With the introduction of more and more ECUs and components in vehicles, the automotive industry is moving towards increasingly connected and autonomous driving. This means not only more functionality available but also an increased risk to vehicle security and driver safety. Therefore, it is necessary to improve the existing solutions and create new techniques and methods not only to detect cyber attacks but also to mitigate and respond with appropriate actions. The paper proposes a Knowledge Base in Automotive to be integrated within a Vehicle Security Operation Center (V-SOC) in order to provide support to analysts in being able to reconstruct the attack kill chain and understand the impact of the attack on other components. The idea is to exploit, at this stage of the research, existing taxonomies in the literature on automotive attacks in order to obtain the classification of existing attacks, the automotive security development process, and the decomposition of incidents that consist of multiple attack steps.
Automotive Knowledge Base for Supporting Vehicle-SOC Analysts
Barletta V. S.
;Caivano D.;De Vincentiis M.;Pal A.;
2023-01-01
Abstract
With the introduction of more and more ECUs and components in vehicles, the automotive industry is moving towards increasingly connected and autonomous driving. This means not only more functionality available but also an increased risk to vehicle security and driver safety. Therefore, it is necessary to improve the existing solutions and create new techniques and methods not only to detect cyber attacks but also to mitigate and respond with appropriate actions. The paper proposes a Knowledge Base in Automotive to be integrated within a Vehicle Security Operation Center (V-SOC) in order to provide support to analysts in being able to reconstruct the attack kill chain and understand the impact of the attack on other components. The idea is to exploit, at this stage of the research, existing taxonomies in the literature on automotive attacks in order to obtain the classification of existing attacks, the automotive security development process, and the decomposition of incidents that consist of multiple attack steps.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
