Abstract
Cyber-physical system (CPS) is the fuse of cyber world and the dynamic physical world and it is being widely used in areas closely related to people's livelihood. Therefore, the security issues of CPS have drawn a global attention and an appropriate risk assessment for CPS is in urgent need. The existing proposals using attack trees for risk assessment mainly focus on depicting the possible intrusions, not for interactions between threats and defenses. In this paper, a risk assessment idea for cyber-physical system with the use of attack-defense tree (ADTree) is proposed, considering the effect of both the attack cost and defense cost. The effectiveness of the proposed approach is evaluated by a set of metrics like probability of success, attack and defense cost and the impact of an attack. In addition, we introduce two economic factors (ROA and ROI) to evaluate the performance of ADTree. Finally, an illustration case of threat risk analysis in SCADA system is given to demonstrate our approach. Overall, our approach provides an effective means of risk assessment and countermeasures evaluation in the evolutional process of security management for cyber-physical system security.