Generating Synthetic Automotive Data and Detecting Abnormal Vehicle Behavior Using Unsupervised Machine Learning

The amount of data generated, processed, and stored by the modern vehicle is increasing and this is creating the potential to detect abnormal and potentially dangerous situations occurring. The purpose of this thesis is to portray a lack of information in the area of intrusion detection using automotive data and to lay the foundations of research in intrusion detection using unsupervised machine learning. As vehicles continue to become more connected, there is an increased possibility of them being exploitable through a successful cyberattack. An example of a hacked Jeep Cherokee (Miller, Valasek, (2011)) and a remote exploitation strategy using multiple attack vectors (Checkoway et al, (2011)) was the prime exhibition of a situation where the vehicle can be remotely compromised. These examples demonstrate the potential to exploit aspects of the vehicle’s communication and control systems, resulting in expected behavior. This thesis is focused on detecting attacks targeting a vehicle by identifying abnormal vehicle behavior, exhibited through control data. To achieve this, synthetic vehicle data containing detectable abnormalities is generated and used for analysis and detection to help detect cyberattacks. Unsupervised machine learning techniques are used as a way to detect abnormal entries in-vehicle data. the synthetic data is generated based on datasets comparable with those generated during normal vehicle operations, before being used to insert manually insert skewness to generate abnormalities, before using and evaluating various unsupervised learning algorithms

Graph-Theoretic Approach for Manufacturing Cybersecurity Risk Modeling and Assessment

Identifying, analyzing, and evaluating cybersecurity risks are essential to assess the vulnerabilities of modern manufacturing infrastructures and to devise effective decision-making strategies to secure critical manufacturing against potential cyberattacks. In response, this work proposes a graph-theoretic approach for risk modeling and assessment to address the lack of quantitative cybersecurity risk assessment frameworks for smart manufacturing systems. In doing so, first, threat attributes are represented using an attack graphical model derived from manufacturing cyberattack taxonomies. Attack taxonomies offer consistent structures to categorize threat attributes, and the graphical approach helps model their interdependence. Second, the graphs are analyzed to explore how threat events can propagate through the manufacturing value chain and identify the manufacturing assets that threat actors can access and compromise during a threat event. Third, the proposed method identifies the attack path that maximizes the likelihood of success and minimizes the attack detection probability, and then computes the associated cybersecurity risk. Finally, the proposed risk modeling and assessment framework is demonstrated via an interconnected smart manufacturing system illustrative example. Using the proposed approach, practitioners can identify critical connections and manufacturing assets requiring prioritized security controls and develop and deploy appropriate defense measures accordingly.Comment: 25 pages, 10 figure