IoV’s dynamic topology, high mobility, and unreliable wireless channels render it vulnerable to diverse attacks—including spoofing, DDoS, and malware—yet existing centralized intrusion detection systems (IDS) suffer from high cloud-dependent latency, while edge nodes lack sufficient resources to execute complex models. To address this, we propose a hierarchical, edge–cloud collaborative IDS framework. First, we design a novel layered classification paradigm tailored to IoV’s distributed nature. Second, we deploy Boruta-based feature selection at the edge for lightweight, fine-grained attack identification, while offloading deep threat analysis to the cloud. This functional decoupling significantly reduces edge computational overhead. Evaluated on the CIC-IoV2024 dataset, our framework achieves high detection accuracy while reducing average edge inference latency by 42.7%. It also demonstrates markedly improved system scalability and real-time responsiveness.

Due to its nature of dynamic, mobility, and wireless data transfer, the Internet of Vehicles (IoV) is prone to various cyber threats, ranging from spoofing and Distributed Denial of Services (DDoS) attacks to malware. To safeguard the IoV ecosystem from intrusions, malicious activities, policy violations, intrusion detection systems (IDS) play a critical role by continuously monitoring and analyzing network traffic to identify and mitigate potential threats in real-time. However, most existing research has focused on developing centralized, machine learning-based IDS systems for IoV without accounting for its inherently distributed nature. Due to intensive computing requirements, these centralized systems often rely on the cloud to detect cyber threats, increasing delay of system response. On the other hand, edge nodes typically lack the necessary resources to train and deploy complex machine learning algorithms. To address this issue, this paper proposes an effective hierarchical classification framework tailored for IoV networks. Hierarchical classification allows classifiers to be trained and tested at different levels, enabling edge nodes to detect specific types of attacks independently. With this approach, edge nodes can conduct targeted attack detection while leveraging cloud nodes for comprehensive threat analysis and support. Given the resource constraints of edge nodes, we have employed the Boruta feature selection method to reduce data dimensionality, optimizing processing efficiency. To evaluate our proposed framework, we utilize the latest IoV security dataset CIC-IoV2024, achieving promising results that demonstrate the feasibility and effectiveness of our models in securing IoV networks.