A system and method for identifying a compromised controller using an intentional error are provided. The method, performed by an electronic device in a controller area network (CAN), for identifying a compromised electronic control unit (ECU) that transmits an attack message on a CAN bus in a periodic transmission cycle. The method includes, in response to detecting the attack message, transitioning a first ECU among a plurality of ECUs connected to the CAN bus to a bus-off state intentionally, and determining whether the first ECU is the compromised ECU based at least in part on a time, which is predicted from recovery parameters related to the first ECU, for when the first ECU resumes transmission of a CAN message and a time when the attack message is redetected on the CAN bus.