Intelligent vehicles have become an essential transportation tool for human daily travel. The Controller Area Network (CAN), a core communication protocol inside intelligent vehicles, faces significant security concerns. The CAN bus is vulnerable to malicious attacks due to factors such as weak communication interface access control, lack of authentication in data exchange, and the absence of source/destination addresses in messages. In-vehicle gateways and firewalls are limited by bandwidth and computational resources. It makes difficult to implement powerful encryption and authentication algorithms, which restricts their protective capabilities. Current Intrusion Detection Systems (IDS) that rely on single-class side-channel features, like voltage, clock, or data flow, have limited ability to detect various types of attacks. For example, the IDS based on clock skew cannot detect attacks that are not periodic. This study proposed a federated learning-based CAN bus intrusion detection system for intelligent vehicles. The vehicle collected multidimensional feature data for lightweight training and transmitted parameters to the cloud. The cloud gathered parameters from different vehicles using an asynchronous horizontal federated learning structure, conducted deep training with the eXtreme Gradient Boosting (XGBoost) algorithm, and sent trained model parameters back to the vehicle. The vehicle then performed detection and attack source tracing. Experiments on three real vehicles from different brands demonstrated that the system achieves high-precision detection of six typical attack types, including Bus-off, Spoofing, Same Origin MethodExecution (SOME), Fuzzing, Masquerade, and Replay attacks. The average detection latency was 0.0987 ms.
