Accession Number:

AD1081456

Title:

ARO: Advanced Security Games For Cyber- Physical Systems

Descriptive Note:

Technical Report,12 Jun 2015,11 Jun 2018

Corporate Author:

University of California - Davis Davis United States

Personal Author(s):

Report Date:

2018-09-11

Pagination or Media Count:

7.0

Abstract:

Major Goals Advanced sophisticated cyber attacks is a major concern for the nations infrastructure systems and the information technology systems in corporations. These attacks, often classified under the name, Advanced Persistent Threat, APT, are launched by highly motivated attackers with abundant resources, and are persistent in compromising a system as long as the expected payoff is high. These attacks lead to significant degradation of our technological advantage and could inflict massive damage to our nations infrastructure and its security. They are extremely difficult to combat because they are inherently adaptive, exhibiting dynamic behavior in response to defense actions. Developing defense mechanisms against these APT attacks is critical to the safety and security of our nation, its technological resources, and its secrets. Many of todays cyber-physical systems CPS are organized in a networked and layered structure each layer carries out a specific set of functions, which may depend on functions or impact functionality implemented at other layers. Such dependence is beneficial to the normal operation of the system, but can also be utilized by an attacker to harm the system. Moreover, a myopic defense action focusing on a specific attack observed at one level may lead to inefficiencies or vulnerabilities at other levels and trigger new attacks. Therefore, an efficient defense strategy against APT attacks must take the interdependencies among the components in a networked system into account. For a networked system with multiple interdependent levels and that are possibly operated by multiple entities with self-interest, it becomes even more critical to design defense mechanisms that are aligned to their incentives, for both the defenders and the attackers.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE