a security module unit included in each node of a vehicle CAN communication network and configured to monitor an identifier (ID) of each CAN message received through a CAN transceiver to determine whether the CAN message is a malicious CAN message to perform error processing; and

a control unit configured to set an ID to be monitored by the security module unit and control the security module unit not to perform monitoring on the ID when the node transmits the CAN message,

wherein the control unit is configured to disable the security module unit to not operate when the node itself uses an enable signal (EN) to transmit the CAN message, and is configured to enable the security module unit to operate only when the node itself receives the CAN message,

wherein, based on a determination that the received CAN message is the malicious CAN message, the security module unit inputs superior data of 0 to a transmitting (TX) terminal of the CAN transceiver such that signals CAN H and CAN L, output to a bus of the CAN transceiver, are output with a superior bit dominant value,

wherein the apparatus further comprises an AND gate connected to the transmitting (TX) terminal of the CAN transceiver, and

wherein output signals of the security module unit and the control unit are combined through the AND gate to be output to the CAN transceiver.