Detection Of False Data Injection Attacks Research Articles

Detection of False Data Injection Attacks on Smart Grids Based on A-BiTG Approach

A false data injection attack (FDIA) is the main attack method that threatens the security of smart grids. FDIAs mislead the control center to make wrong judgments by modifying the measurement data of the power grid system. Therefore, the effective and accurate detection of FDIAs is crucial for the safe operation of smart grids. However, the current deep learning-based methods do not fully exploit the short-term local characteristics and long-term dependencies of power grid data and have poor correlation with past and future time series information, resulting in a lack of credibility in the detection results. In view of this, an FDIA detection model combining a bidirectional temporal convolutional network and bidirectional gated recurrent unit with an attention mechanism (A-BiTG) was proposed. The proposed model utilizes a bidirectional time convolutional network (BiTCN) and bidirectional gated recurrent unit (BiGRU) to consider past and future temporal information in the grid. This enhances the ability of the model to capture long-term dependencies and extract features, while also solving the model’s problem of exploding and vanishing gradients. In addition, an attention mechanism (AM) was added to dynamically assign weights to the extracted feature information and retain the most valuable features to improve the detection accuracy of the model. Finally, the proposed method was compared with existing methods on the IEEE 14-bus and IEEE 118-bus test systems. The results show that the proposed detection model is more robust and superior under different noise environments and FDIA signals with different intensities.

Codesign of FDI Attacks Detection, Isolation, and Mitigation for Complex Microgrid Systems: An HBF-NN-Based Approach.

The primary purpose of this article is to design an intelligent false data injection (FDI) attacks detection, isolation, and mitigation scheme for a class of complex microgrid systems with electric vehicles (EVs). First, a networked microgrid with an EV model is well established, which takes load disturbance, wind generation fluctuation, and FDI attacks into account so as to truly reflect the operation process of the complex system. Then, an intelligent hyper basis function neural network (HBF-NN) observer is designed to accurately estimate the state of the microgrids, learn, and reconstruct the possible attack signal online. Subsequently, a novel HBF-NN-based H∞ controller is skillfully designed to mitigate the negative impact of FDI attacks online, so as to ensure the normal operation of the complex systems in an unreliable network environment. Finally, a two-stage integrated intelligent detection and maintenance algorithm is summarized and one simulation is presented to provide tangible evidence of the feasibility and superiority of the proposed FDI attacks detection, isolation, and mitigation methodology.

Bayesian GAN-Based False Data Injection Attack Detection in Active Distribution Grids With DERs

Bayesian GAN-Based False Data Injection Attack Detection in Active Distribution Grids With DERs

A Fusion Adaptive Cubature Kalman Filter Approach for False Data Injection Attack Detection of DC Microgrids

With the widespread application of information technology in microgrids, microgrids are evolving into a class of power cyber–physical systems (CPSs) that are deeply integrated with physical and information systems. Due to the high dependence of microgrids’ distributed cooperative control on real-time communication and system state information, they are increasingly susceptible to false data injection attacks (FDIAs). To deal with this issue, in this paper, a novel false data injection attack detection method for direct-current microgrids (DC MGs) was proposed, based on fusion adaptive cubature Kalman filter (FACKF) approach. Firstly, a DC MG model with false data injection attack is established, and the system under attack is analyzed. Subsequently, an FACKF approach is proposed to detect attacks, capable of accurately identifying the attacks on the DC MG and determining the measurement units injected with false data. Finally, simulation validations were conducted under various DC MG model conditions. The extensive simulation results demonstrate that the proposed method surpasses traditional CKF detection methods in accuracy and effectiveness across different conditions.

A Framework for Detecting False Data Injection Attacks in Large-Scale Wireless Sensor Networks.

False data injection attacks (FDIAs) on sensor networks involve injecting deceptive or malicious data into the sensor readings that cause decision-makers to make incorrect decisions, leading to serious consequences. With the ever-increasing volume of data in large-scale sensor networks, detecting FDIAs in large-scale sensor networks becomes more challenging. In this paper, we propose a framework for the distributed detection of FDIAs in large-scale sensor networks. By extracting the spatiotemporal correlation information from sensor data, the large-scale sensors are categorized into multiple correlation groups. Within each correlation group, an autoregressive integrated moving average (ARIMA) is built to learn the temporal correlation of cross-correlation, and a consistency criterion is established to identify abnormal sensor nodes. The effectiveness of the proposed detection framework is validated based on a real dataset from the U.S. smart grid and simulated under both the simple FDIA and the stealthy FDIA strategies.

