Limitations of existing works

Anomaly identification in smart grid scenarios, including EV charging stations, has historically benefited from several significant limitations. It is possible that many existing techniques, such as simple statistical methods or outdated rule-based systems, are unable to identify sophisticated cyber threats. There is a greater probability of undetected abnormalities or false alarms as these methods fail to adjust to new or unknown attack patterns.

This paper analyses the most up-to-date cybersecurity research trends about intelligent grids and EV ecosystems. Research has shown that ML-based approaches, like AD-GS, are superior to more conventional ways of detecting and reducing cyber risks. Researchers have shown that advanced ML algorithms may significantly improve the system’s stability, robustness, and operational efficiency.

Types of attacks in EV charging stations

Fig. 3 [Images not available. See PDF.]

Man-in-the-middle (MitM) attackers hack EV charging stations.

As seen here, in Fig. 3, MitM attackers hack EV charging stations. An attacker first intercepts the electric car’s charging station data stream. The perpetrator then intercepts data packets to steal private information. After intercepting data, the attacker alters it. This may affect billing or security. A hacker injecting malicious data during data injection might cause unlawful financial transactions. Finally, changing data might harm the vehicle’s battery. Due to this, electric vehicle smart grid infrastructure must emphasize secure communication protocols and dynamic anomaly detection.

Fig. 4 [Images not available. See PDF.]

Analyzing Causes of DoS Attacks on EV Charging Stations.

Figure 4 describes a DoS attack on an electric car charging station and its effects. Low bandwidth and too many requests cause communication channel congestion, preventing the system from processing genuine change requests. Attackers may exhaust a system’s processing power by flooding the network with phony data and access requests. Due to overburdening, the charging infrastructure cannot handle genuine transactions. Customers experience service outages and lengthy charging station queues due to these attacks. The interruption may cause unexpected energy consumption fluctuations that affect users and the smart grid. Traffic filtering, AI-enabled anomaly detection, and access control are necessary for reliable EVCS.

Fig. 5 [Images not available. See PDF.]

False Data Injection in EV Charging Station.

A power grid attack by an FDI is shown in Fig. 5. Hackers alter data by modifying sensor readings, transmission connections, or software before introducing false information into the grid. When the system misinterprets data, it jeopardizes grid operations and makes load balancing and power distribution hard. Misleading Decision-Making follows, in which automated energy management systems and control centres use skewed data to make the wrong operational changes. Power surges, overloads, and blackouts are all symptoms of grid instability. Consumers and service providers may suffer monetary losses due to these disturbances, manifesting as unpredictable electric car charging, price increases, and other problems. Strong cybersecurity measures are necessary to protect grid operations against FDI assaults.

Fig. 6 [Images not available. See PDF.]

Vulnerabilities and Mitigation in Charging Stations.

Figure 6 shows charging station vulnerabilities, attacker techniques, impacts, and mitigating options. Insufficient authentication, old firmware, and unpatched software are primary charging station security vulnerabilities. These vulnerabilities may be exploited to compromise the system. These vulnerabilities may cause unauthorized access, system compromise, and data breaches, disrupting operations and costing money. Strong authentication, timely security updates, and frequent software upgrades may mitigate these risks. These safeguards will enable charging stations to securely and reliably serve electric car customers.

Strong protections are needed when smart grid technology integrates with electric vehicle infrastructure, creating new cybersecurity concerns. Complex software defect assaults may damage electric vehicle smart grids. Adaptive hackers utilize AI and machine learning to hide. Grid Sentinel Framework models learn to discover and stop new assaults via adversarial training. Risky firmware vulnerabilities are growing. These attacks target electric vehicle charging stations to compromise software updates and install backdoors. Anomaly detection and cryptographic integrity verification ensure firmware validity in the Grid Sentinel Framework. The framework continuously observes system behaviour without third-party verification tools to identify suspicious firmware upgrades and prevent unwanted alterations. Our solution protects the supply chain to lessen the risk of smart grid security hacking.

Another emerging concern is hacking internet-connected charging stations to damage energy infrastructure or services. Grid Sentinel Framework uses authentication and zero-trust architecture to restrict network access to verified devices. Anomaly detection in AI increases security by detecting unauthorized command executions. Dirty load balancing takes power unnoticed by manipulating load demand statistics. The Grid Sentinel Framework secures energy transactions using load certification and anomaly detection. Last-stage secret grid attacks change grid parameters to endanger grid stability. These disturbances accrue and fade over time, unlike abrupt attacks. The Grid Sentinel Framework uses predictive analytics and long-term pattern recognition to detect even small operational parameter changes to stabilize the grid. The Grid Sentinel Framework monitors abnormalities, mitigates risks, and responds to emerging cyber threats to defend electric car smart grids. This strategy prioritizes smart grid infrastructure dependability, stability, and safety as energy becomes digital.

1. Cyber-threat Model.

Fig. 7 [Images not available. See PDF.]

Cyber-Threat Model.

Figure 7 illustrates the potential entry points for cyberattacks as well as the preventative steps that are taken to prevent the spread of these assaults inside the smart grid network that is utilized for electric cars. The structure, attack surface, entry points, cyber-attack propagation, and defensive mechanisms are the four basic components of the structure.

Attacks can be launched against critical EV network nodes. These nodes include charging stations, communication networks, and management systems housed in the cloud. As shown in the section on attacker access points, attackers might compromise these components via public electric vehicle charging stations, network eavesdropping, or vulnerabilities in cloud application programming interfaces (APIs). As shown in the section on the propagation of cyberattacks, once a breach has occurred, the criminals may alter data, disrupt system operations, and eventually affect electric vehicle customers by causing service failures and financial losses.

