Name
Title | ||
|---|---|---|
HoneyCar: A Framework to Configure Honeypot Vulnerabilities on the Internet of Vehicles |
Abstract | ||
|---|---|---|
The Internet of Vehicles (IoV), whereby interconnected vehicles that communicate with each other and with road infrastructure on a common network, has promising socio-economic benefits but also poses new cyber-physical threats. To protect these entities and learn about adversaries, data on attackers can be realistically gathered using decoy systems like honeypots. Admittedly, honeypots introduces a trade-off between the level of honeypot-attacker interactions and incurred overheads and costs for implementing and monitoring these systems. Deception through honeypots can be achieved by strategically configuring the honeypots to represent components of the IoV to engage attackers and collect cyber threat intelligence. Here, we present HoneyCar, a novel decision support framework for honeypot deception in IoV. HoneyCar benefits from the repository of known vulnerabilities of the autonomous and connected vehicles found in the Common Vulnerabilities and Exposure (CVE) database to compute optimal honeypot configuration strategies. The adversarial interaction is modelled as a repeated imperfect-information zero-sum game where the IoV network administrator strategically chooses a set of vulnerabilities to offer in a honeypot and a strategic attacker chooses a vulnerability to exploit under uncertainty. Our investigation examines two different versions of the game, with and without the re-configuration cost, to empower the network administrator to determine optimal honeypot investment strategies given a budget. We show the feasibility of this approach in a case study that consists of the vulnerabilities in autonomous and connected vehicles gathered from the CVE database and data extracted from the Common Vulnerability Scoring System (CVSS). |
Year | DOI | Venue |
|---|---|---|
2022 | 10.1109/ACCESS.2022.3210117 | IEEE ACCESS |
Keywords | DocType | Volume |
Computer security, Optimization, Internet of Vehicles, Investment, Game theory, Connected vehicles, Privacy, Honeypots, cyber deception, internet of vehicles, cybersecurity investment, game theory, optimisation | Journal | 10 |
ISSN | Citations | PageRank |
2169-3536 | 0 | 0.34 |
References | Authors | |
0 | 6 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Sakshyam Panda | 1 | 0 | 0.34 |
| Stefan Rass | 2 | 0 | 0.34 |
| Sotiris Moschoyiannis | 3 | 102 | 13.86 |
| Kaitai Liang | 4 | 612 | 45.13 |
| Georgios Loukas | 5 | 329 | 26.79 |
| Emmanouil Panaousis | 6 | 1 | 1.37 |