An AI-assisted attack tree-based vehicle security evaluation method, device, equipment and medium

CN121907609BActive Publication Date: 2026-07-07ZHEJIANG YANGTZE RIVER DELTA INTERNET OF VEHICLES SECURITY TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ZHEJIANG YANGTZE RIVER DELTA INTERNET OF VEHICLES SECURITY TECH CO LTD
Filing Date
2026-03-19
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

In current vehicle cybersecurity assessments, attack tree generation relies on manual methods, which is inefficient. Threat item and asset scoring lacks intelligence and cannot effectively reuse historical experience, resulting in limited accuracy and a lack of engineering applicability in the assessment results.

Method used

AI-assisted methods automatically generate network attack trees. Combining large language models and retrieval enhancement generation techniques, the system analyzes vehicle architecture information using multimodal methods, generates threat item descriptions, performs similarity searches, and outputs vehicle cybersecurity assessment conclusions, including security handling recommendations for high-risk paths or assets.

Benefits of technology

It achieves intelligent processing of the entire vehicle cybersecurity assessment process, automatically generates attack trees and links them with accurate asset scoring, significantly improving assessment efficiency and engineering practicality, and providing specific security handling suggestions.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121907609B_ABST
    Figure CN121907609B_ABST
Patent Text Reader

Abstract

The application discloses an AI-assisted attack tree-based vehicle safety evaluation method, device, equipment and medium, and belongs to the technical field of computers. The method comprises the following steps: automatically generating an attack tree containing a dynamic risk level based on a vehicle architecture by adopting a hierarchical intelligent agent workflow; extracting a threat scenario from the attack tree and generating a structured description; matching a historical knowledge base by using a retrieval enhancement generation technology, and generating an asset list and a threat score by a large language model; and generating an evaluation conclusion containing a safety disposal suggestion by comprehensively combining the attack tree and the score result. The technical scheme can automatically generate an attack tree based on a vehicle architecture and link intelligent scoring, finally output a safety evaluation conclusion containing specific disposal suggestions, and significantly improve the evaluation efficiency, accuracy and engineering practicability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application belongs to the field of computer technology, specifically relating to a vehicle security assessment method, apparatus, device, and medium based on AI-assisted attack tree. Background Technology

[0002] As vehicles become increasingly intelligent and connected, the cybersecurity threats they face are becoming more severe. To address these threats, the industry generally adopts threat analysis and risk assessment methods. The core components of these methods include constructing attack trees to describe potential attack paths and risk scoring of assets associated with threat items. Currently, attack tree construction mainly relies on security experts manually analyzing vehicle architecture diagrams, which is time-consuming, labor-intensive, and difficult to ensure consistency. Furthermore, the matching and scoring of threat items and assets often uses rule bases or simple keyword matching methods, which struggle to handle complex semantic relationships and cannot effectively reuse historical assessment experience.

[0003] Existing technical solutions suffer from numerous problems. For instance, attack tree generation has a low degree of automation, heavily relies on expert experience, and is inefficient and lacks scalability. Furthermore, threat scoring methods lack sufficient intelligence, failing to accurately retrieve relevant cases from massive historical data to support current decision-making, resulting in limited accuracy of assessment results. Additionally, the two key steps of attack tree analysis and asset scoring are typically performed in isolation, lacking effective technical coordination. This leads to a disconnect between the final disposal recommendations and specific attack paths and asset risk levels, making it difficult to form a closed-loop security assessment conclusion that can guide engineering practice. Therefore, how to automatically, intelligently, and coherently complete risk assessments for vehicle cybersecurity is a pressing technical challenge that needs to be addressed in this field. Summary of the Invention

[0004] This application provides a method, apparatus, device, and medium for vehicle cybersecurity threat assessment based on AI-assisted attack trees. The purpose is to solve the technical problems in existing vehicle cybersecurity assessments, such as the reliance on manual generation of attack trees, low efficiency, insufficient intelligence in threat item and asset scoring, and difficulty in reusing historical experience. It can automatically generate attack trees based on vehicle model architecture and link them with intelligent scoring, and finally output a security assessment conclusion containing specific handling suggestions, which significantly improves the assessment efficiency, accuracy, and engineering practicality.

[0005] In a first aspect, embodiments of this application provide a vehicle security assessment method based on AI-assisted attack trees, the method comprising:

[0006] The network attack tree for the vehicle model is automatically generated based on the input vehicle architecture information. The attack tree includes attack paths and corresponding dynamic risk levels.

[0007] At least one threat attack scenario is extracted from the attack tree, and corresponding threat item description information is generated based on a preset normalized template.

[0008] Based on retrieval enhancement generation technology, the input threat item description information is encoded and transformed into a query vector. Similarity retrieval is then performed in a feature vector knowledge base containing historical threat items and their associated assets. The retrieval results are used as context to generate a list of assets associated with the threat item and its threat score through a large language model.

[0009] Based on the attack tree, the asset list, and the threat score, a vehicle cybersecurity assessment conclusion is generated, which includes security action recommendations for high-risk paths or assets.

[0010] Furthermore, based on the input vehicle architecture information, a network attack tree targeting that vehicle model is automatically generated, including:

[0011] The input vehicle architecture diagram and key component description text are subjected to multimodal parsing to extract component nodes, interfaces and connection relationships. The component nodes are then mapped to predefined hardware, software, data or communication asset types to generate structured topology data.

[0012] Based on the topology data, the threat scenario library is called to match the preset attack scenarios, and the path analysis tool is called based on the MCP protocol to deduce the specific attack chain from the attack entry point to the target, forming an attack tree framework.

[0013] Based on the attack feasibility assessment results, a dynamic risk level is marked for each attack path in the attack tree framework, and a visual attack tree flowchart is generated.

[0014] Furthermore, after generating a visual attack tree flowchart, the process also includes:

[0015] The system receives manual verification feedback on the attack tree flowchart and, based on the feedback, corrects or supplements the attack paths or adds security measures suggestions for high-risk paths to update the attack tree.

[0016] Furthermore, at least one threat attack scenario is extracted from the attack tree, and corresponding threat item description information is generated based on a preset normalized template, including:

[0017] The attack target or key attack path information in the attack tree is filled into a standardized template containing a threat item explanation field to form a structured query text.

[0018] Furthermore, using retrieval enhancement generation technology, the threat item description information is used as a query condition to perform matching retrieval with historical threat items and asset vector knowledge bases, including:

[0019] The threat item description information is converted into a query vector through an embedding model. The similarity between the vector and the historical item vector in the historical threat item and asset vector knowledge base is calculated. The top K1 historical items with the highest similarity and their associated assets and rating information are recalled.

[0020] Using a reordering model based on a cross-encoder architecture, deep semantic interaction calculations are performed on the K1 historical items and the threat item description information to filter out the top K2 items with the highest relevance, where K2 <K1;

[0021] The threat item description information is concatenated with the knowledge of the K2 items to form prompt words, which are then input into the large language model. The model is instructed to reason based on historical knowledge and output a list of assets related to this threat item and a threat score for each asset.

