Loading…
Discrete game-theoretic analysis of defense in correlated cyber-physical systems
A cyber-physical system (CPS) is composed of a discrete number of cyber and physical components and subject to internal failures and external disruptions. The functionality of CPS therefore is determined not only by cyber and physical components but the adversary’s attacker strategy. We characterize...
Saved in:
Published in: | Annals of operations research 2020-11, Vol.294 (1-2), p.741-767 |
---|---|
Main Authors: | , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites Items that cite this one |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | A cyber-physical system (CPS) is composed of a discrete number of cyber and physical components and subject to internal failures and external disruptions. The functionality of CPS therefore is determined not only by cyber and physical components but the adversary’s attacker strategy. We characterize the effect of cyber-physical interdependency on the CPS survival probability using a product-form function with cyber and physical exponential correlation coefficients. We model simultaneous and sequential discrete games between the provider and attacker on a CPS infrastructure to analyze its survivability and reinforcement strategy at Nash equilibrium. Our results show that the cyber and physical correlation coefficients can significantly affect CPS survival probability. In general, the provider’s cyber- (or physical-) reinforcement level increases as the cyber- (or physical-) attack level increases. In each of cyber and physical domains, the reinforcement level first increases then decreases in its own correlation coefficient, probability of successful component attacks, and maximum level of available resources, but decreases in the correlation coefficient of the other domain. We apply this game-theoretic analysis to a cloud computing infrastructure, and show that its residual capacity is relatively high when the attacker has no information about the distribution of servers. Also, a high level of survival probability does not necessarily lead to high utility. |
---|---|
ISSN: | 0254-5330 1572-9338 |
DOI: | 10.1007/s10479-019-03381-1 |