Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networks
In the SCADA (Supervisory Control and Data Acquisition) network of a smart grid, the network switch is connected to multiple Intelligent Electronic Devices (IEDs) that are based on protective relays. False-Data Injection Attacks (FDIA), Remote-Tripping Command Injection (RTCI), and System Reconfigur...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SAGE Publishing
2025-03-01
|
| Series: | International Journal of Engineering Business Management |
| Online Access: | https://doi.org/10.1177/18479790251328183 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849393494226894848 |
|---|---|
| author | Nabeel Al-Qirim Munir Majdalawieh Anoud Bani-hani Hussam Al Hamadi |
| author_facet | Nabeel Al-Qirim Munir Majdalawieh Anoud Bani-hani Hussam Al Hamadi |
| author_sort | Nabeel Al-Qirim |
| collection | DOAJ |
| description | In the SCADA (Supervisory Control and Data Acquisition) network of a smart grid, the network switch is connected to multiple Intelligent Electronic Devices (IEDs) that are based on protective relays. False-Data Injection Attacks (FDIA), Remote-Tripping Command Injection (RTCI), and System Reconfiguration Attacks (SRA) are three types of cyber-attacks on SCADA networks, resulting in single-line-to-ground (SLG) fault, IED-relay failure, and circuit-breaker open issues occur. The existing cyber threat intelligence (CTI) approaches of grids are unable to provide visualization of cyber-attacking grid effects. To understand the full effect of the attacks, there is a need for a knowledge-graph method-based digital-twin cyber-attack visualization approach in SCADA networks, which is missing in existing SCADA systems. This study presents a novel “Digital-twin and Machine Learning-based SCADA Cyber Threat Intelligence (DT-ML-SCADA-CTI)” approach, which utilizes an innovative algorithm to visualize and predict the effects of cyber-attacks, including FDIA, RTCI, and SRA, on SCADA systems. The process begins with data transformation to generate cyber-attack grid data, which is then analyzed for attack prediction using machine learning models such as Extra-Trees, XGBoost, Random Forest, Bootstrap Aggregating, and Logistic Regression. To further enhance the analysis, a directed-graph (DiGraph) algorithm is applied to create a knowledge-graph-based digital twin, allowing for a deeper understanding of how these cyber-attacks impact SCADA operations. The comparison with existing models demonstrates the superiority of the proposed approach, as it offers a more detailed and clearer digital-twin representation of cyber-attack effects. This enhanced visualization provides deeper insights into attack dynamics and significantly improves predictive accuracy, showcasing the effectiveness of the proposed method in understanding and mitigating cyber threats. |
| format | Article |
| id | doaj-art-ca2a0de66ff541a89fe24e4a7b893c49 |
| institution | Kabale University |
| issn | 1847-9790 |
| language | English |
| publishDate | 2025-03-01 |
| publisher | SAGE Publishing |
| record_format | Article |
| series | International Journal of Engineering Business Management |
| spelling | doaj-art-ca2a0de66ff541a89fe24e4a7b893c492025-08-20T03:40:24ZengSAGE PublishingInternational Journal of Engineering Business Management1847-97902025-03-011710.1177/18479790251328183Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networksNabeel Al-QirimMunir MajdalawiehAnoud Bani-haniHussam Al HamadiIn the SCADA (Supervisory Control and Data Acquisition) network of a smart grid, the network switch is connected to multiple Intelligent Electronic Devices (IEDs) that are based on protective relays. False-Data Injection Attacks (FDIA), Remote-Tripping Command Injection (RTCI), and System Reconfiguration Attacks (SRA) are three types of cyber-attacks on SCADA networks, resulting in single-line-to-ground (SLG) fault, IED-relay failure, and circuit-breaker open issues occur. The existing cyber threat intelligence (CTI) approaches of grids are unable to provide visualization of cyber-attacking grid effects. To understand the full effect of the attacks, there is a need for a knowledge-graph method-based digital-twin cyber-attack visualization approach in SCADA networks, which is missing in existing SCADA systems. This study presents a novel “Digital-twin and Machine Learning-based SCADA Cyber Threat Intelligence (DT-ML-SCADA-CTI)” approach, which utilizes an innovative algorithm to visualize and predict the effects of cyber-attacks, including FDIA, RTCI, and SRA, on SCADA systems. The process begins with data transformation to generate cyber-attack grid data, which is then analyzed for attack prediction using machine learning models such as Extra-Trees, XGBoost, Random Forest, Bootstrap Aggregating, and Logistic Regression. To further enhance the analysis, a directed-graph (DiGraph) algorithm is applied to create a knowledge-graph-based digital twin, allowing for a deeper understanding of how these cyber-attacks impact SCADA operations. The comparison with existing models demonstrates the superiority of the proposed approach, as it offers a more detailed and clearer digital-twin representation of cyber-attack effects. This enhanced visualization provides deeper insights into attack dynamics and significantly improves predictive accuracy, showcasing the effectiveness of the proposed method in understanding and mitigating cyber threats.https://doi.org/10.1177/18479790251328183 |
| spellingShingle | Nabeel Al-Qirim Munir Majdalawieh Anoud Bani-hani Hussam Al Hamadi Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networks International Journal of Engineering Business Management |
| title | Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networks |
| title_full | Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networks |
| title_fullStr | Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networks |
| title_full_unstemmed | Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networks |
| title_short | Cyber threat intelligence for smart grids using knowledge graphs, digital twins, and hybrid machine learning in SCADA networks |
| title_sort | cyber threat intelligence for smart grids using knowledge graphs digital twins and hybrid machine learning in scada networks |
| url | https://doi.org/10.1177/18479790251328183 |
| work_keys_str_mv | AT nabeelalqirim cyberthreatintelligenceforsmartgridsusingknowledgegraphsdigitaltwinsandhybridmachinelearninginscadanetworks AT munirmajdalawieh cyberthreatintelligenceforsmartgridsusingknowledgegraphsdigitaltwinsandhybridmachinelearninginscadanetworks AT anoudbanihani cyberthreatintelligenceforsmartgridsusingknowledgegraphsdigitaltwinsandhybridmachinelearninginscadanetworks AT hussamalhamadi cyberthreatintelligenceforsmartgridsusingknowledgegraphsdigitaltwinsandhybridmachinelearninginscadanetworks |