University of Limerick Institutional Repository

Connected and autonomous vehicles: a cyber-risk classification framework

DSpace Repository

Show simple item record Sheehan, Barry Murphy, Finbarr Mullins, Martin Ryan, Cian 2019-03-04T11:24:25Z 2019-03-04T11:24:25Z 2018
dc.identifier.issn 0965-8564
dc.description peer-reviewed en_US
dc.description.abstract The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures. en_US
dc.language.iso eng en_US
dc.publisher Elsevier en_US
dc.relation 609772 en_US
dc.relation.ispartofseries Transporation Research Part A; 124, pp. 523-536
dc.subject Auto insurance en_US
dc.subject Bayesian networks en_US
dc.subject Connected and autonomous vehicles en_US
dc.subject Cyber liability en_US
dc.subject Cyber-risk en_US
dc.subject Intelligent transport systems en_US
dc.subject Risk assessment en_US
dc.title Connected and autonomous vehicles: a cyber-risk classification framework en_US
dc.type info:eu-repo/semantics/article en_US
dc.type.supercollection all_ul_research en_US
dc.type.supercollection ul_published_reviewed en_US 2019-02-28T11:18:32Z
dc.description.version PUBLISHED
dc.identifier.doi 10.1016/j.tra.2018.06.033
dc.contributor.sponsor ERC en_US
dc.relation.projectid 690772 en_US
dc.rights.accessrights info:eu-repo/semantics/openAccess en_US
dc.internal.rssid 2894682
dc.internal.copyrightchecked Yes
dc.identifier.journaltitle Transportation Research Part A-Policy And Practice
dc.description.status peer-reviewed

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search ULIR


My Account