Automated Adversary Emulation for Cyber-Physical Systems via Reinforcement Learning
This work addresses the challenge of automating security assessments for cyber-physical systems, which is incremental as it applies existing RL methods to a new domain.
The paper tackled the problem of automating adversary emulation for cyber-physical systems, which is typically manual and costly, by developing a reinforcement learning approach that formulates attack sequences as a Markov Decision Process; the result showed improved performance in a numerical study on sensor deception attacks in buildings, though specific numbers were not provided.
Adversary emulation is an offensive exercise that provides a comprehensive assessment of a system's resilience against cyber attacks. However, adversary emulation is typically a manual process, making it costly and hard to deploy in cyber-physical systems (CPS) with complex dynamics, vulnerabilities, and operational uncertainties. In this paper, we develop an automated, domain-aware approach to adversary emulation for CPS. We formulate a Markov Decision Process (MDP) model to determine an optimal attack sequence over a hybrid attack graph with cyber (discrete) and physical (continuous) components and related physical dynamics. We apply model-based and model-free reinforcement learning (RL) methods to solve the discrete-continuous MDP in a tractable fashion. As a baseline, we also develop a greedy attack algorithm and compare it with the RL procedures. We summarize our findings through a numerical study on sensor deception attacks in buildings to compare the performance and solution quality of the proposed algorithms.