Discrete game-theoretic analysis of defense in correlated cyber-physical systems

A cyber-physical system (CPS) is composed of a discrete number of cyber and physical components and subject to internal failures and external disruptions. The functionality of CPS therefore is determined not only by cyber and physical components but the adversary’s attacker strategy. We characterize...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Annals of operations research 2020-11, Vol.294 (1-2), p.741-767
Hauptverfasser: He, Fei, Zhuang, Jun, Rao, Nageswara S. V.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A cyber-physical system (CPS) is composed of a discrete number of cyber and physical components and subject to internal failures and external disruptions. The functionality of CPS therefore is determined not only by cyber and physical components but the adversary’s attacker strategy. We characterize the effect of cyber-physical interdependency on the CPS survival probability using a product-form function with cyber and physical exponential correlation coefficients. We model simultaneous and sequential discrete games between the provider and attacker on a CPS infrastructure to analyze its survivability and reinforcement strategy at Nash equilibrium. Our results show that the cyber and physical correlation coefficients can significantly affect CPS survival probability. In general, the provider’s cyber- (or physical-) reinforcement level increases as the cyber- (or physical-) attack level increases. In each of cyber and physical domains, the reinforcement level first increases then decreases in its own correlation coefficient, probability of successful component attacks, and maximum level of available resources, but decreases in the correlation coefficient of the other domain. We apply this game-theoretic analysis to a cloud computing infrastructure, and show that its residual capacity is relatively high when the attacker has no information about the distribution of servers. Also, a high level of survival probability does not necessarily lead to high utility.
ISSN:0254-5330
1572-9338
DOI:10.1007/s10479-019-03381-1