Igor Linkov,Alexander Kott

DOI: https://doi.org/10.48550/arXiv.1806.02852

2018-06-08

Abstract:Given the rapid evolution of threats to cyber systems, new management approaches are needed that address risk across all interdependent domains (i.e., physical, information, cognitive, and social) of cyber systems. Further, the traditional approach of hardening of cyber systems against identified threats has proven to be impossible. Therefore, in the same way that biological systems develop immunity as a way to respond to infections and other attacks, so too must cyber systems adapt to ever-changing threats that continue to attack vital system functions, and to bounce back from the effects of the attacks. Here, we explain the basic concepts of resilience in the context of systems, discuss related properties, and make business case of cyber resilience. We also offer a brief summary of ways to assess cyber resilience of a system, and approaches to improving cyber resilience.

Cryptography and Security

Quanyan Zhu,Tamer Basar

2024-03-11

Abstract:This article explains the distinctions between robustness and resilience in control systems. Resilience confronts a distinct set of challenges, posing new ones for designing controllers for feedback systems, networks, and machines that prioritize resilience over robustness. The concept of resilience is explored through a three-stage model, emphasizing the need for a proactive preparation and automated response to elastic events. A toy model is first used to illustrate the tradeoffs between resilience and robustness. Then, it delves into contextual dualism and interactionism, and introduces game-theoretic paradigms as a unifying framework to consolidate resilience and robustness. The article concludes by discussing the interplay between robustness and resilience, suggesting that a comprehensive theory of resilience and quantification metrics, and formalization through game-theoretic frameworks are necessary. The exploration extends to system-of-systems resilience and various mechanisms, including the integration of AI techniques and non-technical solutions, like cyber insurance, to achieve comprehensive resilience in control systems. As we approach 2030, the systems and control community is at the opportune moment to lay scientific foundations of resilience by bridging feedback control theory, game theory, and learning theory. Resilient control systems will enhance overall quality of life, enable the development of a resilient society, and create a societal-scale impact amid global challenges such as climate change, conflicts, and cyber insecurity.

Systems and Control,Computer Science and Game Theory,Optimization and Control

Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.2001.00712

2021-05-18

Abstract:In this chapter, we introduce methods to address resiliency issues for control systems. The main challenge for control systems is its cyber-physical system nature which strongly couples the cyber systems with physical layer dynamics. Hence the resiliency issues for control systems need to be addressed by integrating the cyber resiliency with the physical layer resiliency. We introduce frameworks that can provide a holistic view of the control system resiliency and a quantitative design paradigm that can enable an optimal cross-layer and cross-stage design at the planning, operation, and recovery stage of control systems. The control systems are often large-scale systems in industrial application and critical infrastructures. Decentralized control of such systems is indispensable. We extend the resiliency framework to address distributed and collaborative resiliency among decentralized control agents.

Systems and Control,Computer Science and Game Theory

Oteng Ntsweng,Ransome Bawack,Xixian Peng,Shem Amalaya

DOI: https://doi.org/10.1109/istas57930.2023.10305976

2023-01-01

Abstract:Over the past decade, gameful systems have been widely used in training and behavior modification. However, the mechanisms by which these systems influence desired outcomes remain unclear. Consequently, the literature on their impact is riddled with contradictory findings, suggesting that researchers have overlooked crucial variables, especially those related to the science of learning. Consistent with recommendations from educational psychology, we focus on the core cognitive processes involved in cybersecurity protective tasks. Reflective thinking is at the heart of these tasks. Given that gameful systems aim to simulate real-world tasks, we study the effects of coupling cybersecurity training games with reflective practices. Drawing upon the theoretical perspectives of the reflective practitioner and the theory of flow, we hypothesize that incorporating guided reflection during interaction with a gameful system will result in superior experiential and learning outcomes compared to reflecting after the interaction or playing without reflection.

Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1080/00207721.2017.1406555

IF: 2.648

2018-01-01

International Journal of Systems Science

Abstract:In this paper, the cross-layer security problem of cyber-physical system (CPS) is investigated from the game-theoretic perspective. Physical dynamics of plant is captured by stochastic differential game with cyber-physical influence being considered. The sufficient and necessary condition for the existence of state-feedback equilibrium strategies is given. The attack-defence cyber interactions are formulated by a Stackelberg game intertwined with stochastic differential game in physical layer. The condition such that the Stackelberg equilibrium being unique and the corresponding analytical solutions are both provided. An algorithm is proposed for obtaining hierarchical security strategy by solving coupled games, which ensures the operational normalcy and cyber security of CPS subject to uncertain disturbance and unexpected cyberattacks. Simulation results are given to show the effectiveness and performance of the proposed algorithm.

Jiajun Shen,Xiangshen Ye,Dongqin Feng

DOI: https://doi.org/10.1080/00207179.2020.1750707

IF: 2.102

2020-01-01

International Journal of Control

Abstract:Multi-agent cyber-physical systems (CPSs) are ubiquitous in various modern critical infrastructures, especially in industrial automation control involved in the petrochemical, metallurgy, textile, and pharmaceutical, which are vulnerable for their hierarchically and horizontally interconnected architecture. In this paper, we investigate a resilient control design problem for industrial multi-agent CPSs of centralised information structure, with Markovian and physically coupled dynamics from a game-theoretic perspective. First, we investigate a worst-case design problem and solve for worst-case disturbance strategy and optimal disturbance attenuation level parameter through an equivalent two-person zero-sum differential game in both finite- and infinite-horizon. Second, we study a corresponding N-person worst-case nonzero-sum differential game and derive state-feedback Nash equilibrium solution of robustness property as resilient control strategy for each agent. The experimental case study is given to demonstrate that using resilient control strategy, each agent could maintain its physical plant operationally normal under cyber attack, malicious disturbance input and physical state interdependency.

Somali Chaterji,Parinaz Naghizadeh,Muhammad Ashraful Alam,Saurabh Bagchi,Mung Chiang,David Corman,Brian Henz,Suman Jana,Na Li,Shaoshuai Mou,Meeko Oishi,Chunyi Peng,Tiark Rompf,Ashutosh Sabharwal,Shreyas Sundaram,James Weimer,Jennifer Weller

DOI: https://doi.org/10.48550/arXiv.2001.00090

2019-12-20

Abstract:Cyberphysical systems (CPS) are ubiquitous in our personal and professional lives, and they promise to dramatically improve micro-communities (e.g., urban farms, hospitals), macro-communities (e.g., cities and metropolises), urban structures (e.g., smart homes and cars), and living structures (e.g., human bodies, synthetic genomes). The question that we address in this article pertains to designing these CPS systems to be resilient-from-the-ground-up, and through progressive learning, resilient-by-reaction. An optimally designed system is resilient to both unique attacks and recurrent attacks, the latter with a lower overhead. Overall, the notion of resilience can be thought of in the light of three main sources of lack of resilience, as follows: exogenous factors, such as natural variations and attack scenarios; mismatch between engineered designs and exogenous factors ranging from DDoS (distributed denial-of-service) attacks or other cybersecurity nightmares, so called "black swan" events, disabling critical services of the municipal electrical grids and other connected infrastructures, data breaches, and network failures; and the fragility of engineered designs themselves encompassing bugs, human-computer interactions (HCI), and the overall complexity of real-world systems. In the paper, our focus is on design and deployment innovations that are broadly applicable across a range of CPS application areas.

Computers and Society,Distributed, Parallel, and Cluster Computing,Systems and Control

