Chercheur Doctorant H/F : Federated Graph Neural Networks for Intrusion Detection in electric vehicle networks CESI

Abstract

Securing the connected vehicle is no longer optional; it is a prerequisite for safe, trustworthy mobility in the era of electric and autonomous transportation.

Keywords: Sustainable City, Electric Mobility, Intrusion Detection, Federated Graph Neural Networks, Centrality measures

The rapid growth of electric vehicles is accompanied by an increasing interconnection between vehicles, charging stations, digital platforms, supervision systems, and energy management devices. This evolution fosters the emergence of interoperable and data-driven smart mobility services, but it also exposes the entire ecosystem to growing cyber risks. In these distributed environments, where multiple stakeholders cooperate, security, resilience, and trust become essential prerequisites for the large-scale deployment of connected electric mobility.

In complement to the eTruckCharge project, which aims to develop a federated charging network and associated intelligent services, this doctoral project addresses a closely related scientific challenge: the collaborative detection of attacks and anomalies in connected electric mobility ecosystems. The objective is to design mechanisms capable of coping with a wide variety of threats, particularly distributed, coordinated, or emerging attacks that are difficult to identify using traditional signature-based approaches.

Although deep learning approaches have shown strong potential for intrusion detection, their centralized training raises significant limitations in terms of data privacy, data governance, robustness, and scalability. This thesis therefore proposes a distributed detection framework based on federated learning and Graph Neural Networks (GNNs), capable of modeling structural dependencies between the different components of an electric mobility system while keeping data locally at the level of the relevant stakeholders. Local models will be trained at the level of charging stations, vehicles, or edge nodes, and then aggregated collaboratively without any direct exchange of raw data.

The originality of this work lies in the combined use of federated learning, GNNs, and centrality measures from complex network theory to improve anomaly detection, enhance robustness in heterogeneous environments, and increase generalization to unseen or weakly represented attacks in the training data. Particular attention will be paid to detecting new attack patterns without explicit signatures, by analyzing topological dependencies, relational behaviors, and structural disruptions in interaction graphs.

Finally, in collaboration with ChargeMap, an innovative company based in Strasbourg and specialized in digital services for electric mobility, the approach will be evaluated through realistic scenarios related to charging infrastructures and associated services. The ambition is to propose a generic, distributed, and privacy-preserving methodological framework to strengthen the cybersecurity and resilience of future connected electric mobility systems.

Research Work

Scientific context

The rapid growth of connected and electric vehicles is accompanied by an increasing interconnection between embedded cyber-physical systems, external communication interfaces, digital platforms, and energy management devices. While this evolution enables the emergence of new intelligent and interoperable mobility services, it also significantly expands the cyber attack surface of the entire automotive ecosystem [1,2]. In such distributed environments, where multiple stakeholders collaborate without necessarily sharing their data or infrastructures, security, resilience, and trust become critical enablers for the large-scale deployment of connected electric mobility.

Network Intrusion Detection Systems (NIDS) have emerged as an essential countermeasure for monitoring CPS traffic and detecting malicious activity [3]. Although deep learning-based NIDS have demonstrated promising detection performance, their centralized training raises significant concerns regarding data privacy, governance, robustness, and scalability that are incompatible with real-world automotive fleet deployments [4]. This thesis therefore addresses a closely related scientific challenge: the collaborative detection of attacks and anomalies in connected electric vehicle ecosystems. The objective is to design detection mechanisms capable of handling a wide range of threats, particularly distributed, coordinated, or emerging attacks that are difficult to identify using traditional signature-based approaches. Federated Learning (FL) has been proposed as a solution, enabling each node to train a model locally and share only model weights with a central aggregator, keeping sensitive data on-device while enabling collaborative learning at scale [5].

The originality of this work lies in the combined use of federated learning, GNNs, and centrality measures from complex network theory to enhance intrusion detection, improve robustness in heterogeneous environments, and increase generalization to unseen or weakly represented attacks [6-9]. A key limitation of conventional federated approaches is their inability to capture the graph-structured topology inherent to electric vehicle CPS networks, where components and their interactions form complex relational graphs. GNNs address this gap by explicitly modeling nodes and their dependencies, while centrality measures identify critical system components and structural disruptions within interaction graphs. This combined framework aims to deliver a more performant, distributed, and privacy-preserving intrusion detection solution, capable of strengthening the cybersecurity, resilience, and reliability of future connected electric mobility systems.

Subject

This thesis proposes the design, implementation, and evaluation of a federated GNN-based intrusion detection framework for connected electric vehicle cyber-physical systems. Its originality lies in the combination of three complementary dimensions: (i) federated learning specifically adapted to the constraints and heterogeneity of distributed electric mobility ecosystems, (ii) graph neural network architectures tailored to the topology of inter-component communication systems within electric vehicles and charging infrastructures, and (iii) the exploitation of complex network properties to enhance detection performance and generalization across heterogeneous environments. To support this objective, the work begins with a comprehensive state of the art on GNN-based federated intrusion detection systems for connected electric mobility cyber-physical systems, building on existing approaches in IoT and CPS while identifying key limitations and research opportunities specific to the eTruckCharge project and broader connected electric mobility environments.

A core contribution of the thesis will be the modelling of electric vehicle CPS networks as graph-structured systems, where components are represented as nodes and communication channels as edges. This includes extracting structural features such as centrality metrics and constructing realistic datasets that capture a wide spectrum of attack scenarios, including injection, spoofing, denial-of-service, and anomalies related to electric vehicle charging infrastructures. Building upon the dataset generation methodology introduced in [10], these datasets will be enriched with diverse complex network properties to ensure robustness and representativeness. In parallel, the thesis will focus on the design of a federated GNN aggregation method adapted to connected electric mobility ecosystems by extending architectures such as FedGATSage [11,12]. The proposed approach will address a critical limitation of prior work; namely the loss of structural information during parameter aggregation, by preserving both spatial (topological) and temporal (traffic sequence) dependencies across vehicles, charging stations, and edge nodes.

Finally, the thesis will investigate how complex network properties (such as centralities, community structure, and backbone extraction [13-15]) can be leveraged to improve detection accuracy and inference speed, which is essential for resource-constrained embedded environments within large-scale electric mobility deployments.…

Skills

Scientific and technical skills: AI (deep learning, GNNs, federated learning), cybersecurity of distributed systems and networks (intrusion detection, anomaly detection, cyber-physical systems security), Python programming (PyTorch, TensorFlow, PyG), and scientific writing.
Knowledge of vehicular networks will be particularly appreciated.

Soft skills: Scientific rigor, autonomy, teamwork, critical thinking, project management, communication, and the ability to work in an interdisciplinary research environment.

Organisation

Funding: Projet Interreg Rhin Supérieur "Etruckcharge"

Location: Strasbourg

Starting date: 01/09/2026

Duration: 36 mois

Supervisor(s):

Amine Brahmia, Enseignant chercheur HDR, Directeur de thèse

Mourad Zghal, Enseignant chercheur HDR, Co-Directeur de thèse

Zakariya Ghalmane, Enseignant chercheur, Encadrant

Bibliography:

[1] R. Abreu, F. Branco, M. J. C. S. Reis and C. Serôdio, 'Cybersecurity in Connected and Autonomous Vehicles: A Systematic Review of Automotive Security,' in IEEE Access, vol. 13, pp. 116818-116855, 2025, doi: 10.1109/ACCESS.2025.3584649.

[2] Tawfiq Aljohani, Abdulaziz Almutairi, A comprehensive survey of cyberattacks on EVs: Research domains, attacks, defensive mechanisms, and verification methods, Defence Technology, Volume 42, 2024, Pages 31-58.

[3] Chouikhi, S., & Khoukhi, L. (2025, December). A Stackelberg Game Security Model Against Botnets in Electric Vehicle Systems. In GLOBECOM 2025-2025 IEEE Global Communications Conference (pp. 770-774). IEEE.

[4] Baahmed, A. R., Dollinger, J. F., Brahmia, M.-E.-A., & Zghal, M. (2026). HiFEL-OCKT: Hierarchical Federated Edge Learning with Objective Congruence and Multi-Level Knowledge Transfer for IoT Ecosystems. Internet of Things, 101868.

[5] Arbaoui, M., Brahmia, M.-E.-A., Rahmoun, A. & Zghal, M. Federated learning survey: A multi-level taxonomy of aggregation techniques, experimental insights, and future frontiers. ACM Transactions on Intelligent Systems and Technology 15, 1-69 (2024).

[6] Termos, M., Ghalmane, Z., Brahmia, M.-E.-A., Fadlallah, A., Jaber, A. & Zghal, M. GDLC: A new graph deep learning framework based on centrality measures for intrusion detection in IoT networks. Internet of Things 26, 101214 (2024).

[7] Jianping, W., Guangqiu, Q., Chunming, W., Weiwei, J., & Jiahe, J. (2024). Federated learning for network attack detection using attention-based graph neural networks. Scientific Reports, 14(1), 19088.

[8] Termos, M., Ghalmane, Z., Brahmia, M.-E.-A., Fadlallah, A., Jaber, A., &Zghal, M. (2026). ADAP-GNN: Adaptive property-aware graph neural network for intrusion detection in IoT networks. Computers and Electrical Engineering, 133, 111051.

[9] Termos, M., Ghalmane, Z., Brahmia, M.-E.-A., Fadlallah, A., Jaber, A. & Zghal, M. Intrusion detection system for IoT based on complex networks and machine learning. In 2023 IEEE DASC/PiCom/CBDCom/CyberSciTech, 471-477. IEEE (2023).

[10] Tihanyi, N., Ferrag, M. A., Jain, R., Bisztray, T., & Debbah, M. (2024, September). Cybermetric: A benchmark dataset based on retrieval-augmented generation for evaluating llms in cybersecurity knowledge. In 2024 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 296-302). IEEE.

[11] Al Tfaily, F., Ghalmane, Z., Brahmia, M.-E.-A., Hazimeh, H., Jaber, A. & Zghal, M. Graph-based federated learning approach for intrusion detection in IoT networks. Scientific Reports 15, 41264 (2025). https://doi.org/10.1038/s41598-025-25175-1

[12] Al Tfaily, F., Ghalmane, Z., Brahmia, M. E. A., Hazimeh, H., Jaber, A., & Zghal, M. (2026). Community-based Vulnerability Prediction Framework for IoT Intrusion Detection using only Network Topology. Future Generation Computer Systems, 108493.

[13] Ghalmane, Z., Cherifi, C., Cherifi, H. & El Hassouni, M. Centrality in complex networks with overlapping community structure. Scientific Reports 9, 10133 (2019).

[14] Ghalmane, Z., Cherifi, C., Cherifi, H. & El Hassouni, M. Extracting backbones in weighted modular complex networks. Scientific Reports 10, 15539 (2020).

[15] Yassin, A., Haidar, A., Cherifi, H., Seba, H., & Togni, O. (2023). An evaluation tool for backbone extraction techniques in weighted complex networks. Scientific Reports, 13(1), 17000.

AbstractSecuring the connected vehicle is no longer optional; it is a prerequisite for safe, trustworthy mobility in the era of electric and autonomous transportation.Keywords: Sustainable City, Elect

CESI est une école d'ingénieurs qui fait de la promotion sociale par l'excellence un modèle de réussite. Rejoignez un environnement stimulant où l'esprit d'équipe, la diversité des projets et l'autonomie ne font qu'un. Découvrez une école qui a su développer un modèle unique et se donne les moyens au quotidien de relever les grands défis de l'époque. Nos 25 campus, 28 000 étudiants, 8000 entreprises partenaires et 106 000 alumni témoignent de l'impact de CESI au niveau national.

CESI accompagne ses étudiants en utilisant des méthodes innovantes de pédagogie active. L'établissement forme avec rigueur les futurs ingénieurs, techniciens et managers, dans les secteurs suivants : l'Industrie & l'Innovation, le BTP, l'Informatique et le Numérique et le Développement Durable. Parallèlement, CESI concrétise son engagement dans la Recherche à travers des activités menées au sein de son Laboratoire d'Innovation Numérique, CESI LINEACT.

Les partenariats établis avec 130 universités à travers le globe, attestent de l'engagement international de CESI. Ces liens privilégiés offrent aux élèves ingénieurs une mobilité sortante et entrante à l'échelle internationale, façonnée notamment par des stages obligatoires faisant partie intégrante de leur cursus.