Fatama Tuz Johora,Md Shahedul Islam Khan,Esrath Kanon,Mohammad Abu Tareq Rony,Md Zubair,Iqbal H. Sarker

2024-03-28

Abstract:Cyber risk refers to the risk of defacing reputation, monetary losses, or disruption of an organization or individuals, and this situation usually occurs by the unconscious use of cyber systems. The cyber risk is unhurriedly increasing day by day and it is right now a global threat. Developing countries like Bangladesh face major cyber risk challenges. The growing cyber threat worldwide focuses on the need for effective modeling to predict and manage the associated risk. This paper exhibits a Machine Learning(ML) based model for predicting individuals who may be victims of cyber attacks by analyzing socioeconomic factors. We collected the dataset from victims and non-victims of cyberattacks based on socio-demographic features. The study involved the development of a questionnaire to gather data, which was then used to measure the significance of features. Through data augmentation, the dataset was expanded to encompass 3286 entries, setting the stage for our investigation and modeling. Among several ML models with 19, 20, 21, and 26 features, we proposed a novel Pertinent Features Random Forest (RF) model, which achieved maximum accuracy with 20 features (95.95\%) and also demonstrated the association among the selected features using the Apriori algorithm with Confidence (above 80\%) according to the victim. We generated 10 important association rules and presented the framework that is rigorously evaluated on real-world datasets, demonstrating its potential to predict cyberattacks and associated risk factors effectively. Looking ahead, future efforts will be directed toward refining the predictive model's precision and delving into additional risk factors, to fortify the proposed framework's efficacy in navigating the complex terrain of cybersecurity threats.

Cryptography and Security,Machine Learning

Bharathi V,Vinoth Kumar C N S

DOI: https://doi.org/10.12694/scpe.v25i1.2405

2024-01-04

Abstract:The cyber-physical system is a specific type of IoT communication environment that deals with communication through innovative healthcare (medical) devices. The traditional medical system has been partially replaced by this application, improving healthcare through efficiency, accessibility, and personalization. The intelligent healthcare industry utilizes wireless medical sensors to gather patient health information and send it to a distant server for diagnosis or treatment. The healthcare industry must increase electronic device accuracy, reliability, and productivity. Artificial intelligence (AI) has been applied in various industries, but cybersecurity for cyber-physical systems (CPS) is still a recent topic. This work presents a method for intelligent threat recognition based on machine learning (ML) that enables run-time risk assessment for better situational awareness in CPS security monitoring. Several machine learning techniques, including Nave Bayes (65.4\%), Support Vector Machine (64.1%), Decision Tree (89.6%), Random Forest (92.5%), and Ensemble crossover (EC) XG boost classifier (99.64), were used to classify the malicious activities on real-world testbeds. The outcomes demonstrate that the Ensemble crossover XG boost enabled the best classification accuracy. When used in industrial reference applications, the model creates a safe environment where the patient is only made aware of risks when categorization optimism exceeds a specific limit, minimizing security managers' pressure and efficiently assisting their choices.

Halima Ibrahim Kure,Shareeful Islam,Mustansar Ghazanfar,Asad Raza,Maruf Pasha

DOI: https://doi.org/10.1007/s00521-021-06400-0

2021-08-11

Neural Computing and Applications

Abstract:Risk management plays a vital role in tackling cyber threats within the cyber-physical system (CPS). It enables identifying critical assets, vulnerabilities and threats and determining suitable proactive control measures for the risk mitigation. However, due to the increased complexity of the CPS, cyber-attacks nowadays are more sophisticated and less predictable, which makes risk management task more challenging. This paper aims for an effective cybersecurity risk management (CSRM) practice using assets criticality, predication of risk types and evaluating the effectiveness of existing controls. We follow a number of techniques for the proposed unified approach including fuzzy set theory for the asset criticality, machine learning classifiers for the risk predication and comprehensive assessment model (CAM) for evaluating the effectiveness of the existing controls. The proposed approach considers relevant CSRM concepts such as asset, threat actor, attack pattern, tactic, technique and procedure (TTP), and controls and maps these concepts with the VERIS community dataset (VCDB) features for the risk predication. The experimental results reveal that using the fuzzy set theory in assessing assets criticality supports stakeholder for an effective risk management practice. Furthermore, the results have demonstrated the machine learning classifiers exemplary performance to predict different risk types including denial of service, cyber espionage and crimeware. An accurate prediction of risk can help organisations to determine the suitable controls in proactive manner to manage the risk.

