Journal article 343 views 100 downloads
WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach
Suraj Harsha Kamtam 
,
Qian Lu ,
Abdur Rakib ,
Muhamad Azfar Ramli ,
Rakhi Manohar Mepparambath ,
Siraj Shaikh ,
Hoang Nguyen
,
Qian Lu ,
Abdur Rakib ,
Muhamad Azfar Ramli ,
Rakhi Manohar Mepparambath ,
Siraj Shaikh ,
Hoang Nguyen
Computers & Security, Volume: 157, Start page: 104549
Swansea University Authors:
Siraj Shaikh , Hoang Nguyen
-
PDF | Version of Record
© 2025 The Authors. This is an open access article under the CC BY license.
Download (3.4MB)
DOI (Published version): 10.1016/j.cose.2025.104549
Abstract
The Road Vehicles Cybersecurity Engineering Standard, ISO/SAE 21434, provides a framework for road vehicle Threat Analysis and Risk Assessment (TARA). The TARA framework must include Connected Vehicles (CVs) and their connectivity with external interfaces. However, assessing cyber-attack feasibility...
| Published in: | Computers & Security |
|---|---|
| ISSN: | 0167-4048 1872-6208 |
| Published: |
Elsevier BV
2025
|
| Online Access: |
Check full text
|
| URI: | https://cronfa.swan.ac.uk/Record/cronfa69751 |
| first_indexed |
2025-06-17T10:25:21Z |
|---|---|
| last_indexed |
2025-07-22T05:03:57Z |
| id |
cronfa69751 |
| recordtype |
SURis |
| fullrecord |
<?xml version="1.0"?><rfc1807><datestamp>2025-07-21T12:00:07.2785027</datestamp><bib-version>v2</bib-version><id>69751</id><entry>2025-06-17</entry><title>WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach</title><swanseaauthors><author><sid>50117e8faac2d0937989e14847105704</sid><ORCID>0000-0002-0726-3319</ORCID><firstname>Siraj</firstname><surname>Shaikh</surname><name>Siraj Shaikh</name><active>true</active><ethesisStudent>false</ethesisStudent></author><author><sid>cb24d5c5080534dc5b5e3390f24dd422</sid><ORCID>0000-0003-0260-1697</ORCID><firstname>Hoang</firstname><surname>Nguyen</surname><name>Hoang Nguyen</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2025-06-17</date><deptcode>MACS</deptcode><abstract>The Road Vehicles Cybersecurity Engineering Standard, ISO/SAE 21434, provides a framework for road vehicle Threat Analysis and Risk Assessment (TARA). The TARA framework must include Connected Vehicles (CVs) and their connectivity with external interfaces. However, assessing cyber-attack feasibility on CVs is a significant challenge, as traditionally, qualitative and subjective expert opinions are the norm. Additionally, there is a need for historical data on security-related incidents and dynamically evolving interconnected vehicle-to-everything (V2X) entities for feasibility assessment, which is not readily available. To address this problem, this paper presents, to the best of our knowledge, the first simulation-based TARA framework designed to characterise, quantify, and assess the Window of Opportunity (WO) for attackers—a metric that indicates the likelihood of an attack. A case study involving Bluetooth, with one attacker and one target, is modelled to demonstrate the proposed framework WOLVES’s applicability. Two scenarios have been investigated using different motorway roads in the UK. The primary outcome is the WOLVES framework, which employs a data-driven approach using both prior and likelihood information to estimate the probability of a successful cyber attack on a given technology in CVs. The findings from this research could assist threat analysts, decision-makers, and planners involved in CV risk assessment by enhancing the modelling of attack feasibility for cybersecurity threats in dynamic scenarios and developing appropriate mitigation strategies.</abstract><type>Journal Article</type><journal>Computers &amp; Security</journal><volume>157</volume><journalNumber/><paginationStart>104549</paginationStart><paginationEnd/><publisher>Elsevier BV</publisher><placeOfPublication/><isbnPrint/><isbnElectronic/><issnPrint>0167-4048</issnPrint><issnElectronic>1872-6208</issnElectronic><keywords>Bluetooth communication; Attack feasibility assessment; Dynamic threat assessment; Vehicular Network Simulations; Window of Opportunity; Automotive cybersecurity</keywords><publishedDay>1</publishedDay><publishedMonth>10</publishedMonth><publishedYear>2025</publishedYear><publishedDate>2025-10-01</publishedDate><doi>10.1016/j.cose.2025.104549</doi><url/><notes/><college>COLLEGE NANME</college><department>Mathematics and Computer Science School</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>MACS</DepartmentCode><institution>Swansea University</institution><apcterm>Another institution paid the OA fee</apcterm><funders>This work was supported by Coventry University and the A*STAR Research Attachment Programme (ARAP) .