Enhancing Intrusion Detection in Autonomous Vehicles Using Ontology-Driven Mitigation

With the increasing complexity of Autonomous Vehicle networks, enhanced cyber security has become a critical challenge. Traditional security techniques often struggle to adapt dynamically to evolving threats. Overcoming these limitations, this paper presents a novel domain ontology to structure knowledge concerning AV security threats, intrusion characteristics, and corresponding mitigation techniques. Unlike previous work, which mainly focused on static classifications or direct integration within Intrusion Detection Systems, our approach has the distinctive feature of creating a formalized and coherent semantic representation. The ontology was designed using Protégé 4.3 and Web Ontology Language (OWL), modeled from the core cyber security concepts of AVs, and it provides a more nuanced threat classification and significantly superior automated reasoning capability. An important feature of our design is that the ontology formalization was done independently of any real-time IDS integration. A PoC was carried out to prove that the ontology could select the most appropriate method of mitigation, using as input the output of machine-learning-based IDS; SPARQL queries retrieve mitigation instance, type, and effectiveness. This design choice enables us to concentrate strictly on validating the foundational semantic coherence and reasoning power of the knowledge structure, hence providing a robust and reliable analytical framework for further reactive and predictive security applications. The experimental evaluation confirms enhanced effectiveness in knowledge organization and reduces inconsistencies in security threat analysis. Specifically, class classification was performed in 1.049 s, while consistency check required just 0.044 s, hence validating the model’s robustness against classification principles and concept inferences. This work thus paves the way for the development of more intelligent and adaptive security frameworks. In the future, research will be focused on the integration with real-time security monitoring and IDS frameworks and on the study of optimization techniques, such as genetic algorithms, to improve the real-time selection of the countermeasures.