Combining Hybrid Input-Output Automaton and Game Theory for Security Modeling of Cyber-Physical Systems

Abstract: We consider a security setting in which the Cyber-Physical System (CPS) is composed of subnetworks where each subnetwork is under ownership of one defender. Such CPS can be represented by an attack graph where the defenders are required to invest (subject to a budget constraint) on the graph's edges in order to protect their critical assets (where each defender's critical asset has a certain value to the defender if compromised). We model such CPS using Hybrid Input-Output Automaton (HIOA) where each subnetwork is represented by a HIOA module. We first establish the building blocks needed in our setting. We then present our model that characterizes the continuous time evolution of the investments and discrete transitions between different states (where each state represents different condition and/or perturbation) within the system. Finally, we provide a real-world CPS example to validate our modeling.