Physical Intrusion Games—Optimizing Surveillance by Simulation and Game Theory (original) (raw)
Related papers
Computers & Security
Advanced Persistent Threats (APTs) have recently emerged as a significant security challenge for a cyber-physical system due to their stealthy, dynamic and adaptive nature. Proactive dynamic defenses provide a strategic and holistic security mechanism to increase the costs of attacks and mitigate the risks. This work proposes a dynamic game framework to model a long-term interaction between a stealthy attacker and a proactive defender. The stealthy and deceptive behaviors are captured by the multi-stage game of incomplete information, where each player has his own private information unknown to the other. Both players act strategically according to their beliefs which are formed by the multi-stage observation and learning. The perfect Bayesian Nash equilibrium provides a useful prediction of both players' policies because no players benefit from unilateral deviations from the equilibrium. We propose an iterative algorithm to compute the perfect Bayesian Nash equilibrium and use the Tennessee Eastman process as a benchmark case study. Our numerical experiment corroborates the analytical results and provides further insights into the design of proactive defense-in-depth strategies.
Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models
Risk analysis : an official publication of the Society for Risk Analysis, 2015
The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructur...
On Multi-Phase and Multi-Stage Game-Theoretic Modeling of Advanced Persistent Threats
IEEE Access, 2018
Advanced persistent threats (APT) are considered as a significant security threat today. Despite their diversity in nature and details, a common skeleton and sequence of phases can be identified that these attacks follow (in similar ways), which admits a game-theoretic description and analysis. This paper describes a general framework that divides a general APT into three major temporal phases, and fits an individual game model to each phase, connecting the games at the transition points between the phases (similarly to ''milestones'' accomplished during the launch of an APT). The theoretical description is derived from a running example. The benefit of this game-theoretic perspective is at least threefold, as it 1) helps to systematize the threat and respective mitigation actions (by turning them into pure strategies for the gameplay); 2) provides optimized actions for defense and attack, where the latter can be taken as a (nonunique) indication of neuralgic points; and 3) provides quantitative measures of resilience against an APT, in terms that can be defined freely by a security officer. We illustrate this approach with a numerical example.
Game-Theoretic Analysis of Attack and Defense in Cyber-Physical Network Infrastructures
2012
Abstract Critical infrastructures rely on cyber and physical components that are both subject to natural, incidental or intentional degradations. Game theory has been used in studying the strategic interactions between attackers and defenders for critical infrastructure protection, but has not been extensively used in complex cyber-physical networks.
A game theoretic study of attack and defense in cyber-physical systems
2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2011
Cyber-physical systems encompass a wide range of systems such as sensor networks, cloud computing complexes, and communication networks. They require both the cyber and physical components to function, and hence are susceptible to attacks on either. A cyber-physical system is characterized by the physical space that represents physical components, and the cyber space that represents computations and communications. In this paper, we present a number of game theoretic formulations of attack and defense aspects of cyber-physical systems under different cost and benefit functions and different budgets of the attacker and defender. We discuss the outcomes of the underlying game under linear, negative exponential, and S-shaped benefit functions. We show that the outcomes are determined by the Nash Equilibria (which sometimes occur at budget limits), which in turn determine the system survival.
Security Analysis of Smart Grid Cyber Physical Infrastructures Using Game Theoretic Simulation
2015 IEEE Symposium Series on Computational Intelligence, 2015
Cyber physical computing infrastructures typically consist of a number of interconnected sites including both cyber and physical components. In this analysis we studied the various types and frequency of attacks that may be levied on smart grid cyber physical systems. Our information security analysis utilized a dynamic Agent Based Game Theoretic (ABGT) simulation. Such simulations can be verified using a closed form game theory analytic approach to explore larger scale, real world scenarios involving multiple attackers, defenders, and information assets. We concentrated our study on the electric sector failure scenarios from the NESCOR Working Group Study. We extracted four generic failure scenarios and grouped them into three specific threat categories (confidentiality, integrity, and availability) to the system. These specific failure scenarios serve as a demonstration of our simulation. The analysis using our ABGT simulation demonstrates how to model the electric sector functional domain using a set of rationalized game theoretic rules decomposed from the failure scenarios in terms of how those scenarios might impact the cyber physical infrastructure network with respect to CIA.