[0022] Furthermore, prior to recalling the top K1 historical items with the highest similarity, the process also includes:

[0023] Collect threat items, associated assets, and expert rating data for historical vehicle models. Vectorize the descriptions of historical threat items through an embedding model and store them in a database that supports vector retrieval.

[0024] Furthermore, the method also includes:

[0025] The verified new threat items and their associated assets and threat scores involved in the vehicle cybersecurity assessment conclusions will be stored as new historical data in the historical threat item and asset vector knowledge base.

[0026] Secondly, embodiments of this application provide a vehicle security assessment device based on AI-assisted attack tree, the device comprising:

[0027] A network attack tree construction module is used to automatically generate a network attack tree for a vehicle model based on the input vehicle model architecture information. The attack tree includes attack paths and corresponding dynamic risk levels.

[0028] The threat item description information generation module is used to extract at least one threat attack scenario from the attack tree and generate corresponding threat item description information based on a preset standardized template.

[0029] The threat scoring determination module is used to encode the input threat item description information based on retrieval enhancement generation technology, convert it into a query vector, perform similarity retrieval in a feature vector knowledge base containing historical threat items and their associated assets, and use the retrieval results as context to generate a list of assets associated with the threat item and its threat score through a large language model.

[0030] The disposal suggestion module is used to generate a vehicle network security assessment conclusion based on the attack tree, the asset list and the threat score. The assessment conclusion includes security disposal suggestions for high-risk paths or assets.

[0031] Thirdly, embodiments of this application provide an electronic device, which includes a processor, a memory, and a program or instructions stored in the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the method described in the first aspect.

[0032] Fourthly, embodiments of this application provide a readable storage medium on which a program or instructions are stored, which, when executed by a processor, implement the steps of the method described in the first aspect.

[0033] Fifthly, embodiments of this application provide a chip, the chip including a processor and a communication interface, the communication interface being coupled to the processor, the processor being used to run programs or instructions to implement the method as described in the first aspect.

[0034] The technical solution provided in this application automatically generates a network attack tree for a given vehicle model based on input vehicle architecture information. The attack tree includes attack paths and corresponding dynamic risk levels. At least one threat attack scenario is extracted from the attack tree, and corresponding threat item description information is generated based on a preset standardized template. Using retrieval enhancement generation technology, the input threat item description information is encoded into a query vector. A similarity search is performed in a feature vector knowledge base containing historical threat items and their associated assets. The search results are used as context to generate a list of assets associated with the threat item and their threat scores through a large language model. Based on the attack tree, the asset list, and the threat scores, a vehicle network security assessment conclusion is generated. This assessment conclusion includes security handling recommendations for high-risk paths or assets. This technical solution enables intelligent processing of the entire process from vehicle architecture to network security assessment conclusions, automatically generating attack trees and linking with RAG technology for accurate asset scoring, ultimately outputting a security report containing specific handling recommendations, significantly improving assessment efficiency and engineering practicality. Attached Figure Description

[0035] Figure 1This is a flowchart illustrating the vehicle security assessment method based on AI-assisted attack tree provided in Embodiment 1 of this application;

[0036] Figure 2 This is a flowchart illustrating the automatic generation of attack trees provided in Embodiment 2 of this application;

[0037] Figure 3 This is a schematic diagram of the interface for the threat item-asset adaptive scoring provided in Embodiment 2 of this application;

[0038] Figure 4 This is a schematic diagram of the vehicle safety assessment device based on AI-assisted attack tree provided in Embodiment 3 of this application;

[0039] Figure 5 This is a schematic diagram of the structure of the electronic device provided in Embodiment 4 of this application. Detailed Implementation

[0040] To make the objectives, technical solutions, and advantages of this application clearer, specific embodiments of this application will be described in further detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely for explaining this application and not for limiting it. It should also be noted that, for ease of description, only the parts relevant to this application are shown in the drawings, not all of them. Before discussing exemplary embodiments in more detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although the flowcharts describe operations (or steps) as sequential processes, many of these operations can be performed in parallel, concurrently, or simultaneously. Furthermore, the order of the operations can be rearranged. The process can be terminated when its operation is completed, but may also have additional steps not included in the drawings. The process can correspond to a method, function, procedure, subroutine, subroutine, etc.

[0041] The technical solutions of the embodiments of this application will be clearly described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of this application. All other embodiments obtained by those skilled in the art based on the embodiments of this application are within the scope of protection of this application.

[0042] The terms "first," "second," etc., used in the specification and claims of this application are used to distinguish similar objects and not to describe a specific order or sequence. It should be understood that such use of data can be interchanged where appropriate so that embodiments of this application can be implemented in orders other than those illustrated or described herein, and the objects distinguished by "first," "second," etc., are generally of the same class and the number of objects is not limited; for example, a first object can be one or more. Furthermore, in the specification and claims, "and / or" indicates at least one of the connected objects, and the character " / " generally indicates that the preceding and following objects are in an "or" relationship.

[0043] The following description, in conjunction with the accompanying drawings, details the vehicle security assessment method, apparatus, equipment, and medium based on AI-assisted attack trees provided in this application, through specific embodiments and application scenarios.

[0044] Example 1

[0045] Figure 1 This is a flowchart illustrating the vehicle security assessment method based on AI-assisted attack trees provided in Embodiment 1 of this application. Figure 1 As shown, the specific steps include the following:

[0046] S101. Based on the input vehicle architecture information, automatically generate a network attack tree for the vehicle model, wherein the attack tree includes attack paths and corresponding dynamic risk levels;

[0047] A hierarchical agent can be a software architecture that decomposes complex tasks into multiple ordered stages, which are then executed collaboratively by different functional modules. In this workflow, each agent is specifically responsible for handling a particular type of task and uses standardized interfaces for data transfer and task coordination, thereby achieving automated pipeline processing from input to output.

[0048] Vehicle architecture information can include vehicle electrical architecture diagrams, in-vehicle network topology diagrams, and functional description documents for key electronic control units. This information collectively describes the vehicle's hardware components, network connections, and the functional characteristics of each electronic control unit.

[0049] A network attack tree is a security analysis model that visualizes potential network attack paths in the form of a tree diagram. In this tree structure, the root node represents the attacker's final goal, the leaf nodes represent specific attack entry points or technical steps, and the intermediate nodes represent intermediate states in achieving sub-goals. The entire tree structure clearly shows the complete attack chain from the initial attack point to the final goal.

[0050] An attack path can refer to a complete sequence of technical steps or vulnerability exploits that an attacker might take from the initial attack entry point to the final attack target. Each attack path details how the attacker gradually approaches the target by exploiting system vulnerabilities.

[0051] Dynamic risk rating is a quantitative risk indicator that is automatically labeled after assessing each attack path based on multiple factors such as attack feasibility, technical complexity, and potential impact. This rating is typically divided into three levels: high, medium, and low, and can dynamically reflect the relative danger of different attack paths.

