Visible to the public A Markov Game Theoritic Approach for Power Grid Security

TitleA Markov Game Theoritic Approach for Power Grid Security
Publication TypeConference Paper
Year of Publication2017
AuthorsKamdem, G., Kamhoua, C., Lu, Y., Shetty, S., Njilla, L.
Conference Name2017 IEEE 37th International Conference on Distributed Computing Systems Workshops (ICDCSW)
Keywordsadvanced persistent threat, advanced persistent threats, Analytical models, Companies, cyber-attack, game theory, Games, graph theory, Human Behavior, information and communication technology, Markov game, Markov processes, Metrics, power engineering computing, Power Grid Security, power grids, power system security, pubcrawl, resilience, Resiliency, Scalability, security of data, two-player zero-sum Markov game theoretic approach, user authentication information steal

The extensive use of information and communication technologies in power grid systems make them vulnerable to cyber-attacks. One class of cyber-attack is advanced persistent threats where highly skilled attackers can steal user authentication information's and then move laterally in the network, from host to host in a hidden manner, until they reach an attractive target. Once the presence of the attacker has been detected in the network, appropriate actions should be taken quickly to prevent the attacker going deeper. This paper presents a game theoretic approach to optimize the defense against an invader attempting to use a set of known vulnerabilities to reach critical nodes in the network. First, the network is modeled as a vulnerability multi-graph where the nodes represent physical hosts and edges the vulnerabilities that the attacker can exploit to move laterally from one host to another. Secondly, a two-player zero-sum Markov game is built where the states of the game represent the nodes of the vulnerability multi-graph graph and transitions correspond to the edge vulnerabilities that the attacker can exploit. The solution of the game gives the optimal strategy to disconnect vulnerable services and thus slow down the attack.

Citation Keykamdem_markov_2017