computer science, artificial intelligence

Mingyue Zhang Wu,Jinzhu Luo,Xing Fang,Maochao Xu,Peng Zhao

DOI: https://doi.org/10.1080/02664763.2021.1936468

IF: 1.416

2021-06-04

Journal of Applied Statistics

Abstract:Modeling cyber risks has been an important but challenging task in the domain of cyber security, which is mainly caused by the high dimensionality and heavy tails of risk patterns. Those obstacles have hindered the development of statistical modeling of the multivariate cyber risks. In this work, we propose a novel approach for modeling the multivariate cyber risks which relies on the deep learning and extreme value theory. The proposed model not only enjoys the high accurate point predictions via deep learning but also can provide the satisfactory high quantile predictions via extreme value theory. Both the simulation and empirical studies show that the proposed approach can model the multivariate cyber risks very well and provide satisfactory prediction performances.

statistics & probability

Zaid Almahmoud,Paul D Yoo,Omar Alhussein,Ilyas Farhat,Ernesto Damiani

DOI: https://doi.org/10.1038/s41598-023-35198-1

2023-05-17

Abstract:Traditionally, cyber-attack detection relies on reactive, assistive techniques, where pattern-matching algorithms help human experts to scan system logs and network traffic for known virus or malware signatures. Recent research has introduced effective Machine Learning (ML) models for cyber-attack detection, promising to automate the task of detecting, tracking and blocking malware and intruders. Much less effort has been devoted to cyber-attack prediction, especially beyond the short-term time scale of hours and days. Approaches that can forecast attacks likely to happen in the longer term are desirable, as this gives defenders more time to develop and share defensive actions and tools. Today, long-term predictions of attack waves are mostly based on the subjective perceptiveness of experienced human experts, which can be impaired by the scarcity of cyber-security expertise. This paper introduces a novel ML-based approach that leverages unstructured big data and logs to forecast the trend of cyber-attacks at a large scale, years in advance. To this end, we put forward a framework that utilises a monthly dataset of major cyber incidents in 36 countries over the past 11 years, with new features extracted from three major categories of big data sources, namely the scientific research literature, news, blogs, and tweets. Our framework not only identifies future attack trends in an automated fashion, but also generates a threat cycle that drills down into five key phases that constitute the life cycle of all 42 known cyber threats.

Momen Hesham,Mohamed Essam,Mohamed Bahaa,Ahmed Mohamed,Mohamed Gomaa,Mena Hany,Wael Elsersy

2024-07-08

Abstract:As these attacks become more and more difficult to see, the need for the great hi-tech models that detect them is undeniable. This paper examines and compares various machine learning as well as deep learning models to choose the most suitable ones for detecting and fighting against cybersecurity risks. The two datasets are used in the study to assess models like Naive Bayes, SVM, Random Forest, and deep learning architectures, i.e., VGG16, in the context of accuracy, precision, recall, and F1-score. Analysis shows that Random Forest and Extra Trees do better in terms of accuracy though in different aspects of the dataset characteristics and types of threat. This research not only emphasizes the strengths and weaknesses of each predictive model but also addresses the difficulties associated with deploying such technologies in the real-world environment, such as data dependency and computational demands. The research findings are targeted at cybersecurity professionals to help them select appropriate predictive models and configure them to strengthen the security measures against cyber threats completely.

