pith. sign in

arxiv: 2605.18873 · v1 · pith:YUXCLOK7new · submitted 2026-05-15 · 💻 cs.CR · cs.AI· cs.LG

GenAI-FDIA: Physics-Informed Generative Models for False Data Injection Attacks

Pith reviewed 2026-05-20 16:20 UTC · model grok-4.3

classification 💻 cs.CR cs.AIcs.LG
keywords false data injection attacksgenerative modelsphysics-informedpower system securitybad data detectionGANsVAEsdiffusion models
0
0 comments X

The pith

Physics-informed generative models synthesize fully stealthy false data injection attacks on power systems via an inference-time harmoniser.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper demonstrates that a broad set of generative architectures can produce realistic false data injection attacks on electrical power grids when constrained by network physics. Scarce operational data limits detector training, so these synthetic attacks offer a practical route to evaluate and strengthen grid security. Direct insertion of physics rules into normalised model spaces displaces the attack vectors and destroys their ability to evade detection. The authors introduce a post-generation harmoniser that realigns the outputs to restore complete stealth without any retraining. They further stabilise certain hybrid models by adding a short warm-up phase to prevent covariance collapse.

Core claim

GenAI-FDIA benchmarks twenty generative architectures spanning Wasserstein GANs, MMD-VAEs, normalising flows, diffusion models and hybrids for physics-compliant FDIA synthesis across IEEE 14-bus DC, 30-bus DC and 14-bus AC testbeds under a 60/20/20 chronological split with data-driven BDD threshold calibration. All architectures achieve evasion rates of at least 86.6 percent on the 14-bus network, while limited topological knowledge measurably reduces stealth. Affine physics projections applied directly in normalised feature space displace attack vectors and collapse evasion to below 2 percent on the 30-bus case. An inference-time harmoniser corrects this displacement to deliver 100 percent

What carries the argument

The inference-time harmoniser, a post-generation correction step that realigns generated attack vectors with power-system physics constraints after leaving the normalised feature space, thereby eliminating projection-induced displacement.

If this is right

  • Generative models from multiple families can achieve high-fidelity FDIA vectors that evade BDD on standard IEEE test networks when physics compliance is enforced.
  • An attacker’s incomplete knowledge of network topology produces a statistically significant drop in evasion performance.
  • The harmoniser restores full stealthiness across all physics-informed variants without requiring model retraining or architectural changes.
  • A 50-epoch warm-up schedule corrects covariance collapse in hybrid architectures and improves distribution matching metrics.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The harmoniser technique could be tested on larger or real-grid measurement streams to check whether the same displacement correction generalises beyond the IEEE testbeds.
  • Synthetic attack datasets produced this way might allow detector designers to train on a wider range of physics-consistent scenarios than hand-crafted attacks permit.
  • The same post-generation alignment step may apply to other generative tasks that must obey linear or affine physical constraints after operating in scaled feature spaces.

Load-bearing premise

A data-driven bad-data-detection threshold calibrated on the chronological 60/20/20 split of simulated measurements accurately represents the stealth requirements that would hold in real power-system operations, and the identified projection displacement plus covariance collapse are the dominant failure modes rather than artifacts of the chosen testbeds or normalisation.

What would settle it

Apply the reported harmoniser to attacks generated for the 30-bus testbed and measure whether BDD evasion reaches 100 percent; if the rate remains near the sub-2 percent level seen without the harmoniser, the central fix claim does not hold.

Figures

Figures reproduced from arXiv: 2605.18873 by Mohammad A. Razzaque, Muta Tah Hira.

Figure 1
Figure 1. Figure 1: GenAI-FDIA evaluation pipeline. The pool ( [PITH_FULL_IMAGE:figures/full_fig_p003_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Generative model families in the 20-member pool (base variants shown; PI- variants add a P [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗
Figure 4
Figure 4. Figure 4: Evasion heatmap: 20 pool models (sorted by Pareto rank, starred [PITH_FULL_IMAGE:figures/full_fig_p006_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Block B conditioning ribbons: W1 (top) and physics consistency ϕ (bottom) versus k for the representative per-family triplet on each testbed. MITRE ATT&CK stages annotate the top axis. ϕ peaks at k=0.75 on every testbed (Acronyms (for hybrid models, e.g., MV: MMD-VAE): M: MMD, W: WGAN, V: VAE.). No physics No selection No cond. No temporal −0.025 0.000 0.025 0.050 0.075 0.100 0.125 Δ M M D (positive → wors… view at source ↗
Figure 6
Figure 6. Figure 6: Ablation waterfall: ∆MMD relative to the full model for four ablation conditions across three PI- probes and three testbeds. Note the sign reversal of no-physics on 14-bus AC (Acronyms (for hybrid models, e.g., MV: MMD-VAE): M: MMD, W: WGAN, V: VAE.). multi-detector probe used here exposes a vulnerability surface that single-detector evaluations conceal: on the 14-bus AC, the best base model achieves ϵAE=0… view at source ↗
Figure 7
Figure 7. Figure 7: Block C joint recovery on 30-bus DC. Left: BDD evasion before (broken PHYSICSWRAPPER, normalised-space projection) and after (har￾moniser) for all ten PI- models; eight of ten collapse to <30% before harmonisation and recover to 100% after. Right: Cohen’s κ for PI-TC￾MMD-VAE under four configurations, covariance collapse with raw original (κ= + 0.096), harmoniser alone (+0.828), β-warm-up alone (+0.139), a… view at source ↗
read the original abstract

Training and evaluating false data injection attack (FDIA) detectors for power systems is constrained by data scarcity. Operational grid measurements are commercially sensitive, and hand-crafted attacks fail to capture complex distributional structures imposed by network physics. We present \textsc{GenAI-FDIA}, a framework benchmarking a pool of $P{=}20$ architectures for physics-compliant FDIA synthesis, spanning Wasserstein GANs, MMD-VAEs, normalising flows, diffusion models, and cross-family hybrids. These are evaluated across three IEEE testbeds (14-bus DC, 30-bus DC, and 14-bus AC) under a 60/20/20 chronological split using data-driven Bad Data Detection (BDD) threshold calibration. Our empirical results verify that these models generate high-fidelity attacks, with all architectures achieving evasion rates of $\epsilon_{\text{BDD}} \ge 86.6\%$ on the 14-bus network; additionally, limiting an attacker's topological knowledge induces a measurable degradation in stealthiness ($p \le 0.0022$). Crucially, we identify a previously unreported failure mode: applying affine physics projections directly in normalised feature spaces critically displaces the attack vector, collapsing BDD evasion from ${\sim}55\%$ to $<\!2\%$ on the 30-bus testbed. We resolve this via a novel inference-time harmoniser, restoring full stealthiness ($\epsilon_{\text{BDD}}{=}100\%$) across all physics-informed variants without retraining. Finally, we isolate a covariance-collapse phenomenon ($\kappa \approx {-}0.076$) within advanced hybrid architectures and rectify it through 50-epoch warm-up schedules ($\kappa \to 0.785$, $\Delta\text{MMD}={-}3.1\%$). Ultimately, \textsc{GenAI-FDIA} delivers a robust recovery blueprint applicable to any physics-constrained generative model deployed for power-system security.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript introduces GenAI-FDIA, a benchmarking framework evaluating a pool of P=20 physics-informed generative architectures (Wasserstein GANs, MMD-VAEs, normalizing flows, diffusion models, and hybrids) for synthesizing false data injection attacks on power-system measurements. Using IEEE 14-bus DC, 30-bus DC, and 14-bus AC testbeds under a 60/20/20 chronological split and data-driven BDD threshold calibration, it reports evasion rates ε_BDD ≥ 86.6% on the 14-bus network, quantifies degradation from limited topological knowledge (p ≤ 0.0022), identifies an affine-projection displacement failure mode that drops evasion below 2% on the 30-bus case, and proposes an inference-time harmoniser that restores 100% stealthiness without retraining. It further isolates covariance collapse (κ ≈ -0.076) in hybrids and corrects it via 50-epoch warm-up schedules (κ → 0.785).