[0052] This solution first uses a preprocessing agent to perform multimodal parsing on the input vehicle architecture information. This parsing process utilizes a visual-text joint model to simultaneously process image and text information, extracting key elements such as component nodes, interfaces, and connection relationships from the vehicle architecture diagram and component descriptions. These extracted component nodes are then mapped to predefined hardware, software, data, or communication asset types, generating structured topology data. Next, the attack tree generation agent uses this topology data to match preset attack scenarios using a threat scenario library and invokes a path analysis tool based on the MCP (Model Context Protocol) to deduce the specific attack chain from the attack entry point to the target, forming an attack tree framework. Finally, based on the attack feasibility assessment results, each attack path in the attack tree framework is dynamically labeled with a risk level, and a visual attack tree flowchart is generated.

[0053] S102. Extract at least one threat attack scenario from the attack tree, and generate corresponding threat item description information based on a preset normalized template;

[0054] Threat attack scenarios can be representative attack paths or final targets identified from the attack tree. These scenarios typically reflect the most threatening security risks faced by the vehicle and serve as the core basis for subsequent risk assessments and mitigation recommendations.

[0055] A pre-defined standardized template can be a structured text framework designed in advance to unify the format of information expression. The template contains specific field definitions and format requirements, such as the "Threat Item - Explanation" field, which specifies how to describe the technical details and scope of impact of the attack scenario.

[0056] Threat description information can be structured, machine-readable query text generated by filling specific information about the threat attack scenario into the corresponding fields according to a pre-defined standardized template format. This standardized description method ensures consistency and comparability between different threat items.

[0057] This solution can identify the most representative attack targets from the attack tree, such as "unauthorized control of vehicle operation," or key attack paths, such as "cracking the SGW security gateway via the OBD interface and then controlling the ECU." It then fills this specific information into the corresponding fields of a pre-defined, standardized template. For example, the technical details, exploitation conditions, and potential impact of the attack path "cracking the SGW security gateway via the OBD interface" are filled into the "Threat Item - Explanation" field of the template according to the prescribed format, ultimately generating a structured query text.

[0058] S103. Based on the retrieval enhancement generation technology, the input threat item description information is encoded and transformed into a query vector. Similarity retrieval is performed in the feature vector knowledge base containing historical threat items and their associated assets. The retrieval results are used as context to generate a list of assets associated with the threat item and its threat score through a large language model.

[0059] Retrieval-Augmented Generation (RAG) is an advanced technical framework that combines information retrieval with the generative capabilities of large language models. Its core idea is to first retrieve the most relevant historical information from an external knowledge base, and then combine the retrieved information with the generative capabilities of a large language model to produce more accurate and reliable output results.

[0060] A historical threat item and asset vector knowledge base can be a specially constructed database system that stores a large amount of threat items, associated assets, and expert rating data accumulated from historical vehicle assessments. The unique feature of this database is that all textual descriptions are transformed into high-dimensional numerical vectors through an embedding model, supporting efficient retrieval based on semantic similarity.

[0061] An embedding model can be a deep learning model that maps text semantics to a high-dimensional vector space. Through this mapping, semantically similar texts will be close to each other in the vector space, thus supporting semantic similarity calculation based on vector distance. Understandably, the embedding model used in this solution is a fine-tuned model tailored to the specific domain, making it better suited for this purpose, rather than a direct transplant of embedding models from other domains.

[0062] A query vector is a numerical representation of threat item description information after being processed by an embedding model. It encapsulates the semantic information of the original text, making it easy to compare similarity with historical item vectors in the knowledge base.

[0063] Cosine similarity can be a common metric for calculating the direction consistency of two vectors in a multi-dimensional space. The closer the value is to 1, the more similar the semantics are. By calculating the cosine similarity between the query vector and all historical item vectors in the knowledge base, the top K1 most semantically relevant historical items can be quickly found.

[0064] The cross-Encoder architecture can be a neural network structure that can jointly encode queries and documents. Different from the traditional dual-tower architecture, the cross-Encoder can more precisely capture the complex semantic relationships between the two through the complete interaction calculation of the query and the document, generating more accurate relevance scores.

[0065] The re-ranking model can be a model built based on advanced architectures such as cross-Encoder, specifically used for fine-tuning and re-ranking the preliminary retrieval results. It can identify semantic biases in the preliminary retrieval results and filter out the truly most relevant knowledge.

[0066] Prompt words are carefully arranged input texts to guide the large language model to complete specific tasks, usually including task instructions, context information, and specific questions. In this method, the prompt words organically combine the original query with the retrieved relevant knowledge, providing sufficient background information for the large language model.

[0067] Specifically, it can include three key links: First, convert the threat item description information into a query vector through an embedding model, calculate its cosine similarity with all historical item vectors in the knowledge base, and recall the top K1 historical items with the highest similarity and their associated information. Then, use a re-ranking model based on the cross-Encoder architecture to perform in-depth semantic interaction calculations on the K1 preliminary results, and filter out the top K2 (K2 < K1) item knowledge that is most relevant. Finally, splice the original query with the K2 refined knowledge into a prompt word and input it into the large language model, instructing the model to generate a standardized output based on this relevant knowledge.

[0068] S104. Generate a vehicle network security assessment conclusion based on the attack tree, the asset list, and the threat score. The assessment conclusion includes security disposal suggestions for high-risk paths or assets.

[0069] The vehicle network security assessment conclusion is a comprehensive security analysis report. This report not only summarizes the results of all the above analysis steps but also provides specific improvement suggestions and implementation guidance.

[0070] Security disposal suggestions can be specific protection or mitigation measures proposed for identified high-risk attack paths or high-threat-level assets. These suggestions are based on industry best practices and historical successful experiences and have direct engineering guidance value.

[0071] In this solution, attack paths marked as high-risk in the attack tree, asset lists, and threat scores are automatically integrated through a dedicated report generation module. For example, for the "malware implantation via OTA interface" attack path marked as high-risk in the attack tree, specific recommendations such as "enable code signature verification and implement integrity checks" are generated based on the threat scores of its associated assets. For "in-vehicle infotainment system personal information" assets assessed as high-threat, protective measures such as "strengthen data encryption storage and implement access control" are proposed.

[0072] In one feasible embodiment, a network attack tree targeting the vehicle model is automatically generated based on the input vehicle architecture information, including:

[0073] The input vehicle architecture diagram and key component description text are subjected to multimodal parsing to extract component nodes, interfaces and connection relationships. The component nodes are then mapped to predefined hardware, software, data or communication asset types to generate structured topology data.

[0074] Based on the topology data, the threat scenario library is called to match the preset attack scenarios, and the path analysis tool is called based on the MCP protocol to deduce the specific attack chain from the attack entry point to the target, forming an attack tree framework.

[0075] Based on the attack feasibility assessment results, a dynamic risk level is marked for each attack path in the attack tree framework, and a visual attack tree flowchart is generated.

[0076] Multimodal parsing can be a technique that uses a visual-text joint model to simultaneously process input image-format vehicle architecture diagrams and text-format component descriptions. Specifically, the input preprocessing agent can call the visual-text joint model to analyze the input images and documents, identify graphic elements and text descriptions, and then correlate and integrate the two information.

