Enhancing Intrusion Detection in Autonomous Vehicles Using Ontology-Driven Mitigation

Abstract

With the increasing complexity of Autonomous Vehicle networks, enhanced cyber security has become a critical challenge. Traditional security techniques often struggle to adapt dynamically to evolving threats. Overcoming these limitations, this paper presents a novel domain ontology to structure knowledge concerning AV security threats, intrusion characteristics, and corresponding mitigation techniques. Unlike previous work, which mainly focused on static classifications or direct integration within Intrusion Detection Systems, our approach has the distinctive feature of creating a formalized and coherent semantic representation. The ontology was designed using Protégé 4.3 and Web Ontology Language (OWL), modeled from the core cyber security concepts of AVs, and it provides a more nuanced threat classification and significantly superior automated reasoning capability. An important feature of our design is that the ontology formalization was done independently of any real-time IDS integration. A PoC was carried out to prove that the ontology could select the most appropriate method of mitigation, using as input the output of machine-learning-based IDS; SPARQL queries retrieve mitigation instance, type, and effectiveness. This design choice enables us to concentrate strictly on validating the foundational semantic coherence and reasoning power of the knowledge structure, hence providing a robust and reliable analytical framework for further reactive and predictive security applications. The experimental evaluation confirms enhanced effectiveness in knowledge organization and reduces inconsistencies in security threat analysis. Specifically, class classification was performed in 1.049 s, while consistency check required just 0.044 s, hence validating the model’s robustness against classification principles and concept inferences. This work thus paves the way for the development of more intelligent and adaptive security frameworks. In the future, research will be focused on the integration with real-time security monitoring and IDS frameworks and on the study of optimization techniques, such as genetic algorithms, to improve the real-time selection of the countermeasures.

1. Introduction

VANETs are a subset of MANETs and enable V2V and V2I communications. Software-controlled vehicles, with a built-in integration of the internet, are becoming increasingly prone to security attacks. The synchronization of vehicles with mobile devices, accessing real-time navigation and weather updates, and sharing of safety-critical information all take place. All these benefits also bring along the additional risk that a cyber attacker may exploit the vulnerabilities in order to hijack control systems, thereby endangering passenger safety or disrupting the road network. Many research works have been done in the field of intrusion detection so that the accuracy is improved and the false positives are reduced.

Authors of [1] propose a general taxonomy that includes four main categories for IDSs: fingerprinting, parameter monitoring, informational level, and machine learning. The work in [2] proposes VoltageIDS, a technique targeting bus and masquerade attacks. Another different approach, based on parameter monitoring, is proposed in [3], which reveals its weaknesses in the presence of periodic packets. Authors of [4] apply information theory in their approach: time intervals are analyzed in order to detect anomalies. Similarly, ref. [5] uses deep learning on GPS sensors to increase security in the data that is being captured. Despite their advances, traditional intrusion detection systems (IDS) remain limited; most IDSs rely either on static rules or machine learning models and lack a semantic understanding of the threat landscape.

Thus, although they can identify an ongoing attack, they have insufficient capability to effectively guide the selection of an appropriate response. Integration of an ontological approach overcomes these limitations by structuring and enriching intrusion data. Thanks to the interrelations expressed in the ontology, it will be possible to automatically reason about the nature of the attacks and correlate each intrusion with the most relevant mitigation strategy, with a view to enhancing the security of autonomous systems.

The paper presents a domain ontology for the analysis and enhancement of attack mitigations in AV security. We aim to design a structured, semantic representation that would allow us to reason automatically about intrusion types and countermeasures. Taking advantage of ontology-based knowledge representation, we try to achieve the following:

• Enhance the interpretability of detected intrusions through the formalization of relationships between threats and mitigation strategies.
• Enhance IDS decision making by providing a knowledge-driven framework to recommend appropriate countermeasures.

The main novelties and contributions that can be put forward about this work are summarized below. The proposed study designs an extensive ontology that formally models the relationships between AV threats, intrusion characteristics, and mitigation techniques, filling the semantic gap left by previous IDS-based studies [1,5]. Unlike prior works, the proposed ontology is decoupled from real-time IDS integration, allowing for a pure evaluation of its semantic coherence and reasoning before actual deployment. Furthermore, formal validation and verification of consistency have been carried out by using Protégé 4.3 and OWL reasoning tools, showing that the model is sound in class hierarchy and inheritance logic. Finally, this ontology serves as a foundation for selecting adaptive mitigation technique, and predictive security frameworks, paving the way for future integration with real-time IDSs and optimization algorithms.

This paper follows this structure: Section 2 reviews related work on ontologies in the context of autonomous vehicle (AV) security. Section 3 focuses on the classification of intrusions in AVs and the challenges specific to these systems. Section 4 outlines the security requirements for intrusion detection in AVs. Section 5 presents our proposed ontology-based methodology for mitigating cyber threats targeting AVs, and a proof of concept is presented. Section 6 discusses the results and implications of our approach. Finally, the Conclusion and Perspectives section summarizes our findings and proposes future research directions for improving AV security.

2. Related Work

In the context of the Semantic Web, ontology refers to a structured set of concepts within a specific domain of expertise [6]. There are typically two global units in the ontology. The first aspect pertains to terminology, which defines the characteristics of the components constituting the ontology domain. This is analogous to defining a class in object-oriented programming, where we specify the nature of the objects we will manipulate later. The second part of the ontology concerns the relationships between multiple instances of the classes described in the terminology. Within ontology, concepts define one another, enabling reasoning and knowledge manipulation [7].

