Staying one step ahead of cyberattackers

February 25, 2025

Mizzou researchers have developed a proactive approach using AI to address evolving threats against smart grids.

A new cybersecurity framework developed by Mizzou Engineering researchers can predict cyberattacks on smart grids with nearly 92% accuracy.

At Mizzou Engineering, we never stop searching for better solutions to pressing issues. Take cyberattacks on power grids, which could disconnect power to millions of people, threatening security and endangering lives.

Following numerous attacks in recent years, utilities are somewhat prepared, but attackers are continually evolving their strategies. Researchers at Mizzou Engineering are seeking to leap ahead in this new arms race.

“Current grid operators rely on outdated security measures like firewalls and antivirus software, which are ineffective against sophisticated, modern attacks,” Prasad Calyam, Curators’ Distinguished Professor in the Department of Electrical Engineering and Computer Science, said. “What’s needed is a cybersecurity framework that uses real-time knowledge to predict and detect targeted attacks, along with active defense strategies that mitigate cyberattacks effectively.”

Calyam, who is also director of the Mizzou Cyber Education, Research and Infrastructure (CERI) Center, has led a team of researchers in the development of just such a system. They describe their findings in a paper that they will present at the 2025 Institute of Electrical and Electronics Engineer/International Federation for Information Processing Network Operations and Management Symposium.

The researchers focused their attention on inverter-based resources (IBRs), systems that connect renewable energy sources to the electric grid. Because they are connected to the internet for information sharing and network control purposes, IBRs are particularly vulnerable to cyberattacks, which could disrupt the grid, damage equipment or steal data.

“IBRs’ exposure to the internet creates more attack surfaces. They have different layers — network, communication and hardware — which can each be targeted in various ways,” Calyam said.

To protect these systems, stronger cybersecurity measures are needed that go beyond the current industry standards.

Predicting cyberattacks with accuracy
From left: co-authors Roshan Lal Neupane, Kiran Neupane, Xiyao Cheng, Dr. Prasad Calyam, Vamsi Pusapati, Harshavardhan Chintapatla. Not pictured: Lakshmi Srinivas Edara, Reshmi Mitra, Mert Korkali, Hyeong Suk Na, Sharan Srinivas

The system Calyam and his colleagues developed to improve the cybersecurity of IBRs is called “CIBR-Fort.” It employs advanced technology like large language models (LLMs) and knowledge graphs (KGs, data structures that show how different components interact) to spot unusual behavior, detect risks and act quickly.

“The goal is to move beyond old methods of security and create a system that can adapt to new threats and defend the smart grid more effectively,” Calyam said.

CIBER-Fort can predict cyberattacks with 91.88% accuracy and its knowledge base is designed to continue growing by adding new types of attacks. This helps ensure future evolving threats can be predicted and mitigated.

“The system, which is based on a cloud platform, can quickly respond to threats in real-time, with an average response time of 40 milliseconds per data flow,” said Roshan Lal Neupane, a cyberinfrastructure engineer at CERI and co-author on the paper.

The researchers created and combined two types of KGs: one from a dataset representing the smart grid and its components, and the other from the MITRE ATT&CK dataset, one of the most detailed and authoritative knowledge bases in cybersecurity. These KGs help find connections between the grid’s vulnerabilities and possible attacks.

LLMs are used to analyze data and provide recommendations for defense strategies. CIBR-Fort also uses a retrieval augmented generation system to categorize risks, helping grid operators to decide what actions to take based on the severity of the threat.

CIBR-Fort not only helps to detect cyberattacks but also has capabilities to defend against them by redirecting attack traffic, using decoys and analyzing the attacker’s actions to find ways to stop them.

“Interactive systems respond to the attacker’s actions — opening files or folders that seem real — effectively tricking attackers and wasting their time,” said Vamsi Pusapati, one of the paper’s co-authors and a graduate student pursuing his master’s in computer science at Mizzou.

With its innovative use of KGs and advanced language models, the constantly evolving CIBR-Fort system enables scalable security for power grids of the future — developed by Mizzou Engineers today.

Take on the problems others avoid. Choose Mizzou Engineering!