These attacks are repelled by the Grid Sentinel Framework, which employs a protection system that consists of many levels. Using anomaly detection powered by artificial intelligence may spot suspicious behaviour, end-to-end encryption can secure data, and dynamic monitoring can keep one step ahead of any threats. By taking these safeguards, which reduce the likelihood of cyberattacks while preserving the reliability of operations, a smart grid for electric cars that is both secure and dependable may be guaranteed. Modern technology is integrated into the Smart Grid System to make energy distribution networks more efficient and secure. The heart of it all is intrusion detection algorithms that use AI and ML to find and stop any dangers to the network. To identify abnormalities dynamically, these algorithms constantly scan data streams from Meter and Sensor devices. Robust Communication Networks allow EV Charging Stations to be easily linked to the grid, allowing for effective electricity control. These stations maximize energy efficiency while catering to the increasing demand for electric cars. An essential part is the training and optimization of AI/ML models, which improve algorithms using insights from regular data. The responsiveness and resilience of the grid are improved via this iterative approach. Analyzing and processing data is shown in Fig. 8; engines expeditiously provide valuable insights to enhance the system. A centralized control centre may coordinate rapid responses to possible threats using intrusion alert notification and response systems. The Smart Grid System essentially showcases a collaborative strategy using cutting-edge technology to guarantee contemporary energy distribution networks’ dependability, safety, and longevity. Table 2 shows the Symbol Description.

Table 2

Symbol description.

In Fig. 8, the proposed system shows the key hub, the EV Charging Station, which distributes electricity securely. Chargers may connect to the smart grid’s central control centre and other nodes via a network. The communication network sends sensor and meter data to monitor the voltage, energy usage, and cybersecurity risks. An AI-ML Intrusion Detection Algorithm analyzes charging station data to ensure safety. It can detect data modification assaults, DDoS attacks, spoofing, and other irregularities. By assessing discovered hazards, AI/ML Model Training and Optimization activities improve the system’s ability to predict and prevent breaches. The Intrusion Mitigation Mechanism and Intrusion Alert Notification & Response Systems go into action after an intrusion. Response systems isolate affected components, inform administrators, and adjust security processes when triggered.

Fig. 8 [Images not available. See PDF.]

Proposed Block Diagram of EV Charging Stations in Smart Grid using Grid Sentinel Framework.

For immediate detection and reaction, dynamic data analysis is essential. It boosts system performance, security, and energy management. The technology is also connected to the Smart Grid technology, which assures electricity distribution grid stability and cybersecurity. Combining AI and ML technologies ensures a cyber-resilient and sustainable energy environment. These technologies make smart EV charging infrastructures safer, more reliable, and more efficient. Comprehensive security preparation is the most important dependent variable; it is affected by a few things. The first line of defence consists of proactive measures and how effectively they work in different situations. Environmental factors and other system variables influence these preventative measures, which may strengthen or undermine the security posture. How it reacts to anomalies greatly affects the system’s flexibility and robustness. Finally, the security is enhanced by hazard countermeasures. The entire security posture of the smart grid’s electric car charging stations is impacted by several elements, including proactive measures, external conditions, and reactive techniques. The interplay between these variables reveals the relative importance of various elements. The equations that describe these dynamics are easier to comprehend if this connection has been established.

1

Equation (1) is a mathematical statement that describes feature representation and anomaly detection of some connection or model with parameters represented by . Using dynamic detection of anomalies with AD-GS is the crux of the proposed method for security detection and coping in EV charging points using AI and ML techniques . is the current or any other operational indicator tracked, whereas the factor kα is a learning parameter representing the model’s sensitivity to changes. is represents the standard deviation or some other variance metrics associated with the distribution of values observed, such as charging times or energy consumption. Abnormal behavior is indicated by differences from the mean beyond a given point, where is a threshold for anomaly identification.

2

Potentially impacted by variables denoted in Eq. (2), operational settings ( ), security protocols ( ), and response mechanisms ( ), the Equation might symbolically depict the equilibrium between system vulnerabilities ( ) and protective measures ( ). represents the standard deviation or other variance metrics associated with the distribution of values that could have been observed, such as charging times or energy consumption. One possible use of the equation is to assess the current state of security at EV charging stations. It considers security protocols, external effects, response mechanisms, and system weaknesses to forecast outliers and counteract cyber-attacks. The equation aids in the dynamic identification of security breaches and the resilience of the smart grid infrastructure against cyber-attacks by utilizing machine learning techniques. Abnormal behaviour is indicated by differences from the mean beyond a given point, where is a threshold for anomaly identification.

3

The function that evaluates the entire security posture according to variables such as system resiliency ( ), proactive measures ( ), and reactions to identified anomalies ( ), might be represented by the Eq. (3), . The variables may represent extra elements such as environmental conditions or reactions to threats. By combining system resilience, preventative measures, and reactive measures to recognize threats, Eq. (3) depicts the security posture of an EV charging station, which corresponds to the function of predictive modelling and system resilience. The equation also considers external and environmental variables like weather and load changes. It depicts the system’s stability-preserving mechanisms, which provide strong security in a smart grid setting by combining preventative measures with immediate responses to anomalies.

4

The state of security preparedness, denoted by Eq. (4) as { }, is affected by proactive measures ( ), reactions to identified anomalies ( ), and mitigating factors . Ensuring the resilience and safety of EV charging stations inside the smart grid is the goal of the technique, which employs (AD-GS) to monitor and react to possible threats continually . The preparedness of electric vehicle charging stations in a smart grid for security is represented by Eq. (4), which considers proactive measures, responses to recognized threats, and mitigating variables.

5

Fig. 9 [Images not available. See PDF.]

Communication Infrastructure of EV Charging System.

Figure 9 examines the communication infrastructure of the EV charging System. The Power Grid is responsible for supplying power to charging stations that are either public or private. An EV Charging Network Operations Centre monitors these stations to ensure that electric cars get the best possible charging performance. In addition to ensuring that charging stations are available and monitoring charging activities, the network must maintain a continual flow of data on power distribution and the system’s condition. Additional responsibilities include monitoring charging activities.

The Electric Vehicle Charging Network Operations Centre is responsible for collecting and processing data on the availability of charging stations (CS) and information regarding scheduling and charging session details. This centre can enhance decision-making and the user experience by connecting to a Service Provider Network or the Internet. This allows for remote access, data management, and cloud-based analytics, all of which are accomplished via the use of software.

