Service-oriented Web Framework for Real-time Data Flow Tracing and Threat Propagation Analysis in Distributed Energy Systems
DOI:
https://doi.org/10.13052/jwe1540-9589.2525Keywords:
Service-oriented web framework, lightweight provenance tokens, probability-weighted edges, adaptive response orchestration, open web APIsAbstract
Ensuring data-flow integrity and rapid threat containment in renewable-integrated, distributed energy systems requires monitoring solutions that are technically rigorous yet lightweight in operation. This paper presents a service-oriented web framework for real-time data-flow tracing and threat propagation analysis in heterogeneous industrial control and energy networks. The framework integrates lightweight provenance tokens embedded in event streams, an incrementally maintained lineage graph with probability-weighted edges, and propagation-aware risk indicators that drive adaptive response orchestration through open web APIs. A progressive web dashboard provides sub-second visualization of dynamic topologies, risk heat maps, and operator controls. Implemented on a Kafka/Flink streaming backbone with a graph database and deployed in an eight-node Kubernetes testbed emulating substations, gateways, and adversarial nodes using OPC UA, MQTT, and REST, the system achieved tracing coverage of 0.96 ± 0.02 and fidelity of 0.92 ± 0.03, with forward propagation prediction reaching precision 0.91 and recall 0.88, outperforming static-topology baselines. Adaptive containment reduced the flow reproduction factor from 1.42 to 0.64, achieved a median containment efficacy of 0.71, and stabilized risk trajectories within two minutes, while operational cost remained low with payload expansion under 12%, CPU overhead below 4%, and service availability above 0.99 for critical assets. User studies showed 38% faster incident response and higher comprehension and confidence compared with static log viewers. These results demonstrate that modern web-engineering practices such as microservices, event-driven streaming, and progressive web interfaces can enable practical, real-time cyber defense for distributed energy infrastructures by bridging static security guidelines with deployable, adaptive situational awareness and containment.
Downloads
References
Hahn, A. Ashok, S. Sridhar, and M. Govindarasu, “Cyber-physical security testbeds: Architecture, application, and evaluation for smart grid,” IEEE Trans. Smart Grid, vol. 4, no. 2, pp. 847–855, 2013.
Y. Mo, T.-H. Kim, K. Brancik, D. Dickinson, H. Lee, A. Perrig, and B. Sinopoli, “Cyber–physical security of a smart grid infrastructure,” Proc. IEEE, vol. 100, no. 1, pp. 195–209, 2012.
Zhao, Lijun, Qingsheng Li, and Guanhua Ding. “An intelligent web-based energy management system for distributed energy resources integration and optimization.” Journal of Web Engineering 23.1 (2024): 165–195.
S. Sridhar and M. Govindarasu, “Model-based attack detection and mitigation for automatic generation control,” IEEE Trans. Smart Grid, vol. 5, no. 2, pp. 580–591, 2014.
Zhang, Yiming, Ziyang Yang, and Xinglong Liu. “A Digital Grid Security Architecture Based on Quantum Key Interaction and Web Engineering for Distributed Energy Systems.” Journal of Web Engineering (2025): 997–1022.
R. Candell, T. Zimmerman, and K. Stouffer, NIST SP 800-82 Rev. 3: Guide to Industrial Control Systems Security, NIST, 2022.
S. Karnouskos, “Stuxnet worm impact on industrial cyber-physical system security,” IEEE Ind. Electron. Mag., vol. 6, no. 4, pp. 18–23, 2012.
IEC 62351, “Power systems management and associated information exchange – Data and communications security,” International Electrotechnical Commission, 2021.
North American Electric Reliability Corporation (NERC), Critical Infrastructure Protection (CIP) Standards, 2023.
Ten, G. Manimaran, and C. Liu, “Cybersecurity for critical infrastructures: Attack and defense modeling,” IEEE Trans. Syst., Man, Cybern. A, vol. 40, no. 4, pp. 853–865, 2010.
A. Humayed, J. Lin, F. Li, and B. Luo, “Cyber-physical systems security – A survey,” IEEE Internet Things J., vol. 4, no. 6, pp. 1802–1831, 2017.
