Problem definition and graph model representation

As shown in Fig 1,consider a wireless communication network of K nodes (Power Internet of Things, PIoT), its dynamic expansion can be modeled as a sequence of time-varying graphs , where is the set of nodes (including smart meters, sensors, etc.), each node represents an electrical device with multi-dimensional structural characteristics. , edge e_ij represents the communication link between devices and . The binary adjacency matrix , if and have effective communication, then a_ij = 1. , element w_ij represents the transmission delay of the link. This paper assumes there are P data tampering nodes, , by accessing the network through illegal means and forming communication with some compliant nodes, the goal of this paper is to identify and locate data tampering nodes in the two-dimensional spatial coordinates , thereby ensuring the security of the power wireless communication network.

In the current Power Internet of Things (PIoT), the network is composed of distributed electrical devices (such as smart meters, sensors, microgrid controllers, etc.) connected through wireless communication links. To represent the dynamic characteristics of the network structure, is used to represent the feature matrix of the nodes, which includes signal strength, device type, and other G-dimensional dynamic attributes. Using to represent the link loss rate matrix, where element indicates the loss rate between nodes and . To unify the network state, the normalized graph signal is defined as:

(1)

Among them, the attention weights [21] are given by:

(2)

where are learnable projection matrices, d is the projection dimension, and the softmax function normalizes the interaction weights. The parameter matrix maps the integrated features to G-dimensional spatiotemporal features.

Based on the model established above, the localization problem of eavesdropping nodes in the Power Internet of Things (PIoT) can be formalized as follows: given the graph signal , learn the mapping function , where M is the number of eavesdropping nodes, and are their spatial coordinates.

Among them, the attention weights are given by:

(3)

where are learnable projection matrices, d is the projection dimension, and the softmax function normalizes the interaction weights. The parameter matrix maps the integrated features to G-dimensional spatiotemporal features.

Based on the model established above, the localization problem of eavesdropping nodes in the Power Internet of Things (PIoT) can be formalized as follows: given the graph signal , learn the mapping function , where M is the number of eavesdropping nodes, and are their spatial coordinates.

In existing research, traditional methods often use manually designed statistical features combined with shallow models to approximate eavesdropping behaviors in dynamic heterogeneous networks [22]. However, these methods have limitations in expressive power and struggle to accurately capture and describe complex eavesdropping patterns within the network. In contrast, the GKAN model proposed in this study can approximate any nonlinear mapping by flexibly combining simple functions, thereby significantly enhancing the model’s expressive power. The GKAN model achieves attention-based enhancement of spatiotemporal features, thus enabling more accurate localization of eavesdropping nodes in complex network environments.

Dynamic graph update mechanism

In a dynamic Power Internet of Things (PIoT) environment, the joining or leaving of nodes is common. To accurately capture these topological changes, we define a dynamic graph update mechanism. Assume the adjacency matrix at timestep t–1 is A_t−1. If at time t, a new set of nodes joins the network, establishing a new set of links with the existing node set , while a set of nodes and their associated links go offline, the new adjacency matrix A_t is updated as follows:

(4)

This update mechanism ensures that the graph representation reflects the physical topology of the network in real-time, providing an accurate foundation for subsequent spatiotemporal feature extraction.

Proposed DSTF-GKAN network principles

Based on the Kolmogorov-Arnold theorem [10], a dynamic spline grid graph network (Dynamic Spatiotemporal Fusion Framework KAN, DSTF-GKAN) is constructed. The core innovation of DSTF-GKAN lies in the introduction of a channel state-driven control point self-adaptation mechanism. Each neuron’s corresponding sample function adjusts the control points s_p based on the real-time channel state K_pq(t):

(5)

where is the modulation factor, is the B-spline function, and its control point number K_pq(t) satisfies:

(6)

where h_pq(t) is the channel attenuation coefficient for link . is an output layer one-dimensional continuous function, which achieves high-dimensional mapping through the superposition of sub-branches, used to balance the density of control points based on the channel quality dynamic equilibrium and model complexity. When the channel attenuation is severe (h_pq(t)<7), the control points are thinned to reduce the number of parameters; when the channel quality is good (h_pq(t)> = 7), the control points are densified to improve approximation accuracy. Moreover, due to the local support property of B-spline functions, when propagating in the reverse direction, only the activation control points related to the current input need to be updated, which reduces the computational overhead of DSTF-GKAN compared to traditional KAN.