Cryptography and Security

Ahmed Alghamdi

DOI: https://doi.org/10.52783/cana.v31.1476

2024-09-02

Abstract:The growing sophistication of malware in exisiting environment poses tough demands on its detection methods of another kind. This paper introduces a framework for cyber security improvement, a means to solve strongly the probability issue of how to determine the behavior algorithmically in your system. This research is applied to malware detection systems based on methods (Support Vector Machines, Random Forest) and Neural Networks that are robust against deception. Statistical analysis of security threats and a review of current methods used for malware detection are given at its outset. The proposed framework, with its statistical framework analysis, looks for patterns and anomalies that indicate malice. It then integrates cryptographic techniques onto data transmission, computation processes; that the core of our system remains untouched by potential disturbances. The concept is further elaborated with open-source code from the field, Machine Learning (SVM, Random Forest, Neural Networks), As if with this variety of tools we can now detect and classify types of malware that generate irregular patterns but do not necessarily resemble known signatures at all. Such a hybrid security mechanism as described here, combining the best of statistics, cryptographic security, and machine learning, gives a precision of detection beyond compare to today's systems. The experiments show large gains in both detection accuracy and response speed, demonstrating this whole-element approach's potential to better safeguard cybersecurity in all manner of fields. It may be foreseen that this proposed line of research could well become a key new tool, capable of adaptation and expansion with the needs expanding around us.

Subil Abraham,Suku Nair

DOI: https://doi.org/10.48550/arXiv.1501.01901

2015-01-08

Cryptography and Security

Abstract:Numerous security metrics have been proposed in the past for protecting computer networks. However we still lack effective techniques to accurately measure the predictive security risk of an enterprise taking into account the dynamic attributes associated with vulnerabilities that can change over time. In this paper we present a stochastic security framework for obtaining quantitative measures of security using attack graphs. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. Gaining a better understanding of the relationship between vulnerabilities and their lifecycle events can provide security practitioners a better understanding of their state of security. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.

Mostofa Ahsan,Kendall E. Nygard,Rahul Gomes,Minhaz Chowdhury,Nafiz Rifat,Jayden F Connolly,Md Minhaz Chowdhury

DOI: https://doi.org/10.3390/jcp2030027

2022-07-10

Journal of Cybersecurity and Privacy

Abstract:Machine learning is of rising importance in cybersecurity. The primary objective of applying machine learning in cybersecurity is to make the process of malware detection more actionable, scalable and effective than traditional approaches, which require human intervention. The cybersecurity domain involves machine learning challenges that require efficient methodical and theoretical handling. Several machine learning and statistical methods, such as deep learning, support vector machines and Bayesian classification, among others, have proven effective in mitigating cyber-attacks. The detection of hidden trends and insights from network data and building of a corresponding data-driven machine learning model to prevent these attacks is vital to design intelligent security systems. In this survey, the focus is on the machine learning techniques that have been implemented on cybersecurity data to make these systems secure. Existing cybersecurity threats and how machine learning techniques have been used to mitigate these threats have been discussed. The shortcomings of these state-of-the-art models and how attack patterns have evolved over the past decade have also been presented. Our goal is to assess how effective these machine learning techniques are against the ever-increasing threat of malware that plagues our online community.

computer science, information systems, interdisciplinary applications, software engineering