</funders><projectreference/><lastEdited>2025-07-21T12:00:07.2785027</lastEdited><Created>2025-06-17T11:21:47.2798800</Created><path><level id="1">Faculty of Science and Engineering</level><level id="2">School of Mathematics and Computer Science - Computer Science</level></path><authors><author><firstname>Suraj Harsha</firstname><surname>Kamtam</surname><orcid>0000-0003-4687-796x</orcid><order>1</order></author><author><firstname>Qian</firstname><surname>Lu</surname><orcid>0000-0001-8235-853x</orcid><order>2</order></author><author><firstname>Abdur</firstname><surname>Rakib</surname><orcid>0000-0001-5430-450x</orcid><order>3</order></author><author><firstname>Muhamad Azfar</firstname><surname>Ramli</surname><orcid>0000-0002-6321-0828</orcid><order>4</order></author><author><firstname>Rakhi Manohar</firstname><surname>Mepparambath</surname><orcid>0000-0003-3308-7838</orcid><order>5</order></author><author><firstname>Siraj</firstname><surname>Shaikh</surname><orcid>0000-0002-0726-3319</orcid><order>6</order></author><author><firstname>Hoang</firstname><surname>Nguyen</surname><orcid>0000-0003-0260-1697</orcid><order>7</order></author></authors><documents><document><filename>69751__34803__fc97ebb4d7d04d5ba49ac148b0b3a8fb.pdf</filename><originalFilename>69751.VoR.pdf</originalFilename><uploaded>2025-07-21T11:56:51.4300246</uploaded><type>Output</type><contentLength>3569992</contentLength><contentType>application/pdf</contentType><version>Version of Record</version><cronfaStatus>true</cronfaStatus><documentNotes>© 2025 The Authors. This is an open access article under the CC BY license.</documentNotes><copyrightCorrect>true</copyrightCorrect><language>eng</language><licence>http://creativecommons.org/licenses/by/4.0/</licence></document></documents><OutputDurs/></rfc1807> |
| spelling |
2025-07-21T12:00:07.2785027 v2 69751 2025-06-17 WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach 50117e8faac2d0937989e14847105704 0000-0002-0726-3319 Siraj Shaikh Siraj Shaikh true false cb24d5c5080534dc5b5e3390f24dd422 0000-0003-0260-1697 Hoang Nguyen Hoang Nguyen true false 2025-06-17 MACS The Road Vehicles Cybersecurity Engineering Standard, ISO/SAE 21434, provides a framework for road vehicle Threat Analysis and Risk Assessment (TARA). The TARA framework must include Connected Vehicles (CVs) and their connectivity with external interfaces. However, assessing cyber-attack feasibility on CVs is a significant challenge, as traditionally, qualitative and subjective expert opinions are the norm. Additionally, there is a need for historical data on security-related incidents and dynamically evolving interconnected vehicle-to-everything (V2X) entities for feasibility assessment, which is not readily available. To address this problem, this paper presents, to the best of our knowledge, the first simulation-based TARA framework designed to characterise, quantify, and assess the Window of Opportunity (WO) for attackers—a metric that indicates the likelihood of an attack. A case study involving Bluetooth, with one attacker and one target, is modelled to demonstrate the proposed framework WOLVES’s applicability. Two scenarios have been investigated using different motorway roads in the UK. The primary outcome is the WOLVES framework, which employs a data-driven approach using both prior and likelihood information to estimate the probability of a successful cyber attack on a given technology in CVs. The findings from this research could assist threat analysts, decision-makers, and planners involved in CV risk assessment by enhancing the modelling of attack feasibility for cybersecurity threats in dynamic scenarios and developing appropriate mitigation strategies. Journal Article Computers & Security 157 104549 Elsevier BV 0167-4048 1872-6208 Bluetooth communication; Attack feasibility assessment; Dynamic threat assessment; Vehicular Network Simulations; Window of Opportunity; Automotive cybersecurity 1 10 2025 2025-10-01 10.1016/j.cose.2025.104549 COLLEGE NANME Mathematics and Computer Science School COLLEGE CODE MACS Swansea University Another institution paid the OA fee This work was supported by Coventry University and the A*STAR Research Attachment Programme (ARAP) . 2025-07-21T12:00:07.2785027 2025-06-17T11:21:47.2798800 Faculty of Science and Engineering School of Mathematics and Computer Science - Computer Science Suraj Harsha Kamtam 0000-0003-4687-796x 1 Qian Lu 0000-0001-8235-853x 2 Abdur Rakib 0000-0001-5430-450x 3 Muhamad Azfar Ramli 0000-0002-6321-0828 4 Rakhi Manohar Mepparambath 0000-0003-3308-7838 5 Siraj Shaikh 0000-0002-0726-3319 6 Hoang Nguyen 0000-0003-0260-1697 7 69751__34803__fc97ebb4d7d04d5ba49ac148b0b3a8fb.pdf 69751.VoR.pdf 2025-07-21T11:56:51.4300246 Output 3569992 application/pdf Version of Record true © 2025 The Authors. This is an open access article under the CC BY license. true eng http://creativecommons.org/licenses/by/4.0/ |
| title |
WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach |
| spellingShingle |
WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach Siraj Shaikh Hoang Nguyen |
| title_short |
WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach |
| title_full |
WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach |
| title_fullStr |
WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach |
| title_full_unstemmed |
WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach |
| title_sort |
WOLVES: Window of Opportunity attack feasibility likelihood value estimation through a simulation-based approach |
| author_id_str_mv |
50117e8faac2d0937989e14847105704 cb24d5c5080534dc5b5e3390f24dd422 |
| author_id_fullname_str_mv |
50117e8faac2d0937989e14847105704_***_Siraj Shaikh cb24d5c5080534dc5b5e3390f24dd422_***_Hoang Nguyen |
| author |
Siraj Shaikh Hoang Nguyen |
| author2 |
Suraj Harsha Kamtam Qian Lu Abdur Rakib Muhamad Azfar Ramli Rakhi Manohar Mepparambath Siraj Shaikh Hoang Nguyen |
| format |
Journal article |
| container_title |
Computers & Security |
| container_volume |
157 |
| container_start_page |
104549 |
| publishDate |
2025 |
| institution |
Swansea University |
| issn |
0167-4048 1872-6208 |
| doi_str_mv |
10.1016/j.cose.2025.104549 |
| publisher |
Elsevier BV |
| college_str |
Faculty of Science and Engineering |
| hierarchytype |
|
| hierarchy_top_id |
facultyofscienceandengineering |
| hierarchy_top_title |
Faculty of Science and Engineering |
| hierarchy_parent_id |
facultyofscienceandengineering |
| hierarchy_parent_title |
Faculty of Science and Engineering |
| department_str |
School of Mathematics and Computer Science - Computer Science{{{_:::_}}}Faculty of Science and Engineering{{{_:::_}}}School of Mathematics and Computer Science - Computer Science |
| document_store_str |
1 |
| active_str |
0 |
| description |
The Road Vehicles Cybersecurity Engineering Standard, ISO/SAE 21434, provides a framework for road vehicle Threat Analysis and Risk Assessment (TARA). The TARA framework must include Connected Vehicles (CVs) and their connectivity with external interfaces. However, assessing cyber-attack feasibility on CVs is a significant challenge, as traditionally, qualitative and subjective expert opinions are the norm. Additionally, there is a need for historical data on security-related incidents and dynamically evolving interconnected vehicle-to-everything (V2X) entities for feasibility assessment, which is not readily available. To address this problem, this paper presents, to the best of our knowledge, the first simulation-based TARA framework designed to characterise, quantify, and assess the Window of Opportunity (WO) for attackers—a metric that indicates the likelihood of an attack. A case study involving Bluetooth, with one attacker and one target, is modelled to demonstrate the proposed framework WOLVES’s applicability. Two scenarios have been investigated using different motorway roads in the UK. The primary outcome is the WOLVES framework, which employs a data-driven approach using both prior and likelihood information to estimate the probability of a successful cyber attack on a given technology in CVs. The findings from this research could assist threat analysts, decision-makers, and planners involved in CV risk assessment by enhancing the modelling of attack feasibility for cybersecurity threats in dynamic scenarios and developing appropriate mitigation strategies. |
| published_date |
2025-10-01T05:28:59Z |
| _version_ |
1851097916008038400 |
| score |
11.089386 |