17.3CRMay 22
Cybersecurity of Electric Vehicle Charging Infrastructure: Recent Advances, Open Challenges, and Future DirectionsJoshua Bean, Dimitrios Michael Manias
Electric Vehicles (EVs) have emerged as significant disruptors in the transportation sector over the past decade. Their growing popularity and adoption are accompanied by capital expenditures to deploy charging infrastructure. EV charging infrastructure sits at the intersection of the power grid, the network, and the vehicular client, creating an attractive surface for cyberattacks. Many machine learning-based cybersecurity countermeasures have been developed using various public and private datasets. These countermeasures, often intrusion detection systems, are limited in performance by the quality and expressivity of the training data. This work explores the most common datasets and modeling methods, identifies key limitations and open challenges, and proposes future directions to continue catalyzing innovation in the field. By addressing these data limitations, intrusion detection systems are better positioned to address the constantly evolving cyberthreat landscape of EV charging infrastructure.
42.1CRMay 22
FALCON-C: Flow-based Analysis and Labeling for Connected Vehicular Network CybersecurityJoshua Bean, Dimitrios Michael Manias
Along with the recent rise in popularity of Electric Vehicles (EVs), Electric Vehicle Supply Equipment (EVSE) has emerged as a new target for cyber attacks. Therefore, ensuring the security and integrity of network communication between EVSE components and vehicular clients is a significant challenge that must be addressed. To this end, this paper proposes a Flow-based Analysis and Labeling for COnnected vehicular Network Cybersecurity (FALCON-C) framework. The FALCON-C framework leverages an autoencoder for anomaly detection and is trained on a small number of benign flows from the CICEVSE2024 dataset. The model's objective is to model benign flow behavior and identify malicious flows by detecting statistically different reconstruction error profiles. The results demonstrate that the model can successfully identify malicious flows, achieving 100% accuracy. Initially, some benign flows were misclassified as malicious, resulting in a suboptimal false positive rate. A thorough analysis of the autoencoder's performance and the nature of misclassified flows led to the development of a refined decision boundary, improving the framework's performance by 8.6%. FALCON-C is intended to support Security Operations Center activities by automating flow labeling, leading to the enhanced curation of reliable datasets that can be used for various activities, including threat modeling and hunting, decision auditing, and intrusion detection system refinement.