Iqbal H. Sarker

DOI: https://doi.org/10.1007/s40745-022-00444-2

2022-09-19

Annals of Data Science

Abstract:Abstract Due to the digitization and Internet of Things revolutions, the present electronic world has a wealth of cybersecurity data. Efficiently resolving cyber anomalies and attacks is becoming a growing concern in today’s cyber security industry all over the world. Traditional security solutions are insufficient to address contemporary security issues due to the rapid proliferation of many sorts of cyber-attacks and threats. Utilizing artificial intelligence knowledge, especially machine learning technology, is essential to providing a dynamically enhanced, automated, and up-to-date security system through analyzing security data. In this paper, we provide an extensive view of machine learning algorithms, emphasizing how they can be employed for intelligent data analysis and automation in cybersecurity through their potential to extract valuable insights from cyber data. We also explore a number of potential real-world use cases where data-driven intelligence, automation, and decision-making enable next-generation cyber protection that is more proactive than traditional approaches. The future prospects of machine learning in cybersecurity are eventually emphasized based on our study, along with relevant research directions. Overall, our goal is to explore not only the current state of machine learning and relevant methodologies but also their applicability for future cybersecurity breakthroughs.

Ali Shan,Seunghwan Myeong

DOI: https://doi.org/10.3390/s24154888

2024-07-27

Abstract:Cyber-security challenges are growing globally and are specifically targeting critical infrastructure. Conventional countermeasure practices are insufficient to provide proactive threat hunting. In this study, random forest (RF), support vector machine (SVM), multi-layer perceptron (MLP), AdaBoost, and hybrid models were applied for proactive threat hunting. By automating detection, the hybrid machine learning-based method improves threat hunting and frees up time to concentrate on high-risk warnings. These models are implemented on approach devices, access, and principal servers. The efficacy of several models, including hybrid approaches, is assessed. The findings of these studies are that the AdaBoost model provides the highest efficiency, with a 0.98 ROC area and 95.7% accuracy, detecting 146 threats with 29 false positives. Similarly, the random forest model achieved a 0.98 area under the ROC curve and a 95% overall accuracy, accurately identifying 132 threats and reducing false positives to 31. The hybrid model exhibited promise with a 0.89 ROC area and 94.9% accuracy, though it requires further refinement to lower its false positive rate. This research emphasizes the role of machine learning in improving cyber-security, particularly for critical infrastructure. Advanced ML techniques enhance threat detection and response times, and their continuous learning ability ensures adaptability to new threats.

Muath Asmar,Alia Tuqan

DOI: https://doi.org/10.1016/j.heliyon.2024.e37571

IF: 3.776

2024-09-06

Heliyon

Abstract:Cybersecurity continues to be an important concern for financial institutions given the technology's rapid development and increasing adoption of digital services. Effective safety measures must be adopted to safeguard sensitive financial data and protect clients from potential harm due to the rise in cyber threats that target digital organizations. The aim of this study is to investigates how machine learning algorithms are integrated into cyber security measures in the context of digital banking and its benefits and drawbacks. We initially provide a general overview of digital banks and the particular security concerns that differentiate them from conventional banks. Then, we explore the value of machine learning in strengthening cybersecurity defenses. We revealed that insider threats, distributed denial of service (DDoS) assaults, ransomware, phishing attacks, and social engineering are main cyberthreats that are digital banks exposed. We identify the appropriate machine learning algorithms such as support vector machines (SVM), recurrent neural networks (RNN), hidden markov models (HMM), and local outlier factor (LOF) that are used for detection and prevention cyberthreats. In addition, we provide a model that considers ethical concerns while constructing a cybersecurity framework to address potential vulnerabilities in digital banking systems. The advantages and disadvantages of incorporating machine learning into the cybersecurity strategy of digital banks are outlined using strengths, weaknesses, opportunities, threats (SWOT) analysis. This study seeks to provide a thorough knowledge of how machine learning may strengthen cybersecurity procedures, protect digital banks, and maintain customer trust in the ecosystem of digital banking.