[0077] Component nodes can be logical units identified from the vehicle architecture diagram, representing specific hardware or software components in the vehicle, such as T-Boxes, ECUs, and gateways. Specifically, the model can locate and label graphical blocks representing each component from the image, while simultaneously parsing the names and functional descriptions of the corresponding components from the text, establishing a correspondence between graphics and semantics.

[0078] An interface can be a connection point for data communication between component nodes, such as a CAN bus interface or an automotive Ethernet interface. The model identifies the lines or specific symbols connecting the components in the architecture diagram, and combines this with the description of the communication protocol in the text to determine the type and protocol of each connection point.

[0079] Connection relationships can describe the network topology structure formed by how various component nodes are interconnected through interfaces. Based on the identified component nodes and interfaces, a topology diagram is constructed that represents "which component is connected to which component through which interface".

[0080] Mapping can be a classification operation that categorizes each identified component node into predefined asset types such as hardware, software, data, or communication, based on its functional characteristics and security attributes. Specifically, it can automatically assign asset tags and security attributes to each component node based on a predefined rule base, for example, mapping components with physical entities to "hardware" and programs responsible for processing information to "software".

[0081] Structured topology data can be a dataset generated through the above processing, recording all vehicle components, their types, connections, and asset ownership information in standardized formats such as JSON. Specifically, all the extracted and mapped results are formatted and encapsulated according to a predetermined data schema, outputting a complete, machine-readable JSON document.

[0082] This technical solution provides a specific method for automatically generating machine-understandable, structured data from unstructured raw input that can be used for subsequent automated analysis. This avoids the tedious process of manually interpreting drawings and documents, providing an accurate and consistent data foundation for the automatic generation of attack trees, and is a key link in improving the automation level of the entire method.

[0083] The threat scenario library can be a pre-built database containing typical attack patterns and their characteristic descriptions, such as "remote control," "data breach," and "denial of service." Specifically, the attack tree generation agent receives structured topology relationship data and matches it with scenario features in the threat scenario library. For example, if a topology containing wireless communication interfaces and critical control units is identified, it matches a "remote control" attack scenario.

[0084] The Model Context Protocol (MCP) is an interface protocol used for standardized, structured communication between large language models and external tools or services. Specifically, the attack tree generation agent, following the MCP protocol specifications, encapsulates a request containing current topology information and the analysis target, and sends it to a specialized path analysis tool.

[0085] Path analysis tools can be specialized analysis modules based on graph theory, attack graph algorithms, and other technologies. Specifically, the tool receives a request, treats the topology data as an attack graph, starts from potential entry points such as the OBD interface or Bluetooth module, traverses all possible paths to the attack target, such as the engine ECU, and outputs the sequence of these paths.

[0086] An attack tree framework can be an intermediate data structure that describes an attack chain but has not yet undergone risk assessment and visualization. Specifically, the attack tree generator receives the attack path sequence returned by the path analysis tool and organizes it into a tree-like data structure, where the root node is the attack target, the leaf nodes are the entry points, and the intermediate nodes are the attack steps.

[0087] This technical solution enables the logical derivation from static asset topology to dynamic attack paths. By combining predefined threat scenarios and professional path analysis algorithms, the system can automatically deduce how potential attackers exploit vulnerabilities in the vehicle network to gradually achieve their attack goals. This replaces the process of security experts relying entirely on experience to deduce attack paths, making attack path discovery more systematic, comprehensive, and reproducible.

[0088] In one feasible embodiment, after generating a visual attack tree flowchart, the method further includes:

[0089] The system receives manual verification feedback on the attack tree flowchart and, based on the feedback, corrects or supplements the attack paths or adds security measures suggestions for high-risk paths to update the attack tree.

[0090] An attack tree flowchart can be a visual tree diagram that displays the attack tree framework and its risk levels. The receiving process involves the system displaying the attack tree flowchart generated by tools such as Graphviz and Mermaid on a human-computer interface for security engineers to review. Engineers submit modification suggestions through the annotation, comment, or direct editing functions provided on the interface, and the system captures these inputs as feedback data.

[0091] Human verification feedback can be suggestions from cybersecurity experts who review the automatically generated attack tree and provide corrections regarding the accuracy, completeness, or reasonableness of the attack path's risk rating. For example, an expert might point out that a certain attack path is not feasible in reality, add a new attack path that the system has not identified, or adjust the risk level of a certain path from "medium" to "high."

[0092] Security recommendations can be specific protective, detection, or response measures proposed for identified high-probability or high-impact attack paths. For example, for the path of "implementing malware through OTA upgrade vulnerabilities," recommendations could be "implementing firmware code signature verification" or "establishing a two-way authentication mechanism."

[0093] Correction can refer to modifying the attributes or connections of existing nodes in the attack tree based on expert opinions, such as adjusting the technical details of a certain attack step.

[0094] Supplementation can refer to adding new nodes or branches to the attack tree based on expert knowledge to cover a more comprehensive range of attack scenarios.

[0095] Updating the attack tree can refer to merging the manually verified and modified content back into the original automated attack tree data structure to form the final version.

[0096] This technical solution introduces crucial human-machine collaboration into the automated analysis process. Purely automated attack trees may contain biases or omissions due to limitations in model training data or the complexity of specific scenarios. By receiving and correcting expert feedback, the accuracy and engineering applicability of the attack trees can be effectively improved, ensuring that the analysis results truly reflect actual threats. Simultaneously, handling suggestions are added for high-risk paths, directly linking the analysis results to security engineering practices and enhancing the solution's practical value.

[0097] In one feasible embodiment, at least one threat attack scenario is extracted from the attack tree, and corresponding threat item description information is generated based on a preset normalized template, including:

[0098] The attack target or key attack path information in the attack tree is filled into a standardized template containing a threat item explanation field to form a structured query text.

[0099] The attack target can refer to the ultimate harm represented by the root node of the attack tree, such as "illegally controlling vehicle operation" or "stealing user privacy data".

[0100] Critical attack path information can refer to the descriptions and logical relationships of all nodes in a complete attack chain that is assessed as high-risk or representative in the attack tree.

[0101] A standardized template can be a pre-designed text frame with fixed fields and formatting requirements. This template includes fields such as "Threat Item Name," "Threat Item - Explanation," and "Potential Impact," and specifies the descriptive language and length for each field.

[0102] The threat project description field can be a core field in a standardized template, specifically used to describe in detail and in a structured manner the technical principles, triggering conditions, attack steps, etc. of the threat project.

[0103] Structured query text can refer to text paragraphs that are generated after being filled in according to template requirements, with a uniform format and clear semantics.

[0104] This solution can traverse the attack tree, select its root node or a selected critical path, extract the descriptive information of all nodes on the path, and then organize this information into a coherent narrative text according to logical order and technical details. Finally, this text is filled into the "Threat Item - Explanation" field of the standardized template, and other necessary fields are added to generate a complete query text that meets the template requirements.

