Experimental measurements of cyber resilience

Abstract

Cyber resilience is the ability of a system to resist and recover from a cyber attack, thereby restoring the system’s functionality. Effective design and development of a cyber resilient system requires experimental methods and tools for quantitative measuring of cyber resilience. This chapter describes an experimental method and test bed for obtaining resilience-relevant data as a system (in our case, a truck) traverses its route, in repeatable, systematic experiments. We model a truck equipped with an autonomous cyber-defense system and which also includes inherent physical resilience features. When attacked by malware, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performance degradation caused by the malware's attack. We propose parsimonious mathematical models to aid in quantifying systems’ resilience to cyber attacks. Using the models, we identify quantitative characteris- tics obtainable from experimental data, and show that these characteristics can serve as useful quantitative measures of cyber resilience. We model a vehicle equipped with an autonomous cyber-defenppse system in addition to its inherent physical resilience features. When attacked, this ensemble of cyber-physical features (i.e., "bonware") strives to resist and recover from the performance degradation caused by the malware's attack. We model the underlying differential equations governing such attacks for piecewise linear characterizations of malware and bonware, develop a discrete time stochastic model, and show that averages of instantiations of the stochastic model approximate solutions to the continuous differential equation. We develop a theory and methodology for approximating the parameters associated with these equations.

Citation

Weisman, M. J., Kott, A., Ellis, J. E., Murphy, B. J., Parker, T. W., Smith, S., & Vandekerckhove, J. (2025). Experimental measurements of cyber resilience. Cyber Resilience: Applied Perspectives. Risk, Systems and Decisions, 181-196.

Bibtex

@chapter{weisman_etal:2025:Experimental,
    title   = {{E}xperimental measurements of cyber resilience},
    author  = {Weisman, Michael J. and Kott, Alexander and Ellis, Jason E. and Murphy, Brian J. and Parker, Travis W. and Smith, Sydney and Vandekerckhove, Joachim},
    year    = {2025},
    journal = {Cyber Resilience: Applied Perspectives. Risk, Systems and Decisions},
    pages   = {181-196},
    doi     = {10.1007/978-3-031-90109-6_9}
}