Machine learning and deep learning-based anomaly detection for electric vehicle charging infrastructure and industrial internet of things

In the evolving landscape of cyber-physical systems (CPS), such as Electric Vehicle Charging Stations (EVCS) and the Industrial Internet of Things (IIoT), the convergence of cyber and physical domains introduces a myriad of opportunities for enhanced efficiency and connectivity. However, this integration also presents substantial security challenges, with vulnerabilities posing risks to both cyber operations and physical system functionality. Anomalies, indicative of cyber-attacks or system malfunctions, manifest as deviations from established operational norms, necessitating sophisticated detection mechanisms. This thesis presents a comprehensive investigation into the application of machine learning (ML) and deep learning (DL) algorithms for anomaly detection within these critical CPS frameworks, emphasizing IIoT and EVCS systems. Acknowledging the inherent complexity of these systems, the research initially applies a suite of ML algorithms—Support Vector Machines (SVM), Decision Trees (DT), and Random Forests (RF)—to IIoT systems, exploiting the relatively straightforward operational patterns to establish a foundational anomaly detection framework. This strategic application leverages the diverse strengths of each algorithm: SVM's capacity for handling high-dimensional data, DT's interpretability and ease of use, and RF's robustness and accuracy in classification tasks. Subsequently, the thesis escalates the analytical depth by incorporating Long Short-Term Memory (LSTM) networks, a DL-based technique, to navigate the more intricate anomaly detection challenges encountered in both IIoT and EVCS systems. LSTM networks are selected for their proven efficacy in processing and making predictions based on long-term dependencies in time-series data, a common characteristic in the operational data of EVCS and IIoT systems. This transition underscores a methodological advancement towards models capable of capturing complex, temporal data relationships, essential for detecting sophisticated anomalies. We carried out ML-based anomaly detection using the WUSTL-IIoT datasets from 2018 and 2021. The ML algorithms underwent extensive training and evaluation, demonstrating substantial effectiveness. Specifically, the SVM and DT models attained an accuracy of 97.6%, with the RF model achieving a slightly superior accuracy of 98.8%. To enhance the detection capability, an LSTM model was implemented, which achieved a remarkable accuracy rate of 99.57%. This performance exemplifies the advanced potential of DL methodologies in navigating the complexities of anomaly detection within intricate data environments. We carried out LSTM-based anomaly detection in EVCS systems by utilizing the CICEVCS 2023 and 2024 datasets. These datasets, encompassing a wide range of attack scenarios along with normal operational data, provided a complex backdrop for the application of the LSTM model. The DL algorithm skillfully navigated these complexities, achieving an impressive accuracy rate of 99.589% in identifying anomalies. This experiment underscores the advanced capabilities of DL, specifically LSTM, in accurately analyzing and predicting anomalies across comprehensive time-series data streams within EVCS systems. The findings from these case studies highlight the pivotal role of ML and DL algorithms in advancing anomaly detection capabilities within IIoT and EVCS systems. By meticulously applying and evaluating SVM, DT, RF, and LSTM models against real-world operational and attack scenarios, this thesis demonstrates the efficacy of these computational techniques in identifying anomalies and enhances the strategic framework for securing CPS against emerging cyber threats.