Traditional graph convolutional networks (Graph Convolutional Networks, GCNs) are based on the assumption of static graph structure, where node labels are functions of the graph’s adjacency matrix A and node features X. The features of multi-layer graph convolutional networks (GCN) are defined by layer-wise propagation rules:

(7)

where is the graph’s adjacency matrix, I_N is the identity matrix, . Here, represents the trainable weight matrix, denotes the activation function. The matrix contains the activation values of the l-th layer, where H⁽⁰⁾ = X.

The forward model of GCN is expressed as:

(8)

where represents the weight matrix mapping the input features to H features of the hidden layer, and maps the hidden layer features to the output layer. The weights and are optimized using gradient descent methods.

Fig 2 shows the construction process of the QKAN framework based on different representation methods between layers. In this framework, the node embedding of the -th layer is generated by passing the aggregated node features of the -th layer through the . The expression is as follows:

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 2. The model structure of GKAN [23].

https://doi.org/10.1371/journal.pone.0330593.g002

(9)

where . Assuming the architecture has L layers, the forward model can be expressed as: . In this model, the process of node classification utilizes graph structure and node features, achieving a series of transformations and nonlinearities, providing an effective mechanism for semi-supervised learning environments to handle labeled and unlabeled data. This method is simple and efficient, enabling the model to effectively grasp the complex patterns and feature distributions of node connections.

Fig 3 illustrates the traditional graph convolutional network. In the traditional GCN architecture, convolutional layers interact through the adjacency matrix A and the feature matrix X, aggregating and transforming node features. The first convolutional layer (CONVOLVE(1)) performs preliminary transformations on the input features. The second convolutional layer (CONVOLVE(2)) further aggregates and transforms features. Node features are progressively passed to the next layer through the aggregation of the adjacency matrix. The final output is the embedding or classification result of the nodes. Traditional graph convolutional networks rely on linear weights and fixed activation functions. The GKAN architecture emphasizes aggregation before transformation, highlighting the role of the KAN layer after aggregation.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 3. The model structure of GCN [24].

https://doi.org/10.1371/journal.pone.0330593.g003

The DSTF-GKAN model follows a feature extraction–nonlinear mapping two-stage paradigm.

Stage 1: Spatiotemporal Feature Extraction: The GRNN module (specifically GRU-GCN) handles this stage. At each time step t, the GRU-GCN processes the graph snapshot . GCN layers aggregate spatial information from neighboring nodes, while GRU units capture temporal dependencies between the current and historical states. This generates a spatiotemporal feature vector H_t for each node.

Stage 2: Nonlinear Mapping and Decision: The KAN module takes the GRNN output H_t as input. Leveraging its strong nonlinear approximation capability, KAN learns the complex mapping from the high-dimensional spatiotemporal feature space H_t to the final task objectives (eavesdropping detection classification and attack localization regression).

This cascaded design clarifies functional roles: GRNN handles dynamic graph complexity to produce informative latent representations, while KAN learns decision boundaries from these representations. The approach enhances interpretability, enables independent module optimization, and improves the framework’s technical depth and reproducibility.

Design of multi-task loss function

The optimization objective of DSTF-GKAN includes eavesdropping detection (classification task) and attack localization (regression task), with the main training goal being to minimize the localization error. Considering the stealthiness of eavesdropping behavior, the training samples typically only include a small portion of known eavesdroppers. To fully utilize unlabeled data, this paper designs a composite loss function that incorporates both classification and regression tasks, defined as:

(10)

where:

λ and γ are weights for balancing classification and regression tasks, respectively. The detection loss uses weighted cross-entropy loss to address class imbalance issues:

(11)

Here, α is the weight for the minority class (experimentally set to ), y_i is the true label (0-Normal, 1-Eavesdropping), and is the predicted probability.

The localization loss uses the root mean square error (RMSE) to measure the coordinate prediction error, where and are the predicted coordinates:

(12)

The regularization term includes layer-wise isolation regularization and PLS feature constraints:

(13)

where is the group sparsity regularization, is the channel mutual information difference, and is the security threshold. The sparse regularization helps to automatically select the key functions and control points that contribute the most to eavesdropping localization.

Here, the regularization term consists of two parts. The first part is Hierarchical Sparse Regularization, mathematically defined as:

(14)

This term calculates the L₂ norm for the rows of the weight matrix and then sums these norms (an L₁ norm), which encourages the model to set all outgoing weights of certain neurons to zero during learning. This is equivalent to performing feature selection at the network layer, effectively compressing the model parameters while retaining neurons crucial for the task, thus achieving structured sparsity. The second part is the Physical Layer Security (PLS) feature constraint.It is based on the principle of reciprocity in wireless channels. In legitimate bidirectional communication links, the channel gain from node p to node q should be approximately equal to the channel gain from node q to node p. However, eavesdroppers, due to their different locations, do not form channels with legitimate nodes that possess this characteristic. Therefore, we define the channel reciprocity difference degree . The regularization term − penalizes links where the difference exceeds a security threshold, thereby guiding the model to learn to identify those abnormal connections that do not conform to the physical layer channel characteristics, enhancing sensitivity to malicious attacks.

KAN stability and spline sensitivity mitigation strategies

Despite KAN’s powerful non-linear fitting capabilities, its inherent spline functions are sensitive to the position and number of control points, which can lead to training instability or overfitting.

To address this issue, our framework employs the following synergistic mitigation strategies:

• Adaptive Grid Refinement: We adopt a dynamic grid optimization strategy based on validation loss. Initially, training starts with a small number of control points (e.g., K₀ = 5) for coarse-grained fitting. During training, if the localization loss on the validation set does not significantly decrease for N consecutive epochs (in our experiments, N  =  5) (decrease rate ε where ), grid optimization is triggered. This process identifies the spline interval with the largest gradient norm and inserts a new control point at its midpoint. This strategy ensures that model complexity increases only when necessary, avoiding superfluous parameters and thus improving stability.
• Regularization Constraint: As shown in Equation (13), the L_2,1 regularization we introduce not only makes the model lightweight but also penalizes the magnitude of the weight values through its intrinsic L2 norm component. This indirectly smoothes the B-spline curves and limits their curvature, effectively preventing drastic oscillations caused by data noise and thereby enhancing the model’s generalization ability and robustness to minor perturbations.
• Local Support of B-splines: The B-spline functions used in KAN have the property of local support, meaning each basis spline function is non-zero only over a finite sub-interval. This implies that a small change in an input value will only affect a few adjacent basis functions, rather than causing a drastic global impact on the entire function. This locality naturally enhances the model’s stability and resistance to interference.

Through the combination of these three strategies, DSTF-GKAN effectively overcomes the potential instability issues of KAN while maintaining high accuracy.

DSTF-GKAN adaptive strategy

This algorithm describes the training process of the Dynamic Spatiotemporal Fusion Graph Network (DSTF-GKAN), which focuses on dynamically adjusting spline grid parameters and spatiotemporal feature encoding to jointly optimize eavesdropping detection and localization tasks. Algorithm Features:

• Dynamic Spatiotemporal Modeling: Jointly captures the spatiotemporal evolution characteristics of network topology through the integration of GRU-GCN.
• Adaptive Spline Grid: Dynamically adjusts the number of control points based on validation loss to balance model complexity and accuracy.
• Multi-Task Joint Optimization: Detection (classification) and localization (regression) tasks are trained collaboratively with a weight λ to enhance overall performance.
• Robustness Enhancement: Regularization terms incorporate physical layer security constraints (channel reciprocity difference) to defend against tampering attacks.

Specific eavesdropping localization algorithm steps are a is shown in Algorithm 1.

Algorithm 1 DSTF-GKAN Training Process

Input: Dynamic graph sequence , initial parameters

  θ, initial grid K₀

Output: Trained parameters θ, optimized grids

1: Initialize θ, K = K₀, optimized grids

2: for t in 1 to T do:

3:   Forward propagation:

4:   Spatio-temporal encoding

5:   DSTF-GKAN mapping

6:   Calculate loss:

7:  

8:   Backward propagation:

9:  

10:   Update θ:

11:   Grid optimization:

12:   if then

13:    Bisection, add control points

14:   end if

15: end for

16: return θ, K

During each training phase, a mini-batch is randomly selected from the entire dataset, and the model’s outputs and corresponding loss function values are computed through forward propagation. Subsequently, the model parameters are updated via backpropagation. Concurrently, the spline grid is dynamically adjusted, and an early stopping mechanism is utilized to control the number of iterations. Upon completion of the training process, the DSTF-GKAN model for the eavesdropping localization task is acquired. This procedure ensures that the model can effectively conduct real-time eavesdropping detection and precise localization while maintaining high adaptability to the environment and low computational costs.

This algorithm is suitable for active security defense scenarios in wireless networks, capable of detecting eavesdropping nodes in real-time and accurately locating their positions, offering advantages of high environmental adaptability and low computational overhead.

DSTF-GKAN model deployment and acceleration

To meet the requirements of real-time performance and low power consumption for smart grids, this paper further enhances the deployment and acceleration of the DSTF-GKAN model, enabling it to be deployed on platforms with limited resources. The following lightweight training techniques and edge deployment strategies are adopted.

Hybrid Precision Training: FP16 precision is used for accelerated computation, and key parameters (such as loss functions) are kept in FP32 precision to prevent gradient overflow. Gradient accumulation and asynchronous updates are performed: parameters are updated after every 4 mini-batches to adapt to memory constraints of edge devices.

Quantization-Aware Training (QAT): INT8 quantization noise is simulated during training to improve the robustness of the model post-deployment. The weight quantization formula is as follows:

(15)

where the scaling factor s is dynamically adjusted based on the maximum absolute value of the weight matrix W to ensure that the quantized values are consistent with the original distribution.

By employing the above methods, the DSTF-GKAN model can be efficiently deployed on edge devices such as Jetson TX2. In the experimental evaluation section, this paper will assess the model’s speed and energy consumption when embedded in edge devices.

Experimental setup

Datasets: The simulation data is generated based on a wireless communication simulation platform. Real data is collected from a provincial power company’s PIoT test platform, including communication logs of 200 nodes such as smart meters and microgrid controllers over 24 hours (sampling frequency 1Hz), covering indoor substation and outdoor transmission line scenarios.

Dynamic attack pattern definition: Attack Mutation Rate (AMR) and Topology Change Rate (TCR) are defined as follows:

(16)

where N_c represents the number of times the attack pattern changes within a unit time, and N_t represents the total number of attacks. The TCR is used to measure the relative change magnitude of matrix over time. Three types of eavesdropping attack patterns (active interference, passive listening, mixed attacks) are included, with dynamic topology changes (TCR = 0.1-0.3), eavesdropping node ratios (1%-10%), and channel noise (SNR = 5-20 dB).

Comparison methods: This paper selects traditional machine learning models such as Support Vector Machine (SVM), Graph Convolutional Network (GCN),as well as deep learning models such as Transformer, Kolmogorov-Arnold Networks(KAN), and Graph Recurrent Neural Networks (GRNN) as baselines.

Evaluation metrics: Accuracy, Precision, Recall, and F1-score are used to assess the performance of eavesdropping node classification:

(17)

(18)

(19)

(20)

where TP, TN, FP, and FN represent the number of true positives, true negatives, false positives, and false negatives, respectively. Precision and Recall focus on the number of samples predicted correctly and the number of true samples in the sample set. The F1-score is the harmonic mean of Precision and Recall, a commonly used indicator for comprehensively evaluating the performance of classifiers.

Experimental design: In the simulation platform, random attacks with an attack mutation rate (AMR) of 0.1-0.5 and a topology change rate (TCR) of 0.05-0.3 are injected to record the trends in detection delay and accuracy.Additionally, the average location error (Loc) is used to measure the estimation accuracy of the coordinates of the eavesdropping nodes:

(21)

Hyperparameter selection: Through grid search on the validation set, the optimal structure of DSTF-GKAN is determined to be 3 layers, with 60 neurons per layer and cubic spline functions. The GRU-GCN encoder consists of 2 GCN layers and 1 GRU layer with a hidden dimension of 128. Its output S_t directly fed into the subsequent 2-layer KAN network. KAN layers use 3rd-order B-splines with 5 initial grid points. The learning rate η for adaptive grid optimization (CAG-R) is 0.1, and the smoothness regularization coefficient is 0.01.

The initial learning rate is set to 0.001, with a decay of 50% per grid. The regularization coefficients are , , , . All models are trained using the Adam optimizer with a batch size of 64. Training stops when the performance on the validation set does not improve for 5 consecutive epochs.

Hardware environment: Offline training is conducted on a workstation equipped with an NVIDIA RTX 3090 GPU. Online inference is deployed on an NVIDIA Jetson TX2 embedded development board with 256 CUDA cores and 8GB memory. The model is optimized into binary code through TVM compilation. The experiments are repeated three times, and the average values are taken to eliminate randomness.

Localization performance evaluation

Table 1 shows the experimental results: Under the highly dynamic attack scenario with AMR = 0.5, the F1 score of DSTF-GKAN reaches 0.891, which is a 7.1% improvement over KAN (0.832), significantly outperforming other baseline models. KAN experiences a faster rate of performance decline when there are drastic topology changes because it lacks an adaptive graph update mechanism. KAN, due to its local approximation capability of spline functions, is more adaptable to sudden attacks than global models (such as Transformer).The Transformer experiences a significant increase in latency due to the high computational complexity of self-attention calculations .

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 1. F1 Scores under different Attack Mutation Rates (AMR).

https://doi.org/10.1371/journal.pone.0330593.t001

Table 2 shows the experimental results: as evidenced by the simulated data, DSTF-GKAN attain an F1-score of 0.952 for eavesdropping node classification and diminish the localization error to 0.518m, markedly surpassing other baseline methods. This demonstrates that DSTF-GKANs can effectively learn eavesdropping behavior features in complex environments. In contrast, shallow models like KNNs are limited by their expressive power and struggle to characterize nonlinear anomaly patterns. Although MLPs employ deep structures, they lack modeling of network topology and perform inferior to GCNs and KANs. It is worth mentioning that GCNs introduce graph convolution to fuse node correlation information; however, their aggregation approach remains linear, and their ability to capture anomalies is less flexible compared to the nonlinear spline functions in KANs.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 2. Localization performance of different methods on simulated datasets.

https://doi.org/10.1371/journal.pone.0330593.t002

As shown in Fig 4, in high-dynamic scenarios with an attack mutation rate (AMR = 0.5), DSTF-GKAN achieved an F1 score of 0.891 for detection, an improvement of 7.1% compared to GRNN (0.832). This is mainly due to the effective modeling of spatiotemporal dynamics by the GRNN module and the adaptive adjustment of spline control points by the adaptive KAN layer based on channel status, enabling it to quickly adapt to topology changes and sudden attack patterns. In contrast, traditional GCNs, due to their static graph structure assumption, show significant performance degradation during topological mutations. Furthermore, we analyzed the convergence behavior of these models during training, as depicted in Fig 4. DSTF-GKANs exhibits the fastest convergence speed and reaches the lowest localization error, benefiting from its compact parameter space and efficient optimization procedure. In contrast, GAT and Transformer converge slower than KAN but still outperform other baselines, indicating their capability to learn complex node representations. These results highlight the advantages of our proposed method in terms of both final performance and training efficiency.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 4. The error curves of different methods.

https://doi.org/10.1371/journal.pone.0330593.g004

Ablation study

Table 3 experimental results indicate: The GRU-GCN module: After removal, the F1 score decreased by 3.9%, proving that the fusion of spatiotemporal features is crucial for dynamic attack detection. The KAN mapping layer: Replacing it with an MLP increased the parameter size by three times and RMSE increased by 80%, highlighting the efficient approximation capability of spline functions. Adaptive grid: A fixed grid led to an increase in RMSE by 25.8%, while dynamic optimization significantly improved positioning accuracy. PLS regularization: After removal, the F1 score decreased by 1.3%, indicating that physical layer feature constraints enhance model robustness.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 3. Module ablation results.

