System-Level Feasibility Constraints for In-Vehicle Intrusion Detection Systems

Abstract—In-vehicle intrusion detection systems (IDSs) are increasingly proposed to protect automotive networks, yet most prior work emphasizes detection accuracy while overlooking system-level constraints that determine real-world deployability. This paper addresses the mismatch between IDS design assumptions and the computational, architectural, and real-time limitations of production automotive electronic control units (ECUs). This issue is particularly critical in safety-critical automotive systems, where security mechanisms must operate within strict timing and resource bounds without interfering with control functions. The objective of this work is to provide a deploymentaware feasibility analysis of in-vehicle IDS techniques across heterogeneous automotive computing platforms. We introduce a baseline-driven methodology that defines two representative ECU tiers: microcontroller-based safety ECUs operating under AUTOSAR Classic and higher-performance domain or zonal controllers based on AUTOSAR Adaptive and POSIX-compliant operating systems. IDS approaches are evaluated against nonnegotiable constraints including processing capacity, memory availability, worst-case execution time, operating system compatibility, and in-vehicle network technology. The results show that microcontroller-based ECUs support only lightweight, messagelevel IDS mechanisms with strictly bounded execution behavior, while machine learning–based IDSs require controller-class platforms and remain constrained by determinism and interference requirements. This work demonstrates that feasibility, rather than accuracy alone, must be treated as a first-class criterion in automotive IDS design.