In the past few years, some intrusion detection-based ontologies have been proposed. The author in [8] proposed an intrusion detection ontology for security that provides a set of primitives for the design units of the security domain to enable both formal system specifications and inter-SafeBot communication. In [9], a security solution for web services was proposed to maintain integrity and authentication, using a semantic matchmaker to compare security features of agents and services. Another ontology for wired network security attacks was provided by [10], concentrating on both threats and vulnerability profiles.

For vehicular systems, ontologies have been used to improve driver assistance and context-aware decision-making. In [11], an ontology integrated with the Intelligent Driver Assistance System (I-DAS) generates safety alert messages based on contextual inputs from the driver, vehicle, and external sensors. In [12], a multi-layer ontology models the transition from manual to automated vehicles, incorporating situation awareness parameters such as vehicle speed, location, and Quality of Service (QoS).

For traffic management and smart driving environments, Ref. [13] designed a four-layer ontology including sensors, data storage, ontology concepts, and agent actions to optimize driving processes. Ref. [14] proposed the OCM ontology for contextual modeling and reasoning, capturing physical scenes, road users, instrumented vehicle properties, and sensor functionality, emphasizing relationships between classes and their properties.

Other works [15,16] have explored ontologies for GIS, sensor annotation, semantic data integration, and real-time data access. In the security and anomaly detection domain, OADA [17,18] identifies anomalies in network traffic, while [19,20] propose ontology-based approaches for anomaly representation and semantic interoperability in IDS. KG-ID [21] uses a knowledge graph to analyze CAN frames and signal features for detecting attacks, and [22] introduces high-level ontological components for digital forensic investigations in autonomous vehicles.

While these studies provide valuable ontological models, most existing ontologies are closely tied to specific systems, sensors, or IDS implementations, limiting their generalizability. Few works offer formal validation of internal consistency or reasoning capability before deployment. Moreover, many focus exclusively on either security, driving assistance, or sensor data, but rarely integrate these aspects into a unified framework. Ref. [23] introduces the proposed DRL-based Federated Self-Supervised Learning framework, optimized for task offloading and resource allocation in the context of Vehicle Edge Computing, achieved via the SAC learning algorithm with the help of an offloading threshold. In [24], the author describes how, in the context of vehicle edge computing, the maintenance of the digital twin, as well as the processing of the tasks in the vehicles, require the same number of server resources. Most existing solutions did not consider the resource requirements for updating the DTs. The article introduces the reinforcement learning approach, TMTPRCS, for efficient resource allocation between the two tasks. The study proposes an architecture based on multi-agent systems to continuously monitor a Cloud of Things network and automatically respond to anomalies in order to guarantee service availability. This approach enables rapid fault detection and autonomous decision-making to maintain service continuity [25].

While these studies provide valuable ontological models for security, vehicular systems, and anomaly detection, a significant research gap remains in integrating these disparate domains into a truly functional security framework:

-

Lack of Mitigation-Centric Integration: Most existing ontologies focus exclusively on descriptive modeling of threats (e.g., [8,10]) or vehicular context (e.g., [11,14]). They lack the functional capability to seamlessly link a detected intrusion event to an appropriate, context-aware mitigation strategy using automated reasoning.

-

Absence of Formal Coherence Validation: Prior works often integrate ontologies into specific, existing systems (IDS, driver assistance), but they rarely provide a formal validation of the ontology’s internal semantic consistency and reasoning capability before deployment, which is critical for trustworthy, safety-related systems.

-

Limited: Existing models are often closely tied to specific sensor types, network topologies (e.g., CAN Bus in [21]), or simple detection primitives, limiting their generalizability to new threats and complex, layered attack scenarios in autonomous vehicles.

Therefore, a critical research gap exists in developing a formal, unified ontology that not only models the complex relationship between security threats and vehicle systems but also serves as an autonomous decision-making engine for countermeasure selection.

This work directly addresses this gap by presenting a novel ontology that formally integrates threat characteristics, intrusion impacts, and mitigation techniques within a single, logically consistent framework. Our core contribution is to demonstrate how semantic reasoning can be applied to automatically select the optimal, context-adjusted countermeasure for complex cyber-attacks in autonomous vehicles, providing a foundational security layer that prior IDS-focused or descriptive models have neglected.

3. Intrusion in Autonomous Vehicle: Classification and Challenges

Intrusion detection and mitigation in AVs should thus be underpinned by a comprehensive analysis of the many security threats and their potential impact on AV operations [26]. These intrusions result from various vulnerabilities within the multiplicity of software, hardware, and communication networks that provide a base for every connected entity. Differently stated, the exact origin of these threats should precisely define their classification, since an understanding of the former essentially directs the latter to appropriate mitigation strategies. Equipped with advanced detection techniques, adaptive defense mechanisms, and other solutions, an AV will be proactive in the handling of security breaches, fortifying its resilience against evolving cyber threats and cementing a pathway toward safer autonomous mobility.

