This work addresses the privacy–centralization trade-off in CAN bus intrusion detection, where raw vehicular data must remain local yet effective model training is required. We propose the first systematic integration of federated learning (FL) with an LSTM-based autoencoder for distributed IDS training, ensuring raw CAN traffic never leaves edge devices. Methodologically, we design a lightweight FL framework incorporating temporal CAN traffic modeling, on-device LSTM autoencoder training, and an efficient model aggregation scheme, with analytical quantification of communication overhead. Experiments show that the FL-based IDS achieves AUC degradation of less than 1.2% relative to its centralized counterpart—preserving near-identical detection performance—while maintaining tractable communication costs, substantially outperforming baseline approaches. Our study empirically validates FL’s viability in real-world V2X settings, demonstrating a practical balance among privacy preservation, detection efficacy, and deployment feasibility, thereby establishing a deployable distributed learning paradigm for automotive cybersecurity.

The challenges derived from the data-intensive nature of machine learning in conjunction with technologies that enable novel paradigms such as V2X and the potential offered by 5G communication, allow and justify the deployment of Federated Learning (FL) solutions in the vehicular intrusion detection domain. In this paper, we investigate the effects of integrating FL strategies into the machine learning-based intrusion detection process for on-board vehicular networks. Accordingly, we propose a FL implementation of a state-of-the-art Intrusion Detection System (IDS) for Controller Area Network (CAN), based on LSTM autoencoders. We thoroughly evaluate its detection efficiency and communication overhead, comparing it to a centralized version of the same algorithm, thereby presenting it as a feasible solution.