Description:BACKGROUND
Technical Field
[0001] The embodiments herein generally relate to a security implementing system for Intelligent transportation systems, more particularly, to a system and a method for implementing the security of an intelligent transportation unit using artificial intelligence.
Description of the Related Art
[0002] The increasing reliance of industries, governments, and economies on cyberinfrastructure makes them highly vulnerable to cyber-attacks. Cyber threats such as malicious hacking, cyber warfare, cyber espionage, cyber terrorism, and cybercrime are escalating at an alarming rate, posing significant risks to real-world operations. A metropolitan road transportation network is essential for any city, and the rapid increase in vehicular traffic necessitates efficient traffic management systems. Intelligent Transportation Systems (ITS) play a crucial role in ensuring smooth and efficient traffic flow. However, ITS is a large, open, and complex ecosystem comprising multiple interconnected systems, sub-systems, and millions of electronic control units (ECUs). These systems generate vast amounts of real-time data to compute traffic flow, and traffic density, and regulate traffic, but they are also highly susceptible to cyber threats and attacks.
[0003] ITS encompasses both digital and physical networks, facilitating data exchange between multiple devices. The sensitive data generated by ITS and ECUs are vulnerable to cyber-attacks. Human factors, including cognitive and behavioral aspects, are often the weakest link in the cybersecurity chain. Thus, it is crucial to identify cyber risks and understand the behaviors of hackers, cyber analysts, and system users during cyber-attacks.
[0004] The severity of a cyber-attack depends on the attacker's goals and objectives, which can range from minor disruptions to significant disasters. Unaddressed ITS cyber-attacks can severely compromise systems, endangering lives and property. Information and Communications Technology (ICT) has become central to modern society, impacting nearly every sector, including transportation. The road transportation system is vital for daily commuting, and intelligent, smart vehicles are integral to our lives. The rise of semi- and fully autonomous vehicles underscores the need for advanced transportation systems. ITS utilizes advanced technologies to enhance traffic management, save time and money, and protect the environment. These systems connect vehicles and infrastructure via the internet or WLAN, enabling data sharing, software updates, and communication with other connected systems or IoT devices.
[0005] By 2030, it is estimated that 700 million connected vehicles and 90 million autonomous vehicles will be in operation. Modern vehicles, especially luxury models, can have over 100 ECUs, each controlled by microprocessors. ITS is modeled using four key components: computer systems, people, data, and infrastructure. A critical technology within ITS is vehicular ad hoc networks (VANETs), composed of smart vehicles and roadside units (sensors, cameras) that communicate wirelessly. Due to their ad-hoc nature, VANETs are susceptible to cyber-attacks that can jeopardize road safety.
[0006] Despite the evolution of transportation systems, they remain vulnerable to cyber-attacks. Vehicle connectivity is a relatively new phenomenon, and the technology is rapidly evolving, creating new challenges in cybersecurity. A notable example is the 2017 demonstration where white-hat hackers remotely took control of a Jeep Cherokee, illustrating potential vulnerabilities. The COVID-19 pandemic saw an 186% increase in ransomware attacks on the transportation industry, including a breach of the New York Metropolitan Transportation Authority (MTA) systems.
[0007] Addressing these threats requires a socio-technical approach to cybersecurity, considering human, social, organizational, economic, and technical factors, and their complex interactions. While technological solutions are available to protect cyber infrastructure, the human dimension of cyber-attacks receives less attention. ITS is a complex, interconnected system, making it vulnerable to cyber threats. For instance, if a hacker accesses a vehicle's peripheral ECU, such as the Bluetooth or infotainment system, they could potentially control safety-critical systems, leading to dangerous outcomes.
[0008] The ITS framework for road transportation consists of multiple interconnected sub-systems, including traffic management, public road transportation, private vehicles, electronic toll payment, law enforcement, emergency management, information management, and vehicle control and safety systems. These systems work together to ensure smooth traffic flow and safety. Key ITS applications and technologies include: (i) Vehicle Technologies: connected vehicles equipped with internet access and wireless LAN networks, and autonomous vehicles with multiple ECUs capable of navigating without human intervention, (ii) Roadways Reporting Technologies: systems like CCTV cameras, speed sensors, and vehicle detection systems to monitor traffic and road conditions, (iii) Traffic Flow Control: data from roadways reporting systems is processed to manage traffic flow and density, adjusting traffic signals to prevent congestion, (iv) Payment Systems: automated and manual toll collection systems, wireless ticket validators in public transport, and traffic violation payment systems, (v) Management Application Systems: central control rooms monitor the functionality and performance of ITS and its sub-systems, ensuring efficient traffic management, and (vi) Communication Applications and Systems: information exchange is vital, with data from one system serving as input for another, such as toll systems accessing payment gateways or traffic management data aiding disaster management.
[0009] The increasing complexity and connectivity of ITS make it essential to adopt comprehensive cybersecurity measures, addressing both technological and human factors, to safeguard transportation infrastructure from evolving cyber threats.
[0010] India has yet to implement fully automated driverless cars, but the current Intelligent Transportation Systems (ITS) are still vulnerable to various cyber threats. These threats include Brute-Force Attacks, Ransomware, unauthorized control over ITS routing systems, remote access to vehicle control systems, and manipulation of on-road cameras. Brute-force attacks are automated attempts to gain access to systems by systematically trying all possible combinations of passwords. Ransomware is malicious software that encrypts data and demands a ransom for its release. The unauthorized control over ITS routing systems is unauthorized access to manipulate traffic routing, causing disruptions. Remote access to vehicle control systems allows hackers to gain control over critical vehicle functions, potentially leading to accidents. Control of on-road cameras is interfering with surveillance systems to obscure criminal activities or create traffic issues.
[0011] An existing system (Y. Hou et al.) discusses the components of transportation systems and critical issues faced by local governments. Another existing system (Brett van Niekerk) provides a high-level analysis of cyber-attacks in South Africa, categorizing them by impact, perpetrator type, and victim type. Yet another existing system (T. Mecheva et al.) focuses on innovative ITS security plans like blockchain, bloom filter, fog computing, and artificial intelligence, correlating these with architectural layers in ITS.
