To address the challenge of simultaneously ensuring privacy, efficiency, and robustness in large-scale, highly mobile, and data-heterogeneous vehicular networks—where centralized or purely local learning approaches fall short—this paper proposes a decentralized federated learning (DFL) framework. Vehicles exchange model updates exclusively with one-hop neighbors and collaboratively train deep neural networks via multi-hop propagation, enabling anomaly message detection without centralizing raw data. We present the first systematic evaluation of DFL’s collaborative gains under dynamic topologies and non-IID data, as well as its vulnerability to joint wireless interference and data poisoning attacks. Our analysis reveals the critical influence of local data volume and network connectivity on global model accuracy. Evaluated on the VeReMi Extension dataset, DFL significantly improves network-wide classification accuracy, boosting detection accuracy for low-performance vehicles by up to 37%, and quantifies model performance degradation under cross-domain adversarial attacks.

In connected and autonomous vehicles, machine learning for safety message classification has become critical for detecting malicious or anomalous behavior. However, conventional approaches that rely on centralized data collection or purely local training face limitations due to the large scale, high mobility, and heterogeneous data distributions inherent in inter-vehicle networks. To overcome these challenges, this paper explores Distributed Federated Learning (DFL), whereby vehicles collaboratively train deep learning models by exchanging model updates among one-hop neighbors and propagating models over multiple hops. Using the Vehicular Reference Misbehavior (VeReMi) Extension Dataset, we show that DFL can significantly improve classification accuracy across all vehicles compared to learning strictly with local data. Notably, vehicles with low individual accuracy see substantial accuracy gains through DFL, illustrating the benefit of knowledge sharing across the network. We further show that local training data size and time-varying network connectivity correlate strongly with the model's overall accuracy. We investigate DFL's resilience and vulnerabilities under attacks in multiple domains, namely wireless jamming and training data poisoning attacks. Our results reveal important insights into the vulnerabilities of DFL when confronted with multi-domain attacks, underlining the need for more robust strategies to secure DFL in vehicular networks.