Proactive security defense: cyber threat intelligence modeling for connected autonomous vehicles

TL;DR

This paper introduces Actim, a framework for modeling cyber threat intelligence in connected autonomous vehicles, using ontologies, a new CTI corpus, and a BERT-based extraction model to enhance proactive cybersecurity defenses.

Contribution

The paper presents a novel automotive CTI modeling framework, including a new threat intelligence corpus, a cross-sentence context extraction model, and a CTI knowledge graph for autonomous vehicle cybersecurity.

Findings

Proposed BERT-DocHiatt-BiLSTM-LSTM model outperforms existing methods.

Created a new CTI corpus with 908 texts, 8195 entities, and 4852 relationships.

Developed a CTI knowledge graph to structurally represent cyber threats.

Abstract

Cybersecurity has become a crucial concern in the field of connected autonomous vehicles. Cyber threat intelligence (CTI), as the collection of cyber threat information, offers an ideal way for responding to emerging cyber threats and realizing proactive security defense. However, instant analysis and modeling of vehicle cybersecurity data is a fundamental challenge since its complex and professional context. In this paper, we suggest an automotive CTI modeling framework, Actim, to extract and analyse the interrelated relationships among cyber threat elements. Specifically, we first design a vehicle security-safety conceptual ontology model to depict various threat entity classes and their relations. Then, we manually annotate the first automobile CTI corpus by using real cybersecurity data, which comprises 908 threat intelligence texts, including 8195 entities and 4852 relationships. To effectively extract cyber threat entities and their relations, we propose an automotive CTI mining model based on cross-sentence context. Experiment results show that the proposed BERT-DocHiatt-BiLSTM-LSTM model exceeds the performance of existing methods. Finally, we define entity-relation matching rules and create a CTI knowledge graph that structurally fuses various elements of cyber threats. The Actim framework enables mining the intrinsic connections among threat entities, providing valuable insight on the evolving cyber threat landscape.