[0012] ITS technologies and systems are increasingly vulnerable to cyber-attacks, necessitating urgent attention. Cyber threats in ITS can lead to significant disruptions, compromising both physical and digital infrastructure.
[0013] The transportation network’s integration of physical and cyber elements opens it up to new security challenges. The challenges include: (i) Deliberate and Planned: Attacks by protesters, terrorists, criminals, disgruntled passengers, insiders, or third parties, (ii) Deliberate and Spontaneous: Opportunistic crimes by disgruntled passengers, ex-employees, or third parties, (iii) Malicious and Non-Specific: Malware, hacking, spoofing, and sniffing, (iv) Malicious and Specific: Targeted attacks on businesses, industries, or ecosystems, (v) Accidental: Unintended consequences due to system errors or user mistakes, and (vi) Environmental: Natural disasters or power outages. These attacks could be carried out by different means such as: (i) Physical access (ii) Interfaces (iii) Cyber-attacks: Internet-borne malware (iv)Wireless devices (v) Denial of Service. The potential impact these attacks will have on the transportation systems include (i) Data breach (ii) Fabrication(ii) Loss of information and communications technology (ICT) (iii) Interrupted operations resulting in delays, and cancellations (iv) Damage to property, infrastructure, and life.
[0014] Thus, there is a need to identify and mitigate cyber risks and threats in ITS is critical and/or overcoming drawbacks associated with current methods.
SUMMARY
[0015] In view of the foregoing, an embodiment herein provides a system for implementing a security of an intelligent transportation unit against a plurality of security attacks using artificial intelligence. The system includes a sensor module, an intelligent transportation unit, and a server. The sensor module is configured to capture spatial-temporal data of a vehicle. The sensor module includes at least one of Radio Frequency Identification (RFID) sensors and cameras. The intelligent transportation unit associated with a user is configured to capture a registration number of the vehicle, and user data associated with the user. The server is configured to receive (i) the registration number of the vehicle and the user data associated with the user from the intelligent transportation unit, and (ii) the spatial-temporal data of the vehicle from the sensor module. The server includes a memory and a processor. The processor is configured to authenticate, using a cooperative model, the user by matching input data with a unique identifier of the user, the registration number of the vehicle. The processor is further configured to receive, from the user, a start location and a destination location of the vehicle upon successful authentication of the user. The processor is configured to compare a real-time location of the vehicle with a pre-defined route between the start location and the destination location of the vehicle. The real-time location of the vehicle is determined by analyzing the spatial-temporal data of the vehicle received from the sensor module. The processor is also configured to detect, using a Bayesian model associated with the artificial intelligence, one or more security attacks and one or more plans computed against the one or more security attacks to the user if a deviation is determined from the pre-defined route. The Bayesian model determines the deviation based on a probability of selection of the one or more plans selected by the user to respond to the one or more security attacks from an action space as an action or a reaction. The processor is further configured to implement security of the intelligent transportation unit against the one or more security attacks using the artificial intelligence by implementing, a stochastic model associated with the artificial intelligence, and a protective plan that evaluates an intensity of the one or more security attacks. The stochastic model estimates the intensity of the one or more security attacks by analyzing one or more attack plans of an attacker and one or more protective plans against the plurality of attack plans.
[0016] In some embodiments, the processor is configured to store the user data including a mobile number, an email ID, and a one-time password in a database. The server is configured to assign the unique identifier to the user upon successful registration on the intelligent transportation unit.
[0017] In some embodiments, the processor is configured to implement a cooperative model to compare the input data including at least one of a mobile number of the user, a vehicle number, with the unique identifier of the user assigned based on the registration number of the vehicle. The processor is configured to prompt the user to re-register on the intelligent transportation unit to obtain a new unique identifier upon a failed authentication.
[0018] In some embodiments, the processor is configured to alert an owner of the vehicle via at least one of a short message service (SMS) message or an email about the deviation from the pre-defined route between the start location and the destination location of the vehicle. The processor is configured to compare the pre-defined route against the real-time location of the vehicle which is determined from the spatial-temporal data captured by the sensor module.
[0019] In some embodiments, the RFID sensors associated with the sensor module are installed at one or more locations in a transport network associated with the intelligent transportation unit to capture the spatio-temporal data of the vehicle.
[0020] In some embodiments, when the attacker implements the one or more security attacks, then the processor is configured to suggest to the user for applying one or more protective plans. The one or more protective plans include at least one of (i) the user ignores an attack intimation, (ii) the user reports unexpected deviations to a defender and not respond to the attacker, (iii) the user responds to a threat vector and accepts a revised path, (iv) the user system is exploited, (iv) if the user chooses to cheat the attacker and not fall prey to any of the plurality of attack plans of the attacker, then the deviation in the pre-defined route is detected using the Bayesian model based on the one or more security attacks and the one or more plans available against the plurality of security attacks to the user.
[0021] In some embodiments, the stochastic model represents the protective plan as a sequence of states. In each state, the defender takes protective actions and the attacker responds. The attacker's response in each state acts as an input for defender's actions in the next state to combat the attack. The defender can combat the attack and secure the system when a state of Markov Equilibrium is reached.
[0022] The system identifies the assets of an intelligent transportation unit, conducts risk analysis and assessment, and the system can withstand cyber-attacks in a dynamic environment.
[0023] In one aspect, a method for implementing security of an intelligent transportation unit against one or more security attacks using artificial intelligence is provided. The method includes (i) capturing, using a sensor module of a system, a spatial-temporal data of a vehicle, wherein the sensor module comprises at least one of Radio Frequency Identification (RFID) sensors and cameras, (ii) capturing, using an intelligent transportation unit associated with a user, a registration number of the vehicle, and user data associated with the user, (iii) receiving, using a server of the system, (a) the registration number of the vehicle and the user data associated with the user from the intelligent transportation unit , and (b) the spatial-temporal data of the vehicle from the sensor module, wherein the server comprises a processor, (iv) authenticating, using the processor, the user by matching a input data with an unique identifier of the user, the registration number of the vehicle using a cooperative model, (v) receiving, using the processor, from the user, a start location and a destination location of the vehicle upon successful authentication of the user, (vi) comparing, using the processor, a real-time location of the vehicle with a pre-defined route in between the start location and the destination location of the vehicle, wherein the real-time location of the vehicle is determined by analyzing the spatial-temporal data of the vehicle received from the sensor module, (vii) detecting, using the processor and using a Bayesian model associated with the artificial intelligence, one or more security attacks and one or more plans computed against the one or more security attacks to the user if a deviation is determined from the pre-defined route, wherein the Bayesian model determines the deviation based on a probability of selection of the one or more plans selected by the user to respond to the plurality of security attacks from an action space as an action or a reaction, and (viii) implementing, using the processor, a security of the intelligent transportation unit against the plurality of security attacks using the artificial intelligence, by implementing a stochastic model associated with the artificial intelligence, a protective plan that is evaluated an intensity of the plurality of security attacks, wherein the stochastic model estimates the intensity of the plurality of security attacks by analyzing a plurality of attack plans of an attacker and a plurality of protective plans against the plurality of attack plans.
