Statistical knowledge and game-theoretic integrated model for cross-layer impact assessment in industrial cyber-physical systems

Abstract

Cyberspace intrusions targeting modern industrial cyber-physical systems (ICPSs) are considered highly persistent and stealthy penetration processes that can result in catastrophic consequences for industrial infrastructures. Existing studies predominantly concentrated on detection and defense strategies for specific stages of intrusions without much knowledge of underlying system operational mechanisms, characteristics and evolutionary patterns. In this paper, we present a novel approach that integrates statistical knowledge and game theory to establish a comprehensive security model covering various aspects, including anomaly detection, behavioral analysis, strategy generation and impact assessment. Specifically, a statistical model, i.e. Poisson intrusion model (PIM), is developed to characterize the probabilistic properties of intrusions by leveraging knowledge of their occurrence patterns and frequencies. A Bayesian inference-based model is proposed to analyze the intrusion behaviors for anomaly detection. Then, by integrating statistical knowledge of intrusions and detections, a Markov game model is formulated to characterize the interactive actions and strategies between attackers and defenders throughout the intrusion process. Further, the cross-layer impact is assessed by quantifying the potential consequences under corresponding cyber security conditions in terms of production performance degradation and unintended incident losses. Finally, the proposed approach is validated through extensive experiments for power plant operational scenarios.