Advances in automotive technology have paved the way for organisations to explore connected vehicles, usually with their own internet connection that allows cars to exchange data with other devices such as navigation and entertainment systems. Connected and autonomous vehicles (CAVs) bring a range of possible challenges such as communication with other vehicles and external infrastructure. This potentially makes CAVs susceptible to cyber attacks making it crucial to incorporate cyber security considerations in to their future development.
Hartree Centre’s data science team used statistical methods to analyse publicly available data on various types of cyber attack, extracting the probability of occurrence. To address questions surrounding the use of cyber security in CAVs, the team used a game theoretic simulation methodology to describe a decision-making process for CAV designers as to whether they should invest. This incorporated results of the data analysis performed in the cyber attack dataset alongside practical considerations such as the impact of a potential cyber attack on the company to help guide decision making.
This work was able to address a challenging issue by quantifying the security level of a CAV system. The team were able to develop a model for data-driven decision making in a CAV framework during a short, three month project. The proposed methodology to model decision making can easily be extended to facilitate additional factors that automotive companies might wish to take into account going forward. An example of this is the cost of a cyber security solution, both in terms of actual cost or whether solutions are compatible with existing software. Additionally, if CAV related cyber security data are made available, the results from analysis of these data can be used to further enhance the proposed game theoretic model for decision making.
"Working with the Hartree Centre has enabled our company to take a fresh look at our computational approach for cyber risk assessment for the CAVs."
At a glance
- Demonstrates that analysis of cyber security data sets can be used as inputs to the decision making processes
- Methodology can be generalised to accommodate input data resulting from cybersecurity threats directly related to CAVs.
- Statistical methods used to analyse public server log data.
- A game-theoretic approach was used to describe the interactions between attackers and defenders in the CAVs setting.