End-Edge-Cloud Collaboration-Based False Data Injection Attack Detection in Distribution Networks

False data injection attack (FDIA) can pose a severe threat to the distribution networks (DN), and the accurate detection of FDIA plays a key role in the safe and reliable operation of the DN. In this paper, an end-edge-cloud collaboration-based detection framework is proposed to detect FDIA in the DN. First, in order to effectively preserve the privacy of different stakeholders in the DN and solve the problem of data island, a federated learning (FL)-based edge-cloud collaboration mechanism is designed according to the proposed end-edge-cloud collaboration framework to jointly train the local FDIA detection models and eventually build a comprehensive FDIA detection model. Then, considering the temporal-spatial correlation of measurement data, a local data-driven FDIA detection model is proposed based on a novel temporal-spatial graph convolutional network (TSGCN) which can extract temporal-spatial features of the measurement data and improve the FDIA detection performance. In general, compared with the traditional centralized FDIA detection methods, the proposed method can make full use of the computational capacity of distributed edge devices and reduce the pressure of computation on the control centre. Finally, simulation results based on the modified IEEE 14- bus and IEEE 118- bus distribution systems indicate that the proposed method can effectively improve the accuracy of FDIA detection compared with other methods.

Detection of False Data Injection Attack in Power System Based on Hellinger Distance

The deep integration of sensor, computer and communication networks has dramatically improved the efficiency and operational performance of the electric grid. However, it also exposes the grid to rising threats of cyber-physical attacks. False data injection attack (FDIA) is one of the most representative attacks. To improve the security of grid operation, we propose a Hellinger-distance -based FDIA detection method by tracking the dynamic characteristics of measurement variations at adjacent moments. First, the irrelevant components of measured data are sieved out by empirical modal decomposition (EMD). Second, the image transform algorithms are used to deal with the mapping of measurement variations to refine the distribution characteristics. Last, the discrepancies between the probability distributions are derived based on Hellinger distance to determine whether FDIA exists. Concerning state-variable attacks on different nodes, the method is tested using the IEEE 14-bus system. The results indicate that the proposed scheme has high-level detection precision for false data injection attacks.

Privacy-preserving federated learning for detecting false data injection attacks on power system

False data injection attacks (FDIA) against power system state estimation have been well studied due to its potential threat to real-time energy management. However, the existing works either focus on the case with a sufficiently large local data sets or the local data can be transmitted to a central node, or the case where the system parameters can be easily acquired through communication. This contradicts with real-world applications where the measurement data is geographically distributed and the system parameters are unknown, and also leads to data leakage issues. To solve the problem, a novel FDIA detection algorithm is proposed based on federated learning, through which a global detection model is generated. In the proposed algorithm, the state owners execute a federated learning algorithm using their own data, which avoids massive data transmission and protects the data privacy. Moreover, to prevent the model parameter from exposure to attackers, artificial noise is added into the model estimations to guarantee differential-privacy. Theoretical results show a trade-off in algorithm accuracy and its privacy preserving level. Simulations on the IEEE 30-bus system validate the effectiveness of the proposed mechanism on FDIA detection and its trade-off in accuracy and privacy preserving.

Election-based optimization algorithm with deep learning-enabled false data injection attack detection in cyber-physical systems

<abstract> <p>Cyber-physical systems (CPSs) are affected by cyberattacks once they are more connected to cyberspace. Advanced CPSs are highly complex and susceptible to attacks such as false data injection attacks (FDIA) targeted to mislead the systems and make them unstable. Leveraging an integration of anomaly detection methods, real-time monitoring, and machine learning (ML) algorithms, research workers are developing robust frameworks to recognize and alleviate the effect of FDIA. These methods often scrutinize deviations from predictable system behavior, using statistical analysis and anomaly detection systems to determine abnormalities that can indicate malicious activities. This manuscript offers the design of an election-based optimization algorithm with a deep learning-enabled false data injection attack detection (EBODL-FDIAD) method in the CPS infrastructure. The purpose of the EBODL-FDIAD technique is to enhance security in the CPS environment via the detection of FDIAs. In the EBODL-FDIAD technique, the linear scaling normalization (LSN) approach can be used to scale the input data into valuable formats. Besides, the EBODL-FDIAD system performs ensemble learning classification comprising three classifiers, namely the kernel extreme learning machine (KELM), long short-term memory (LSTM), and attention-based bidirectional recurrent neural network (ABiRNN) model. For optimal hyperparameter selection of the ensemble classifiers, the EBO algorithm can be applied. To validate the enriched performance of the EBODL-FDIAD technique, wide-ranging simulations were involved. The extensive results highlighted that the EBODL-FDIAD algorithm performed well over other systems concerning numerous measures.</p> </abstract>

Dynamic Reconfiguration for Resilient State Estimation Against Cyber Attacks

The increasing complexity and connectivity of critical infrastructures makes it increasingly likely that they will be subject to malicious attacks that compromise operation. Recent studies have shown that these systems are vulnerable to a wide range of cyber-attacks, including False Data Injection (FDI) attacks that bypasses conventional detection techniques. Conventional security monitoring, protection, and control tools are based primarily on passive defense strategies. In this paper, we propose an approach for active defense that improves system security and the detection rate of FDI attacks. The key insight for this approach is that emerging micro-grids can utilize distributed energy resources to dynamically reconfigure the system (e.g. power flow paths), across multiple acceptable configurations. Instead of using information from only a single static configuration to detect FDI attacks, our proposed approach uses <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">dynamic reconfiguration</i> to compare measured and estimated states under multiple configurations to accurately detect FDI attacks. We describe an implementation and supporting infrastructure for a secure reconfigurable microgrid. <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Dynamic reconfiguration</i> also makes it more difficult for attackers to gain knowledge on the system's parameters, which increases the difficulty for attackers to construct hidden attack vectors. We evaluate our approach in the specific scenario of emerging micro-grids. We develop a novel technique for state estimation using multiple configurations and demonstrate that this approach significantly improves FDI detection accuracy.

Stealthy False Data Injection Attacks Detection and Classification in Cyber-Physical Systems Using Deep Reinforcement Learning

Stealthy False Data Injection Attacks Detection and Classification in Cyber-Physical Systems Using Deep Reinforcement Learning

A locational false data injection attack detection method in smart grid based on adversarial variational autoencoders

Stealthy FDIA (False Data Injection Attack) is a serious cyber threat that can modify state estimation of smart grid through maliciously altering the measurement data, but can’t be detected by traditional bad data detection system in smart grid. There exist two weakpoints for numerous deep neural networks (DNNs) based data-driven schemes against FDIA. First, they mainly focus on detecting the presence of FDIA, but fail to localize the specific bus/nodes affected. Second, their performance is not sufficiently desirable under small attack, i.e., anomalies caused by the attack closely resemble normal data. To address the above issues, this paper proposes an effective locational FDIA detection framework based on data reconstruction, AT-GVAE, which seamlessly integrates the variational autoencoders (VAEs) and generative adversarial network paradigm. Specifically, our contributions are threefold. First, the proposed AT-GVAE framework is novelly composed of two main modules: the generative VAE_G and discriminative VAE_D that both play dual roles: reconstruct data from jointly learning distributions of data and latent feature space, and meanwhile play Minmax game with adversarial way. Second, multiple-layer gated recurrent units (GRUs) are utilized as the basic structure of the encoder and decoders in both VAEs, to characterize the temporal correlations of measurement data sequence. Additionally, the self-attention mechanism is used to enhance the expressive ability of GRU based VAEs. Then, the anomaly score for each busbar in the smart grid is determined by comparing the residual between the observed measurement and the outputs of VAE_G and VAE_D, enabling the localization of FDIA. Finally, thorough experiments on multiple power systems with series data of total 3456 measurements demonstrate that, in terms of multiple typical metrics, including false alarm rate vs. detection probability, AUC-ROC, and AUC-PR, our proposed framework outperforms the state-of-the-art GRU, VAE and adversarial training based FDIA detection schemes.

