Cyber vulnerabilities become ever more critical in modern industrial systems since the attacker can utilize the vulnerabilities to degrade their performance or even cause disasters. In 2015, a series of sequential and well-organized cyber attacks intruded into the Ukrainian power grid, compromised access to the control system, and interrupted the power supply system, finally causing a widespread power outage. To assist the defender, e.g., power grid operator, to allocate protection resources against cyber attacks, existing studies have devoted considerable efforts to risk and reliability analysis and interaction analysis using game theory. The defender's protection strategy includes preevent defense strategy and postevent repair strategy. The strategy spaces of both players were static in previous studies. However, facing Ukrainian-style cyber attacks, the strategy spaces could variate during the attacker-defender confrontation. In other words, the vulnerability compromised by the attacker in one stage could expose the subsequential vulnerabilities, leading to the change of strategy spaces. In this work, a multistage attack-defense graph game model is proposed to assist the defender in allocating protection resources optimally against sequential cyber attacks during multiple stages. In addition, we consider the existence of the rationality evolution of the attacker, which mainly results from asymmetric information, capacity limitation, and progressive learning during the confrontation. Compared to previous studies based on static strategy spaces and static rationalities, our model is more practical and effective in dealing with Ukrainian-style cyber attacks. The simulation results show the superiority of our approach, and some notable observations and practical suggestions are summarized for the defender.
Keywords: Attack-defense graph; game theory; rationality evolution.
© 2021 Society for Risk Analysis.