Abstract:

SCADA system cyber security assessment is an important basic work to ensure the reliable work of the system. Existing evaluation methods do not take the mutual influence between the attacker and the defender and the economic effect into account. In order to solve this problem, we propose an assessment method based on attack defense tree and game theory. Based on the attack defense tree, this method calculates the expected payoff function of the attacker and the defender, and establishes the system's attack and defense game model. The mixed strategy Nash equilibrium of the complete information static game model is solved, and the probability distribution of the attack and defense strategy is obtained. We describe the application of the method in a case study. The evaluation results show that the method is reasonable and feasible, which can help risk managers to evaluate the investment benefit of the existing system information security and defense measures. So they can deploy the defensive measures focusing on some particular attack events to achieve maximum return of investment.

Key words: SCADA system, cyber security, attack defense tree, game theory, payoffs function