Article ID: | iaor20161444 |
Volume: | 36 |
Issue: | 4 |
Start Page Number: | 694 |
End Page Number: | 710 |
Publication Date: | Apr 2016 |
Journal: | Risk Analysis |
Authors: | Zhuang Jun, Rao Nageswara S V, Poole Stephen W, Ma Chris Y T, He Fei, Yau David K Y |
Keywords: | risk, computers, game theory, simulation |
The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game‐theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack‐defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack‐defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high‐level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high‐performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high‐performance computing infrastructures.