[0024] In some embodiments, the method includes storing the user data including a mobile number, an email ID, and a one-time password in a database, the method assigns the unique identifier to the user upon successful registration on the intelligent transportation unit.
[0025] In some embodiments, the method includes implementing a cooperative model to compare the input data comprising at least one mobile number of the user, a vehicle number, with the unique identifier of the user assigned based on the registration number of the vehicle. The method prompts the user/vehicle driver to re-register on the intelligent transportation unit to obtain a new unique identifier upon a failed authentication.
[0026] These and other aspects of the embodiments herein will be better appreciated and understood when considered in conjunction with the following description and the accompanying drawings. It should be understood, however, that the following descriptions, while indicating preferred embodiments and numerous specific details thereof, are given by way of illustration and not of limitation. Many changes and modifications may be made within the scope of the embodiments herein without departing from the spirit thereof, and the embodiments herein include all such modifications.
BRIEF DESCRIPTION OF THE DRAWINGS
[0008] The embodiments herein will be better understood from the following detailed description with reference to the drawings, in which:
[0009] FIG. 1 illustrates a block diagram of a system for implementing security of an intelligent transportation unit against one or more security attacks using artificial intelligence according to some embodiments herein;
[0010] FIG. 2 illustrates a block diagram of a server according to some embodiments herein;
[0011] FIGS. 3A & 3B are flow diagrams that illustrate a method for implementing security of an intelligent transportation unit against a plurality of security attacks using artificial intelligence according to some embodiments herein;
[0012] FIGS. 4A-4C illustrate exemplary game-theoretic models to depict the behavior and interaction between users, defenders, and attackers in the system according to some embodiments herein;
[0013] FIGS. 5A-5C illustrate different types of cyber-attacks on an intelligent transportation unit according to some embodiments herein; and
[0014] FIG. 6 is a schematic diagram of a system in accordance with the embodiments herein.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
[0015] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. Descriptions of well-known components and processing techniques are omitted so as to not unnecessarily obscure the embodiments herein. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0016] As mentioned, there remains a need for a system and a method for implementing a security of an intelligent transportation unit against one or more security attacks using artificial intelligence. Referring now to the drawings, and more particularly to FIGS. 1 through 6, where similar reference characters denote corresponding features consistently throughout the figures, preferred embodiments are shown.
[0027] FIG. 1 illustrates a block diagram of a system 100 for implementing security of an intelligent transportation unit 108 against one or more security attacks using artificial intelligence according to some embodiments herein. The system 100 includes a sensor module 102, an intelligent transportation unit 108, and a server 112. The sensor module 102 is configured to capture spatial-temporal data of a vehicle 110. The sensor module 102 includes at least one of Radio Frequency Identification (RFID) sensors 104 and cameras 106. The intelligent transportation unit 108 associated with a user is configured to capture a registration number of the vehicle 110, and user data associated with the user. The server 112 is configured to receive (i) the registration number of the vehicle 110 and the user data associated with the user from the intelligent transportation unit 108, and (ii) the spatial-temporal data of the vehicle 110 from the sensor module 102. The server 112 includes a memory 114 and a processor 116. The processor 116 is configured to authenticate, using a cooperative model, the user by matching input data with a unique identifier of the user, the registration number of the vehicle 110. The processor 116 is further configured to receive, from the user, a start location and a destination location of the vehicle 110 upon successful authentication of the user. The processor 116 is configured to compare a real-time location of the vehicle 110 with a pre-defined route between the start location and the destination location of the vehicle 110. The real-time location of the vehicle 110 is determined by analyzing the spatial-temporal data of the vehicle 110 received from the sensor module 102. The processor 116 is also configured to detect, using a Bayesian model associated with the artificial intelligence, one or more security attacks and one or more plans computed against the one or more security attacks to the user if a deviation is determined from the pre-defined route. The Bayesian model determines the deviation based on a probability of selection of the one or more plans selected by the user to respond to the one or more security attacks from an action space as an action or a reaction. The processor 116 is further configured to implement a security of the intelligent transportation unit 108 against the one or more security attacks using the artificial intelligence by implementing, a stochastic model associated with the artificial intelligence, a protective plan that is evaluated an intensity of the one or more security attacks. The stochastic model estimates the intensity of the one or more security attacks by analyzing one or more attack plans of an attacker and one or more protective plans against the plurality of attack plans.
[0028] In some embodiments, the processor 116 is configured to store the user data including a mobile number, an email ID, and a one-time password in a database. The server 112 is configured to assign the unique identifier to the user upon successful registration on the intelligent transportation unit 108.
[0029] In some embodiments, the processor 116 is configured to implement a cooperative model to compare the input data including at least one of a mobile number of the user, a vehicle number, with the unique identifier of the user assigned based on the registration number of the vehicle 110. The processor 116 is configured to prompt the user to re-register on the intelligent transportation unit 108 to obtain a new unique identifier upon a failed authentication.
[0030] In some embodiments, the processor 116 is configured to alert an owner of the vehicle 110 via at least one of a short message service (SMS) message or an email about the deviation from the pre-defined route between the start location and the destination location of the vehicle 110. The processor 116 is configured to compare the pre-defined route against the real-time location of the vehicle 110 which is determined from the spatial-temporal data captured by the sensor module 102.
[0031] In some embodiments, the RFID sensors 104 associated with the sensor module 102 are installed at one or more locations in a transport network associated with the intelligent transportation unit 108 to capture the spatiotemporal data of the vehicle 110.
[0032] In some embodiments, when the attacker implements the one or more security attacks, then the processor 116 is configured to suggest the user apply the one or more protective plans, The one or more protective plans includes at least one of (i) the user ignores an attack intimation, (ii) the user reports unexpected deviations to a defender and not responds to the attacker, (iii) the user responds to a threat vector and accepts a revised path, (iv) the user system is exploited, (iv) if the user chooses to cheat the attacker and not fall prey to any of the plurality of attack plans of the attacker, then the deviation in the pre-defined route is detected using the Bayesian model based on the one or more security attacks and the one or more plans available against the plurality of security attacks to the user.
[0033] In some embodiments, the stochastic model represents the protective plan as a sequence of states. In each state, the defender takes protective actions and the attacker responds. The attacker's response in each state acts as an input for the defender's actions in next state to combat the attack. The defender is able to combat the attack and secure the system when a state of Markov Equilibrium is reached. In some embodiments, the user may be a vehicle driver or a vehicle owner.
[0034] The intelligent transportation unit 108 generates dynamic spatial-temporal data about the vehicle position, vehicle identification number, vehicle driver information, and vehicle driver’s contact information at time t. This information has different values for different users of the intelligent transportation unit 108. The traffic police authority of the system 100 monitors traffic scenarios, detects and circumvents traffic congestion, and sends challans to the user/vehicle drivers for traffic violations. The user/vehicle driver is optimized a shortest path. The emergency services of the system 100 monitor the route of the emergency vehicles such as fire brigade, and police personnel vehicles to reach faster to the crime situation, and monitor and follow criminals on the run. In an exemplary embodiment, the attackers may (i) disrupt the traffic scenario by hacking the traffic signals, (ii) monitor the movement of VIP vehicles, and track their exact location to carry out an attack, (iii) monitor areas of traffic congestion during different environments in a day, (iv) track the location of Bank Vans (transferring cash from one location to another), cause a traffic jam by hacking the system, change the direction of the van, and plain robbery, (v) disrupt the traffic to escape police authority, (vi) disable cameras, sensors, and GPS devices and gain remote access, (vii) spread malicious code to access remote devices, (viii) execute Denial of Service Attack on the server or Distributed Denial of Service Attack, (ix) DNS spoofing attack, (x) plan a disastrous attack dynamically in the area of heavy traffic congestion, and (xi) authorization failure.
[0035] The system 100 may be a risk assessment framework that identifies the vulnerabilities and also considers the rational behavior of the users of a digital system. The risk assessment framework consists of 5 steps. Step 1 of the risk assessment framework includes identification and classification: the spatial-temporal data of the vehicles and the vehicle driver is sensitive. This sensitive information can be exploited by the attacker to carry out attacks of high density. There is thus a need to secure this information from cyber threat vectors. The intelligent transportation unit 108 can be attacked at physical, wireless, and network level. The system 100 identifies and groups different attacks on the intelligent transportation unit 108 into three vector types.
[0036] The below table 1 illustrates different types of attack vectors on the intelligent transportation unit 108.
Attack Vector Types Assets Attack
Physical Attacks Cameras at traffic junctions
Underground cables GPS devices
Mobile devices
Server
Remote host • Physically tampering with a device to steal/compromise data.
• Passive eaves dropping attacks by intercepting the exposed ports.
• Brute-force attack to compromise sensitive information.
• Sniffing network traffic between (i) devices and (ii) device and system.
• Scanning the secured/closed network to discover topology.
• Man—in—Middle to execute covert channel attack.
• Connecting a removable storage device loaded with malware to install.
Wireless Attacks Wireless network connection between vehicle to vehicle, vehicle to infrastructure, infrastructure to infrastructure. • Spoofing messages between client and server, between devices
• Sniffing wireless transmissions, e.g., vehicle’s wi-fi
• Remote transmission of malicious firmware
• Electronic jamming of wireless network to disrupt operations. • Using vehicle wi-fi as an entry point into the controller area network (CAN) bus and then to the on-board diagnostics (OBD), telematics control unit • Gain remote access to TCU, and in-vehicle infotainment (IVI) • Remote hijacking of vehicle controls • Installing malicious third-party apps in a car’s infotainment system • Attacking via a malicious app installed on a phone connected to the car’s Wi-Fi.
Network IOT enables devices. Servers, client devices DNS • Exploiting vulnerabilities in legacy software and hardware
• Identifying and abusing device misconfigurations
• Remote system discovery and abuse
• Social engineering attacks
• Denial-of-service attack and Distributed Denial-of-service attack
• SQL injection attacks
• DNS spoofing and hijacking attacks.
• Pivoting an ITS device as a trusted entry point into the corporate network.
[0037] The intelligent transportation unit 108 can also be prone to multimodal attack vectors involving all three types of attack vector categories. For example, an attacker can send the traffic flow control device such as a dynamic messaging device (DMS) incorrect/improper commands via a wireless link, by physically connecting to the device, and/or over the network by compromising a controller application.
[0038] Step 2 of the risk assessment framework includes determining vulnerabilities and mapping them with their attributes. To resolve any kind of subjectivity and uncertainty vulnerabilities need to be identified and then mapped to the principles of security. The system 100, for effective analyses of vulnerabilities, attributes related to the design and architecture of the system 100, the behavior and actions taken by the system 100, and general attributes that cut across both structure and behavior are considered. Once the vulnerabilities are identified, the next step is to relate the assets and attacks that can compromise confidentiality, integrity, and availability based on the vulnerability attributes analysis. The next step is to map the vulnerabilities with the appropriate threat. For example, the Distributed Denial of Service attack that can take the entire transportation network down exploits limits in the traffic capacity of the network, rigidity in rerouting and blocking incoming traffic, and managing a distributed architecture. Step 3 of the risk assessment framework includes a likelihood of exploitation. The third step in risk analysis is to determine how often each exposure is likely to be exploited. Likelihood relates to the number of times an existing system or control will be compromised. To minimize the subjectivity in this step, an extensive study of the attacks on transportation networks and their frequency is done. Based on the analysis, the likelihood of exploitation is numbered on a scale of 10 to 1. With one being the least occurring attack and ten indicating multiple occurrences of the attack in the particular time frame, every attack is associated with its likelihood.
[0039] Step 3 of the risk assessment framework includes computing expected loss. Based on the assets, possible vulnerabilities, and the likelihood of exploitation there is a need to compute the expected loss from the exploitation or attack on the system. In this system, the qualitative loss assessment is done as information or an asset needs to be protected only until it loses its value. Step 5 of the risk assessment framework includes suggested controls. Based on the results of step 4, different controls need to be selected and applied to the intelligent transportation unit 108 to curtail the vulnerability and threats. Most of the control mechanisms focus on technologies without considering: (i) the real-time attack intensity or the real-time attack environment and (ii) continuous interactions between the attackers and defenders where each of them is constantly adjusting their attack/defend plans to gain the upper hand. Thus, besides finding a specific defence technology/model, it is important to design a dynamic defence system that can intelligently adjust its plans to achieve the best defence against the attackers.
[0040] The system 100 is a cyber defence framework for the intelligent transportation unit 108 that considers dynamic interactions between the different stakeholders for the intelligent transportation unit 108 and evolutions between attackers, system users, and defenders. The system 100 secures intelligent transportation unit 108 and is tested by building a simulation in the intelligent transportation unit 108, the road transportation network, its subsystem, and the user interaction. The data is gathered from various sources such as sensors, and cameras, and shared via a wireless network. The safety of pedestrians involves sharing pedestrian information with all the vehicle drivers; autonomous navigation involves building real-time intelligent HD maps through the data collected by vehicles; remote driving involves receiving data from vehicle sensors, maps, and infrastructure information and enabling the controls of autonomous vehicles such as steering wheels, speed limits, brakes, etc.
[0041] FIG. 2 illustrates a block diagram of a server 112 according to some embodiments herein according to some embodiments herein. The system includes an input data receiving module 202, an authentication module 204, a route planning module 206, a real time monitoring module 208, an attack detection module 210, a protective plan implementation module 212 and a database 200. The input data receiving module 202 is configured to capture a spatial-temporal data of a vehicle 110 and a registration number of the vehicle 110, and user data associated with the user. The authentication module 204 is configured to receive (i) the registration number of the vehicle 110 and the user data associated with the user, and (ii) the spatial-temporal data of the vehicle 110 from the input data receiving module 202. The authentication module 204 is configured to authenticate, using a cooperative model, the user by matching an input data with a unique identifier of the user, the registration number of the vehicle 110. The route planning module 206 is configured to receive, from the user, a start location and a destination location of the vehicle 110 upon successful authentication of the user. The real time monitoring module 208 is configured to compare a real-time location of the vehicle 110 with a pre-defined route between the start location and the destination location of the vehicle 110. The real-time location of the vehicle 110 is determined by analyzing the spatial-temporal data of the vehicle 110 received from the sensor module 102. The attack detection module 210 is configured to detect, using a Bayesian model associated with the artificial intelligence, one or more security attacks and one or more plans computed against the one or more security attacks to the user if a deviation is determined from the pre-defined route. The Bayesian model determines the deviation based on a probability of selection of the one or more plans selected by the user to respond to the one or more security attacks from an action space as an action or a reaction. The protective plan implementation module 212 is configured to implement a security of the intelligent transportation unit 108 against the one or more security attacks using the artificial intelligence by implementing, a stochastic model associated with the artificial intelligence, a protective plan that is evaluated an intensity of the one or more security attacks. The stochastic model estimates the intensity of the one or more security attacks by analyzing one or more attack plans of an attacker and one or more protective plans against the plurality of attack plans. In some embodiments, the user data including a mobile number, an email ID, and a one-time password is stored in a database.
[0042] FIGS. 3A & 3B are flow diagrams that illustrate a method for implementing security of an intelligent transportation unit 108 against a plurality of security attacks using artificial intelligence according to some embodiments herein. At step 302, a spatial-temporal data of a vehicle 110 is captured using a sensor module 102 of a system 100. The sensor module 102 includes at least one of RFID sensors 104 and cameras 106. At step 304, a registration number of the vehicle 110, and user data associated with the user is captured, using an intelligent transportation unit 108 associated with a user. At step 306, (a) the registration number of the vehicle 110 and the user data associated with the user from the intelligent transportation unit 108, and (b) the spatial-temporal data of the vehicle 110 from the sensor module 102 is received using a server 112 of the system 100. The server 112 includes a processor 116. At step 308, the user is authenticated, using the processor 116, by matching an input data with a unique identifier of the user, the registration number of the vehicle 110 using a cooperative model. At step 310, a start location and a destination location of the vehicle 110 are received from the user, using the processor 116, upon successful authentication of the user.
[0043] At step 312, a real-time location of the vehicle 110 is compared with a pre-defined route between the start location and the destination location of the vehicle 110 using the processor 116. The real-time location of the vehicle 110 is determined by analyzing the spatial-temporal data of the vehicle 110 received from the sensor module 102. At step 314, one or more security attacks and one or more plans computed against the one or more security attacks on the user are detected, using the processor 116 and using a Bayesian model associated with the artificial intelligence, if a deviation is determined from the pre-defined route. The Bayesian model determines the deviation based on a probability of selection of the one or more plans selected by the user to respond to the one or more security attacks from an action space as an action or a reaction. At step 316, a security of the intelligent transportation unit 108 is implemented, against the one or more security attacks using the processor 116 and the artificial intelligence, by implementing a stochastic model associated with the artificial intelligence, a protective plan that is evaluated an intensity of the one or more security attacks. The stochastic model estimates the intensity of the one or more security attacks by analyzing one or more attack plans of an attacker and one or more protective plans against the one or more attack plans.
[0044] In some embodiments, the method includes storing the user data including a mobile number, an email ID, and a one-time password in a database, wherein the method assigns the unique identifier to the user upon successful registration on the intelligent transportation unit 108. In some embodiments, the method includes implementing a cooperative model to compare the input data comprising at least one of a mobile number of the user, a vehicle number, with the unique identifier of the user assigned based on the registration number of the vehicle 110. The method prompts the user/vehicle driver to re-register on the intelligent transportation unit 108 to obtain a new unique identifier upon a failed authentication.
