Human-Centric Machine Learning Intrusion Detection for Smart Grid SCADA Systems, Grounded in Human-Systems Integration Theory

Authors

  • Kelech P. Okpara Independent Researcher, Eagan, Mn, United States of America

Keywords:

Smart Grids, SCADA Cybersecurity, SCADA; feeder; electric utility; metering system; control, Intrusion Detection Systems, Machine Learning, Human-Systems Integration, Human-AI Loops, Sociotechnical Systems, Critical Infrastructure defenses, Operator Decision-making, Artificial Intelligence, Information Systems Security

Abstract

Protecting Smart Grid SCADA systems, a vital component of U.S. critical infrastructure demands technical rigor and human-centered design to ensure real-world effectiveness. While prior work has delved into technical performance in threat detection, achieving high accuracy and low false positive rates (FPRs), few studies have systematically evaluated how operator interaction and cognitive load influence actual detection and response workflows. The 2015 Ukraine power grid attack, which disabled electricity for approximately 230,000 residents for several hours and revealed that operators struggled to interpret legacy alarms under duress, underscores the necessity of integrating human factors into machine learning-based intrusion detection systems (ML-IDS). This study develops and evaluates a human-centric ML-IDS pipeline that embeds explainability and interface design principles from Human-Systems Integration (HSI) theory. By comparing standard ML models (Random Forest, XGBoost, SVM) with equivalent models augmented by HSI-guided dashboards, we demonstrate that operators using the human-centric pipeline achieved a 28% reduction in FPR compared to baseline ML-IDS outputs, translating to approximately 7 fewer false alarms per 100 alerts, reducing operator alert fatigue and improving average response times by nearly 20 seconds per incident (mean reduction = 19.8 s, SD = 4.2 s, N = 12). Usability metrics further support these findings: the System Usability Scale (SUS) score of 76.2 (above the 68 thresholds for above-average systems) indicates strong operator acceptance, while a NASA-TLX score of 39.4 (approximately 20 points below the 60–70 range observed in traditional IDS interfaces) suggests substantially reduced cognitive workload. These results confirm our hypotheses: H1, that HSI-informed interfaces improve detection effectiveness, and H2, that reduced cognitive load correlates with lower false alarm rates. We conclude that embedding human-centric design into ML-IDS not only maintains high accuracy (0.96 vs. 0.94 for baseline) but materially enhances operational readiness by aligning technical outputs with real-world human decision-making processes.

References

J. Marron, A. Gopstein, N. Bartol, and V. Feldman, "Cybersecurity Framework Smart Grid Profile (NIST Technical Note 2051)," National Institute of Standards and Technology, 2019.

A. Shehod, "Ukraine power grid cyberattack and US susceptibility: Cybersecurity implications of smart grid advancements in the US (CISL# 2016-22)," Cybersecurity Interdisciplinary Systems Laboratory (CISL), Sloan School of Management, Massachusetts Institute of Technology, 2016.

N. Sahani, R. Zhu, J.-H. Cho, and C.-C. Liu, "Machine learning-based intrusion detection for smart grid computing: A survey," ACM Trans. Cyber-Phys. Syst., pp. 1–23, 2023.

K. Dietz et al., "The missing link in network intrusion detection: Taking AI/ML research efforts to users," IEEE Access, vol. 12, pp. 79815–79837, 2024.

B. Naqvi, N. Clarke, and J. Porras, "Incorporating the human facet of security in developing systems and services," Information and Computer Security, pp. 1–23, 2020.

G. A. Boy, "Human-Systems Integration," in The Palgrave Encyclopedia of the Possible, Springer, 2021, pp. 1–11.

R. Mittu and W. F. Lawless, "Human factors in cybersecurity and the role for AI," Association for the Advancement of Artificial Intelligence, 2014.

S. Katiforis, "Synchronized coevolution: A conceptual framework for sustaining a human-centered security culture in AI-driven environments," Thesis, Laurea University of Applied Sciences, 2024.

Z. Huang, "Human-centric training and assessment for cyber situation awareness," Doctoral dissertation, University of Delaware, 2015.

J. Kamsamrong et al., "State of the art, trends and skill-gaps in cybersecurity in smart grids," Cybersecurity Curricula Recommendations for Smart Grids (CC-RSG), 2022.

N. Turner et al., "The role of human factors in delivering cyber security," Chartered Institute of Ergonomics & Human Factors, 2023.

