Grid-STIX: Solar Imaging & Grid Cybersecurity

Updated 21 November 2025

Grid-STIX is a dual-domain framework that combines grid modulation for high-resolution solar X-ray imaging with a STIX-compliant cyber threat intelligence ontology for power grids.
It employs advanced inversion algorithms—including Fourier back-projection, CLEAN, MEM, and neural network-based methods—to achieve rapid and accurate reconstruction of solar flare images.
The framework enhances grid security by modeling cyber-physical relationships and asset hierarchies, enabling efficient threat intelligence sharing and risk mitigation in electrical grids.

Grid-STIX denotes a suite of grid-based systems and computational methodologies spanning two key domains: (1) indirect Fourier imaging for solar hard X-ray sources, specifically the grid modulation techniques implemented in the STIX (Spectrometer/Telescope for Imaging X-rays) instrument on ESA’s Solar Orbiter and similar platforms, and (2) advanced cyber-physical security ontologies for electrical power grids, notably the Grid-STIX ontology—a STIX 2.1–compliant framework for grid-centric cyber threat intelligence. In both domains, “Grid-STIX” characterizes innovations in mapping, inference, and reconstruction in highly structured, sparse, or modularized environments.

1. Grid-STIX in Solar X-Ray Imaging: Instrument Architecture

STIX implements indirect imaging of solar flare X-ray emission via 30 bi-grid subcollimators. Each subcollimator consists of two parallel tungsten grids (front and rear), separated by 55 cm, with slight pitch or orientation mismatch between the grids. The overlap of the grids modulates incoming X-ray photons, encoding spatial information as large-scale moiré fringes projected onto a CdTe detector of width 8.8 mm (Massa et al., 2023, Giordano et al., 2014, Hayes et al., 2022).

The grid-pair configuration can be formalized as follows. For grid-pair $i$ :

Front grid: pitch $p_{f,i}$ , orientation $\theta_{f,i}$ .
Rear grid: $p_{r,i}$ , $\theta_{r,i}$ .
Effective moiré period: $P_i \approx (p_{f,i}p_{r,i}) / |p_{f,i} - p_{r,i}|$ .
Spatial frequency sampled on the sky:

$(u_i, v_i) = \frac{1}{P_i / D}(\cos \alpha_i, \sin \alpha_i)$

where $D$ is grid separation, $\alpha_i$ is grid-pair orientation.

This architecture yields logarithmically spaced angular frequencies (finest pitch 38 µm, coarsest ≈1 mm) and orientation angles spanning $0^\circ$ – $180^\circ$ , enabling two-dimensional sampling of the Fourier (u,v) plane without satellite rotation (Massa et al., 2023, Hayes et al., 2022).

2. Mathematical Model of Grid Modulation and Visibility Formation

The intensity modulation measured by each detector arises from the convolution of the sky photon flux $\phi(x,y)$ with the combined grid transmission. Truncating to the first harmonic:

Transmission through subcollimator $i$ :

$G_i(x, y) = C_{0,i} + C_{i} \cos(k_{x,i} x + k_{y,i} y + \varphi_i)$

The measured counts:

$C_i = \iint \phi(x, y) G_i(x, y) dx\, dy$

Each $C_i$ is directly related to a complex Fourier component (“visibility”) $V(u_i, v_i)$ of the sky flux:

$V(u, v) = \iint \phi(x, y) e^{-2\pi i(ux + vy)} dx\, dy$

By solving for amplitude and phase of the modulation via detector pixel differences, STIX obtains up to 30 independent visibilities per energy channel (Massa et al., 2023, Giordano et al., 2014, Hayes et al., 2022).

The resulting sampled (u,v) coverage is sparse; the grid design provides FWHM angular resolution $\sim 7''$ and a field of view $\gtrsim 50'$ (full solar disk) (Hayes et al., 2022, Massa et al., 2023, Perracchione et al., 2020).

3. Image and Spectral Reconstruction Algorithms

Reconstruction from limited, irregular visibility samples is intrinsically ill-posed. Grid-STIX implements several inversion pipelines:

Fourier Back-Projection: Weighted sum of measured visibilities, yielding “dirty” images with sidelobe artifacts.
CLEAN: Iterative deconvolution that removes point response (“dirty beam”) sidelobes.
Maximum Entropy (MEM): Finds the image maximizing entropy under visibility constraints.
Expectation-Maximization (EM): Direct Poisson likelihood maximization on raw pixel counts, enforcing non-negativity.
Forward-Fitting: Parametric model fitting (e.g., multiple Gaussians); minimized residuals in (u,v) domain (Massa et al., 2023).

Advanced visibility interpolation via Variably Scaled Kernels (VSKs) has been shown to substantially enhance simulated and real (RHESSI, STIX) reconstructions (Perracchione et al., 2020). VSK interpolation uses radial basis functions augmented with coarse prior scalings (e.g., from back-projection or CLEAN), equilibrating between over-smoothing and noise fitting even when only 30 visibilities are available.

For imaging spectroscopy, the count visibilities as a function of energy $q$ are inverted to recover the mean electron flux spectrum $\overline{F}(x, y; E)$ using Tikhonov-regularized deconvolution. The inversion

$V_j(q_i) = \sum_{k} K(q_i, E_k) W_j(E_k) \Delta E_k,$

with $K$ the energy response/kernel, returns the electron visibility spectra $W_j(E)$ . These are imaged at each $E_k$ by standard Fourier-domain techniques (Volpara et al., 2023).

4. Implementation: Coarse Flare Locator (CFL) and Neural Inference

The Coarse Flare Locator (CFL) subsystem uses a single H-shaped front grid and a 12-pixel CdTe detector to rapidly estimate flare positions. The classical algorithm is a lookup-table matching of measured 8-pixel illuminated area fractions to a precomputed grid. Recently, a neural network approach was introduced:

Architecture: 3 hidden layers (ReLU, 100 units/layer), 21k parameters, 9 inputs (8 CFL pixels + 1 reference pixel), 2 outputs (normalized $x, y$ coordinates).
Integer-only inference: All floating-point weights/activations are quantized to 16-bit signed integers (5 integer, 11 fractional bits); fixed-point arithmetic deployed onboard.
Performance: Quantized MLP reduces position error from 280″ (lookup table) to 97″; requires fewer parameters and meets all flight CPU/memory constraints.
Portability: The same “Grid-STIX” approach—train offline, quantize MLP, deploy fixed-point code—applies to analogous X-ray grid imagers (RHESSI, MiSolFA, etc.) (Massa et al., 29 Aug 2024).

5. Grid-STIX for Cyber-Physical Security in Power Grids

Grid-STIX also designates a domain-specific extension of the STIX 2.1 cyber threat intelligence standard for electrical power systems. This ontology, detailed in (Blakely et al., 14 Nov 2025), addresses deficiencies in conventional STIX representations by adding grid-specific asset taxonomies, operational technology (OT) relationships, and cyber-physical context modules.

Key components:

Modular Ontology Architecture: Encapsulating Asset, Component, Relationship, Policy, AttackPattern, NuclearSafeguards, Context, and Vocabularies modules, all STIX 2.1–compliant.
Asset/Component Hierarchy: Specialized object types (e.g., DistributedEnergyResource, Substation, Transformer, ProtectionRelay, NuclearReactor), each inheriting from base STIX SDOs.
Cyber-physical Relationship Modeling: Relations such as feeds-power-to(x,y), protects-asset(x,y), and transitive closure for cascading impact are defined; formalized in OWL 2 DL.
Security Policies: Policy objects model Zero Trust, PDP/PEP entities, access rules (e.g., peak/emergency mode access control), IAEA safeguard integration for nuclear facilities.
Threat Modeling: Attack patterns, supply chain risk graphs (with propagation), and cross-domain impact (IT/OT, cyber/physical nodes) are natively supported.
Validation and Implementation: Validation via ROBOT and SHACL/SPARQL; code generation in Python via Owlready2+Jinja2; HTML/d3.js/Graphviz visualization.

Use cases: Cross-utility threat intelligence sharing, supply chain risk assessment, substation attack modeling, and nuclear facility cybersecurity with enforceable policy integration (Blakely et al., 14 Nov 2025).

6. Graph Modeling in Grid-STIX for CTI Applications

In cyber-physical threat intelligence workflows for smart grids, Grid-STIX extends graph-based tools such as cyberaCTIve (Czekster et al., 2022). Here, each grid scenario is a directed labeled graph with SDOs/SCOs as vertices and SROs as edges. Automatic partitioning by incident or semantic group (e.g., TTP, infrastructure, campaign) maintains tractable subgraphs, with JSON-STIX object representations and full timeline/validation pipelines. Pilot evaluations indicate a 40% reduction in model-building time for a 150-node microgrid, sub-200 ms validation, and reduced analyst cognitive load.

7. Impact, Limitations, and Future Prospects

For hard X-ray astronomy, Grid-STIX techniques (Fourier encoding via sparse grid collimators, advanced inversion, machine-learned priors) enable efficient, high-resolution imaging-spectroscopy of solar flares from compact, non-rotating space platforms. The sparse but structured (u,v) coverage, combined with priors and regularization, delivers sub-arcminute and at times near-10″ imaging over a full solar disk. Limitations remain due to the finite number of visibilities and noise sensitivity; enhanced interpolation and regularization mitigate these.

In cyber-physical security, the Grid-STIX ontology’s modular extension of the STIX 2.1 framework empowers sector-specific CTI for the grid. It enables rigorous modeling of asset relationships, risk propagation, and the formalization and enforcement of cross-domain and zero-trust policies. Integration with code generation and visualization tools accelerates adoption in operational environments. The ontology is open-source and extensible to future technologies and evolving threat landscapes (Blakely et al., 14 Nov 2025).

Key references: