Using honeypots as an additional layer of security against cyber threats in autonomous vehicles' infrastructure

Author: Athanasios Papadakis / Edited by Kristina Livitckaia

The autonomous vehicle (AV) ecosystem creates a rapidly emerging domain of advanced research, entrepreneurship, and innovation. Autonomous vehicles range from individual cars to taxis and shuttles and facilitate massive public autonomous transport services development. With the fact that our society is becoming more technology-dependent, cybersecurity awareness is growing and improving rapidly.

In everyday life, either as an individual or as a company, there are almost equal chances to be targeted by a cyberattack, which attempts to gain illegal access to a computer system causing damage or harm. To the literal meaning of "damage and harm," Lyons Marty described a concept regarding data leakage, loss of ability to control the system, increased energy consumption, and financial blockage, among other crucial parameters of everyday transactions.

The defensive responses against cyberattacks are cybersecurity and security principles that everyone should follow to be protected to the extent possible. In the transportation domain and especially AV-related activities, the security requirements are of supreme importance since human safety can be at stake on several occasions. Many transport and automotive companies and related stakeholders continuously employ security design principles and improvements to strengthen their systems and adequately support existing infrastructure.

Honeypots can act as an additional layer of defense against malicious actions in any given infrastructure, including autonomous vehicles. Honeypots mimic the behavior of a selected component from an autonomous vehicle to attract the attackers to exploit it. 

Honeypots and honeyfarm inside the autonomous vehicle

A proper approach to deploying honeypots inside an autonomous vehicle is, first, to accurately identify the current architecture. Then, decide which components are more valuable based on the operational value they provide. The next step is to create a honeypot for each component by simulating a real operation without exposing any security information that can be used to compromise the vehicle. Honeypots need to be configured to the network topology of the overall architecture but do not require the same hardware resources as the physical implementation. Virtual honeypots can be hosted and deployed on one or more physical machines if their hardware requirements are insufficient.

A honeyfarm is a combination of honeypots. To employ the honeyfarm, additional vulnerabilities should be added within each honeypot. This will provoke the attackers to expose their tools and mechanisms towards exploitation of these vulnerabilities. 

Figure 1. The appearance of the honeyfarm to the attacker*

Solutions up to date

Any traffic in the network initiated by honeypots means that the system most likely has been compromised, and the attackers make changes or even outbound connections. For that reason, the honeyfarm's network should be thoroughly monitored and analyzed by SIEM software that combines security information management (SIM) and security event management (SEM), providing real-time analysis of security alerts. When properly configured and adapted to the system's needs, SIEM can give an additional layer of security. Considering that human rights and might be even lives are at stake, more security measures should be applied to increase the system's resistance to the attack.

Extensive utilization of the stated in-vehicle monitoring approaches is expected to be part of future cyber-defense mechanisms of AV ecosystems as security measures towards out-of-the-vehicle networks to create a holistic cyber-defense solution. The nIoVe Project (A Novel Adaptive Cybersecurity Framework for the Internet-of-Vehicles), Supported by the European Union's Horizon 2020 Research and Innovation Programme under Grant Agreement No. 833742, attempts at such a solution. The results of the nIoVe are published as the development of the project matures.

* Figure source:

By accepting you will be accessing a service provided by a third-party external to