Temporal false data injection attack and detection on cyber‐physical power system based on deep reinforcement learning

Abstract

AbstractFalse data injection (FDI) attacks are serious threats to a cyber‐physical power system (CPPS), which may be launched by a malicious software or virus accessing only the measurements from one substation. This study proposes a novel attack method named the temporal FDI (TFDI) attack. Namely, the virus makes decisions based on temporal observations of the CPPS, and the attack is driven by a deep Q network (DQN) algorithm. As DQN takes vectors of continuous variables as input states, the proposed method is free of the state space explosion problem, which helps the virus to learn the optimal attack strategy efficiently. Moreover, for adopting time‐series measurements as quasi‐dynamic observations, long short‐term memory cells are employed as a layer of the Q network. The TFDI attack enables the virus to discern trends of load variations and enhance the attack’s effectiveness. Meanwhile, a countermeasure is also presented to detect the proposed FDI attack. Binary classifiers are trained for each bus to detect suspicious local measurements according to their deviations from system‐state manifolds. When suspicious measurements are spotted frequently, the corresponding bus is believed to be under FDI attacks. Test cases validate the efficacy of the proposed FDI attack method as well as its countermeasure.