An Attacker Modeling Framework for the Assessment of Cyber-Physical Systems Security
This addresses security assessment for CPS operators, but appears incremental as it builds on existing vulnerability databases and simulation approaches.
The paper tackles the problem of inconsistent security analysis in Cyber-Physical Systems by proposing a flexible attacker modeling framework that simulates diverse attacker behaviors to predict attack progression, demonstrated on a simulated industrial control system with probabilistic predictions.
Characterizing attacker behavior with respect to Cyber-Physical Systems is important to assuring the security posture and resilience of these systems. Classical cyber vulnerability assessment approaches rely on the knowledge and experience of cyber-security experts to conduct security analyses and can be inconsistent where the experts' knowledge and experience are lacking. This paper proposes a flexible attacker modeling framework that aids in the security analysis process by simulating a diverse set of attacker behaviors to predict attack progression and provide consistent system vulnerability analysis. The model proposes an expanded architecture of vulnerability databases to maximize its effectiveness and consistency in detecting CPS vulnerabilities while being compatible with existing vulnerability databases. The model has the power to be implemented and simulated against an actual or virtual CPS. Execution of the attacker model is demonstrated against a simulated industrial control system architecture, resulting in a probabilistic prediction of attacker behavior.