Biblio

Emerging trends that are shaping the future of the automotive industry include electrification, autonomous driving, sharing, and connectivity, and these trends keep changing annually. Thus, the automotive industry is shifting from mechanical devices to electronic control devices, and is not moving to Internet of Things devices connected to 5G networks. Owing to the convergence of automobile-information and communication technology (ICT), the safety and convenience features of automobiles have improved significantly. However, cyberattacks that occur in the existing ICT environment and can occur in the upcoming 5G network are being replicated in the automobile environment. In a hyper-connected society where 5G networks are commercially available, automotive security is extremely important, as vehicles become the center of vehicle to everything (V2X) communication connected to everything around them. Designing, developing, and deploying information security techniques for vehicles require a systematic security-risk-assessment and management process throughout the vehicle's lifecycle. To do this, a security risk analysis (SRA) must be performed, which requires an analysis of cyber threats on automotive vehicles. In this study, we introduce a cyber kill chain-based cyberattack analysis method to create a formal vulnerability-analysis system. We can also analyze car-hacking studies that were conducted on real cars to identify the characteristics of the attack stages of existing car-hacking techniques and propose the minimum but essential measures for defense. Finally, we propose an automotive common-vulnerabilities-and-exposure system to manage and share evolving vehicle-related cyberattacks, threats, and vulnerabilities.

Network security is an important issue in today's world with existence of network systems that communicate data and information about all aspects of our life, work and business. Network security is an important issue with connected networks and data communication between organisations of that specialized in different areas. Network security engineers spend a considerable amount of time to investigate network for security breaches and to enhance the security of their networks and data communications on their networks. They use Attack Graphs (AGs) which are graphical representation of networks to assist them in analysing large networks. With increase size of networks and their complexity, the use of attack graphs alone does not provide the necessary risk analysis and assessment facilities. There is a need for automated intelligent systems such as multiagent systems to assist in analysing, assessing and testing networks. Network systems changes with the increase in the size of organisation and connectivity of network of organisations based on the business needs or organisational or governmental rules and regulations. In this paper a multi-agent system is developed assist in analysing interconnected network to identify security risks. The multi-agent system is capable of security network analysis to identify paths using an attack graph of the network under consideration to protect network systems, as the networks grow and change, against possible attacks. The multiagent system uses a model developed by Mohammadian [3] for converting AGs to Fuzzy Cognitive Maps (FCMs) to identify attack paths from attack graphs and perform security risk analysis. In this paper a novel decision-making approach using FCMs is employed.

Network architecture design and verification has become increasingly complicated as a greater number of security considerations, implementations, and factors are included in the design process. In the design process, one must account for various costs of interwoven layers of security. Generally these costs are simplified for evaluation of risk to the network. The obvious implications of adding security are the need to account for the impacts of loss (risk) and accounting for the ensuing increased design costs. The considerations that are not traditionally examined are those of the adversary and the defender of a given system. Without accounting for the view point of the individuals interacting with a network architecture, one can not verify and select the most advantageous security implementation. This work presents a method for obtaining a security metric that takes into account not only the risk of the defender, but also the probability of an attack originating from the motivation of the adversary. We then move to a more meaningful metric based on a monetary unit that architects can use in choosing a best fit solution for a given network critical path design problem.

The paper offers an approach for implementation of intelligent agents intended for network traffic and security risk analysis in cyber-physical systems. The agents are based on the algorithm of pseudo-gradient adaptive anomaly detection and fuzzy logical inference. The suggested algorithm operates in real time. The fuzzy logical inference is used for regulation of algorithm parameters. The variants of the implementation are proposed. The experimental assessment of the approach confirms its high speed and adequate accuracy for network traffic analysis.

In this presentation, I describe how the SEI's Security Engineering Risk Analysis (SERA) method provides a structure that connects desired system functionality with the underlying software to evaluate the sufficiency of requirements for software security and the potential operational security risks based on mission impact.