[0045] FIGS. 4A-4C illustrate exemplary game-theoretic models to depict the behavior and interaction between users, defenders, and attackers in the system 100 according to some embodiments herein. Security problems encompass offensive and protective actions across nations, institutions, and individuals. Cyber attackers aim to steal information and access assets, while defenders strive to prevent the intrusions. Defending against sophisticated, unauthorized intrusions is challenging due to the complexity of the environment, the variety of digital weapons used, the speed of operations, and the large number of nodes to protect against numerous potential attackers.
[0046] Game Theory is commonly used to understand the rational behavior of attackers and defenders, including their motives, plans, and resource allocation. Attackers use digital weapons that are often imperceptible to human senses, are not limited by geography or political boundaries, require highly sophisticated technical knowledge, and can be highly dynamic and distributed. Consequently, defenders need plans that are dynamic and adaptive to sophisticated attackers, unlike the currently common static and non-adaptive defence algorithms.
[0047] In FIGS. 4A-4C, a game-theoretic model is illustrated to depict the behavior and interaction between users, defenders, and attackers in the system 100. Laboratory experiments demonstrate how human defenders deal with random cyber threat vectors using plans that mimic real-life interactions between defenders, users, and attackers. The game-theoretic model developed from this experiment is general and applicable to various cybersecurity problems in different fields.
[0048] In a transportation network, interactions occur among users (e.g., vehicle drivers), defenders (e.g., traffic authorities), and attackers (e.g., hackers, crackers, amateurs). Each of these participants has different objectives and actions based on rational analysis (e.g., cost-benefit analysis). Defenders use different controls to minimize threats by managing vulnerabilities based on risk assessments. These controls are effective only if users efficiently apply them. Attackers choose their targets and plans based on a careful analysis of technologies and defence techniques. This experiment designed three game-theoretic models to depict the interactions (i.e., cooperation, attack, and counter) among users, defenders, and attackers in a transportation network. The models aim to study the behavior of users, defenders, and attackers and the effectiveness of controls in a cyber environment: (i) Cooperative game between User and Defender, (ii) Bayesian game between Defender and Attacker, and (iii) Stochastic game between User and Attacker.
[0049] The users of the system 100 are of two types: (i) Individual users and (ii) Security professionals. The individual users, such as vehicle drivers, vehicle owners, and traffic police authorities, are not computer security professionals and lack formal training to protect their devices. The security professionals attempt to minimize cybersecurity risks by providing protection mechanisms. However, it is crucial for individual users to cooperate with security professionals by following security measures.
[0050] The user-defender interaction as depicted in FIG. 4A involves enforcing a security policy over an asset that requires user cooperation, such as login controls. Authentication is a vital element of any security model, and most real-world cyber systems rely on passwords. A common threat to any security system is a brute-force attack, which attempts to discover a user's password by trying different combinations. Humans are the weakest link in security; thus, password protection policies and tools need to consider user behavior when designing these policies. The game starts with the defender (security professional) deciding whether to request policy compliance based on a risk analysis process. The user then chooses to comply or not with the security policy.
[0051] In FIG. 4A, the directed graph represents the game players: (i) Defender and (ii) Users of the system and their plans. A few of the cases are illustrated below. Pi represents the probability of plan selection from action space and the action/reaction. The big nodes represent the players and the small nodes represent the end nodes of the branch.
[0052] In the game, several scenarios are possible, such as Case 1: defender does not request policy compliance (path: D-a). If the defender does not request compliance, the user gets access to the resource without hindrance. Case 2: If the defender requests policy compliance and the user comply with the security policy (path: D-U-b). If the defender requests the policy compliance (path: D-U-b) and the user complies with it, the vulnerability is reduced and also the probability of threat. Case 3: If the user does not comply with the security policy (path: D-U-D). If the defender request for security compliance and the user does not comply then the defender has three choices: (i) Revoke access (path: D-U-D-c) (ii) Allow to continue with warning (path: D-U-D-d) (iii) Limit functionality (path: D-U-D-e). The user-defender game also highlights the role of the human factor in designing and developing cybersecurity policies for ITS.
[0053] The attacker always targets the system used by the user, employing various tactics such as social engineering, interception, modification, or malware. The user attempts to defend against these attacks but often lacks complete information about the attacker’s plans, making them vulnerable. The interaction between the user and the attacker is a Bayesian game, where both players have incomplete information about each other's plans and payoffs but hold beliefs based on a probability distribution. Consider a social engineering attack: Attacker A executes a social engineering attack on User S. User S can respond in several ways: by ignoring the attack, reporting it as malicious, providing genuine information, or supplying false information to deceive the attacker. In this scenario, let A represent the attacker. Let S be a set of n players (users of the system), {S1, S2,…, Sn}. For each player Si, a finite, nonempty set Ui is the action space for Si. Each Ui Î Ui is referred to as an action space of Si. Each βi Î β referred to as an action space of A. For each player Si, a function, L: U1 X β → R È {∞} is called the cost function for Si. The cost function L depends on Ui Î Ui and βi Î β. The game reaches a state of Nash equilibrium when the user can defend the system. FIG. 4B graphically represents the User-Attacker game. The game players have different plans to maximize their payoff. A few of the cases are illustrated below. Pi represents the probability of plan selection from action space and the action/reaction. The system is safe as long as the attacker chooses path A-a. If the attacker chooses to attack the user (path: A-U), the user of the system has four plans to play (path: U-b, U-c, U-Ah- U-Ai). Depending upon the intensity of the threat, the user may choose to ignore (path: U-b) or Report (path: U-c). If the user chooses to respond to the threat vector, the user system may be either exploited by the attacker (path: Ah-e) or not exploited by the attacker (path: Ai-f). If the user of the system can choose to cheat (path: U-Ai) the attacker or chooses not to exploit the user (path Ai-f) or compromise the user’s systems (path: Ai-g) as plans of action space. The user-attacker game highlights the human dimension aspects of cyber threats associated with the intelligent transportation unit 108. The output of the user-attacker game acts as input for designing security policies in the intelligent transportation unit 108.
