Apparatus for detecting in-vehicle external data intrusion by comparing multiple information entropy and operating method thereof

What is claimed is: 1 . An apparatus for detecting in-vehicle external data intrusion by comparing multiple information entropy, the apparatus comprising: a reference entropy storage unit configured to store, for each of a plurality of predetermined different travelling environment conditions, an upper limit value and a lower limit value of predetermined first reference information entropy, an upper limit value and a lower limit value of predetermined second reference information entropy, and an upper limit value and a lower limit value of predetermined third reference information entropy for detecting external data intrusion on a vehicle; a travelling environment condition checking unit configured to check a control signal associated with travelling of the vehicle by accessing an Electronic Control Unit (ECU) of the vehicle and check a current travelling environment condition of the vehicle; a count unit configured to collect N packets (N is a natural number equal to or larger than 2) sequentially generated through an in-vehicle Controller Area Network (CAN) communication network and generate a packet group formed of N packets, and count each of the number of times of occurrence of first overlapping event (which is the event generated when the two packets having the same ID are continuously generated through the CAN communication network), a second overlapping event (which is the event generated when the three packets having the same ID are continuously generated through the CAN communication network), and a third overlapping event (which is the event generated when the four packets having the same ID are continuously generated through the CAN communication network) by checking IDs allocated to the N packets forming the packet group; a criteria information entropy estimating unit configured to estimate first criteria information entropy representing the amount of information for the packet ID generable through the CAN communication network under the current travelling environment condition of the vehicle based on the number of times of the occurrence of the first overlapping event and the number of N packets forming the packet group, estimate second criteria information entropy representing the amount of information for the packet ID generable through the CAN communication network under the current travelling environment condition of the vehicle based on the number of times of the occurrence of the second overlapping event and the number of N packets forming the packet group, and estimate third criteria information entropy representing the amount of information for the packet ID generable through the CAN communication network under the current travelling environment condition of the vehicle based on the number of times of the occurrence of the third overlapping event and the number of N packets forming the packet group; an entropy checking unit configured to, when the first criteria information entropy, the second criteria information entropy, and the third criteria information entropy are estimated, check whether the first criteria information entropy belongs to values between the upper limit value and the lower limit value of the first reference information entropy stored in the reference entropy storage unit while corresponding to the travelling environment condition corresponding to the current travelling environment condition of the vehicle, check whether the second criteria information entropy belongs to values between the upper limit value and the lower limit value of the second reference information entropy stored in the reference entropy storage unit while corresponding to the travelling environment condition corresponding to the current travelling environment condition of the vehicle, and check whether the third criteria information entropy belongs to values between the upper limit value and the lower limit value of the third reference information entropy stored in the reference entropy storage unit while corresponding to the travelling environment condition corresponding to the current travelling environment condition of the vehicle; and an external data intrusion determining unit configured to, when it is checked that any one of the first criteria information entropy, the second criteria information entropy, and the third criteria information entropy does not belong to the values between the upper limit value and the lower limit values of the first reference information entropy, the second reference information entropy, and the third reference information entropy stored while corresponding to the travelling environment condition corresponding to the current travelling environment condition of the vehicle, determine that the external data intrusion occurs on the vehicle. 2 . The apparatus of claim 1 , wherein the criteria information entropy estimating unit estimates the first criteria information entropy based on a calculation according to Equation 1 below, estimates the second criteria information entropy based on a calculation according to Equation 2 below, and estimates the third criteria information entropy based on a calculation according to Equation 3 below, R 1 = - log 2  S 1 n 1 [ Equation   1 ] R 2 = - log 2  S 2 n 1 [ Equation   2 ] R 3 = - log 2  S