Penetration testing is crucial for Intelligent and Connected Vehicle (ICV) security, yet current methods relying on static test case
libraries lack attacker mindset simulation and exhibit low coverage and efficiency. This paper proposes a data-driven methodology that dynamically generates test plans by simulating attacker reasoning. We integrate multi-source dataincluding test cases, vulnerabilities, threat
intelligence, and competition videosinto an automotive cyber attack knowledge graph, structured with Minimal Attack Paths (MAPs) as
atomic units. An intelligent graph search algorithm then generates high-threat attack chains for specific targets. A comprehensive evaluation
framework is established to validate the methods effectiveness across multiple dimensions. This work provides a novel foundation for developing dynamic and evolving automotive cybersecurity testing systems.

Intelligent and Connected Vehicles (ICVs); Penetration Testing; Attack Path; Knowledge Graph; ATT&CK Framework; Multi-source Data Fusion

[1] Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., ... & Kohno, T. (2011). Comprehensive experimental

analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Security Symposium (pp. 447-462). USENIX Association.

[2] United Nations Economic Commission for Europe. (2021). UN Regulation No. 155: Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system.

[3] Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., ... & Savage, S. (2010). Experimental security analysis of a

modern automobile. In 2010 IEEE Symposium on Security and Privacy (pp. 447-462). IEEE.

[4] Woo, S., Jo, H. J., & Lee, D. H. (2015). A practical wireless attack on the connected car and security protocol for in-vehicle CAN. IEEE

Transactions on Intelligent Transportation Systems, *16*(2), 993-1006.

[5] Palanca, A., Evenchick, E., Maggi, F., & Zanero, S. (2017). A stealth, selective, link-layer denial-of-service attack against automotive

networks. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (pp. 185-206). Springer,

Cham.

[6] Zhang, T., & Kang, H. (2020). A survey of automotive cybersecurity: Attacks, vulnerabilities, and solutions. In 2020 IEEE 20th International Conference on Communication Technology (ICCT) (pp. 1190-1195). IEEE.

[7] Nilsson, D. K., & Larson, U. E. (2009). Conducting forensic investigations of cyber attacks on automobile in-vehicle networks. In Proceedings of the First International Conference on Forensic Applications and Techniques in Telecommunications, Information, and Multimedia (pp. 1-10). IEEE.

[8] Kordy, B., Pitre-Cambacds, L., & Schweitzer, P. (2014). DAG-based attack and defense modeling: Don't miss the forest for the attack trees. Computer Science Review, *13*, 1-38.

[9] MITRE Corporation. (2023). MITRE ATT&CK for Industrial Control Systems. Retrieved from https://attack.mitre.org/versions/v12/

matrices/ics/

[10] Husk, M., Komrkov, J., Bou-Harb, E., & ?eleda, P. (2018). Survey of attack projection, prediction, and forecasting in cyber security.

IEEE Communications Surveys & Tutorials, *21*(1), 640-660.