To acquire a better understanding about how dangerous such attacks could prove to be, it is crucial to analyze these attacks on the basis of real-world data and risk estimation. Studies about vehicular-related cyber attacks have revealed a marked increase in attacks over time, including communication-layer attacks such as CAN Bus Injection and DoS attacks, which have invariably comprised over 50% of identified attacks because they are extremely easy to access and lack any intrinsic security mechanism to date, using protocols such as CAN Bus communication. Though interface attacks such as GPS Spoofing and Camera & LiDAR Spoofing prove less common, they prove to be extremely dangerous and possess a relatively high level of risk estimates. For example, the probability of successful attacks possessing a grave impact on human life and resulting in severe injuries is much higher in cases related to braking system override attacks and sensor spoofing attacks (Integrity/Availability attacks) than those involved with data egress attacks (Confidentiality attacks). The probability estimates concerning high-impact attacks include estimates about the product of Possibility of Occurrence (which is low to medium) and _Severity of Occurrence (which is extremely high, including a high level of overall probability related to risks).

3.1. Classification of Attack

Autonomous vehicles have a wide range of threats that can put their safety, reliability, and functionality at risk [27]. These attacks have been divided into two major groups in our research: interface-based, which relies on the vehicle’s communication channels, and methodology-based, which relies on manipulating its behavior. We will elaborate on these two kinds of attacks and their implications in the subsections to come.

3.1.1. Interface Based Attack

Surface-based attacks leverage the different layers of the autonomous vehicle, with each layer having its own vulnerability to certain types of attacks. These can be further divided into several subcategories:

• Attacks on the perception layer (sensor level): Sensors play a major role in the detection of the environment. For example, GPS spoofing involves injecting fake GPS signals to mislead the navigation system into addressing the wrong destination. LiDAR and camera spoofing involve manipulating the data collected by these sensors to create false objects or hide real obstacles, which disrupt the vehicle’s decision-making process [28]. Finally, adversarial attacks on AI modify the input data used by artificial intelligence models, which can mislead the vehicle and lead to incorrect driving decisions [29].
• Attacks on the communication layer: AVs constantly interact with other vehicles (V2V) and external infrastructures (V2I). Man-in-the-Middle (MitM) attacks intercept these communications, enabling attackers to modify or falsify them. On the other hand, Denial of Service (DoS/DDoS) attacks aim to saturate communication networks, disrupting essential services such as navigation, communication with other vehicles or security alerts [30]. On the other hand, false message injection is another potentially devastating attack, where falsified messages are sent into V2V or V2I channels, distorting coordination and decision-making between vehicles and the infrastructure.
• Attacks on the decision-making layer: AVs depend on artificial intelligence systems to make decisions in real-time. Data poisoning involves injecting malicious data into learning models, distorting vehicle behavior, and increasing the risk of erroneous decisions [31]. In addition, manipulation of reinforcement learning involves altering the rewards given to the AI system to influence its learning process, which disrupts the vehicle’s decisions and may lead it to adopt unsafe behavior.
• Attacks on the control layer: These attacks aim to directly modify the vehicle’s actions. Braking override prevents the vehicle from stopping, even in situations where stopping is necessary to avoid an accident [32]. Acceleration manipulation forces the vehicle to accelerate unexpectedly, compromising the safety of passengers and other road users.

3.1.2. Methodology-Based Attack

Methodology-based threats, this includes specific techniques that attackers use to penetrate autonomous vehicle systems. These types of threats fall into three broad categories:

• Cyber-attacks: these are attempts to intrude into a vehicle’s electronic systems, usually carried out remotely by malicious attackers [33]. One of the most common forms is the exploitation of vulnerabilities in vehicle systems via wireless connections. Using these exploits, attackers may assume control of vital vehicle systems, as happens in vehicle hacking incidents, particularly those concerning Tesla cars. Another form of cyber attack involves malware and ransom ware, which are used to infect vehicle systems. This is designed either to disable the vehicle or compromise sensitive data, thus forcing the attacker to demand a ransom to unlock access or deter the disclosure of private information [34]. Backdoors or logic bombs can also be introduced in their use upon software updates to the vehicles. The backdoor serves to establish remote access to the vehicle’s systems, while the logic bomb can be activated at a specific time to disrupt its operation.
• Physical attacks: The direct impact is on vehicle hardware parts, especially sensors and communication systems. For instance, the manipulation of sensors includes acts such as covering, blocking, or degrading, all of which impede correct perceptions by the vehicle of its environment [35]. This may lead to errors of judgment or failure of autonomous driving systems that could compromise vehicle safety.
• Social engineering attacks: also known as insider threats, these exploit the manipulation of individuals or loopholes in the supply chain to compromise a vehicle’s systems. Various phishing techniques and fraudulent software updates are commonly used to trick users or employees into installing malware in vehicle systems [36]. Many of these attacks come looking like genuine software updates but possess malicious content that would allow an attacker to take control of the system.

Figure 1 summarizes our classification:

3.2. Challenges Related to the Safety of Autonomous Vehicles

While the classification of attacks provides an understanding of the different threats faced by autonomous vehicles, it is equally important to analyze the challenges associated with guaranteeing their security. These challenges stem from vulnerabilities in the software, hardware, and communication layers, as well as external factors such as malicious actors and policy violations. The following section explores these challenges in detail.

3.2.1. Intrusions Due to System Vulnerabilities

Autonomous vehicles rely on an extensive set of sensors and computing units to process environmental data [37]. These components introduce vulnerabilities from multiple sources:

• Software-based vulnerabilities: Unpatched software, unsecured third-party applications, and malicious firmware updates can allow attackers to exploit the system.
• Communication vulnerabilities: AVs communicate via Vehicle-to-Everything (V2X) protocols, which are susceptible to eavesdropping, spoofing, and man-in-the-middle attacks.
• Hardware-based vulnerabilities: Malfunctioning electronic control units (ECUs), sensor failures, or unauthorized physical access can introduce security risks.

