Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Can social media shape the security of next-generation connected vehicles?

Nicola Scarano, Luca Mannella, Alessandro Savino, Stefano Di Carlo

TL;DR

The paper addresses the challenge of assessing cyber risk in next-generation connected vehicles amid growing attack surfaces. It proposes SOCMATI, a Social Media Automotive Threat Intelligence framework that mines openly available social media data through a seven-phase data-driven pipeline organized on a V-model to support automotive threat assessment. The work outlines four concrete use cases—learn attack tactics, threat trend detection, threat intelligence metrics, and data-driven risk assessment—and maps processing techniques such as time-series analysis, NLP word embeddings and topic modeling, and network analysis to automotive security. By integrating social-media signals with established risk models (e.g., ISO/SAE 21434), the approach aims to augment predictive threat intelligence and proactive defense in the automotive domain. This framework offers a practical pathway to harness informal, global threat chatter for more timely and targeted automotive cybersecurity measures.

Abstract

The increasing adoption of connectivity and electronic components in vehicles makes these systems valuable targets for attackers. While automotive vendors prioritize safety, there remains a critical need for comprehensive assessment and analysis of cyber risks. In this context, this paper proposes a Social Media Automotive Threat Intelligence (SOCMATI) framework, specifically designed for the emerging field of automotive cybersecurity. The framework leverages advanced intelligence techniques and machine learning models to extract valuable insights from social media. Four use cases illustrate the framework's potential by demonstrating how it can significantly enhance threat assessment procedures within the automotive industry.

Can social media shape the security of next-generation connected vehicles?

TL;DR

The paper addresses the challenge of assessing cyber risk in next-generation connected vehicles amid growing attack surfaces. It proposes SOCMATI, a Social Media Automotive Threat Intelligence framework that mines openly available social media data through a seven-phase data-driven pipeline organized on a V-model to support automotive threat assessment. The work outlines four concrete use cases—learn attack tactics, threat trend detection, threat intelligence metrics, and data-driven risk assessment—and maps processing techniques such as time-series analysis, NLP word embeddings and topic modeling, and network analysis to automotive security. By integrating social-media signals with established risk models (e.g., ISO/SAE 21434), the approach aims to augment predictive threat intelligence and proactive defense in the automotive domain. This framework offers a practical pathway to harness informal, global threat chatter for more timely and targeted automotive cybersecurity measures.

Abstract

The increasing adoption of connectivity and electronic components in vehicles makes these systems valuable targets for attackers. While automotive vendors prioritize safety, there remains a critical need for comprehensive assessment and analysis of cyber risks. In this context, this paper proposes a Social Media Automotive Threat Intelligence (SOCMATI) framework, specifically designed for the emerging field of automotive cybersecurity. The framework leverages advanced intelligence techniques and machine learning models to extract valuable insights from social media. Four use cases illustrate the framework's potential by demonstrating how it can significantly enhance threat assessment procedures within the automotive industry.
Paper Structure (11 sections, 2 figures)

This paper contains 11 sections, 2 figures.

Table of Contents

  1. Introduction
  2. Background and related work
  3. Proposed framework
  4. Data acquisition and cleaning
  5. Processing techniques
  6. Use cases
  7. Learn attack tactics information
  8. Threats trend detection and prediction
  9. Define threat intelligence metrics
  10. Data Driven Risk Assessment
  11. Conclusion and future work

Figures (2)

  • Figure 1: This figure highlights three major competencies to design and implement the proposed framework.
  • Figure 2: The picture illustrates the V-model of the framework flow presented in the paper. The upper part of the model represents the initial and final stages of the workflow, focusing on structuring and validating the extracted threat information, such as the threat model. In contrast, the lower part of the model details the implementation steps. It begins with extracting preliminary data from the qualitative threat analysis, followed by a data science pipeline involving data extraction, cleaning, and processing. It concludes with visualizations and updates to the preliminary synthesis.