Skip to main content
SpringerLink
Log in

A Stochastic Game Model for Evaluating the Impacts of Security Attacks Against Cyber-Physical Systems

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

A quantitative security evaluation in the domain of cyber-physical systems (CPS), which operate under intentional disturbances, is an important open problem. In this paper, we propose a stochastic game model for quantifying the security of CPS. The proposed model divides the security modeling process of these systems into two phases: (1) intrusion process modeling and (2) disruption process modeling. In each phase, the game theory paradigm predicts the behaviors of the attackers and the system. By viewing the security states of the system as the elements of a stochastic game, Nash equilibriums and best-response strategies for the players are computed. After parameterization, the proposed model is analytically solved to compute some quantitative security measures of CPS. Furthermore, the impact of some attack factors and defensive countermeasures on the system availability and mean time-to-shutdown is investigated. Finally, the proposed model is applied to a boiling water power plant as an illustrative example.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

References

  1. Lee, E.A., Seshia, S.A.: Introduction to Embedded Systems—A Cyber-Physical Systems Approach, 2nd edn. MIT Press, Cambridge (2017)

    MATH  Google Scholar 

  2. Ashibani, Y., Mahmoud, Q.H.: Cyber physical systems security: analysis, challenges and solutions. Comput. Secur. 68, 81–97 (2017)

    Article  Google Scholar 

  3. Gollmann, D., Gurikov, P., Isakov, A., Krotofil, M., Larsen, J., Winnicki, A.: Cyber-physical systems security: experimental analysis of a vinyl acetate monomer plant. In: Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, pp. 1–12 (2015)

  4. Nguyen, P.H., Ali, S., Yue, T.: Model-based security engineering for cyber-physical systems: a systematic mapping study. Inf. Softw. Technol. 83, 116–135 (2017)

    Article  Google Scholar 

  5. Orojloo, H., Abdollahi Azgomi, M.: A game-theoretic approach to model and quantify the security of cyber-physical systems. Comput. Ind. 88, 44–57 (2017)

    Article  Google Scholar 

  6. Sallhammar, K.: Stochastic models for combined security and dependability evaluation. Ph.D. Thesis, Norwegian University of Science and Technology (2007)

  7. Wang, Y., Li, J., Meng, K., Lin, C., Cheng, X.: Modeling and security analysis of enterprise network using attack–defense stochastic game Petri nets. Secur. Commun. Netw. 6, 89–99 (2013)

    Article  Google Scholar 

  8. Spyridopoulos, T., Karanikas, G., Tryfonas, T., Oikonomou, G.: A game theoretic defence framework against DoS/DDoS cyber attacks. Comput. Secur. 38, 39–50 (2013)

    Article  Google Scholar 

  9. Moayedi, B.Z., Abdollahi Azgomi, M.: A game theoretic framework for evaluation of the impacts of hackers diversity on security measures. Reliab. Eng. Syst. Saf. 99, 45–54 (2012)

    Article  Google Scholar 

  10. Zhu, M., Martinez, S.: Stackelberg-game analysis of correlated attacks in cyber-physical systems. In: Proceedings of American control conference (ACC), pp. 4063–4068 (2011)

  11. Ma, C.Y., Rao, N.S., Yau, D.K.: A game theoretic study of attack and defense in cyber-physical systems. In: Proceedings of INFOCOM’s Computer Communications Workshops, pp. 708–713, April (2011)

  12. Backhaus, S., Bent, R., Bono, J., Lee, R., Tracey, B., Wolpert, D., Xie, D., Yildiz, Y.: Cyber-physical security: a game theory model of humans interacting over control systems. IEEE Trans. Smart Grid 4(4), 2320–2327 (2013)

    Article  Google Scholar 

  13. Zhu, Q., Başar, T.: A dynamic game-theoretic approach to resilient control system design for cascading failures. In: Proceedings of the 1st International Conference on High Confidence Networked Systems, pp. 41–46, April (2012)

  14. Vigo, R., Bruni, A., Yuksel, E., Vigo, R., Bruni, A., Yuksel, E.: Security games for cyber-physical systems. Proc. Secur. IT Syst. 8208, 17–32 (2013)

    Article  Google Scholar 

  15. Sanjab, A., Saad, W.: On bounded rationality in cyber-physical systems security: game-theoretic analysis with application to smart grid protection. In: Proccedings of the Joint Workshop on Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG), pp. 1–6 (2016)