[0105] This technical solution addresses the challenge of effectively converting graphical, structured attack tree information into natural language input suitable for processing by large language models and vector retrieval models. By enforcing the use of standardized templates, it ensures consistency in format, detail, and emphasis across different threat descriptions. This significantly reduces ambiguity in subsequent semantic retrieval and model understanding processes, serving as a crucial prerequisite for achieving high-quality retrieval enhancement.

[0106] In one feasible embodiment, a retrieval enhancement generation technique is employed, using the threat item description information as a query condition, and performing a matching retrieval with a historical threat item and asset vector knowledge base, including:

[0107] The threat item description information is converted into a query vector through an embedding model. The similarity between the vector and the historical item vector in the historical threat item and asset vector knowledge base is calculated. The top K1 historical items with the highest similarity and their associated assets and rating information are recalled.

[0108] Using a reordering model based on a cross-encoder architecture, deep semantic interaction calculations are performed on the K1 historical items and the threat item description information to filter out the top K2 items with the highest relevance, where K2 <K1;

[0109] The threat item description information is concatenated with the knowledge of the K2 items to form prompt words, which are then input into the large language model. The model is instructed to reason based on historical knowledge and output a list of assets related to this threat item and a threat score for each asset.

[0110] An embedding model can be a trained deep learning model, such as BERT or BGE, whose function is to map a piece of text into a fixed-length high-dimensional numerical vector, which can represent the semantics of the original text in a vector space.

[0111] A query vector can refer to the numerical representation of threat item description information obtained after being processed by an embedding model.

[0112] Historical item vectors can be numerical representations of each historical threat item description in the historical knowledge base after being processed by the same embedding model.

[0113] Similarity calculation can be an operation that measures how close the query vector is to each historical item vector in the vector space. Cosine similarity is commonly used as the metric.

[0114] Recall can refer to sorting all historical items based on the calculated similarity scores and selecting the top K1 items with the highest scores as the initial matching results.

[0115] This solution inputs the generated structured query text into a pre-loaded embedding model, which outputs a high-dimensional vector as the query vector. The system then calculates the cosine similarity between this query vector and all historical item vectors stored in the knowledge base. Next, the system sorts the historical items from highest to lowest similarity score, extracts the top K1 items, and retrieves the associated raw data for these items, including their corresponding asset lists and expert rating information.

[0116] Using a reordering model based on a cross-encoder architecture, deep semantic interaction calculations are performed on the K1 historical items and the threat item description information to filter out the top K2 items with the highest relevance, where K2 <K1。

[0117] The cross-Encoder architecture can be a neural network model architecture that concatenates the query text and candidate document text together as a whole input model, allowing the model's internal self-attention mechanism to fully interact between the two at the word and sentence levels, thereby more accurately determining their relevance.

[0118] The re-ranking model can be a specialized model trained based on the cross-Encoder architecture described above, used to refine and re-rank the initial retrieval results.

[0119] Deep semantic interaction computation can refer to the complex feature extraction and association analysis process performed in the network layer of a re-ranking model when processing concatenated query-document pairs.

[0120] This solution concatenates the current threat item description information with the original description text of K1 initially recalled historical items, forming K1 "query + document" pairs. These text pairs are then sequentially input into a pre-loaded reordering model. The model performs joint encoding on each text pair and outputs a relevance score between 0 and 1. Finally, the system reorders the data based on these K1 new relevance scores and selects the top K2 historical items with the highest scores as the final refined knowledge.

[0121] Cue words can be carefully crafted input text designed to guide a large language model to complete a specific task, and typically contain system instructions, contextual information, and user questions.

[0122] Normalized output can refer to requiring a large language model to generate content according to a predefined structured format, such as JSON or a list of specific fields, rather than free narration.

[0123] This solution allows you to build a prompt template containing instructions, such as "Analyze the current threat and list relevant assets and scores based on the following historical cases," context, and queries. This complete prompt is then input into a selected large language model deployed in the cloud or on-premises. The large language model infers based on the instructions and context, ultimately generating the required output, such as a list containing "Asset Name: ECU, Threat Score: High; Asset Name: CAN Bus, Threat Score: Medium."

[0124] This technical solution leverages the powerful reasoning and generative capabilities of large language models to combine discrete historical knowledge fragments with current specific problems, generating targeted and structured assessment conclusions. It avoids the mechanical nature of simple rule matching or simplistic weighted averaging, making the scoring of asset threats more intelligent and flexible, and capable of adapting to new threats not fully covered by the historical knowledge base.

[0125] In one feasible embodiment, prior to recalling the top K1 historical items with the highest similarity, the method further includes:

[0126] Collect threat items, associated assets, and expert rating data for historical vehicle models. Vectorize the descriptions of historical threat items through an embedding model and store them in a database that supports vector retrieval.

[0127] Threat items, associated assets, and expert rating data for historical vehicle models can be structured data accumulated from past safety assessment projects, including threat description text, specific assets affected by the threat (such as ECU type, bus name), and risk level (high / medium / low or specific score) given by experts or assessment systems.

[0128] Vectorization can refer to using the aforementioned embedding model to convert the descriptive text of each historical threat item into a corresponding numerical vector.

[0129] Databases that support vector retrieval can be specialized databases with the ability to efficiently store and retrieve high-dimensional vectors, such as ElasticSearch (with vector plugins), Milvus, and Pinecone. These databases support approximate nearest neighbor search based on vector similarity.

[0130] This solution first exports structured historical evaluation data from a historical project management system or database. Then, a preprocessing script is written, an index is created in a vector database, the dimensions of the vector fields and the similarity measurement method are defined, and the generated vector data, along with its associated original metadata, is imported or stored in the vector database.

[0131] This technical solution constructs a specific technical path for a high-quality historical knowledge base, providing a reliable data infrastructure for the entire RAG process. A knowledge base with rich content, high-quality vectorization, and good retrieval performance is fundamental to ensuring the accuracy and effectiveness of subsequent intelligent scoring.

[0132] In one feasible embodiment, the method further includes:

[0133] The verified new threat items and their associated assets and threat scores involved in the vehicle cybersecurity assessment conclusions will be stored as new historical data in the historical threat item and asset vector knowledge base.

[0134] Newly verified threats can refer to threats identified during this assessment process and whose accuracy and effectiveness have been confirmed through manual verification.

[0135] The conclusion of a vehicle cybersecurity assessment can be a comprehensive report that includes an asset list, threat score, and remediation recommendations.

[0136] This solution can automatically or manually trigger a knowledge base update task after the assessment process is completed. This task extracts the description of newly generated threat items, their associated asset list, and the threat score generated by the model from the final assessment conclusion. Then, using the same embedding model as when building the knowledge base, the description text of this new threat item is vectorized. Finally, this newly generated vector, along with its associated assets, score, and other metadata, is treated as a new "document."

[0137] This solution provides the ability to learn and evolve continuously. By feeding the results of each assessment into the knowledge base, the system can continuously enrich its knowledge reserves, enabling subsequent assessments to be based on more comprehensive knowledge that is closer to the latest threat situation. This creates a virtuous cycle, allowing the assessment capabilities to continuously improve over time, thus enhancing the long-term vitality and adaptability of the solution.

