Autonomous Vehicle Security: Hybrid Threat Modeling Approach

Autonomous vehicles (AVs) are poised to revolutionize modern transportation, offering enhanced safety, efficiency, and convenience. However, AV architectures' increasing connectivity and complexity have introduced significant cybersecurity risks. This survey provides a comprehensive review of AV security challenges, focusing on widely adopted threat modeling frameworks such as STRIDE, DREAD, andMITRE ATT&CK. By examining common attack vectors and real-world case studies, including the Jeep Cherokee and Tesla Model S exploits, we highlight the urgent need for robust cybersecurity in in-vehicle systems and external interfaces. To complement existing modeling practices, we introduce Hybrid-SCDM, a novel framework that combines STRIDE-based threat classification with CVSS-derived DREAD scoring. This model transforms qualitative threat identification into quantitative risk prioritization by mapping CVSS metrics to DREAD dimensions through normalization. Applied to a generic multi-layered AV architecture, our findings show that intra-vehicle networks, especially CAN bus spoofing and fuzzing attacks, and suspension attacks, represent the most critical vulnerabilities due to their high exploitability and systemic impact. Beyond technical modeling, the survey explores emerging defense mechanisms such as blockchain-enabled Vehicle-to-Everything (V2X) communication, AI-driven anomaly detection, and secure Over-The-Air (OTA) updates. We also examine legal and ethical considerations surrounding data privacy, user safety, and regulatory compliance. By integrating analytical modeling with broad system insights, this work provides actionable recommendations for advancing the cybersecurity posture of autonomous vehicles.