IDEAS home Printed from https://ideas.repec.org/a/wly/riskan/v36y2016i4p694-710.html
   My bibliography  Save this article

Defense of Cyber Infrastructures Against Cyber‐Physical Attacks Using Game‐Theoretic Models

Author

Listed:
  • Nageswara S. V. Rao
  • Stephen W. Poole
  • Chris Y. T. Ma
  • Fei He
  • Jun Zhuang
  • David K. Y. Yau

Abstract

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game‐theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack‐defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack‐defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high‐level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high‐performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high‐performance computing infrastructures.

Suggested Citation

  • Nageswara S. V. Rao & Stephen W. Poole & Chris Y. T. Ma & Fei He & Jun Zhuang & David K. Y. Yau, 2016. "Defense of Cyber Infrastructures Against Cyber‐Physical Attacks Using Game‐Theoretic Models," Risk Analysis, John Wiley & Sons, vol. 36(4), pages 694-710, April.
    • Handle: RePEc:wly:riskan:v:36:y:2016:i:4:p:694-710
    DOI: 10.1111/risa.12362
    as

    Download full text from publisher

    File URL: https://doi.org/10.1111/risa.12362
    Download Restriction: no
    File URL: https://libkey.io/10.1111/risa.12362?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Xiaojun Shan & Jun Zhuang, 2013. "Cost of Equity in Homeland Security Resource Allocation in the Face of a Strategic Attacker," Risk Analysis, John Wiley & Sons, vol. 33(6), pages 1083-1099, June.
    2. Mohammad E. Nikoofal & Jun Zhuang, 2012. "Robust Allocation of a Defensive Budget Considering an Attacker's Private Information," Risk Analysis, John Wiley & Sons, vol. 32(5), pages 930-943, May.
    3. Jun Zhuang & Vicki M. Bier, 2007. "Balancing Terrorism and Natural Disasters---Defensive Strategy with Endogenous Attacker Effort," Operations Research, INFORMS, vol. 55(5), pages 976-991, October.
    4. Jun Zhuang & Vicki Bier, 2011. "Secrecy And Deception At Equilibrium, With Applications To Anti-Terrorism Resource Allocation," Defence and Peace Economics, Taylor & Francis Journals, vol. 22(1), pages 43-61.
    5. A. J. Novak & G. Feichtinger & G. Leitmann, 2010. "A Differential Game Related to Terrorism: Nash and Stackelberg Strategies," Journal of Optimization Theory and Applications, Springer, vol. 144(3), pages 533-555, March.
    6. Jenelius, Erik & Westin, Jonas & Holmgren, Åke J., 2010. "Critical infrastructure protection under imperfect attacker perception," International Journal of Critical Infrastructure Protection, Elsevier, vol. 3(1), pages 16-26.
    7. Jun Zhuang & Vicki M. Bier, 2010. "Reasons for Secrecy and Deception in Homeland‐Security Resource Allocation," Risk Analysis, John Wiley & Sons, vol. 30(12), pages 1737-1743, December.
    8. F He & J Zhuang, 2012. "Modelling ‘contracts’ between a terrorist group and a government in a sequential game," Journal of the Operational Research Society, Palgrave Macmillan;The OR Society, vol. 63(6), pages 790-809, June.
    9. Shan, Xiaojun & Zhuang, Jun, 2013. "Hybrid defensive resource allocations in the face of partially strategic attackers in a sequential defender–attacker game," European Journal of Operational Research, Elsevier, vol. 228(1), pages 262-272.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Agarwal, Puneet & Aziz, Ridwan Al & Zhuang, Jun, 2022. "Interplay of rumor propagation and clarification on social media during crisis events - A game-theoretic approach," European Journal of Operational Research, Elsevier, vol. 298(2), pages 714-733.
    2. Vineet M. Payyappalli & Jun Zhuang & Victor Richmond R. Jose, 2017. "Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts," Risk Analysis, John Wiley & Sons, vol. 37(11), pages 2229-2245, November.
    3. Alberto Redondo & David Ríos Insua, 2020. "Protecting From Malware Obfuscation Attacks Through Adversarial Risk Analysis," Risk Analysis, John Wiley & Sons, vol. 40(12), pages 2598-2609, December.
    4. Li, Yapeng & Qiao, Shun & Deng, Ye & Wu, Jun, 2019. "Stackelberg game in critical infrastructures from a network science perspective," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 521(C), pages 705-714.
    5. Chaoqi, Fu & Yangjun, Gao & Jilong, Zhong & Yun, Sun & Pengtao, Zhang & Tao, Wu, 2021. "Attack-defense game for critical infrastructure considering the cascade effect," Reliability Engineering and System Safety, Elsevier, vol. 216(C).
    6. Chaoqi, Fu & Pengtao, Zhang & Lin, Zhou & Yangjun, Gao & Na, Du, 2021. "Camouflage strategy of a Stackelberg game based on evolution rules," Chaos, Solitons & Fractals, Elsevier, vol. 153(P2).
    7. Han, Lin & Zhao, Xudong & Chen, Zhilong & Wu, Yipeng & Su, Xiaochao & Zhang, Ning, 2021. "Optimal allocation of defensive resources to defend urban power networks against different types of attackers," International Journal of Critical Infrastructure Protection, Elsevier, vol. 35(C).
