A Stochastic Game Model for Evaluating the Impacts of Security Attacks Against Cyber-Physical Systems

Abstract

A quantitative security evaluation in the domain of cyber-physical systems (CPS), which operate under intentional disturbances, is an important open problem. In this paper, we propose a stochastic game model for quantifying the security of CPS. The proposed model divides the security modeling process of these systems into two phases: (1) intrusion process modeling and (2) disruption process modeling. In each phase, the game theory paradigm predicts the behaviors of the attackers and the system. By viewing the security states of the system as the elements of a stochastic game, Nash equilibriums and best-response strategies for the players are computed. After parameterization, the proposed model is analytically solved to compute some quantitative security measures of CPS. Furthermore, the impact of some attack factors and defensive countermeasures on the system availability and mean time-to-shutdown is investigated. Finally, the proposed model is applied to a boiling water power plant as an illustrative example.