In addition, the system keeps a record of information that is individual to the user, which guarantees that the user will have access to billing services that are both customized and safe. To meet the fluctuating demand for energy, residential and public charging stations directly connected to the power grid can facilitate energy distribution. Keeping the flow of power going and preventing grid overload may be accomplished by optimizing charging schedules for the network.

By integrating grid connections, service provider networks, and dynamic operations management, the framework improves the efficiency and reliability of charging electric cars while simultaneously opening the road for future smart grid enhancements to be scaled up. Everything from EVs to charging stations, service providers, and the power grid makes up the EVCS. The charging data is stored via their communication along the network (Fig. 9). The service provider records each electric vehicle’s time and energy consumption via their connections to the operator network. Further, the service provider checks charging station availability so they may connect to EVs, obtain payment-related user data, and properly plan EV trips. Researchers have discovered security flaws in EVCS and other network interactions, including cloud services. The evaluations and weaknesses of EVCS security are explained in the use case for the interface type. Electric vehicle charging systems could be vulnerable in several ways. EV connections, user terminals, Internet access, and maintenance terminals are covered. Operators, or EVCS providers, provide increased services and convenience with Internet connections integrated into current EVCSs. However, the security concerns that come with this interconnectedness must be acknowledged. Attackers may get access to the charging infrastructure and perhaps conduct more extensive assaults on key infrastructure if they breach the EVCSs.

In Eq. (5), the represents the measure of overall security status, which is affected by things the inverse of a matrix modulated by activities on data streams ( ), extra precautions ( ), and factors influencing the stability of the system ( ).

6

Evaluating system security may be represented by Eq. (6), , which is affected by elements such as the environment ( ), models of prediction ( ), and reactions to identified anomalies ( ).

Equation (6) evaluates system security using historical anomaly responses, ambient variables, and predicted anomaly detection. Equation (7) uses machine learning to improve threat mitigation approaches based on this review. Future anomaly detection in Eq. (6) is affected by Eq. (7)’s continual security policy updates. Developing EV charging infrastructure protection creates a continuous feedback loop where dynamic anomaly detection informs adaptive mitigation.

7

Factors such as the reverse of a matrix modulated by calculations on data streams , further safety precautions Report Phrase ( ), and potentially environmental or operational variables ( ) are likely to impact Eq. (7) as a metric for evaluating security status.

8

A composite metric that evaluates the security posture, affected by variables like computation outputs ( ) and data streams , might be represented by Eq. (8), . The use of expressions such as ( ) implies the presence of further factors that impact the evaluation of security.

Fig. 10 [Images not available. See PDF.]

EV Charging Event in Grid Sentinel Framework.

Figure 10 deliberates the EV charging event in the Grid Sentinel Framework. The information gathered during the charging event includes details on the charging transactions, the energy used, and the system’s behaviour. Performing preprocessing and feature selection on this data might benefit anomaly detection. This would allow for an improvement in accuracy while reducing the amount of computing complexity involved.

To identify irregularities, the system mainly makes use of two models:

• It is important to model the system based on physical laws and behaviours already known to exist to identify anomalous charge patterns.

• Recognizes possible risks or outliers adaptively by learning normal and unexpected patterns from past data; this model is an ML-trained model.

Both models are used by the Anomaly Detection Algorithm, which is the algorithm that judges whether the data is normal or abnormal. If a charging event is typical, the ADS (Anomaly Detection System) continue functioning without interruptions. However, if the system identifies something that is not typical, a mechanism responsible for event categorization and reaction will be engaged. Threats such as cyber-attacks, illegal access, or charging stations that are not operating properly are all possible dangers, which will define how to protect against them.

This technology improves the effectiveness, dependability, and safety of electric vehicle charging networks, a crucial component of smart grid security. It guarantees continuous monitoring, early threat detection, and automatic reaction mechanisms. For instance, in Fig. 10, notifications might be triggered by unusual power consumption spikes or irregular electricity usage patterns to minimize risks and maintain continuous services. With time, these algorithms can learn and become more accurate through the Grid Sentinel Framework, which improves precision and efficiency in ensuring the stability and reliability of the grid. The security and effectiveness of such smart grid infrastructures for sustainable energy management for future mobility requirements depend heavily on anomaly detection algorithms regarding the efficiency of EV charging events.

9

Based on factors like operational parameters ( ), constraints including their full potential ( ) and minimum operational specifications ( ), and the variable’s minimum and maximum thresholds ( )), the Eq. (9), is probably a metric that evaluates system conditions.

10

It is probable that the system parameters and impact the Eqs. (10), and , which represents the maximum power and minimal function requirements , respectively. The symbols at the end of the sentence denote the maximum permissible velocities. and maximum acceptable security, respectively.

11

Calculated as the sum of variances [ ] and a multiplicative factor ( ) affecting parameters , the Eq. (11), might represent an aggregated metric that evaluates system performance or security. The presence of 100% implies an abnormality threshold or scaling factor.

12

The sum of many elements, including parameters of operation and limitations represented by 100%, is probably represented by Eq. (12), is used to evaluate the system conditions . The method’s goal is to use ML techniques to monitor the system’s dynamic dependencies and connections . These parameters represent that goal.

13

The normalized squared differences are used to standardize the variables, assessments from the past ( ), and prediction models ) into the metric represented by Eq. (13) . This is similar in that the technique uses AD-GS, which stands for dynamic anomaly detection and ML , to watch for and deal with any dangers that may arise. Equation (13) appears to be a weighted system evaluation metric for analyzing EV charging infrastructure anomalies or performance swings. Harmonizing previous patterns, predictive modelling, and deviation management suggests its use in ML-based anomaly detection optimization, abnormality detection, and system behaviour prediction.

Possible methods for improving the charging infrastructure’s security may be found by investigating centralized or distributed cloud services.

