research-article

Defending Cyber-Physical Attacks on Oil Pipeline Systems: A Game-Theoretic Approach

Authors:

Yatin Wadhawan,

Clifford NeumanAuthors Info & Claims

PrAISe '16: Proceedings of the 1st International Workshop on AI for Privacy and Security

Article No.: 7, Pages 1 - 8

https://doi.org/10.1145/2970030.2970032

Published: 29 August 2016 Publication History

Abstract

The security of critical infrastructures such as oil and gas cyber-physical systems is a significant concern in today's world where malicious activities are frequent like never before. On one side we have cyber criminals who compromise cyber infrastructure to control physical processes; we also have physical criminals who attack the physical infrastructure motivated to destroy the target or to steal oil from pipelines. Unfortunately, due to limited resources and physical dispersion, it is impossible for the system administrator to protect each target all the time. In this research paper, we tackle the problem of cyber and physical attacks on oil pipeline infrastructure by proposing a Stackelberg Security Game of three players: system administrator as a leader, cyber and physical attackers as followers. The novelty of this paper is that we have formulated a real world problem of oil stealing using a game theoretic approach. The game has two different types of targets attacked by two distinct types of adversaries with different motives and who can coordinate to maximize their rewards. The solution to this game assists the system administrator of the oil pipeline cyber-physical system to allocate the cyber security controls for the cyber targets and to assign patrol teams to the pipeline regions efficiently. This paper provides a theoretical framework for formulating and solving the above problem.

References

[1]

Hankin, C. 2016. Game Theory and Industrial Control Systems. In Semantics, Logics, and Calculi (pp. 178--190). Springer International Publishing.

Digital Library

[2]

Cárdenas, A. A., Amin, S., Schwartz, G. A., Dong, R., & Sastry, S. 2012. A game theory model for electricity theft detection and privacy-aware control in AMI systems. In Communication, Control, and Computing (Allerton), 50th Annual Allerton Conference (pp. 1830--1837). IEEE.

[3]

Li, H., Lai, L., & Qiu, R. C. 2011. A denial-of-service jamming game for remote state monitoring in smart grid. In Information Sciences and Systems (CISS), 2011 45th Annual Conference on (pp. 1--6). IEEE.

[4]

Zhang, J., Yang, L. and Liao, H. 2016. A Security Architecture Model of Oil and Gas SCADA Network Based on Multi-Agent. International Journal of Security and Its Applications 2016, Vol. 10, No. 1, pp.449--46.

[5]

Hasan, A. 2016. Security of Cross-Country Oil and Gas Pipelines: A Risk-Based Model. Journal of Pipeline Systems Engineering and Practice 2016, 04016006.

[6]

Fang, F., Stone, P. and Tambe, M. 2016. When security games go green: Designing defender strategies to prevent poaching and illegal fishing. In International Joint Conference on Artificial Intelligence (IJCAI).

Digital Library

[7]

Wadhawan, Y., and Neuman, C. 2015. Evaluating Resilience of Oil and Gas Cyber Physical Systems: A Roadmap. Annual Computer Security Application Conference (ACSAC) Industrial Control System Security (ICSS) Workshop.

[8]

Yang, R., Ford, B., Tambe, M. and Lemieux, A. 2014. Adaptive resource allocation for wildlife protection against illegal poachers. In Proceedings of the International conference on Autonomous agents and multi-agent systems, pages 453--460.

Digital Library

[9]

Nguyen, T.H., Yang, R., Azaria, A., Kraus, S., and Tambe, M. 2013. Analyzing the effectiveness of adversary modeling in security games. In AAAI.

Digital Library

[10]

Shell loses 110,000bdp to oil theft, vandalism http://234press.com/index.php/2015/09/19/shell-loses-110000bdp-to-oil-theft-vandalism/

[11]

Yang, R., Kiekintveld, C., Ordonez, F., Tambe, M., and John, R. 2011. Improving resource allocation strategy against human adversaries in security games. In IJCAI Proceedings-International Joint Conference on Artificial Intelligence, volume 22, page 458.

Digital Library

[12]

Tambe, M. 2011. Security and game theory: Algorithms, deployed systems, lessons learned. Cambridge University Press.

Digital Library

[13]

Kar, D. 2015, et al. "A game of thrones: when human behavior models compete in repeated Stackelberg security games." Proceedings of the International Conference on Autonomous Agents and Multiagent Systems.

Digital Library

[14]

Pita, J., Jain, M., Marecki, J., Ordóñez, F., Portway, C., Tambe, M., & Kraus, S. 2008. Deployed ARMOR protection: the application of a game theoretic model for security at the Los Angeles International Airport. In Proceedings of the 7th International joint conference on Autonomous agents and multiagent systems: industrial track (pp. 125--132).

