A ROP attack protection method for multiple ECUs, in which data addressed to one of a plurality of ECUs is received and the received data is addressed to any of the plurality of ECUs. In response to the determined ECU and the unique model associated with the determined ECU, the received data is analyzed to identify the control flow instructions addressed to one or more predetermined addresses. In response to the analysis, generate a statistical analysis of the identified control flow instructions, and in response to the generated statistical analysis, output a signal indicating the possibility of an attack. .. [Selection diagram] FIG. 5
展开▼