Significance. If the central empirical claims hold under operationally realistic BDD thresholds, the work supplies a useful public benchmark for generative FDIA synthesis and concrete, training-free fixes for physics compliance. The explicit identification of normalized-space projection displacement and the reproducible evaluation on standard IEEE testbeds are strengths that could inform detector hardening.

major comments (2)
  1. [Experimental methodology and BDD calibration (Section 4)] The headline evasion rates (ε_BDD ≥ 86.6% on 14-bus, restored to 100% by the harmoniser) rest on a BDD detector whose threshold is calibrated solely from the training portion of the 60/20/20 chronological split. Operational power-system BDD conventionally uses fixed χ² quantiles (degrees of freedom = measurements minus states) or adaptive thresholds that incorporate topology and load statistics absent from the testbed splits. If the learned threshold is materially looser, both the baseline figures and the harmoniser’s apparent success become artifacts of calibration rather than intrinsic attack properties.
  2. [Physics-projection results (Section 5.2)] The reported projection-displacement failure (evasion collapse from ~55% to <2% on the 30-bus network when affine physics projections are applied in normalized feature space) is presented as a general phenomenon. The manuscript should demonstrate that the collapse persists under alternative normalization schemes or when the projection is performed in the original measurement space before normalization, to rule out testbed-specific or preprocessing artifacts.
minor comments (2)
  1. [Abstract and Section 5.1] The statistical test underlying the p ≤ 0.0022 claim for topological-knowledge degradation should be stated explicitly.
  2. [Covariance-collapse discussion (Section 5.3)] The symbol κ (covariance-collapse metric) is introduced without a concise definition or reference; a one-sentence clarification would aid readers.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive comments, which help clarify the scope and robustness of our empirical claims. We address each major point below with proposed revisions.

read point-by-point responses
  1. Referee: [Experimental methodology and BDD calibration (Section 4)] The headline evasion rates (ε_BDD ≥ 86.6% on 14-bus, restored to 100% by the harmoniser) rest on a BDD detector whose threshold is calibrated solely from the training portion of the 60/20/20 chronological split. Operational power-system BDD conventionally uses fixed χ² quantiles (degrees of freedom = measurements minus states) or adaptive thresholds that incorporate topology and load statistics absent from the testbed splits. If the learned threshold is materially looser, both the baseline figures and the harmoniser’s apparent success become artifacts of calibration rather than intrinsic attack properties.

    Authors: We acknowledge the distinction between data-driven calibration and conventional fixed χ² quantiles. Our choice follows standard practice in ML-based power-system anomaly detection to match testbed-specific distributions under the chronological split. To address the concern directly, we will add experiments in the revision using fixed χ² thresholds (with degrees of freedom equal to measurements minus states) and report the resulting evasion rates. This will confirm whether the headline figures and harmoniser gains hold under operationally standard thresholds. revision: yes

  2. Referee: [Physics-projection results (Section 5.2)] The reported projection-displacement failure (evasion collapse from ~55% to <2% on the 30-bus network when affine physics projections are applied in normalized feature space) is presented as a general phenomenon. The manuscript should demonstrate that the collapse persists under alternative normalization schemes or when the projection is performed in the original measurement space before normalization, to rule out testbed-specific or preprocessing artifacts.

    Authors: We agree that additional controls are needed to establish the failure mode as general rather than preprocessing-dependent. In the revised manuscript we will include results for (i) affine projection performed in the original measurement space before any normalization and (ii) alternative schemes such as min-max scaling and per-feature z-score. These will be reported alongside the original normalized-space results to demonstrate persistence of the displacement effect. revision: yes

Circularity Check

0 steps flagged

No circularity in empirical evaluation of generative FDIA models

full rationale

The paper reports an empirical benchmarking study of 20 generative architectures on public IEEE testbeds (14-bus DC, 30-bus DC, 14-bus AC) under a fixed 60/20/20 chronological split. All central claims—evasion rates ε_BDD ≥ 86.6%, degradation under limited topology knowledge, projection-displacement failure mode, covariance-collapse phenomenon, and the inference-time harmoniser restoring 100% stealth—are presented as measured experimental outcomes on held-out data rather than as derivations or first-principles predictions. No equation or result is shown to reduce by construction to a fitted parameter or to a self-citation whose content is itself unverified. The data-driven BDD threshold is an explicit methodological choice whose validity can be checked against external chi-squared or topology-aware detectors; it does not create a self-referential loop inside the reported metrics. The work is therefore self-contained against the stated public benchmarks.

