In the last decade, the automotive industry incorporated multiple electronic components into vehicles introducing various capabilities for adversaries to generate diverse types of attacks. In comparison to older types of vehicles, where the biggest concern was physical security, modern vehicles might be targeted remotely. As a result, multiple attack vectors aiming to disrupt different vehicle components emerged. Research and practice lack a comprehensive attack taxonomy for the automotive domain. In this regard, we conduct a systematic literature study, wherein 48 different attacks were identified and classified according to the proposed taxonomy of attack mechanisms. The taxonomy can be utilized by penetration testers in the automotive domain as well as to develop more sophisticated attacks by chaining multiple attack vectors together. In addition, we classify the identified attack vectors based on the following five dimensions: (1) AUTOSAR layers, (2) attack domains, (3) information security principles, (4) attack surfaces, and (5) attacker profile. The results indicate that the most applied attack vectors identified in literature are GPS spoofing, message injection, node impersonation, sybil, and wormhole attack, which are mostly applied to application and services layers of the AUTOSAR architecture.

在过去的十年中，汽车工业将多个电子组件整合到了车辆中，从而为攻击者提供了各种功能，以产生各种类型的攻击。与最关注的是人身安全的老式汽车相比，现代汽车可能会成为远程目标。结果，出现了旨在破坏不同车辆部件的多个攻击媒介。对于汽车领域，研究和实践缺乏全面的攻击分类法。在这方面，我们进行了系统的文献研究，其中根据拟议的攻击机制分类法对48种不同的攻击进行了识别和分类。分类法可以被汽车领域的渗透测试人员利用，也可以通过将多个攻击向量链接在一起来开发更复杂的攻击。此外，我们基于以下五个维度对识别出的攻击向量进行分类：（1）AUTOSAR层，（2）攻击域，（3）信息安全性原则，（4）攻击面和（5）攻击者配置文件。结果表明，文献中最常用的攻击向量是GPS欺骗，消息注入，节点模拟，sybil和虫洞攻击，这些攻击向量主要应用于AUTOSAR体系结构的应用程序和服务层。