This paper addresses the question whether model knowledge can guide a defender to appropriate decisions, or not, when an attacker intrudes into control systems. The model-based defense scheme considered in this study, namely Bayesian defense mechanism, chooses reasonable reactions through observation of the system's behavior using models of the system's stochastic dynamics, the vulnerability to be exploited, and the attacker's objective. On the other hand, rational attackers take deceptive strategies for misleading the defender into making inappropriate decisions. In this paper, their dynamic decision making is formulated as a stochastic signaling game. It is shown that the belief of the true scenario has a limit in a stochastic sense at an equilibrium based on martingale analysis. This fact implies that there are only two possible cases: the defender asymptotically detects the attack with a firm belief, or the attacker takes actions such that the system's behavior becomes nominal after a finite time step. Consequently, if different scenarios result in different stochastic behaviors, the Bayesian defense mechanism guarantees the system to be secure in an asymptotic manner provided that effective countermeasures are implemented. As an application of the finding, a defensive deception utilizing asymmetric recognition of vulnerabilities exploited by the attacker is analyzed. It is shown that the attacker possibly stops the attack even if the defender is unaware of the exploited vulnerabilities as long as the defender's unawareness is concealed by the defensive deception.

翻译：本文研究了当攻击者入侵控制系统时，模型知识能否引导防御者做出适当决策。本研究考虑的基于模型的防御方案（即贝叶斯防御机制）通过利用系统随机动力学模型、待利用脆弱性及攻击者目标，观察系统行为以选择合理反应。另一方面，理性攻击者会采取欺骗策略误导防御者做出不当决策。本文将二者的动态决策过程建模为随机信号博弈。基于鞅分析，证明真实场景的信念在均衡状态下具有随机意义上的极限。这一事实表明仅存在两种可能情形：防御者以坚定信念渐进检测到攻击，或攻击者采取行动使系统行为在有限时间步后恢复常态。因此，若不同场景导致不同随机行为，只要实施有效对抗措施，贝叶斯防御机制就能保证系统具有渐进安全性。作为该发现的应用，本文分析了利用攻击者认知不对称性的防御性欺骗策略。研究表明，即使防御者未察觉被利用的脆弱性，只要防御性欺骗掩盖了这一认知盲区，攻击者仍可能停止攻击。