This paper addresses the severe limitations of Controller Area Network (CAN) bus intrusion detection for connected and automated vehicles (CAVs), where existing approaches cannot simultaneously maintain real-time capability, computation efficiency and robustness to emerging cyberattacks. Traditional IDSs are challenged with the presence of: (1) temporal dependencies in CAN data streams, (2) the lack of the system’s learning capability to recognize new attack access with dynamic patterns (e.g., Denial-of-Service, Fuzzy, and Spoofing attacks), and (3) the heavy computational overhead that is not suitable for vehicular embedded environments. To close these gaps, we present a hybrid framework, which integrates two innovative components: (i)BPSO-XGBoost that consists of Binary Particle Swarm Optimization for feature selection and XGBoost for high-accuracy classification, and (ii)DWT-DDQN that fuses Discrete Wavelet Transform for multiresolution feature extraction and Double Deep Q-Network for temporal anomaly reasoning. This work explores an ensemble of statistical learning and reinforcement learning from which we derive near-perfect detection efficacy (F1-score: 1.000 across DoS/Fuzzy/Gear/RPM attacks) and ultralow latency (0.03–0.13ms), substantially exceeding the performance of state-of-the-art baselines in real-world automotive cybersecurity.