Bayesian and stochastic game joint approach for Cross-Layer optimal defensive Decision-Making in industrial Cyber-Physical systems

Abstract

The propagation of cyber-attacks targeting modern industrial cyber-physical systems (ICPSs) is considered a sophisticated and persistent cross-layer penetration process, posing significant cyber-to-physical (C2P) risks to critical industrial infrastructures. However, existing defensive solutions for ICPSs lack the global defensive decision-making capacity against such persistent and stealthy cross-layer threats. This paper proposes a Bayesian-Stochastic hybrid game-theoretic approach that can generate optimal defensive strategies throughout the cross-layer penetration lifecycle, even without full information about attackers. Specifically, we first present a unified quantification framework to guarantee consistent utility function configurations in a cyber-physical layer integrated system. Then, we propose a state transition-based stochastic game model to characterize the dynamic evolution process of cross-layer penetration. The attack-defense interaction in each state is modeled as an incomplete-information Bayesian game to capture the inherent uncertainties of attacker information. Furthermore, a multi-agent Bayesian Q-learning (MABQL) algorithm is developed to learn the optimal defensive strategies despite incomplete information. The proposed approach is implemented and assessed based on a real-world ICPS testbed and the numerical results validate its feasibility and effectiveness for making optimal defensive decisions.