Electric vehicle supply equipment (EVSE) faces emerging multi-stage, cross-layer coordinated attacks—including network reconnaissance, backdoor implantation, and DDoS—rendering conventional intrusion detection systems (IDS) ineffective due to their inability to capture inter-layer exploit patterns. Method: We propose the first multimodal IDS framework integrating network traffic and kernel-level events. It tightly couples graph neural network (GNN)-based anomaly modeling with lightweight federated learning: multimodal feature alignment enables cross-layer behavioral representation; hierarchical federated aggregation and differential privacy–enhanced local updates ensure collaborative model evolution without data leaving premises. Contribution/Results: Evaluated on real-world EVSE deployments, our framework achieves 98.2% detection rate and 97.4% precision, reduces communication overhead by 37%, satisfies millisecond-scale response latency, and complies with GDPR requirements.

The rapid global adoption of electric vehicles (EVs) has established electric vehicle supply equipment (EVSE) as a critical component of smart grid infrastructure. While essential for ensuring reliable energy delivery and accessibility, EVSE systems face significant cybersecurity challenges, including network reconnaissance, backdoor intrusions, and distributed denial-of-service (DDoS) attacks. These emerging threats, driven by the interconnected and autonomous nature of EVSE, require innovative and adaptive security mechanisms that go beyond traditional intrusion detection systems (IDS). Existing approaches, whether network-based or host-based, often fail to detect sophisticated and targeted attacks specifically crafted to exploit new vulnerabilities in EVSE infrastructure. This paper proposes a novel intrusion detection framework that leverages multimodal data sources, including network traffic and kernel events, to identify complex attack patterns. The framework employs a distributed learning approach, enabling collaborative intelligence across EVSE stations while preserving data privacy through federated learning. Experimental results demonstrate that the proposed framework outperforms existing solutions, achieving a detection rate above 98% and a precision rate exceeding 97% in decentralized environments. This solution addresses the evolving challenges of EVSE security, offering a scalable and privacypreserving response to advanced cyber threats