Al-Harith Farhad,Ioannis Sorokos,Mohammed Naveed Akram,Koorosh Aslansefat,Daniel Schneider

2023-12-18

Abstract:The zeitgeist of the digital era has been dominated by an expanding integration of Artificial Intelligence~(AI) in a plethora of applications across various domains. With this expansion, however, questions of the safety and reliability of these methods come have become more relevant than ever. Consequently, a run-time ML model safety system has been developed to ensure the model's operation within the intended context, especially in applications whose environments are greatly variable such as Autonomous Vehicles~(AVs). SafeML is a model-agnostic approach for performing such monitoring, using distance measures based on statistical testing of the training and operational datasets; comparing them to a predetermined threshold, returning a binary value whether the model should be trusted in the context of the observed data or be deemed unreliable. Although a systematic framework exists for this approach, its performance is hindered by: (1) a dependency on a number of design parameters that directly affect the selection of a safety threshold and therefore likely affect its robustness, (2) an inherent assumption of certain distributions for the training and operational sets, as well as (3) a high computational complexity for relatively large sets. This work addresses these limitations by changing the binary decision to a continuous metric. Furthermore, all data distribution assumptions are made obsolete by implementing non-parametric approaches, and the computational speed increased by introducing a new distance measure based on the Empirical Characteristics Functions~(ECF).

Artificial Intelligence,Machine Learning

Malik Qasaimeh,Rand Abu Hammour,Muneer Bani Yassein,Raad S. Al‐Qassas,Juan Alfonso Lara Torralbo,David Lizcano

DOI: https://doi.org/10.1002/smr.2489

2022-08-16

Abstract:As the number of cyber‐attacks on financial institutions has increased over the past few years, an advanced system that is capable of predicting the target of an attack is essential. Such a system needs to be integrated into the existing detection systems of financial institutions as it provides them with proactive controls with which to halt an attack by predicting patterns. Advanced prediction systems also enhance the software design and security testing of new advanced cyber‐security measures by providing new testing scenarios supported by attack forecasting. This present study developed a model that forecasts future network‐based cyber‐attacks on financial institutions using a deep neural network. The dataset that was used to train and test the model consisted of some of the biggest cyber‐attacks on banking institutions over the past three years. This provided insight into new patterns that may end with a cyber‐crime. These new attacks were also evaluated to determine behavioral similarities with the nearest known attack or a combination of several existing attacks. The performance of the forecasting model was then evaluated in a real banking environment and provided a forecasting accuracy of 90.36%. As such, financial institutions can use the proposed forecasting model to improve their security testing measures.

computer science, software engineering

Tabrez Khan,Mohd. Faisal

DOI: https://doi.org/10.1007/s41870-023-01244-4

2023-04-22

International Journal of Information Technology

Abstract:The primary purpose of a software risk assessment is to predict risks and vulnerabilities that may exist in each phase of the software development life cycle (SDLC). Risk factors have a significant impact on the timeline, budget, and quality of software development. It's very important to know and understand the risks before they can be effectively managed. Researchers have developed several tools to manage the risk that help reduce the number of failed software projects and increase the number of successful software projects. This study aims to ascertain which risks are important and how often they happen, and to explore and reveal the situations where the risks could lead to software failure in the design phase. We are developing a model that can predict risks during the design process so that we can find the risk factors that lead to risks in software development. These risks have been analyzed, classified, and incorporated into Risk Prediction Trees (RPTs). Bayesian network (BN) techniques have been used to propose a model for estimating the probability of risk during the software design phase. The Bayesian network approach is used because the data can be obtained from software that has already been used. It has the flexibility to predict risk in real-time. And it has the best risk prediction rates when it comes to potential risk factors. The outcome of this study shows that, compared to other standard machine-learning approaches, BN can be used to predict possible risks in the early software design phase.

