Optimal Defense Policies for Cost-Constrained Cyber Physical System

Cyber-Physical System (CPS) usually consists of vast amounts of heterogeneous nodes, and several types of nodes may not be upgraded or installed with new programs during their life spans. How to choose appropriate nodes to deploy security defense mechanisms to ensure system security is a vital and challenging issue. This paper considers the selection of optimal defense policies under a given cost constraint. First, we use the Attack Defense Tree (ADTree) to model attacks and countermeasures for CPS. Then, each defense node in ADTree is given a defense cost attribute and a defense success probability attribute as security evaluation indicators. After that, a probability tree model is proposed for evaluating the final defense success probability. Finally, based on the Minimum Cut Set (MCS) theory, the nodes that can maximize the defense probability with acceptable cost are selected as the optimal defense nodes. An open-source calculation tool is implemented, and the evaluation is performed through a denial of service attack against CPS. The results show that the proposed method is accurate and efficient, which can guide the formulation of CPS security protection.