[0138] Example 2

[0139] In order to enable those skilled in the art to better understand the technical solution of this application, this application also provides a preferred embodiment. It should be understood that this preferred embodiment is intended to illustrate a specific implementation method and is not intended to limit the technical solution of this application.

[0140] Figure 2 This is a schematic diagram of the process for automatically generating an attack tree provided in Embodiment 2 of this application. For example... Figure 2 As shown, the top-level node is E01, Threat1 - Malicious Intentional Vehicle Disabling, which is the final target of the attack tree. The logical relationship between E01 and its child nodes is "OR," meaning that satisfying the attack conditions of any child node will trigger the "Malicious Intentional Vehicle Disabling" threat corresponding to E01. The child nodes and their associated content are as follows:

[0141] E02: PKI service, a potential attack sub-path to achieve the goal of E01, pointing to the attack entry point or step related to the PKI service; E03: CDN and T-BOX communication, a potential attack sub-path to achieve the goal of E01, pointing to the attack risk of the CDN and vehicle T-BOX communication link; E04: Threat3 - malicious intentional vehicle disabling, and E04 and E05 below are connected by "AND" logic, that is, the conditions of E04 and E05 must be met simultaneously to form an attack path under this branch; E05: Threat3 - malicious intentional vehicle disabling, a related child node of E04, together with E04, forming an attack sub-path that must be triggered simultaneously. The attack tree is constructed by professional engineers based on vehicle architecture to prevent network attacks by hackers. This paper proposes an automatic threat attack tree generation algorithm based on a layered agent workflow design, combined with a large model agent and MCP protocol, aiming to automatically generate an attack tree flowchart based on the vehicle architecture diagram, mainly including the following stages:

[0142] Phase 1: Input preprocessing Agent;

[0143] Input: Vehicle architecture diagram (PNG / PDF), description text of key components (such as ECU functions, communication protocols).

[0144] Multimodal parsing: Using a visual-text joint model to extract nodes (such as T-Boxes and OTA interfaces) and their connections in the graph.

[0145] Asset mapping: Associate the four asset types (hardware / software / data / communication) defined in Link 1, and mark security attributes (such as ensuring the integrity of CAN bus).

[0146] Output structured data: a JSON-formatted topology table containing node types, interface protocols, and asset levels.

[0147] Phase 2: Generating Agents from Attack Trees;

[0148] Core Capability: Threat Scenario Library Invocation: Build the TARA threat library and match preset scenarios such as "remote control" and "data breach".

[0149] Attack path deduction: Based on the MCP protocol, a path analysis tool is invoked to generate a link such as "OBD interface → crack SGW → control ECU".

[0150] Dynamic risk assessment: Automatically labels the path risk value (high / medium / low) based on the attack feasibility level.

[0151] Flowchart generation: Use Graphviz or Mermaid syntax to output a tree diagram, with the root node representing the attack target and the leaf nodes representing the attack steps.

[0152] Phase 3: Closed-loop manual verification;

[0153] Dual-channel feedback mechanism:

[0154] Correction mode: When engineers modify attack tree nodes (such as adding a "certificate forgery attack" path), the system automatically learns and labels the differences.

[0155] Enhanced mode: Add handling suggestions (such as "enable two-way authentication") for high-probability attack paths (such as OTA upgrade vulnerabilities).

[0156] Through communication with the product manager, it was concluded that the attack tree of threats needs to be constructed by professionals based on experience, and the results obtained through large-scale model analysis are completely unconvincing in terms of accuracy.

[0157] Figure 3 This is a schematic diagram of the interface for the threat item-asset adaptive scoring provided in Embodiment 2 of this application. For example... Figure 3 As shown, the threat graph matches corresponding assets across multiple items under a brand's vehicle model, and analyzes threat levels through expert evaluation. The core objective of the "Threat Item-Asset Adaptive Scoring" algorithm is to achieve adaptive matching and intelligent rating of threat items and assets using large-scale model RAG (Retrieval Augmentation) technology. The entire process revolves around several key steps: knowledge base construction, vector similarity calculation, re-ranking, and large-scale model scoring. First, a relevant knowledge base is built to store historical information. When a new vehicle model-item is encountered, it is converted into a vector and matched with the information in the knowledge base for similarity. After filtering out some knowledge, further optimization is achieved through re-ranking. Finally, the filtered knowledge and user query information are input into the large-scale model to generate the corresponding asset score. The basic process is as follows:

[0158] Build the query template: Add a "Threat Item - Explanation" field and standardize the description of this field;

[0159] Construct a vector knowledge base of "historical threat projects-assets": store the project and asset information corresponding to vehicle models and brands in multiple dimensions, and store them in vector form through the embedding model.

[0160] Semantic similarity calculation: When adding a new vehicle model - project, the query is converted into a vector through an embedding model, and the "Threat item - Explanation" field in the "Historical threat item - Asset knowledge base" is adaptively matched to select the knowledge with the top - k1 similarity. The returned historical knowledge includes: Threat item - Explanation, Asset, Threat rating, etc.

[0161] Re - ranking: Based on the semantic similarity model, k2 (k2 < k1) pieces of knowledge in the top - k1 are selected as the reserve knowledge for the access model;

[0162] Large model scoring: The user query and k2 pieces of historical knowledge are concatenated as the input of the large model, and the output format is normalized to generate the corresponding asset threat score.

[0163] It includes the following steps:

[0164] Construct a query template;

[0165] To more accurately describe threat items, a query template needs to be constructed. Add the "Threat item - Explanation" field to the template and standardize the description method of this field. Standardized description helps to unify information expression, reduce ambiguity, and make subsequent processing and analysis more accurate and efficient. For example, for different types of threat items, clearly define the format and content scope of the explanation, so that each threat item has a clear and accurate explanation, facilitating subsequent construction of the knowledge base and similarity matching operations.

[0166] Construct a vector knowledge base of "Historical threat items - Assets";

[0167] Use ElasticSearch to construct a vector knowledge base of "Historical threat items - Assets". ElasticSearch is a distributed, open - source search and analysis engine with the following advantages:

[0168] High performance: It adopts a distributed architecture and inverted index technology, capable of quickly storing, searching, and analyzing large amounts of data. When processing a large amount of historical threat item and asset information, it can ensure high - efficiency query and retrieval speed.

[0169] Scalability: The cluster scale can be easily expanded to adapt to the growing data volume and query load. As the business develops, the data in the historical knowledge base will continue to increase, and ElasticSearch can easily handle this growth.

[0170] Flexibility: Supports multiple data types and query methods to meet the needs of different scenarios. It allows for flexible storage and querying of vehicle model, brand, project, and asset information across various dimensions.

[0171] Its creation process is as follows:

[0172] Creating a mapping: When creating the index, define the data type of the vector field. For example, use the dense_vector type to store vector data, or combine vector retrieval with traditional keyword retrieval.

[0173] Storing vector data: The vector data generated by the embedding model is stored in the corresponding fields;

[0174] Perform vector retrieval: Use the `script_score` query to calculate the similarity between vectors. Common similarity metrics include cosine similarity.

