SCADA (Supervisory Control and Data Acquisition) systems play a pivotal role in managing critical industrial processes, extending from energy production to manufacturing. However, their widespread adoption and increased interconnectivity has exposed them to evolving cyber threats, demanding a thorough vulnerability assessment and effective defense mechanisms. This research focuses on revealing novel internal threats within SCADA systems capable of eluding conventional monitoring nodes. To simulate real-world scenarios, we've developed a virtualized SCADA testbed faithfully replicating Industrial Control Systems (ICS) complexities. Within this virtualized environment, we've introduced two groundbreaking covert attack scenarios. The SCADA Hijacking Attack illustrates an intruder manipulating process parameters deceptively to hijack the system without detection. Simultaneously, the SCADA Blackout discreetly halts the entire process. To fortify SCADA systems against these stealthier attacks, we propose a defense mechanism leveraging machine learning-based Network Intrusion Detection Systems (NIDS). These NIDS utilize meticulously crafted network features, discerning patterns indicative of covert infiltrations, surpassing traditional IDS approaches. Our research not only reveals potential threats within SCADA environments but also establishes the groundwork for enhancing the resilience of these critical systems against stealth and hijacking attacks.

Adapting modern approaches for network intrusion detection is becoming critical, given the rapid technological advancement and adversarial attack rates. Therefore, packet-based methods utilizing payload data are gaining much popularity due to their effectiveness in detecting certain attacks. However, packet-based approaches suffer from a lack of standardization, resulting in incomparability and reproducibility issues. Unlike flow-based datasets, no standard labeled dataset exists, forcing researchers to follow bespoke labeling pipelines for individual approaches. Without a standardized baseline, proposed approaches cannot be compared and evaluated with each other. One cannot gauge whether the proposed approach is a methodological advancement or is just being benefited from the proprietary interpretation of the dataset. Addressing comparability and reproducibility issues, we introduce Payload-Byte, an open-source tool for extracting and labeling network packets in this work. Payload-Byte utilizes metadata information and labels raw traffic captures of modern intrusion detection datasets in a generalized manner. Moreover, we transformed the labeled data into a byte-wise feature vector that can be utilized for training machine learning models. The whole cycle of processing and labeling is explicitly stated in this work. Furthermore, source code and processed data are made publicly available so that it may act as a standardized baseline for future research work. Lastly, we present a brief comparative analysis of machine learning models trained on packet-based and flow-based data. UNSW-NB15 and CIC-IDS2017.

Microgrids specialized for tactical operations  have been subjected to several challenges. These tactical power  networks are islanded and have a relatively low power  generation capacity. Meeting power requirements of military  equipment, having intermittent and highly inductive nature,  exposes microgrids to severe stresses. Existing methodologies to  monitor and control the impact of load variations require  sophisticated equipment and trained personnel. The objective of  this research paper is to present an open-source edge energy  monitoring system (EEMS) for efficient demand management of  tactical networks. The proposed system is capable of capturing all minute operational artifacts, including harmonic distortions  and power quality of these networks. A variable gain amplifier  circuit enables the proposed EMS to sense all the signals in a  wide range of power with higher resolution. The proposed  system utilizes raspberry pi as an edge device to meet the low  power requirements of tactical networks. The novel concurrent  programming approach adopted in the proposed EMS,  effectively handles the large amount of data acquired from the  network. This parallel processing of acquired data speeds up the  execution process. All electrical parameters obtained during this  process are stored in an encrypted local database that can be  utilized for fault analysis and load prediction. Further  integration of machine learning tools in proposed EMS assists in  automated power network reconfiguration and tuning under  harsh battlefield situations

Emerging Cyber threats with an increased dependency on vulnerable cyber-networks have jeopardized all stakeholders, making Intrusion Detection Systems (IDS) the essential network security requirement. Several IDS have been proposed in the past decade for preventing systems from cyber-attacks. Machine learning (ML) based IDS have shown remarkable performance on conventional cyber threats. However, the introduction of adversarial attacks in the cyber domain highlights the need to upgrade these IDS because conventional ML-based approaches are vulnerable to adversarial attacks. Therefore, the proposed IDS framework leverages the performance of conventional ML-based IDS and integrates it with Explainable AI (XAI) to deal with adversarial attacks. Global Explanation of AI model, extracted by SHAP (Shapley additive explanation) during the training phase of Primary Random Forest Classifier (RFC), is used to reassess the credibility of predicted outcomes. In other words, an outcome with low credibility is reassessed by secondary classifiers. This SHAP-based approach helps in filtering out all disguised malicious network traffic and can also enhance user trust by adding transparency to the decision-making process. Adversarial robustness of the proposed IDS was assessed by Hop Skip Jump Attack and CICIDS dataset, where IDS showed 98.5% and 100% accuracy, respectively. Furthermore, the performance of the proposed IDS is compared with conventional algorithms using recall, precision, accuracy, and F1-score as evaluation metrics. This comparative analysis and series of experiments endorse the credibility of the proposed scheme, depicting that the integration of XAI with conventional IDS can ensure credibility, integrity, and availability of cyber-networks.