Overview

• Research Infrastructure
• Selected Research Topics
• Publications
• Selected Funded Projects

Research Infrastructure

CEROC maintains a robust and versatile research infrastructure designed to advance next‑generation AI‑Cybersecurity. Our capabilities center around two major pillars: cyber‑physical data generation for critical infrastructure security, and high‑performance compute resources for developing advanced AI models, including those trained on sensitive or controlled data.

Cyber-Physical Data Generation for Critical Infrastructure

CEROC operates a diverse ecosystem of cyber‑physical testbeds that enable researchers to generate high‑fidelity, multimodal cybersecurity datasets across multiple domains of national importance. These include:

• • • Smart Power Systems Testbeds: for studying grid resilience, intrusion detection, and AI‑assisted protection of modern power infrastructures.
    • Smart Manufacturing Systems: providing realistic industrial control environments for evaluating cyber‑physical attack impacts and AI‑driven anomaly detection.
    • Drone Swarm Security Testbed: supporting research on UAV swarm coordination, adversarial attacks, RF‑signal analysis, and multimodal intrusion detection.
    • Satellite and Space Systems Testbed: enabling experimentation with attack simulation, secure command‑and‑control, and AI‑enabled anomaly detection in space‑air‑ground networks.

These testbeds produce rich cyber, physical, RF, and multimodal telemetry—powering cutting‑edge AI models, digital twins, and cyber‑physical security research conducted by CEROC’s faculty, students, and partners.

GPU‑Empowered Cyber Range and AI Compute Infrastructure

Complementing the physical testbeds, CEROC operates a GPU‑empowered cyber range that provides the computational capacity required for training and deploying advanced AI models, including those built on sensitive or controlled data such as:

• • • Malware datasets
    • Insider threat logs
    • Network intrusion records
    • Industrial control system telemetry
    • Drone and satellite communication traces

This secure compute environment supports training of:

• • • Large Language Models (LLMs)
    • Deep learning architectures for intrusion detection
    • Generative AI models for cyber offense and defense
    • Adversarial machine learning pipelines

The cyber range allows researchers to experiment safely with high‑risk datasets, explore red‑team/blue‑team AI strategies, and accelerate the development of trustworthy, resilient AI‑Cyber solutions. The CEROC Cyber Range is a ten-node system developed at Tennessee Tech using an internally written, dynamic platform scripting language to create training environments across the center's education, outreach, and research missions.  The combined systems provide 632 physical cores and 1256 hyper threads with 13 TB of RAM.  The system also includes four (4) Nvidia A100 80GB GPUs.  Storage includes a shared pool of 243TB and 800 GB cache store.

Selected Research Topics

• AI‑Assisted Cyber‑Physical Security in Smart Manufacturing

  This research area introduces a domain‑aware, AI‑driven framework for securing subtractive and additive manufacturing systems. Using multi‑source data fusion and digital twin (DT) technology, the work enables safe experimentation with cyber‑physical attacks without disrupting production systems. A CNC‑based DT testbed generates diverse datasets for evaluating anomaly detection and classification methods, showing that detection accuracy varies by attack type and data fidelity. Extensions to additive manufacturing demonstrate the adaptability of the approach and highlight the importance of context‑aware, data‑driven monitoring to enhance the resilience of smart manufacturing environments.

• AI‑Enhanced Physical Layer Security for 6G and Next‑Generation Wireless Networks

  This topic explores AI‑driven strategies to secure advanced wireless systems against emerging threats in dynamic environments. Contributions include a deep learning‑based physical layer secret‑key generation method that achieves high throughput and low key disagreement, as well as GAN‑based defenses that reduce eavesdropping viability by minimizing channel similarity between legitimate users and attackers. Additional work develops AI‑based physical layer authentication (PLA) techniques achieving high detection accuracy against adversarial behavior. These innovations establish a foundation for quantum‑resilient, context‑aware wireless communication security.

• AI‑Assisted Network Security for Cooperative Smart Farming

  This research addresses cybersecurity challenges in Cooperative Smart Farming (CSF) networks, where shared resources increase vulnerability to cross‑farm attacks. Two smart‑farming testbeds were built to collect network data under diverse cyberattacks. A CNN‑Transformer edge anomaly detector supports real‑time intrusion detection, while a federated learning framework enables cross‑farm collaboration without sharing raw data. Enhancements via transfer learning, model compression, and defenses against adversarial poisoning (including LLM‑based filtering) strengthen the robustness and scalability of secure smart agriculture ecosystems.

• Adversarial Evasion Attacks and Defenses for ML‑Based Malware Detection

  This topic advances understanding of adversarial evasion (AE) attacks targeting deep learning‑based Windows malware detectors. A novel intra‑section code‑cave injection method embeds adversarial perturbations while preserving malware functionality, improving stealth and flexibility. The work leverages explainable AI to optimize perturbation locations and extends to obfuscated malware and hardened detectors. Complementary defensive strategies include adversarial training and development of robust models resilient to diverse AE variants. The contributions provide a comprehensive taxonomy of AE attacks and practical defense mechanisms for modern malware classifiers.

• AI‑Driven Cyber‑Physical Security and Attack Classification for Power Systems

  This research theme advances the security of modern power grids by integrating cyber, physical, and topological data with state‑of‑the‑art machine learning. Using a comprehensive cyber‑physical testbed, multimodal datasets—such as power measurements and network traffic—are collected to analyze complex attack scenarios including ransomware, denial‑of‑service, and multi‑location false data injection (FDI). Advanced models such as multi‑task graph convolutional neural networks (GCNNs) capture spatial‑temporal relationships across the grid, improving the detection and generalization of threats. Complementary deep learning approaches incorporate structural and topological information to enhance attack classification accuracy. Interpretability tools (e.g., SHAP) provide insights into critical cyber‑physical indicators, while transfer learning enables adaptation to new or evolving attack types. Together, these contributions establish a robust, interpretable, and scalable AI framework for defending critical power infrastructure using holistic, multi‑modal analysis.

• Multimodal Language Models (MMLMs) for Drone Swarm Threat Analysis

  This research evaluates whether multimodal language models can identify leader drones in coordinated UAV swarms using video inputs. Using a custom drone‑swarm testbed, state‑of‑the‑art MMLMs are tested for zero‑shot reasoning and visual inference relevant to national security applications. While general‑purpose models perform at random, fine‑tuned MMLMs show improved accuracy under constrained computational resources. The work demonstrates the potential for AI‑driven threat analysis and real‑time disruption strategies against autonomous aerial swarms.

• AI for Trust, Security, and Privacy in Decentralized Systems

  This topic focuses on securing decentralized infrastructures—such as blockchains, smart contracts, smart cities, and IoT systems—through advanced AI, ML, and large language models (LLMs). Contributions include real‑time Ethereum full‑node monitoring for analyzing transaction propagation, mempool behavior, and miner extractable value (MEV). Research also examines vulnerabilities in consensus protocols such as BFT‑Raft, revealing insider attack surfaces. Additional projects include SmartComply, an LLM‑powered framework that automates cybersecurity policy enforcement based on NIST 800‑53, and an LLM‑driven vulnerability detection engine that identifies smart contract flaws with higher accuracy than traditional ML models.

• AI‑Driven Smishing Detection and Threat Visualization

  This research area integrates few‑shot learning, graph‑based modeling, and secure language models (SLMs) to detect and interpret SMS phishing (smishing) attacks in real time. SmishViz, a graph‑based visualization system, provides dynamic monitoring and characterization of smishing campaigns to support threat intelligence workflows. Additional work analyzes the malicious use of generative AI in crafting deceptive messages, leading to AbuseGPT, a detection and mitigation framework for identifying AI‑generated smishing content. The contributions strengthen the security of mobile communication channels against evolving social engineering threats.

Publications

• S. Poudel, J. Eileen Baugh, M. Abouyoussef, A. Takiddin, M. Ismail and S. S. Refaat, "Bidirectional GNN-Based Intrusion Detection of Malware Injection Attacks in EV Charging Stations," in IEEE Transactions on Intelligent Transportation Systems, doi: 10.1109/TITS.2026.3651434.
• U. A. Mughal, A. Elshazly, R. Atat and M. Ismail, "Generalizable Topology-Aware GNN-Based Intrusion Detection System for UAV Swarms," in IEEE Internet of Things Journal, vol. 13, no. 1, pp. 1569-1580, 1 Jan.1, 2026, doi: 10.1109/JIOT.2025.3630488.
• C. Keçeci, R. Atat, M. Ismail, K. R. Davis, and E. Serpedin, “Distributed detection and mitigation of FDIAs in smart grids via federated learning,” International Journal of Electrical Power & Energy Systems, vol. 172, pp. 111126, 2025, doi: 10.1016/j.ijepes.2025.111126
• M. Elyamani, M. F. Shaaban, M. H. Ahmed, M. Ismail, M. A. Azzouz and A. Ali, "Enhancing Observability in Distribution Grids: A Novel Approach to Mitigate Cyberattack Risks in Smart Grid Environments," in IEEE Access, vol. 13, pp. 171807-171817, 2025, doi: 10.1109/ACCESS.2025.3613488.
• H. Keller, S. Aboelmagd, S. S. Refaat, A. Takiddin, M. Ismail and E. Serpedin, "Multi-Task Graph-Based Attack Detection and Localization in Cyber-Physical Power Systems," 2025 33rd European Signal Processing Conference (EUSIPCO), Palermo, Italy, 2025, pp. 1752-1756, doi: 10.23919/EUSIPCO63237.2025.11226574.
• J. Richeson, S. Aboelmagd, U. Mughal, A. Takiddin and M. Ismail, "Ensemble Learning-Based Intrusion Detection System for Aerial Base Stations Against Adversarial Evasion Attacks," ICC 2025 - IEEE International Conference on Communications, Montreal, QC, Canada, 2025, pp. 2677-2682, doi: 10.1109/ICC52391.2025.11160712.
• M. Elnour, R. Atat, A. Takiddin, M. Ismail, and E. Serpedin, “Eigenvector centrality‑enhanced graph network for attack detection in power distribution systems,” Electric Power Systems Research, vol. 240, pp. 111339, 2025, doi: 10.1016/j.epsr.2024.111339.
• E. Mahalal, E. Hasan, M. Ismail, Z. -Y. Wu, M. M. Fouda and Z. M. Fadlullah, "Deep Learning-based Physical Layer Authentication in LiFi Networks Under Multi - User Mobility," SoutheastCon 2025, Concord, NC, USA, 2025, pp. 776-781, doi: 10.1109/SoutheastCon56624.2025.10971591.
• R. Atat, A. Takiddin, M. Ismail and E. Serpedin, "Graphon Neural Networks-Based Detection of False Data Injection Attacks in Dynamic Spatio-Temporal Power Systems," in IEEE Open Access Journal of Power and Energy, vol. 12, pp. 24-35, 2025, doi: 10.1109/OAJPE.2025.3530352.
• S. R. Fahim et al., "Graph Neural Network-Based Approach for Detecting False Data Injection Attacks on Voltage Stability," in IEEE Open Access Journal of Power and Energy, vol. 12, pp. 12-23, 2025, doi: 10.1109/OAJPE.2024.3524268
• S. R. Fahim, R. Atat, A. Takiddin, M. Ismail, K. R. Davis, and E. Serpedin, “An unsupervised approach to enhance cyber resiliency of power systems against false data injection attacks on voltage stability,” International Journal of Electrical and Electronic Engineering & Telecommunications, vol. 14, no. 2, pp. 88–93, 2025.
• M. M. Islam, R. Atat, M. Ismail, K. R. Davis, and E. Serpedin, “Enhancing power grid management and incident response mechanisms through consortium blockchain,” IET Smart Grid, vol. 8, no. 1, pp. e12203, 2025, doi: 10.1049/stg2.12203.
• E. Mahalal et al., "Concept Drift Aware Wireless Key Generation in Dynamic LiFi Networks," in IEEE Open Journal of the Communications Society, vol. 6, pp. 742-758, 2025, doi: 10.1109/OJCOMS.2024.3524497.
• U. A. Mughal, R. Atat and M. Ismail, "Graph Neural Network-Based Intrusion Detection System for a Swarm of UAVs," MILCOM 2024 - 2024 IEEE Military Communications Conference (MILCOM), Washington, DC, USA, 2024, pp. 578-583, doi: 10.1109/MILCOM61039.2024.10773671.
• E. Mahalal, M. Ismail, Z. -Y. Wu, M. M. Fouda and Z. Md Fadlullah, "GAN-Assisted Secret Key Generation Against Eavesdropping In Dynamic Indoor LiFi Networks," 2024 IEEE 100th Vehicular Technology Conference (VTC2024-Fall), Washington, DC, USA, 2024, pp. 1-5, doi: 10.1109/VTC2024-Fall63153.2024.10757826.