A Game Theoretic Approach to Model Cyber Attack and Defense Strategies
2018 IEEE International Conference on Communications (ICC), 2018
Most of the cybersecurity research focus on either presenting a specific vulnerability or proposing a specific defense algorithm to defend against a well-defined attack scheme. Although such cybersecurity research is important, few have paid attention to the dynamic interactions between attackers and defenders, where both sides are intelligent and will dynamically change their attack or defense strategies in order to gain the upper hand over their opponents. This 'cyberwar' phenomenon exists among most cybersecurity incidents in the real world, which warrants special research and analysis. In this paper, we propose a dynamic game theoretic framework (i.e., hyper defense) to analyze the interactions between the attacker and the defender as a non-cooperative security game. The key idea is to model attackers/defenders to have multiple levels of attack/defense strategies that are different in terms of effectiveness, strategy costs, and attack gains/damages. Each player adjusts his strategy based on the strategy's cost, potential attack gain/damage, and effectiveness in anticipating of the opponent's strategy. We study the achievable Nash equilibrium for the attacker-defender security game where the players employ an efficient strategy according to the obtained equilibrium. Furthermore, we present case studies of three different types of network attacks and put forth how our hyper defense system can successfully model them. Simulation results show that the proposed game theoretical system achieves a better performance compared to two other fixed-strategy defense systems.
Cyber-Physical Security: A Game Theory Model of Humans Interacting Over Control Systems
IEEE Transactions on Smart Grid, 2000
Recent years have seen increased interest in the design and deployment of smart grid devices and control algorithms. Each of these smart communicating devices represents a potential access point for an intruder spurring research into intruder prevention and detection. However, no security measures are complete, and intruding attackers will compromise smart grid devices leading to the attacker and the system operator interacting via the grid and its control systems. The outcome of these machine-mediated human-human interactions will depend on the design of the physical and control systems mediating the interactions. If these outcomes can be predicted via simulation, they can be used as a tool for designing attack-resilient grids and control systems. However, accurate predictions require good models of not just the physical and control systems, but also of the human decision making. In this manuscript, we present an approach to develop such tools, i.e. models of the decisions of the cyber-physical intruder who is attacking the systems and the system operator who is defending it, and demonstrate its usefulness for design.
A Game-theoretic Scenario for Modelling the Attacker-Defender Interaction
Journal of Computer Engineering & Information Technology, 2013
Existing computer security techniques lack the quantitative decision framework required to defend against highly organized attacks. Game theory provides a set of quantitative and analytical tools for describing and analyzing interactive decision situations in computer security. Recently, game-theoretic approaches such as stochastic security games have been used to study security problems as an optimization game comprising multiple players notably the attackers and the defenders (system administrators). Stochastic security games are a probabilistic approach appropriate for studying particularly complex networks where attacks often go from a state and proceeds to another according to a probability distribution. A stochastic game-model that views the interaction between malicious users and network administrators as a two-player zerosum game was developed. A binary coding scheme was employed for identifying game states and game transition diagrams were generated to describe possible movements of players. A stochastic algorithm was developed to solve the game and compute the optimal strategies for the players. A simulation of the algorithm was carried out the output analyzed to show the techniques that network administrators can employ to predict adversary's actions, determine vulnerable network assets and suggest optimal defense strategies for the defender.
Cyber–Physical Correlation Effects in Defense Games for Large Discrete Infrastructures
Games, 2018
In certain critical infrastructures, correlations between cyber and physical components can be exploited to launch strategic attacks, so that disruptions to one component may affect others and possibly the entire infrastructure. Such correlations must be explicitly taken into account in ensuring the survival of the infrastructure. For large discrete infrastructures characterized by the number of cyber and physical components, we characterize the cyber–physical interactions at two levels: (i) the cyber–physical failure correlation function specifies the conditional survival probability of the cyber sub-infrastructure given that of the physical sub-infrastructure (both specified by their marginal probabilities), and (ii) individual survival probabilities of both sub-infrastructures are characterized by first-order differential conditions expressed in terms of their multiplier functions. We formulate an abstract problem of ensuring the survival probability of a cyber–physical infrastru...