According to an aspect, a method is performed by a first controller for providing security for second controllers in an in-vehicle network. An inherent information request is transmitted to a suspicious controller of the plurality of second controllers for an inherent information of the suspicious controller. The inherent information request includes a certificate assigned to the first controller. An encrypted inherent information of the suspicious controller is received from the suspicious controller and a decrypted inherent information is compared with a pre-stored inherent information. The suspicious controller is determined to be an anomalous controller when the decrypted inherent information is different from the pre-stored inherent information. In response to receiving an update request from a backend server for a specified controller out of the plurality of second controllers, the inherent information request including the certificate assigned is transmitted to the specified controller.