Table 1.
IDS in EVCS: A Comparative Table.
Authors
Year
Model
Dataset
IoT/IIoT
Devices
Class
Attack
ElKashlan, M.
et al. [
20
]
2023
Filtered Classifier,
Decision Table
IoT-23
23 types,
home
2 class
DDoS
ElKashlan, M.
et al. [
21
]
2023
Naïve Bayes,
J48,
Attribute select,
Filtered classifier
IoT-23
23 types,
home
2 class,
5 class
DDoS,
C&C,
Botnet,
Scan
Basnet, M.
et al. [
22
]
2020
DNN,
LSTM
CIC-IDS2018
simulated
2 class,
5 class
DoS
Basnet, M.
et al. [
23
]
2021
Stacked/deep
LSTM
own dataset
simulated
4 class
FDI,
DDoS
Basnet, M.
et al. [
24
]
2022
EC-WCGAN
CIC-IDS2018
simulated
2 class,
5 class
DoS
Our
proposed
method
2023
CNN-LSTM-GRU
Edge-IIoTset
+10 types,
industry
2 class,
6 class,
15 class
DDoS,
Injection,
Scanning,
Malware,
MITM
Together, these research efforts represent a comprehensive approach to understanding
and mitigating the cybersecurity risks associated with EVCS, reflecting the diverse and
complex nature of security challenges in the critical infrastructure of smart cities.
4. Proposed NIDS Framework for IoT-Based EVCS
4.1. NIDS Framework Theory
In the realm of safeguarding IoT-based Electric Vehicle Charging Stations (EVCS)
against cyber threats, our proposed Network Intrusion Detection System (NIDS) is anchored
in a rich tapestry of theoretical principles that span statistical learning, optimization theory,
and deep learning paradigms. This section elucidates the foundational theories that coalesce
to form the backbone of our NIDS, illustrating its capacity to navigate the complex data
ecosystems inherent in EVCS environments.
Mathematics 2024, 12, 571
9 of 26
At its core, our NIDS is predicated on the principle of anomaly detection, a cornerstone
of statistical learning theory. This principle posits that anomalies manifest as deviations
from established data patterns, serving as harbingers of potential intrusions. The efficacy
of anomaly detection in our context is underlined by its adaptability to the multifarious
and dynamic nature of data flows within IoT-based EVCS, enabling the discernment of
irregularities indicative of cybersecurity breaches.
The edifice of our approach is further strengthened by robust mathematical models
that employ a synthesis of classification algorithms. Rooted in the rich soils of optimization
theory and probabilistic frameworks, these models adeptly categorize network data into
normative and anomalous classes based on learned behavioral patterns. This classification
mechanism is instrumental in the NIDS’s ability to sift through the voluminous data
streams, pinpointing anomalies with precision and alacrity.
Underpinning our NIDS is an ensemble of sophisticated Deep Learning (DL) tech-
niques, each selected for its unique theoretical properties and applicability to the task
at hand.
Convolutional Neural Networks (CNNs): Theoretically celebrated for their prowess
in feature extraction, CNNs employ convolutional layers to distill salient features from
raw data. This capability is paramount in unraveling the complex, pattern-rich tapestry of
network traffic, laying bare the subtle signatures of cyber threats.
Recurrent Neural Architectures (LSTMs and GRUs): Designed to surmount the chal-
lenges posed by the vanishing gradient phenomenon, these architectures excel in modeling
temporal dependencies. Their theoretical capacity to retain information over extended
sequences makes them invaluable for monitoring the continuous, temporally linked data
streams characteristic of EVCS operations.
The strategic deployment of our NIDS within the IoT architecture is informed by the
theoretical precepts of distributed computing and edge analytics. By embedding the NIDS
at the edge, we leverage the theoretical benefits of proximal data processing—namely, the
minimization of latency and the judicious conservation of bandwidth. This alignment
with the resource-aware ethos of IoT ecosystems ensures that the NIDS operates with
both efficiency and agility, embodying the ideal balance between security imperatives and
operational constraints.
4.2. Architectural Overview
The proposed NIDS framework is an integration of advanced neural network architec-
tures adept at learning and identifying complex patterns indicative of cyber threats. The
proposed model harnesses the strengths of CNN, LSTM, and GRU algorithms to analyze
network traffic data for intrusion detection. A detailed representation of this ensemble
architecture is shown in Figure
2
.
At the heart of our NIDS framework lies a DL model that operates in two critical
dimensions: spatial feature extraction and temporal sequence processing. First, the CNN
layers effectively capture spatial dependencies within individual data packets [
27
]. This
process uses convolutional filters that slide across the input data to identify crucial fea-
tures such as specific packet sizes or unusual protocol behavior that could signify an
intrusion attempt.
Following the spatial analysis, the temporal characteristics of the data are deciphered
by the LSTM and GRU layers. LSTMs are adept at recognizing long-term dependencies,
preserving knowledge of events that occurred many steps back in the sequence, which
is essential when attacks comprise a series of discreet but related actions [
28
]. GRUs
complement this by focusing on more recent information, allowing the model to adapt
rapidly to the most current data inputs and enhancing its ability to detect anomalies in
real-time traffic flow [
29
].
Mathematics 2024, 12, 571
10 of 26
|
