The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures.
Funding
Study on Aerodynamic Characteristics Control of Slender Body Using Active Flow Control Technique