Trust Evaluation Framework for Adaptive Load Optimization in Motor Drive System

Abstract

Electric drive systems (EDSs) are vital for automotive and industrial applications but remain highly vulnerable to cyber and physical anomalies (CPAs), such as inverter open-circuit faults, sensor failures, and malicious cyberattacks. Ensuring reliable EDS operation requires the controller to receive accurate and uncompromised feedback and reference signals continuously. However, many existing data-driven detection and mitigation strategies rely on large training datasets, impose significant computational overhead, and often lose effectiveness under various abnormal operating conditions. To overcome these limitations, this paper introduces a trust evaluation framework that continuously assesses the reliability of all incoming signals to the EDS controller by combining behavioral analysis with historical reliability records. The proposed scheme offers a lightweight and model-independent approach, enabling reliable, adaptive decision-making by leveraging both current and historical signal behavior. To this end, this paper further integrates the resulting trust values into a torque-split optimization algorithm, enabling adaptive load optimization by dynamically reducing the torque contribution of motors operating under abnormal or low-trust conditions, thereby demonstrating clear applicability for automotive drive systems. The framework is validated in a real-time OPAL-RT environment across multiple CPA scenarios, demonstrating accurate anomaly detection and adaptive torque redistribution. Owing to its simplicity and versatility, the proposed method can be readily extended to other safety-critical drive applications.

1. Introduction

In recent years, the application of power electronic systems (PESs) has become central to a wide range of industries, including the automotive sector, industrial automation, utility grid power management, and marine power systems. Advanced control schemes associated with these PESs have enhanced their efficiency and enabled higher power density. However, these advancements in control, communication, and power levels have also made them increasingly susceptible to a range of cyber anomalies and physical faults [1,2]. Therefore, various model-based [3,4,5,6,7,8,9] and data-driven schemes [10,11,12,13,14,15,16,17] are proposed in the existing literature for the detection of these cyber and physical anomalies. Model-based schemes are favored over data-driven approaches due to their faster diagnostic speed and lower computational requirements. However, their performance is often limited under uncertain operating conditions due to system nonlinearities and high reliance on the accuracy of the system’s mathematical model. In contrast, data-driven approaches do not depend on an explicit system model and are capable of handling complex system dynamics through advanced machine learning techniques. Nevertheless, data-driven schemes face challenges related to the scarcity of real-world training data associated with CPAs and the high computational cost involved.

Compared to existing methods for the detection of CPAs, trust evaluation schemes offer a more effective approach to assessing the behavioral reliability of key entities, particularly feedback and reference signals, which are integral to any closed-loop control framework. Moreover, trust evaluation approaches integrate the advantages of both data-driven and model-based schemes. They operate independently of system models, impose a low computational burden, and eliminate the need for large offline training datasets. Moreover, trust evaluation leverages both current and historical operational data, allowing it to assess cumulative behavior over time, leading to more reliable and adaptive decision-making. However, the effectiveness of these frameworks heavily depends on the quality of the reliability assessment metrics and the accurate identification of relevant system parameters.

In this context, ref. [18] introduced a metrics-based trustworthiness scheme for routing protocols in low-power and lossy networks. This approach strengthens security mechanisms against selfish behaviors and internal attackers while achieving lower energy consumption and a higher packet delivery ratio. Moreover, a lightweight and reliable trust mechanism based on multi-source feedback information fusion is proposed in [19] to enhance the adoption of IoT edge devices. This approach effectively mitigates the impact of bad-mouthing attacks caused by malicious feedback providers. Additionally, a multi-dimensional attack-resistant trust model designed for acoustic sensor networks is proposed in [20], utilizing packet error loss, packet loss rate, and link capacity. Given the unreliable communication channels in underwater environments, trust models originally designed for terrestrial wireless sensor networks cannot be effectively adapted for acoustic applications. Similarly, ref. [21] introduces a distributed trust mechanism for wireless sensor network applications, integrating communication trust, energy trust, data trust, recommended reliability, recommended similarity, and indirect trust. Moreover, ref. [22] proposes a context-aware trust evaluation approach that employs a multi-source reputation and trust-based mechanism to assess user trustworthiness in fog-based IoT. In [23], a trust-based mechanism for detecting distributed denial-of-service attacks in vehicular ad hoc networks is presented. The trust evaluation incorporates factors such as residual energy, frequency value statistics, trust policy, trust hypothesis statistics, and data factors. Moreover, a trust assessment scheme [24] is proposed for online social networks, integrating context-specific information, locally generated social trust relationships, and network topological structure data. This approach enhances social trust prediction by up to 5.5% compared to existing methods. Additionally, ref. [25] introduces a mobility trust evaluation model based on communication success rate and sensor node energy consumption to estimate trust values in heterogeneous vehicle networks. In this framework, a mobility strategy is developed for electric vehicles to minimize the total number of transmission hops in trust evaluation. Ref. [26] presents a simplified blockchain-based consensus algorithm for trust evaluation in massive machine-type communication, addressing the lack of an inherent security framework in the Internet of Energy Things and Industrial Internet of Things. Moreover, as federated learning is preferred for its distributed nature, low latency, and high privacy benefits, ref. [27] proposes a trust evaluation framework for federated learning in digital twins for mobile networks based on individual and coordinated trust values for participating users. This framework addresses the limitations of the simplex evaluation factor in conventional coarse-grained trust calculation methods.

