{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,19]],"date-time":"2026-01-19T02:48:31Z","timestamp":1768790911683,"version":"3.49.0"},"reference-count":32,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2020,2,6]],"date-time":"2020-02-06T00:00:00Z","timestamp":1580947200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100010418","name":"Institute for Information and Communications Technology Promotion","doi-asserted-by":"publisher","award":["2017-0-00441"],"award-info":[{"award-number":["2017-0-00441"]}],"id":[{"id":"10.13039\/501100010418","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Entropy"],"abstract":"In this paper, we propose an intrusion detection system based on the estimation of the R\u00e9nyi entropy with multiple orders. The R\u00e9nyi entropy is a generalized notion of entropy that includes the Shannon entropy and the min-entropy as special cases. In 2018, Kim proposed an efficient estimation method for the R\u00e9nyi entropy with an arbitrary real order \u03b1 . In this work, we utilize this method to construct a multiple order, R\u00e9nyi entropy based intrusion detection system (IDS) for vehicular systems with various network connections. The proposed method estimates the R\u00e9nyi entropies simultaneously with three distinct orders, two, three, and four, based on the controller area network (CAN)-IDs of consecutively generated frames. The collected frames are split into blocks with a fixed number of frames, and the entropies are evaluated based on these blocks. For a more accurate estimation against each type of attack, we also propose a retrospective sliding window method for decision of attacks based on the estimated entropies. For fair comparison, we utilized the CAN-ID attack data set generated by a research team from Korea University. Our results show that the proposed method can show the false negative and positive errors of less than 1% simultaneously.<\/jats:p>","DOI":"10.3390\/e22020186","type":"journal-article","created":{"date-parts":[[2020,2,7]],"date-time":"2020-02-07T03:13:27Z","timestamp":1581045207000},"page":"186","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":22,"title":["A Multiple R\u00e9nyi Entropy Based Intrusion Detection System for Connected Vehicles"],"prefix":"10.3390","volume":"22","author":[{"given":"Ki-Soon","family":"Yu","sequence":"first","affiliation":[{"name":"Major in Information Communication Engineering, Dongguk University, Seoul 04620, Korea"}]},{"given":"Sung-Hyun","family":"Kim","sequence":"additional","affiliation":[{"name":"School of Computing, Korea Advanced Institute of Science and Technology, Daejeon 34141, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4661-7044","authenticated-orcid":false,"given":"Dae-Woon","family":"Lim","sequence":"additional","affiliation":[{"name":"Major in Information Communication Engineering, Dongguk University, Seoul 04620, Korea"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4114-4935","authenticated-orcid":false,"given":"Young-Sik","family":"Kim","sequence":"additional","affiliation":[{"name":"Department of Information and Communication Engineering, Chosun University, Gwangju 61452, Korea"}]}],"member":"1968","published-online":{"date-parts":[[2020,2,6]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Koscher, K., Czeskis, A., Roesner, F., Patel, S., and Kohno, T. (2010, January 16\u201319). Experimental security analysis of a modern automobile. Proceedings of the 2010 IEEE Symposium on Security and Privacy, Berkeley\/Oakland, CA, USA.","DOI":"10.1109\/SP.2010.34"},{"key":"ref_2","unstructured":"Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., and Savage, S. (2011, January 8\u201312). Comprehensive experimental analyses of automotive attack surfaces. Proceedings of the 20th USENIX Security Symposium, San Francisco, CA, USA."},{"key":"ref_3","unstructured":"Miller, C., and Valasek, C. (2014). A Survey of Remote Automotive Attack Surfaces, Black Hat USA. Tech. Rep. 8."},{"key":"ref_4","first-page":"546","article-title":"Potential cyberattacks on automated vehicles","volume":"16","author":"Petit","year":"2015","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"ref_5","unstructured":"Miller, C., and Valasek, C. (2015). Remote Exploitation of an Unaltered Passenger Vehicle, Black Hat USA. Tech. Rep. 23."