Department of Energy, Politecnico di Milano, Milano, Italy.
MINES ParisTech/PSL Université Paris, Centre de Recherche sur les Risques et les Crises (CRC), Sophia Antipolis, France.
Risk Anal. 2019 Dec;39(12):2766-2785. doi: 10.1111/risa.13382. Epub 2019 Jul 30.
Defenders have to enforce defense strategies by taking decisions on allocation of resources to protect the integrity and survivability of cyber-physical systems (CPSs) from intentional and malicious cyber attacks. In this work, we propose an adversarial risk analysis approach to provide a novel one-sided prescriptive support strategy for the defender to optimize the defensive resource allocation, based on a subjective expected utility model, in which the decisions of the adversaries are uncertain. This increases confidence in cyber security through robustness of CPS protection actions against uncertain malicious threats compared with prescriptions provided by a classical defend-attack game-theoretical approach. We present the approach and the results of its application to a nuclear CPS, specifically the digital instrumentation and control system of the advanced lead-cooled fast reactor European demonstrator.
防御者必须通过决策资源分配来执行防御策略,以保护网络物理系统 (CPS) 的完整性和生存能力,使其免受有意和恶意的网络攻击。在这项工作中,我们提出了一种对抗风险分析方法,为防御者提供了一种新颖的片面规定性支持策略,以基于主观预期效用模型优化防御性资源分配,其中对手的决策是不确定的。与经典的防御-攻击博弈论方法提供的规定相比,该方法通过对不确定的恶意威胁的 CPS 保护措施的稳健性,提高了网络安全的信心。我们介绍了该方法及其在先进的铅冷快堆欧洲示范堆的数字仪表和控制系统等核 CPS 中的应用结果。
