Detection of e-Mobility-Based Attacks on the Power Grid

The increasing use of information and communication technology in power grids and connected e-mobility infrastructures enables cyber attacks. E-mobility infrastructure components such as Charge Points (CPs) or Electric Vehicles (EVs) could be used as attack vector on power grids via False Data Injection (FDI) or Manipulation of demand (Mad) attacks. To detect such attacks, Intrusion Detection Systems (IDSs) which are adapted to the specifics of e-mobility are required. In this paper, we propose a novel hybrid IDS for detecting e-mobility-based attacks on the power grid consisting of a rule-based IDS and an anomaly detection component using regression-based forecasting. The IDS is distributed among different e-mobility-related backend systems, namely Charge Point Operators (CPOs) and grid operators. We implemented our IDS and evaluate it on several data sets while simulating realistic attack scenarios to show the effectiveness of our approach. Our evaluation compares different IDS design choices and regression models. Especially, decision tree regression proved to be an effective base for detection at CPOs. By combining the distributed IDS reports of individual CPOs at the grid operator, the overall detection performance is further improved. The distributed nature of the system allows it to identify large-scale attacks effectively and thus robustly detect realistic threats to power grid operation.