[0054] When an attacker targets a transport system and compromises its resources, the defenders incur costs to protect and recover the system. In FIG. 4C, the interaction between the defender and the attacker is represented as a stochastic game. Defenders use various controls and sensors, such as antivirus software and intrusion detection systems, to detect attacks. However, due to system limitations, attackers can still compromise the system. When an attack occurs, the defender must decide how to respond and counteract. Given that the system may not be entirely secure and some information loss is possible, the defender estimates the potential attack plans and formulates corresponding protective plans. The game unfolds as a sequence of states. In each state, players take actions and receive payoffs based on the previous states of the game, and then the game transitions to the next state. In the new state, players make decisions based on the actions taken in the previous states.
[0055] In FIG. 4C, the game is designed as a stochastic game with N players and consists of the following elements: Let X be a state space (which is to be finite for the moment). For each player i and state x, a set Ai(x) of actions is available to player i in state x. For each player i, state x, and action vector a ∈ ∏i Ai(x), a stage payoff Qi(a; x) that depends on the state and the actions of the other players For each state x and action vector a ∈ ∏i Ai(x), a transition probability P(x ′ |x, a) that is a distribution on the state space X. A discount factor δ, 0 < δ < 1. An initial state x0. The game reaches a state of Markov equilibrium when the attacker carries an attack but the defender can defend it and his plan does not lead to compromise the system. In the defender-attacker, the attacker uses different plans to compromise the systems and the defender has his/her plans to combat the threat vector. The defender has a plan to apply a security policy (path: D-Aa) or not apply a security policy (path: D-Ab). If the defender chooses not to apply any security policy, there are fairly high chances (Pi=0.7) of the attacker attacking the system (path: D-A-D). Depending upon the type of the attack, the defender has the following different plans (path: D-A-D-b, D-A-D-A-c, D-A-D-A-D, D-A-D-A-D, D-A-D-A-f, D-A-D-A-g) to choose from. Even though the defender enforces a security framework, there still exists a high probability (Pi=0.7) of attacking the system.
[0056] FIGS. 5A-5C illustrates different types of cyber-attacks on an intelligent transportation unit 108 according to some embodiments herein. The different types of cyber-attacks on an intelligent transportation unit 108 include (i) Sybil attack (ii) DDos attack (iii) Blackhole attack (iv) Wormhole attack on ITS (v) False information Attack.
[0057] FIG. 5A illustrates a Sybil attack. Sybil is a type of network attack with each vehicle in the intelligent transportation unit 108 behaving as a dynamic node. In this attack, one vehicle assumes more than one identity, due to which it becomes very difficult for other vehicles to authenticate the origin of data.
[0058] FIG. 5B illustrates a DDos Attack. In this attack, the attacker sends multiple requests to the intelligent transportation unit 108 that it is designed to handle. This causes the intelligent transportation unit 108 to crash and become unavailable. The attacker thus interrupts the vehicles and gains control over them.
[0059] FIG. 5C illustrates a Blackhole attack. In this attack, the attacker manipulates and gains control over the routing data, resulting in communication loss in the network. Due to this, the vehicles in ITS do not receive crucial roadway information.
[0060] FIG. 5D illustrates a Wormhole attack. This occurs when the attacker compromises the nodes/vehicles/devices and routes multiple routing requests through these compromised routes. The attacker through the wormhole attack can get the network/traffic information. In false information attacks, the cyber attackers broadcast fake information and location data thereby misleading the safety-related applications or systems that rely on accurate vehicle location data for example, false road conditions, and traffic conditions forcing the drivers to change/alter their path.
[0017] FIG. 6 is a schematic diagram of a system in accordance with the embodiments herein. A representative hardware environment for practicing the embodiments herein is depicted in FIG. 6, with reference to FIGS. 1 through 5A-5C. This schematic drawing illustrates a hardware configuration of a system 100/a server 112/computer system/computing device in accordance with the embodiments herein. The system includes at least one processing device CPU 10 that may be interconnected via system bus 14 to various devices such as a random-access memory (RAM) 12, read-only memory (ROM) 16, and an input/output (I/O) adapter 18. The I/O adapter 18 can connect to peripheral devices, such as disk units 38 and program storage devices 40 that are readable by the system. The system can read the inventive instructions on the program storage devices 40 and follow these instructions to execute the methodology of the embodiments herein. The system further includes a subject interface adapter 22 that connects a keyboard 28, mouse 30, speaker 32, microphone 34, and/or other subject interface devices such as a touch screen device (not shown) to the bus 14 to gather subject input. Additionally, a communication adapter 20 connects the bus 14 to a data processing network 42, and a display adapter 24 connects the bus 14 to a display device 26, which provides a graphical subject interface (GUI) 36 of the output data in accordance with the embodiments herein, or which may be embodied as an output device such as a monitor, printer, or transmitter, for example.
[0018] The foregoing description of the specific embodiments will so fully reveal the general nature of the embodiments herein that others can, by applying current knowledge, readily modify and/or adapt for various applications such specific embodiments without departing from the generic concept, and, therefore, such adaptations and modifications should and are intended to be comprehended within the meaning and range of equivalents of the disclosed embodiments. It is to be understood that the phraseology or terminology employed herein is for the purpose of description and not of limitation. Therefore, while the embodiments herein have been described in terms of preferred embodiments, those skilled in the art will recognize that the embodiments herein can be practiced with modification within the spirit and scope.
