To address security vulnerabilities inherent in the Open Charge Point Protocol 1.6 (OCPP 1.6) that expose charging station networks to cyberattacks and user privacy breaches, this paper proposes the first federated learning framework tailored for OCPP 1.6 protocol-level intrusion detection. The framework enables multiple geographically distributed charging stations to collaboratively train an intrusion detection model without sharing raw data, integrating IoT anomaly detection, OCPP-specific behavioral modeling, and secure distributed model aggregation. Its key contribution lies in the first adaptation of federated learning to the semantic layer of OCPP 1.6 messages, enabling fine-grained identification of protocol-level anomalies. Experimental evaluation demonstrates that the method achieves 98.2% attack detection accuracy while preserving data privacy—significantly outperforming isolated, single-station models—and simultaneously satisfies stringent requirements for security, decentralized deployment feasibility, and detection precision.

The ongoing electrification of the transportation sector requires the deployment of multiple Electric Vehicle (EV) charging stations across multiple locations. However, the EV charging stations introduce significant cyber-physical and privacy risks, given the presence of vulnerable communication protocols, like the Open Charge Point Protocol (OCPP). Meanwhile, the Federated Learning (FL) paradigm showcases a novel approach for improved intrusion detection results that utilize multiple sources of Internet of Things data, while respecting the confidentiality of private information. This paper proposes the adoption of the FL architecture for the monitoring of the EV charging infrastructure and the detection of cyberattacks against the OCPP 1.6 protocol. The evaluation results showcase high detection performance of the proposed FL-based solution.