Dr. Ezhil Selvam Kalaimannan

In our interconnected digital landscape, safeguarding network security is paramount. This research juxtaposes two anomaly detection methods: an Auto-encoder model using Ten-sorFlow's Keras and the K-Nearest Neighbours (KNN) algorithm. Beyond assessing model performance, this study underscores the practical relevance of these techniques in real-world security contexts. The KNN results reveal 202,325 True Positives, 4,442 True Negatives, 960 (0.045%) False Positives (Type-I error), and 2,274 (1.08%) False Negatives (Type-II error), while the Auto-encoder model achieves 130,260 True Positives, 1,791 True Negatives, 5,208 (3.7%) False Positive (Type-I error), and 2,742 (1.96%) False Negatives (Type-II error). Crucially, this research emphasizes that timely anomaly detection is the linchpin in thwarting potential security breaches, with anomaly prevention serving as a proactive defense strategy. By harnessing machine learning and data-driven methodologies, this work contributes to fortifying network security. These findings provide security prac-titioners with valuable insights into the pivotal role of anomaly detection in intrusion prevention. Furthermore, this study paves the way for future advancements in network security, solidifying the position of proactive anomaly detection in cybersecurity.

We propose a light-weighted authentication scheme FogAutho for securing fog-cloud systems in smart home applications. It uses a novel approach to generate a session key after authenticating both ends; Fog and IoT layers. The cloud server may revoke the session key. Our proposed approach minimizes the communication between end users, fog server, and cloud server during data authentication. FogAutho achieves security objectives such as mutual authentication for both ends, a secure session key generation, data confidentiality, and attack resistance with significantly reduced communication overhead compared to the existing authentication mechanisms in the fog-cloud system.

Direct load controlling and scheduling mechanisms find a significant research focus in the field of smart grids. However, the success of the existing load scheduling mechanisms depends on their performance in the real-world scenario for which they need practical energy consumption data, which is difficult to obtain due to various security and privacy concerns. Moreover, obtaining such data in the real world would require installing various sensors that would incur huge costs. To address and mitigate this issue, in this paper, we propose a new simulation tool, called Deferrable Load Simulator (DeLSim). DeLSim takes the functioning models of the various types of devices, simulates multiple devices from the models, and then returns data from the simulated models.

In this paper, we take up the problem of scheduling flexible devices, which can be operated at different power levels, having different power and timing requirements, under the constraint of peak load demand to minimize the overall finishing time. We present a formal mathematical programming formulation and have proposed efficient heuristic algorithm to solve the problem efficiently for larger systems.

Cyber-physical systems (CPS) are designed to provide observation and control of processes, designed for high operation, reliability, and safety performance levels. CPS were historically developed void of contact with the Internet or other cyber-attack threat vectors. The integration of the Internet, Internet of Things, and Industrial Internet of Things exposed the cybersecurity resource limited programmable logic controllers, intelligent electronic devices, sensors, and actuators to an expanded range of threats. The need for increased cyber security in this environment requires improvement in controls against vulnerabilities in CPS. Many CPS operate with the incorporation of a state estimation system. State estimation systems provide insight into the typically unobservable system state given observable measurements and relations of those measurements to the system state. Measurements outside of 3-sigma are discarded as bad measurements. Current methods establish the accepted boundary of measurements. The potential inclusion of cyber-attack data within accepted boundary define a set of sub-erroneous outliers which are within normal operations yet below current outliers. Outlier algorithms may be implemented to detect sub-erroneous outliers. A cyber-aware state estimator can accommodate for the attack and provide a correct state estimate given the implementation of a Cyber Attack Matrix constructed from sub-erroneous outlier detection. The sub-erroneous outlier detections evaluated found that a Grubb's test or Mahalanobis distance provided good performance.

We propose an optimal sizing methodology for hybrid renewable energy sources (HRES) for a microgrid (MG) with integrated demand response. The proposed mechanism determines the optimal number of renewable energy sources, specifically wind turbines and photovoltaic cells, and battery storage systems, to be installed in the microgrid, such that the overall operations cost of the microgrid is reduced.