14

The probable aggregated metric for evaluating system conditions is given by Eq. (14), . This metric is calculated by combining various factors , including departures from expected values ( ), adjustments due to external or environmental influences ( ), and squared variations , normalized by a factor . It is determined by adding out all the potential outcomes and multiplying them by the corresponding probabilities. This is done by listing all the potential outcomes and their corresponding probabilities for discrete variables or by integrating the product of the variable and its probability density function across all the possible values for continuous variables.

15

The term reflect environmental or operational impacts, and the variables affect the outcome metric represented by Eq. (15), . Suggesting an increase in scale or limit for abnormal situations, an improvement of 100% is made possible .

16

Equation (16), shows an improved metric or state that is affected by multiple factors: , which is a baseline factor; , which is a modulating term depending on system conditions: , , and , which are probably additional parameters impacting the system state, and , which show further adjustments depending on system dynamics for Detection Accuracy Analysis.

17

The variable represents Response Time Analysis, a result or condition affected by factors the inverse relationship between , which affects the system’s behavior and changes depending on ; the inverse relationship involving ; an inverse term and extra variables .

18

Multiple factors impact the metric Scalability Analysis represented by Eq. (18) These include the following: the normalized cumulative impact of over a range of , an additive term reflecting more system dynamics, the squared impact of , which may represent a complex interaction or response mechanism, and , indicates further adjustments based on system variables. The equation includes operational and predictive data and is presumably an EV charging infrastructure EE or security evaluation function. Its main uses are assessing system performance, identifying security threats, and fine-tuning prediction models using prior data, present changes, and external effects.

Attack from Physical Sources: Because EVCSs don’t have any physical security, they may be easily disabled, their power may be stolen, or they may be infected with malware via USB ports. An attacker may get logical access to the system and compromise the EVCSs in a logical assault by taking advantage of a firmware vulnerability. Attackers might obtain firmware updates from vendors like Schneider Electric and analyze them for security vulnerabilities and entry points. Additionally, a local assault by Kaspersky Labs might breach the firmware of the Charge Point home charger. Attackers might access the EVCSs via the Local Area Networks (LANs) at charging stations in a partially controlled remote assault²⁷. Standard features of such systems include insufficient authentication and antiquated encryption techniques. Attacks may easily penetrate the system because of the protocols used for communication between EVs and EVCSs over the charging connection. Users of EVs engage with the EV management system via an internet user interface, allowing for fully controlled remote attacks. Whether a website or a mobile app, this engagement may lead to security holes. Professionals in the field of cybersecurity identify possible weak spots and devise countermeasures by studying the settings utilized for EV charging.

19

The output (A), which has the function modified by and the sum of the terms are two components that are likely to influence the aggregate measure . The latter represents the Impact on Charging Station Performance Analysis with the cumulative impact of different system states or variables .

20

This computed metric is probably affected by the following: the negative total over q indexed by , which involves ; the logarithmic term , which is a scaling or normalization factor; the effect of , which reflects systemic interactions or responses; and , which adds additional weighted effects to Data Protection Analysis. Table 3 explains the algorithm to detect anomalies in EV charging stations using various ML methods, combining their results to decide and act if an anomaly is detected.

The AD-GS technology in Smart Grid Systems improves efficiency and security with the help of intrusion detection algorithms powered by the Grid Sentinel Framework. To identify and prevent problems with EV charging events as soon as they happen, these algorithms monitor data streams from meters and sensors regularly. With the help of reliable communication networks, EV charging stations can operate in tandem with the grid to optimize energy use and keep up with rising demand. Grid responsiveness and robustness are enhanced by the training and optimization of AI/ML models, which gradually increase algorithm accuracy. Cybersecurity vulnerabilities in EV Charging Systems underscore the need to implement rigorous safeguards to prevent dangers and guarantee continuous operation. To ensure that EV charging infrastructures are adequately protected, future studies should concentrate on raising the bar for authentication, encryption, and general infrastructure security requirements.

Table 3

Algorithm for Real-time anomaly detection.

Figure 11 shows how the AD-GS architecture uses dynamic anomaly detection to ensure operational integrity and cybersecurity in electric vehicle charging stations. Then, real-time data from charging stations for electric vehicles is gathered after the preprocessing and feature extraction performed to normalize the input. Once the processed data has been processed, a machine learning-based anomaly detection engine operates on the processed information. Will an anomaly be found, the system classifies a threat, applies appropriate mitigating measures, and accesses the occurrence. The final stages of the process include model retraining and system updates, which are required to react to developing threats. Its closed-loop design ensures that the system keeps learning from its recognized events, hence enabling researchers to recreate, monitor, and improve the framework under constant testing conditions. The AD-GS architecture additionally demonstrates its durability and usefulness in the context of safeguarding present electric vehicle charging systems. With this iterative framework, simulated attack scenarios and assessment of detection responses help accomplish it.

Fig. 11 [Images not available. See PDF.]

Flow chart representation of the proposed model.

1. Evaluation Strategy for AD-GS.

The design of the AD-GS has been successfully evaluated by utilizing data from actual electric vehicle charging in the real world and simulated cyberattack situations. To guarantee the safety and dependability of charging stations for electric vehicles, the system that has been presented can identify and defend against a wide range of threats, including distributed denial of service (DDoS) assaults, data manipulation, spoofing, and MitM attacks.

To evaluate AD-GS, the following performance metrics are analyzed:

1. Detection Accuracy – Measures the percentage of correctly identified anomalies and normal activities.

2. False Positive Rate (FPR) – Assesses the system’s tendency to misclassify benign events as attacks.

3. Response Time Efficiency – Examines the latency in detecting and mitigating cyber threats.

4. Computational Overhead – Evaluate the resource consumption required for anomaly detection.

In addition, the AD-GS design is tested for various attack intensities and operating settings to guarantee its effectiveness, scalability, and durability. The next section summarises the findings of the tests, which demonstrate that the system has the potential to improve the cybersecurity of electric vehicle charging stations while maintaining a low latency and a high level of detection accuracy.