  16. Shan, X., Zhuang, J.: Modeling cumulative defensive resource allocation against a strategic attacker in a multi-period multi-target sequential game. Reliab. Eng. Syst. Saf. (2017). https://doi.org/10.1016/j.ress.2017.03.022

    Google Scholar 

  17. Shan, X., Zhuang, J.: Hybrid defensive resource allocations in the face of partially strategic attackers in a sequential defender–attacker game. Eur. J. Oper. Res. 228, 262–272 (2013)

    Article  MATH  Google Scholar 

  18. Pindoriya, N.M., Dasgupta, D., Srinivasan, D., Carvalho, M.: Infrastructure security for smart electric grids: a survey. In: Proceedings of Optimization and Security Challenges in Smart Power Grids, pp. 161–180 (2013)

  19. Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P., Jones, K.: A survey of cyber security management in industrial control systems. Int. J. Crit. Infrastruct. Prot. 9, 52–80 (2015)

    Article  Google Scholar 

  20. Srivastava, A., Morris, T., Ernster, T., Vellaithurai, C., Pan, S., Adhikari, U.: Modeling cyber-physical vulnerability of the smart grid with incomplete information. IEEE Trans. Smart Grid 4(1), 235–244 (2013)

    Article  Google Scholar 

  21. Ji, K., Wei, D.: Resilient control for wireless networked control systems. Int. J. Control Autom. Syst. 9(2), 285–293 (2011)

    Article  Google Scholar 

  22. Liu, N., Zhang, J., Zhang, H., Liu, W.: Security assessment for communication networks of power control systems using attack graph and MCDM. IEEE Trans. Power Deliv. 25(3), 1492–1500 (2010)

    Article  Google Scholar 

  23. Yampolskiy, M., Horváth, P., Koutsoukos, X.D., Xue, Y., Sztipanovits, J.: A language for describing attacks on cyber-physical systems. Int. J. Crit. Infrastruct. Prot. 8, 40–52 (2014)

    Article  Google Scholar 

  24. Krotofil, M., Cárdenas, A.A., Larsen, J., Gollmann, D.: Vulnerabilities of cyber-physical systems to stale data-determining the optimal time to launch attacks. Int. J. Crit. Infrastruct. Prot. 7, 213–232 (2014)

    Article  Google Scholar 

  25. Cardenas, A.A., Amin, S., Lin, Z.S., Huang, Y.L., Huang, C.Y., Sastry, S.: Attacks against process control systems: risk assessment, detection, and response. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS’11), Hong Kong, pp. 355–366 (2011)

  26. Genge, B., Siaterlis, C., Hohenadel, M.: Impact of network infrastructure parameters to the effectiveness of cyber attacks against industrial control systems. Int. J. Comput. Commun. Control 7(4), 674–687 (2014)

    Article  Google Scholar 

  27. Hahn, A., Thomas, R.K., Lozano, I., Cardenas, A.: A multi-layered and kill-chain based security analysis framework for cyber-physical systems. Int. J. Crit. Infrastruct. Prot. 11, 39–50 (2015)

    Article  Google Scholar 

  28. Mitchell, R., Chen, I.R.: Modeling and analysis of attacks and counter defense mechanisms for cyber physical systems. IEEE Trans. Reliab. 65, 350–358 (2015)

    Article  Google Scholar 

  29. Gollmann, D., Krotofil, M.: Cyber-physical systems security. In: The New Codebreakers, Springer, Berlin, pp. 195–204

  30. Tang, L.A., Yu, X., Kim, S., Gu, Q., Han, J., Leung, A., La Porta, T.: Trustworthiness analysis of sensor data in cyber-physical systems. J. Comput. Syst. Sci. 79(3), 383–401 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  31. Hu, F., Lu, Y., Vasilakos, A.V., Hao, Q., Ma, R., Patil, Y., Zhang, T., Lu, J., Li, X., Xiong, N.N.: Robust cyber-physical systems: concept, models, and implementation. Future Gener. Comput. Syst. 56, 449–475 (2016)

    Article  Google Scholar 

  32. Rao, N., Poole, S., Ma, C., He, F., Zhuang, J., Yau, D.: Defense of cyber infrastructures against cyber-physical attacks using game-theoretic models. Risk Anal. 36(4), 694–710 (2016)