3.2.2. Intrusions Due to External Actors

AVs interact with both their environment and human operators [38]. Intrusions may arise from:

• Environmental factors: Sensor manipulation (e.g., LiDAR jamming), GPS spoofing, and adversarial road signs can mislead AV decision-making.
• Malicious drivers: Attackers inside nearby vehicles may inject false information into AV networks to mislead detection systems.

Several techniques have been implemented to detect the misbehavior of the vehicle during its interaction with its environment. In [39], a solution is proposed to detect the misbehavior of the vehicle and correct it with the necessary mechanism. Another solution is to define the normal behavior [40]; this technique is based on the reputation of the other nodes and permits the system to define a regular behavior in the vehicle itself. A misbehavior detection scheme was proposed in [41] to avoid false messages depending on the vehicle’s behavior; this method provides the system with a robust authentication mechanism to exclude any malicious.

3.2.3. Intrusions Due to Security Policy Violations

From a security perspective, intrusions often violate one or more CIA (Confidentiality, Integrity, and Availability) properties [42]:

• Confidentiality attacks: Data breaches exposing AV sensor or user data.
• Integrity attacks: Tampering with AV decision-making by injecting false control commands.
• Availability attacks: Denial-of-Service (DoS) or jamming attacks that disrupt communication.

Figure 2 presents the challenges faced by the autonomous vehicle:

4. Security Requirements for Intrusion Detection in Autonomous Vehicle

To mitigate the impact of cyber attacks on autonomous vehicles (AVs), stringent security measures must be implemented at all levels of the AV architecture. These measures guarantee the integrity, confidentiality, and availability of critical vehicle functions, while reducing the risk of intrusion [42]. Below are the essential security requirements for effective detection and mitigation of intrusions into AVs.

4.1. Authentication & Access Control

Authentication and access control mechanisms are essential to prevent unauthorized access to vehicle systems [42]. These measures ensure that only legitimate users and devices can interact with vehicle components.

• Multi-factor authentication (MFA): enhances security by requiring multiple authentication factors (e.g., passwords, biometrics, and security tokens) to access vehicle systems.
• Role-based access control (RBAC): implementation of strict authorization policies based on user roles (e.g., driver, manufacturer, service technician) to limit system access and minimize security risks.

4.2. Secure Communication

V2X data exchanged between autonomous vehicles and external entities must be kept confidential and intact to avoid unauthorized interception and manipulation.

• End-to-end encryption (E2EE): Encrypting all V2X communications with secure cryptographic protocols, as TLS/SSL will prevent eavesdropping and any kind of data tampering.
• Intrusion Prevention Systems (IPS): Implement security solutions to detect and block malicious network traffic in real time, reducing the risk of network-based attacks such as Man-in-the-Middle and Denial-of-Service.
• Blockchain for V2X security: This involves the use of decentralized authentication to verify the legitimacy of messages exchanged among vehicles, infrastructure, and cloud services, reducing the possibility of injecting fake messages.

4.3. AI-Based Intrusion Detection Systems (IDS)

Artificial intelligence (AI) has a significant role in the detection and mitigation of cyber threats in autonomous vehicles by analyzing patterns and identifying anomalies in vehicle behavior and network traffic [43].

• Anomaly-based detection: applying machine learning algorithms to detect deviations from the normal operation of network communications, sensor inputs, and system behaviors, hence identifying potential attacks in real time [44].
• Adversarial ML defense techniques: This is the implementation of robust AI models with resistance to adversarial attacks by improving training methods, using adversarial learning, and integrating model-checking techniques to improve resilience [45].

4.4. Secure Software & Hardware

Proper security of software and hardware components is the basis for safeguarding autonomous vehicles against cybersecurity attacks and unauthorized modifications [46].

• Secure booting and code signing: it implements cryptographic validation mechanisms that guarantee the execution of the software on vehicle components that are trusted and verified; prevents unauthorized firmware updates or injections of malware.
• Hardware Security Modules (HSM): The use of dedicated security chips for securely storing and managing keys prevents any unauthorized access to the encryption keys and thus protects the sensitive vehicle data.

4.5. Resilience & Recovery Mechanisms

Even with increased safety measures, autonomous vehicles must be designed to respond to cyber incidents with various safety mechanisms that will allow them to continue operating safely [47].

• Safety mechanisms: design autonomous systems to enter a safe operating mode if a cyber attack is detected, enabling the vehicle to stop or continue operating with minimal risk to passengers and the environment.
• Redundant systems: Integrate backup sensors, isolated control units, redundant communication networks to retain vital functionality during system failure or security breaches.

Table 1. Security requirements for intrusion detection in Autonomous vehicle.

Security Technique	Security Measure	Security Requirement
		Confidentiality	Integrity	Availability
Authentication & Access Control	Multi-factor authentication (MFA)	*	*	*
	Multi-factor authentication (MFA)	*	*	*
Secure Communication	End-to-end encryption (E2EE)	*	*
	Intrusion Prevention Systems (IPS)		*	*
	Blockchain for V2X security	*	*
AI-Based Intrusion Detection Systems (IDS)	Anomaly-based detection	*	*
	Adversarial ML defense techniques		*	*
Secure Software & Hardware	Secure booting and code signing	*	*
	Hardware Security Modules (HSM)	*	*
Resilience & Recovery Mechanisms	Safety mechanisms		*	*
	Redundant systems			*

* means that it keeps the security requirement mentioned in the table.