    8. Luca Allodi & Fabio Massacci, 2017. "Security Events and Vulnerability Data for Cybersecurity Risk Estimation," Risk Analysis, John Wiley & Sons, vol. 37(8), pages 1606-1627, August.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Mohammad E. Nikoofal & Mehmet Gümüs, 2015. "On the value of terrorist’s private information in a government’s defensive resource allocation problem," IISE Transactions, Taylor & Francis Journals, vol. 47(6), pages 533-555, June.
    2. Peiqiu Guan & Jun Zhuang, 2016. "Modeling Resources Allocation in Attacker‐Defender Games with “Warm Up” CSF," Risk Analysis, John Wiley & Sons, vol. 36(4), pages 776-791, April.
    3. Jie Xu & Jun Zhuang, 2016. "Modeling costly learning and counter-learning in a defender-attacker game with private defender information," Annals of Operations Research, Springer, vol. 236(1), pages 271-289, January.
    4. Qingqing Zhai & Rui Peng & Jun Zhuang, 2020. "Defender–Attacker Games with Asymmetric Player Utilities," Risk Analysis, John Wiley & Sons, vol. 40(2), pages 408-420, February.
    5. Ridwan Al Aziz & Meilin He & Jun Zhuang, 2020. "An Attacker–defender Resource Allocation Game with Substitution and Complementary Effects," Risk Analysis, John Wiley & Sons, vol. 40(7), pages 1481-1506, July.
    6. Nageswara S. V. Rao & Chris Y. T. Ma & Fei He & David K. Y. Yau & Jun Zhuang, 2018. "Cyber–Physical Correlation Effects in Defense Games for Large Discrete Infrastructures," Games, MDPI, vol. 9(3), pages 1-24, July.
    7. Zhang, Jing & Zhuang, Jun, 2019. "Modeling a multi-target attacker-defender game with multiple attack types," Reliability Engineering and System Safety, Elsevier, vol. 185(C), pages 465-475.
    8. Liang, Liang & Chen, Jingxian & Siqueira, Kevin, 2020. "Revenge or continued attack and defense in defender–attacker conflicts," European Journal of Operational Research, Elsevier, vol. 287(3), pages 1180-1190.
    9. Jie Xu & Jun Zhuang & Zigeng Liu, 2016. "Modeling and mitigating the effects of supply chain disruption in a defender–attacker game," Annals of Operations Research, Springer, vol. 236(1), pages 255-270, January.
    10. Hunt, Kyle & Agarwal, Puneet & Zhuang, Jun, 2022. "On the adoption of new technology to enhance counterterrorism measures: An attacker–defender game with risk preferences," Reliability Engineering and System Safety, Elsevier, vol. 218(PB).
    11. Cen Song & Jun Zhuang, 2018. "Modeling Precheck Parallel Screening Process in the Face of Strategic Applicants with Incomplete Information and Screening Errors," Risk Analysis, John Wiley & Sons, vol. 38(1), pages 118-133, January.
    12. Shan, Xiaojun & Zhuang, Jun, 2018. "Modeling cumulative defensive resource allocation against a strategic attacker in a multi-period multi-target sequential game," Reliability Engineering and System Safety, Elsevier, vol. 179(C), pages 12-26.
    13. Simon, Jay & Omar, Ayman, 2020. "Cybersecurity investments in the supply chain: Coordination and a strategic attacker," European Journal of Operational Research, Elsevier, vol. 282(1), pages 161-171.
    14. Zhang, Xiaoxiong & Ye, Yanqing & Tan, Yuejin, 2020. "How to protect a genuine target against an attacker trying to detect false targets," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 553(C).
    15. Vineet M. Payyappalli & Jun Zhuang & Victor Richmond R. Jose, 2017. "Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts," Risk Analysis, John Wiley & Sons, vol. 37(11), pages 2229-2245, November.
    16. Hunt, Kyle & Agarwal, Puneet & Zhuang, Jun, 2021. "Technology adoption for airport security: Modeling public disclosure and secrecy in an attacker-defender game," Reliability Engineering and System Safety, Elsevier, vol. 207(C).
    17. Xiaojun Shan & Jun Zhuang, 2013. "Cost of Equity in Homeland Security Resource Allocation in the Face of a Strategic Attacker," Risk Analysis, John Wiley & Sons, vol. 33(6), pages 1083-1099, June.
    18. Xing Gao & Weijun Zhong & Shue Mei, 2013. "Information Security Investment When Hackers Disseminate Knowledge," Decision Analysis, INFORMS, vol. 10(4), pages 352-368, December.
    19. Cameron MacKenzie & Hiba Baroud & Kash Barker, 2016. "Static and dynamic resource allocation models for recovery of interdependent systems: application to the Deepwater Horizon oil spill," Annals of Operations Research, Springer, vol. 236(1), pages 103-129, January.
    20. Kjell Hausken, 2014. "Choosing what to protect when attacker resources and asset valuations are uncertain," Operations Research and Decisions, Wroclaw University of Science and Technology, Faculty of Management, vol. 24(3), pages 23-44.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:riskan:v:36:y:2016:i:4:p:694-710. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1111/(ISSN)1539-6924 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.