Connected and autonomous vehicles: A cyber-risk classification framework. (June 2019)
- Record Type:
- Journal Article
- Title:
- Connected and autonomous vehicles: A cyber-risk classification framework. (June 2019)
- Main Title:
- Connected and autonomous vehicles: A cyber-risk classification framework
- Authors:
- Sheehan, Barry
Murphy, Finbarr
Mullins, Martin
Ryan, Cian - Abstract:
- Abstract: The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures.
- Is Part Of:
- Transportation research. Volume 124(2019)
- Journal:
- Transportation research
- Issue:
- Volume 124(2019)
- Issue Display:
- Volume 124, Issue 2019 (2019)
- Year:
- 2019
- Volume:
- 124
- Issue:
- 2019
- Issue Sort Value:
- 2019-0124-2019-0000
- Page Start:
- 523
- Page End:
- 536
- Publication Date:
- 2019-06
- Subjects:
- Connected and autonomous vehicles -- Intelligent transport systems -- Cyber-risk -- Cyber liability -- Risk assessment -- Auto insurance -- Bayesian networks
CAV Connected and Autonomous Vehicle -- BN Bayesian Network -- ECU Electronic Control Units -- NVD National Vulnerability Database -- CVSS Common Vulnerability Scoring Scheme -- OEM Original Equipment Manufacturer -- ASIL Automotive Safety Integrity Level -- GPS Global Positioning System -- TPMS Tyre Pressure Monitoring Systems -- CAN Controller Area Network -- OTA Over-the-air -- EM Expectation-Maximisation -- ML Maximum Likelihood -- ISO International Organisation of Standardization -- SAE Society of Automotive Engineers -- PCI Payment Card Industry -- Mod Modified -- Req Requirement -- Env Environmental -- Temp Temporal -- Adj Adjacent -- Ctrl Control -- Meas Measurement -- Infra Infrastructure -- V2V Vehicle to Vehicle -- V2I Vehicle to Infrastructure -- V2X Vehicle to Everything -- Cmplx Complexity -- Avail Availability -- Conf Confidentiality -- N None -- L Low -- M Medium -- H High -- C Critical -- Vers Version -- P Probability
Transportation -- Research -- Periodicals
388.011 - Journal URLs:
- http://www.sciencedirect.com/science/journal/09658564 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.tra.2018.06.033 ↗
- Languages:
- English
- ISSNs:
- 0965-8564
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 9026.274604
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 10932.xml