The rapid integration of intra-vehicular networks, Electric Vehicle Charging Stations (EVCS) and Distributed Energy Resources (DER) into modern cyber-physical systems (CPS) has significantly expanded their attack surfaces, exposing critical vulnerabilities. Sophisticated cyber-attacks, including malware deployment, malicious code injection, and botnet operations, increasingly target these systems’ IT/OT components, compromising confidentiality, integrity, and availability. Traditional centralized cybersecurity strategies are often insufficient, introducing data privacy risks, computational bottlenecks, and scalability limitations. Existing anomaly detection systems also fall short in fully addressing privacy, decentralization, and evolving threat complexity. Consequently, enhancing CPS security through advanced, privacy-preserving measures has become essential.

This dissertation focuses on developing hybrid anomaly detection algorithms, strategic cybersecurity investment frameworks, and privacy-preserving decentralized learning models to enhance the security of Autonomous Vehicles (AVs), EVCS, and DERs- three critical components of modern CPS. Addressing gaps in current research, this work proposes robust methodologies across two key domains: machine learning-based anomaly detection systems (ADS) and game theory-based cybersecurity investment planning.

The first contribution presents a hybrid anomaly detection system (HAVEN) for intra-vehicular CAN-bus communications, combining rule-based intrusion filters with machine learning and neural network models. Supporting both binary and multiclass classification, the hybrid ADS achieves high detection accuracy and low latency, ensuring the security and reliability of autonomous vehicular networks against various cyber-attacks.

The second contribution secures EVCS infrastructures by integrating cybersecurity investment optimization and federated anomaly detection. A strategic investment model based on Attack Defense Trees (ADT) and game theory quantifies cyber risks and optimizes resource allocation for EVCS security. Complementing this, an FL-based anomaly detection system (FL-EVCS) allows multiple CSMS entities to collaboratively train models without centralized data aggregation, improving detection performance and operational resilience.

The third contribution introduces a federated learning-based anomaly detection system (FL-ADS) for DER communication networks, targeting DNP3 and Modbus protocols. Unlike centralized models, FL-ADS enables distributed training across Edge Intelligent Devices (EIDs) without sharing raw operational data. Leveraging both Horizontal and Vertical Federated Learning, the system addresses data heterogeneity and is validated through offline evaluations and an online Dockerized CPS testbed, demonstrating effective detection of diverse cyber threats while preserving privacy.

Together, these contributions advance decentralized, scalable, and privacy-preserving cybersecurity solutions for CPS applications. Additionally, future efforts can explore (1) real-time anomaly detection by comparing detection latency between batch processing and per-packet evaluation for intra-vehicular CAN-bus networks; (2) cybersecurity investment strategies through dynamic game-theoretic models such as Stackelberg and Coalitional Games and (3) Privacy preservation by incorporating differential privacy and secure aggregation into federated learning models.