A　Sybil　attack　involves　a　Malicious　vehicle　node　stealing　fake　identities　to　continuously　generate　fake　vehicles　on　the　road,　creating　an　illusion　of　congestion　and　interfering　with　the　normal　traffic　flow　of　legitimate　vehicles.　In　the　current　traffic　environment,　vehicles　cannot　perform　real-time　authentication,　allowing　highly　stealthy　Malicious　vehicle　nodes　to　continue　attacking　and　significantly　impact　traffic.　Given　the　rapidly　changing　network　topology　in　vehicular　networks,　high　precision　and　speed　are　required　for　attack　detection　methods.　This　paper　proposes　a　three-class　classification　method　for　Sybil　vehicles,　Malicious　vehicles,　and　Normal　vehicles　based　on　BSM　packets.　This　method　utilizes　multiple　features　and　employs　a　sliding　window　with　the　Random　Forest　algorithm　for　classification.　Compared　with　deep　learning　methods,　this　method　has　the　advantages　of　strong　interpretability　and　fast　detection　speed.　Experiments　demonstrate　that　this　method　achieves　fast　detection　speeds　and　high　accuracy.　With　a　window　size　of　2,　the　method　achieves　precision　and　recall　both　greater　than　94%.　©　The　Author(s),　under　exclusive　license　to　Springer　Nature　Switzerland　AG　2025.