This study presents an efficient approach to enhance the security of electric vehicles (EVs) using interpretable machine learning (IML). Each EV communication activity is a combination of patterns generated by various control systems and data exchanges. Threat detection faces challenges because these patterns evolve with time, and they are described by specific statistical and behavioral features. These features serve as the inputs for machine learning algorithms. Multiple classifiers are proposed for detecting cyberattacks in EV environments, and their performance is improved through advanced tuning techniques. To ensure transparency in decision-making, interpretability methods are employed to explain feature contributions and detection outcomes. The integration of interpretability highlights the most influential features driving classification, thereby improving trust, usability, and applicability of the proposed framework in real-world EV cybersecurity.
Introduction
The rapid adoption of electric vehicles (EVs) and their reliance on AI and connected technologies have introduced new cybersecurity vulnerabilities. These threats demand advanced, transparent, and adaptable intrusion detection systems (IDS) to secure EV networks.
II. Problem Statement
Traditional IDS are:
Often ineffective against evolving threats,
Lack transparency in decision-making,
Struggle with novel attacks in dynamic EV environments.
Proposed Solution:
An interpretable machine learning (IML) model that:
Accurately detects intrusions,
Explains its decisions using SHAP, LIME, and PDP,
Enables informed responses by cybersecurity teams.
III. Objectives
Develop a machine learning-based IDS for EV traffic.
Use interpretable ML tools (SHAP, PDP) to improve decision transparency.
Detect various attack types: DoS, Fuzzing, Remote Access.
Recommend integration into future EV architectures.
Advance research in EV cybersecurity and explainable AI.
IV. Proposed System
A. Key Components:
Uses UNSW-NB15 dataset for real-world-like network traffic.
Applies data preprocessing, including:
Outlier filtering,
Feature selection,
SMOTE for class balance.
Trains and evaluates multiple models:
KNN, Random Forest, XGBoost, LSTM
XGBoost identified as the best performer.
B. Model Interpretability:
SHAP: Global & local feature importance.
LIME: Local, instance-based explanations.
Partial Dependence Plots (PDP): Show how feature values affect predictions.
C. Benefits:
High accuracy and transparency in threat detection.
Enables real-time, proactive monitoring.
Scalable and adaptable for future integration with EV systems and telemetry.
V. Literature Review Highlights
Traditional signature-based IDS can't detect unknown attacks.
Anomaly-based IDS with ML/DL models (e.g., XGBoost, LSTM) improve detection.
Benchmark datasets (KDD’99, NSL-KDD, UNSW-NB15) are widely used.
Limitations:
Single dataset reliance,
Class imbalance,
Dataset bias,
Outdated attack types.
VI. System Design & Methodology
A. Architecture:
Preprocessing pipeline includes:
Missing value handling, encoding, normalization,
Outlier detection (IQR method),
Feature reduction via correlation analysis.
B. Class Imbalance:
Solved using SMOTE and class weighting.
C. Model Training:
Grid Search + Cross-validation for hyperparameter tuning.
SHAP: Shows feature impact on predictions (bar & summary plots).
PDP: Highlights how specific features (e.g., sbytes, dbytes, sttl) influence attack probability.
LIME: Explains individual predictions by perturbing input features.
Conclusion
This study proposes a machine and deep learning-based intrusion detection system (IDS) for electric vehicles, emphasizing efficiency, robustness, and interpretability. The methodology includes comprehensive preprocessing steps—normalization, outlier removal, missing value handling, and class imbalance correction—to optimize training data. Various classifiers, including KNN, Random Forest, LSTM, and XGBoost, were evaluated, with XGBoost achieving the best performance (97.23% accuracy, 98.01% F1-score). To ensure transparency, explainable AI methods such as SHAP, LIME, and Partial Dependence Plots were applied, providing insights into feature importance and model behavior. The resulting IDS framework not only delivers high detection accuracy but also offers clear explanations, making it well-suited for real-world EV cybersecurity applications.
References
[1] Umer, M. A., Junejo, K. N., Jilani, M. T., & Mathur, A. P. (2022). Machine learning for intrusion detection in industrial control systems: Applications, challenges, and recommendations. International Journal of Critical Infrastructure Protection, 100516. Useful for understanding ML-based IDS approaches.
[2] Han, M., Cheng, P., & Ma, S. (2021). PPM-InVIDS: Privacy protection model for in- vehicle intrusion detection system based on complex-valued neural networks. Vehicular Communications, 31, 100374. Proposes deep learning for vehicle IDS.
[3] Aloqaily, M., Otoum, S., Al Ridhawi, I., & Jararweh, Y. (2019). An intrusion detection system for connected vehicles in smart cities. Ad Hoc Networks, 90, 101842. Focuses on IDS for smart city-integrated vehicles.
[4] Kang, M. J., & Kang, J. W. (2016). Intrusion detection system using deep neural network for in-vehicle network security. PloS One, 11(6), e0155781. Uses DNN for in-vehicle intrusion detection.
[5] Wang, Q., Lu, Z., & Qu, G. (2018). An entropy analysis-based intrusion detection system for controller area network in vehicles. In 2018 IEEE SOCC, pp. 90–95. IEEE. Applies entropy-based ML for CAN bus intrusion detection.
[6] Lombardi, M., Pascale, F., & Santaniello, D. (2022). Two-step algorithm to detect cyber- attack over the CAN-Bus: A case study in connected vehicles. ASCE-ASME Journal of Risk and Uncertainty in Engineering Systems, 8(3). Proposes a layered intrusion detection framework.
[7] Lokman, S. F., Othman, A. T., & Abu-Bakar, M. H. (2019). Intrusion detection system for automotive CAN bus: A review. EURASIP Journal on Wireless Communications and Networking, 2019(1), 1–17. Review of existing IDS solutions for CAN systems.
[8] Basnet, M., & Ali, M. H. (2020). Deep learning-based intrusion detection system for electric vehicle charging station. In 2020 SPIES, pp. 408–413. IEEE. Very relevant – IDS for EV charging infrastructure.
[9] Cheng, P., Han, M., Li, A., & Zhang, F. (2022). STC-IDS: Spatial–temporal correlation feature analyzing based IDS for intelligent connected vehicles. International Journal of Intelligent Systems, 37(11), 9532–9561. ML-based IDS leveraging spatiotemporal data in connected vehicles.
[10] Barletta, M., et al. A distance-based IDS for CAN intrusion detection using an XY-fused Kohonen network with k-means algorithm (XYF-K). Focuses on CAN-bus attack detection using unsupervised learning with high accuracy, suitable for EV security contexts.
[11] Song, H., et al, Reduced Inception-ResNet for intra-vehicle attacks using CAN intrusion dataset. A deep CNN architecture tailored for detecting sophisticated CAN-bus attacks.
[12] Ashraf, S., et al. DL-based IDS for IoV using LSTM Autoencoder evaluated on CAN and UNSW-NB15 datasets. LSTM-based anomaly detection for both internal (CAN) and external network threats— matches well with your use of sequential data and time-based threats.