Paired Swarm Optimized Relational Vector Learning for FDI Attack Detection in IoT-Aided Smart Grid

IoT-aided smart grid heavily depends on the most innovative communication technologies that could make the grid system susceptible to False Data Injection Attacks (FDIA). The main objective of the FDI attackers remains in damaging or corrupting the state estimation strategy in the smart grid resulting in blackouts and/or to influence the electricity market. With a number of features involved in the smart grid system, FDIA detection is said to be complicated. By the conventional bad data detection systems, the FDIA detection accuracy and validation made by Receiver Operating Characteristic (ROC) curve were marginally acceptable. However, due to the time complexity and overhead incurred, the detection of FDIA is a hot research topic. In this work, we design an efficient FDIA detection method by coupling Cooperative Paired Swarm Optimization and Relational Vector Learning techniques (CPSO-RVL), to address the above-said issues. First, the cooperative paired particle swarm optimization model is proposed to attain an appropriate feature for improving the computational efficiency of FDIA detection. Next, with the obtained significant features, the relational vector learning-based FDIA detection model is designed for robust classification between FDIA and non-FDIA with minimum overhead. The extensive experiments show that the proposed method outperforms existing baseline approaches by 16%, and 34% in terms of computation time, and computation overhead respectively.

False Data-Injection Attack Detection in Cyber-Physical Systems With Unknown Parameters: A Deep Reinforcement Learning Approach.

This article studies the detection of discontinuous false data-injection (FDI) attacks on cyber-physical systems (CPSs). Considering the unknown stochastic properties of the process noise and measurement noise, deep reinforcement learning is applied to designing an FDI attack detector. First, the discontinuous attack detection problem is modeled as a partially observable Markov decision process (POMDP) and a neural network is used to explore the POMDP. In the network, sliding observation windows which are composed of the offline fragment historical data are used as the input. An approach to designing the reward in POMDP is provided to ensure the precision of the detection when there are even some state recognition errors. Second, sufficient conditions on attack frequency and duration to guarantee the applicability of the detector and the expected estimation performance are further given. Finally, simulation examples illustrate the effectiveness of the attack detector.

The Detection of False Data Injection Attack for Cyber–Physical Power Systems Considering a Multi-Attack Mode

Amidst the evolving communication technology landscape, conventional distribution networks have gradually metamorphosed into cyber–physical power systems (CPPSs). Within this transformative milieu, the cyber infrastructure not only bolsters grid security but also introduces a novel security peril—the false data injection attack (FDIA). Owing to the variable knowledge held by cyber assailants regarding the system’s network structure, current achievements exhibit deficiencies in accommodating the detection of FDIA across diverse attacker profiles. To address the historical data imbalances encountered during practical FDIA detection, we propose a dataset balancing model based on generating adversarial network-gated recurrent units (GAN-GRU) in conjunction with an FDIA detection model based on the Transformer neural network. Harnessing the temporal data extraction capabilities of gated recurrent units, we construct a GRU neural network system as the GAN’s generator and discriminator, aimed at data balance. After preprocessing, the balanced data are fed into the Transformer neural network for training and output classification to discern distinct FDIA attack types. This model enables precise classification amidst varying FDIA scenarios. Validation involves testing the model on load data from the IEEE 118-bus system and affirming its high accuracy and effectiveness in detecting power systems after multiple attacks.

Detection of false data injection attack in power grid based on spatial-temporal transformer network

False data injection attacks (FDIA) severely impact the secure operation of power grid, making accurate FDIA detection crucial for stability of power grid. Considering the complex spatiotemporal dependency of the power grid, this paper proposes a new FDIA detection method based on the Spatial-Temporal Transformer network to effectively integrate the topology and data of the power grid. In the Spatial Transformer network, the self-attention mechanism is utilized to capture the global dependency of the power grid, while the graph convolutional layer is employed to establish the local dependency of the power grid. In the Temporal Transformer network, the self-attention mechanism is employed to capture the long-term sequence dependency of power grid data, overcoming the limitation of long short-term memory network (LSTM) which can only model limited temporal dependency. Therefore, the Spatial-Temporal Transformer network can effectively mine spatiotemporal features in power grid, improving detection accuracy. The proposed detection method is evaluated using real load data from NYISO in IEEE 14-bus and IEEE 118-bus systems. Simulation results demonstrate the effectiveness and robustness of the proposed method.

