Existing decision support systems for cyber-physical systems (CPS) in critical infrastructure exhibit significant limitations in balancing security assurance and operational continuity under multi-agent, multi-path coordinated attacks, particularly regarding uncertainty quantification and adaptive response. Method: This paper proposes a real-time adaptive decision support framework that innovatively integrates Bayesian probabilistic inference with multi-objective optimization. It adopts a hierarchical modeling paradigm and employs a domain-specific language for interpretable model encoding and dynamic updating. The framework incorporates Bayesian network modeling, hybrid exposure probability estimation, EPSS-CVSS fused vulnerability scoring, frequency-inspired heuristics, and Pareto-optimal mitigation strategy generation. Contribution/Results: Evaluated across three representative CPS attack scenarios, the framework enables real-time generation of robust, actionable mitigation strategies—demonstrating substantial improvements in threat response latency and system availability while preserving interpretability and adaptability.

This research proposes a real-time, adaptive decision-support framework for mitigating cyber incidents in cyber-physical systems, developed in response to an increasing reliance on these systems within critical infrastructure and evolving adversarial tactics. Existing decision-support systems often fall short in accounting for multi-agent, multi-path attacks and trade-offs between safety and operational continuity. To address this, our framework integrates hierarchical system modelling with Bayesian probabilistic reasoning, constructing Bayesian Network Graphs from system architecture and vulnerability data. Models are encoded using a Domain Specific Language to enhance computational efficiency and support dynamic updates. In our approach, we use a hybrid exposure probability estimation framework, which combines Exploit Prediction Scoring System and Common Vulnerability Scoring System scores via Bayesian confidence calibration to handle epistemic uncertainty caused by incomplete or heterogeneous vulnerability metadata. Mitigation recommendations are generated as countermeasure portfolios, refined using multi-objective optimisation to identify Pareto-optimal strategies balancing attack likelihood, impact severity, and system availability. To accommodate time- and resource-constrained incident response, frequency-based heuristics are applied to prioritise countermeasures across the optimised portfolios. The framework was evaluated through three representative cyber-physical attack scenarios, demonstrating its versatility in handling complex adversarial behaviours under real-time response constraints. The results affirm its utility in operational contexts and highlight the robustness of our proposed approach across diverse threat environments.