Abstract

The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures.

Highlights

  • The multiplicity of enabling technologies embedded within connected and autonomous vehicles (CAVs) promises prevention and mitigation of accidents, reduction in greenhouse gas emissions and more efficient utility of energy and infrastructure (Hult et al, 2016)

  • We present a Bayesian network (BN) cyber-risk classification model and demonstrate its ability to rank the risk of a CAV Global Positioning System (GPS) system vulnerability

  • A Bayesian Network (BN) model is proposed which utilizes the large collection of known software vulnerabilities stored in the National Vulnerability Database (NVD) and the standardised Common Vulnerability Scoring System (CVSS) scoring mechanisms to classify cyber-risk for CAV systems

Read more

Summary

Introduction

The multiplicity of enabling technologies embedded within connected and autonomous vehicles (CAVs) promises prevention and mitigation of accidents, reduction in greenhouse gas emissions and more efficient utility of energy and infrastructure (Hult et al, 2016). A primary goal of driver-less vehicles is the reduction of road fatalities predominately caused by human error It is again humans who pose the greatest threat to CAVs. The creators of the enabling technologies may unwittingly. We present a Bayesian network (BN) cyber-risk classification model and demonstrate its ability to rank the risk of a CAV GPS system vulnerability. This model can be used by insurers, vehicle manufacturers and suppliers to classify the risk of CAVs using known system vulnerabilities. It can be used to forecast future vulnerabilities using scenario analysis To our knowledge, this is the first application of a probabilistic risk assessment of CAVs cyber systems using a significant data set

Methods
Results
Discussion
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.