To the best of our knowledge, most existing trust evaluation schemes are designed primarily for communication networks or sensor data in distributed systems, where interactions between nodes are governed by trust values. In these systems, the failure of a node does not necessarily compromise overall functionality. However, this is not applicable when centralized control is integrated with various input signals processed over a fixed sampling period for continuous decision-making. In this case, halting the interaction of these incoming signals would disrupt the entire operation. As such, existing schemes lack a methodology specifically tailored to centralized control systems, particularly for applications like EDS. To address this gap, the proposed work introduces a trust evaluation framework for an EV-based EDS, where a decline in trust values triggers a response that reduces the torque demand for the associated EDS under abnormal conditions. Moreover, much like communication networks, these operational technology systems are also vulnerable to various types of CPAs. Therefore, adapting trust-based frameworks from communication networks to cyber-physical systems offers a valuable enhancement to the paradigm of trust evaluation, expanding its application in automotive systems. Moreover, Table 1 illustrates a concise summary that synthesizes the contributions of the proposed scheme and contrasts them with the key limitations of prior studies. The contributions of this work can be summarized as follows:

1.

A generalized trust computing method is proposed, applicable to any system with centralized control and incoming feedback and input signals. Since this framework involves several tunable factors, it can be adjusted to meet the specific requirements of different systems.

2.

The robustness of the proposed trust method is validated across a diverse range of CPAs. To achieve this, this scheme is integrated with a real-time EDS model simulated on OPAL-RT, effectively simulating various CPA scenarios, including power switch open-circuit faults, current sensor faults, and cyberattacks.

3.

This work presents a trust-aware torque-split optimization algorithm that incorporates the trust values of each EDS to further optimize torque distribution across each traction motor, following the principles of adaptive load optimization (ALO).

Table 1. Characteristics and limitations of past studies and the proposed approach.

Method	Investigated System	Anomaly Modes	Contributions	Key Limitations
[28]	Electric drive system	False data injection (FDI) attacks	Cyberattack detection and impact analysis on 3-phase current	Data-driven schemes rely heavily on the availability and quality of training datasets. Most diagnostic methods depend only on instantaneous current values, without considering historical system behavior. Existing schemes can typically detect only a limited range of cyber and physical anomalies.
[29]		FDI and relay attacks	Cyberattack detection and impact analysis on 3-phase current
[30]		FDI attacks	Cyberattack detection and impact analysis on 3-phase current
[31]		OCFs in single power switch	Impact analysis on stator current, detection and distinguish OCFs
[32]		Single and Double switch OCFs in power converter	Impact analysis on stator current, detection and distinguish OCFs
[17]		Single and double switch OCFs in power converter and FDI attacks	Impact analysis, detection and differentiation
[18]	Low-power and lossy networks	Selfish behaviors and internal attackers	Strengthens security mechanism; lower energy consumption and higher packet delivery ratio	Most trust evaluation schemes are limited to distributed control and not applied to centralized systems. Trust evaluation has not yet been explored in the context of electric drive systems. Current schemes lack a response mechanism to mitigate the impact once anomalies are detected.
[19]	IoT edge devices	Bad mouthing attacks	Lightweight and reliable trust mechanism
[20]	Acoustic sensor networks	Cyberattacks	Multi-dimensional attack-resistant trust
[21]	Wireless sensor network	None	Distributed trust mechanism
[23]	Vehicular ad hoc networks	Denial-of-service (DoS) attacks	Trust-based mechanism for detecting distributed DoS attacks
[25]	Heterog- eneous vehicle networks	None	Trust evaluation for mobility strategy to minimize the total number of transmission hops
This work	Electric drive system	Cyberattacks, OCFs, and sensor faults	A trust-based strategy is developed to detect various cyber and physical anomalies. The trust score is integrated into the torque-split optimization to minimize anomalies’ impact on motor drive characteristics.

Table 1. Characteristics and limitations of past studies and the proposed approach.