, summarizes the security requirements for intrusion detection in Autonomous vehicles:

5. Methodology and Proposed Ontology

5.1. Procedures for Ontology Creation

Intrusion detection is becoming a primary foundation in safeguarding autonomous vehicles against threats. The existing authentication and access control mechanisms cannot help outsmart such sophisticated attacks. However, the biggest challenges in implementing a credential-based security system lie in correctly identifying intrusions and determining what response is necessary to mitigate any detected threats. A promising approach is leveraging a semantic asset such as an ontology, which structures knowledge to enhance intrusion detection and response.

The ontology is divided into four primary stages:

• Planning: The problem is identified, and the tasks required to deal with it are outlined. It includes the detection of security threats on autonomous vehicles, the identification of mitigation techniques, the assessment of their impact, and structuring tasks by categorizing relevant elements, such as vehicle communication, attack types, and mitigation strategies. Besides that, this step will define actors and their attributes, mapping their interactions within the system.
• Control ensures the ontology’s execution is accurate, error-free, and that the identified security issues are effectively re-solved.
• Quality Assurance follows, focusing on testing the ontology and validating the interactions between different entities to confirm its reliability.
• Exploitation is the final stage, where the ontology is deployed in real-world scenarios after extensive testing. Figure 3 illustrates this ontology-based process:

5.2. Proposed Ontology

Our contribution is to construct an ontology for the security domain. We have based ourselves on the METHONTOLOGY methodology [48], which is the basic support for the conceptualization of the ontology to be created through a set of intermediate semi-formal representations. The logic of descriptions is the formalism adapted for expressing the semi-formal ontology OWL. The ontology definition language is chosen to codify the ontology using the OWL Protected ontology editor. Finally, the Pallet inference system is used to test the consistency of the ontology throughout the development process. Our contribution, essentially, is an ontology to secure the autonomous vehicle to mitigate the detected security problems. Throughout its movement, the autonomous vehicle needs to interact with its environment. The environment is potentially heterogeneous and unpredictable, and can influence the process of its movement. Therefore, the autonomous vehicle must be sensitive to its safety context to reason about it and verify if the requirements and capabilities acquired for its execution are satisfied. We used a development process for our ontology construction, starting from raw knowledge and arriving at a functional application ontology represented by the OWL language. The main steps of this process are inspired by the methodology of ontology construction “METHONTOLOGY” [22]. The application of each step of this process is based on the exploitation of the HEMMAM work [49]. This process is composed of five steps, as presented in Figure 4.

We will detail each of these steps in the following subsection.

5.3. Ontology-Based to Secure Autonomous Vehicles

After introducing the process used to build our ontology, we will construct the ontology related to autonomous vehicle security. We will follow the steps of the ontology construction process outlined in the previous section.

5.3.1. Specification

Ontology development begins with the specification phase, which establishes a requirements specification document. In this document, we derive the ontology construct based on five essential aspects of the domain.

To satisfy the methodological requirement for clarity and to provide an easy reference point for the reader, the scope and characteristics of the proposed ontology are formally summarized in

Table 2. Proposed Ontology Specification.

Specification Aspect	Description	Justification and Delimitation
Knowledge Domain	Cyber security for Autonomous Vehicles (AVs), integrating concepts from general computer security (threats, vulnerabilities, countermeasures).	Focuses the model on the unique communication protocols and layered architectures of modern vehicles.
Main Objective	To conceal security heterogeneity and enable automated semantic reasoning for selecting the most appropriate mitigation strategy against identified threats.	Guarantees better interoperability of security policies and decreases risk severity through knowledge-driven defense.
Users	Autonomous Vehicle embedded security systems (IDS, Security Managers), security analysts, and researchers in VANETs.	Provides a common, exploitable vocabulary and a formal reasoning engine for real-time applications.
Information Sources	Technical documentation on AV security standards, established cyber security taxonomies, and expert knowledge.	Ensures the validity and practical relevance of the concepts and relationships modeled.
Scope of the Ontology	Vehicle (Asset types, Components), Threat (Attacks by Layer, Characteristics), Countermeasure (Mitigation techniques), and Risk Level.	Excludes details on raw sensor data, non-security-related driver behavior, and general traffic flow models.

below.

The scope and objectives detailed in Table 2 serve as the foundation for the subsequent conceptualization. Figure 5 presents the content of the preliminary RDF document used to formalize this specification phase.

5.3.2. Conceptualization

Once most knowledge has been acquired, it must be arranged and structured according to intermediate semi-formal descriptions that are easy to understand and independent of any implementation language [50]. We construct the concept classification hierarchy and illustrate the organization of ontology concepts in a hierarchical order that expresses subclass relationships. A universal concept, “Thing”, which generalizes all root concepts of various concept hierarchies, is employed to establish a single global hierarchy.

To develop our concept taxonomy, METHONTOLOGY proposes the use of four relations:

• A concept C₁ is a subclass of concept C₂ if and only if every instance of C₁ is also an instance of C₂. For example, a Vehicle is a subclass of the class Entity.
• A Disjoint Decomposition of concept C is a set of subclasses of C that do not cover C entirely and do not share any common instances. For example, the concepts Low, Moderate, and Critical form a Disjoint Decomposition of the concept of Security Level.
• An Exhaustive Decomposition of concept C is a set of subclasses of C that together cover C completely and may share common instances.
• A Partition of concept C is a set of subclasses of C that together cover C entirely and have no overlapping instances. For instance, the concepts Proactive, Detective, and Corrective form a Partition of concept types.