Axiom & Free-Parameter Ledger

2 free parameters · 2 axioms · 1 invented entities

The central claims rest on standard power-system physics constraints and BDD calibration assumptions plus two practical additions: the harmoniser as a new procedural entity and the 50-epoch warm-up as a schedule choice.

free parameters (2)
  • 50-epoch warm-up schedule
    Chosen to move covariance metric κ from negative to positive values in hybrid models.
  • P=20 architecture pool
    Selected for benchmarking without further justification of coverage.
axioms (2)
  • domain assumption Power-system measurements obey network physics that can be enforced via affine projections or harmonisation.
    Invoked when diagnosing the projection displacement failure mode.
  • domain assumption Data-driven BDD thresholds calibrated on chronological splits provide a valid stealth metric.
    Used to compute all reported evasion rates ε_BDD.
invented entities (1)
  • inference-time harmoniser no independent evidence
    purpose: Corrects attack vectors displaced by direct affine physics projections in normalized feature space.
    New component introduced to restore 100% evasion without model retraining.

pith-pipeline@v0.9.0 · 5897 in / 1635 out tokens · 103556 ms · 2026-05-20T16:20:44.903807+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

36 extracted references · 36 canonical work pages

  1. [1]

    Renewable power generation costs in 2023,

    International Renewable Energy Agency, “Renewable power generation costs in 2023,” IRENA, Tech. Rep., 2024. [Online]. Available: https://www.irena.org/Publications/2024/Sep/ Renewable-Power-Generation-Costs-in-2023

  2. [2]

    Analysis of the cyber attack on the Ukrainian power grid,

    R. M. Lee, M. J. Assante, and T. Conway, “Analysis of the cyber attack on the Ukrainian power grid,” E-ISAC and SANS ICS, Tech. Rep., Mar. 2016. [Online]. Available: https://ics.sans.org/media/ E-ISAC SANS Ukraine DUC 5.pdf

  3. [3]

    INDUSTROYER2: Industroyer reloaded,

    ESET Research, “INDUSTROYER2: Industroyer reloaded,” ESET, Tech. Rep., Apr. 2022. [Online]. Available: https://www.welivesecurity. com/2022/04/12/industroyer2-industroyer-reloaded/

  4. [4]

    People’s Republic of China state-sponsored cyber actor living off the land to evade detection,

    CISA, NSA, and FBI, “People’s Republic of China state-sponsored cyber actor living off the land to evade detection,” Cybersecurity and In- frastructure Security Agency, Tech. Rep., Feb. 2024. [Online]. Available: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a

  5. [5]

    False data injection attacks against state estimation in electric power grids,

    Y . Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric power grids,”ACM Transactions on Informa- tion and System Security, vol. 14, no. 1, pp. 1–33, May 2011

  6. [6]

    Joint adversarial example and false data injection attacks for state estimation in power systems,

    J. Tian, B. Wang, Z. Wang, K. Cao, J. Li, and M. Ozay, “Joint adversarial example and false data injection attacks for state estimation in power systems,”IEEE Transactions on Cybernetics, vol. 52, no. 12, pp. 13 699– 13 713, Dec. 2022

  7. [7]

    iAttackGen: Generative synthesis of false data injection attacks in cyber-physical systems,

    M. H. Shahriar, A. A. Khalil, M. A. Rahman, M. H. Manshaei, and D. Chen, “iAttackGen: Generative synthesis of false data injection attacks in cyber-physical systems,” inProceedings of the IEEE In- ternational Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), 2022

  8. [8]

    Sparse adversarial learning for FDIA attack sample generation in distributed smart grids,

    F. Li, W. Shen, Z. Bi, and X. Su, “Sparse adversarial learning for FDIA attack sample generation in distributed smart grids,”Computer Modeling in Engineering & Sciences, 2023

  9. [9]

    False data injection attacks based on least squares generative adversarial networks with reconstruc- tion loss,

    Y . H. Liu, B. Liu, X. Liu, and H. Wu, “False data injection attacks based on least squares generative adversarial networks with reconstruc- tion loss,” inProc. IEEE Power & Energy Society General Meeting (PESGM), Jul. 2024, pp. 1–5. IEEE TRANSACTIONS ON SMART GRID, VOL. 0, NO. 0, MONTH 2026 10

  10. [10]

    Defense of massive false data injection attack via sparse attack points considering uncertain topological changes,

    X. Huang, Z. Qin, M. Xie, H. Liu, and L. Meng, “Defense of massive false data injection attack via sparse attack points considering uncertain topological changes,”Journal of Modern Power Systems and Clean Energy, vol. 10, no. 6, pp. 1588–1598, Jan. 2022

  11. [11]

    A novel false data injection method targeting on time-series analysis in smart grid,

    S. Hong, X. Zhang, J. Kou, and Y . Sun, “A novel false data injection method targeting on time-series analysis in smart grid,” inProc. Int. Conf. Smart Energy Grid Engineering (SEGE), Jun. 2023, pp. 50–55

  12. [12]

    False data injection attack sample generation using an adversarial attention-diffusion model in smart grids,

    K. Li, F. Li, B. Wang, and M. Shan, “False data injection attack sample generation using an adversarial attention-diffusion model in smart grids,” AIMS Energy, vol. 12, no. 6, pp. 1271–1293, Jan. 2024

  13. [13]

    Controllable blind AC FDIA via physics-informed extrapolative A V AE,

    S. Zhao, W. Luo, Q. Shu, and F. Xu, “Controllable blind AC FDIA via physics-informed extrapolative A V AE,”Sensors, vol. 25, no. 3, p. 943, 2025

  14. [14]

    Prior-knowledge- free data tampering on power system state estimation: A physics- constrained generative adversarial framework,

    J. Zhang, Q. Wang, J. Hu, S. Wu, Y . Ye, and Y . Tang, “Prior-knowledge- free data tampering on power system state estimation: A physics- constrained generative adversarial framework,”IEEE Internet of Things Journal, Jan. 2025

  15. [15]

    Generating synthetic net load data with physics-informed diffusion model,

    S. Zhang, Y . Cheng, and N. Yu, “Generating synthetic net load data with physics-informed diffusion model,”IEEE Transactions on Smart Grid, 2024

  16. [16]

    ADMM-based adversarial false data injection attacks against multi- label locational detection,

    J. Tian, C. Shen, C. Lin, M. Zhang, X. Xia, C. Ren, and Y . Zhang, “ADMM-based adversarial false data injection attacks against multi- label locational detection,”IEEE Transactions on Dependable and Secure Computing, 2026

  17. [17]

    Spatiotemporal stealthy attacks in power systems with high-penetrated renewable energy sources,

    C. Liu, Y . Li, Y . Yu, X. Wu, M. Yang, Y . Tang, and B. Long, “Spatiotemporal stealthy attacks in power systems with high-penetrated renewable energy sources,”IEEE Internet of Things Journal, 2025

  18. [18]

    Spatio- temporal data-driven detection of false data injection attacks in power distribution systems,

    A. S. Musleh, G. Chen, Z. Y . Dong, C. Wang, and S. Chen, “Spatio- temporal data-driven detection of false data injection attacks in power distribution systems,”International Journal of Electrical Power & Energy Systems, vol. 147, p. 108926, 2023

  19. [19]

    Blending data and physics against false data injection attack: An event-triggered moving target defence approach,

    W. Xu, M. Higgins, J. Wang, I. M. Jaimoukha, and F. Teng, “Blending data and physics against false data injection attack: An event-triggered moving target defence approach,”IEEE Transactions on Smart Grid, vol. 14, no. 4, pp. 2613–2627, Jul. 2023

  20. [20]

    Locational detection of false data injection at- tacks in smart grids: A graph convolutional attention network approach,

    W. Xia, D. He, and L. Yu, “Locational detection of false data injection at- tacks in smart grids: A graph convolutional attention network approach,” IEEE Internet of Things Journal, vol. 11, no. 6, pp. 10 399–10 413, Mar. 2024

  21. [21]

    XTM: A novel transformer and LSTM-based model for detection and localization of formally verified FDI attack in smart grid,

    A. Baul, G. C. Sarker, P. K. Sadhu, V . P. Yanambaka, and A. Ab- delgawad, “XTM: A novel transformer and LSTM-based model for detection and localization of formally verified FDI attack in smart grid,” Electronics, vol. 12, no. 4, p. 797, 2023

  22. [22]

    A joint FDIA detection and localization scheme and experimental analysis based on adversarial anomaly transformer for power distribution system,

