Resiliency Graphs: Modelling the Interplay between Cyber Attacks and SystemFailures through AI Planning.
Objectives
The objective of the study is to enhance the resiliency of cyber-physical systems (CPS) byunderstanding how cyber attacks can lead to system failures. To achieve this, the authors propose the Resiliency Graph (RG) framework, which integrates Attack Graphs (AG) and Fault Trees (FT) to model the relationship between cyber vulnerabilities and physical system failures. The framework leverages AI planning to establish causal chains from attacks to system breakdowns, using a novel planning language to represent prerequisites and outcomes. This deterministic method allows system operators to evaluate and manage resiliency by simulating potential attack consequences. The ultimate goal is to provide a scalable and effective tool for assessing and improving the resilience posture of industrial control systems in CPS.
Resiliency Graph
This paper introduces the Resiliency Graph (RG) framework, a novel AI-planning-based approach to model the connection between cyberattacks and system failures in Cyber-Physical Systems (CPS), specifically industrial control systems (ICS). Traditional Attack Graphs (AG) and Fault Trees (FT) have been used separately to analyze security and safety aspects, but neither can model how cyber vulnerabilities directly cause cascading failures. The proposed RG framework integrates AG and FT by representing both attacks and faults using preconditions and postconditions within a planning language (PDDL), allowing operators to simulate and analyze cascading effects of failures triggered by cyberattacks.
To construct the RG, the authors propose the Resilience Path Learning Algorithm (RPLA), which iteratively learns the relationship between system vulnerabilities and resulting faults. It starts with an optimistic PDDL model and corrects it by aligning it with the true system behavior, ensuring accuracy.
Figure: Resiliency Graph for LNG Complex Flare System.
The framework is validated through empirical analysis using a real-world Flare System in an Algerian LNG plant, demonstrating how a cyberattack on a PLC can propagate into multi-stage system failures. The framework proves to be scalable and deterministic, avoiding the ambiguity of probabilistic methods. However, it currently finds only a single resilience path per query and does not capture all possible failure pathways in one run.
Our Team
Faculty Members
Students
Publications
- I. Ray, S. Sreedharan, R. Podder, S. K. Bashir and I. Ray, “Explainable AI for Prioritizing and Deploying Defenses for Cyber-Physical System Resiliency,” 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), Atlanta, GA, USA, 2023, pp. 184-192, doi: 10.1109/TPS-ISA58951.2023.00032.
- S. K. Bashir, R. Podder, S. Sreedharan, I. Ray and I. Ray, “Resiliency Graphs: Modelling the Interplay between Cyber Attacks and System Failures through AI Planning,” 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Washington, DC, USA, 2024, pp. 292-302, doi: 10.1109/TPS-ISA62245.2024.00041.
Sponsors
This work was partially supported by the U.S. National Science Foundation under Grant No. 1822118 and 2226232, Award Numbers DMS 2123761, the member partners of the NSF IUCRC Center for Cyber Security Analytics and Automation – AMI, NewPush, Cyber Risk Research, NIST and ARL – the State of Colorado (grant \#SB 18-086) and the authors’ institutions. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation, or other organizations and agencies.