We will present the classification and the corresponding binary diagram based on these defined relations. Figure 6 illustrates the binary relationship diagram.

5.3.3. Formalization

Within this stage, the conceptual model is defined in a description logic (DL) in order to develop an ontology that will eventually be utilized in the IDS system. This formalization is divided into two main components, which are complementary to each other. They include TBox (ontology scheme) and ABox (instances defined by real detected attacks).

TBox describes the structure of the domain using basic concepts (classes) and their interrelations (object properties). For instance, we formalize in Description Logic that an autonomous vehicle owns assets:

Vehicle ⊑ ∃hasAsset.Asset

This is an indication that all members of the class Vehicle have to have a relationship with at least one Asset. Subsumption axioms are also defined in order to define hierarchy. For example:

LiDARAttack ⊑ SensorAttack

SensorAttack ⊑ CyberAttack

This set of axioms enhances the IDS by enabling automatic inference. For example, when a new attack is classified as a LiDAR Attack, the system will automatically infer that it is also a Cyber Attack and that it affects a Sensor.

The ABox contains factual data, representing real individuals corresponding to attacks detected in a dataset or system. An assertion in an ABox links an individual to a class or connects two individuals using a property defined in the TBox. For example, a concrete instantiation could include a LiDAR spoofing attack or a CAN DoS attack:

• LiDAR_Spoofing_Attack_01: LiDARAttack
• Weak_Sensor_Filtering: Vulnerability
• False_Obstacle_Detection: Impact
• Enable_Sensor_Fusion: Mitigation
• LiDAR_Spoofing_Attack_01 exploits Vulnerability Weak_Sensor_Filtering
• LiDAR_Spoofing_Attack_01 has Impact False_Obstacle_Detection
• LiDAR_Spoofing_Attack_01 mitigated By Enable_Sensor_Fusion
• CAN_DoS_Attack_01: DoSAttack
• Bus_Flooding_Vulnerability: Vulnerability
• Loss_of_Communication: Impact
• CAN_Bus_Message_Rate_Limiting: Mitigation
• CAN_DoS_Attack_01 exploits Bus_Flooding_Vulnerability
• CAN_DoS_Attack_01 has Impact Loss_of_Communication
• CAN_DoS_Attack_01 mitigated By CAN_Bus_Message_Rate_Limiting

The ABox differs from a conceptual abstract diagram, as it demonstrates that the ontology contains detailed knowledge actively used by the IDS. Upon detecting an attack, the system can utilize reasoning rules to determine the most suitable countermeasure by referencing the information provided in the ontology.

5.3.4. Implementation and Test

Internal Validation: Logical Consistency of the Ontology

Our choice was to implement our ontology in OWL, representing a coding language. The implementation passes through several steps, from the class creation to the instance definition. We used the Pallet system to test the ontology. We distinguish two types of tests: consistency test and satisfiability test; the first one removes the inconsistency between the concepts and uses the subsumption test incorporated in the Pallet system. On the other hand, the second one allows checking for each concept the existence of the instances; a concept C is satisfiable if and only if there exists at least an interpretation I (instance) for the concept C.

According to the tests we applied to the ontology, no errors occurred. The proposed ontology was tested in Protege using the Pallet system, as presented in Figure 7 and Figure 8 show the consistency and the classification test, and the results were satisfying.

External Validation: Proof of Effectiveness (IDS Ontology-Driven Mitigation PoC)

• Implementation of the Detection Module as Input for Ontology-Based Mitigation

The objectives of this experimental validation are to validate the effectiveness of the proposed enhancement to the machine learning model-based IDS to take proper mitigation actions upon detection of an anomaly. This is achieved through the incorporation of the ontological knowledge base. In the regular setting, the ML model can identify the attack but lacks the knowledge to proceed. In our improved version, the resultant warning is passed to the ontology, and it automatically recognizes the appropriate action to take. Thus, this section offers evidence to support our claim that our IDS develops intelligence and makes decisions, such that it is not merely a statistically based detector.

Dataset:

We focused on the HCRL dataset available at https://www.dropbox.com/scl/fo/8kll7yvbgogkp0vahowvm/ADhDIC8LRFL8wHUexib3C3w?rlkey=8cp7scxgw25yt4wp8v2c2v8mp&e=1&st=rplc74rm&dl=0 (accessed on 12 April 2025), which contains three classes of attacks: fuzzy attacks, Impersonation attacks, DoS attacks, and non-attack conditions. The data was collected by capturing CAN messages through a real vehicle’s OBD-II port as message injection attacks were being performed. The attacks are explained in

Table 3. Dataset Description.

Attack Type	Description
Fuzzy Attacks	Injecting messages of spoofed random CAN ID and DATA values
Impersonation Attacks	Injecting messages of Impersonating node, arbitration ID = ‘0 × 164’.
Dos Attack	Message injection with CAN identifier “0 × 000” in a short cycle
Non-Attack Conditions	Normal CAN messages.