A Novel False Measurement Data Detection Mechanism for Smart Grids

With the growing cyber-infrastructure of smart grids, the threat of cyber-attacks has intensified, posing an increased risk of compromised communication links. Of particular concern is the false data injection (FDI) attack, which has emerged as a highly dangerous cyber-attack targeting smart grids. This paper addresses the limitations of the variable dummy value model proposed in the authors previous work and presents a novel defense methodology called the nonlinear function-based variable dummy value model for the AC power flow network. The proposed model is evaluated using the IEEE 14-bus test system, demonstrating its effectiveness in detecting FDI attacks. It has been shown that previous detection techniques are unable to detect FDI attacks, whereas the proposed method is shown to be successful in the detection of such attacks, guaranteeing the security of the smart grid’s measurement infrastructure.

A False Data Injection Attack Detection Strategy for Unbalanced Distribution Networks State Estimation

With the advance in communication facilities and information technologies, the state estimation (SE) of distribution networks is subject to intensified cybersecurity threats caused by false data injection attacks (FDIAs). To address the issues, this paper proposes a novel FDIA detection strategy for unbalanced distribution networks. The SE model and corresponding general imperfect FDIA are introduced first to emulate the attacking behavior in practice. To achieve FDIA detection, we propose a square-root unscented Kalman filter (SR-UKF) based forecasting-aided SE (FASE) to generate estimation results. By modifying the filtering step of the proposed FASE into a redundant linear regression form, random outliers can be effectively detected and suppressed by leveraging the projection statistics (PS). Afterward, based on the acquired SE results, a generalized likelihood ratio test (GLRT) is designed to detect FDIAs on consecutive snapshots. In the GLRT, the dynamic time warping (DTW) distance between two innovation sequences is set as the test variable, which is compared with the offline determined detection threshold under a specific false alarm rate. The feasibility of the proposed general imperfect FDIA and the effectiveness of the proposed FDIA detection strategy are validated through extensive numerical simulations.

Detection of Stealthy False Data Injection Attacks in Modular Multilevel Converters

A modular multilevel converter (MMC) in a high-voltage direct-current (HVDC) transmission system consists of an electric-coupled physical system and a communication-coupled cyber system, leading to a cyber-physical system (CPS). Such a CPS is vulnerable to false data injection attacks (FDIA), which are the main category of cyberattacks. FDIAs can be launched by injecting false data into the control or communication system of the MMC to change the submodule (SM) capacitor voltage seen by the central controller. Consequently, the capacitor voltage of the attacked SM will deviate from its normal value and thus threaten the safe operation of the converter. Stealthy FDIAs characterized by elaborated attack sequences are more dangerous because they can deceive and bypass the attack detector presented in the existing literature for the MMC. To address this issue, this paper proposes a stealthy FDIA detection method to obtain the real SM capacitor voltages. Thus, the attacked SM can be located by comparing its real capacitor voltage with prespecified thresholds. Simulation results validate the effectiveness of the proposed detection and protection strategies.

Laplace-Domain Hybrid Distribution Model Based FDIA Attack Sample Generation in Smart Grids

False data injection attack (FDIA) is a deliberate modification of measurement data collected by the power grid using vulnerabilities in power grid state estimation, resulting in erroneous judgments made by the power grid control center. As a symmetrical defense scheme, FDIA detection usually uses machine learning methods to detect attack samples. However, existing detection models for FDIA typically require large-scale training samples, which are difficult to obtain in practical scenarios, making it difficult for detection models to achieve effective detection performance. In light of this, this paper proposes a novel FDIA sample generation method to construct large-scale attack samples by introducing a hybrid Laplacian model capable of accurately fitting the distribution of data changes. First, we analyze the large-scale power system sensing measurement data and establish the data distribution model of symmetric Laplace distribution. Furthermore, a hybrid Laplace-domain symmetric distribution model with multi-dimensional component parameters is constructed, which can induce a deliberate deviation in the state estimation from its safe value by injecting into the power system measurement. Due to the influence of the multivariate parameters of the hybrid Laplace-domain distribution model, the sample deviation generated by this model can not only obtain an efficient attack effect, but also effectively avoid the recognition of the FDIA detection model. Extensive experiments are carried out over IEEE 14-bus and IEEE 118-bus test systems. The corresponding results unequivocally demonstrate that our proposed attack method can quickly construct large-scale FDIA attack samples and exhibit significantly higher resistance to detection by state-of-the-art detection models, while also offering superior concealment capabilities compared to traditional FDIA approaches.