DEFENDER Cyber-Physical-Social System Co-simulator for stochastic and time-domain assessment of cyber-physical attacks on critical infrastructures
DEFENDER Cyber-Physical-Social System (CPSS) Co-simulator utilizes attack trees as initial static representation of a cyber-physical attack. Attack trees are in turn transformed to stochastic and dynamic attack models that are based on Continuous-Time Markov Chains (CTMC). CTMC-based attack models allow for a stochastic quantification of attack propagation time as well as a quantification of probabilities to compromise the attack goals. The utilization of the CPSS Co-simulator output is twofold in the DEFENDER project. First, it is used by the modules within the DEFENDER solution for providing situation awareness and potential countermeasures. Second, it is leveraged within visualization dashboard for the operators. For this purpose, the attack assessment provided by the CPSS Co-simulator is converted back to an attack tree, which is considered as an effective visual support for attack perception.
Attack models utilized within the CPSS Co-simulator enable analysis of dependences and concurrences in the attack propagation, otherwise not feasible based on static attack trees. This allows for assessment of attacks exploiting multiple and interdependent vulnerabilities of a system. CTMC-based attack models can be extended to include the evaluation of the countermeasures in terms of assessment of an attack propagation with these countermeasures applied.
All the documentation is classified as EU RESTRICTED