:

Figure 9 presents the different attacks against the CAN bus:

Before model training, we preprocess the data by considering four steps:

✓

Data cleaning: removing corrupted data

✓

Data transforming: transform data into numerical features

✓

Labeling: to differentiate the attack classes

✓

Data splitting: split the data into train and test data (70/30)

To prove the feasibility of designing a hybrid IDS system based on a proposed architecture, a proof-of-concept experiment was set up that showed the interaction between the detection component and ontology reasoning component of a system designed to automatically choose a suitable mitigation strategy based on semantic reasoning related to CAN bus communications.

First, it parses real CAN messages from a data set stored in a CSV file. Every CAN message is processed one by one, and its identifier (CAN ID) is identified. A rule-based classifier system assesses a message and decides whether it fits a known attack pattern. Various types of attacks have been represented, including denial of service attacks based on CAN ID floods, impersonation attacks based on forged IDs, as well as fuzzy attacks based on abnormal IDs randomly injected. Once a message is determined to fit an attack pattern, it is labeled accordingly with metadata such as its attack type, severity, and semantic value.

A SPARQL query is then processed to retrieve the most suitable mitigation strategy related to the identified attack class. The query extracts the mitigation instance, its type, and its effectiveness for a given attack, as shown in Figure 10:

Considering that a relationship between attack types, the detection component was implemented using a random forest model, which was trained on the HCRL dataset. The model achieved a high level of accuracy, serving as a reliable anomaly detector (Attack Detection Accuracy: 97%) and demonstrating the feasibility of the input module. The primary focus of this PoC, however, is not the detection accuracy, but the speed and correctness of the ontological decision-making immediately following detection.

The experiment was executed by simulating the sequential detection of the three attack types (DoS, Fuzzy, Impersonation), feeding the resultant attack classification directly into the ontology’s ABox. The semantic reasoning engine, driven by the SPARQL query, produced the following results for mitigation selection:

-

DoS Attack (High Severity): Upon detection of a high-frequency injection, the reasoner filtered mitigation strategies based on maximum effectiveness against ‘Availability Attacks’. The result instantly selected CAN Bus Traffic Filtering and Rate Limiting as the optimal action.

-

Fuzzy Attack (Medium Severity): For messages with spoofed random IDs and data, the ontology identified the attack as a form of ‘Integrity Violation’. The system successfully selected the mitigation: Message Authentication (MAC-based).

-

Impersonation Attack (High Integrity Risk): The injection of a forged, known ID was classified as a specific ‘Trust Attack’. The reasoning engine selected the most effective countermeasure: ECU Isolation and/or Revocation of the Impersonated Node.

Considering that a relationship between attack types, their severity, and mitigation strategies is defined in the ontology, a reasoning engine is capable of selecting a suitable mitigation strategy for the user, together with its effectiveness value. In a situation where multiple suitable mitigation approaches are present in an ontology, a reasoning engine will filter out all but the most efficient one. This clearly explains how the mitigation process is automated in order to make decisions related to automated decision making techniques. The total average time for the entire decision-making loop from IDS output to the selection of the final, optimized mitigation action was measured at 32 milliseconds (ms), confirming the real-time viability of the hybrid system. This demonstration confirms that the hybrid IDS using ontology-based mitigation can:

(1)

Identify malicious traffic on the CAN bus by an intrusion detection ML-based,

(2)

Recognize the type of attack instantly, and

(3)

Use semantic reasoning to decide the appropriate mitigation action without any manual intervention.

Figure 11 presents the output of our implementation:

6. Discussion

We designed an ontology that structures and formalizes techniques of mitigation in the event of a cyber security attack in autonomous vehicles. This ontology was designed based on a METHONTOLOGY methodology and offers a computer security perspective that facilitates interoperability when employing defense strategies and allows for decision-making about context-adjusted mitigation techniques. Our ontology is designed in OWL to ensure that its structuring in a formal manner is accomplished and that it is processed by machines in order to reason in the context of cyber security systems implemented in vehicles. Moreover, our ontology also incorporates terms related to optimization techniques.

Contrary to conventional taxonomies, our ontology is dynamic in nature. This is because it is constantly populated through alerts produced by our detection component (Section External Validation: Proof of Effectiveness). Once an intrusion in the CAN bus is detected by our IDS system, an event instance is automatically generated in our ontology with crucial features such as attack type, timestamp, and severity level. Finally, semantic reasoning (with SPARQL and inference rules) is applied to come up with an effective mitigation plan based upon that particular type of attack.

Ontology validation emphasized preserving semantic consistency and ensuring the correct correspondence between ‘attacks’ and ‘mitigation techniques’.

The Pellet reasoner was used to perform the class hierarchy computation in 1.049 s, and the consistency checking in 0.044 s. These outcomes are indicative of the fact that the semantic relations, inheritance, and mitigation constraints are all in agreement from a logical point of view.

This semantic organization gains its practical value from being able to explain real-world automotive cyber security incidents. As an instance, the Jeep Cherokee hack (2015) demonstrated that a remote intrusion on the communication layer can lead to control of brakes or steering.

Our ontology specifically represents this propagation path so that the system can suggest a mitigated CAN bus isolation step as a first line of defense instead of merely issuing a generic alert. In the same manner, for GPS spoofing attacks, the ontology links a perception-layer attack to a mitigation that entails cross-sensor validation (for instance, GPS–LiDAR consistency check), thus yielding a very detailed, readily implementable defense.

Areas that need further work include the ever-changing nature of cyber attacks, whereby a learning ontology needs to adapt new knowledge at a functional rate. Other areas include infusing ontology learning with either machine learning methods or genetic algorithms in order to learn new methods of defending against threats autonomously. In order to accentuate the originality of our proposed ontology, we carried out a comparative study with semantic models that exist in areas such as security, intrusion detection systems, and autonomous vehicles.