Digital Library

[15]

Gholami, S., Wilder, B., Brown, M., Sinha, A., Sintov, N., & Tambe, M. (2016). A Game Theoretic Approach on Addressing Cooperation among Human Adversaries. Proceedings of the 15th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2016)

[16]

The Map That Shows Why a Pipeline Explosion in Turkey Matters to the U.S. http://www.bloomberg.com/news/2014-12-10/the-map-that-shows-why-a-pipeline-explosion-in-turkey-matters-to-the-u-s-.html

[17]

Overview of Cyber Vulnerabilities, ICS-CERT.https://ics-cert.us-cert.gov/content/overview-cyber-vulnerabilities

[18]

Common Vulnerability Scoring System https://www.first.org/cvss

[19]

Oil and Gas Industry Increasingly Hit by Cyber-Attacks: Report, Jan 2016. http://www.securityweek.com/oil-and-gas-industry-increasingly-hit-cyber-attacks-report

[20]

Terror Attack On Algerian Gas Plant Raising Security Fears for North Africa's Oil and Gas Infrastructure, March 2016. http://www.ibtimes.com/terror-attack-algerian-gas-plant-raising-security-fears-north-africas-oil-gas-2341217

[21]

Mexican cartels steal billions from oil industry, September 2014. http://fuelfix.com/blog/2014/09/25/mexican-cartels-steal-billions-from-oil-industry/

[22]

OWASP Threat Risk Modeling. https://www.owasp.org/index.php/Threat_Risk_Modeling

[23]

For Drug Cartels, oil theft is simple and lucrative business. http://mexiconewsdaily.com/news/drug-cartels-oil-theft-simple-lucrative-business/

[24]

Analysis of the Cyber Attack on the Ukrainian Power Grid, March 2016. http://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf

[25]

Why do we need pipelines? http://www.pipeline101.com/why-do-we-need-pipelines

Cited By

Amini IJing YChen T(2023)Adaptive Naive Bayes Classifier Based Filter Using Kernel Density Estimation for Pipeline Leakage DetectionIEEE Transactions on Control Systems Technology10.1109/TCST.2022.317252431:1(426-433)Online publication date: Jan-2023
https://doi.org/10.1109/TCST.2022.3172524
El-Kady AHalim SEl-Halwagi MKhan F(2023)Analysis of safety and security challenges and opportunities related to cyber-physical systemsProcess Safety and Environmental Protection10.1016/j.psep.2023.03.012173(384-413)Online publication date: May-2023
https://doi.org/10.1016/j.psep.2023.03.012
Talal HZagrouba R(2021)MADS Based on DL Techniques on the Internet of Things (IoT): SurveyElectronics10.3390/electronics1021259810:21(2598)Online publication date: 24-Oct-2021
https://doi.org/10.3390/electronics10212598
Show More Cited By

Recommendations

Cyber In-security of Industrial Control Systems: A Societal Challenge
SAFECOMP 2015: Proceedings of the 34th International Conference on Computer Safety, Reliability, and Security - Volume 9337

Our society and its citizens increasingly depend on the undisturbed functioning of critical infrastructures CI, their products and services. Many of the CI services as well as other organizations use Industrial Control Systems ICS to monitor and control ...
Evaluating Resilience of Gas Pipeline Systems Under Cyber-Physical Attacks: A Function-Based Methodology
CPS-SPC '16: Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy

In this research paper, we present a function-based methodology to evaluate the resilience of gas pipeline systems under two different cyber-physical attack scenarios. The first attack scenario is the pressure integrity attack on the natural gas high-...
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights
- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
Abstract
Cyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

PrAISe '16: Proceedings of the 1st International Workshop on AI for Privacy and Security

August 2016

91 pages

ISBN:9781450343046

DOI:10.1145/2970030

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

PrAISe '16

PrAISe '16: International Workshop on AI for Privacy and Security

August 29 - 30, 2016

The Hague, Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
228
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)3

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Amini IJing YChen T(2023)Adaptive Naive Bayes Classifier Based Filter Using Kernel Density Estimation for Pipeline Leakage DetectionIEEE Transactions on Control Systems Technology10.1109/TCST.2022.317252431:1(426-433)Online publication date: Jan-2023
https://doi.org/10.1109/TCST.2022.3172524
El-Kady AHalim SEl-Halwagi MKhan F(2023)Analysis of safety and security challenges and opportunities related to cyber-physical systemsProcess Safety and Environmental Protection10.1016/j.psep.2023.03.012173(384-413)Online publication date: May-2023
https://doi.org/10.1016/j.psep.2023.03.012
Talal HZagrouba R(2021)MADS Based on DL Techniques on the Internet of Things (IoT): SurveyElectronics10.3390/electronics1021259810:21(2598)Online publication date: 24-Oct-2021
https://doi.org/10.3390/electronics10212598
Zhao YPrabhu MAhmed RSahu A(2021)Research Trends and Performance of IIoT Communication Network-Architectural Layers of Petrochemical Industry 4.0 for Coping with Circular EconomyWireless Communications & Mobile Computing10.1155/2021/88227862021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/8822786
Rezazadeh ATalarico LReniers GCozzani VZhang L(2018)Applying game theory for securing oil and gas pipelines against terrorismReliability Engineering & System Safety10.1016/j.ress.2018.04.021Online publication date: Apr-2018
https://doi.org/10.1016/j.ress.2018.04.021

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten