Securing the connected vehicle is no longer optional; it is a prerequisite for safe, trustworthy mobility in the era of electric and autonomous transportation.
Keywords: Sustainable City, Electric Mobility, Intrusion Detection, Federated Graph Neural Networks, Centrality measures
The rapid growth of electric vehicles is accompanied by an increasing interconnection between vehicles, charging stations, digital platforms, supervision systems, and energy management devices. This evolution fosters the emergence of interoperable and data-driven smart mobility services, but it also exposes the entire ecosystem to growing cyber risks. In these distributed environments, where multiple stakeholders cooperate, security, resilience, and trust become essential prerequisites for the large-scale deployment of connected electric mobility.
In complement to the eTruckCharge project, which aims to develop a federated charging network and associated intelligent services, this doctoral project addresses a closely related scientific challenge: the collaborative detection of attacks and anomalies in connected electric mobility ecosystems. The objective is to design mechanisms capable of coping with a wide variety of threats, particularly distributed, coordinated, or emerging attacks that are difficult to identify using traditional signature-based approaches.
Although deep learning approaches have shown strong potential for intrusion detection, their centralized training raises significant limitations in terms of data privacy, data governance, robustness, and scalability. This thesis therefore proposes a distributed detection framework based on federated learning and Graph Neural Networks (GNNs), capable of modeling structural dependencies between the different components of an electric mobility system while keeping data locally at the level of the relevant stakeholders. Local models will be trained at the level of charging stations, vehicles, or edge nodes, and then aggregated collaboratively without any direct exchange of raw data.
The originality of this work lies in the combined use of federated learning, GNNs, and centrality measures from complex network theory to improve anomaly detection, enhance robustness in heterogeneous environments, and increase generalization to unseen or weakly represented attacks in the training data. Particular attention will be paid to detecting new attack patterns without explicit signatures, by analyzing topological dependencies, relational behaviors, and structural disruptions in interaction graphs.
Finally, in collaboration with ChargeMap, an innovative company based in Strasbourg and specialized in digital services for electric mobility, the approach will be evaluated through realistic scenarios related to charging infrastructures and associated services. The ambition is to propose a generic, distributed, and privacy-preserving methodological framework to strengthen the cybersecurity and resilience of future connected electric mobility systems.
The rapid growth of connected and electric vehicles is accompanied by an increasing interconnection between embedded cyber-physical systems, external communication interfaces, digital platforms, and energy management devices. While this evolution enables the emergence of new intelligent and interoperable mobility services, it also significantly expands the cyber attack surface of the entire automotive ecosystem [1,2]. In such distributed environments, where multiple stakeholders collaborate without necessarily sharing their data or infrastructures, security, resilience, and trust become critical enablers for the large-scale deployment of connected electric mobility.
Network Intrusion Detection Systems (NIDS) have emerged as an essential countermeasure for monitoring CPS traffic and detecting malicious activity [3]. Although deep learning-based NIDS have demonstrated promising detection performance, their centralized training raises significant concerns regarding data privacy, governance, robustness, and scalability that are incompatible with real-world automotive fleet deployments [4]. This thesis therefore addresses a closely related scientific challenge: the collaborative detection of attacks and anomalies in connected electric vehicle ecosystems. The objective is to design detection mechanisms capable of handling a wide range of threats, particularly distributed, coordinated, or emerging attacks that are difficult to identify using traditional signature-based approaches. Federated Learning (FL) has been proposed as a solution, enabling each node to train a model locally and share only model weights with a central aggregator, keeping sensitive data on-device while enabling collaborative learning at scale [5].
The originality of this work lies in the combined use of federated learning, GNNs, and centrality measures from complex network theory to enhance intrusion detection, improve robustness in heterogeneous environments, and increase generalization to unseen or weakly represented attacks [6-9]. A key limitation of conventional federated approaches is their inability to capture the graph-structured topology inherent to electric vehicle CPS networks, where components and their interactions form complex relational graphs. GNNs address this gap by explicitly modeling nodes and their dependencies, while centrality measures identify critical system components and structural disruptions within interaction graphs. This combined framework aims to deliver a more performant, distributed, and privacy-preserving intrusion detection solution, capable of strengthening the cybersecurity, resilience, and reliability of future connected electric mobility systems.
This thesis proposes the design, implementation, and evaluation of a federated GNN-based intrusion detection framework for connected electric vehicle cyber-physical systems. Its originality lies in the combination of three complementary dimensions: (i) federated learning specifically adapted to the constraints and heterogeneity of distributed electric mobility ecosystems, (ii) graph neural network architectures tailored to the topology of inter-component communication systems within electric vehicles and charging infrastructures, and (iii) the exploitation of complex network properties to enhance detection performance and generalization across heterogeneous environments. To support this objective, the work begins with a comprehensive state of the art on GNN-based federated intrusion detection systems for connected electric mobility cyber-physical systems, building on existing approaches in IoT and CPS while identifying key limitations and research opportunities specific to the eTruckCharge project and broader connected electric mobility environments.
A core contribution of the thesis will be the modelling of electric vehicle CPS networks as graph-structured systems, where components are represented as nodes and communication channels as edges. This includes extracting structural features such as centrality metrics and constructing realistic datasets that capture a wide spectrum of attack scenarios, including injection, spoofing, denial-of-service, and anomalies related to electric vehicle charging infrastructures. Building upon the dataset generation methodology introduced in [10], these datasets will be enriched with diverse complex network properties to ensure robustness and representativeness. In parallel, the thesis will focus on the design of a federated GNN aggregation method adapted to connected electric mobility ecosystems by extending architectures such as FedGATSage [11,12]. The proposed approach will address a critical limitation of prior work; namely the loss of structural information during parameter aggregation, by preserving both spatial (topological) and temporal (traffic sequence) dependencies across vehicles, charging stations, and edge nodes.
Finally, the thesis will investigate how complex network properties (such as centralities, community structure, and backbone extraction [13-15]) can be leveraged to improve detection accuracy and inference speed, which is essential for resource-constrained embedded environments within large-scale electric mobility deployments. In collaboration with ChargeMap company, with which a partnership agreement is already established, the proposed framework will be extensively evaluated through experimental benchmarking against state-of-the-art methods, using both public datasets and datasets generated in the context of realistic charging infrastructure scenarios. Performance will be assessed across multiple dimensions, including detection accuracy under diverse attack scenarios, privacy preservation, and communication efficiency within federated learning settings. The goal is to deliver a validated, distributed, and privacy-preserving intrusion detection building block contributing to the cybersecurity and resilience of the eTruckCharge federated charging network and future connected electric mobility systems.
The contributions of this thesis project build directly on the research conducted by the CESI LINEACT team in collabor