A multiple rényi entropy based intrusion detection system for connected vehicles

Abstract

In this paper, we propose an intrusion detection system based on the estimation of the Renyi entropy with multiple orders. The Renyi entropy is a generalized notion of entropy that includes the Shannon entropy and the min-entropy as special cases. In 2018, Kim proposed an efficient estimation method for the Renyi entropy with an arbitrary real order a. In this work, we utilize this method to construct a multiple order, Renyi entropy based intrusion detection system (IDS) for vehicular systems with various network connections. The proposed method estimates the Renyi entropies simultaneously with three distinct orders, two, three, and four, based on the controller area network (CAN)-IDs of consecutively generated frames. The collected frames are split into blocks with a fixed number of frames, and the entropies are evaluated based on these blocks. For a more accurate estimation against each type of attack, we also propose a retrospective sliding window method for decision of attacks based on the estimated entropies. For fair comparison, we utilized the CAN-ID attack data set generated by a research team from Korea University. Our results show that the proposed method can show the false negative and positive errors of less than 1% simultaneously.