With the widespread adoption of electric vehicles and the growing market demand, EV charging station cloud platforms have become a critical component in supporting charging services. However, the cybersecurity of these EV charging station platforms faces increasingly severe challenges. Attackers may exploit various vulnerabilities and methods to infiltrate, disrupt, and illegally operate EV charging station systems, posing significant risks to intelligent transportation networks and users. To address this, we propose a defense control method based on flow rules for EV charging station cloud platforms. This approach extracts network traffic characteristics, integrates attack detection and identification algorithms, and enables real-time detection, response, and control of network attacks on EV charging station infrastructures. Our method demonstrates high accuracy and reliability in safeguarding EV charging station operations.
The proliferation of EV charging stations has led to complex network interactions, making it essential to develop robust defense mechanisms. Traditional methods often fall short due to their inability to adapt dynamically to evolving threats in EV charging station environments. In this paper, we detail a flow rule-based framework that enhances the security of EV charging station cloud platforms by analyzing traffic patterns and implementing proactive controls. We begin by extracting key features from network traffic associated with EV charging station operations.
Feature Extraction for EV Charging Station Network Attacks
To detect and mitigate attacks on EV charging station cloud platforms, we first extract critical network traffic features. Let \( M_s \) represent the original traffic information matrix, and \( N_s \) denote the number of computational samples. The loss function during training is defined as \( L(\theta) \). The importance of the information matrix \( M_s \) is calculated using a first-order derivative with a small sample of raw data, as shown in Equation (1):
$$ F_s = \frac{\ln(y_p(x_p))}{L(\theta)} $$
Here, \( y_p \) and \( x_p \) represent the row and column indices of the information matrix, respectively. This formula helps quantify the significance of traffic data in EV charging station networks.
Next, we compute a dynamic traffic scale factor using a sliding window to store data stream information. This window adjusts its length based on real-time traffic characteristics, allowing it to capture diverse traffic types in EV charging station systems. The dynamic traffic scale factor \( \mu_s \) is defined in Equation (2):
$$ \mu_s = \sum_{i=1}^{n} \frac{f_i}{F_s} $$
where \( f_i \) is the average traffic flow, and \( n \) is the number of traffic features. Applying the empirical rule of normal distribution, we constrain the traffic average within ±2 standard deviations, yielding the traffic feature fluctuation factor \( \sigma_1 \) in Equation (3):
$$ \sigma_1 = \mu_s \times \frac{f_1}{n \times \alpha_1} $$
In this equation, \( f_1 \) denotes the number of service sources, and \( \alpha_1 \) is the roughness coefficient of the service flow. If the traffic entropy exceeds the residual value, it indicates a significant change in network traffic characteristics for EV charging stations. The entropy value \( T_r \) is computed in Equation (4):
$$ T_r = \sigma_1 + u_1 \times s_1 $$
where \( u_1 \) is the discrete factor of traffic data, and \( s_1 \) is the purity factor of traffic data. During initialization, a stagnation step threshold is set to prevent false alarms in low-traffic scenarios common in EV charging station networks. This threshold \( a_1 \) is given by Equation (5):
$$ a_1 = T_r \sum_{t=0}^{T} A_t \times 2\sigma_2 $$
Here, \( A_t \) for \( t \in [0, T] \) represents the traffic data collected at time \( t \) within the traffic time window, and \( \sigma_2 \) is the inner product sum of two channel flows. The conflict coefficient between roughness factors of similar traffic data and anomalous traffic data varies significantly, enabling the extraction of attack traffic anomalies. The anomaly feature \( K \) is derived in Equation (6):
$$ K = \frac{\beta_1}{a_1} \tau_1 \times (o_1 + o_2) $$
where \( \beta_1 \) is the conflict coefficient, \( \tau_1 \) is the transmission delay, and \( o_1 \) and \( o_2 \) are the average packet rate and average byte rate of traffic data, respectively. These features form the basis for identifying malicious activities in EV charging station cloud platforms.
Identification of Anomalous Bands in EV Charging Station Networks
After feature extraction, we focus on identifying anomalous bands in EV charging station networks. By modifying network execution procedures, we ensure that attacks remain discretely distributed. Reference detection protocols and instructions distinguish normal from abnormal requests, measuring the real-time attack rate \( G_s \) as in Equation (7):
$$ G_s = \chi^2 – \int_{1}^{\tau} K \times 0.5\tau_2 \times \phi_i d\phi $$
Here, \( \chi \) is the label vector of samples, \( K \) represents the characteristics of EV charging station network attacks, \( \tau_2 \) is the minimized transmission error, and \( \phi_1 \) is the hidden weight matrix. Using black hole optimization, we calculate the bias of the hidden weight matrix \( b_j \) in Equation (8):
$$ b_j = h_0 \times v_0 \times G_s $$
where \( h_0 \) is the network output, and \( v_0 \) is a ternary ordered real array. Normalizing feature values to the range [0,1] facilitates weighted analysis of attack features, as shown in Equation (9):
$$ x_{ij} = \frac{x’_{ij} – x’_{j_{\text{min}}}}{b_j \times x’_{j_{\text{max}}}} $$
In this formula, \( x’_{ij} \) is the normalized value of the \( j \)-th feature in the \( i \)-th data sample, and \( x’_{j_{\text{min}}} \) and \( x’_{j_{\text{max}}} \) are the minimum and maximum values of the \( j \)-th feature, respectively. A trigger mechanism is established to limit transmission rates upon anomaly detection, ensuring network stability for EV charging stations. Key parameters for anomaly attack localization are summarized in Table 1.
