Societies are increasingly dependent on Cyber Physical Systems (CPSs), which are exposed to natural and human-made attacks. Attacks on CPSs can result in security breaches and behaviors that may impose harm on their environments. Understanding attack mechanisms is crucial to preventing losses or damage to people, assets or information. We develop a computational environment that allows to implement attacker agents under a stochastic optimization framework, allowing to use different techniques to model attacking behavior (i.e., policies), including approximate dynamic programming, reinforcement learning, or stochastic programming, as well as arbitrary policies (e.g., rules of thumb). We rely on the ADVISE formalism to represent attack paths on CPSs, leveraging their Markov Decision Process structure to build an environment that allows to test attacker and defender policies. The proposed environment is tested by simulating attacks on a SCADA system previously addressed in the literature, demonstrating satisfactory convergence for a Q-learning algorithm, which allows to identify the attack steps that most frequently lead to successful attacks. The proposed approach allows flexibility in modeling attackers, and allows to conceive models with interacting attacker and defender agents, which is left as the main goal of future work.
Modeling attacker behavior in Cyber-Physical-Systems / Gonzalez S.R.; Osorio J.B.; Gonzalez G.P.; Cuellar D.; Gomez C.; Mariotti F.; Montecchi L.; Lollini P.. - ELETTRONICO. - (2022), pp. 117-124. (Intervento presentato al convegno Latin-American Symposium on Dependable Computing (LADC) tenutosi a Fortaleza/CE Brazil nel November 21 - 24, 2022) [10.1145/3569902.3570188].
Modeling attacker behavior in Cyber-Physical-Systems
Mariotti F.
;Montecchi L.;Lollini P.
2022
Abstract
Societies are increasingly dependent on Cyber Physical Systems (CPSs), which are exposed to natural and human-made attacks. Attacks on CPSs can result in security breaches and behaviors that may impose harm on their environments. Understanding attack mechanisms is crucial to preventing losses or damage to people, assets or information. We develop a computational environment that allows to implement attacker agents under a stochastic optimization framework, allowing to use different techniques to model attacking behavior (i.e., policies), including approximate dynamic programming, reinforcement learning, or stochastic programming, as well as arbitrary policies (e.g., rules of thumb). We rely on the ADVISE formalism to represent attack paths on CPSs, leveraging their Markov Decision Process structure to build an environment that allows to test attacker and defender policies. The proposed environment is tested by simulating attacks on a SCADA system previously addressed in the literature, demonstrating satisfactory convergence for a Q-learning algorithm, which allows to identify the attack steps that most frequently lead to successful attacks. The proposed approach allows flexibility in modeling attackers, and allows to conceive models with interacting attacker and defender agents, which is left as the main goal of future work.
| File | Dimensione | Formato | |
|---|---|---|---|
|
Modeling attacker behavior in Cyber-Physical-Systems.pdf
accesso aperto
Tipologia:
Preprint (Submitted version)
Licenza:
Open Access
Dimensione
620.63 kB
Formato
Adobe PDF
|
620.63 kB | Adobe PDF |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