Ya-Ting Yang,Quanyan Zhu

2024-12-06

Abstract:The growing complexity and interconnectivity of Intelligent Transportation Systems (ITS) make them increasingly vulnerable to advanced cyber threats, particularly deceptive information attacks. These sophisticated threats exploit vulnerabilities to manipulate data integrity and decision-making processes through techniques such as data poisoning, spoofing, and phishing. They target multiple ITS domains, including intra-vehicle systems, inter-vehicle communications, transportation infrastructure, and human interactions, creating cascading effects across the ecosystem. This chapter introduces a game-theoretic framework, enhanced by control and learning theories, to systematically analyze and mitigate these risks. By modeling the strategic interactions among attackers, users, and system operators, the framework facilitates comprehensive risk assessment and the design of adaptive, scalable resilience mechanisms. A prime example of this approach is the Proactive Risk Assessment and Mitigation of Misinformed Demand Attacks (PRADA) system, which integrates trust mechanisms, dynamic learning processes, and multi-layered defense strategies to counteract deceptive attacks on navigational recommendation systems. In addition, the chapter explores the broader applicability of these methodologies to address various ITS threats, including spoofing, Advanced Persistent Threats (APTs), and denial-of-service attacks. It highlights cross-domain resilience strategies, offering actionable insights to bolster the security, reliability, and adaptability of ITS. By providing a robust game-theoretic foundation, this work advances the development of comprehensive solutions to the evolving challenges in ITS cybersecurity.

Computer Science and Game Theory

Peng Zhang,Yuan Yuan,Zidong Wang,Chong Sun

DOI: https://doi.org/10.1109/ICCA.2019.8899933

2019-01-01

Abstract:In this paper, the resilient control problem has been studied for cyber-physical systems (CPSs) under the Denial-of-Service (DoS) attack. The term resilience is interpreted as the ability to be robust to the physical layer external disturbance and defending against cyber layer DoS attacks. The overall resilient control system is described by a hierarchical game, where the cyber security issue is modeled as a zerosum matrix game, and physical H∞ minimax control problem is described by a zero-sum dynamic game. In virtue of the reinforcement learning method, the defense/attack policy in the cyber layer can be obtained. Additionally, the physical layer control strategy can be obtained by using the dynamical programming method. The criteria to judge whether a cyber system is capable of protecting the underlying control system are provided as well. Finally, the proposed method is verified by a numerical example.

Tao Li,Quanyan Zhu

2024-08-19

Abstract:We are currently facing unprecedented cyber warfare with the rapid evolution of tactics, increasing asymmetry of intelligence, and the growing accessibility of hacking tools. In this landscape, cyber deception emerges as a critical component of our defense strategy against increasingly sophisticated attacks. This chapter aims to highlight the pivotal role of game-theoretic models and foundation models (FMs) in analyzing, designing, and implementing cyber deception tactics. Game models (GMs) serve as a foundational framework for modeling diverse adversarial interactions, allowing us to encapsulate both adversarial knowledge and domain-specific insights. Meanwhile, FMs serve as the building blocks for creating tailored machine learning models suited to given applications. By leveraging the synergy between GMs and FMs, we can advance proactive and automated cyber defense mechanisms by not only securing our networks against attacks but also enhancing their resilience against well-planned operations. This chapter discusses the games at the tactical, operational, and strategic levels of warfare, delves into the symbiotic relationship between these methodologies, and explores relevant applications where such a framework can make a substantial impact in cybersecurity. The chapter discusses the promising direction of the multi-agent neurosymbolic conjectural learning (MANSCOL), which allows the defender to predict adversarial behaviors, design adaptive defensive deception tactics, and synthesize knowledge for the operational level synthesis and adaptation. FMs serve as pivotal tools across various functions for MANSCOL, including reinforcement learning, knowledge assimilation, formation of conjectures, and contextual representation. This chapter concludes with a discussion of the challenges associated with FMs and their application in the domain of cybersecurity.

Cryptography and Security,Artificial Intelligence,Computer Science and Game Theory

Yunfei Ge,Quanyan Zhu

2023-12-06

Abstract:The increased connectivity and potential insider threats make traditional network defense vulnerable. Instead of assuming that everything behind the security perimeter is safe, the zero-trust security model verifies every incoming request before granting access. This chapter draws attention to the cyber resilience within the zero-trust model. We introduce the evolution from traditional perimeter-based security to zero trust and discuss their difference. Two key elements of the zero-trust engine are trust evaluation (TE) and policy engine (PE). We introduce the design of the two components and discuss how their interplay would contribute to cyber resilience. Dynamic game theory and learning are applied as quantitative approaches to achieve automated zero-trust cyber resilience. Several case studies and implementations are introduced to illustrate the benefits of such a security model.

