Societies are increasingly dependent on Cyber Physical Systems (CPSs), which are exposed to natural and human-made attacks. Attacks on CPSs can result in security breaches and behaviors that may impose harm on their environments. Understanding attack mechanisms is crucial to preventing losses or damage to people, assets or information. We develop a computational environment that allows to implement attacker agents under a stochastic optimization framework, allowing to use different techniques to model attacking behavior (i.e., policies), including approximate dynamic programming, reinforcement learning, or stochastic programming, as well as arbitrary policies (e.g., rules of thumb). We rely on the ADVISE formalism to represent attack paths on CPSs, leveraging their Markov Decision Process structure to build an environment that allows to test attacker and defender policies. The proposed environment is tested by simulating attacks on a SCADA system previously addressed in the literature, demonstrating satisfactory convergence for a Q-learning algorithm, which allows to identify the attack steps that most frequently lead to successful attacks. The proposed approach allows flexibility in modeling attackers, and allows to conceive models with interacting attacker and defender agents, which is left as the main goal of future work.

Modeling attacker behavior in Cyber-Physical-Systems / Gonzalez S.R.; Osorio J.B.; Gonzalez G.P.; Cuellar D.; Gomez C.; Mariotti F.; Montecchi L.; Lollini P.. - ELETTRONICO. - (2022), pp. 117-124. (Intervento presentato al convegno Latin-American Symposium on Dependable Computing (LADC) tenutosi a Fortaleza/CE Brazil nel November 21 - 24, 2022) [10.1145/3569902.3570188].

Modeling attacker behavior in Cyber-Physical-Systems

Mariotti F.
;
Montecchi L.;Lollini P.
2022

Abstract

Societies are increasingly dependent on Cyber Physical Systems (CPSs), which are exposed to natural and human-made attacks. Attacks on CPSs can result in security breaches and behaviors that may impose harm on their environments. Understanding attack mechanisms is crucial to preventing losses or damage to people, assets or information. We develop a computational environment that allows to implement attacker agents under a stochastic optimization framework, allowing to use different techniques to model attacking behavior (i.e., policies), including approximate dynamic programming, reinforcement learning, or stochastic programming, as well as arbitrary policies (e.g., rules of thumb). We rely on the ADVISE formalism to represent attack paths on CPSs, leveraging their Markov Decision Process structure to build an environment that allows to test attacker and defender policies. The proposed environment is tested by simulating attacks on a SCADA system previously addressed in the literature, demonstrating satisfactory convergence for a Q-learning algorithm, which allows to identify the attack steps that most frequently lead to successful attacks. The proposed approach allows flexibility in modeling attackers, and allows to conceive models with interacting attacker and defender agents, which is left as the main goal of future work.
2022
Proc. of the 11th Latin-American Symposium on Dependable Computing
Latin-American Symposium on Dependable Computing (LADC)
Fortaleza/CE Brazil
November 21 - 24, 2022
Gonzalez S.R.; Osorio J.B.; Gonzalez G.P.; Cuellar D.; Gomez C.; Mariotti F.; Montecchi L.; Lollini P.
File in questo prodotto:
File Dimensione Formato  
Modeling attacker behavior in Cyber-Physical-Systems.pdf

accesso aperto

Tipologia: Preprint (Submitted version)
Licenza: Open Access
Dimensione 620.63 kB
Formato Adobe PDF
620.63 kB Adobe PDF

I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificatore per citare o creare un link a questa risorsa: https://hdl.handle.net/2158/1308193
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact