Defenders have to enforce defense strategies by taking decisions on allocation of resources to protect the integrity and survivability of cyber–physical systems (CPSs) from intentional and malicious cyber attacks. In this work, we propose an adversarial risk analysis approach to provide a novel one-sided prescriptive support strategy for the defender to optimize the defensive resource allocation, based on a subjective expected utility model, in which the decisions of the adversaries are uncertain. This increases confidence in cyber security through robustness of CPS protection actions against uncertain malicious threats compared with prescriptions provided by a classical defend–attack game-theoretical approach. We present the approach and the results of its application to a nuclear CPS, specifically the digital instrumentation and control system of the advanced lead-cooled fast reactor European demonstrator.

Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks

Wang W.;Di Maio F.;Zio E.
2019-01-01

Abstract

Defenders have to enforce defense strategies by taking decisions on allocation of resources to protect the integrity and survivability of cyber–physical systems (CPSs) from intentional and malicious cyber attacks. In this work, we propose an adversarial risk analysis approach to provide a novel one-sided prescriptive support strategy for the defender to optimize the defensive resource allocation, based on a subjective expected utility model, in which the decisions of the adversaries are uncertain. This increases confidence in cyber security through robustness of CPS protection actions against uncertain malicious threats compared with prescriptions provided by a classical defend–attack game-theoretical approach. We present the approach and the results of its application to a nuclear CPS, specifically the digital instrumentation and control system of the advanced lead-cooled fast reactor European demonstrator.
2019
Adversarial risk analysis (ARA); cyber security; cyber–physical system; defend–attack model; defense strategy; game theory; nuclear power plant; optimization
File in questo prodotto:
File Dimensione Formato  
submitted_Manuscript.pdf

accesso aperto

: Pre-Print (o Pre-Refereeing)
Dimensione 1.76 MB
Formato Adobe PDF
1.76 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1123535
Citazioni
  • ???jsp.display-item.citation.pmc??? 1
  • Scopus 18
  • ???jsp.display-item.citation.isi??? 11
social impact