M. Aurangzeb et al., "Enhancing cybersecurity in smart grids: Deep black box adversarial attacks and quantum voting ensemble models for blockchain privacy-preserving storage," Energy Reports, vol. 11, pp. 2493–2515, 2024.

V. Agate, F. M. D'Anna, A. De Paola, P. Ferraro, G. Lo Re, and M. Morana, "A behavior-based intrusion detection system using ensemble learning techniques," in ITASEC'22: Italian Conference on Cybersecurity, CEUR Workshop Proceedings (CEUR-WS.org), 2022, pp. 1–10.

S. Y. Diaba et al., "SCADA securing system using deep learning to prevent cyber infiltration," Neural Networks, vol. 165, pp. 321–332, 2023.

P. Prjevara and D. van de Wouw, "Improving Machine Learning based Intrusion and Anomaly Detection on SCADA and DCS using Case Specific Information," System and Network Engineering, 2018.

S. Jamshidi, A. Nikanjam, K. W. Nafi, F. Khomh, and R. Rasta, "Application of deep reinforcement learning for intrusion detection in Internet of things: A systematic review," Polytechnique Montréal, 2024.

H.-T. Vo, N. N. Thien, K. C. Mui, and P. P. Tien, "Securing networks: An in-depth analysis of intrusion detection using machine learning and model explanations," IJACSA-International Journal of Advanced Computer Science and Applications, vol. 15, no. 5, pp. 1436–1444, 2024.

F. Piekert et al., "Human factors-centric validation of a security management system in a linked critical infrastructures environment," in Intelligent Human Systems Integration (IHSI 2025), 2025, vol. 160, pp. 416–430.

R. Duraz, D. Espes, J. Francq, and S. Vaton, "Explainability-based metrics to help cyber operators find and correct misclassified cyberattacks," in SAFE'23, 2023.

J. Yang, Y. Liu, and P. L. Morgan, "Human-machine interaction towards Industry 5.0: Human-centric smart manufacturing," Digital Engineering, vol. 2, no. 2, pp. 1–17, 2024.

K. Kucuk, E. I. Yurteri, and B. Semiz, "Electroencephalography analysis frameworks for the driver fatigue problem: A benchmarking study," in Proceedings of the 18th International Joint Conference on Biomedical Engineering Systems and Technologies (BIOSTEC 2025) - Volume 1, SCITEPRESS - Science and Technology Publications, Lda, 2025, pp. 829–836.

S. Rajagopal, P. P. Kundapur, and K. S. Hareesha, "A predictive model for network intrusion detection using a stacking approach," International Journal of Electrical and Computer Engineering (IJECE), vol. 10, no. 3, pp. 2734–2741, 2020.

J. S. Chavis, "Toward assurance and trust for the Internet of things," Doctoral dissertation, Johns Hopkins University, 2021.

S. Jamshidi, K. W. Nafi, A. Nikanjam, and F. Khomh, "Evaluating machine learning-driven intrusion detection systems in IoT: Performance and energy consumption," Preprint submitted to Elsevier, 2024.

O. M. Elazhary, "Exploring the socio-technical impact of continuous integration: Tools, practices, and humans," Doctoral dissertation, University of Victoria, 2021.

F. Tu Zahra, Y. S. Bostanci, and M. Soyturk, "Security of Wireless IoT in Smart Manufacturing: Vulnerabilities and Countermeasures," in Intelligent Secure Trustable Things, Springer Nature, 2024, pp. 419–441.

M. Saadallah, A. Shahim, and S. Khapova, "Optimizing AI and human expertise integration in cybersecurity: Enhancing operational efficiency and collaborative decision-making," PriMera Scientific Engineering, vol. 6, no. 2, pp. 03–20, 2025.

Downloads

Published

2025-06-13

How to Cite

Kelech P. Okpara. (2025). Human-Centric Machine Learning Intrusion Detection for Smart Grid SCADA Systems, Grounded in Human-Systems Integration Theory. American Scientific Research Journal for Engineering, Technology, and Sciences, 102(1), 195–211. Retrieved from https://asrjetsjournal.org/index.php/American_Scientific_Journal/article/view/11728

Issue

Vol. 102 No. 1 (2025)

Section

Articles

License

Copyright (c) 2025 American Scientific Research Journal for Engineering, Technology, and Sciences

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Authors who submit papers with this journal agree to the following terms.