Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networks
In the SCADA (Supervisory Control and Data Acquisition) network of a smart grid, the network switch is connected to multiple Intelligent Electronic Devices (IEDs) that are based on protective relays. False-Data Injection Attacks (FDIA), Remote-Tripping Command Injection (RTCI), and System Reconfigur...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SAGE Publishing
2025-03-01
|
| Series: | International Journal of Engineering Business Management |
| Online Access: | https://doi.org/10.1177/18479790251328183 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | In the SCADA (Supervisory Control and Data Acquisition) network of a smart grid, the network switch is connected to multiple Intelligent Electronic Devices (IEDs) that are based on protective relays. False-Data Injection Attacks (FDIA), Remote-Tripping Command Injection (RTCI), and System Reconfiguration Attacks (SRA) are three types of cyber-attacks on SCADA networks, resulting in single-line-to-ground (SLG) fault, IED-relay failure, and circuit-breaker open issues occur. The existing cyber threat intelligence (CTI) approaches of grids are unable to provide visualization of cyber-attacking grid effects. To understand the full effect of the attacks, there is a need for a knowledge-graph method-based digital-twin cyber-attack visualization approach in SCADA networks, which is missing in existing SCADA systems. This study presents a novel “Digital-twin and Machine Learning-based SCADA Cyber Threat Intelligence (DT-ML-SCADA-CTI)” approach, which utilizes an innovative algorithm to visualize and predict the effects of cyber-attacks, including FDIA, RTCI, and SRA, on SCADA systems. The process begins with data transformation to generate cyber-attack grid data, which is then analyzed for attack prediction using machine learning models such as Extra-Trees, XGBoost, Random Forest, Bootstrap Aggregating, and Logistic Regression. To further enhance the analysis, a directed-graph (DiGraph) algorithm is applied to create a knowledge-graph-based digital twin, allowing for a deeper understanding of how these cyber-attacks impact SCADA operations. The comparison with existing models demonstrates the superiority of the proposed approach, as it offers a more detailed and clearer digital-twin representation of cyber-attack effects. This enhanced visualization provides deeper insights into attack dynamics and significantly improves predictive accuracy, showcasing the effectiveness of the proposed method in understanding and mitigating cyber threats. |
|---|---|
| ISSN: | 1847-9790 |