dc.contributor.author |
Sheehan, Barry |
|
dc.contributor.author |
Murphy, Finbarr |
|
dc.contributor.author |
Mullins, Martin |
|
dc.contributor.author |
Ryan, Cian |
|
dc.date.accessioned |
2019-03-04T11:24:25Z |
|
dc.date.available |
2019-03-04T11:24:25Z |
|
dc.date.issued |
2018 |
|
dc.identifier.issn |
0965-8564 |
|
dc.identifier.uri |
http://hdl.handle.net/10344/7648 |
|
dc.description |
peer-reviewed |
en_US |
dc.description.abstract |
The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures. |
en_US |
dc.language.iso |
eng |
en_US |
dc.publisher |
Elsevier |
en_US |
dc.relation |
609772 |
en_US |
dc.relation.ispartofseries |
Transporation Research Part A; 124, pp. 523-536 |
|
dc.subject |
Auto insurance |
en_US |
dc.subject |
Bayesian networks |
en_US |
dc.subject |
Connected and autonomous vehicles |
en_US |
dc.subject |
Cyber liability |
en_US |
dc.subject |
Cyber-risk |
en_US |
dc.subject |
Intelligent transport systems |
en_US |
dc.subject |
Risk assessment |
en_US |
dc.title |
Connected and autonomous vehicles: a cyber-risk classification framework |
en_US |
dc.type |
info:eu-repo/semantics/article |
en_US |
dc.type.supercollection |
all_ul_research |
en_US |
dc.type.supercollection |
ul_published_reviewed |
en_US |
dc.date.updated |
2019-02-28T11:18:32Z |
|
dc.description.version |
PUBLISHED |
|
dc.identifier.doi |
10.1016/j.tra.2018.06.033 |
|
dc.contributor.sponsor |
ERC |
en_US |
dc.relation.projectid |
690772 |
en_US |
dc.rights.accessrights |
info:eu-repo/semantics/openAccess |
en_US |
dc.internal.rssid |
2894682 |
|
dc.internal.copyrightchecked |
Yes |
|
dc.identifier.journaltitle |
Transportation Research Part A-Policy And Practice |
|
dc.description.status |
peer-reviewed |
|