This Recommendation establishes guidelines for an intrusion prevention system (IPS) for connected vehicles. This Recommendation mainly focuses on aspects of active response capability for intrusion and includes the implementation guidance and use cases of IPS for connected vehicles. Prior in-vehicle intrusion detection systems (IDSs) have limitations, e.g., requiring too many computing resources that a vehicle cannot provide and being unable to mitigate intrusions due to characteristics of protocol and bus topology. To overcome these limitations of conventional in-vehicle IDSs, this Recommendation provides methodologies for both intrusion detection and intrusion prevention. The proposed IPS consists of the intrusion detection plane – an external component with intrusion detection algorithms – and the data plane – in-vehicle networks (IVNs) where traffic monitoring and active response happen. This Recommendation aims to protect (automotive) Ethernet-based IVNs.