Cyber-physical systems (CPS) maintain operation, reliability, and safety performance using state estimation and control methods. Internet connectivity and Internet of Things (IoT) devices are being integrated with CPS, such as in smart grids. This integration of Operational Technology (OT) and Information Technology (IT) brings with it challenges for state estimation and cyber-threat exposure. This research establishes a state estimation baseline, details the integration of IT, evaluates the vulnerabilities, and develops an approach for detecting and responding to cyber-attack data injections. Where other approaches focus on integration of IT cyber-controls, this research focuses on development of a classification tool using data currently available in state estimation methods to quantitatively determine the presence of cyber-attack data. The tools may increase computational requirements but provide methods which can be integrated with existing state estimation methods. The updated cyber resilient state estimation process provides for future research in state estimation based cyber-attack incident response.

Traffic control systems were developed with operational performance, reliability, and safety in mind. Traffic control systems were designed well before the heavy integration of advanced communications including radio frequency (RF), the Internet and cellular transmissions. These technologies were integrated to provide more control and enable the traffic systems to become adaptive to real-time traffic flow and environmental conditions. These advances increase the opportunity for attackers to affect traffic system operations, sometimes creating a congestion which essentially halts traffic. The Secure SCADA Framework presents eight objectives which would increase the cyber resilience of an existing vulnerable cyber physical system, such as a traffic control system [1]. This approach retains the current operational performance, reliability, and safety. The concept of using a Trusted Computing Base (TCB) in a cyber-physical system is one goal of the eight presented for the Secure SCADA Framework. The SCADA TCB (STCB) project designs, develops, and verifies a core set of hardware, software, and firmware which operate in conjunction to establish a high level of security protecting a traffic control system. This research defines the requirements of a traffic control system, establishes a security policy, develops a trusted computing base, identifies and designs attacks on the system, and meets the development life-cycle requirements to proceed with implementation, verification, and testing.

The Smart Grid integration with the existing grid provides increased benefits and risks to grid operation. These benefits and risks are driven by the distribution of power generation, integration of communication technology, and a more complex demand-response system. Smart Grid benefits include availability of end-user power generation, end-user income through provision of excess power, and the ability for the electric company to provide a more dynamic demand-response system. Disadvantages include the logistical integration complexity, lack of communication technology standards, cost of replacing analog meters, and increased exposure to cyber threats. Historically, the electric grid controls demand and response based on state estimation techniques. Many of these techniques include the ability to ignore measurement outliers, which are assumed to be erroneous data. The cyber-attacker can perform false data injection attacks, which escape the outlier detection and bias the state estimation. A robust cyber-resilient CPS includes sub-erroneous outlier detection, cyber-attack data weighting, cyber-attack data classification, state estimation cyber detection, and cyber aware state estimation. Previous and parallel studies are developing algorithms to perform the sub-erroneous outlier detection. The purpose of this paper is to evaluate the feasibility of simple linear regression to measure the performance of the sub-erroneous outlier detection algorithms.

The number of evidences found in a digital crime scene has burgeoned significantly over the past few years. In addition, the demand for delivering accurate results within a given time deadline has increased. The major challenges coinciding with these aforementioned objectives are to investigate the right set of evidences and to allocate appropriate times for their investigation. In this paper, we present a mixed integer linear programming (MILP) model to analyze the problem of allocating optimal investigation times for evidences involving a single investigator. The objective is to maximize the overall effectiveness of a forensic investigation procedure. We particularly focus on the time critical digital forensic cases, in which results have to be finalized in a court of law within a specified time deadline. While the general problem is NP-hard, two special cases are illustrated to be optimally solvable in polynomially computational effort. Two heuristic algorithms are proposed to solve the general problem. Results of extensive computational experiments to empirically evaluate their effectiveness in finding an optimal or near-optimal solution are reported. Finally, this paper concludes with a summary of findings and some fruitful directions for future research.