skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

Journal Article · · Risk Analysis
DOI:https://doi.org/10.1111/risa.12362· OSTI ID:1327573
 [1];  [1];  [2];  [3];  [4];  [5]
  1. Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States). Computer Science and Mathematics Division
  2. Advanced Digital Sciences Center (ADSC), Fusionopolis (Singapore)
  3. Texas A&M Univ.-Kingsville, Kingsville TX (United States). Dept. of Mechanical and Industrial Engineering
  4. State University of New York, Buffalo, NY (United States). Dept. of Industrial and Systems Engineering
  5. Singapore University of Technology and Design (Singapore). Dept. of Computer Science
+ Show Author Affiliations

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.

Research Organization:
Oak Ridge National Laboratory (ORNL), Oak Ridge, TN (United States)
Sponsoring Organization:
Work for Others (WFO); USDOE Office of Science (SC); USDOD
Grant/Contract Number:
AC05-00OR22725
OSTI ID:
1327573
Alternate ID(s):
OSTI ID: 1401132
Journal Information:
Risk Analysis, Vol. 36, Issue 4; ISSN 0272-4332
Publisher:
WileyCopyright Statement
Country of Publication:
United States
Language:
English
Citation Metrics:
Cited by: 42 works
Citation information provided by
Web of Science

References (23)

Robust Allocation of a Defensive Budget Considering an Attacker's Private Information: Robust Allocation of a Defensive Budget journal November 2011
Algorithmic Game Theory book September 2007
Critical infrastructure protection under imperfect attacker perception journal May 2010
Reasons for Secrecy and Deception in Homeland-Security Resource Allocation: Perspective journal July 2010
Impacts of Subsidized Security on Stability and Total Social Costs of Equilibrium Solutions in an N -Player Game with Errors journal May 2010
Cost of Equity in Homeland Security Resource Allocation in the Face of a Strategic Attacker: Cost of Equity in Homeland Security Resource Allocation journal December 2012
Hybrid defensive resource allocations in the face of partially strategic attackers in a sequential defender–attacker game journal July 2013
Balancing Terrorism and Natural Disasters—Defensive Strategy with Endogenous Attacker Effort journal October 2007
A Differential Game Related to Terrorism: Nash and Stackelberg Strategies journal January 2010
Cyber Physical Systems: Design Challenges conference May 2008
Cybersecurity for Critical Infrastructures: Attack and Defense Modeling journal July 2010
A survey on networking games in telecommunications journal February 2006
Secrecy and Deception at Equilibrium, with Applications to Anti‐Terrorism Resource Allocation journal October 2010
Modelling ‘contracts’ between a terrorist group and a government in a sequential game journal June 2012
Subsidies in Interdependent Security With Heterogeneous Discount Rates journal March 2007
Technology Adoption, Accumulation, and Competition in Multiperiod Attacker-Defender Games journal September 2013
Game strategies in network security journal February 2005
From wireless sensor networks towards cyber physical systems journal August 2011
Dynamic Game Theoretic Model of Multi-Layer Infrastructure Networks journal June 2005
Modeling secrecy and deception in a multiple-period attacker–defender signaling game journal June 2010
Game-theoretic resilience analysis of Cyber-Physical Systems conference August 2013
Geometric considerations distribution of sensors in ad-hoc sensor networks conference May 2007
The Complexity of Finding Nash Equilibria book September 2007

Cited By (11)

Cyber–Physical Correlation Effects in Defense Games for Large Discrete Infrastructures journal July 2018
A Stochastic Game Model for Evaluating the Impacts of Security Attacks Against Cyber-Physical Systems journal February 2018
Deterrence and Risk Preferences in Sequential Attacker-Defender Games with Continuous Efforts: Deterrence and Risk Preferences in Sequential Attacker-Defender Games journal March 2017
Security of Separated Data in Cloud Systems with Competing Attack Detection and Data Theft Processes journal October 2018
Interdependent Network Recovery Games journal October 2017
Security Events and Vulnerability Data for Cybersecurity Risk Estimation: Cybersecurity Risk Estimation journal August 2017
Game theoretic approach of eavesdropping attack in millimeter-wave-based WPANs with directional antennas journal March 2018
Stochastic Counterfactual Risk Analysis for the Vulnerability Assessment of Cyber‐Physical Attacks on Electricity Distribution Infrastructure Networks journal February 2019
Honeypot game‐theoretical model for defending against APT attacks with limited resources in cyber‐physical systems journal April 2019
Risk and the Five Hard Problems of Cybersecurity journal March 2019
Stochastic counterfactual risk analysis for the vulnerability assessment of cyber-physical attacks on electricity distribution infrastructure networks text January 2019

Similar Records

Cyber–Physical Correlation Effects in Defense Games for Large Discrete Infrastructures
Journal Article · Mon Jul 23 00:00:00 EDT 2018 · Games · OSTI ID:1327573
+2 more
Cyber-Physical Correlations for Infrastructure Resilience: A Game-Theoretic Approach
Conference · Wed Jan 01 00:00:00 EST 2014 · OSTI ID:1327573
+2 more
Game-Theoretic Strategies for Cyber-Physical Infrastructures Under Component Disruptions
Journal Article · Mon Sep 05 00:00:00 EDT 2022 · IEEE Transactions on Reliability · OSTI ID:1327573

Related Subjects

97 MATHEMATICS AND COMPUTING
cyber-physical systems
game theory
infrastructure resilience