Cryptography and Security,Computer Science and Game Theory

T. Başar,Quanyan Zhu

DOI: https://doi.org/10.1109/MCS.2014.2364710

2015-01-16

IEEE Control Systems

Abstract:Critical infrastructures, such as power grids and transportation systems, are increasingly using open networks for operation. The use of open networks poses many challenges for control systems. The classical design of control systems takes into account modeling uncertainties as well as physical disturbances, providing a multitude of control design methods such as robust control, adaptive control, and stochastic control. With the growing level of integration of control systems with new information technologies, modern control systems face uncertainties not only from the physical world but also from the cybercomponents of the system. The vulnerabilities of the software deployed in the new control system infrastructure will expose the control system to many potential risks and threats from attackers. Exploitation of these vulnerabilities can lead to severe damage as has been reported in various news outlets [1], [2]. More recently, it has been reported in [3] and [4] that a computer worm, Stuxnet, was spread to target Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes.

Engineering,Computer Science

Xinrong Zhang,Ye-Hwa Chen,Dongsheng Zhang,Ruiying Zhao,Lei Guo

DOI: https://doi.org/10.1016/j.adhoc.2023.103351

IF: 4.816

2023-01-01

Ad Hoc Networks

Abstract:Cyber–physical systems (CPSs) integrate network and physical components. The relevant network security issues have been receiving consistent attention. This paper considers cyber–physical systems whose control resilience is characterized by uncertainty, mechanical motion constraints, and exposure to cyber-attacks. To address these problems, this paper proposes a game-theoretic method based on constraint following theory where the moving trajectory requirements are considered as constraints. There can be adversary network environment which may launch cyberattacks and even deny providing service. With a creative control design, it is validated that the controlled system is resilient to cyberattack disturbance and other spoofing or mixed threat attacks. Three game rules, one non-cooperative game and two Stackelberg competitions, are adopted in this study to obtain the optimal control design parameter choice. It is proven that the optimal choice is the same from the three rules, thus making this optimal choice generic (i.e., nonspecific) and important. The superiority of the optimal control design parameter is demonstrated in simulations.

Michael D. Adams,Seth D. Hitefield,Bruce Hoy,Michael C. Fowler,T. Charles Clancy

DOI: https://doi.org/10.48550/arXiv.1311.0257

2013-11-01

Cryptography and Security

Abstract:A significant limitation of current cyber security research and techniques is its reactive and applied nature. This leads to a continuous 'cyber cycle' of attackers scanning networks, developing exploits and attacking systems, with defenders detecting attacks, analyzing exploits and patching systems. This reactive nature leaves sensitive systems highly vulnerable to attack due to un-patched systems and undetected exploits. Some current research attempts to address this major limitation by introducing systems that implement moving target defense. However, these ideas are typically based on the intuition that a moving target defense will make it much harder for attackers to find and scan vulnerable systems, and not on theoretical mathematical foundations. The continuing lack of fundamental science and principles for developing more secure systems has drawn increased interest into establishing a 'science of cyber security'. This paper introduces the concept of using cybernetics, an interdisciplinary approach of control theory, systems theory, information theory and game theory applied to regulatory systems, as a foundational approach for developing cyber security principles. It explores potential applications of cybernetics to cyber security from a defensive perspective, while suggesting the potential use for offensive applications. Additionally, this paper introduces the fundamental principles for building non-stationary systems, which is a more general solution than moving target defenses. Lastly, the paper discusses related works concerning the limitations of moving target defense and one implementation based on non-stationary principles.

Alexander Kott,Maureen S. Golan,Benjamin D. Trump,Igor Linkov

DOI: https://doi.org/10.48550/arXiv.2201.11152

2022-01-26

Cryptography and Security

Abstract:The term "cyber resilience by design" is growing in popularity. Here, by cyber resilience we refer to the ability of the system to resist, minimize and mitigate a degradation caused by a successful cyber-attack on a system or network of computing and communicating devices. Some use the term "by design" when arguing that systems must be designed and implemented in a provable mission assurance fashion, with the system's intrinsic properties ensuring that a cyber-adversary is unable to cause a meaningful degradation. Others recommend that a system should include a built-in autonomous intelligent agent responsible for thinking and acting towards continuous observation, detection, minimization and remediation of a cyber degradation. In all cases, the qualifier "by design" indicates that the source of resilience is somehow inherent in the structure and operation of the system. But what, then, is the other resilience, not by design? Clearly, there has to be another type of resilience, otherwise what's the purpose of the qualifier "by design"? Indeed, while mentioned less frequently, there exists an alternative form of resilience called "resilience by intervention." In this article we explore differences and mutual reliance of resilience by design and resilience by intervention.