Simulation environment

This study uses software simulations and cybersecurity technologies to demonstrate the viability of deploying the AD-GS (Real-Time Anomaly Detection in EV Smart Grid Systems) framework to real EV smart grid settings. We created this cutting-edge simulation environment for system safety, efficiency, and reliability.

The simulation runs on Ubuntu 20.04 LTS, which has 32 GB RAM and many CPUs. The OS employs a powerful Intel Core i7-12700 K (12th Gen, 3.6 GHz) CPU. AI-driven anomaly detection uses GPU acceleration to expedite calculation. The cybersecurity package comprises Mininet, an AI-driven network simulator; TensorFlow/PyTorch, an anomaly detection tool; and OpenSSL, an encryption and security protocol provider. We model EV charging infrastructure components in MATLAB and Simulink, including power flow, grid stability, and load balancing. NS3 and OMNeT + + simulate OCPP and MQTT, which are necessary for secure EV charging station communications. Scapy is another Python framework for event-driven cyberattack and countermeasure modelling. To ensure its safety, we rigorously evaluate the electric vehicle grid against MiTM, False Data Injection (FDI), DoS, and cloud API issues. The AD-GS architecture uses TLS 1.3 and AES-256 for end-to-end encryption, PKI for authentication, and LSTM and Random Forest for anomaly detection to mitigate these risks. Real-time monitoring tools like Zeek and Wireshark are part of the strategy. With blockchain-based smart contracts, the system will be more resistant to data-altering assaults. Key performance indicators include security, network efficiency, and system dependability. The framework aims to charge electric automobiles rapidly and effectively with a high success rate, anomaly detection (> 90%), and few false positives and negatives. It will decrease service interruptions. The key simulation measures are Millisecond latency, packet loss rate, and response times. Software simulation and hardware-in-the-loop (HIL) validation make the AD-GS design scalable, effective, and deployable for anomaly detection and response. These methods will be employed in electric cars and smart grids. An environment based on MATLAB was used to simulate the operation of electric vehicle charging stations in a smart grid, and the suggested AD-GS architecture was put through its paces there. The following elements were present in the simulation setting:

Table 4 shows the Simulation Environment Component and its description.

Table 4. Simulation environment component and description.

Incorporating protocols such as OCPP (Open Charge Point Protocol) and IEC 61,850 for smart grid connectivity, the communication infrastructure comprises wired and wireless channels. Security Measures: Modelling actual cyberattacks using authentication, encryption, and intrusion detection systems.

Simulation setup

Electric vehicle charging station locations, distributed energy resource integration, and grid control strategy formulation are all part of the smart grid environment configuration that is included in the simulation setup. The machine learning framework is evaluated in various environments by simulating scenarios, such as regular operation, network outages, and cyber-attacks. Anomalies in energy consumption, charging patterns, and communication signals can be detected using the setup’s dynamic data collection and analysis procedures. Simulating a predetermined duration captures the system’s steady-state and dynamic behaviours.

Due to simulation design limits, results may not be accurate or applicable. The simulation uses synthetic datasets and planned attack scenarios, which may not accurately depict cyber assaults’ complexity and unpredictability. MATLAB modelling can also constrain dynamic network behaviour, which is problematic in large-scale smart grids. Another problem is the assumption of flawless communication networks with continuous bandwidth and zero latency. Network fluctuations and packet losses might reduce anomaly detection accuracy. The computational cost of machine learning anomaly detection may also restrict adoption in resource-constrained environments. Future research should include more real-world datasets, network testing, and computing efficiency optimization for practical implementation.

Several different cyberattacks are modeled and then systematically injected into a simulated smart grid environment that is comprised of EV charging stations. It occurs to rigorously evaluate the cybersecurity resilience of the proposed AD-GS design from a cybersecurity perspective. Man-in-the-middle attacks, Distributed Denial of Service attacks, Spoofing attacks, replay attacks, False Data Injection attacks, and Unauthorized Remote Access attacks are some of the attacks that have been carried out. NS3, Scapy, and MATLAB/Simulink are some of the tools that are used to create these. These tools imitate real-world attack characteristics in a context that is under controlled conditions. For example, distributed denial of service attacks (DDoS) is mimicked by sending enormous amounts of malicious requests to flood the network. Man-in-the-middle attacks is launched to intercept and alter communication streams between EVs and the infrastructure that can charge it. Each attack targets specific limitations such open communication protocols, old firmware, or poor authentication mechanisms, exposing the network to high- and low-impact intrusions.

Network model

Table 5 shows the Network Model Component and description.

Table 5. Network model component and description.

Dataset description Between November 2014 and October 2015, a group headed by Professor of public policy Omar Asensio recorded 3,395 instances of EV charging using a field experiment²⁸. The dataset includes total energy consumed, cost, date, and duration of each session, and 85 EV drivers with recurrent use at 105 stations across 25 locations in a workplace charging program.

The dataset consists of:

1. Session ID: A unique number assigned to every charging session.

2. Energy Consumed (kWh): Indicates how much electricity each session uses.

3. Getting charged: The duration (minutes) indicates the session’s length.

4. Cost of Charging: Determines prices according to energy consumption.

5. Station ID and Location: Indicates the location of the session.

6. Timestamp: Records the beginning and ending times of every session.

To assess the AD-GS framework’s anomaly detection capabilities, this dataset was subjected to synthetic attack scenarios that included unauthorized access attempts, abrupt consumption spikes, and abnormal patterns.

Fig. 13 [Images not available. See PDF.]

EV Charging Dataset Data Analysis.

Figure 13 shows the analysis of the EV charging dataset. Power consumption, income distribution, and charging behaviours may be better understood using data visualization when applied to the EV charging dataset. First, the distribution of energy usage (kWh total) is shown in the graph. Most charging sessions use relatively little power, and only a tiny fraction consumes a lot of power. The bulk of charging sessions are quick, and their frequency reduces steadily as the duration expands, as seen in the second graph, which depicts the charging time (chargeTimeHrs). The weekly fluctuation in charging demand is in the third graph, which displays the number of charging sessions per day. This helps determine the peak demand times for charging stations on days when they are busiest. The dollar distribution of revenue is seen in the fourth graph. It’s intriguing to see that most sessions generate less money. This might indicate that many individuals charge very little or possibly nothing. Perhaps with these graphics, we can better comprehend pricing strategies, trends in user activity, and the availability of stations.

