Information security vulnerability scoring model for intelligent vehicles
More and more electronic devices are integrated into the modern vehicles with the development of intelligent vehicles.There are various design flaws and vulnerabilities hidden in a large number of hardware, firmware and software.Therefore, the vulnerabilities of intelligent vehicles have become the...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2022-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021096 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529793229619200 |
|---|---|
| author | Haiyang YU Xiuzhen CHEN Jin MA Zhihong ZHOU Shuning HOU |
| author_facet | Haiyang YU Xiuzhen CHEN Jin MA Zhihong ZHOU Shuning HOU |
| author_sort | Haiyang YU |
| collection | DOAJ |
| description | More and more electronic devices are integrated into the modern vehicles with the development of intelligent vehicles.There are various design flaws and vulnerabilities hidden in a large number of hardware, firmware and software.Therefore, the vulnerabilities of intelligent vehicles have become the most important factor affecting the vehicle safety.The safety of vehicles is seriously affected by the disclosure of a large number of vulnerabilities, and the wide application of smart cars is also restricted.Vulnerability management is an effective method to reduce the risk of vulnerabilities and improve vehicle security.And vulnerability scoring is one the important step in vulnerability management procedure.However, current method have no capability assessing automotive vulnerabilities reasonably.In order to handle this problem, a vulnerability scoring model for intelligent vehicles was proposed, which was based on CVSS.The attack vector and attack complexity were optimized, and property security, privacy security, functional safety and life safety were added to characterize the possible impact of the vulnerabilities according to the characteristics of intelligent vehicles.With the machine learning method, the parameters in CVSS scoring formula were optimized to describe the characteristics of intelligent vehicle vulnerabilities and adapt to the adjusted and new added weights.It is found in case study and statistics that the diversity and distribution of the model are better than CVSS, which means the model can better score different vulnerabilities.And then AHP is used to evaluate the vulnerability of the whole vehicle based on the vulnerability score of the model, a score is given representing the risk level of whole vehicle.The proposed model can be used to evaluate the severity of information security vulnerabilities in intelligent vehicles and assess the security risks of the entire vehicle or part of the system reasonably, which can provide an evidence for fixing the vulnerabilities or reinforcing the entire vehicle. |
| format | Article |
| id | doaj-art-6590aa3b402647a58207cd4ce541fd41 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2022-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-6590aa3b402647a58207cd4ce541fd412025-01-15T03:15:42ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2022-02-01816717959572037Information security vulnerability scoring model for intelligent vehiclesHaiyang YUXiuzhen CHENJin MAZhihong ZHOUShuning HOUMore and more electronic devices are integrated into the modern vehicles with the development of intelligent vehicles.There are various design flaws and vulnerabilities hidden in a large number of hardware, firmware and software.Therefore, the vulnerabilities of intelligent vehicles have become the most important factor affecting the vehicle safety.The safety of vehicles is seriously affected by the disclosure of a large number of vulnerabilities, and the wide application of smart cars is also restricted.Vulnerability management is an effective method to reduce the risk of vulnerabilities and improve vehicle security.And vulnerability scoring is one the important step in vulnerability management procedure.However, current method have no capability assessing automotive vulnerabilities reasonably.In order to handle this problem, a vulnerability scoring model for intelligent vehicles was proposed, which was based on CVSS.The attack vector and attack complexity were optimized, and property security, privacy security, functional safety and life safety were added to characterize the possible impact of the vulnerabilities according to the characteristics of intelligent vehicles.With the machine learning method, the parameters in CVSS scoring formula were optimized to describe the characteristics of intelligent vehicle vulnerabilities and adapt to the adjusted and new added weights.It is found in case study and statistics that the diversity and distribution of the model are better than CVSS, which means the model can better score different vulnerabilities.And then AHP is used to evaluate the vulnerability of the whole vehicle based on the vulnerability score of the model, a score is given representing the risk level of whole vehicle.The proposed model can be used to evaluate the severity of information security vulnerabilities in intelligent vehicles and assess the security risks of the entire vehicle or part of the system reasonably, which can provide an evidence for fixing the vulnerabilities or reinforcing the entire vehicle.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021096intelligent vehicleCVSSvulnerability scoring systemrisk assessmentnonlinear regressionAHP |
| spellingShingle | Haiyang YU Xiuzhen CHEN Jin MA Zhihong ZHOU Shuning HOU Information security vulnerability scoring model for intelligent vehicles 网络与信息安全学报 intelligent vehicle CVSS vulnerability scoring system risk assessment nonlinear regression AHP |
| title | Information security vulnerability scoring model for intelligent vehicles |
| title_full | Information security vulnerability scoring model for intelligent vehicles |
| title_fullStr | Information security vulnerability scoring model for intelligent vehicles |
| title_full_unstemmed | Information security vulnerability scoring model for intelligent vehicles |
| title_short | Information security vulnerability scoring model for intelligent vehicles |
| title_sort | information security vulnerability scoring model for intelligent vehicles |
| topic | intelligent vehicle CVSS vulnerability scoring system risk assessment nonlinear regression AHP |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2021096 |
| work_keys_str_mv | AT haiyangyu informationsecurityvulnerabilityscoringmodelforintelligentvehicles AT xiuzhenchen informationsecurityvulnerabilityscoringmodelforintelligentvehicles AT jinma informationsecurityvulnerabilityscoringmodelforintelligentvehicles AT zhihongzhou informationsecurityvulnerabilityscoringmodelforintelligentvehicles AT shuninghou informationsecurityvulnerabilityscoringmodelforintelligentvehicles |