A game-theoretic approach to model and quantify the security of cyber-physical systems

This paper presents a modeling approach to evaluate the security of cyber-physical systems (CPSs).The security modeling process of CPSs is divided into two phases: the intrusion phase and the disruption phase.In each phase, a game-theoretic method predicts the interactions between the attacker and the system.By solving the model, the security of CPSs is estimated in terms of security metrics.As an illustrative example, the security of a chemical plant is investigated using the proposed method. The security of cyber-physical systems (CPSs) has become an active research area in recent years. The goal of attackers in these systems is often disrupting physical processes. However, breaking into a CPS is not the same as disrupting its physical process. To achieve the desired physical disruptions, an attacker needs to deep understanding about the failure conditions of the system, its control principles, and signal processing. For a better evaluation of the security of these systems, considering these issues is necessary. This paper presents a modeling approach to evaluate the security of CPSs. In the proposed model, the system moves discretely between different states, and in each state, the system evolves continuously according to a system of ordinary differential equations. The security modeling process of CPSs is divided into two phases of intrusion and disruption. In each phase, a game-theoretic paradigm with different parameters predicts the interactions between the attacker and the system. By solving the model, the security of CPSs is estimated in terms of metrics, such as mean-time-to-system shutdown and availability. Finally, the security of a chemical plant is investigated as an illustrative example.

[1]  Alvaro A. Cárdenas,et al.  Attacks against process control systems: risk assessment, detection, and response , 2011, ASIACCS '11.

[2]  Kishor S. Trivedi,et al.  SPNP: stochastic Petri net package , 1989, Proceedings of the Third International Workshop on Petri Nets and Performance Models, PNPM89.

[3]  Roberto Vigo,et al.  Security Games for Cyber-Physical Systems , 2013, NordSec.

[4]  Niki Pissinou,et al.  Game theoretic modeling of security and trust relationship in cyberspace , 2016, Int. J. Commun. Syst..

[5]  Bharat B. Madan,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004, Perform. Evaluation.

[6]  Zachary A. Collier,et al.  Systems engineering framework for cyber physical security and resilience , 2015, Environment Systems and Decisions.

[7]  Mohammad Abdollahi Azgomi,et al.  A stochastic model of attack process for the evaluation of security metrics , 2013, Comput. Networks.

[8]  A. Torres,et al.  Power Systems Security Evaluation Using Petri Nets , 2010, IEEE Transactions on Power Delivery.

[9]  S. Shankar Sastry,et al.  Understanding the physical and economic consequences of attacks on control systems , 2009, Int. J. Crit. Infrastructure Prot..

[10]  Mohammad Abdollahi Azgomi,et al.  A method for evaluating the consequence propagation of security attacks in cyber-physical systems , 2017, Future Gener. Comput. Syst..

[11]  Quanyan Zhu,et al.  A dynamic game-theoretic approach to resilient control system design for cascading failures , 2012, HiCoNS '12.

[12]  JayHyung Lee,et al.  Nonlinear model predictive control of the Tennessee Eastman challenge process , 1995 .

[13]  Mohammad Abdollahi Azgomi,et al.  A game theoretic framework for evaluation of the impacts of hackers diversity on security measures , 2012, Reliab. Eng. Syst. Saf..

[14]  Hermann Kopetz,et al.  Real-time systems , 2018, CSC '73.

[15]  Andrés Silva,et al.  A modeling framework for the resilience analysis of networked systems-of-systems based on functional dependencies , 2014, Reliab. Eng. Syst. Saf..

[16]  David K. Y. Yau,et al.  A game theoretic study of attack and defense in cyber-physical systems , 2011, 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[17]  Minghui Zhu,et al.  Stackelberg-game analysis of correlated attacks in cyber-physical systems , 2011, Proceedings of the 2011 American Control Conference.

[18]  Dieter Gollmann,et al.  Cyber-Physical Systems Security: Experimental Analysis of a Vinyl Acetate Monomer Plant , 2015, CPSS@ASIACSS.

[19]  Jiang Lu,et al.  Robust Cyber-Physical Systems: Concept, models, and implementation , 2016, Future Gener. Comput. Syst..

[20]  Zhuo Lu,et al.  Cyber security in the Smart Grid: Survey and challenges , 2013, Comput. Networks.

[21]  Russell Bent,et al.  Cyber-Physical Security: A Game Theory Model of Humans Interacting Over Control Systems , 2013, IEEE Transactions on Smart Grid.

[22]  Dong Wei,et al.  Protecting Smart Grid Automation Systems Against Cyberattacks , 2011, IEEE Transactions on Smart Grid.

[23]  Ing-Ray Chen,et al.  Effect of Intrusion Detection and Response on Reliability of Cyber Physical Systems , 2013, IEEE Transactions on Reliability.

[24]  Dieter Gollmann,et al.  Vulnerabilities of cyber-physical systems to stale data - Determining the optimal time to launch attacks , 2014, Int. J. Crit. Infrastructure Prot..

[25]  Kishor S. Trivedi Probability and Statistics with Reliability, Queuing, and Computer Science Applications , 1984 .

[26]  Marina Krotofil,et al.  Are You Threatening My Hazards? , 2014, IWSEC.

[27]  Chen Zhao,et al.  Security analysis of online digital goods business based on stochastic game net model , 2016, Secur. Commun. Networks.