CyberGuardEV: Interoperable Non-Intrusive IDS for Electric Vehicle Charging Stations.

The increasing deployment of Electric Vehicle (EV) charging infrastructure has significantly expanded the exposure of Electric Vehicle Supply Equipment (EVSE) to potential cyber threats. While several intrusion detection systems have been proposed for high-power public charging stations, most existing approaches rely on internal data access, software modification, or computationally intensive deep learning models that are unsuitable for resource-constrained environments. As a result, low-power residential and small-business chargers—which represent the majority of deployed units—remain largely unprotected, despite their susceptibility to firmware tampering, protocol manipulation, and state-transition attacks. The absence of practical, interoperable, and non-intrusive detection mechanisms therefore represents a critical gap in the cybersecurity of EV charging ecosystems. To address this limitation, this work introduces CyberGuardEV, an interoperable and lightweight intrusion detection system designed to operate under a fully black-box assumption, without requiring any modification to the EVSE hardware or software. The system builds upon a standard-defined finite state machine describing the charging process, from which statistical features are extracted from electromagnetic emissions and processed through a Random Forest classifier to identify the current charging state. Detected state sequences are then verified using Linear Temporal Logic (LTL) to identify abnormal phase transitions, including state-skip, state-hold, and state-rewind attacks. Experimental validation was conducted using real-world EVSE data, demonstrating that the proposed system achieves an average F1 score of 0.984 with sub-second detection latency, while operating in real time on low-cost microcontrollers with only 0.6% CPU load.