oriented modeling of attacks in automotive Cyber-Physical Systems , 2014, 2014 51st ACM/EDAC/IEEE Design Automation Conference (DAC).

[9]  Victor Croitoru,et al.  Modelling foundation based on Queueing Petri Nets and hybrid nets , 2014, 2014 10th International Conference on Communications (COMM).

[10]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[11]  Weiming Zhang,et al.  Dynamic Defense Strategy against Stealth Malware Propagation in Cyber-Physical Systems , 2018, IEEE INFOCOM 2018 - IEEE Conference on Computer Communications.

[12]  Min Ouyang,et al.  Vulnerability analysis of interdependent infrastructure systems under edge attack strategies , 2013 .

[13]  Liu Hong,et al.  Vulnerability analysis of interdependent infrastructure systems: A methodological framework , 2012 .

[14]  Florian Dörfler,et al.  Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design , 2011, IEEE Conference on Decision and Control and European Control Conference.

[15]  Ruoyu Wu,et al.  An Attack Modeling Based on Hierarchical Colored Petri Nets , 2008, 2008 International Conference on Computer and Electrical Engineering.

[16]  Yuan Xue,et al.  Taxonomy for description of cross-domain attacks on CPS , 2013, HiCoNS '13.

[17]  Thomas M. Chen,et al.  Petri Net Modeling of Cyber-Physical Attacks on Smart Grid , 2011, IEEE Transactions on Smart Grid.

[18]  Jiexin Zhang,et al.  Modeling cyber-physical attacks based on probabilistic colored Petri nets and mixed-strategy game theory , 2017, Int. J. Crit. Infrastructure Prot..

[19]  Ing-Ray Chen,et al.  Modeling and Analysis of Attacks and Counter Defense Mechanisms for Cyber Physical Systems , 2016, IEEE Transactions on Reliability.

[20]  Majeed M. Hayat,et al.  Cascading Failures in Interdependent Infrastructures: An Interdependent Markov-Chain Approach , 2016, IEEE Transactions on Smart Grid.

[21]  Mostafa Bellafkih,et al.  Interdependencies modeling for the purpose of critical infrastructures protection , 2015, 2015 5th World Congress on Information and Communication Technologies (WICT).

[22]  William H. Sanders,et al.  SOCCA: A Security-Oriented Cyber-Physical Contingency Analysis in Power Infrastructures , 2014, IEEE Transactions on Smart Grid.

[23]  J. Nash Equilibrium Points in N-Person Games. , 1950, Proceedings of the National Academy of Sciences of the United States of America.

[24]  Yuan Xue,et al.  Systematic analysis of cyber-attacks on CPS-evaluating applicability of DFD-based approach , 2012, 2012 5th International Symposium on Resilient Control Systems.

[25]  Mostafa Bellafkih,et al.  Towards the conception of a new approach for modeling interdependencies in Critical Infrastructures , 2016, 2016 4th IEEE International Colloquium on Information Science and Technology (CiSt).

[26]  Vandana Gupta,et al.  Modeling cyber-physical attacks based on stochastic game and Markov processes , 2019, Reliab. Eng. Syst. Saf..

[27]  Bo Zhang,et al.  Cloud model based power quality comprehensive assessment interactive decision-making approach , 2014, 2014 China International Conference on Electricity Distribution (CICED).

[28]  Enrico Zio,et al.  Optimizing the resilience of interdependent infrastructure systems against intentional attacks , 2017, 2017 2nd International Conference on System Reliability and Safety (ICSRS).

[29]  Ping Zhou,et al.  A Sequential Coordinated Attack Model for Cyber-Physical System Considering Cascading Failure and Load Redistribution , 2018, 2018 2nd IEEE Conference on Energy Internet and Energy System Integration (EI2).

[30]  Kazuo Takaragi,et al.  A Method of Threat Analysis for Cyber-Physical System using Vulnerability Databases , 2018, 2018 IEEE International Symposium on Technologies for Homeland Security (HST).

[31]  Guofei Jiang,et al.  Modeling and analytics for cyber-physical systems in the age of big data , 2014, PERV.

[32]  Chandimal Jayawardena,et al.  Analysis of Cyber-Attack in Big Data IoT and Cyber-Physical Systems - A Technical Approach to Cybersecurity Modeling , 2019, 2019 IEEE 5th International Conference for Convergence in Technology (I2CT).

[33]  Emmanouil Magkos,et al.  Modeling security in cyber-physical systems , 2012, Int. J. Crit. Infrastructure Prot..