Eight critical performance indicators represent the complete evaluation of the AD-GS architecture. These measures include performance, anomaly detection accuracy, response time, latency, and false positive rate. The definitions and equations which are shown below:

False Positive Rate (FPR) (%)

The False Positive Rate (FPR) measures how often the model incorrectly considers routine events abnormal. A common event incorrectly identified as an outlier is called a false positive. Correctly identifying common occurrences is called a true negative (TN).

21

Anomaly Detection Accuracy (%).

This statistic contrasts the system with labels that reflect the ground truth to ascertain whether it can identify deviations. The acronyms indicate the many data points shown below: True Positives, True Negatives, False Positives, FN, and FP stand for TP, TN, FP, FN, and misclassified normal occurrences, respectively. TP, TN, FP, FN, and FP denote missing anomalies.

22

Response Time Efficiency (%)

This statistic counts the time the system takes to recognize and react to an attack, determining the extent of a cybercrime. The time to detect is the time it takes to find an anomaly. ; the time to mitigate is the time it takes to execute a security response .

23

Latency (ms)

Latency is the period required for a system to realize that an event has occurred. is the incidence of the anomaly; is the time it occurred. The time stamp indicating when the anomaly was found is known as “ ”. Reducing latency causes a significant rise in the speed at which anomaly detection might be conducted.

24

Performance Analysis

Performance measurements often include computing efficiency, detection accuracy, and processing overhead. About dynamic anomaly detection systems, the phrase “c ” describes the required computer power. The performance of the system advances with increasing value.

25

Data Protection Rate (DPR)

This gauges the degree to which the system prevents illegal access to additional sensitive data files and sensitive information. represents the whole quantity of data handled; is the whole amount of data that has been successfully protected. Increasing performance (in percentage) improves the security of the data.

26

Energy Consumption

Total Energy Delivered to EVs (kWh): Kilowatt-hours (kWh) are the units of measurement used to indicate the amount of energy necessary to charge electric vehicles. Total Energy Consumed by the System (kWh): Kilowatt-hours, abbreviated as kWh, are the unit of measurement for all energy necessary to run the system. This includes the energy used for computing, security measures, and power transmission losses.

27

Energy Loss Rate

Total Energy input is the total power used for charging and running the system in kilowatt-hours.

Total Useful Energy Delivered (kWh): After accounting for energy lost by security systems, network activities, and computer tasks, electric automobiles spend kilowatt-hours while charging.

28

In Fig. 14, ensuring the safety and dependability of the ingenious grid’s EV charging stations relies on accurate anomaly detection of intrusions and mitigation techniques that appoint ML processes, which are expressed with the help of Eq. (16).

Throughput

The system’s performance is ideal for real-time applications, proving it can effectively handle large amounts of network data.

29

Here, represents throughput, represents the total number of packets or transactions that have been handled, represents the number of packets or transactions that have been successfully processed in the -th interval and represents the entire amount of time that has been observed, measured in seconds.

Fig. 14 [Images not available. See PDF.]

Anomaly Detection Accuracy Analysis.

Using supervised learning knowledge of approaches, including neural networks, random forests, and SVMs, and being educated on big datasets to discover patterns indicating regular and malicious interest is a complicated strategy that achieves excessive accuracy. Clustering and anomaly detection are unsupervised learning technologies that raise costs by attempting to predict outliers. Because EV charging behaviours are complex and variable, reaching excessive accuracy is challenging. Detection performance may be stricken by troubles such as the kind of attack vectors, the requirement for regular processing, and the ever-changing ingenious grid surroundings. Overwhelmed safety systems and a loss of trust can result from an excess of false positives, whereas unpatched vulnerabilities may result from a scarcity of false negatives. This graph compares machine learning-based vulnerability detection accuracy using different sample sizes. The AD-GS method consistently achieves the highest accuracy, from 76.78% for 100 samples to 97.32% for 600 samples. From 55.34 to 94.67%, the AI-AD technique improves with additional samples. ML-CA and T-SF have lesser accuracy, starting at 40% and 45% and rising to 70% and 60%, respectively, whereas ML-IDS increases from 55 to 85%. MLM performs worst with 30–50% accuracy. AD-GS offers the best detection capability of all methods examined. It takes a lot of computing power to keep up with the constant updating and retraining needed to reply to new threats. ML tactics display the capability for reliable anomaly detection; however, there’s a pressing need to keep and enhance their detection accuracy in the face of changing threats.

Fig. 15 [Images not available. See PDF.]

Response Time Analysis.

The smart grid’s EV charging stations’ response time in intrusion detection and mitigation is a crucial parameter that, without delay, impacts the system’s capability to thwart attacks unexpectedly and is expressed with the help of Eq. (17). In Fig. 15, the dynamic hazard identity and reaction, disruption prevention, and infrastructure integrity safety rely on ML approaches operating with low latency. Methods like streaming analytics and dynamic facts processing are used for quick detection. Decision trees and lightweight neural networks are examples of speed-optimized system learning methods that quickly manage vast volumes of statistics. Because more complex models may introduce latency, real-time anomaly detection structures want to strike a compromise between accuracy and speed.

Area computing, which strategically statistical towards its source and reduces transmission delays, is on the upward push to manage this issue. Additionally, the machine’s capability to scale toward dealing with an ever-increasing variety of related devices is a primary focus. To maintain low reaction instances, putting in place mechanisms for load balancing and valuable resource allocation produces 98.4%, which is significant. Efficient retraining and deployment strategies are required due to the regular updating of methods and the necessity to regulate new threats. Therefore, at the same time as ML methods could permit real-time anomaly detection in the future, it will likely be very hard to stabilize the requirements for accuracy, scalability, and adaptability to maintain low response times.