Method	Investigated System	Anomaly Modes	Contributions	Key Limitations
[28]	Electric drive system	False data injection (FDI) attacks	Cyberattack detection and impact analysis on 3-phase current	Data-driven schemes rely heavily on the availability and quality of training datasets. Most diagnostic methods depend only on instantaneous current values, without considering historical system behavior. Existing schemes can typically detect only a limited range of cyber and physical anomalies.
[29]		FDI and relay attacks	Cyberattack detection and impact analysis on 3-phase current
[30]		FDI attacks	Cyberattack detection and impact analysis on 3-phase current
[31]		OCFs in single power switch	Impact analysis on stator current, detection and distinguish OCFs
[32]		Single and Double switch OCFs in power converter	Impact analysis on stator current, detection and distinguish OCFs
[17]		Single and double switch OCFs in power converter and FDI attacks	Impact analysis, detection and differentiation
[18]	Low-power and lossy networks	Selfish behaviors and internal attackers	Strengthens security mechanism; lower energy consumption and higher packet delivery ratio	Most trust evaluation schemes are limited to distributed control and not applied to centralized systems. Trust evaluation has not yet been explored in the context of electric drive systems. Current schemes lack a response mechanism to mitigate the impact once anomalies are detected.
[19]	IoT edge devices	Bad mouthing attacks	Lightweight and reliable trust mechanism
[20]	Acoustic sensor networks	Cyberattacks	Multi-dimensional attack-resistant trust
[21]	Wireless sensor network	None	Distributed trust mechanism
[23]	Vehicular ad hoc networks	Denial-of-service (DoS) attacks	Trust-based mechanism for detecting distributed DoS attacks
[25]	Heterog- eneous vehicle networks	None	Trust evaluation for mobility strategy to minimize the total number of transmission hops
This work	Electric drive system	Cyberattacks, OCFs, and sensor faults	A trust-based strategy is developed to detect various cyber and physical anomalies. The trust score is integrated into the torque-split optimization to minimize anomalies’ impact on motor drive characteristics.

In this article, Section 2 presents the formulation of the trust evaluation framework for EDS and trust-aware torque-split optimization. Section 3 outlines the trust dynamics for various CPAs to validate the proposed approach’s applicability and evaluates the performance of trust-aware torque-split optimization under different EDS trust values. Finally, Section 4 provides the conclusion.

2. Trust-Aware Control Framework for Electric Drive System

Modern EVs can generally be classified into single-motor or multi-motor drive systems. Traditional EDSs typically lack a continuous authentication mechanism for feedback and reference input signals sent to the motor controller. This absence of the authentication process makes the EDSs vulnerable to disruptions caused by non-routine operating conditions, such as cyberattacks or physical faults, which can further compromise gate drive signals, thereby jeopardizing the system’s security and operational reliability. To address this, a trust evaluation framework is integrated at the controller’s input as a security checkpoint, as shown in Figure 1. This framework continuously monitors the integrity of input signals from sensors and the CAN bus, serving as a monitoring mechanism for the EDS. The details of this trust evaluation framework are explained below.

2.1. Trust Behavior Model

To assess the trust level of incoming signals involved in the EDS controller’s decision-making process, the controller must comprehensively record the behavior of these signals. The frameworks supporting the trust evaluation ($T{E}_i$) of the incoming signals within the time window ($t_i$) can be formalized as shown in Equation (1). Here, $R{B}_i$ represents the recorded behavior of the signals, where i represents the segment number corresponding to data within the sliding window. Since these signals are not validated at every sampling instant, the trust evaluation is performed after collecting data over a specified window size. This approach implicitly assumes that the entities contributing to each window remain trustworthy and continue transmitting data to the EDS controller. Once the window is completed, the trustworthiness of the previously accepted entities is reassessed through re-evaluation. This procedure distinguishes the proposed mechanism from a zero-trust approach, where no entity is ever implicitly trusted and every incoming signal must be validated before entering the controller. In contrast, zero-trust is not practical for EDS applications because reliable behavioral validation cannot be achieved from a single sampling instant; instead, a dataset spanning a defined window size is required for meaningful trust assessment. Additionally, even if a trust mechanism were applied at each sampling instance of EDS, it could introduce computational delays that would compromise the performance of the subsequent controller by increasing the total harmonic distortion. Therefore, this proposed trust mechanism is referred to as a trust mechanism rather than a zero-trust mechanism. This recorded data from each window serves as the input for exploratory data analysis (EDA) techniques. Additionally, $R{L}_i$ denotes the reliability score of the incoming signals, while $R{L}_{his}$ captures their historical reliability record, derived by applying exponential normalization to the values obtained from EDA. Together, these parameters are used to quantify the proposed trust evaluation framework.

$$T{E}_i=\langle R{B}_i,ED{A}_i,R{L}_i,R{L}_{his}\rangle$$

(1)

The recorded behavior is expressed in Equation (2), where the size of each behavioral segment ($b{h}_{i,f}$) is determined by the length of the extracted features or the window size, denoted as ($lg$), with (f) representing the number of different features. The features of the EDS ($E_f$), utilized to compute $b{h}_{i,f}$, are outlined in Equation (3). Here, $I_{d,q}^m$ and ${\omega }_m^m$ represent the measured current and speed values, respectively, while $I_{d,q}^{ref}$ and ${\omega }_m^{ref}$ denote their corresponding reference values. These values, corresponding to the stator current and speed of the permanent magnet synchronous machine (PMSM), can be obtained via model predictive current control, as presented in [33]. Furthermore, the formulation of $b{h}_{i,f}$ in Equation (4) incorporates the degree of abnormality ($abn{D}_{(i,k)}^{EDA}$) observed between measured and reference values during the interaction of incoming signals with the EDS controller. This is achieved by employing EDA techniques, including mean, interquartile range, and Pearson correlation, for each set of values shown in Equation (3). Consequently, the proposed trust evaluation scheme leverages EDA methods to accurately quantify the operational discrepancies in the EDS.

$$\begin{array}{cc}\hfill R{B}_i& =\langle b{h}_{i,f}\rangle ϵlg\hfill \end{array}$$

(2)

$$\begin{array}{cc}\hfill E_f& =\langle I_d^m,I_q^m,I_d^{ref},I_q^{ref},{\omega }_m^m,{\omega }_m^{ref}\rangle \hfill \end{array}$$

(3)

$$\begin{array}{cc}\hfill b{h}_{i,f}& =abn{D}_{(i,k)}^{EDA}=ED{A}_{(i,k)}(E_f^m,E_f^{ref})\hfill \end{array}$$

(4)

Here, $E_f^m$ and $E_f^{ref}$ are the measured and reference values of EDS features, respectively. The estimated values of operational abnormalities, derived through EDA techniques, are utilized to assess the operational reliability of the EDS, with their records systematically maintained as part of the EDS historical reliability database. Moreover, residual values obtained by taking the mean square error between the measured and reference values of $I_{d,q}$ are analyzed through EDA to ensure stationarity. The mean and interquartile range of these residuals are then used to compute $b{h}_{i,f}$, which is subsequently applied in Equation (5) to evaluate the reliability of the traction inverter’s feedback signals ($R{L}_i^{fb}$). Conversely, for the speed values, the Pearson correlation coefficient is employed to calculate $b{h}_{i,f}$, which is subsequently used in Equation (5) to evaluate the reliability values of the EDS input signals ($R{L}_i^{in}$). As the reliability is evaluated for all incoming signals of the EDS controller, both input and feedback signals are taken into account. Furthermore, the reliability formulation for the input signal is separated from that of the feedback signals, because this can also help to localize the reliability degradation between feedback and inputs for future work. Different data normalization methods are utilized for $R{L}_i^{fb}$ and $R{L}_i^{in}$ because of the nature of the input data. Furthermore, since $R{L}_i^{in}$ utilizes an EDA approach with values already scaled between 0 and 1, the negative exponent-based scaling is not applied for computing $R{L}_i^{in}$. The parameter $N_i$ in Equation (5) denotes the total number of $b{h}_{i,f}$ values considered in the numerator, which can vary based on the number of EDA techniques utilized. The value of $N_i$ while computing $R{L}_i^{in}$ will be 1. The reliability values are bounded within the range [0, 1] due to the applied normalization scheme. This method for estimating operational reliability is highly versatile and can be scaled to apply to other systems. Moreover, the overall signal-based reliability of EDS is formalized in Equation (6).

$$\begin{array}{cc}\hfill R{L}_i^{fb}(\Delta t)& ={\displaystyle \frac{\sum e^{-b{h}_{i,f}}}{N_i}},R{L}_i^{in}(\Delta t)={\displaystyle \frac{b{h}_{i,f}}{N_i}}\hfill \end{array}$$

(5)

$$\begin{array}{cc}\hfill R{L}_i^{total}& =R{L}_i^{in}(\Delta t)+R{L}_i^{fb}(\Delta t)\hfill \end{array}$$

(6)

Hence, the recorded behavior of the EDS is used to represent its operational trustworthiness. To evaluate the overall EDS reliability value while considering both hardware-based feedback signals and user-provided input signals, the calculation is formalized in Equation (7). In this formulation, where multiple values are aggregated, normalization plays a crucial role in ensuring balanced evaluation, as shown in Equation (7). This equation also incorporates historical reliability values, which serve as a weighting factor to determine the current reliability. The weighting factor is expressed as $e^{-R{L}_{hist}}$, where $R{L}_j^{-ive}$ denotes the historical negative interactions. Additionally, the term ($\sigma .c$) represents the time-forgetting factor, which gradually diminishes the influence of historical negative interactions on current reliability values over time. This indicates that the historical reliability values based on the far past will not have much value. Moreover, since the historical reliability values account only for negative interactions, a higher $R{L}_{hist}$ value leads to a smaller outcome from the negative exponent-based weighting factor in (5), thereby reducing the overall system reliability, and vice versa.

$$\begin{array}{cc}\hfill R{L}_i(\Delta t)& =e^{-R{L}_{hist}}.R{L}_i^{total}\hfill \end{array}$$

(7)

$$\begin{array}{cc}\hfill R{L}_{hist}& ={\displaystyle \frac{\sqrt{\sum R{L}_j^{-ive}}}{1+\sqrt{\sum R{L}_j^{-ive}}}}-\sigma .c,jϵ\{fb,in\}\hfill \end{array}$$