[0175] This knowledge base stores information on vehicle models and brands, along with their corresponding projects and assets, using an embedding model to vectorize this information. This approach converts textual information into a vector format that computers can efficiently process, facilitating subsequent vector similarity calculations.

[0176] Vector similarity calculation;

[0177] When a new vehicle model / project is added, the query is converted into a vector using an embedding model. This vector is then matched against the "Threat Project - Explanation" field in the "Historical Threat Project - Asset Knowledge Base." Specifically, the similarity between vectors is calculated, and the top k1 similarity items are selected. This method quickly filters historical threat project information with high relevance to the new vehicle model / project from the knowledge base, providing a foundation for subsequent re-ranking and large-scale model scoring.

[0178] Reordering;

[0179] A re-ranking step can further optimize the matching results. Here, the BGE-Rerank (BAAI GeneralEmbedding-Rerank) method is used for re-ranking. BGE-Rerank is a professional-grade re-ranking model launched by the Beijing Academy of Artificial Intelligence (BAAI), mainly used to optimize the recall results in retrieval augmentation generation (RAG) systems. Its core principle is to improve the relevance ranking accuracy between candidate documents and queries through deep semantic interaction.

[0180] BGE-Rerank employs a cross-Encoder architecture, which is fundamentally different from the dual-tower structure of the Embedding model. The basic process is as follows:

[0181] 1) Input form: Concatenate the query and the document into a single text sequence in the format: [CLS] Query [SEP] Document [SEP].

[0182] 2) Deep interaction mechanism: Through the self-attention layer of the Transformer, the model directly captures the word-level and sentence-level semantic associations between the query and the document at each layer, generating a more accurate relevance score.

[0183] 3) Output: Calculate the relevance score (in the range of 0 - 1) using the hidden state corresponding to the [CLS] tag. The higher the score, the stronger the relevance.

[0184] Advantage: Compared with the cosine similarity calculation of the Embedding model, the cross-encoder can identify complex semantic relationships (such as polysemous words and logical dependencies).

[0185] In the re-ranking step, based on the semantic similarity model, k2 (k2 < k1) pieces of knowledge are selected from the top k1 pieces of knowledge ranked by similarity as the reserve knowledge for the admission model. This can reduce the interference of irrelevant information and improve the quality of the input to the large model.

[0186] Large model scoring;

[0187] Concatenate the user query and the k2 pieces of historical knowledge (including: threat item - explanation, asset, threat rating) selected through re-ranking as the input to the large model. Before inputting into the large model, it is necessary to standardize the input and output formats. The standardized input format can ensure that the large model can correctly process information, while the standardized output format is convenient for subsequent interpretation and application of the results. The large model analyzes and generates based on the input information, and finally generates the corresponding asset matching and analyzes the corresponding threat score.

[0188] Through the above steps, with the help of the large model RAG technology and a series of processing procedures, the matching of threat items and assets, as well as threat scoring, are achieved, improving the efficiency and accuracy of the original threat analysis and management.

[0189] Embodiment III

[0190] Figure 4 It is a schematic structural diagram of a vehicle safety assessment device based on an AI-assisted attack tree provided by Embodiment III of the present application. As Figure 4 shown, the device includes:

[0191] The network attack tree construction module 410 is used to automatically generate a network attack tree for the vehicle model based on the input vehicle model architecture information. The attack tree includes attack paths and corresponding dynamic risk levels.

[0192] The threat item description information generation module 420 is used to extract at least one threat attack scenario from the attack tree and generate corresponding threat item description information based on a preset standardized template.

[0193] The threat scoring determination module 430 is used to encode the input threat item description information based on retrieval enhancement generation technology, convert it into a query vector, perform similarity retrieval in a feature vector knowledge base containing historical threat items and their associated assets, and use the retrieval results as context to generate a list of assets associated with the threat item and its threat score through a large language model.

[0194] The disposal suggestion module 440 is used to generate a vehicle network security assessment conclusion based on the attack tree, the asset list and the threat score. The assessment conclusion includes security disposal suggestions for high-risk paths or assets.

[0195] In this embodiment, a network attack tree construction module is used to automatically generate a network attack tree for the vehicle model based on the input vehicle architecture information. The attack tree includes attack paths and corresponding dynamic risk levels. A threat item description information generation module is used to extract at least one threat attack scenario from the attack tree and generate corresponding threat item description information based on a preset normalized template. A threat score determination module is used to encode the input threat item description information into a query vector based on retrieval enhancement generation technology, perform a similarity search in a feature vector knowledge base containing historical threat items and their associated assets, and use the search results as context to generate a list of assets associated with the threat item and their threat scores through a large language model. A disposal suggestion module is used to generate a vehicle network security assessment conclusion based on the attack tree, the asset list, and the threat score. The assessment conclusion includes security disposal suggestions for high-risk paths or assets. This technical solution enables intelligent processing of the entire process from vehicle architecture to network security assessment conclusion, automatically generates an attack tree, and uses RAG technology to perform accurate asset scoring, ultimately outputting a security report containing specific disposal suggestions, significantly improving assessment efficiency and engineering practicality.

[0196] The vehicle security assessment device based on AI-assisted attack tree in this application embodiment can be a device, or a component, integrated circuit, or chip in a terminal. The device can be a mobile electronic device or a non-mobile electronic device. For example, mobile electronic devices can be mobile phones, tablets, laptops, PDAs, in-vehicle electronic devices, wearable devices, ultra-mobile personal computers (UMPCs), netbooks, or personal digital assistants (PDAs), etc., while non-mobile electronic devices can be servers, network-attached storage (NAS), personal computers (PCs), televisions (TVs), ATMs, or self-service machines, etc. This application embodiment does not impose specific limitations.

[0197] The vehicle safety assessment device based on AI-assisted attack tree in this application embodiment can be a device with an operating system. This operating system can be Android, iOS, or other possible operating systems; this application embodiment does not specifically limit it.

[0198] The vehicle security assessment device based on AI-assisted attack tree provided in this application embodiment can realize the various processes of the above embodiments, and will not be described again here to avoid repetition.

[0199] Example 4

[0200] Figure 5 This is a schematic diagram of the structure of the electronic device provided in Embodiment 4 of this application. Figure 5 As shown, this application embodiment also provides an electronic device 500, including a processor 501, a memory 502, and a program or instructions stored in the memory 502 and executable on the processor 501. When the program or instructions are executed by the processor 501, they implement the various processes of the above-described embodiment of the vehicle security assessment method based on AI-assisted attack tree and achieve the same technical effect. To avoid repetition, they will not be described again here.

[0201] It should be noted that the electronic devices in the embodiments of this application include the mobile electronic devices and non-mobile electronic devices described above.

[0202] Example 5

[0203] This application also provides a readable storage medium storing a program or instructions. When the program or instructions are executed by a processor, they implement the various processes of the above-described embodiment of the vehicle security assessment method based on AI-assisted attack tree and achieve the same technical effect. To avoid repetition, they will not be described again here.

[0204] The processor is the processor in the electronic device described in the above embodiments. The readable storage medium includes computer-readable storage media, such as computer read-only memory (ROM), random access memory (RAM), magnetic disk, or optical disk.