Jasmin Bharadiya

DOI: https://doi.org/10.47672/ejt.1486

2023-06-02

European Journal of Technology

Abstract:In the computer world, data science is the force behind the recent dramatic changes in cybersecurity's operations and technologies. The secret to making a security system automated and intelligent is to extract patterns or insights related to security incidents from cybersecurity data and construct appropriate data-driven models. Data science, also known as diverse scientific approaches, machine learning techniques, processes, and systems, is the study of actual occurrences via the use of data. Due to its distinctive qualities, such as flexibility, scalability, and the capability to quickly adapt to new and unknowable obstacles, machine learning techniques have been used in many scientific fields. Due to notable advancements in social networks, cloud and web technologies, online banking, mobile environments, smart grids, etc., cyber security is a rapidly expanding sector that requires a lot of attention. Such a broad range of computer security issues have been effectively addressed by various machine learning techniques. This article covers several machine-learning applications in cyber security. Phishing detection, network intrusion detection, keystroke dynamics authentication, cryptography, human interaction proofs, spam detection in social networks, smart meter energy consumption profiling, and security concerns with machine learning techniques themselves are all covered in this study. The methodology involves collecting a large dataset of phishing and legitimate instances, extracting relevant features such as email headers, content, and URLs, and training a machine-learning model using supervised learning algorithms. Machine learning models can effectively identify phishing emails and websites with high accuracy and low false positive rates. To enhance phishing detection, it is recommended to continuously update the training dataset to include new phishing techniques and to employ ensemble methods that combine multiple machine learning models for better performance.

Hamed Alqahtani,Iqbal H. Sarker,Asra Kalim,Syed Md. Minhaz Hossain,Sheikh Ikhlaq,Sohrab Hossain

DOI: https://doi.org/10.1007/978-981-15-6648-6_10

2020-01-01

Abstract:As the alarming growth of connectivity of computers and the significant number of computer-related applications increase in recent years, the challenge of fulfilling cyber-security is increasing consistently. It also needs a proper protection system for numerous cyberattacks. Thus, detecting inconsistency and attacks in a computer network and developing intrusion detection system (IDS) that performs a potential role for cyber-security. Artificial intelligence, particularly machine learning techniques, has been used to develop a useful data-driven intrusion detection system. In this paper, we employ various popular machine learning classification algorithms, namely Bayesian Network, Naive Bayes classifier, Decision Tree, Random Decision Forest, Random Tree, Decision Table, and Artificial Neural Network, to detect intrusions due to provide intelligent services in the domain of cyber-security. Finally, we test the effectiveness of various experiments on cyber-security datasets having several categories of cyber-attacks and evaluate the effectiveness of the performance metrics, precision, recall, f1-score, and accuracy.

Nataliia Neshenko,Elias Bou‐Harb,Borko Furht,Ravi Behara

DOI: https://doi.org/10.1111/risa.14209

2023-08-29

Risk Analysis

Abstract:With the continuous modernization of water plants, the risk of cyberattacks on them potentially endangers public health and the economic efficiency of water treatment and distribution. This article signifies the importance of developing improved techniques to support cyber risk management for critical water infrastructure, given an evolving threat environment. In particular, we propose a method that uniquely combines machine learning, the theory of belief functions, operational performance metrics, and dynamic visualization to provide the required granularity for attack inference, localization, and impact estimation. We illustrate how the focus on visual domain‐aware anomaly exploration leads to performance improvement, more precise anomaly localization, and effective risk prioritization. Proposed elements of the method can be used independently, supporting the exploration of various anomaly detection methods. It thus can facilitate the effective management of operational risk by providing rich context information and bridging the interpretation gap.

public, environmental & occupational health,mathematics, interdisciplinary applications,social sciences, mathematical methods

