CAVeCTIR: Matching Cyber Threat Intelligence Reports on Connected and Autonomous Vehicles Using Machine Learning

Connected and automated vehicles (CAVs) are getting a lot of attention these days as their technology becomes more mature and they benefit from the Internet-of-Vehicles (IoV) ecosystem. CAVs attract malicious activities that jeopardize security and safety dimensions. The cybersecurity systems of CAV...

Full description

Saved in:
Bibliographic Details
Published in:Applied sciences 2022-11, Vol.12 (22), p.11631
Main Authors: Raptis, George E., Katsini, Christina, Alexakos, Christos, Kalogeras, Athanasios, Serpanos, Dimitrios
Format: Article
Language:English
Subjects:
Artificial intelligence
Automation
Autonomous vehicles
cluster analysis
Clustering
connected and autonomous vehicles
cyber threat intelligence reports
Cybersecurity
Forensic science
Forensic sciences
Intelligence gathering
Internet of Vehicles
Knowledge
Learning algorithms
Machine learning
Malware
Security
Threat evaluation
Threats
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Connected and automated vehicles (CAVs) are getting a lot of attention these days as their technology becomes more mature and they benefit from the Internet-of-Vehicles (IoV) ecosystem. CAVs attract malicious activities that jeopardize security and safety dimensions. The cybersecurity systems of CAVs detect such activities, collect and analyze related information during and after the activity, and use cyber threat intelligence (CTI) to organize this information. Considering that CTI collected from various malicious activities may share common characteristics, it is critical to provide the cybersecurity stakeholders with quick and automatic ways of analysis and interrelation. This aims to help them perform more accurate and effective forensic investigations. To this end, we present CAVeCTIR, a novel approach that finds similarities between CTI reports that describe malicious activities detected on CAVs. CAVeCTIR uses advanced machine learning techniques and provides a quick, automated, and effective solution for clustering similar malicious activities. We applied CAVeCTIR in a series of experiments investigating almost 3000 malicious activities in simulation, real-world, and hybrid CAV environments, covering seven critical cyber-attack scenarios. The results showed that the DBSCAN algorithm identified seven no-overlapping core clusters characterized by high density. The results indicated that cybersecurity stakeholders could take advantage of CAVeCTIR by adopting the same or similar methods to analyze newly detected malicious activity, speed up the attack attribution process, and perform a more accurate forensics investigation.
ISSN:2076-3417
2076-3417
DOI:10.3390/app122211631