An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security

TL;DR

This paper introduces a flexible attacker modeling framework for cyber-physical systems that simulates diverse attacker behaviors to improve security analysis and vulnerability detection.

Contribution

It presents a novel attacker modeling architecture that enhances vulnerability assessment consistency and integrates with existing databases for CPS security evaluation.

Findings

Successfully simulated attacker behavior on a virtual CPS.

Provided probabilistic predictions of attack progression.

Enhanced detection of CPS vulnerabilities.

Abstract

Characterizing attacker behavior with respect to Cyber-Physical Systems is important to assuring the security posture and resilience of these systems. Classical cyber vulnerability assessment approaches rely on the knowledge and experience of cyber-security experts to conduct security analyses and can be inconsistent where the experts' knowledge and experience are lacking. This paper proposes a flexible attacker modeling framework that aids in the security analysis process by simulating a diverse set of attacker behaviors to predict attack progression and provide consistent system vulnerability analysis. The model proposes an expanded architecture of vulnerability databases to maximize its effectiveness and consistency in detecting CPS vulnerabilities while being compatible with existing vulnerability databases. The model has the power to be implemented and simulated against an actual or virtual CPS. Execution of the attacker model is demonstrated against a simulated industrial control system architecture, resulting in a probabilistic prediction of attacker behavior.