Shouhuai Xu

DOI: https://doi.org/10.48550/arXiv.2010.05683

2020-10-09

Cryptography and Security

Abstract:Cybersecurity Dynamics is new concept that aims to achieve the modeling, analysis, quantification, and management of cybersecurity from a holistic perspective, rather than from a building-blocks perspective. It is centered at modeling and analyzing the attack-defense interactions in cyberspace, which cause a ``natural'' phenomenon -- the evolution of the global cybersecurity state. In this Chapter, we systematically introduce and review the Cybersecurity Dynamics foundation for the Science of Cybersecurity. We review the core concepts, technical approaches, research axes, and results that have been obtained in this endeavor. We outline a research roadmap towards the ultimate research goal, including a systematic set of technical barriers.

Elisabeth Vogel,Zoya Dyka,Dan Klann,Peter Langendörfer

DOI: https://doi.org/10.48550/arXiv.2105.10235

2021-05-21

Cryptography and Security

Abstract:Resilience is a feature that is gaining more and more attention in computer science and computer engineering. However, the definition of resilience for the cyber landscape, especially embedded systems, is not yet clear. This paper discusses definitions of different authors, years and different application areas the field of computer science/computer engineering. We identify the core statements that are more or less common to the majority of the definitions and based on this we give a holistic definition using attributes for (cyber-) resilience. In order to pave a way towards resilience-engineering we discuss a theoretical model of the life cycle of a (cyber-) resilient system that consists of key actions presented in the literature. We adapt this model for embedded (cyber-) resilient systems.

Jinxin Zuo,Ziyu Guo,Jiefu Gan,Yueming Lu

DOI: https://doi.org/10.1109/dsc53577.2021.00085

2021-01-01

Abstract:Cyber resilience has become a strategic point of information security in recent years. In the face of complex attack means and severe internal and external threats, it is difficult to achieve 100% protection against information systems. It is necessary to enhance the continuous service of information systems based on network resiliency and take appropriate compensation measures in case of protection failure, to ensure that the mission can still be achieved under attack. This paper combs the definition, cycle, and state of cyber resilience, and interprets the cyber resiliency engineering framework, to better understand cyber resilience. In addition, we also discuss the evolution of security architecture and analyze the impact of cyber resiliency on security architecture. Finally, the strategies and schemes of enhancing cyber resilience represented by zero trust and endogenous security are discussed.

Xu Shouhuai,Yung Moti,Wang Jingguo

DOI: https://doi.org/10.1007/s10796-021-10134-8

2021-01-01

Information Systems Frontiers

Abstract:Cyber security (or cybersecurity) has become a fundamental issue which deeply affects citizen's lives (including their privacy), the public's economic prosperity, and national security.The high frequency of media reports on highprofile cyber attacks, which cause substantial and, at times, catastrophic damages, highlights that cyberspace is a very fragile and vulnerable ecosystem, and that our understanding of cybersecurity and our capability of defending cyberspace are far from adequate.This is true despite the numerous advancements and breakthroughs in some fields of cybersecurity.One outstanding example is cryptography, which has been built on a firm foundation in Computational Complexity Theory, starting with a number of breakthroughs, e.g.Diffie and Hellman (1976), Rivest et al. (1978), Goldwasser and Micali (1982), and Yao (1982).However, there are many cyber attacks that go beyond the standard cryptographic threats models, such as attacks which can compromise cryptographic private keys by directly stealing memory pages (e.g., Harrison and Xu (2007)), or indirectly exploiting side-channel attacks (e.g., Kocher (1996)).The state-of-the-art is that we are far from being capable of adequately dealing with such attacks in