Multi‐Layered Optimization for Adaptive Decoy Placement in Cyber‐Resilient Power Systems Under Uncertain Attack Scenarios

The rapid development of technology in the past decades created a society heavily dependent on electricity, where even short disturbances in the power supply can result in grave socio-economic consequences. Therefore, assuring a safe and reliable operation of the power system has become of utmost importance. False data injection attacks (FDIAs) represent a class of cyber-attacks targeting the power system state estimation. FDIAs alter the perspective of the power system’s state which can lead to inappropriate control actions. Thus, a reliable method for detecting FDIAs represents the main prerequisite to the safe operation of the power system in the context of cybersecurity. Noticing the scarce literature analyzing the detection of FDIAs in power systems with a high share of renewable energy sources, this paper demonstrates that the performance of the existing methods deteriorates when faced with the volatile nature of renewable energy sources. This paper presents a deep learning approach for detecting stealthy FDIAs concerning the power systems with high penetration of renewable energy sources. The performance of the proposed method is validated through different scenarios based on the modified versions of the IEEE 14-bus system and the IEEE 118-bus system. The proposed method is able to detect most of the attacks under different test scenarios, outperforming the benchmark techniques with an average detection rate of 99% for the IEEE 14-bus system and 97% for the IEEE 118-bus system.

The accurately estimated state is of great importance for maintaining a stable running condition of power systems. To maintain the accuracy of the estimated state, bad data detection (BDD) is utilized by power systems to get rid of erroneous measurements due to meter failures or outside attacks. However, false data injection (FDI) attacks, as recently revealed, can circumvent BDD and insert any bias into the value of the estimated state. Continuous works on constructing and/or protecting power systems from such attacks have been done in recent years. This survey comprehensively overviews three major aspects: constructing FDI attacks; impacts of FDI attacks on electricity market; and defending against FDI attacks. Specifically, we first explore the problem of constructing FDI attacks, and further show their associated impacts on electricity market operations, from the adversary's point of view. Then, from the perspective of the system operator, we present countermeasures against FDI attacks. We also outline the future research directions and potential challenges based on the above overview, in the context of FDI attacks, impacts, and defense.

Random subspace ensemble-based detection of false data injection attacks in automatic generation control systems

Multi-objective cost-effective optimization for defending against false data injection attacks in power system operation

Mahalanobis distance-based robust approaches against false data injection attacks on dynamic power state estimation

This article proposes a novel approach to uncover deficiencies of the existing cyber-attack detection schemes and thereby to serve as a foundation for establishing more reliable cybersecure solutions, with particular application in dc microgrids. For this purpose, a multiagent deep reinforcement learning (RL)-based algorithm is proposed to automatically discover the vulnerable spots in the conventional index-based cyberattack detection schemes and automatically generate coordinated stealthy destabilizing false data injection (FDI) attacks on cyber-protected islanded dc microgrids. To enable a continuous action space for the trained RL agents and enhance the algorithm’s precision and convergence rate, deep deterministic policy gradient is incorporated. Using this approach, susceptibility of a state-of-the-art detection scheme to several different coordinated FDI attacks on the distributed communication links is identified. The proposed algorithm is also enhanced with a sniffing feature to enable maintaining the stealthy attacks even under the sudden disconnection of any of the compromised links. To address the discovered deficiencies within the index-based detection scheme, a complementary multiagent RL detection algorithm using deep <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"><tex-math notation="LaTeX">$Q$</tex-math></inline-formula> -network algorithm is integrated, which provides a more reliable overall identification performance. Taking into account the communication delays and load changes, the effectiveness of the proposed algorithm is verified by the experimental tests.

This paper studies the secure state estimation problem for multi-area power systems with unknown load deviation when the sensor measurements of power systems encounter false data injection (FDI) attacks. By modeling a new state-space model including the variables of load deviation and FDI attack signals, an intermediate observer-based method is developed to simultaneously estimate the load deviation and FDI attacks. Then, the secure state estimator is designed by compensating FDI attacks, while the unknown load deviation in power systems is compensated by its estimated values to eliminate system oscillations as much as possible. Simulations show the effectiveness of the proposed methods.

This paper is aimed at exploring the optimal false data injection (FDI) attack against continuous time self‐triggered model predictive control (STMPC) systems with sample‐and‐hold input signals to address the potential security defects. First, the mathematical model of FDI attack against the considered STMPC system is established. Then, the difference between the states of the nominal system and the attacked system is explicitly calculated such that the impact of FDI attacks on the STMPC systems can be quantitatively analyzed. And finally, an efficient and effective algorithm to realize the desired FDI attack is proposed, and in order to maintain the flexibility of the attacker, the designed FDI attack algorithm is developed under different attacking scenarios, including attacking a single control node at each sampling time and attacking multiple control nodes each time. Finally, two simulation experiments are carried out based on a robot system and a cart–damper–spring system to verify the efficacy and optimality of the designed FDI attack strategy.

State estimation plays a critical role in maintaining operational stability of a power system, which is however vulnerable to attacks. False data injection (FDI) attacks can manipulate the state estimation results through tampering the measurement data. In this paper, a cyber-physical model is proposed to defend against FDI attacks. It judiciously integrates a physical model which captures ideal measurements, with a generative adversarial network (GAN) based data model which captures the deviations from ideal measurements. To improve computation efficiency of GAN, a new smooth training technique is developed, and an online adaptive window idea is explored to maintain the state estimation integrity in real time. The simulation results on IEEE 30-bus system and IEEE 118-bus system demonstrate that our defense technique can accurately recover the state estimation data manipulated by FDI attacks. The resulting recovered measurements are sufficiently close to the true measurements, with the error lower than $1.5e^{-5}$ and $2e^{-2}$ p.u. in terms of voltage amplitude and phase angle, respectively.

