With the rapid development of vehicle intelligent and networking technology, the IT security of automotive systems becomes an important area of research. In addition to the basic vehicle control, intelligent advanced driver assistance systems, infotainment systems will all exchange data with in-vehicle network. Unfortunately, current communication network protocols, including Controller Area Network (CAN), FlexRay, MOST, and LIN have no security services, such as authentication or encryption, etc. Therefore, the vehicle are unprotected against malicious attacks. Since CAN bus is actually the most widely used field bus for in-vehicle communications in current automobiles, the security aspects of CAN bus is focused on. Based on the analysis of the current research status of CAN bus network security, this paper summarizes the CAN bus potential security vulnerabilities and the attack means. Aiming at flood, replay, spoof, modify and drop attacks of CAN bus, a network intrusion detection system is designed consisting of a network interface & analysis module, a normalized transformation module, and a feature database containing information according to different operating mode of the vehicle. In order to validate the efficiency of the proposed intrusion detection system, the experiment is setup in the real environment of electric vehicle, in which the attack model and the intrusion detection system are implemented in an emulated gateway, and the attacks are mounting through OBD-II port to the network of the electric vehicle. Through several experiment of attacks, the results show that the designed system for network intrusion detection can effectively detect the abnormal behavior of CAN bus network.