| Measurement Indicator | Basic Parameter | Reverse Difference |
|---|---|---|
| Attack Traffic Grouping | 18 | 3.2 |
| Detection Interval Time (s) | 1.08 | 2.03 |
| Packet Length Ratio | 35.65 | 1.078 |
Based on these parameters, we mark the actual localization areas of attack nodes and adjust node distributions dynamically. The retransmission distance \( D_0 \) of anomalous bands is calculated in Equation (10):
$$ D_0 = x_{ij} \times w_1 + d_1 \times \gamma_0 $$
where \( w_1 \) is the attack range, \( d_1 \) is the attack distance, and \( \gamma_0 \) is the constant attack rate. From this, we derive the one-way identification distance and decompose anomalous bands to obtain the parameter change ratio \( R_t \) in Equation (11):
$$ R_t = \frac{|D_0 \times k_1|}{A_w} $$
Here, \( k_1 \) is the fine granularity of anomaly time points, and \( A_w \) is the response rate of normal traffic data. The average number of attack traffic data packets \( p_0 \) is given by Equation (12):
$$ p_0 = R_t \times \frac{b_x}{2c_s} $$
where \( b_x \) is the number of packets per group, and \( c_s \) is the duration. The weighted evaluation weight \( \varpi_1 \) of the context vector, related to the input annotation sequence, is expressed in Equation (13):
$$ \varpi_1 = \frac{\exp(e_1)}{\sum_{x=1}^{N} p_x \times e_2} $$
In this equation, \( e_1 \) represents the matching capability between input and output data, and \( e_2 \) is the slack variable of the sequence subset. Processing data clockwise at each time step yields the hidden state information \( h_t \) of anomalous bands in Equation (14):
$$ h_t = \varpi_1 \sum_{x=1}^{N} L(x) \times M(x) $$
where \( L(x) \) is the Dirac function, and \( M(x) \) is the structure function. The sample standard deviation \( \xi_1 \) of anomalous bands is computed in Equation (15):
$$ \xi_1 = (x_0 – y_0) \sum_{t=1}^{T} h_{t1} – h_t $$
with \( x_0 \) as data redundancy and \( y_0 \) as the average of data points. Finally, the amplitude \( \psi \) of anomalous bands is identified using Equation (16):
$$ \psi = F_0 \times \xi_1 + c_2 $$
where \( F_0 \) is the identity matrix, and \( c_2 \) is the scaling factor of network nodes. This process enables precise identification of threats in EV charging station networks.
Defense Control for EV Charging Station Network Attacks
Implementing flow rule-based detection is crucial for defending EV charging station cloud platforms. After feature extraction and anomalous band identification, we generate a classifier model for the test feature set. The expression for the classifier model \( H_1 \) is given in Equation (17):
$$ H_1 = -\psi \eta_0 $$
where \( \eta_0 \) represents flow table entry characteristics. We correct the raw data input to the classifier to determine if the EV charging station network attack affects the entire environment, as shown in Equation (18):
$$ Q = \max(\nu + 2\rho \times H_1) $$
Here, \( \nu \) is the randomness coefficient of data distribution, \( \rho \) is the local extreme of data, and \( Q \) is the detected target probability. If the input data is a test set, we calculate the threshold \( \Omega \) for detected traffic in Equation (19):
$$ \Omega = Q \sum_{x=1}^{N} p_x \ln p_1 $$
where \( p_0 \) is the number of packets in a window, and \( p_1 \) is the probability of packets per destination IP address. By computing the current network traffic threshold within a specific window, if \( \Omega \) exceeds the set threshold, the connection request is classified as an attack on the EV charging station cloud platform. This method ensures real-time defense control for EV charging station systems.
Experimental Evaluation on EV Charging Station Platform
To validate the effectiveness of our method for controlling network attacks in EV charging station cloud platforms, we compared it with existing approaches. Accuracy was used as the evaluation metric, with higher values indicating better control. The results demonstrate that our method maintains accuracy above 90% across different traffic window sizes, outperforming alternatives that suffer from high false positive rates or instability due to external software loads. This highlights the robustness of our approach in securing EV charging station infrastructures.
Further, we evaluated the defense control error for cloud platform network attacks under varying data volumes, as summarized in Table 2. Our method consistently achieves lower errors, confirming its superior performance in protecting EV charging station environments.
| Data Volume (GB) | Defense Control Error (%) – Reference Method 1 | Defense Control Error (%) – Reference Method 2 | Defense Control Error (%) – Our Method |
|---|---|---|---|
| 100 | 18.2 | 14.2 | 0.5 |
| 200 | 20.8 | 26.0 | 0.3 |
| 300 | 26.5 | 11.2 | 0.6 |
| 400 | 15.3 | 13.9 | 0.2 |
| 500 | 12.1 | 19.5 | 0.8 |
| 600 | 15.9 | 18.2 | 0.9 |
The experimental data underscores the reliability of our method in minimizing errors and enhancing the security of EV charging station cloud platforms. By integrating flow rules and dynamic adjustments, our approach effectively mitigates risks associated with EV charging station operations.
Conclusion
In summary, our proposed network attack defense control method significantly improves the cybersecurity of EV charging station cloud platforms. By extracting traffic features, identifying anomalous bands, and implementing flow rule-based controls, we achieve real-time detection and mitigation of threats. Experimental results confirm that our method enhances accuracy and reduces defense control errors, making it a scalable and applicable solution for intelligent transportation systems and the EV charging station industry. Future work will focus on adapting this method to emerging threats in EV charging station networks, ensuring long-term security and reliability.