Abstract
Cybersecurity has become a significant factor in the automotive industry. It is responsible for protecting data and critical components of the vehicle against cyberattacks. Automobile manufacturers should ensure their vehicle’s cybersecurity, considering the UNECE regulation for road vehicle approval. Estimating risk severity is critical in this domain for specifying appropriate security mechanisms to address existing cyber risks. To have an accurate risk evaluation, we need to consider multiple factors of likelihood and impact, which indicate the probability of risk occurrence and its severity. However, establishing a relationship amongst multiple factors of impact and likelihood remains a challenging problem that needs to be addressed. In this work, we propose applying machine learning regression analysis to create correlations between various independent factors of likelihood and impact for predicting dependent variables that indicate the assessment of cyber risk severities. We use the UNECE threat list as a case study to show how machine learning regression approaches may help predict realistic cyber risk estimations in the automotive domain. Finally, we evaluate outcomes to demonstrate the effectiveness of regression analysis for evaluating cyber risks in the automotive sector.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Shaaban, A.M., Schmittner, C., Gruber, T., Mohamed, A.B., Quirchmayr, G., Schikuta, E.: Ontology-based model for automotive security verification and validation. In: Proceedings of the 21st International Conference on Information Integration and Web-Based Applications & Services, iiWAS2019, pp. 73–82, NY. Association for Computing Machinery (2019)
Macher, G., Armengaud, E., Brenner, E., Kreiner, C.: Threat and risk assessment methodologies in the automotive domain. Procedia Comput. Sci. 83, 1288–1294 (2016)
McAfee: Automotive security best practices. Technical report, McAfee (2016)
Kastebo, M., Nordh, V.: Model-based security testing in automotive industry. Master’s thesis, Department of Computer Science and Engineering, University of Gothenburg, Gothenburg, Sweden (2017)
Shaaban, A.M., Schmittner, C., Bonitz, A.: The design of a divide-and-conquer security framework for autonomous vehicles. In: The Eighth International Conference on Advances in Vehicular Systems, Technologies and Applications, pp. 94–102 (2019)
United Nations Economic Commission for Europe UNECE. CSOTA ad hoc “threats 2” (2017). https://wiki.unece.org/download/attachments/45383725/TFCS-ahT2-06%20%28Chair%29%20Table%20on%20CS%20threats%20-%20changes%20agreed%20by%20ahT2%20-%20non-cleaned%20up.xlsx?api=v2. Accessed 26 April 2022
Python: Python language (2022). https://www.python.org. Accessed 07 June 2022
The Task Force on and Cyber Security and Over-the-Air issues. Proposal for amendments to ECE/TRANS/WP.29/GRVA/2020/3 - draft new UN regulation on uniform provisions concerning the approval of vehicles with regard to cyber security and of their cybersecurity management systems (2020)
Shaaban, A.: An ontology-based cybersecurity framework for the automotive domain - design, implementation, and evaluation. PhD thesis, Faculty of Computer Science, University of Vienna, Austria (2021). https://utheses.univie.ac.at/detail/59948
Schmittner, C., Latzenhofer, M., Magdy, S.A., Hofer, M.: A proposal for a comprehensive automotive cybersecurity reference architecture. In: The 7th International Conference on Advances in Vehicular Systems, Technologies and Applications (2018)
ISO/FDIS: ISO/FDIS 26262-9 Road vehicles - Functional safety - Part 9: Automotive safety integrity level (ASIL)-oriented and safety-oriented analyses. Technical report, International Standard (2018)
Ali, A.A.: ISO 26262 functional safety standard and the impact in software lifecycle. J. Univ. Appl. Sci. (2017). http://rgdoi.net/10.13140/RG.2.2.12486.16963
Rong, S., Bao-Wen, Z.: The research of regression model in machine learning field. In: MATEC Web of Conferences, vol. 176, p. 01033 (2018). EDP Sciences
Gallo, A.: A refresher on regression analysis (2015). https://hbr.org/2015/11/a-refresher-on-regression-analysis. Accessed 10 Feb 2022
Vu, D.H., Muttaqi, K.M., Agalgaonkar, A.P.: A variance inflation factor and backward elimination based robust regression model for forecasting monthly electricity demand using climatic variables. Appl. Energy 140, 385–394 (2015)
Dutta, A.: Random forest regression in Python (2022). https://www.geeksforgeeks.org/random-forest-regression-in-python/. Accessed 04 May 2022
Xu, M., Watanachaturaporn, P., Varshney, P.K., Arora, M.K.: Decision tree regression for soft classification of remote sensing data. Remote Sens. Environ. 97(3), 322–336 (2005)
Awad, M., Khanna, R.: Support vector regression. In: Efficient Learning Machines, pp. 67–80. Apress, Berkeley, CA (2015). https://doi.org/10.1007/978-1-4302-5990-9_4
Raj, A.: Unlocking the true power of support vector regression (2020)
Sethi, A.: Support vector regression tutorial for machine learning (2020). https://www.analyticsvidhya.com/blog/2020/03/support-vector-regression-tutorial-for-machine-learning/. Accessed 28 Apr 2022
Ostertagová, E.: Modelling using polynomial regression. Procedia Eng. 48, 500–506 (2012)
Abhigyan: Understanding polynomial regression!!! (2020). https://medium.com/analytics-vidhya/understanding-polynomial-regression-5ac25b970e18. Accessed 26 Apr 2022
Acknowledgement
The ECQA Certified Cybersecurity Engineer and Manager - Automotive Sector is co-funded by the Erasmus+ Call 2020 Round 1 KA203 Programme of the European Union under the agreement 2020-1-CZ01- KA203-078494. This work is partially supported by Grant of SGS No. SP2021/87, VSB - Technical University of Ostrava, Czech Republic.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Shaaban, A.M., Chlup, S., Schmittner, C. (2022). UNECE Threat List Case Study: Prediction of Cyber Risks in the Automotive Domain Using Regression Analysis. In: Trapp, M., Schoitsch, E., Guiochet, J., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2022 Workshops . SAFECOMP 2022. Lecture Notes in Computer Science, vol 13415. Springer, Cham. https://doi.org/10.1007/978-3-031-14862-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-14862-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-14861-3
Online ISBN: 978-3-031-14862-0
eBook Packages: Computer ScienceComputer Science (R0)