    Y . Liu and L. Shi, “A joint FDIA detection and localization scheme and experimental analysis based on adversarial anomaly transformer for power distribution system,”IEEE Transactions on Industrial Informatics, 2025

  23. [23]

    Generative adversarial networks-based false data injection: A concern for data integrity of power networks,

    R. Nawaz, R. Akhtar, S. U. Khan, S. Bu, and M. Mahmood, “Generative adversarial networks-based false data injection: A concern for data integrity of power networks,”IEEE Transactions on Power Systems, 2025

  24. [24]

    ConAML: Constrained adversarial machine learning for cyber-physical systems,

    J. Li, Y . Yang, K. Tomsovic, J. S. Sun, and H. Qi, “ConAML: Constrained adversarial machine learning for cyber-physical systems,” inProceedings of the ACM Asia Conference on Computer and Commu- nications Security (ASIA CCS), 2021, pp. 52–62

  25. [25]

    Techniques - enterprise — mitre att&ck®,

    MITRE, “Techniques - enterprise — mitre att&ck®,” April 2026, [Online; accessed 2026-04-21]. [Online]. Available: https://attack.mitre. org/techniques/enterprise/

  26. [26]

    Isolation forest,

    F. T. Liu, K. M. Ting, and Z.-H. Zhou, “Isolation forest,” inProceedings of the 8th IEEE International Conference on Data Mining (ICDM), 2008, pp. 413–422

  27. [27]

    False data injection attacks against uav battery state of health estimation with a capacity-informed latent diffusion model,

    Y . Qin, Z. Luo, Y . Che, and L. Cao, “False data injection attacks against uav battery state of health estimation with a capacity-informed latent diffusion model,”Green Energy and Intelligent Transportation, p. 100404, 2026

  28. [28]

    False data injection on state estimation in power systems—attacks, impacts, and defense: A survey,

    R. Deng, G. Xiao, R. Lu, H. Liang, and A. V . Vasilakos, “False data injection on state estimation in power systems—attacks, impacts, and defense: A survey,”IEEE Transactions on Industrial Informatics, vol. 13, no. 2, pp. 411–423, 2017

  29. [29]

    Improved training of Wasserstein GANs,

    I. Gulrajani, F. Ahmed, M. Arjovsky, V . Dumoulin, and A. Courville, “Improved training of Wasserstein GANs,” inAdvances in Neural Information Processing Systems, vol. 30, 2017

  30. [30]

    Wasserstein auto-encoders,

    I. Tolstikhin, O. Bousquet, S. Gelly, and B. Sch ¨olkopf, “Wasserstein auto-encoders,” inInternational Conference on Learning Representa- tions, 2018

  31. [31]

    Isolating sources of disentanglement in variational autoencoders,

    R. T. Q. Chen, X. Li, R. Grosse, and D. Duvenaud, “Isolating sources of disentanglement in variational autoencoders,” inAdvances in Neural Information Processing Systems, vol. 31, 2018

  32. [32]

    Density estimation using real-valued non-volume preserving (Real NVP) transformations,

    L. Dinh, J. Sohl-Dickstein, and S. Bengio, “Density estimation using real-valued non-volume preserving (Real NVP) transformations,” in International Conference on Learning Representations, 2017

  33. [33]

    FLOWTS: Time series generation via rectified flow,

    Y . Hu, X. Wang, Z. Ding, L. Wu, H. Zhang, S. Z. Li, S. Wang, J. Zhang, Z. Li, and T. Chen, “FLOWTS: Time series generation via rectified flow,” 2025, preprint. Code: https://github.com/UNITES-Lab/FlowTS

  34. [34]

    Denoising diffusion probabilistic models,

    J. Ho, A. Jain, and P. Abbeel, “Denoising diffusion probabilistic models,” inAdvances in Neural Information Processing Systems, vol. 33, 2020, pp. 6840–6851

  35. [35]

    Axiomatic attribution for deep networks,

    M. Sundararajan, A. Taly, and Q. Yan, “Axiomatic attribution for deep networks,” inProceedings of the 34th International Conference on Machine Learning (ICML), 2017, pp. 3319–3328

  36. [36]

    Interrater reliability: the kappa statistic,

    M. L. McHugh, “Interrater reliability: the kappa statistic,”Biochemia medica, vol. 22, no. 3, pp. 276–282, 2012