The cyberphysical system (CPS) is becoming the infrastructure of society. Unfortunately, the CPS is vulnerable to cyberattacks, which may cause environmental pollution, property losses, and even casualties. Furthermore, in contrast to the conventional Internet, the devices in CPSs are more specific, and the device systems may not be upgraded or installed with new programs during their life spans. The selection of the best defense nodes for defeating cyberattacks is quite challenging in CPSs. To overcome this issue, several attack-defense modeled methods have been proposed. However, few existing studies have considered the defense cost, which is usually a determinant in practice. In this paper, we propose a method for choosing optimal defense nodes that (1) can defeat specific attacks and (2) are inexpensive. First, the atom attack defense tree (A2DTree) is proposed by adding constraints to the conventional attack defense tree (ADTree). Second, the algebraic method is used to efficiently calculate the minimum defense cost. On this basis, a minimum defense cost calculation tool is designed and implemented. Finally, the effectiveness of the proposed method is verified with two typical case studies, and a comparative experiment of related work is carried out. The results show that the method can correctly and efficiently identify the optimal defense nodes and calculate the minimum defense cost of a CPS.

中文翻译：

---

攻击防御树的最小防御成本计算方法

网络物理系统（CPS）正在成为社会的基础设施。不幸的是，CPS容易受到网络攻击，这可能导致环境污染，财产损失甚至人员伤亡。此外，与传统的Internet相比，CPS中的设备更加具体，并且设备系统在其使用寿命期间可能不会升级或安装新程序。在CPS中，选择最佳的防御节点来克服网络攻击非常具有挑战性。为了克服这个问题，已经提出了几种攻击防御建模方法。但是，很少有现有研究考虑过国防成本，这在实践中通常是决定因素。在本文中，我们提出了一种选择最佳防御节点的方法，该方法可以（1）击败特定的攻击并且（2）价格便宜。第一，通过在常规攻击防御树（ADTree）上增加约束，提出了原子攻击防御树（A2DTree）。其次，使用代数方法来有效地计算最小防御成本。在此基础上，设计并实现了最低国防费计算工具。最后，通过两个典型案例验证了该方法的有效性，并进行了相关工作的对比实验。结果表明，该方法能够正确，有效地识别最优防御节点，并计算出CPS的最小防御成本。最后，通过两个典型案例验证了该方法的有效性，并进行了相关工作的对比实验。结果表明，该方法能够正确，有效地识别最优防御节点，并计算出CPS的最小防御成本。最后，通过两个典型案例验证了该方法的有效性，并进行了相关工作的对比实验。结果表明，该方法能够正确，有效地识别最优防御节点，并计算出CPS的最小防御成本。