Fig. 16 [Images not available. See PDF.]

Latency Analysis.

Figure 16 shows that the efficacy of ML strategies for intrusion detection and mitigation at smart grid EV charging stations depends on their scalability, which is explained with the help of Eq. (18). The system’s ability to process statistics successfully can be considered as the variety of electric vehicle charging stations increases. The need to handle and analyse this large amount of information to quickly become aware of anomaly detection and viable dangers creates scalability problems.

Effective scalability is a crucial characteristic of ML models. By sharing the computing effort and improving scalability, strategies like federated learning make it possible to teach models through decentralized devices, even as shielding facts ' privacy. Furthermore, structures can dynamically assign sources according to demand with scalable architectural principles like containerization and microservices, guaranteeing stable performance even under top loads. Scaling additionally necessitates coping with data consistency, integration throughout dispersed networks, and synchronization. Attack vectors are constantly evolving. Consequently, it’s vital to replace methods regularly and ensure they all work collectively in the community. AD-GS leads again, starting with 82.87% with 100 samples and rising to 94.76% with 600 samples, demonstrating its ability to handle more data. AI-AD continuously climbs from 65.86–83.78%, whereas ML-IDS rises from 55.87 to 85%. MLM starts at 52% and reaches 83.65%. At the lower end, ML-CA starts at 34.65% and T-SF at 41.54%, reaching 65% and 75.76%, respectively. AD-GS leads performance optimization, followed by AI-AD and ML-IDS.

Fig. 17 [Images not available. See PDF.]

Performance Analysis of Proposed Algorithm.

The smart grid’s EV charging stations can gain significantly from using ML for anomaly detection and mitigation, as Eq. (19) expresses. In Fig. 17, the charging stations’ efficiency and dependability may be compromised due to the computational value introduced using these advanced safety mechanisms, which try to detect and react to threats dynamically. Due to the excessive computational demands of dynamic statistics processing and analysis, this challenge may be the primary reason for charging vehicles, resulting in slower charging times or higher latency, producing 94.76%. Improving the efficiency and pace of the ML algorithm is crucial for decreasing these results. Edge computing and different efficient information processing frameworks, alongside lightweight approaches, can alleviate a number of the computational load on vital servers and minimize latency via shifting a number of the processing to local devices.

Data flaws could damage the charging infrastructure’s security and reveal private statistics; consequently, shielding this information is of the utmost importance, as Eq. (20) expresses. Data protection laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) dictate tight controls over information gathering, processing, and storage; ML methods should follow those policies. In Fig. 18, techniques including record encryption and anonymization are essential to preserving personal records safely. These information protection methods are more challenging to adopt and require more work. Anomaly detection structures’ capacity to characterize in actual time may be compromised due to the time it takes to encrypt and anonymize statistics. Protection protocols need constant attention and updates to hold information intact and consistent with ever-changing regulatory requirements.

Fig. 18 [Images not available. See PDF.]

Data Protection Analysis.

This graph contrasts data security methods with 77.78% for 100 samples and 97.32% for 600 samples; AD-GS provides the maximum data security. From 58.76 to 93.67%, AI-AD also grew. From 50.34 to 85.76%, ML-IDS improved. The MLM method yields 45–75%. ML-CA protects data at 35–60% and T-SF at 40–70.12%. These results demonstrate AD-GS’s capacity to secure sensitive data while maximizing performance. Protecting private data against breaches, assault, and unauthorized access is the main objective of this research. As an example, it aids businesses in meeting the standards established by regulations like the GDPR, which require rigorous protections for personal information to protect individuals’ privacy rights. In addition, data breaches may cause substantial monetary losses, legal fines, and harm to a company’s image; a comprehensive Data Protection Analysis can identify such vulnerabilities and hazards, allowing preventive actions to avoid these consequences. Ultimately, it shows how much concern there is about protecting your customers’ and stakeholders’ data, which is crucial for keeping a good reputation and succeeding in the future.

Figure 19 explores the energy consumption efficiency. According to the AD-GS framework, the Energy Consumption Efficiency quantitatively measures how well the electric vehicle charging system uses energy. A comparison is made between the amount of energy EVs can use and the system’s overall energy consumption, considering both the computational overhead and the security procedures. The optimization of energy distribution improves the ECE of the proposed AD-GS design, reduces processing overhead, and prevents energy losses caused by cyber-attacks. To maximize the amount of energy that EVs can use while simultaneously minimizing the amount of energy wasted by computing and security operations, the system combines AI-driven anomaly detection with safe energy management.

Fig. 19 [Images not available. See PDF.]

Energy Consumption Efficiency.

The high ECE obtained is partly because the adaptive load balancing system makes dynamic modifications to the power distribution in response to the grid’s stability and demand. The anomaly detection system that uses machine learning can prevent energy theft and guarantee that the available power is used effectively for legal billing processes. This is accomplished by recognizing possible cyber dangers such as FDI attacks and illegal access. The framework uses edge computing devices for local and dynamic anomaly detection. These devices include the Raspberry Pi 4 and the NVIDIA Jetson Xavier. This helps further minimize the need for cloud processing and the total power used. By using more advanced encryption methods, such as TLS 1.3 and AES-256, it is possible to ensure the secure transmission of data while incurring minimal processing expenses.

In contrast to more conventional security methods, AD-GS uses lightweight encryption and federated learning models to achieve a decrease of more than 10% in the amount of processing power used without compromising the integrity of the data. The simulation outcomes verify the assertion that the suggested technique has an ECE of more than 85%. This is accomplished by integrating dynamic monitoring, intelligent anomaly detection, and increased security algorithms. At the same time, while this maintains a high overall energy supply to electric vehicles, it also lowers power loss. Considering this, AD-GS provides a scalable and efficient approach for protecting contemporary electric vehicle charging networks.

