This paper addresses the vulnerability of Controller Area Network (CAN) buses in connected and autonomous vehicles (CAVs) to cyberattacks, which jeopardize driving safety. It systematically surveys state-of-the-art in-vehicle intrusion detection systems (IDSs) leveraging machine learning (ML), deep learning (DL), and federated learning (FL). Methodologically, it innovatively classifies 87 representative works by attack type—known, unknown, and hybrid—to enable consistent comparative analysis. The study identifies, for the first time, four fundamental limitations hindering FL deployment onboard: excessive communication overhead, poor adaptability to device heterogeneity, insufficient real-time performance, and absence of functional safety compliance. Furthermore, it proposes a novel, ISO 26262–driven multi-dimensional evaluation framework to rigorously assess safety-critical IDS properties. The work clarifies technical trade-offs and performance boundaries, delivering a clear, actionable roadmap toward highly reliable, adaptive, and deployable in-vehicle IDS solutions.

Connected and Autonomous Vehicles (CAVs) enhance mobility but face cybersecurity threats, particularly through the insecure Controller Area Network (CAN) bus. Cyberattacks can have devastating consequences in connected vehicles, including the loss of control over critical systems, necessitating robust security solutions. In-vehicle Intrusion Detection Systems (IDSs) offer a promising approach by detecting malicious activities in real time. This survey provides a comprehensive review of state-of-the-art research on learning-based in-vehicle IDSs, focusing on Machine Learning (ML), Deep Learning (DL), and Federated Learning (FL) approaches. Based on the reviewed studies, we critically examine existing IDS approaches, categorising them by the types of attacks they detect - known, unknown, and combined known-unknown attacks - while identifying their limitations. We also review the evaluation metrics used in research, emphasising the need to consider multiple criteria to meet the requirements of safety-critical systems. Additionally, we analyse FL-based IDSs and highlight their limitations. By doing so, this survey helps identify effective security measures, address existing limitations, and guide future research toward more resilient and adaptive protection mechanisms, ensuring the safety and reliability of CAVs.