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Fr\u00f6schle, S., and St\u00fchring, A. (2017, January 11\u201315). Analyzing the capabilities of the can attacker. Proceedings of the 22nd European Symposium on Research in Computer Security, Oslo, Norway.","DOI":"10.1007\/978-3-319-66402-6_27"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1109\/MNET.2017.1600257","article-title":"In-vehicle network attacks and countermeasures: Challenges and future directions","volume":"31","author":"Liu","year":"2017","journal-title":"IEEE Netw."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"1083","DOI":"10.1109\/TIFS.2018.2870826","article-title":"Read: Reverse engineering of automotive data frames","volume":"14","author":"Marchetti","year":"2019","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Wu, W., Li, R., Xie, G., An, J., Bai, Y., Zhou, J., and Li, K. (2019). A Survey of Intrusion Detection for In-Vehicle Networks. IEEE Trans. Intell. Transp. Syst.","DOI":"10.1109\/TITS.2019.2908074"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Muter, M., and Asaj, N. (2011, January 5\u20139). Entropy-Based Anomaly Detection for In-Vehicle Networks. Proceedings of the 2011 IEEE Intelligent Vehicles Symposium (IV), Baden-Baden, Germany.","DOI":"10.1109\/IVS.2011.5940552"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Narayanan, B.N., Djaneye-Boundjou, O., and Kebede, T.M. (2016, January 25\u201329). Performance analysis of machine learning and pattern recognition algorithms for Malware classification. Proceedings of the 2016 IEEE National Aerospace and Electronics Conference(NAECON) and Ohio Innovation Summit (OIS), Dayton, OH, USA.","DOI":"10.1109\/NAECON.2016.7856826"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Kebede, T.M., Djaneye-Boundjou, O., Narayanan, B.N., Ralescu, A., and Kapp, D. (2017, January 27\u201330). Classification of Malware programs using autoencoders based deep learning architecture and its application to the microsoft malware Classification challenge (BIG 2015) dataset. Proceedings of the 2017 IEEE National Aerospace and Electronics Conference (NAECON), Dayton, OH, USA.","DOI":"10.1109\/NAECON.2017.8268747"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Alom, M.Z., Bontupalli, V., and Taha, T.M. (2015, January 16\u201319). Intrusion Detection using Deep Belief Networks. Proceedings of the 2015 National Aerospace and Electronics Conference, (NAECON), Dayton, OH, USA.","DOI":"10.1109\/NAECON.2015.7443094"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Callegari, C., Giordano, S., and Pagano, M. (2017, January 26\u201329). Entropy-based network anomaly detection. Proceedings of the 2017 International Conference Computing, Networking and Communications (ICNC), Silicon Valley, CA, USA.","DOI":"10.1109\/ICCNC.2017.7876150"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Callegari, C., Giordano, S., and Pagano, M. (2017, January 18\u201324). Anomaly detection: An overview of selected methods. Proceedings of the 2017 Int. Multi-Conference Engineering, Computer and Information Sciences (SIBIRCON), Novosibirsk, Russia.","DOI":"10.1109\/SIBIRCON.2017.8109836"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Saia, R., Carta, S., Recupero, D.R., Fenu, G., and Stanciu, M.M. (2019, January 17\u201319). A Discretized Extended Feature Space (DEFS) Model to Improve the Anomaly Detection Performance in Network Intrusion Detection Systems. Proceedings of the 11th International Joint Conference Knowledge Discovery, Knowledge Engineering and Knowledge Management, Vienna, Austria.","DOI":"10.5220\/0008113603220329"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Saia, R., Salvatore, C., and Recupero, R. (2018, January 18\u201320). A Probabilistic-driven Ensemble Approach to Perform Event Classification in Intrusion Detection System. Proceedings of the 10th International Joint Conference Knowledge Discovery, Knowledge Engineering and Knowledge Management, Seville, Spain.","DOI":"10.5220\/0006893801410148"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"2367","DOI":"10.3390\/e17042367","article-title":"An Entropy-Based Network Anomaly Detection Method","volume":"17","author":"Berezinski","year":"2015","journal-title":"Entropy"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Lee, H., Jeong, S.H., and Kim, H.K. (2017, January 28\u201330). OTIDS: A Novel Intrusion Detection System for In-vehicle Network by using Remote Frame. Proceedings of the 2017 IEEE 15th PST, Calgary, AB, Canada.","DOI":"10.1109\/PST.2017.00017"},{"key":"ref_20","unstructured":"Hazem, A., and Fahmy, H. (2012, January 28\u201329). Lcap-a lightweight can authentication protocol for securing in-vehicle networks. Proceedings of the 10th Escar Embedded Security Cars Conference, Berlin, Germany."