Figure 20 describes the energy loss rate. The design of the AD-GS makes use of intelligent power distribution based on demand to reduce the amount of power that is lost beyond what is required. Reduced processing-induced energy losses, leading to reduced power consumption, are achieved via federated learning and edge computing. While high-energy cryptographic operations safeguard data, lightweight encryption (TLS 1.3, AES-256) and differential privacy approaches are used instead. This allows for the data to be protected with little power overhead. Because the system can recognize instances of energy theft and bogus data injection attempts, it may be possible to minimize the amount of energy resources that are being wasted. When the ELR is less than 10%, it shows that the electricity used to charge electric cars is being used effectively. An energy loss ratio (ELR) larger than 20% shows that significant energy is lost due to deficiencies in processing or cyber threats.

Fig. 20 [Images not available. See PDF.]

Energy Loss Rate.

Figure 21 shows the throughput analysis (secs). The AD-GS improves throughput by monitoring and safeguarding smart grid EV charging stations. The system’s “throughput” is its capacity to quickly process and analyze a massive amount of streaming data from several charging stations to identify and mitigate dangers. The AD-GS framework monitors network traffic, identifies anomalies, and responds to cyber threats using strong machine learning models, including Autoencoder-based Anomaly Detection, Random Forest, and LSTM.

Fig. 21 [Images not available. See PDF.]

Throughput (secs).

The proposed AD-GS uses adaptive learning, dynamic response techniques, and parallel data processing to maximize performance and reduce downtime. Our solution eliminates intrusion detection system bottlenecks by effectively finding and analyzing abnormalities from high-speed data streams. Hardware acceleration (GPU/TPU-based inference) and batch processing allow the framework to accommodate over 500 charging stations without sacrificing performance. The simulations show that AD-GS improves smart grid responsiveness by 98.4% response time efficiency and 96.8% anomaly detection accuracy. The system’s lightning-fast security detection and resolution allow EV users to operate smoothly. The high-performance, scalable AD-GS framework protects smart grid infrastructure against cyberattacks by reducing downtime and improving response efficiency.

Table 6 compares the proposed AD-GS framework to other anomaly detection approaches. Examples include ML-CA, MLM, ML-IDS, AI-AD, Autoencoder-Based, and Bi-LSTM IDS. Each technique is evaluated on several key factors. The AD-GS framework outperforms other methods in anomaly detection (96.8%), false positive rate (1.8%), and reaction time efficiency (98.4%). It supports 500 + charging stations and has latency below 15 ms, making it faster and more scalable than competitors. AD-GS provides better data protection (99.2%) and efficiency for large-scale systems than its competitors. It has 10.2% less computational overhead.

Table 6. Performance comparison table.

To evaluate the efficacy of the AD-GS architecture in terms of security, we modelled several cyberattacks and investigated the potential impact these assaults might have on the infrastructure for charging electric vehicles. The following table provides an overview of the most prevalent attacks, their impacts, and how AD-GS protects against them. Table 7 shows the attack impact analysis.

Table 7. Attack impact analysis.

Attack detection analysis

The following critical metrics shown in Table 8 are calculated using the confusion matrix to assess the efficacy of the AD-GS framework in identifying cyber-attacks on EV charging stations:

• Performed attack detection correctly; also known as a true positive (TP).

• A False positive (FP) occurs when a normally functioning session is mistakenly identified as an assault.

• True Negative (TN): Recognized typical sessions with accuracy.

• False Negative (FN): Attacks that were not detected but were mistakenly called normal.

Table 8. Simulation results on attack detection.

The AD-GS framework correctly detects cyber-attacks with a TPR of over 95% and a low false positive rate (FP < 5%), minimizing disruptions to valid charging sessions. Due to its high recall and low FN rate of 3–6%, the system misses a few attacks. The F1-score is 95.5%, suggesting dependability and accuracy, with a recall of 96.0% and a precision of 95.0%. Overall, the solution protects electric vehicle charging stations from cyberattacks with few false positives.

The illustrations illustrate the intricacies of using ML for anomaly detection in smart grid EV charging stations. Optimizing algorithms and systems while maintaining an appropriate equilibrium between efficiency, security, and regulatory compliance should be the emphasis of future research.

The findings of the experiments show that the AD-GS framework can successfully improve the safety of electric vehicle charging stations by efficiently identifying cyber threats with a low latency and processing cost. The system’s capacity to discover anomalies is shown by its low false positive rate of 1.8% and exceptional detection accuracy of 96.8%.

The system’s capability to safeguard smart grid networks, substations, and charging stations for electric vehicles was further confirmed by testing AD-efficiency GS’s and scalability under various operating situations.

The findings highlight the framework’s ability to:

• Mitigate evolving cyber threats such as DDoS, MitM, spoofing, and data manipulation attacks.

• Ensure low-latency threat response (< 15ms) without disrupting normal EV charging operations.

• Adapt dynamically using federated learning for security intelligence updates.

This investigation does not need mathematics since it uses machine learning on a dataset with six essential characteristics. On the other hand, the real-world performance measurements that illustrate the effectiveness of AD-GS continue to be our key emphasis. These are some examples of this phenomenon, which include:

• Detection Accuracy – The percentage of correctly identified threats.

• False Positive Rate (FPR) – The frequency of misclassified normal activities.

• Response Time Efficiency – The speed at which AD-GS detects and mitigates threats.

• Computational Overhead – The system’s resource usage in dynamic scenarios.

The part on the results assures both clarity and practical applicability by putting more of a focus on real evaluations as opposed to theoretical formulations. Because of this, the findings are more pertinent to more realistic concerns about the safety of charging electric vehicles.

It is clear from the findings that AD-GS is reliable even though there are certain persistent shortcomings. Some items on the list are integrating with upcoming technologies such as decentralized authentication systems and blockchain, overcoming problems in real-world deployment, and optimizing for low-power Internet of Things settings.

Following this, we will provide some possible next avenues for research and a concise review of the most important findings from the study.

Competing interests

The authors declare no competing interests.