Game-Theoretic Analysis of Attack and Defense in Cyber-Physical Network Infrastructures

Critical infrastructures rely on cyber and physical components that are both subject to natural, incidental or intentional degradations. Game theory has been used in studying the strategic interactions between attackers and defenders for critical infrastructure protection, but has not been extensively used in complex cyber-physical networks. This paper fills the gap by modeling the probabilities of successful attacks in both cyber and physical spaces as functions of the number of components that are attacked and defended. The results show that the attack effort would first increase then decrease in (a) defense effort, (b) the probability of successful attack on each component, (c) the number of minimum required functioning resources, and (d) the maximum number of available resources. Comparing simultaneous and sequential games, our results show that the defender performs better when she moves first. Our research provides some novel insights into the survival of such infrastructures and optimal resource allocation under various costs and target valuations that players may have.

[1]  P. Sholander,et al.  Risk assessment for physical and cyber attacks on critical infrastructures , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[2]  Yacov Y. Haimes,et al.  The Role of Modeling in the Resilience of Cyberinfrastructure Systems and Preparedness for Cyber Intrusions , 2011 .

[3]  Kjell Hausken,et al.  Governments' and Terrorists' Defense and Attack in a T-Period Game , 2011, Decis. Anal..

[4]  Gerald G. Brown,et al.  Defending Critical Infrastructure , 2006, Interfaces.

[5]  Jun Zhuang,et al.  Modelling ‘contracts’ between a terrorist group and a government in a sequential game , 2012, J. Oper. Res. Soc..

[6]  Vicki M. Bier,et al.  Balancing Terrorism and Natural Disasters - Defensive Strategy with Endogenous Attacker Effort , 2007, Oper. Res..

[7]  Oguzhan Alagöz,et al.  Modeling secrecy and deception in a multiple-period attacker-defender signaling game , 2010, Eur. J. Oper. Res..

[8]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[9]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[10]  William H. Sanders Progress towards a resilient power grid infrastructure , 2010, IEEE PES General Meeting.

[11]  Florian Dörfler,et al.  Cyber-physical attacks in power networks: Models, fundamental limitations and monitor design , 2011, IEEE Conference on Decision and Control and European Control Conference.

[12]  S. Massoud Amin Electricity infrastructure security: Toward reliable, resilient and secure cyber-physical power and energy systems , 2010, IEEE PES General Meeting.

[13]  David K. Y. Yau,et al.  A game theoretic study of attack and defense in cyber-physical systems , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[14]  David K. Y. Yau,et al.  Cloud computing infrastructure robustness: A game theory approach , 2012, 2012 International Conference on Computing, Networking and Communications (ICNC).

[15]  Jun Zhuang,et al.  Impacts of Subsidized Security on Stability and Total Social Costs of Equilibrium Solutions in an N-Player Game with Errors , 2010 .

[16]  Seth D. Guikema,et al.  A Survey of Network Theoretic Approaches for Risk Analysis of Complex Infrastructure Systems , 2011 .

[17]  Chase Qishi Wu,et al.  A Survey of Game Theory as Applied to Network Security , 2010, 2010 43rd Hawaii International Conference on System Sciences.