Jiajun Shen,Dongqin Feng

DOI: https://doi.org/10.1080/00207721.2017.1406555

IF: 2.648

2018-01-01

International Journal of Systems Science

Abstract:In this paper, the cross-layer security problem of cyber-physical system (CPS) is investigated from the game-theoretic perspective. Physical dynamics of plant is captured by stochastic differential game with cyber-physical influence being considered. The sufficient and necessary condition for the existence of state-feedback equilibrium strategies is given. The attack-defence cyber interactions are formulated by a Stackelberg game intertwined with stochastic differential game in physical layer. The condition such that the Stackelberg equilibrium being unique and the corresponding analytical solutions are both provided. An algorithm is proposed for obtaining hierarchical security strategy by solving coupled games, which ensures the operational normalcy and cyber security of CPS subject to uncertain disturbance and unexpected cyberattacks. Simulation results are given to show the effectiveness and performance of the proposed algorithm.

Huici Wu,Qiuyue Gao,Xiaofeng Tao,Ning Zhang,Dajiang Chen,Zhu Han

DOI: https://doi.org/10.1109/jiot.2021.3122115

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Internet of Things (IoT) is vulnerable to various cyber attacks due to the massive deployment of IoT devices and the openness of wireless environments. In this article, taking IoT devices as the network resources competed between an attacker and a defender, we study the modeling and analysis of network resource competition in an attack-defense game. The attacker and defender inject different competition strength in each IoT device as their strategies. As a result, the security state of each IoT device will change, which is captured by differential equations. To study the interaction between the attacker and defender and the evolution of the system security states, a zero-sum differential game is formulated by modeling the competition of IoT devices. To achieve the equilibrium of the formulated differential game, optimal control theory is employed to solve the optimization problems of players. Further, a Gauss–Seidel-like implicit finite-difference method is utilized to obtain the saddle point strategy. Finally, numerical results are provided to demonstrate the evolution of network resource competition between the attacker and defender. The results show that our formulated model can effectively and accurately characterize the evolution of the system security states with strategic interactions between the attacker and defender.

Xu Chen,Liang Xiao,Wei Feng,Ning Ge,Xianbin Wang

DOI: https://doi.org/10.1109/jiot.2021.3138094

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The proliferation of Distributed Denial of Service (DDoS) attacks in Internet of Things (IoT) not only threatens the security of digital devices and infrastructure but also severely degrades IoT system performance due to the overly consumed network resources. With the knowledge of identity information of devices and signaling data, Internet service providers (ISPs) can detect and block DDoS traffic by monitoring the upstream IoT packets, and thereby, improve network efficiency. However, inspecting all data packets online for DDoS detection will significantly increase both the network delay and the computational overhead. Therefore, the packet sampling strategy is crucial for the defenders to detect DDoS attacks. To this end, this article formulates a Stackelberg game model to analyze the collaborative IoT packet sampling against DDoS attacks. Through the equilibrium analysis of the DDoS game, we derive the lower bound of packet sampling rate (PSR) that can effectively deter potential attackers. Unlike traditional offline detection, our proposed packet sampling strategy can support both the online detection and proactive prevention of DDoS traffic. As a use case, a multipoint DDoS defense framework is developed to address the IP spoofing in 5G networks based on the proposed packet sampling strategy, which deters DDoS attacks and reduces the packet sampling cost, and thereby, maximizes the IoT utility, compared with existing methods. In typical reflection attacks (in which no more than five packets of response are triggered by a request packet), our proposed scheme not only reduces more than 70% of the sampling rate but also demonstrates superior robustness against boundary condition variation.

Chunyang Qi,Jie Huang,Cheng Huang,Huaqing Wu,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/globecom48099.2022.10000946

2022-01-01

Abstract:IoTs generally rely on resource-constrained devices to sense, relay, and collect data, which are highly vulnerable to Distributed-Denial-of-Services (DDOS) attacks on network throughput. In this paper, we propose a trust-based method to optimize the network throughput of IoTs under DDOS attacks. Specifically, with the assistance of a small number of dedicatedly deployed defense nodes as defenders, a network controller can first measure the behavior of other IoT nodes and categorize them into three types (i.e., innocent, selfish, and attack) through a well-designed trust evaluation model. Then, a Stackelberg game model is constructed accordingly, where defenders are leaders and other nodes are followers. We carefully define the utilities of the leaders and the followers in the game, and transform the optimization problem of the network throughput into the maximization problem of the defenders' utilities considering the utilities of the followers. We adopt the Dinkelbach Programming (DP)-based algorithm to solve the maximization problem such that a Stackelberg equilibrium can be reached with optimized network throughput. Extensive simulations are performed to demonstrate that the proposed defense method can significantly increase the IoT network throughput under different DDOS attack intensities.

Xinyu Yang,Xiaofei He,Jie Lin,Wei Yu,Qingyu Yang

DOI: https://doi.org/10.1109/trustcom.2016.0094

2016-01-01

Abstract:The diverse cyber attacks, that make operation of the smart grid challenging, must be addressed before wide adoption of smart grids can be fully realized. Although a number of research efforts have been devoted to defending against these threats, a majority of existing schemes focus on the design of a specific defensive strategy to deal with a specific threat. In this paper we address the issue of coalitional attacks that can be launched by multiple adversaries cooperatively in the smart grid. We propose a game-theoretic based model to capture the interaction among multiple adversaries and quantify the capacity of the defender based on the extended Iterated Public Goods Game (IPGG) model. In the formalized game model, each participant can either cooperate by participating in the coalitional attack, or defect by standing aside in each round of the attack. We consider the generic defensive strategy that has a probability to detect the coalitional attack. When the coalitional attack is detected, all the participating adversaries are penalized. The expected payoff of each participant is derived through the zero-determinant strategy that provides the participants competitive benefits. Via a combination of theoretical analysis and experiments, our results show that our formalized game model can enable the defender to greatly reduce the maximum value of the expected average payoff to the adversaries via provisioning sufficient defensive resources, which is reflected by setting a proper penalty factor against the adversaries.

Jichao Bi,Shibo He,Fengji Luo,Wenchao Meng,Luyue Ji,Da-Wen Huang

DOI: https://doi.org/10.1109/TII.2022.3231406

IF: 12.3

2023-01-01

IEEE Transactions on Industrial Informatics

Abstract:Industrial Internet of Things (IIoT) is vulnerable to advanced persistent threat (APT). In this article, we study a scenario in which APT is launched to attack IIoT devices. Considering the APTs lateral movement, a node-level state evolution model is established to calculate the probability of every device in an IIoT system to be compromised by APT. Based on this, a Stackelberg game model is proposed for the APT attacker and defender, which can accurately describe the gaming process. An effective computational approach is developed to obtain the potential Stackelberg equilibrium strategy pair of the game. Extensive case studies and comparison studies are conducted to validate the effectiveness of the proposed method.

Juntao Chen,Corinne Touati,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.2108.13159

2021-07-26

Networking and Internet Architecture

Abstract:The emerging Internet of Things (IoT) applications that leverage ubiquitous connectivity and big data are facilitating the realization of smart everything initiatives. IoT-enabled infrastructures have naturally a multi-layer system architecture with an overlaid or underlaid device network and its coexisting infrastructure network. The connectivity between different components in these two heterogeneous interdependent networks plays an important role in delivering real-time information and ensuring a high-level situational awareness. However, IoT-enabled infrastructures face cyber threats due to the wireless nature of communications. Therefore, maintaining network connectivity in the presence of adversaries is a critical task for infrastructure network operators. In this paper, we establish a three-player three-stage dynamic game-theoretic framework including two network operators and one attacker to capture the secure design of multi-layer interdependent infrastructure networks by allocating limited resources. We use subgame perfect Nash equilibrium (SPE) to characterize the strategies of players with sequential moves. In addition, we assess the efficiency of the equilibrium network by comparing with its team optimal solution counterparts in which two network operators can coordinate. We further design a scalable algorithm to guide the construction of the equilibrium IoT-enabled infrastructure networks. Finally, we use case studies on the emerging paradigm of the Internet of Battlefield Things (IoBT) to corroborate the obtained results.

Saurav Kumar,Ajit kumar Keshri

DOI: https://doi.org/10.1016/j.knosys.2024.112052

IF: 8.139

2024-06-21

Knowledge-Based Systems

Abstract:The Internet of Things enables the creation of transmitted use cases for interconnected devices and complementary channels. The varied structure of it creates additional security needs and problems. In particular, the safeguards used in the IoT should adjust to the changing environment. One of the major dangers to the World Wide Web (WWW) things is Distributed Denial of Service (DDoS). Therefore, in this work, an intelligent Game Theory-based Adaptive security (GT-AS) mathematical model was developed to maximize the effectiveness of DDoS attack mitigation. Moreover, this strategy can strongly derive the five parameters such as energy channel, memory, intruder, and hybrid. These all can achieve a stronger defense posture against DDoS attacks from the newly designed IoT. Consequently, the Recurrent Bat (RB) framework is developed to classify the nodes into two classes such as trusted node and malicious node. In addition, the proposed frameworks analyze how protection effectiveness and energy consumption interact when evaluating adaptive security techniques. To analyze the effectiveness of the suggested paradigm, researchers also give the outcomes of simulation experiments. Researchers demonstrate that, in comparison to existing models, the developed approach has increased the lifespan of the connected objects by 47 %. Also, the developed strategy has attained better accuracy and lower error rates when comparing traditional strategies. Moreover, the packet delivery ratio is 60 KB, energy consumption is 116 KJ, Mean Location Error is 0.078 and resource usage is 148.

computer science, artificial intelligence

Bingjing Yan,Pengchao Yao,Tao Yang,Boyang Zhou,Qiang Yang

DOI: https://doi.org/10.35833/mpce.2022.000524

IF: 4.469

2024-01-01

Journal of Modern Power Systems and Clean Energy

Abstract:Electric power grids are evolving into complex cyber-physical power systems (CPPSs) that integrate advanced information and communication technologies (ICTs) but face increasing cyberspace threats and attacks. This study considers CPPS cyberspace security under distributed denial of service (DDoS) attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources. Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks. Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free, failed attack, and successful attack, which lead to a corresponding consumption of resources. A multidimensional node value analysis is designed to introduce physical and cybersecurity indices. Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability.

engineering, electrical & electronic

Jeffrey Pawlick,Quanyan Zhu

DOI: https://doi.org/10.48550/arXiv.1707.03708

2017-10-17

Abstract:While the Internet of things (IoT) promises to improve areas such as energy efficiency, health care, and transportation, it is highly vulnerable to cyberattacks. In particular, distributed denial-of-service (DDoS) attacks overload the bandwidth of a server. But many IoT devices form part of cyber-physical systems (CPS). Therefore, they can be used to launch "physical" denial-of-service attacks (PDoS) in which IoT devices overflow the "physical bandwidth" of a CPS. In this paper, we quantify the population-based risk to a group of IoT devices targeted by malware for a PDoS attack. In order to model the recruitment of bots, we develop a "Poisson signaling game," a signaling game with an unknown number of receivers, which have varying abilities to detect deception. Then we use a version of this game to analyze two mechanisms (legal and economic) to deter botnet recruitment. Equilibrium results indicate that 1) defenders can bound botnet activity, and 2) legislating a minimum level of security has only a limited effect, while incentivizing active defense can decrease botnet activity arbitrarily. This work provides a quantitative foundation for proactive PDoS defense.

