Artificial Intelligence in Penetration Testing of a Connected and Autonomous Vehicle Network
Authors: Phillip Garrad, Saritha Unnikrishnan
Abstract:
The increase in connected and autonomous vehicles (CAV) creates more opportunities for cyber-attacks. Cyber-attacks can be performed with malicious intent or for research and testing purposes. As connected vehicles approach full autonomy, the possible impact of these cyber-attacks also grows. This review analyses the challenges faced in CAV cybersecurity testing. This includes access and cost of the representative test setup and lack of experts in the field A review of potential solutions to overcome these challenges is presented. Studies have demonstrated Artificial Intelligence (AI) as a promising technique to reduce runtime, enhance effectiveness and comprehensively cover all the standard test aspects in penetration testing in other industries. However, this review has identified a significant gap in the systematic implementation of AI for penetration testing in the CAV cybersecurity domain. The expectation from this review is to investigate potential AI algorithms, which can demonstrate similar improvements in runtime and efficiency for a CAV model. If proven to be an effective means of penetration test for CAV, this methodology may be used on a full CAV test network.
Keywords: Cybersecurity, connected vehicles, software simulation, artificial intelligence, penetration testing.
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 502References:
[1] K. Kim, J. S. Kim, S. Jeong, J. Park, H. K. Kim, "Cybersecurity for autonomous vehicles: Review of attacks and defense," Computers & Security, vol. 103, no. 102150, p. 27, 2021.
[2] J. Jadaan, S. Zeater, Y. Abukhalil, "Connected Vehicles: An Innovative Transport Technology," in 10th International Scientific Conference Transbaltica 2017: Transportation Science and Technology, Vilnius, 2017.
[3] A. Greenberg, "Hackers Remotely Kill a Jeep on the Highway - With Me in It," Wired, 21 July 2015. (Online). Available: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/. (Accessed 17 06 2021).
[4] F. Lambert, "The Big Tesla Hack: A hacker gained control over the entire fleet, but fortunately he’s a good guy," Electrek, 27 08 2020. (Online). Available: https://electrek.co/2020/08/27/tesla-hack-control-over-entire-fleet/. (Accessed 10 06 2021).
[5] D. Tobok, "How Does Penetration Testing Work?," 20 03 2019. (Online). Available: https://cytelligence.com/how-does-penetration-testing-work/. (Accessed 24 10 2021).
[6] D. R. Mickinnel, T. Dargahi, A. Dehghantanha, K. R. Choo, "A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment," Computers and Electrical Engineering, vol. 75, pp. 175-188, 2019.
[7] M. Lezzi, M. Lazoi, A. Corallo, "Cybersecurity for Industry 4.0 in the current literature: A reference framework," Computers in Industry, vol. 103, pp. 97-110, 2018.
[8] H. Murray, D. Malone, "Costs and benefits of authentication advice.," ArXiv, vol. abs/2008.05836, p. 34, 2020.
[9] M. Sergey, S. Nikolay. E. Sergey, "Cyber security concept for Internet of Everything (IoE)," in 2017 Systems of Signal Synchronization, Generating and Processing in Telecommunications (SINKHROINFO), Kazan, 2017.
[10] R. Sharma, S. Dangi, P. Mishra, "A Comprehensive Review on Encryption based Open Source Cyber Security Tools," in 2021 6th International Conference on Signal Processing, Solan, 2021.
[11] H. Xu, Y. Zhou, J. Ming, M. Lyu, "Layered obfuscation: a taxonomy of software obfuscation techniques for layered security," 03 04 2020. (Online). Available: https://cybersecurity.springeropen.com/articles/10.1186/s42400-020-00049-3. (Accessed 20 11 2021).
[12] A. Hassanzadeh, S. Modi, S.Mulchandani, "Towards effective security control assignment in the Industrial Internet of Things," in 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Milan, 2015.
[13] C. Sandberg, B. Hunter, "Cyber security primer for legacy process plant operation," in 2017 Petroleum and Chemical Industry Technical Conference (PCIC), Calgary, 2017.
[14] R. Chaturvedi, "UL testing standards to mitigate cybersecurity risk ∼ UL's approach with complement to the other standards for SICE 2017," in 2017 56th Annual Conference of the Society of Instrument and Control Engineers of Japan (SICE), Kanazawa, 2017.
[15] X. Ji, H. Cheng, Security Improvements in Connected Cars - Case Study: CEVT Connected Cars, 1st ed., Gothenburg: Chalmers tekniska högskola, 2019.
[16] C. Zhai, W. Wu, "Designing continuous delay feedback control for lattice hydrodynamic model under cyber-attacks and connected vehicle environment," Communications in Nonlinear Science and Numerical Simulation, vol. 95, no. 105667, p. 17, 2020.
[17] G. Rajbahadur, A. Malton, A. Walenstein, A. Hassan, "A Survey of Anomaly Detection for Connected Vehicle Cybersecurity and Safety," Changshu, 2018.
[18] T. Team, "Top 10 Biggest Car Manufacturers by Revenue (2021)," Thread in Motion, 27 07 2021. (Online). Available: https://www.threadinmotion.com/blog/top-10-biggest-car-manufacturers-by-revenue. (Accessed 20 11 2021).