, Claims:I/We claim:
1. A system (100) for implementing security of an intelligent transportation unit (108) against a plurality of security attacks using artificial intelligence, the system (100) comprising:
a sensor module (102) configured to capture spatial-temporal data of a vehicle (110), wherein the sensor module (102) comprises at least one of Radio Frequency Identification (RFID) sensors (104) and cameras (106);
an intelligent transportation unit (108) associated with a user configured to capture a registration number of the vehicle (110), and user data associated with the user;
a server (112) is configured to receive (i) the registration number of the vehicle (110) and the user data associated with the user from the intelligent transportation unit (108), and (ii) the spatial-temporal data of the vehicle (110) from the sensor module (102), wherein the server (112) comprises
a memory (114);
a processor (116) in communication with the memory (114), wherein the processor (116) is configured to:
authenticate, using a cooperative model, the user by matching an input data with a unique identifier (ID) of the user, the registration number of the vehicle (110);
receive, from the user, a start location and a destination location of the vehicle (110) upon authentication of the user;
compare a real-time location of the vehicle (110) with a pre-defined route between the start location and the destination location of the vehicle (110), wherein the real-time location of the vehicle (110) is determined by analyzing the spatial-temporal data of the vehicle (110) received from the sensor module (102);
detect, using a Bayesian model associated with the artificial intelligence, a plurality of security attacks and a plurality of plans computed against the plurality of security attacks to the user if a deviation is determined from the pre-defined route, wherein the Bayesian model determines the deviation based on a probability of selection of the plurality of plans selected by the user to respond to the plurality of security attacks from an action space as an action or a reaction; and
implement a security of the intelligent transportation unit (108) against the plurality of security attacks using the artificial intelligence by implementing, a stochastic model associated with the artificial intelligence, a protective plan that is evaluated an intensity of the plurality of security attacks, wherein the stochastic model estimates the intensity of the plurality of security attacks by analyzing a plurality of attack plans of an attacker and a plurality of protective plan against the plurality of attack plans.

2. The system (100) as claimed in claim 1, wherein the processor (116) is configured to store the user data comprising a mobile number, an email ID, and a one-time password in a database, wherein the server (112) is configured to assign the unique identifier to the user upon successful registration on the intelligent transportation unit (108).

3. The system (100) as claimed in claim 1, wherein the processor (116) is configured to implement a cooperative model to compare the input data comprising at least one of a mobile number of the user, a vehicle number, with the unique identifier of the user assigned based on the registration number of the vehicle (110), wherein the processor (116) is configured to prompt the user to re-register on the intelligent transportation unit (108) to obtain a new unique identifier upon a failed authentication.

4. The system (100) as claimed in claim 1, wherein the processor (116) is configured to alert an owner of the vehicle (110) via at least one of a short message service (SMS) message or an email about a deviation from the pre-defined route in between the start location and the destination location of the vehicle (110), wherein the processor (116) is configured to compare the pre-defined route against the real-time location of the vehicle (110) that is determined from the spatial-temporal data captured by the sensor module (102).

5. The system (100) as claimed in claim 1, wherein the RFID sensors (104) associated with the sensor module (102) are installed at a plurality of locations in a transport network associated with the intelligent transportation unit (108) to capture the spatio-temporal data of the vehicle (110).

6. The system (100) as claimed in claim 1, wherein when the attacker implements the plurality of security attacks, then the processor (116) is configured to suggest the user for applying the plurality of protective plans, wherein the plurality of protective plans comprises at least one of (i) the user ignores an attack intimation, (ii) the user reports unexpected deviations to a defender and not responds to the attacker, (iii) the user responds to a threat vector and accepts a revised path, (iv) the user system is exploited, (iv) if the user chooses to cheat the attacker and not fall prey to any of the plurality of attack plans of the attacker, then the deviation in the pre-defined route is detected using the Bayesian model based on the plurality of security attacks and the plurality of plans available against the plurality of security attacks to the user.

7. The system (100) as claimed in claim 1, wherein the stochastic model represents the protective plan as a sequence of states, wherein in each state, the defender takes protective actions and the attacker responds, wherein the attacker's response in each state acts as an input for defender's actions in next state to combat the attack, wherein the defender can combat the attack and secure the system (100) when a state of Markov Equilibrium is reached.

8. A method for implementing security of an intelligent transportation unit (108) against a plurality of security attacks using artificial intelligence, the method comprising:
capturing, using a sensor module (102) of a system (100), a spatial-temporal data of a vehicle (110), wherein the sensor module (102) comprises at least one of Radio Frequency Identification (RFID) sensors (104) and cameras (106);
capturing, using an intelligent transportation unit (108) associated with a user, a registration number of the vehicle (110), and user data associated with the user;
receiving, using a server (112) of the system (100), (i) the registration number of the vehicle (110) and the user data associated with the user from the intelligent transportation unit (108), and (ii) the spatial-temporal data of the vehicle (110) from the sensor module (102), wherein the server (112) comprises a processor (116);
authenticating, using the processor (116), the user by matching an input data with a unique identifier of the user, the registration number of the vehicle (110) using a cooperative model;
receiving, using the processor (116), from the user, a start location and a destination location of the vehicle (110) upon successful authentication of the user;
comparing, using the processor (116), a real-time location of the vehicle (110) with a pre-defined route between the start location and the destination location of the vehicle (110), wherein the real-time location of the vehicle (110) is determined by analyzing the spatial-temporal data of the vehicle (110) received from the sensor module (102);
detecting, using the processor (116) and using a Bayesian model associated with the artificial intelligence, a plurality of security attacks and a plurality of plans computed against the plurality of security attacks to the user if a deviation is determined from the pre-defined route, wherein the Bayesian model determines the deviation based on a probability of selection of the plurality of plans selected by the user to respond to the plurality of security attacks from an action space as an action or a reaction; and
implementing, using the processor (116), a security of the intelligent transportation unit (108) against the plurality of security attacks using the artificial intelligence, by implementing a stochastic model associated with the artificial intelligence, a protective plan that is evaluated an intensity of the plurality of security attacks, wherein the stochastic model estimates the intensity of the plurality of security attacks by analyzing a plurality of attack plans of an attacker and a plurality of protective plans against the plurality of attack plans.

9. The method as claimed in claim 8, wherein the method comprises storing the user data comprising a mobile number, an email ID, and a one-time password in a database, wherein the method assigns the unique identifier to the user upon successful registration on the intelligent transportation unit (108).

10. The method as claimed in claim 8, wherein the method comprises implementing a cooperative model to compare the input data comprising at least one of a mobile number of the user, a vehicle number, with the unique identifier of the user assigned based on the registration number of the vehicle (110), wherein the method prompts the user/vehicle driver to re-register on the intelligent transportation unit (108) to obtain a new unique identifier upon a failed authentication.

Dated this Oct 9th, 2024

Arjun Karthik Bala
(IN/PA 1021)
Agent for Applicant