Cryptography and Security

Lili Chen,Zhen Wang,Jintao Wu,Yunchuan Guo,Fenghua Li,Zifu Li

DOI: https://doi.org/10.1002/cpe.6944

2022-04-20

Concurrency and Computation: Practice and Experience

Abstract:As mobile communications, the Internet, databases, distributed computing, and other technologies continue to develop, the Internet of Things (IoT) has emerged as prevalent technique. However, attacks on security and sensitive data in IoT occur frequently, and these attacks often evade intrusion detection systems strategically by mutating their traffic. To prevent security threats and sensitive data leakage, we propose a game approach based on adversarial deep learning to optimize a dynamic security threshold strategy. We introduce a mobile edge computing framework and utilize a game model to describe the adversarial interaction between the two participants. To solve the complexity of the game problem to gain dynamically randomized adversarial attacks, we present a column generation (CG) framework, which uses a feedforward neural network to quantify data flowing through IoT devices. Considering the limited resources of IoT devices, we calculate an optimal response to cyberattacks via a particle swarm optimization algorithm, aiming to reduce the false alarm rate. The adversarial dynamic threshold (ADT)‐based column generation (CG‐ADT) algorithm generates the set of detection threshold and the probability. Finally, we present the results of experiments conducted to demonstrate the effectiveness and robustness of the proposed dynamic threshold scheme for sensitive data security protection in IoT and its suitability for implementation in production systems.

Xiaofei He,Xinyu Yang,Wei Yu,Jie Lin,Qingyu Yang

DOI: https://doi.org/10.3390/s18020674

2018-02-24

Abstract:Diverse and varied cyber-attacks challenge the operation of the smart-world system that is supported by Internet-of-Things (IoT) (smart cities, smart grid, smart transportation, etc.) and must be carefully and thoughtfully addressed before widespread adoption of the smart-world system can be fully realized. Although a number of research efforts have been devoted to defending against these threats, a majority of existing schemes focus on the development of a specific defensive strategy to deal with specific, often singular threats. In this paper, we address the issue of coalitional attacks, which can be launched by multiple adversaries cooperatively against the smart-world system such as smart cities. Particularly, we propose a game-theory based model to capture the interaction among multiple adversaries, and quantify the capacity of the defender based on the extended Iterated Public Goods Game (IPGG) model. In the formalized game model, in each round of the attack, a participant can either cooperate by participating in the coalitional attack, or defect by standing aside. In our work, we consider the generic defensive strategy that has a probability to detect the coalitional attack. When the coalitional attack is detected, all participating adversaries are penalized. The expected payoff of each participant is derived through the equalizer strategy that provides participants with competitive benefits. The multiple adversaries with the collusive strategy are also considered. Via a combination of theoretical analysis and experimentation, our results show that no matter which strategies the adversaries choose (random strategy, win-stay-lose-shift strategy, or even the adaptive equalizer strategy), our formalized game model is capable of enabling the defender to greatly reduce the maximum value of the expected average payoff to the adversaries via provisioning sufficient defensive resources, which is reflected by setting a proper penalty factor against the adversaries. In addition, we extend our game model and analyze the extortion strategy, which can enable one participant to obtain more payoff by extorting his/her opponents. The evaluation results show that the defender can combat this strategy by encouraging competition among the adversaries, and significantly suppress the total payoff of the adversaries via setting the proper penalty factor.

Zhe Li,Jin Liu,Jiaqi Ren,Yibo Dong,Weili Li

DOI: https://doi.org/10.1016/j.chaos.2024.115662

2024-10-24

Abstract:Critical infrastructure networks serve as the backbone of modern society's operations, and the application of game theory to safeguard these networks against deliberate attacks under resource constraints is of paramount importance. Regrettably, the existing body of research on hybrid attack and defense strategies for nodes and edges is notably scarce, despite the ubiquity of such strategies in practical contexts. Current understanding regarding the establishment of a cost constraint model within the framework of hybrid attack and defense strategies, the strategic inclinations of both adversarial and defensive parties under varying cost constraint coefficients, and the influence of resource allocation ratios on equilibrium outcomes remains limited. Consequently, this study constructs a game-theoretic model for the engagement of critical infrastructure networks under non-uniform cost constraints, incorporating hybrid attack and defense strategies for nodes and edges, and conducts an equilibrium analysis across a range of cost constraint coefficients and resource allocation ratios. The findings reveal that when resource availability is limited, both attackers and defenders are inclined towards a strategy of concentrated resource allocation; in contrast, under most circumstances, defenders exhibit a preference for an equitable distribution of resources.

mathematics, interdisciplinary applications,physics, mathematical, multidisciplinary

