Full Program
Summary:
Despite advancements in security methodologies modern vehicular systems still struggle to assess the criticality and resilience of security incidents. This work presents a framework that uses classification and clustering to evaluate the criticality of attacks in automotive systems which enables dynamic run-time assessment and prioritization based on asset impact and threat characteristics for informed decision-making during incident response. Our methodology assesses security incident criticality through a two-phase framework. The Offline Phase involves data collection mapping asset-threat relationships feature engineering and model training using multi-label classification and clustering. The Online Phase evaluates incidents in real-time by classifying security goals clustering threats and considering asset criticality. Results demonstrate 0.94 accuracy in classifying affected security goals while clustering yields 16 attack clusters. The final decision-making process achieves 0.92 accuracy highlighting resilience robustness adaptability and support for real-time incident management while processing criticality assessments in 13 ms which ensures applicability in automotive cybersecurity.Author(s):
Yaman Qendah
University of Passau
Germany
Stefan Katzenbeisser
University of Passau
Germany