Detecting Anomalies in Encrypted EV Charging Control Protocol Using a Hybrid LSTM Autoencoder-OCSVM Model

High power charging fosters the adoption of electric vehicles as it ameliorates recharge time concerns. The high power application combined with network communications among the vehicle, charging infrastructure, and electric supply potentially scales and intensifies risks posed by cyberattacks. We introduce and evaluate a hybrid Long Short-Term Memory (LSTM) autoencoder and One-Class Support Vector Machine (OCSVM) self-supervised model to identify novel patterns of encrypted vehicle-charger communications. Due to communication consistency, novel patterns may indicate misuse. The autoencoder is trained using only examples of normal classes. The OCSVM input is then derived from the autoencoder's compressed representation. We use a Log4j vulnerability to demonstrate that our approach can detect misuse without access to the communication contents.