Cyber-physical system (CPS) is an advanced system that integrats physical processes, computation and communication resources. The security of cyber-physical systems has become an active research area in recent years. In this paper, we focus on defensive strategies against network attacks in CPS. We introduce both low-and highinteraction honeypots into CPS as a security management tool deliberately designed to be probed, attacked and compromised. In addition, an analysis resource constraint is introduced for the purpose of optimizing defensive strategies against network attacks in CPS. We study the offensive and defensive interactions of CPS and model the offensive and defensive process as an incomplete information game with the assumption that the defender's analysis resource is unknown to the attacker. We prove the existence of several Bayesian-Nash equilibria in the low-and high-interaction honeypot game without analysis cost constraints and obtain the attacker's equilibrium strategy firstly. Then, we take the impact of analysis cost on the capture effect of honeypots into consideration and further optimize the defensive strategy by allocating analysis resource between low-and high-interaction honeypot with resource constraint. Finally, the proposed method is evaluated through numerical simulation and prove to be effective in obtaining the optimal defensive strategy.
As one of the most critical infrastructure, the power grid has been increasingly threatened by network attacks, especially advanced persistent threats (APTs). APT in the power grid is a continual and stealthy attack that analyzes the interaction between the cyber layer and the physical layer. The existing offensive and defensive processes for power grid using honeypots against APTs are modeled based on full rationality. Therefore, both the attacker and the defender make decisions to maximize their payoffs under full rationality. However, fully rational decisions made by end-users are not always conformed with the real cases, and prospect theory is a typical boundedly rational method to model these deviations. In this study, we propose a subjective APT-honeypot game model to study the offensive and defensive interactions between the attacker and the defender based on the prospect theory. In this model, we protect the power grid bus nodes by deploying honeypots, which consider both low-and high-interaction honeypot modes. We prove the existence of Bayesian-Nash equilibrium strategies in defense and attack strategies under bounded rationality. In addition, we used IEEE-30 Bus system to verify the proposed model in this paper. Experiment results show that bounded rationality affects strategy selection and reduces attacker's payoffs. INDEX TERMS Honeypot, game theory, power grid, APT, prospect theory.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.