Protecting Cyber-Physical Systems (CPSs) from cyber attacks requires properly allocating defense resources. These can be selected by defend-attack and Adversarial Risk Analysis (ARA) models, which search for the optimal allocation based on specific assumptions. In particular, the defend-attack model assumes that each player is fully aware of the preferences of the opponent, considering complete information, whereas the ARA model assumes incomplete information and subjective probability distributions of the defender utilities, improving the realism of the modelling but still lacking a proper management of the uncertainties of the results it provides. In this work, we complement the ARA model with a multi-criteria decision model based on Value-at-Risk (VaR) measures to support the defender in identifying the optimal defense portfolio among alternatives, considering budget constraints and accounting for the uncertainties which the ARA model is subjected to. For demonstration purposes, an application is carried out concerning the digital control system of the Advanced Lead-cooled Fast Reactor European Demonstrator (ALFRED).

Allocation of defense resources against cyber attacks to cyber-physical systems

Di Maio F.;Zio E.
2020-01-01

Abstract

Protecting Cyber-Physical Systems (CPSs) from cyber attacks requires properly allocating defense resources. These can be selected by defend-attack and Adversarial Risk Analysis (ARA) models, which search for the optimal allocation based on specific assumptions. In particular, the defend-attack model assumes that each player is fully aware of the preferences of the opponent, considering complete information, whereas the ARA model assumes incomplete information and subjective probability distributions of the defender utilities, improving the realism of the modelling but still lacking a proper management of the uncertainties of the results it provides. In this work, we complement the ARA model with a multi-criteria decision model based on Value-at-Risk (VaR) measures to support the defender in identifying the optimal defense portfolio among alternatives, considering budget constraints and accounting for the uncertainties which the ARA model is subjected to. For demonstration purposes, an application is carried out concerning the digital control system of the Advanced Lead-cooled Fast Reactor European Demonstrator (ALFRED).
2020
Proceedings of the 30th European Safety and Reliability Conference and the 15th Probabilistic Safety Assessment and Management Conference
978-981-14-8593-0
Adversarial Risk Analysis
Cyber attacks
Cyber-Physical System
Multi-criteria decision making
Nuclear Power Plant
Value-at-Risk
Weak knowledge
File in questo prodotto:
File Dimensione Formato  
5255.pdf

accesso aperto

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 726.9 kB
Formato Adobe PDF
726.9 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1181050
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact