FlipIt Game Model Based Defense Strategy Against Cyberattacks on SCADA Systems Considering Insider Assistance

The industrial internet of things (IIoT) is emerging as a global trend to dramatically enhance the intelligence and efficiency of the industries in recent years. With the emphasis on data communication by IIoT, cyber vulnerabilities are introduced at the same time. As a key subsystem of the industrial automation systems, the supervisory control and data acquisition (SCADA) system is becoming one of the primary targets for cyberattacks in the IIoT paradigm. In this paper, the semi-Markov process (SMP) is employed to model and evaluate the cyberattacks against the SCADA systems considering the insider assistance. Based on the SMP model, the probability distribution of the time-to-compromise the system of the attacks is derived with the Monte Carlo simulation (MCS). Then, a FlipIt game model is developed to investigate the defense and attack strategies of the defender and attacker, and analyze the impacts of the insider assistance. Case studies were carried out to verify the proposed model. The results of the case studies show that the insider assistance will improve the payoff of the attacker and increase the defense action frequency of the system defender. With a high enough defense action frequency, the defender can force the attacker to drop out and eliminate the attack actions.