• A. Takiddin, M. Ismail, R. Atat and E. Serpedin, "Spatio-temporal Graph-Based Generation and Detection of Adversarial False Data Injection Evasion Attacks in Smart Grids," in IEEE Transactions on Artificial Intelligence, vol. 5, no. 12, pp. 6601-6616, Dec. 2024, doi: 10.1109/TAI.2024.3464511.
• S. R. Fahim et al., "Generalized FDIA Detection in Power Dependent Electrified Transportation Systems," 2024 32nd European Signal Processing Conference (EUSIPCO), Lyon, France, 2024, pp. 1851-1855, doi: 10.23919/EUSIPCO63174.2024.10715443.
• A. Takiddin, R. Atat, H. Mbayed, M. Ismail and E. Serpedin, "Resilience of Data-Driven Cyberattack Detection Systems in Smart Power Grids," 2024 32nd European Signal Processing Conference (EUSIPCO), Lyon, France, 2024, pp. 1992-1996, doi: 10.23919/EUSIPCO63174.2024.10715330.
• M. A. Islam, R. Atat and M. Ismail, "Software-Defined Networking-Based Resilient Proactive Routing in Smart Grids Using Graph Neural Networks and Deep Q-Networks," in IEEE Access, vol. 12, pp. 111169-111186, 2024, doi: 10.1109/ACCESS.2024.3438938.
• J. Potts and M. Ismail, “Hybrid cyber‑physical intrusion detection system for smart manufacturing,” The International FLAIRS Conference Proceedings, vol. 37, no. 1, 2024, doi: 10.32473/flairs.37.1.135587.
• S. R. Fahim et al., "Graph Autoencoder-Based Power Attacks Detection for Resilient Electrified Transportation Systems," in IEEE Transactions on Transportation Electrification, vol. 10, no. 4, pp. 9539-9553, Dec. 2024, doi: 10.1109/TTE.2024.3355094. 
• S. C. Hassler, U. A. Mughal and M. Ismail, "Cyber-Physical Intrusion Detection System for Unmanned Aerial Vehicles," in IEEE Transactions on Intelligent Transportation Systems, vol. 25, no. 6, pp. 6106-6117, June 2024, doi: 10.1109/TITS.2023.3339728. 
• B. Williams, G. Ciocarlie, K. Saleeby, M. Ismail and C. Mulkey, "Digital Twin of Cyber-Physical CNC for Smart Manufacturing," 2023 IEEE 3rd International Conference on Digital Twins and Parallel Intelligence (DTPI), Orlando, FL, USA, 2023, pp. 1-6, doi: 10.1109/DTPI59677.2023.10365463.
• ·S. Poudel, J. E. Baugh, A. Takiddin, M. Ismail and S. S. Refaat, "Injection Attacks and Detection Strategy in Front-End Vehicle-to-Grid Communication," 2023 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Glasgow, United Kingdom, 2023, pp. 1-6, doi: 10.1109/SmartGridComm57358.2023.10333927.
• U. A. Mughal, S. C. Hassler and M. Ismail, "Machine Learning-Based Intrusion Detection for Swarm of Unmanned Aerial Vehicles," 2023 IEEE Conference on Communications and Network Security (CNS), Orlando, FL, USA, 2023, pp. 1-9, doi: 10.1109/CNS59707.2023.10288962.
• U. A. Mughal, M. Ismail and S. A. A. Rizvi, "Stealthy False Data Injection Attack on Unmanned Aerial Vehicles with Partial Knowledge," 2023 IEEE Conference on Communications and Network Security (CNS), Orlando, FL, USA, 2023, pp. 1-9, doi: 10.1109/CNS59707.2023.10289001.
• R. Atat, M. Ismail and E. Serpedin, "Graphon-based Synthetic Power System Model and its Application in System Risk Analysis," 2023 IEEE International Smart Cities Conference (ISC2), Bucharest, Romania, 2023, pp. 1-6, doi: 10.1109/ISC257844.2023.10293721.
• A. Takiddin, M. Ismail, R. Atat, K. R. Davis, and E. Serpedin, “Graph autoencoder‑based detection of unseen false data injection attacks in smart grids,” in Intelligent Systems and Applications (IntelliSys 2023), Lecture Notes in Networks and Systems, vol. 822, Springer, Cham, 2024, doi: 10.1007/978‑3‑031‑47721‑8_16.
• A. Takiddin, R. Atat, M. Ismail, K. Davis and E. Serpedin, "A Graph Neural Network Multi-Task Learning-Based Approach for Detection and Localization of Cyberattacks in Smart Grids," ICASSP 2023 - 2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Rhodes Island, Greece, 2023, pp. 1-5, doi: 10.1109/ICASSP49357.2023.10096822.

