In modern world of developed networks, it is a common way of attack that malicious users collude with each other. In the new developing area of vehicular ad hoc networks, we should take collusion attack into account as well. In the past researches about bogus message attack, there are few think about collusion. In this paper, we start from the thought of collusion. By defining the collusion bogus message attack in VANETs according to collusion attacks of different scenarios in the past and with using a simple way to analyze the actions of danger warning application service on vehicles via sequence diagram, we found that the system state of application system could be used in detecting attacker. We combine the restrain of graphical and time resource and the execution state of application service to design a state-based collusion attack detection mechanism. We also exploit the mechanism to detect collusion bogus message attack in VANETs. We do simulation experiments about the proposed danger warning application service. Collusion groups collude to send bogus messages in the experimental environment. The percentage of bogus message and false negative rate will be compared between majority voting mechanism and our mechanism. The results show that our proposed mechanism can successfully suppress the number of false message by 20%, and lessen the false positive rate by 3% to 5%.