Isolating Signatures of Cyberattacks under Stressed Grid Conditions

The paper defines the Δ-score as Δ_i = exp(−τ d(i,*)) with d(i,*) a probabilistic distance (KL or JS) to the centroid v* = (1/p)∑_i v_i, and uses moving windows to visualize and compare outliers; however, it provides no formal guarantees about separation, threshold selection, or time-uniform identification—explicitly noting the work is a first step and that automated detection is future work. These elements are descriptive and empirical, not theorematic . By contrast, the model’s solution gives a correct, self-contained mathematical treatment under an explicit separation assumption δ>0: it proves strict ranking (Δ_attacked < Δ_nominal), exact threshold conditions, and uniform-in-time conditions for ranking and a single threshold. The logic (monotonicity of exp(−τ·), extremal relations, and bounds) is sound. Minor caveats: the model’s ‘iff’ statement for uniform ranking should be read with the finite-window qualifier it later adds; its “conservative” band using both nominal extrema may be empty unless δ is large enough. These do not affect the core correctness.