Han Qin,Jiaming Weng,Dong Liu,Donglian Qi,Yufei Wang

DOI: https://doi.org/10.17775/cseejpes.2020.04550

IF: 6.014

2024-01-01

CSEE Journal of Power and Energy Systems

Abstract:With the help of advanced information technology, real-time monitoring and control levels of cyber-physical distribution systems (CPDS) have been significantly improved. However due to the deep integration of cyber and physical systems, attackers could still threaten the stable operation of CPDS by launching cyber-attacks, such as denial-of-service (DoS) attacks. Thus, it is necessary to study the CPDS risk assessment and defense resource allocation methods under DoS attacks. This paper analyzes the impact of DoS attacks on the physical system based on the CPDS fault self-healing control. Then, considering attacker and defender strategies and attack damage, a CPDS risk assessment framework is established. Furthermore, risk assessment and defense resource allocation methods, based on the Stackelberg dynamic game model, are proposed under conditions in which the cyber and physical systems are launched simultaneously. Finally, a simulation based on an actual CPDS is performed, and the calculation results verify the effectiveness of the algorithm.

Shaohan Feng,Zehui Xiong,Dusit Niyato,Ping Wang

DOI: https://doi.org/10.1109/tcc.2019.2896632

IF: 5.697

2021-07-01

IEEE Transactions on Cloud Computing

Abstract:Fog computing has gained tremendous popularity due to its capability of addressing the surging demand on high-quality ubiquitous mobile services. Nevertheless, the highly virtualized environment in fog computing leads to vulnerability to cyber attacks such as advanced persistent threats. In this paper, we propose a novel game approach of cyber risk management for the fog computing platform. We adopt the cyber-insurance concept to transfer cyber risks from fog computing platform to a third party. The system model under consideration consists of three main entities, i.e., the fog computing provider, attacker, and cyber-insurer. The fog computing provider dynamically optimizes the allocation of its defense computing resources to improve the security of the fog computing platform which is composed of multiple fog nodes. Meanwhile, the attacker dynamically adjusts the allocation of its attack computing resources to increase the probability of successful attack. Additionally, to prevent from the potential loss due to the attacks, the provider also makes a dynamic decision on the subscription of cyber-insurance for each fog node. Thereafter, the cyber-insurer accordingly determines the premium of cyber-insurance for each fog node. To model this dynamic interactive decision making problem, we formulate a dynamic Stackelberg game. In the lower-level, we formulate an evolutionary subgame to analyze the provider's defense and cyber-insurance subscription strategies as well as the attacker's attack strategy. In the upper-level, the cyber-insurer optimizes its premium strategy, taking into account the evolutionary equilibrium at the lower-level evolutionary subgame. We analytically prove that the evolutionary equilibrium is unique and stable, and we investigate the Stackelberg equilibrium by capitalizing on tools from the optimal control theory. Moreover, we provide a series of insightful analytical and numerical results on the equilibrium -f the dynamic Stackelberg game.

computer science, information systems, theory & methods

Yunfan Zhang,Feihuang Chu,Luliang Jia,Miao Yu,Wenting Cao

DOI: https://doi.org/10.1109/tce.2024.3412166

2024-01-01

IEEE Transactions on Consumer Electronics

Abstract:The Internet of Things (IoT) is a key factor driving the widespread use of smart consumer electronics, yet remote areas are difficult to access. Satellite Internet of Things (SIoT), as a complement and extension of IoT, has the advantages of being able to achieve global coverage and the deployment of sensors that are virtually unrestricted by space. However, due to its highly exposed star-ground links, SIoT is highly susceptible to jamming attacks. Therefore, this paper investigates the dynamic anti-jamming scheme for SIoT to decrease consumption in the jamming environment. A hierarchical anti-jamming Stackelberg game (HASG) is proposed to characterize the adversarial interactions between the jamming satellites and the ground cells, and it has been demonstrated that a Stackelberg equilibrium exists in the proposed HASG. Subsequently, to avoid the dimensional catastrophe associated with exhaustive enumeration, the leader subgame and follower subgame are described as many-to-one matching and one-to-one matching problems, respectively. A low-complexity matching strategy is proposed, and the existence of stable suboptimal solutions is proved. Simulation results show that the proposed anti-jamming matching strategy can realize efficient communication.

Mengmeng Ge,Jin-Hee Cho,Dong Seong Kim,Gaurav Dixit,Ing-Ray Chen

DOI: https://doi.org/10.48550/arXiv.2005.04220

2020-05-08

Abstract:Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this paper, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We verify the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address "when" to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address "how" to perform network topology shuffling on a decoy-populated IoT network, and analyze which strategy can best achieve a system goal such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. Our results demonstrate that a software defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of "how" and "how" strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

Cryptography and Security

Fei He,Jun Zhuang,Nageswara S. V. Rao

2012-01-01

Abstract:Critical infrastructures rely on cyber and physical components that are both subject to natural, incidental or intentional degradations. Game theory has been used in studying the strategic interactions between attackers and defenders for critical infrastructure protection, but has not been extensively used in complex cyber-physical networks. This paper fills the gap by modeling the probabilities of successful attacks in both cyber and physical spaces as functions of the number of components that are attacked and defended. The results show that the attack effort would first increase then decrease in (a) defense effort, (b) the probability of successful attack on each component, (c) the number of minimum required functioning resources, and (d) the maximum number of available resources. Comparing simultaneous and sequential games, our results show that the defender performs better when she moves first. Our research provides some novel insights into the survival of such infrastructures and optimal resource allocation under various costs and target valuations that players may have.

Jian Yu,Qiang Li

DOI: https://doi.org/10.3390/electronics12112484

IF: 2.9

2023-06-01

Electronics

Abstract:This work proposes a method for the intelligent deployment of distributed flexible AC transmission system (D-FACTS) devices. In recent years, in the field of moving target defense (MTD) strategies to detect coordinated cyber–physical attacks (CCPAs), establishing how to deploy D-FACTS devices has become an important research point. Although some research results have been proposed, the obtained deployment solutions are unintelligent due to not carefully considering smart attackers' behaviors. A method for achieving the intelligent deployment of D-FACTS devices is proposed in this paper. First, the basic concept of corrupting CCPAs is summarized; second, based on considering practical constraints and the basic concept, a protected transmission line set is confirmed; and third, a zero-sum game model is formulated, and a robust Nash equilibrium solution is computed. Due to the game's characteristics, this solution reflects the smart attackers' sense of action. Relying on the solution, those lines that are most likely to be tripped form a new protected transmission line set. Finally, a comprehensive algorithm using a metric proposed in previous studies is proposed for finding an intelligent solution for the deployment of D-FACTS devices. We validated our results through extensive simulations using IEEE 14-bus, 30-bus, and 118-bus power systems provided by MATPOWER and the real-world load profiles from New York State. Our work, in tracking the targets that attackers are most likely to attack, opens up new ideas for the intelligent deployment of D-FACTS devices.

engineering, electrical & electronic,computer science, information systems,physics, applied

Bingjing Yan,Pengchao Yao,Jinming Wang,Tao Yang,Wei Ruan,Qiang Yang

DOI: https://doi.org/10.1109/ei252483.2021.9712952

2021-01-01

Abstract:The critical industrial infrastructures are facing increasing cyberspace threats and attacks in most recent years, the cyberspace security of different forms of Cyber Physical Systems (CPSs) has received much attention. The game theory is considered as an appropriate paradigm for formulating the behaviors of cyberspace attack and defense. This paper proposes a game theory based dynamic cybersecurity defense strategy in the context of electrical CPSs that relies on zero-sum game of incomplete information to identify the expected utility of attacker and defender under Nash equilibrium. The key idea of the proposed solution is to import physical security target and cyber safety index, analyze the asset value of different nodes in a multi-dimensional manner, and update Markov belief dynamically at each stage to reflect the understanding degree of both sides. The proposed solution is assessed through simulation experiments and the CPS testbed at Zhejiang University. The numerical results confirmed that the proposed method can carry out appropriate strategy for defense resources allocation in electrical CPS with the limited availability of defense resources.