Fatima Al-Quayed,Zulfiqar Ahmad,Mamoona Humayun

DOI: https://doi.org/10.1109/access.2024.3372187

IF: 3.9

2024-03-12

IEEE Access

Abstract:Industry 4.0 is fundamentally based on networked systems. Real-time communication between machines, sensors, devices, and people makes it easier to transmit the data needed to make decisions. Informed decision-making is empowered by the comprehensive insights and analytics made possible by this connectedness in conjunction with information transparency. Industry 4.0-based wireless sensor networks (WSNs) are an integral part of modern industrial operations however, these networks face escalating cybersecurity threats. These networks are always vulnerable to cyber-attacks as they continuously collect data and optimize processes. Increased connections make people more susceptible to cyberattacks, necessitating the use of strong cybersecurity measures to protect sensitive data. This study proposes a predictive framework intended to intelligently prioritize and prevent cybersecurity intrusions on WSNs in Industry 4.0. The proposed framework enhances the cybersecurity of WSNs in Industry 4.0 using a multi-criteria approach. It implements machine-learning and deep-learning algorithms for cybersecurity intrusion detection in WSNs of Industry 4.0 and provides prevention by assigning priorities to the threats based on the situation and nature of the attacks. We implemented three models, i.e., Decision Tree, MLP, and Autoencoder, as proposed algorithms in the framework. For multidimensional classification and detection of cybersecurity intrusions, we implemented Decision Tree and MLP models. For binary classification and detection of cybersecurity intrusions in WSNs of Industry 4.0, we implemented Autoencoder model. Simulation results show that the Decision Tree model provides an accuracy of 99.48%, precision of 99.49%, recall of 99.48%, and F1 score of 99.49% in the detection and classification of cybersecurity intrusions. The MLP model provides an accuracy of 99.52%, precision of 99.5%, recall of 99.5%, and F1 score of 99.5% in the detection and classification of cybersecurity intrusions. The implementation of Autoencoder with binary classification yields an accuracy of 91%, a precision of 92%, a recall of 91%, and an F1 score of 91%. The benchmark models, i.e., Random Forest (RF) for multidimensional classification and Logistic Regression (LR) for binary classification, have also been implemented. We compared the performance of the benchmark models with the models implemented in the proposed framework, revealing that the models in the proposed framework

computer science, information systems,telecommunications,engineering, electrical & electronic

Shah Khalid Khan,Nirajan Shiwakoti,Peter Stasinopoulos,Yilun Chen,Matthew Warren

DOI: https://doi.org/10.1016/j.tranpol.2024.11.019

IF: 6.173

2024-01-01

Transport Policy

Abstract:Connected and Automated Vehicles (CAVs) cybersecurity is an inherently complex, multi-dimensional issue that goes beyond isolated hardware or software vulnerabilities, extending to human threats, network vulnerabilities, and broader system-level risks. Currently, no formal, comprehensive tool exists that integrates these diverse dimensions into a unified framework for CAV cybersecurity assessment. This study addresses this challenge by developing a System Dynamics (SD) model for strategic cybersecurity assessment that considers technological challenges, human threats, and public cybersecurity awareness during the CAV rollout. Specifically, the model incorporates a novel SD-based Stock-and-Flow Model (SFM) that maps six key parameters influencing cyberattacks at the system level. These parameters include CAV communication safety, user adoption rates, log file management, hacker capabilities, understanding of hacker motivations (criminology theory maturity), and public awareness of CAV cybersecurity.The SFM's structure and behaviour were rigorously tested and then used to analyse five plausible scenarios: i) Baseline (Technological Focus Only), ii) Understanding Hacker Motivations, iii) CAV User and OEM Education, iv) CAV Penetration Rate Increase, and v) CAV Penetration Rate Increase with Human Behavior Analysis. Four metrics are used to benchmark CAV cybersecurity: communication safety, probability of hacking attempts, probability of successful defence, and number of CAV adopters. The results indicate that while baseline technological advancements strengthen communication framework robustness, they may also create new vulnerabilities that hackers could exploit. Conversely, a deeper understanding of hacker motivations (Criminology Theory Maturity) effectively reduces hacking attempts. It fosters a more secure environment for early CAV adopters. Additionally, educating CAV users and OEM increases the probability of defending against cyberattacks. While CAV penetration increases the likelihood of hack defence due to a corresponding rise in attempts, there is a noticeable decrease in hacking attempts with CAV penetration when analysing human behaviour. These findings, when translated into policy instruments, can pave the way for a more optimised and resilient cyber-safe ITS.