Focus: The critical connection between digital commands and the physical inferences.

Coordinated and stealthy cyberattacks, such as manipulating data in ways that appear statistically normal, pose a high risk to critical energy infrastructure. Traditional intrusion detection systems fail to detect these attacks reliably. Assessing the maximum potential damage from such attacks is essential for prioritizing protection strategies. Thus, this research area aims to identify benign and malicious behavior, especially for critical parts of large systems, and includes the following topics:

Topic 2.1 – Anomaly Detection for OT Systems: Developing intrusion detection techniques and systems specifically for OT network traffic. This includes anomaly detection algorithms, which are compatible with the unique characteristics and constraints of smart grid communication.

Topic 2.2 – ML-based Anomaly Detection: Developing hybrid intrusion detection systems that comprise host- and network-based detection features. These systems parse, normalize, combine, and correlate multiple data streams to enhance detection accuracy significantly. Moreover, machine learning techniques enable near-real-time anomaly detection.