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Macher, G., Sporer, H., Brenner, E., and Kreiner, C. (2016, January 14\u201316). Supporting cyber-security based on hardware-software interface definition. Proceedings of the European Conference Software Process Improvement, Graz, Austria.","DOI":"10.1007\/978-3-319-44817-6_12"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Abbott-McCune, S., and Shay, L.A. (2016, January 24\u201327). Intrusion prevention system of automotive network can bus. Proceedings of the IEEE International Carnahan Conference Security Technology (ICCST), Orlando, FL, USA.","DOI":"10.1109\/CCST.2016.7815711"},{"key":"ref_23","unstructured":"Eric, W., William, X., Suhas, S., Songsong, L., and Kai, Z. (2017, January 18\u201320). Hardware module-based message authentication in intra-vehicle networks. Proceedings of the ACM\/IEEE 8th International Conference Cyber-Physical Systems (ICCPS), Pittsburgh, PA, USA."},{"key":"ref_24","unstructured":"Bulck, J.V., M\u00fchlberg, J.T., and Piessens, F. (2017, January 4\u20138). VulCAN: Efficient component authentication and software isolation for automotive control networks. Proceedings of the 33rd Annual Computer Security Applications Conference, Orlando, Florida, USA."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"490","DOI":"10.1016\/j.procs.2017.05.317","article-title":"An automotive signal-layer security and trust-boundary identification approach","volume":"109","author":"Macher","year":"2017","journal-title":"Procedia Comput. Sci."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1","DOI":"10.5383\/JUSPN.10.01.001","article-title":"Signal-layer security and trust-boundary identification based on hardware-software interface definition","volume":"10","author":"Macher","year":"2018","journal-title":"J. Ubiquitous Syst. Pervasive Netw."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Wang, Q., Lu, Z., and Qu, G. (2018, January 4\u20137). An entropy analysis based intrusion detection system for controller area network in vehicles. Proceedings of the 2018 31st IEEE International System-on-Chip Conference (SOCC), Washington, DC, USA.","DOI":"10.1109\/SOCC.2018.8618564"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Kim, Y.-S. (2018). Low Complexity Estimation Method of R\u00e9nyi Entropy for Ergodic Sources. Entropy, 20.","DOI":"10.3390\/e20090657"},{"key":"ref_29","unstructured":"R\u00e9nyi, A. (July, January 20). On measures of entropy and information. Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, Berkeley, CA, USA."},{"key":"ref_30","unstructured":"(2020, January 24). CAN Dataset for Intrusion Detection (OTIDS). Available online: http:\/\/ocslab.hksecurity.net\/Dataset\/CAN-intrusion-dataset."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"805","DOI":"10.1016\/S1389-1286(98)00017-6","article-title":"Towards a taxonomy of intrusion-detection systems","volume":"31","author":"Debar","year":"1999","journal-title":"Comput. Netw."},{"key":"ref_32","unstructured":"Cover, T.M., and Thomas, J.A. (2006). Elements of Information Theory, Wiley-Interscience."}],"container-title":["Entropy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1099-4300\/22\/2\/186\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T08:55:25Z","timestamp":1760172925000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1099-4300\/22\/2\/186"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,6]]},"references-count":32,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2020,2]]}},"alternative-id":["e22020186"],"URL":"https:\/\/doi.org\/10.3390\/e22020186","relation":{},"ISSN":["1099-4300"],"issn-type":[{"value":"1099-4300","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,2,6]]}}}