AI-driven proactive security defense in distributed iov systems: Cyber threat intelligence modeling for connected autonomous vehicles

Cybersecurity has emerged as a critical challenge in the Internet of Vehicles ecosystem, especially for connected and autonomous vehicles (CAVs). Cyber threat intelligence (CTI), as the collection of cyber threat information, offers an ideal way for responding to emerging cyber threats and realizing proactive security defense for CAVs. However, instant analysis and modeling of vehicle cybersecurity data pose fundamental challenges due to its complexity and specialized context. In this paper, we suggest an automotive CTI modeling framework, Actim, to extract and analyse the interrelated relationships among cyber threat elements using artificial intelligence technologies. Specifically, we first design a vehicle security-safety conceptual ontology model to depict various threat entity classes and their relationships. Then, we propose an automotive CTI mining model based on cross-sentence context to effectively extract cyber threat entities and their relations. Finally, we develop the first automobile CTI corpus based on real cybersecurity data, and conduct both comparative and ablation experiments. Experimental results show that the BERT-DocHiatt-BiLSTM-LSTM method achieves a precision of 53.9%, representing a 6.51% improvement over existing mainstream models. Moreover, the proposed method provides a good trade-off between runtime and memory consumption. We also define entity-relation matching rules and create a CTI knowledge graph that structurally fuses various elements of cyber threats. The Actim framework enables mining the intrinsic connections among threat entities, thereby providing valuable insight on the evolving cyber threat landscape.