Connected and autonomous vehicles: A cyber-risk classification framework

The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of global positioning system (GPS) systems of a CAV with and without cryptographic authentication. In the use case, the authors demonstrate how the model can be used to predict the effect of risk reduction measures.

Language

  • English

Media Info

Subject/Index Terms

Filing Info

  • Accession Number: 01710626
  • Record Type: Publication
  • Files: TRIS
  • Created Date: Jun 18 2019 3:06PM