Automotive Cybersecurity Vulnerability Assessment Using the Common Vulnerability Scoring System and Bayesian Network Model
Yinghui Wang, Bin Yu, Haiyang Yu, Lingyun Xiao, Haojie Ji, Yanan Zhao
Abstract
As a promising technology, connected and autonomous vehicle (CAV) can reduce energy consumption and improve transportation safety. Nevertheless, as more enabling technologies are embedded in vehicles, the CAV is becoming more vulnerable to cybersecurity threats. Priority must be given to highly sensitive, life-threatening vulnerabilities. Therefore, an improved vulnerability assessment method for CAVs is proposed in this article, in which the common vulnerability scoring system (CVSS) and Bayes theory are adopted. Compared to the classical CVSS method, our scheme considers the impact of exploited vulnerabilities on the real world. In the meantime, a Bayesian network vulnerability classification model based on the <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$\text{CVSS}_{\text{CAV}}$</tex-math></inline-formula> method is designed to resolve the problem that the CAVs' vulnerability dataset is small and incomplete. The case study as well as simulation results with different datasets or algorithms indicate that our proposal is effective for vehicle vulnerability evaluation.