(8)

The variable c represents the number of negative iterations in the past 10 interactions. Additionally, $\sigma$ corresponds to the variance ($var$) of the behavioral stability of the EDS with segment length $lg$, denoted as $S_i(\Delta t)$, which is calculated using Equation (9). The stability value is determined based on the consecutive interaction of $E_f$ for each sampling period. The variance of the captured data is higher in cases of abnormal operational behavior compared to normal conditions. These dynamics are then employed to estimate $\sigma$, which influences the changes in reliability values over time under varying operational conditions.

$$\begin{array}{cc}\hfill S_i(\Delta t)& ={\displaystyle \frac{E_f^{z+1}-E_f^z}{lg}};\sigma =\sqrt{var\left(S_i^{lg}\right)}\hfill \end{array}$$

(9)

2.2. Trust Evaluation Model

This section explains the proposed trust evaluation criteria for EDSs. The primary objective of this approach is to assess the operational trustworthiness of an EDS, based on its operational reliability values. The resulting trust values will be incorporated into the torque-split optimization algorithm, as illustrated in Figure 2. In this way, the distribution of the required total torque can be further optimized, taking into account the trustworthiness of each EDS and reducing the torque demand from an EDS already operating under abnormal conditions. The trust value, $T_i\left(e^{-T_f}\right)$, is calculated using Equation (10), where a higher trust factor ($T_f$) results in a higher trust value. The mathematical formulation in Equation (10) is designed to regulate the rate of change in trust values. It is assumed that trust can neither start at zero nor one; instead, it always begins at 0.5. Furthermore, Equation (10) ensures that trust does not increase abruptly but rather grows gradually over time toward a maximum value of 1, without ever exceeding it. This behavior is also illustrated in the graphical results presented in the Results section. These dynamics primarily depend on the trust factor ($T_f$), which in turn is governed by the variations in the previously obtained reliability values.

$$T_i\left(e^{-T_f}\right)=\left\{\begin{array}{c}0,\mathit{if}:e^{-T_f}=0\hfill \\ max\{0,min(0.5+(1-e^{-T_f}),1)\},\hfill & \mathit{else}.\hfill \end{array}\right.$$

(10)

$$\begin{array}{cc}\hfill T_f& =\alpha .\sqrt[\varphi ]{R{L}_i(\Delta t)}.g\left(t\right),\varphi =0.5\hfill \end{array}$$

(11)

Moreover, the value of $\alpha$, which enforces an acceptable reliability threshold for computing trust, is estimated via Equation (12). Through $\alpha$, one can distinguish between normal conditions, mild abnormalities, and severe abnormalities based on the current reliability values. Additionally, the function $g\left(t\right)$ in Equation (13) modifies the reliability values to regulate the rate at which trust changes over time, ensuring that trust increases gradually. The terms ($\sigma ·c$) and $g\left(t\right)$ describe how trust changes over time, showing a quick drop at first and then a slow recovery, as can be seen for various case study scenarios in the Results section. Furthermore, the weighting factors ($\delta$ and $\zeta$) can be adjusted to regulate the rate of trust variation across behavioral segments, depending on the specific application.

$$\alpha =\left\{\begin{array}{cc}1,\hfill & \mathit{if}:0.5<\left(R{L}_i^{fb}\right)\&\left(R{L}_i^{in}\right)<1\hfill \\ 0,\hfill & \mathit{otherwise}.\hfill \end{array}\right.$$

(12)

$$g\left(t\right)=min\{(1-e^{-\delta .t^2}.\zeta ),1\}$$

(13)

Hence, the main purpose of these formulations is to express reliability values in terms of trust while controlling their dynamics under both normal and abnormal conditions, ensuring that trust decreases sharply when needed but recovers gradually.

2.3. Trust-Aware Torque-Split Optimization

The primary function of the EDS is to deliver the required torque necessary to generate the yaw moment commanded by the vehicle’s lateral stability control system. In Figure 2, Motors 1 and 2 represent the motor drives on the front-right and rear-right wheels, respectively, while Motors 3 and 4 correspond to the front-left and rear-left motor drives. The total torque demand ($Tr{q}_{dem}$) and speed demand are initially distributed between the right and left motors. These distributed torque and speed values are then used to determine the torque-split ratio ($Tr{q}_{sr}$) between the front and rear wheels, separately for the right and left sides. In this context, Equation (14) illustrates how the torque is calculated for the right-side wheels.

$$\begin{array}{cc}\hfill Tr{q}_1& =Tr{q}_{sr}\left(Tr{q}_{\left(dem\right)}^r\right);Tr{q}_2=1-Tr{q}_1\hfill \end{array}$$

(14)

$Tr{q}_{\left(dem\right)}^r$ is the demanded torque for the right-sided wheels of the vehicle. The torque for the two right wheels as a function of associated trust values [$T_{i,1}(\Delta t)$ and $T_{i,2}(\Delta t)$] is defined by Equations (15) and (16), where $\Delta {T\widehat{r}q}_1$ and $\Delta {T\widehat{r}q}_2$ represent the additional torque required to achieve yaw moment ($\gamma$), as expressed in Equation (17). Here, $D_f$ and $D_r$ represent the distances from the vehicle’s center of mass to the front and rear axles, respectively, $L_d$ denotes the distance between the front and rear axles, and $r_w$ is the dynamic tire radius.

$$\begin{array}{cc}\hfill Tr{q}_1& =T_{i,1}(\Delta t)\left(Tr{q}_1-\Delta {T\widehat{r}q}_1\right)\hfill \end{array}$$

(15)

$$\begin{array}{cc}\hfill Tr{q}_2& =T_{i,2}(\Delta t)\left(Tr{q}_2-\Delta {T\widehat{r}q}_2\right)\hfill \end{array}$$

(16)

$$\begin{array}{cc}\hfill \Delta {T\widehat{r}q}_1& ={\displaystyle \frac{D_f{r}_w}{(D_f+D_r)L_d}}\gamma ;\Delta {T\widehat{r}q}_2={\displaystyle \frac{D_r{r}_w}{(D_f+D_r)L_d}}\gamma \hfill \end{array}$$

(17)

Based on the physical constraints, each xth motor $(x=1,2)$ has associated maximum ($Tr{q}_{x,max}$) and minimum ($Tr{q}_{x,min}$) torque limits, as shown in Equation (18). Similarly, the torque for the left-side motors $(x=3,4)$ can be estimated in the same manner.

$$Tr{q}_x=\left\{\begin{array}{cc}Tr{q}_x,\hfill & \mathit{if}:<Tr{q}_x<Tr{q}_{x,max}\}\hfill \\ Tr{q}_{x,min},\hfill & \mathit{if}:Tr{q}_x<Tr{q}_{x,min}\hfill \\ Tr{q}_{x,max},\hfill & else\hfill \end{array}\right.$$

(18)

Furthermore, interior permanent magnet synchronous motors (IPMSMs) are commonly chosen as traction motors in electric vehicles (EVs) due to their high power density and smooth torque production. In this context, Figure 1 illustrates the IPMSM-based configuration of a single EDS. Moreover, the dynamic mathematical model in [33] is utilized to model the model-predictive current control-based IPMSM controller for EDS.

3. Real-Time Experimental Validation

The effectiveness of the proposed trust evaluation approach is validated using a real-time simulation model of the EDS shown in Figure 1. This experimental setup aims to illustrate the viability of the presented framework for real-time applications. The EDS with ATM-based MPC is implemented in a MATLAB/Simulink environment integrated with a real-time digital simulator, i.e., Opal-RT OP4510. The model is executed in RT-LAB with real-time hardware synchronization. Moreover, the detailed implementation of EDS in OPAL-RT is shown in Figure 3, where the power converter and IPMSM are simulated in the FPGA solver with a sampling time of up to 210 ns, and the controller is implemented in the CPU of OPAL-RT with a sampling rate of 25 $\mathsf{\mu }$s.

3.1. Trust Value Estimation

This study evaluates the effectiveness of the proposed trust estimation scheme for an EDS under non-routine operating conditions, including open-circuit faults (OCFs) in traction inverter power switches, current sensor faults, and cyberattacks, as detailed in Table 2. These cyber and physical anomalies, discussed in [17,34], are selected due to their prominence in existing research. The real-time effects of these anomalies on the electrical, mechanical, and thermal parameters of the EDS are not reiterated here, as they have already been thoroughly analyzed in [17]. The following subsections validate the proposed trust evaluation framework in relation to these cyber and physical anomalies.

Table 2. CPAs considered for the proposed trust evaluation strategy.

Cases	Category	Description
I	SS-OCF [17]	OCF instigated in S4.
II	SDS-OCF [17]	OCF instigated in S3, S4.
III	CDS-OCF [17]	OCF instigated in S3, S6.
IV	PDS-OCF [17]	OCF instigated in S3, S5.
V	Stuck fault [17]	Stuck fault in phase-B current sensor.
VI	Sensor OCF [17]	OCF fault in phase-A current sensor.
VII	Cyberattack [34]	Targeting reference speed of EDS.
VIII	Cyberattack [17]	Targeting Phase B current. [$mul=2$]
IX	Cyberattack [17]	Targeting Phases B, C currents. [$mul=2$]
X	Cyberattack [17]	Targeting Phases A, B, C currents. [$mul=5$]
XI	Cyberattack [17]	Targeting Phases A, B currents. [$mul=-0.75$]
XII	Cyberattack [17]	Targeting Phase A current. [$mul=-1.2$]

Table 2. CPAs considered for the proposed trust evaluation strategy.

Cases	Category	Description
I	SS-OCF [17]	OCF instigated in S4.
II	SDS-OCF [17]	OCF instigated in S3, S4.
III	CDS-OCF [17]	OCF instigated in S3, S6.
IV	PDS-OCF [17]	OCF instigated in S3, S5.
V	Stuck fault [17]	Stuck fault in phase-B current sensor.
VI	Sensor OCF [17]	OCF fault in phase-A current sensor.
VII	Cyberattack [34]	Targeting reference speed of EDS.
VIII	Cyberattack [17]	Targeting Phase B current. [$mul=2$]
IX	Cyberattack [17]	Targeting Phases B, C currents. [$mul=2$]
X	Cyberattack [17]	Targeting Phases A, B, C currents. [$mul=5$]
XI	Cyberattack [17]	Targeting Phases A, B currents. [$mul=-0.75$]
XII	Cyberattack [17]	Targeting Phase A current. [$mul=-1.2$]

3.1.1. Dynamics of Trust Value During Power Switch Faults

The OCF-based physical faults in the traction inverter of an EDS are classified into four categories: single-switch (SS) OCF, series-double-switch (SDS) OCF, cross-double-switch (CDS) OCF, and parallel-double-switch (PDS) OCF [17]. These faults are simulated by permanently setting the gating signal of a specific power switch in the inverter to zero, replicating the conditions of an OCF. In this section, one fault from each category—single and double-switch—is introduced to observe the dynamics associated with reliability and trust value computations using the proposed scheme.

In this context, the reliability is estimated using Equation (6), the weighted reliability via Equation (7), and the trust values using Equation (10) for each OCF case study, as shown in Figure 4. All values are normalized between 0 and 1. The reliability calculated using Equation (6) remains above 0.8 unless an OCF occurs in the EDS. At the moment an OCF occurs, the reliability drops sharply due to the event-driven assessment approach embedded in Equation (6). However, this reliability measure does not consider the cumulative impact of past negative interactions caused by CPAs. As a result, the reliability value returns to its original level once the fault is removed. To address this, the weighted reliability is computed using Equation (7), which incorporates a time-forgetting factor. This factor prevents the reliability from immediately returning to 1 after the fault is cleared. Instead, the reliability gradually recovers, reflecting the lingering impact of past negative events. As a result, the time-forgetting factor ensures a more realistic and gradual restoration of the reliability values over time. Furthermore, the trust values are estimated for each OCF case, with the initial trust value set at 0.5, representing a baseline level of intermediate trust in the EDS at the start. As the EDS operates under normal conditions, the trust value gradually increases over time, reflecting the natural progression of trust in any system. In the event of an OCF, the trust value decreases but subsequently recovers, gradually rising back, based on the dynamics driven by the corresponding reliability values. Moreover, the recovery time associated with each fault category after the fault is cleared varies in each case, as shown in Figure 4, because it is influenced by the variance values highlighted in Equation (9). Moreover, it is assumed that no negative historical interactions exist in this case. As a result, the rates of change in reliability and trust are similar.

3.1.2. Dynamics of Trust Value During Sensor Faults

Two types of physical faults in the EDS current sensor are considered: stuck fault and OCF. In the case of a stuck fault, where the phase-B current remains fixed at a constant value, the corresponding impact on reliability and trust quantification is illustrated in Figure 5a. Similarly, when the current sensor associated with phase-A fails and provides zero current feedback to the EDS controller (OCF), the resulting variations in reliability and trust are depicted in Figure 5b. It is evident that the recovery time is longer in the case of an OCF fault due to the increased fluctuation in the stability values, and this behavior is formulated using Equation (9).

3.1.3. Dynamics of Trust Value During Cyberattacks

This section analyzes the dynamics of trust values in the EDS under various cyberattacks affecting the reference input speed signal and feedback signals. Specifically, for a cyberattack targeting the reference speed, the Pearson correlation coefficient (PCC) between the message sequence patterns of the input and feedback speed in the CAN bus, as reported in [34], is shown in Figure 6a. The corresponding variations in the trust value of the EDS, computed using Equation (10) and derived from the PCC values, are depicted in Figure 6b. Notably, unlike other cases, attacks that manipulate the reference speed do not increase the total harmonic distortion of the feedback three-phase current. As a result, the impact of a gradual increase in trust is negligible, leading to a trust value that closely follows the observed PCC variations, as shown in Figure 6b. Moreover, cases VIII to XII examine cyberattacks that manipulate the 3-phase feedback current values from the current sensor, thereby affecting the EDS controller. These attacks are formulated as described in [17] and are further classified into positive and negative multiplier-based attacks. Additionally, the reliability and trust values associated with these positive and negative multiplier-based false data injection attacks on three-phase feedback current are illustrated in Figure 7 and Figure 8. Among these cases, case VIII exhibits the shortest trust recovery time, as it involves tampering with only a single phase, whereas cases X and XII have the longest trust recovery times, evaluated based on the number of behavioral segments.

Hence, estimating the trust values using the proposed model-based scheme validates its effectiveness, demonstrating its applicability to various types of CPAs. Consequently, it can be utilized to monitor the operational status of the EDS, enabling its integration into the torque-split optimization algorithm for real-time updates of the required torque values. Additionally, the proposed scheme can serve as an anomaly detection mechanism. However, implementing this functionality may require a dynamic threshold estimation scheme, which will be the focus of future work. Moreover, the comparison of contributions between proposed and prior studies is highlighted in Table 3.

Table 3. Comparison of the proposed contributions with prior anomaly-detection studies.

Research Methodology	CA Detection	OCF Detection	SF Detection	Detection Time (ms)	Accuracy (%)
[35]	T	NT	NT	–	92.10
[30]	T	NT	NT	50.0	99.50
[36]	NT	T	NT	40.0	88.53
[11]	NT	T	T	20.0	98.83
[28]	T	NT	NT	12.5	99.90
[37]	T	NT	NT	10.0	90.00
[29]	T	NT	NT	2.5	98.44
This work	T	T	T	2.5	100

CA: Cyberattack. OCF: Open-Circuit Fault. SF: Sensor Fault. NT: Not Tested. T: Tested.

Table 3. Comparison of the proposed contributions with prior anomaly-detection studies.

Research Methodology	CA Detection	OCF Detection	SF Detection	Detection Time (ms)	Accuracy (%)
[35]	T	NT	NT	–	92.10
[30]	T	NT	NT	50.0	99.50
[36]	NT	T	NT	40.0	88.53
[11]	NT	T	T	20.0	98.83
[28]	T	NT	NT	12.5	99.90
[37]	T	NT	NT	10.0	90.00
[29]	T	NT	NT	2.5	98.44
This work	T	T	T	2.5	100

CA: Cyberattack. OCF: Open-Circuit Fault. SF: Sensor Fault. NT: Not Tested. T: Tested.

3.2. Impact of Trust Values on Torque-Split Optimization

To evaluate the impact of individual EDS trust values on torque-split optimization, a vehicle model, as described in [38], is utilized. The drive cycle used for this vehicle model is shown in Figure 9. Additionally, the optimized torque demands for each motor in a four-motor drive system are presented in Figure 10. Under normal operation, when the trust values exceed 0.8, each EDS is considered fully trustworthy based on its operational performance. As a result, during this phase, the torque-split optimization algorithm operates normally. The torque values associated with each motor (M1, M2, M3, and M4) during this normal operation are shown as original torque values in Figure 10, corresponding to the drive cycle illustrated in Figure 9. To investigate the impact of the previously calculated trust values, it is assumed that EDS-1 and EDS-4 experience CPAs, which are detected by the proposed trust evaluation framework. As a result, these trust values are input into the torque-split optimization algorithm to reduce the torque demand from the affected EDSs, as they are under stress due to the CPA event. Specifically, the trust values for EDS-1 and EDS-4 are reduced to 0.6 and 0.7, respectively. Consequently, the torque values for M1 and M4 are also reduced, as shown by the updated torque in Figure 10. The average percentage difference between the original and updated torque for M1 and M4 is 40% and 30%, respectively. Moreover, Figure 11 illustrates the residual values obtained using the reference ($I_{dq}^{ref}$) and measured ($I_{dq}^m$) current values. The results demonstrate that reducing the demanded torque during a CPA event effectively minimizes system-level fluctuations, thereby mitigating the impact of CPA. In this context, anomalies associated with physical faults, sensor faults, and cyberattacks are considered in Figure 11 to validate this mitigation approach.

Hence, this approach to reducing torque demand can mitigate the impact of CPAs on system performance. By lowering the torque demand, the EDS reduces the current drawn from the battery. As a result, the impact of the associated CPA on system performance is lessened. This reduction in current not only minimizes the effect on the battery’s state of charge (SoC) but also decreases the likelihood of further failures that may stem from the initial CPA event.

4. Conclusions

The proposed trust evaluation framework for EDS monitors the reliability of the controller’s input signals using EDA schemes, which are subsequently utilized to formulate trust values. This scheme facilitates the detection of various CPAs and enhances the resilience of EDS by continuously assessing and monitoring reliability. Furthermore, integrating trust values with torque-split optimization serves as a mitigation strategy, reducing the impact of anomalies on system-level fluctuations through ALO.

Various case studies involving open-circuit faults, sensor malfunctions, and cyber threats validate the effectiveness of the proposed framework in identifying and mitigating these anomalies while demonstrating its applicability and versatility across different scenarios. This approach can be further refined to distinguish between different types of anomalies, thereby enabling precise localization. Moreover, the scale of disruption can be characterized based on its impact on the trust values. Moreover, since an electric vehicle can be equipped with multiple EDSs, performing trust evaluation for each system enables researchers to develop health monitoring applications and implement responsive control strategies in the event of reliability degradation in any individual EDS.

Additionally, the integration of the proposed scheme with torque split optimization can be further enhanced for different realistic driving conditions while further incorporating vehicle dynamics, which will be the focus of our future work.