Proactive Evaluation and Risk Analysis for Cybersecurity in Manufacturing Systems Using Game Theory Method




Zarreh, AliReza

Journal Title

Journal ISSN

Volume Title



The integration of cyber and network systems into traditional physical manufacturing systems in recent years not only enables enterprises to satisfy customer demand reliably but also has changed the whole manufacturing paradigm. However, these advancements have compromised the security of these systems by exposing them to new types of threats. Despite that previous incidents demonstrated the high impact of attack consequences, manufacturing systems are not mature enough to encounter these threats.

This research provides a novel proactive approach to predict the consequences of various attack scenarios by forecasting attackers’ behavior and recommends an optimal strategy to defend the system in order to minimize the damage. For this purpose, the interaction of attackers and the system is defined as a two-player game in which attackers capitalize on the vulnerabilities to harm the system, and the system reacts with specific actions to prevent, mitigate or recover from these attacks. CPMS’ characteristics are used to define the payoff function of this game.

In the first part of this study, the attacker and CPMS interaction is captured by a zero-sum game with perfect and complete information and then get solved by linear programming to find the optimal strategy for the system to minimize the damage. Then the complete information assumption is relaxed using quantal response equilibrium (QRE) to find the short-run behavior of players when they exposed to mistakes.

In the second part, the previously developed model is transformed into an epistemic type Bayesian game that considers uncertainties on the type of players and their risk preference behavior. The uncertainties on the type of players and their risk attitudes are projected on the utility function of each player. This model also resolves the shortcoming of zero-sum game for considering one utility function for both attacker and defender by forming separate function for each.

Finally, the last part of the study provides an application of the approach mentioned above for the risk assessment in cyber-physical manufacturing systems (CPMS). It proposed a method inspired by Failure Modes and Effects Analysis (FMEA) that addresses its limitations, namely: assessing risk when there are no previous experiences, and ignoring the dynamic interaction of attacker and the defender for cyber-physical security risks.


This item is available only to currently enrolled UTSA students, faculty or staff. To download, navigate to Log In in the top right-hand corner of this screen, then select Log in with my UTSA ID.


Bayesian Game, Cyber-physical manufacturing system, Cybersecurity in Manufacturing, FMEA, Game theory application, Zero-sum game



Mechanical Engineering