https://doi.org/10.1371/journal.pone.0330593.t003

Table 4 shows the experimental results indicating that DSTF-GKAN achieved an F1 score of 0.883 under Gaussian noise with σ = 0.5, which is a 16% improvement over GAT (0.761), attributed to the sensitivity of PLS regularization to channel anomalies. In the label noise experiment, DSTF-GKAN demonstrated its robustness to labeling errors with an F1 score of 0.901 under 20% noise.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 4. Performance comparison under different noise conditions.

https://doi.org/10.1371/journal.pone.0330593.t004

Resource-constrained environment evaluation

This section examines the deployment efficiency of DSTF-GKAN models on resource-constrained platforms. On the Jetson TX2 platform, the performance of the optimized model is tested as follows:

Figs 5 and 6 compares the speed-accuracy trade-off of different methods on the Jetson TX2 embedded device. It can be observed that shallow models like KNNs are computationally fast but perform poorly. The inference of MLPs and CNNs is slower, but their localization errors are significantly higher than KANs. KANs and Transformer strike a balance between accuracy and speed, but their resource consumption is still suboptimal compared to DSTF-GKANs. GCNs also demonstrate a good speed-accuracy balance but are outperformed by DSTF-GKANs in both aspects.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 5. The speed-accuracy trade-off of different methods.

https://doi.org/10.1371/journal.pone.0330593.g005

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 6. Multi-dimensional performance radar(delay, error, and model size).

https://doi.org/10.1371/journal.pone.0330593.g006

Table 5 shows the experimental results indicating that through quantization-aware training and knowledge distillation, the model parameter size is reduced to 3% of the original, and the energy consumption is decreased by 88%, meeting the real-time requirements of edge devices (latency < 1ms).

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 5. Performance comparison of optimized models on Jetson TX2.

https://doi.org/10.1371/journal.pone.0330593.t005

In summary, the proposed DSTF-GKAN method achieves significant performance advantages in the eavesdropping node localization task.

Dynamic adaptability advantage: DSTF-GKAN maintains an F1 score above 0.89 at AMR = 0.5 through adaptive graph updates and GRU-GCN temporal modeling, showing significant improvement over traditional methods.

Balancing lightweight and accuracy: DSTF-GKAN’s spline function compresses parameters, combined with GRNN’s spatiotemporal awareness, achieves an F1 score of 0.951 with a parameter size of 3.5 MB, outperforming the Transformer with a larger parameter size (23.4 MB, F1 = 0.923).

Robustness mechanism: PLS regularization and hierarchical sparsity effectively suppress the impact of noise, with only an 11.4% decrease in F1 score under 30% label noise.

Explainability analysis

To gain deeper insights into the model’s decision-making process, we employed Grad-CAM to visualize the KAN layers and introduced a feature importance ranking as a quantitative metric. Specifically, we computed the gradients of each input feature’s contribution to the final eavesdropping classification and subsequently ranked these features based on their importance. Table 6 presents the quantitative explainability analysis, detailing the feature rank, importance score, and their implications for power grid operators.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Table 6. Feature importance and implications.

https://doi.org/10.1371/journal.pone.0330593.t006

To complement these quantitative insights and provide intuitive visual understanding, we will add visualization examples based on Grad-CAM. Grad-CAM (Gradient-weighted Class Activation Mapping) generates heatmaps that highlight the areas in the input features that contribute most to the model’s final prediction. As illustrated in the heatmaps, the redder the area, the greater its contribution to the model’s judgment of an eavesdropper, indicating a high-risk region that the model focuses on. This helps operators and engineers to visually identify potential sources of threat. Fig 7 shows an example of Grad-CAM visualization, highlighting several neighboring nodes and their connections that play a key role in the decision-making process when an eavesdropping node is detected.

Download:

• PPT
  PowerPoint slide
• PNG
  larger image
• TIFF
  original image

Fig 7. Grad-CAM visualization.

https://doi.org/10.1371/journal.pone.0330593.g007