[19] N. I. o. S. a. Technology, "National Vulnerability Database," U.S. Department of Commerce, Gaithersburg, 2021.
[20] G. Burzio, G. F. Cordella, M. Colajanni, M. Marchetti, D. Stabili, "Cybersecurity of Connected Autonomous Vehicles: A ranking based approach," Milan, 2018.
[21] Technical Committee ISO/TC 22/SC 32, "ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering," 08 2021. (Online). Available: https://www.iso.org/standard/70918.html. (Accessed 20 11 2021).
[22] Issuing Committee: Vehicle Cybersecurity Systems Engineering Committee, "Cybersecurity Guidebook for Cyber-Physical Vehicle Systems J3061_201601," 14 01 2016. (Online). Available: https://www.sae.org/standards/content/j3061_201601/. (Accessed 2021 11 20).
[23] H. Hoeberechts, "How ISO 21434 Will Transform the Automotive Industry," Mirai, 21 10 2020. (Online). Available: https://www.miraisecurity.com/blog/how-iso-21434-will-transform-the-automotive-industry. (Accessed 20 11 2021).
[24] A. Beliba, A. Kukoba, Vladyslav V., "Automotive Security Testing 101: Requirements, Best Practices, Tips on Overcoming ChallengesIt was originally published on https://www.apriorit.com/," 09 09 2021. (Online). Available: https://www.apriorit.com/dev-blog/742-cybersecurity-automotive-security-testing. (Accessed 21 11 2021).
[25] R. Shimonski, "How to Perform a Penetration Test," in Penetration Testing for Dummies, Wiley, 2020, p. 256.
[26] M. C. Hanem, T. M. Chen, "Reinforcement Learning for Efficient Network Penetration Testing," MDPI - Information 2020, vol. 11, no. 6, p. 23, 2019.
[27] Dean Richard McKinnel, Tooska Dargahi, Ali Dehghantanha, Kim-Kwang Raymond Choo, "A systematic literature review and meta-analysis on artificial intelligence in penetration testing and vulnerability assessment," Computers and Electrical Engineering, vol. 75, pp. 175-188, 2019.
[28] Z. Hu, R. Bueran, Y. Tan, "Automated Penetration Testing Using Deep Reinforcement Learning," in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, 2020.
[29] C. Kyrkou, A. Papachristodoulou, T. Theocharides, A. Kloukiniotis, A. Papandreou, A. Lalos, K. Moustakas, "Towards artificial-intelligence-based cybersecurity," in IEEE Computer Society Annual Symposium on VLSI, Limassol, 2020.
[30] J. Kamel, M. R. Ansari, J. Petit, A. Kaiser, I. Jemaa and P. Urien, "Simulation Framework for Misbehavior Detection," IEEE Transactions on Vehicular Technology, vol. 69, no. 6, pp. 6631-3344, 2020.
[31] F. M. Zennaro, L. Erdodi, "Modeling Penetration Testing with reinforcement learning using capture-the-flag challenges and tabular Q-learning," 26 May 2020. (Online). Available: https://arxiv.org/abs/2005.12632. (Accessed 30 September 2021).
[32] R. S. Sutton; A. G. Barto, Reinforcement Learning: An Introduction, Cambridge: MIT Press, 2018.
[33] Y. Feng, "Create a customized gym environment for Star Craft 2," 25 11 2019. (Online). Available: https://towardsdatascience.com/create-a-customized-gym-environment-for-star-craft-2-8558d301131f. (Accessed 17 04 2022).
[34] D. S. Fowler, M. Cheah. S. A. Shaikh, J. Bryans, "Towards A Testbed for Automotive Cybersecurity," Tokyo, 2017.
[35] A. Costley, C. Kunz, R. Gerdes, R. Sharma, "Low Cost, Open-Source Testbed to Enable Full-Sized Automated Vehicle Research," Systems and Control, 2020.
[36] T. Toyama, T. Yoshida, H. Oguma, T. Matsumoto, "PASTA: Portable Automotive Security Testbed with Adaptability," London, 2018.
[37] S. Baar, "Cheap Car Hacking for Everyone A Prototype for Learning about Car Security," Regensburg, 2020.
[38] K. J. Higgins, "Toyota Prepping 'PASTA' for its GitHub Debut," 2019. (Online). Available: https://www.darkreading.com/vulnerabilities-threats/toyota-prepping-pasta-for-its-github-debut. (Accessed 2021 11 14).
[39] D. Jiaa, J. Suna, A. Sharma, Z. Zhenga, B. Liu, "Integrated simulation platform for conventional, connected and automated driving A design from cyber–physical systems perspective," Transportation Research Part C, vol. 124, no. 102984, p. 19, 2021.
[40] F. AAlhaidari, A. Alrehan, "Asimulation work for generating a novel dataset to detect distributed denial of service attacks on Vehicular Adhoc NETwork systems," international Journal of Distributed Sensor Networks, vol. 17, no. 3, p. 25, 2021.