ABSTRACT
Societies are increasingly dependent on Cyber Physical Systems (CPSs), which are exposed to natural and human-made attacks. Attacks on CPSs can result in security breaches and behaviors that may impose harm on their environments. Understanding attack mechanisms is crucial to preventing losses or damage to people, assets or information. We develop a computational environment that allows to implement attacker agents under a stochastic optimization framework, allowing to use different techniques to model attacking behavior (i.e., policies), including approximate dynamic programming, reinforcement learning, or stochastic programming, as well as arbitrary policies (e.g., rules of thumb). We rely on the ADVISE formalism to represent attack paths on CPSs, leveraging their Markov Decision Process structure to build an environment that allows to test attacker and defender policies. The proposed environment is tested by simulating attacks on a SCADA system previously addressed in the literature, demonstrating satisfactory convergence for a Q-learning algorithm, which allows to identify the attack steps that most frequently lead to successful attacks. The proposed approach allows flexibility in modeling attackers, and allows to conceive models with interacting attacker and defender agents, which is left as the main goal of future work.
- [1] W. Powell, Reinforcement Learning and Stochastic Optimization, NJ: John Wiley & Sons Inc., 2022.Google ScholarCross Ref
- [2] E. LeMay, M. D. Ford, K. Keefe, W. H. Sanders and C. Muehrcke, "Model-based Security Metrics using ADversary VIew Security Evaluation (ADVISE)," in Eighth International Conference on Quantitative Evaluation of SysTems, 2011.Google Scholar
- [3] G. Brockman, V. Cheung, L. Petterson, J. Schneider, J. Schulman, J. Tang and W. Zaremba, "OpenAI Gym," arXiv preprint arXiv:1606.01540, 2016.Google Scholar
- [4] Cherdantseva, B. P. Yulia, A. Blyth, P. Eden, K. Jones, H. Soulsby and K. Stoddart, "A review of cyber security risk assessment," Computers & Security, vol. 56, pp. 1-27, 2015.Google Scholar
- [5] A. Sood and R. J. Enbody, "Targeted Cyberattacks," Cyberwarfare, 2013.Google Scholar
- [6] E. LeMay, W. Unkenholz, D. Parks, C. Muehrcke, K. Keefe and W. H. Sanders, "Adversary-Driven State-Based System Security Evaluation," in 6th International Workshop on Security Measurements and Metrics, New York, 2010.Google Scholar
- [7] F. T. M. Mariotti, L. Montecchi and P. Lollini, "Extending a security ontology framework to model CAPEC attack paths and TAL adversary profiles," 2022Google Scholar
- [8] Y. Chen and J. L. C. Hong, "Modeling of Intrusion and Defense for Assessment of Cyber Security at Power Substations," IEEE Transactions on Smart Grid, vol. 9, no. 4, pp. 2541-2552, 2018.Google ScholarCross Ref
- [9] M. Rasouli and E. T. D. Miehling, "A Supervisory Control Approach to Dynamic Cyber-Security," in Decision and Game Theory for Security, 2014.Google Scholar
- [10] A. Ferdowsi, U. Challita, W. Saad and N. B. Mandayam, "Robust Deep Reinforcement Learning for Security and Safety in Autonomous Vehicle Systems," in 21st International Conference on Intelligent Transportation Systems, 2018.Google Scholar
- [11] A. K. Nandi, H. R. Meda and S. Vadlamani, "Interdicting attack graphs to protect organizations from cyber attacks: A bi-level defender–attacker model," Computers & Operations Research, pp. 118-131, 2016.Google ScholarDigital Library
- [12] R. Sutton and A. Barto, "Reinforcement Learning: An Introdutcion," The MIT Press, 2015.Google Scholar
Index Terms
- Modeling attacker behavior in Cyber-Physical-Systems
Recommendations
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
AbstractCyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Security game for cyber physical systems
CNS '18: Proceedings of the Communications and Networking SymposiumThe extensive use of information and communication technologies (ICT) in cyber physical systems (CPSs) make them vulnerable to cyber-attacks. One class of cyber-attack is advanced persistent threats where highly skilled attackers can steal user ...
Developing Models for Physical Attacks in Cyber-Physical Systems
CPS '17: Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCyIn this paper, we analyze the security of cyber-physical systems using the ADversary VIew Security Evaluation (ADVISE) meta modeling approach, taking into consideration the effects of physical attacks. To build our model of the system, we construct an ...
Comments