[0205] Example 6

[0206] This application embodiment also provides a chip, which includes a processor and a communication interface. The communication interface and the processor are coupled. The processor is used to run programs or instructions to implement the various processes of the above-described embodiment of the vehicle security assessment method based on AI-assisted attack tree, and can achieve the same technical effect. To avoid repetition, it will not be described again here.

[0207] It should be understood that the chip mentioned in the embodiments of this application may also be referred to as a system-on-a-chip, system chip, chip system, or system-on-a-chip, etc.

[0208] It should be noted that, in this document, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes that element. Furthermore, it should be noted that the scope of the methods and apparatuses in the embodiments of this application is not limited to performing functions in the order shown or discussed, but may also include performing functions substantially simultaneously or in the reverse order, depending on the functions involved. For example, the described methods may be performed in a different order than described, and various steps may be added, omitted, or combined. Additionally, features described with reference to certain examples may be combined in other examples.

[0209] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods of the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a computer software product. This computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk) and includes several instructions to cause a terminal (which may be a mobile phone, computer, server, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0210] The embodiments of this application have been described above with reference to the accompanying drawings. However, this application is not limited to the specific embodiments described above. The specific embodiments described above are merely illustrative and not restrictive. Those skilled in the art can make many other forms under the guidance of this application without departing from the spirit and scope of the claims, and all of these forms are within the protection scope of this application.

[0211] The above description is merely a preferred embodiment and the technical principles employed in this application. This application is not limited to the specific embodiments described herein, and various obvious changes, readjustments, and substitutions that can be made by those skilled in the art will not depart from the scope of protection of this application. Therefore, although this application has been described in detail through the above embodiments, this application is not limited to the above embodiments, and may include more other equivalent embodiments without departing from the concept of this application, the scope of which is determined by the scope of the claims.

Claims

1. A vehicle security assessment method based on AI-assisted attack tree, characterized in that, include: The network attack tree for the vehicle model is automatically generated based on the input vehicle architecture information. The attack tree includes attack paths and corresponding dynamic risk levels. At least one threat attack scenario is extracted from the attack tree, and corresponding threat item description information is generated based on a preset normalized template. Based on retrieval enhancement generation technology, the input threat item description information is encoded and transformed into a query vector. Similarity retrieval is then performed in a feature vector knowledge base containing historical threat items and their associated assets. The retrieval results are used as context to generate a list of assets associated with the threat item and its threat score through a large language model. Based on the attack tree, the asset list, and the threat score, a vehicle cybersecurity assessment conclusion is generated, which includes security action recommendations for high-risk paths or assets. Automatically generate a network attack tree for the vehicle model based on the input vehicle architecture information, including: The input vehicle architecture diagram and key component description text are subjected to multimodal parsing to extract component nodes, interfaces and connection relationships. The component nodes are then mapped to predefined hardware, software, data or communication asset types to generate structured topology data. Based on the aforementioned topology data, the threat scenario library is invoked to match preset attack scenarios, and the path analysis tool is invoked based on the MCP protocol to deduce the specific attack chain from the attack entry point to the target, forming an attack tree framework. Based on the attack feasibility assessment results, a dynamic risk level is marked for each attack path in the attack tree framework, and a visual attack tree flowchart is generated.

2. The method according to claim 1, characterized in that, After generating a visual attack tree flowchart, the following is also included: The system receives manual verification feedback on the attack tree flowchart and, based on the feedback, corrects or supplements the attack paths or adds security measures suggestions for high-risk paths to update the attack tree.

3. The method according to claim 1, characterized in that, At least one threat attack scenario is extracted from the attack tree, and corresponding threat item description information is generated based on a preset normalized template, including: The attack target or key attack path information in the attack tree is filled into a standardized template containing a threat item explanation field to form a structured query text.

4. The method according to claim 1, characterized in that, Using retrieval enhancement generation technology, the threat item description information is used as a query condition, and matched and retrieved against historical threat items and asset vector knowledge bases, including: The threat item description information is converted into a query vector through an embedding model. The similarity between the vector and the historical item vector in the historical threat item and asset vector knowledge base is calculated. The top K1 historical items with the highest similarity and their associated assets and rating information are recalled. Using a reordering model based on a cross-encoder architecture, deep semantic interaction calculations are performed on the K1 historical items and the threat item description information to filter out the top K2 items with the highest relevance, where K2 <K1; The threat item description information is concatenated with the knowledge of the K2 items to form prompt words, which are then input into the large language model. The model is instructed to reason based on historical knowledge and output a list of assets related to this threat item and a threat score for each asset.

5. The method according to claim 4, characterized in that, Before recalling the top K1 historical items with the highest similarity, the following is also included: Collect threat items, associated assets, and expert rating data for historical vehicle models. Vectorize the descriptions of historical threat items through an embedding model and store them in a database that supports vector retrieval.

6. The method according to claim 1, characterized in that, The method further includes: The verified new threat items and their associated assets and threat scores involved in the vehicle cybersecurity assessment conclusions will be stored as new historical data in the historical threat item and asset vector knowledge base.

7. A vehicle safety assessment device based on AI-assisted attack tree, characterized in that, include: A network attack tree construction module is used to automatically generate a network attack tree for a vehicle model based on the input vehicle model architecture information. The attack tree includes attack paths and corresponding dynamic risk levels. The threat item description information generation module is used to extract at least one threat attack scenario from the attack tree and generate corresponding threat item description information based on a preset standardized template. The threat scoring determination module is used to encode the input threat item description information based on retrieval enhancement generation technology, convert it into a query vector, perform similarity retrieval in a feature vector knowledge base containing historical threat items and their associated assets, and use the retrieval results as context to generate a list of assets associated with the threat item and its threat score through a large language model. The disposal suggestion module is used to generate a vehicle network security assessment conclusion based on the attack tree, the asset list and the threat score. The assessment conclusion includes security disposal suggestions for high-risk paths or assets. Specifically, the network attack tree construction module is used for: The input vehicle architecture diagram and key component description text are subjected to multimodal parsing to extract component nodes, interfaces and connection relationships. The component nodes are then mapped to predefined hardware, software, data or communication asset types to generate structured topology data. Based on the aforementioned topology data, the threat scenario library is invoked to match preset attack scenarios, and the path analysis tool is invoked based on the MCP protocol to deduce the specific attack chain from the attack entry point to the target, forming an attack tree framework. Based on the attack feasibility assessment results, a dynamic risk level is marked for each attack path in the attack tree framework, and a visual attack tree flowchart is generated.

8. An electronic device, characterized in that, The system includes a processor, a memory, and a program or instructions stored in the memory and executable on the processor, wherein the program or instructions, when executed by the processor, implement the steps of the vehicle safety assessment method based on an AI-assisted attack tree as described in any one of claims 1-6.

9. A readable storage medium, characterized in that, The readable storage medium stores a program or instructions that, when executed by a processor, implement the steps of the vehicle security assessment method based on an AI-assisted attack tree as described in any one of claims 1-6.