A game-theoretic approach to model and quantify the security of cyber-physical systems

The security of cyber-physical systems (CPSs) has become an active research area in recent years. The goal of attackers in these systems is often disrupting physical processes. However, breaking into a CPS is not the same as disrupting its physical process. To achieve the desired physical disruptions, an attacker needs to deep understanding about the failure conditions of the system, its control principles, and signal processing. For a better evaluation of the security of these systems, considering these issues is necessary. This paper presents a modeling approach to evaluate the security of CPSs. In the proposed model, the system moves discretely between different states, and in each state, the system evolves continuously according to a system of ordinary differential equations. The security modeling process of CPSs is divided into two phases of intrusion and disruption. In each phase, a game-theoretic paradigm with different parameters predicts the interactions between the attacker and the system. By solving the model, the security of CPSs is estimated in terms of metrics, such as mean-time-to-system shutdown and availability. Finally, the security of a chemical plant is investigated as an illustrative example.