Selected Funded Projects

• National Science Foundation, ENG‑EPCN Program: SHIELD — Strategic Holistic Framework for Intrusion Prevention using Multi‑modal Data in Power Systems;Total: $750,000 (Tennessee Tech share: $375,000); 2022–2025.

  This project develops an AI‑driven, multi‑modal cyber‑physical intrusion detection framework for modern power systems. By integrating electrical measurements, network traffic, system logs, and adversarial threat data, SHIELD advances the use of deep learning, graph-based models, and multimodal sensor fusion to detect and mitigate cyberattacks on critical infrastructure. The project emphasizes hands‑on student training, cyber‑physical testbed development, and multi‑institution collaboration to strengthen the resilience of the power grid against evolving threats such as false data injection, ransomware, and coordinated cyber‑physical attacks.

• National Science Foundation, CNS-NeTS Program (USA-Japan Collaborative Research): SWIFT - Softwarization of Intelligence for Efficient 6G Mobile Networks; Total $450,000 (Tennessee Tech share: $225,000); 2022-2025.

  One of only five projects funded nationwide in this call, SWIFT explores the security of next‑generation 6G mobile networks through AI‑enabled, software-driven architectures. The project investigates intelligent resource management, machine learning–assisted threat mitigation, and adversarial robustness in ultra‑dense, virtualized wireless environments. Research outcomes include AI‑enhanced physical layer security, anomaly detection in software‑defined radio stacks, and secure multi‑tenant network slicing—addressing the growing attack surface of programmable 6G systems.

• National Science Foundation, ENG‑ECCS ERI Program: Empowering Data‑Driven Resource Management in Indoor 5G+ Wireless Networks;$199,454; 

  This project advances physical-layer security and AI-driven optimization in next‑generation optical/wireless indoor networks. The research develops deep learning models for secure visible‑light communication (VLC) and AI‑assisted signal authentication. The goal is to build more resilient 5G+ environments capable of adapting to dynamic conditions, mitigating eavesdropping threats, and improving secure connectivity in high‑density indoor deployments.

• Qatar National Research Program (NPRP): Machine Learning‑Based Design and Operation of Next‑Generation Software‑Defined Heterogeneous Networks;Total: $600,000 (Tennessee Tech share: $148,000); 2021–2024.

  This project investigates AI‑enabled security in software‑defined and virtualized heterogeneous networks, focusing on adaptive threat detection, topology‑aware anomaly analytics, and reinforcement‑learning‑based controller protection. Research includes designing ML models that secure SDN control planes, detect routing manipulation attacks, and support resilient orchestration across hybrid 5G/IoT environments.

• Qatar National Research Program (NPRP): Enabling Efficient Integration of Electric Vehicles in Qatar’s Smart Grid—Planning, Operation, and Cybersecurity;Total: $600,000 (Tennessee Tech share: $105,000); 2020–2023.

  This project explores AI‑driven cybersecurity for electric vehicle (EV) ecosystems, including charging infrastructure, V2G (vehicle‑to‑grid) communication, and distributed energy management. Research contributions include anomaly detection for EV charging stations, adversarial machine learning studies on grid‑connected EV systems, and data‑driven defenses against coordinated cyber‑physical threats targeting smart mobility networks.