    Article  Google Scholar 

  33. Rao, N.S.V., Ma, C.Y.T., He, F., Zhuang, J., Yau, D.: Cyber-physical correlations for infrastructure resilience: a game-theoretic approach. In: IEEE International Conference on Information Fusion (FUSION), Salamanca, Spain, July 7–10, pp. 1–8 (2014)

  34. Rao, N.S.V., Ma, C.Y.T., Shah, U., Zhuang, J., He, F., Yau, D.K.: On resilience of cyber-physical infrastructures using discrete product-form games. In: IEEE International Conference on Information Fusion (Fusion), Washington, DC, USA, July 6–9, pp. 1451–1458 (2015)

  35. Rao, N.S.V., Ma, C.Y.T., Hausken, K., He, F., Zhuang, J.: Game-theoretic strategies for systems of components using product-form utilities. In: IEEE International Conference on Multisensor Fusion and Integration for Intelligent Systems, Kongresshaus Baden-Baden, Germany, Sep 19–21, pp. 341–346 (2016)

  36. Kopetz, H.: Real-Time Systems: Design Principles for Distributed Embedded Applications, Real-Time Systems Series, 2 edn. Springer Science & Business Media (2011)

  37. Ciardo, G., Muppala, J., Trivedi, K.: SPNP: stochastic petri net package. In: Proceedings of the 3rd International Workshop Petri Nets and Performance Models, Washington, DC, USA, pp. 142–151 (1989)

  38. Liang, X., Xiao, Y.: Game theory for network security. IEEE Commun. Surv. Tutor. 15(1), 472–486 (2013)

    Article  Google Scholar 

  39. Lye, K.W., Wing, J.M.: Game strategies in network security. Int. J. Inf. Secur. 4(1), 71–86 (2005)

    Article  Google Scholar 

  40. Njilla, L.Y., Pissinou, N., Makki, K.: Game theoretic modeling of security and trust relationship in cyberspace. Int. J. Commun Syst 29, 1500–1512 (2016)

    Article  Google Scholar 

  41. United States Securities and Exchanges Commission: CF disclosure guidance: topic no. 2-Cybersecurity. http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm, October 13 (2011)

  42. Trivedi, K.S.: Probability and statistics with reliability. In: Queuing, and Computer Science Applications, 2nd ed. Wiley, New York (2001)

  43. Madan, B., Goševa-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. Perform. Eval. 56(1), 167–186 (2004)

    Article  Google Scholar 

  44. Tan, W., Marquez, H.J., Chen, T., Liu, J.: Analysis and control of a nonlinear boiler-turbine unit. J. Process Control 15(8), 883–891 (2005)

    Article  Google Scholar 

  45. Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ICS) security. In: NIST Special Publication, pp. 800–882 (2011)

  46. Hills, R.: Common VPN security flaws, white paper, NTA Monitor, Rochester, United Kingdom. www.nta-monitor.com/posts/2005/01/VPN-Flaws-Whitepaper.pdf (2005)

  47. Alsiherov, F., Kim, T.: Research trend on secure SADA network technology and methods. WSEAS Trans. Syst. Control 8(5), 635–645 (2010)

    Google Scholar 

  48. Rahimi, S., Zargham, M.: Analysis of the security of VPN configurations in industrial control environments. Int. J. Crit. Infrastruct. Prot. 5(1), 3–13 (2012)

    Article  Google Scholar 

  49. Krotofil, M., Larsen, J.: Are you threatening my hazards?. In: Proceeding of 9th International Workshop on Security (IWSEC’14), Hirosaki, Japan, pp. 17–32, August (2014)

Download references

Author information

Authors and Affiliations

  1. Trustworthy Computing Laboratory (TwCL), School of Computer Engineering, Iran University of Science and Technology, Hengam St., Resalat Sq., Tehran, 16846-13114, Iran

    Hamed Orojloo & Mohammad Abdollahi Azgomi

Authors
  1. Hamed Orojloo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Abdollahi Azgomi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Abdollahi Azgomi.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Orojloo, H., Azgomi, M.A. A Stochastic Game Model for Evaluating the Impacts of Security Attacks Against Cyber-Physical Systems. J Netw Syst Manage 26, 929–965 (2018). https://doi.org/10.1007/s10922-018-9449-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-018-9449-0

Keywords

Search

Navigation