K. Manandhar, X. Cao, F. Hu, and Y. Liu, “Detection of faults and attacks including false data injection in smart grid,” IEEE Trans. Control Netw. Syst., vol. 1, no. 4, pp. 370–379, 2014.
Y. Liu, P. Ning, and M. Reiter, “False data injection attacks against state estimation in electric power grids,” ACM Trans. Inf. Syst. Secur., vol. 14, no. 1, pp. 1–33, 2011.
H. Khurana, M. Hadley, N. Lu, and D. Frincke, “Smart-grid security issues,” IEEE Secur. Privacy, vol. 8, no. 1, pp. 81–85, 2010.
M. Cheminod, L. Durante, and A. Valenzano, “Review of security issues in industrial networks,” IEEE Trans. Ind. Informat., vol. 9, no. 1, pp. 277–293, 2013.
Ashok, Aditya, Manimaran Govindarasu, and Jianhui Wang. “Cyber-physical attack-resilient wide-area monitoring, protection, and control for the power grid.” Proceedings of the IEEE 105.7 (2017): 1389–1407.
Fan, Zhong, et al. “Smart grid communications: Overview of research challenges, solutions, and standardization activities.” IEEE Communications Surveys & Tutorials 15.1 (2012): 21–38.
Bhamare, Deval, et al. “Cybersecurity for industrial control systems: A survey.” computers & security 89 (2020): 101677.
Rawat, Romil, et al. “SCNTA: Monitoring of network availability and activity for identification of anomalies using machine learning approaches.” International Journal of Information Technology and Web Engineering (IJITWE) 17.1 (2022): 1–19.
Gedam, Madhuri N., and Bandu B. Meshram. “Proposed Secure Hypertext Model in Web Engineering.” Journal of Web Engineering 22.4 (2023): 575–596.
G. Rossi, O. Pastor, D. Schwabe, and L. Olsina (eds.), Web Engineering: Modelling and Implementing Web Applications, Springer, 2008.
Polillo, Roberto. “A core quality model for web applications.” Journal of Web Engineering (2012): 181–208.
M. Villamizar et al., “Evaluating the monolithic and the microservice architecture pattern to deploy web applications in the cloud,” IEEE Lat. Am. Trans., vol. 14, no. 7, pp. 3439–3447, 2016.
Bajaj, Deepali, et al. “A prescriptive model for migration to microservices based on SDLC artifacts.” Journal of Web Engineering 20.3 (2021): 817–852.
J. Kreps et al., “Kafka: A distributed messaging system for log processing,” NetDB Workshop, 2011.
K. Kleppmann, Designing Data-Intensive Applications, O’Reilly, 2017.
S. Carbone et al., “Apache Flink: Stream and batch processing in a single engine,” IEEE Data Eng. Bull., vol. 38, no. 4, pp. 28–38, 2015.
Patel, Archana, Narayan C. Debnath, and Prashant Kumar Shukla. “SecureOnt: a security ontology for establishing data provenance in semantic web.” Journal of Web Engineering 21.4 (2022): 1347–1370.
Herschel, Melanie, Ralf Diestelkämper, and Houssem Ben Lahmar. “A survey on provenance: What for? What form? What from?” The VLDB Journal 26.6 (2017): 881–906.
Gedam, Madhuri N., and Bandu B. Meshram. “Proposed Secure Hypertext Model in Web Engineering.” Journal of Web Engineering 22.4 (2023): 575–596.
Roldán-Gómez, José, et al. “Security Analysis of the MQTT-SN Protocol for the Internet of Things.” Applied Sciences 12.21 (2022): 10991.
Di Francesco, Paolo, Ivano Malavolta, and Patricia Lago. “Research on architecting microservices: Trends, focus, and potential for industrial adoption.” 2017 IEEE International conference on software architecture (ICSA). IEEE, 2017.
Iglesias-Urkia, Markel, et al. “Analysis of CoAP implementations for industrial Internet of Things: a survey.” Journal of Ambient Intelligence and Humanized Computing 10.7 (2019): 2505–2518.
Muhanji, Steffi O., Aramazd Muzhikyan, and Amro M. Farid. “Distributed control for distributed energy resources: long-term challenges and lessons learned.” IEEE Access 6 (2018): 32737–32753.
