TY  - JOUR
PY  - 2019//
TI  - Connected and autonomous vehicles: a cyber-risk classification framework
JO  - Transportation research part A: policy and practice
A1  - Sheehan, Barry
A1  - Murphy, Finbarr
A1  - Mullins, Martin
A1  - Ryan, Cian
SP  - 523
EP  - 536
VL  - 124
IS  - 
N2  - The proliferation of technologies embedded in connected and autonomous vehicles (CAVs) increases the potential of cyber-attacks. The communication systems between vehicles and infrastructure present remote attack access for malicious hackers to exploit system vulnerabilities. Increased connectivity combined with autonomous driving functions pose a considerable threat to the vast socioeconomic benefits promised by CAVs. However, the absence of historical information on cyber-attacks mean that traditional risk assessment methods are rendered ineffective. This paper proposes a proactive CAV cyber-risk classification model which overcomes this issue by incorporating known software vulnerabilities contained within the US National Vulnerability Database into model building and testing phases. This method uses a Bayesian Network (BN) model, premised on the variables and causal relationships derived from the Common Vulnerability Scoring Scheme (CVSS), to represent the probabilistic structure and parameterisation of CAV cyber-risk. The resulting BN model is validated with an out-of-sample test demonstrating nearly 100% prediction accuracy of the quantitative risk score and qualitative risk level. The model is then applied to the use-case of GPS systems of a CAV with and without cryptographic authentication. In the use case, we demonstrate how the model can be used to predict the effect of risk reduction measures.<p />  <p>Language: en</p>
LA  - en
SN  - 0965-8564
UR  - http://dx.doi.org/10.1016/j.tra.2018.06.033
ID  - ref1
ER  -