Publication

Abstract : Modern power systems increasingly rely on Industrial Internet of Things (IIoT) devices, making them vulnerable to cyber threats, particularly Man-in-the-Middle (MitM) attacks that can intercept and manipulate SCADA communications. This study presents a cybersecurity framework designed to detect, prevent, and localize MitM attacks in smart grids. The framework integrates machine learning-based Intrusion Detection Systems (IDS), encryption using Advanced Encryption Standard in Galois/Counter Mode (AES-GCM) and Salsa20, and attack localization methods. Binary and multiclass classification models are trained to distinguish between benign and malicious traffic, achieving accuracies of 99.80% and 99.90%, respectively. The multiclass model is deployed on PYNQ Z2 board and Google Coral Dev Board, demonstrating real-time inference with hardware-level acceleration. To evaluate encryption robustness, a series of cryptographic security tests were conducted. AES-GCM resisted over 1 million brute-force attempts and flagged all instances of ciphertext tampering via MAC check failures in bit-flipping tests. Chi-square tests produced p-values above 0.95, indicating statistically strong randomness. Salsa20 similarly exhibited high resilience against brute-force attempts. Hamming distances averaged 127.8 bits for 256-bit ciphertexts, confirming sensitivity to key changes. Nonce tests showed keystream divergence above 95%, and Salsa20 ciphertext entropy exceeded 7.98 bits per byte, ensuring unpredictability. This integrated approach addresses critical gaps in existing literature, offering a scalable, high-performance solution for enhancing cybersecurity in power systems against MitM threats.