Although previous ontologies have been helpful in creating conceptual models, most of them have been restricted to descriptive modeling and lack autonomous processing capabilities for choosing measures of mitigation.

In addition to the semantic and functional assessment, we conducted a computational complexity analysis to assess the efficiency of our reasoning component. We express the complexity using Big-O notation, which is generally used to express the efficiency of algorithms. Let C denote the number of ontology classes, R the number of semantic relations, and M the number of mitigation rules. The offline ontology reasoning phase (classification and consistency checking) exhibits a worst-case complexity of

$$Offline complexity: {O(2 }^{poly(C\times R)})$$

(1)

This worst-case complexity is a known characteristic of expressive Description Logics (OWL DL) used in the state-of-the-art for in-depth security modeling. Since the preprocessing step only occurs once during the initialization of the system, it does not impact real-time performance. When an intrusion occurs and an event instance is added, the mitigation selection and ranking process operates with a complexity of:

$$Real-time complexity: O\left(M\log M\right)$$

(2)

thus allowing real-time decision-making. However, in recognizing how this outcome compares with current levels of performance for such systems, it is significant to point out that real-time automotive security systems such as in-vehicle network security typically require a decision-latency measure of under a few tens of milliseconds. Thus, by limiting real-time performance to a complexity measure of O (M log(M)), which is linear with respect to the small number of security mitigation rules, there is clearly a degree of high compatibility with this critical performance specification. Our experimental implementations verify this, ensuring average decision and mitigation selection times of only 32 ms. This result is well within the required latency threshold for critical in-vehicle network operations. The overall time complexity of the system is then:

$$T\left(O\right)={O(2 }^{poly(C\times R)})+M\log M)$$

(3)

Which proves that the ontology is capable of retaining both expressiveness and efficiency with automotive real-time systems. As shown in

Table 4. Comparative Analysis between Existing Ontologies and Proposed Ontology.

Ontologies	Domain	Granularity	Orientation IDS/Security	Reasoning/Decision	Selection of Mitigation Techniques
[8]	General security	Average—generic primitives	Conceptual IDS	No decision-making reasoning related to the attack	No
[9]	Authentication/Integrity	Low—web service security only	No	Semantic matchmaking	No
[10]	Wired network	Average—threats/vulnerabilities	IDS (attack catalog)	Description only	No
[11]	Driving assistance/alerts	High—driving context	No IDS	Context-dependent alert messages	No
[13]	Traffic Infrastructure	Average	No	No	No
[14]	Vehicle context/sensors	Average—scenes, lanes, sensors	No	No	No
[17,18]	Network anomalies	Average—network anomalies	Baseline IDS	Anomalies Detection	No
[21]	CAN Attack	High—signals and frames	IDS-oriented CAN attack	Reasoning on CAN Bus	No
Proposed Ontology	Autonomous vehicle safety + IDS	High—attacks, intrusion characteristics, methods, and countermeasures	IDS ML + ontological reasoning	decision engine (SPARQL reasoning)	Automatic selection of optimal mitigation

, past ontology designs only addressed modeling concepts related to security issues, vehicular environments, or types of anomalies but did not address automatic and context-aware selection for mitigations. The proposed ontology incorporates IDS alerts and semantic processing for automatic identification of the best-suited mitigation based on scenarios.

7. Conclusions and Perspectives

This work formalizes different mitigation techniques for AVs using an ontology-based approach. In particular, intrusion detection is considered from the point of view of vulnerabilities and security measures, along with the actors depending on the severity and impact of the system vulnerabilities. Our ontology delineates the domain concepts and stresses their interrelationships in order to lay the groundwork for the development of more efficient and reliable mitigation strategies.

Furthermore, it is assisted by a computationally efficient process for reasoning. By specifying the method for reasoning and selection of mitigation strategies in Big-O notation, it has been made clear that the overall worst-case complexity is dominated by the offline classification ${O(2 }^{poly(C\times R)})$, while the online mitigation recommendation runs in O(M log(M)). Crucially, the measured average decision time of 32 ms confirms this efficiency, ensuring that the framework remains compatible with real-time requirements in automotive systems, while maintaining semantic accuracy and robustness.

We present a concrete development roadmap for this real-time security integration objective, focused on three sequential milestones. Phase I (Validation Platform): Design a dedicated software platform that will be used to test the ontology’s reasoning capabilities using historical attack data, focusing on the maximum accuracy of countermeasure selection. Phase II: ML Integration and Optimization. We will further enhance the ontology with the integration of ML models, focusing on dynamic threat adaptation, and fine-tune the optimization vocabulary, such as Genetic Algorithms, to guarantee the fastest and least intrusive response. Phase III: Real-Time Simulation. The complete semantic framework will be implemented within a simulated vehicular network, e.g., using tools like OMNeT++ or similar test beds, in order to rigorously evaluate the performance and scalability of the system under dynamic, real-world attack scenarios.

This approach will ensure that the mitigation techniques are better attuned to the particular natures of the threats, hence strengthening the overall security framework for autonomous vehicles. Furthermore, the combination of semantic reasoning and dynamic knowledge enrichment positions the system for autonomous evolution in response to emerging cyber-attacks. We also plan to extend this work into real-time applications and simulations to further refine and optimize the response in dynamically changing real-world environments.