In this paper, we consider false data injection (FDI) attacks with limited information of transmission-line susceptances and new countermeasures in smart grids. First, we prove that the adversary could launch FDI attacks to modify the state variable on a bus or superbus only if he/she knows the susceptance of every transmission line that is incident to that bus or superbus. Based on this observation, we provide a new countermeasure against FDI attacks, i.e., to make the susceptances of n-1 interconnected transmission lines that cover all buses unknown to the adversary (e.g., by proactively perturbing transmission-line susceptances through distributed flexible AC transmission system (D-FACTS) devices), where n is the total number of buses. This new countermeasure can work alone or in conjunction with traditional ones to reduce the number of meter measurements/state variables that are to be secured against FDI attacks. The implementation of FDI attacks with limited susceptance information and the effectiveness of new countermeasures are demonstrated by using an illustrative 4-bus power system and the IEEE 9-bus, 14-bus, 30-bus, 118-bus, and 300-bus test power systems.

Security in smart grids has been investigated by many scholars so far. Among the existing security issues, False Data Injection (FDI) attacks in energy, computers, and communication domains are still an ongoing challenge. These attacks have the ability to sabotage the grid through causing misfunctioning of measurements devices as well as changing the state estimation appraisal so that these changes, known as false data, cannot be easily recognized and identified using conventional approaches. In this paper, the degree of network resilience against FDI attacks is analyzed by simulating a randomly generated sample FDI attack, in which the false data vector has different intensity and different quantity. A steady-state AC power flow in accordance with the outage model is employed to simulate and predict the power system response after the incidence of an FDI attack, and the ability of this attack for blackout and shutting down the transmission network has been investigated. In the proposed model, the transmission line outage, load shedding, as well as voltage instability metrics are tested and analyzed on the IEEE 300- bus test network. Given that FDI attacks are considered a serious threat to power systems, the preliminary results imply that the targeted electricity grid is resilient against these attacks in terms of the probability of outage and chain blackouts, but the transient voltage stability can be affected.

Moving target defense (MTD) is a new defensive strategy protecting the power system state estimation from cyberattacks. Using the distributed flexible ac transmission system (D-FACTS), MTD works by actively perturbing the branch parameters that are needed to construct the false data injection (FDI) attacks. Although there are many pioneer works on MTD, the relationship between the construction of MTD and detection of FDI attacks has not been revealed. In this article, we reveal the correlation between MTD design and FDI detection and optimize MTD’s performance in terms of detecting FDI attacks. We provide a sufficient condition for a specially designed MTD to detect and identify the FDI attack and a necessary condition for general MTDs to protect the state estimates from being independently modified. With the aim to reduce the number of measurements that can be manipulated by the attacker after MTD, we develop a heuristic algorithm to compute a near-optimal solution for the deployment of D-FACTS devices. Moreover, we prove that the coordinated design of consecutive perturbation schemes within an MTD cycle can improve the performance of MTD in terms of detecting FDI attacks. Finally, we conduct extensive simulations with the IEEE power system test cases to validate our findings.

10.13039/501100004608-Natural Science Foundation of Jiangsu Province (Grant Number: BK20180367); &#13;\n10.13039/501100001809-National Natural Science Foundation of China (Grant Number: 62173087, 61933007, 61873148 and 61803082); &#13;\n10.13039/501100012226-Fundamental Research Funds for the Central Universities; &#13;\nZhiShan Youth Scholar Program from Southeast University of China; &#13;\nAlexander von Humboldt Foundation of Germany; &#13;\nRussian Ministry of Science and Education (Grant Number: 075-15-2020-808).

False data injection (FDI) attacks have recently been introduced as an important class of cyberattacks in modern power systems. By coordinating the injection of false data in selected meters readings, an FDI attacks can bypass bad data detection methods in power system state estimation. In this paper, we propose a strategy to enhance detection and identification of an FDI that leverages reactance perturbation. We begin by deriving conditions to mitigate attacks in noiseless systems that relates the likelihood of attack detection and identification to the rank of the composite matrix, limited by power system topology and the deployment of meters. Based on such conditions, we design a secure reactance perturbation algorithm that maximizes the likelihood of an FDI attack detection and identification while minimizing the effect on the operational cost of power systems, e.g., power losses on transmission lines. Simulations on a 6-bus and the IEEE 57-bus system verify the performance of the secure reactance perturbation and the effect on power losses in both noiseless and noisy systems.

The integration of information and communication technologies (ICTs) has provided modern smart grids, such as direct current (DC) microgrids (MGs), with various advantages, e.g., the possibility of large-scale integration of renewable energy sources and complex control schemes. This extensive deployment of ICTs, however, makes DC MGs prone to a variety of cyber threats, e.g., false data injection (FDI) attacks. On this basis, this paper develops online detection and mitigation schemes to counter FDI attacks against DC MGs. Initially, in the offline training of the detection scheme, the density-based spatial clustering of applications with noise (DBSCAN) method is used for extracting prescriptive features of DC MG measurements and clustering them in healthy and under-attack operations under several uncertainties in DC MG operations. These features are used to train an adaptive network-based fuzzy inference system (ANFIS) architecture for the online identification of FDI attacks. Afterward, the trained ANFIS is used to detect FDI attacks and obtain the attack vectors benefiting from the real-time measurements estimated by an optimal state observer. Finally, an adaptive model predictive controller (AMPC) is developed to update the power-sharing commands—and mitigate the FDI attack—using the ANFIS’s obtained attack vectors. The effectiveness of the proposed framework is evaluated for several realistic FDI attack scenarios and different uncertainties. To show the scalability of the proposed detection and mitigation methods, a DC MG with eight converters is also studied in the presence of FDI attacks and uncertainties using real-time simulations.