Detection Of False Data Injection Attacks Research Articles

Federated Deep Learning Model for False Data Injection Attack Detection in Cyber Physical Power Systems

Cyber-physical power systems (CPPS) integrate information and communication technology into conventional electric power systems to facilitate bidirectional communication of information and electric power between users and power grids. Despite its benefits, the open communication environment of CPPS is vulnerable to various security attacks. This paper proposes a federated deep learning-based architecture to detect false data injection attacks (FDIAs) in CPPS. The proposed work offers a strong, decentralized alternative with the ability to boost detection accuracy while maintaining data privacy, presenting a significant opportunity for real-world applications in the smart grid. This framework combines state-of-the-art machine learning and deep learning models, which are used in both centralized and federated learning configurations, to boost the detection of false data injection attacks in cyber-physical power systems. In particular, the research uses a multi-stage detection framework that combines several models, including classic machine learning classifiers like Random Forest and ExtraTrees Classifiers, and deep learning architectures such as Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU). The results demonstrate that Bidirectional GRU and LSTM models with attention layers in a federated learning setup achieve superior performance, with accuracy approaching 99.8%. This approach enhances both detection accuracy and data privacy, offering a robust solution for FDIA detection in real-world smart grid applications.

Cluster partition-fuzzy broad learning-based fast detection and localization framework for false data injection attack in smart distribution networks

The distributed renewable energy generations, as accessible and easily targets for attackers, introduce an extra false data injection attack (FDIA) threat in the smart distribution networks. Scattered attack points and complex attack features hinder the elimination of potential threats. In this context, an FDIA fast detection and pinpoint localization framework is proposed. This framework identifies abnormal signals and attacked nodes from the unique topology structure and status contiguity of smart distribution networks, namely, spatial-temporal correlations of power grids, by using a cluster partition-fuzzy broad learning system (CP-FBLS). Unlike most existing FDIA detection methods, which are dedicated to high accuracy but neglect the urgent need for rapid detection in smart distribution networks, the proposed CP-FBLS framework maintains the fast computational nature of a fuzzy broad learning system (FBLS), while avoiding the accuracy degradation caused by high-dimension of data in large-scale smart distribution networks. Moreover, the multi-layer structure of the proposed framework recognizes the location of FDIA, bridging the research gap of attack localization. To comprehensively evaluate the proposed strategy, datasets containing various FDIA types are constructed. Numerical simulations based on the above datasets in modified IEEE 34-bus and 123-bus distribution systems are implemented. The results of the case studies showed that the proposed method can achieve 98.43 % accuracy with 0.34 ms detection time, realizing rapid detection and localization of various FDIAs with satisfactory accuracy.

Edge Computing Method for False Data Injection Attack Detection in Electromechanical Transient Simulation Grid

Because edge computing is close to the terminal, it has significant advantages of low latency and high-security realtime control and has huge application prospects in the current popular smart grid. Because its edge side is close to the terminal, it can also effectively avoid the risk of information leakage when control instructions or communication data are transmitted to remote cloud center servers over a long distance. However, edge devices have a greater probability of encountering false data injection attacks (FDIAs) from illegal terminals because of their proximity to terminals. The transient electromechanical situation of the smart grid due to FDIAs is analyzed under edge computing. Due to the characteristics that the status values of grid nodes have temporal correlation before and after and spatial correlation between nodes, the Long Short-Term Memory (LSTM) for training time series data is selected to predict the status values of grid nodes in advance. The FDIA detection method is also proposed based on the LSTM network. By calculating the predicted value at each historical moment and the root means square error (RMSE) of the system state estimation at that moment, the detection threshold of the scheme is calculated through the cumulative distribution function of RMSE. Simulation experiments are conducted on the Institute of Electrical and Electronics Engineers (IEEE)-14 node standard system. The detection rate is as high as 99.71%, which verifies the effectiveness of the proposed FDIA detection scheme. This paper studies the security threat of FDIA to the stable power system operation and provides theoretical analysis and practical reference for other power grid security protection strategies.

Random subspace ensemble-based detection of false data injection attacks in automatic generation control systems

Automatic Generation Control (AGC) systems in smart grids are increasingly vulnerable to cyber-attacks, particularly False Data Injection (FDI) attacks, due to their reliance on information and communication technologies. These vulnerabilities pose significant threats to the reliable operation of power systems. To address this challenge, this research paper introduces the machine learning (ML) based cyberattack detection technique designed to identify FDI attacks with the highest accuracy proficiently. The study involves a comprehensive analysis of three features: the original discrete signal feature, the cycle-to-cycle-based feature, and the sample-to-sample-based feature. These features are utilized for detecting FDI attacks and distinguishing them from normal load variations. The research meticulously collects data by simulating diverse FDI attacks, including step attacks, pulse attacks, random attacks, and normal load variation cases on an AGC power system. Four ML classifiers are selected and compared for the classification task. The simulation results reveal that the sample-to-sample-based feature proves highly effective in distinguishing FDI attacks compared to the original signal and cycle-to-cycle-based features. Notably, the results indicate that the random subspace ensemble (RaSE) classifier, utilizing sample-to-sample-based features, effectively identifies and classifies all normal and FDI attacks. This research provides valuable insights into the potential of ML techniques for enhancing FDI attack detection in the AGC of power systems. It provides a potential pathway for overcoming the limitations associated with traditional model-based FDI detection methods.

A detection model for false data injection attacks in smart grids based on graph spatial features using temporal convolutional neural networks

Due to the intelligence and opening of future generation cyber–physical power systems, smart grids are vulnerable to the emergency of cyber-attacks aiming at the cyber–physical systems. Among these attacks, false data injection (FDI) attacks are particularly concerning in smart grids due to their stealthiness. Attackers can tamper with data transmitted through communication networks, influencing the analysis results of the control center, leading it to make wrong decisions and thereby undermining the stability of smart grids. The inability of traditional bad data detection models to detect false data injection attacks poses huge security risks to smart grids. For this reason, a new attack detection model using spatial–temporal features is proposed. The proposed detection model includes the following two parts: spatial features extraction and temporal convolutional network. First, graph convolutional operations are employed to disentangle the interactions among buses and extract spatial features of measurement; Then, the temporal convolutional network model is used to extract the temporal features. Through these processes, the proposed detection model can effectively identify the injected false data injection attacks in smart grids. The detection performance and robustness of the proposed FDI attack detection model are tested through simulations on IEEE 14-bus and 118-bus grid systems.

A deep learning deviation-based scheme to defend against false data injection attacks in power distribution systems

Defending against false data injection attacks (FDIAs) in cyber-physical power systems is crucial. Detection in power distribution systems is complex due to load variations, uncertainties, and fewer meters. Defense strategies include model-driven and data-driven approaches, but model-based methods can trigger false alarms due to threshold setting issues. The current research proposes a novel data-driven method to address threshold setting issues in detecting and localizing FDIAs in power distribution systems. First, a dataset is created by recording estimated measurement values using an unscented Kalman filter and weighted least squares across various attack scenarios. These estimated measurements are then fed into a deep artificial neural network (ANN) for binary classification to detect attacks. The output, along with the estimated measurements, is used by another ANN to localize the corrupted meter zone. This deep learning-based approach improves threshold setting over the common chi-square method. Results show that the proposed deep learning method for FDIA detection and localization outperforms a recently proposed ensemble of shallow models. The area under the curve value increases by about 5% with lower training time. The approach is also effective against previously unseen attack strategies and different feeder topologies.

The data recovery strategy on machine learning against false data injection attacks in power cyber physical systems

During the transmission of power measurement data through communication networks from remote terminal unit (RTU) to the state estimator in Supervisory Control and Data Acquisition (SCADA), power cyber-physical systems (PCPSs) are more susceptible to cyber-attacks. To mitigate that threat, this paper is concerned with a new data recovery strategy on machine learning against false data injection attacks (FDIAs) in PCPSs. Firstly, in view of the limited resources (such as limited energy) of adversaries and system protections, a sparse target false data injection attack (FDIA) is constructed. Then, the FDIA detection problem is transformed into a tripartite separation problem, and the alternating direction method of multipliers on proximal exchange (ADMM-PE) is adopted to complete the intrusion detection of FDIAs. In addition, with the help of reliable mask information and real incomplete measurement data provided by the FDIA detection, a similar supervised generative adversarial imputation networks (GAIN) is proposed to complete the measurement data recovery after FDIAs. Specifically, the pseudo labels generated by data analysis methods such as k-means clustering and support vector machine (SVM) to improve the accuracy of measurement data recovery. Finally, the experimental results of PCPSs show the effectiveness and superiority of the proposed data recovery strategy against FDIAs.

Comparison of deep learning algorithms for site detection of false data injection attacks in smart grids

False Data Injection Attacks (FDIA) pose a significant threat to the stability of smart grids. Traditional Bad Data Detection (BDD) algorithms, deployed to remove low-quality data, can easily be bypassed by these attacks which require minimal knowledge about the parameters of the power bus systems. This makes it essential to develop defence approaches that are generic and scalable to all types of power systems. Deep learning algorithms provide state-of-the-art detection for FDIA while requiring no knowledge about system parameters. However, there are very few works in the literature that evaluate these models for FDIA detection at the level of an individual node in the power system. In this paper, we compare several recent deep learning-based model that proven their high performance and accuracy in detecting the exact location of the attack node, which are convolutional neural networks (CNN), Long Short-Term Memory (LSTM), attention-based bidirectional LSTM, and hybrid models. We, then, compare their performance with baseline multi-layer perceptron (MLP)., All the models are evaluated on IEEE-14 and IEEE-118 bus systems in terms of row accuracy (RACC), computational time, and memory space required for training the deep learning model. Each model was further investigated through a manual grid search to determine the optimal architecture of the deep learning model, including the number of layers and neurons in each layer. Based on the results, CNN model exhibited consistently high performance in very short training time. LSTM achieved the second highest accuracy; however, it had required an averagely higher training time. The attention-based LSTM model achieved a high accuracy of 94.53 during hyperparameter tuning, while the CNN model achieved a moderately lower accuracy with only one-fourth of the training time. Finally, the performance of each model was quantified on different variants of the dataset—which varied in their l2\\documentclass[12pt]{minimal} \\usepackage{amsmath} \\usepackage{wasysym} \\usepackage{amsfonts} \\usepackage{amssymb} \\usepackage{amsbsy} \\usepackage{mathrsfs} \\usepackage{upgreek} \\setlength{\\oddsidemargin}{-69pt} \\begin{document}$${\ ext{l}}_{2}$$\\end{document}-norm. Based on the results, LSTM, CNN obtained the highest accuracy followed by CNN-LSTM and lastly MLP.

Metaheuristics based dimensionality reduction with deep learning driven false data injection attack detection for enhanced network security

Recent sensor, communication, and computing technological advancements facilitate smart grid use. The heavy reliance on developed data and communication technology increases the exposure of smart grids to cyberattacks. Existing mitigation in the electricity grid focuses on protecting primary or redundant measurements. These approaches make certain assumptions regarding false data injection (FDI) attacks, which are inadequate and restrictive to cope with cyberattacks. The reliance on communication technology has emphasized the exposure of power systems to FDI assaults that can bypass the current bad data detection (BDD) mechanism. The current study on unobservable FDI attacks (FDIA) reveals the severe threat of secured system operation because these attacks can avoid the BDD method. Thus, a Data-driven learning-based approach helps detect unobservable FDIAs in distribution systems to mitigate these risks. This study presents a new Hybrid Metaheuristics-based Dimensionality Reduction with Deep Learning for FDIA (HMDR-DLFDIA) Detection technique for Enhanced Network Security. The primary objective of the HMDR-DLFDIA technique is to recognize and classify FDIA attacks in the distribution systems. In the HMDR-DLFDIA technique, the min–max scalar is primarily used for the data normalization process. Besides, a hybrid Harris Hawks optimizer with a sine cosine algorithm (hybrid HHO‐SCA) is applied for feature selection. For FDIA detection, the HMDR-DLFDIA technique utilizes the stacked autoencoder (SAE) method. To improve the detection outcomes of the SAE model, the gazelle optimization algorithm (GOA) is exploited. A complete set of experiments was organized to highlight the supremacy of the HMDR-DLFDIA method. The comprehensive result analysis stated that the HMDR-DLFDIA technique performed better than existing DL models.

False Data Injection Attack Detection, Isolation, and Identification in Industrial Control Systems Based on Machine Learning: Application in Load Frequency Control

The integration of advanced information and communication technology in smart grids has exposed them to increased cyber attacks. Traditional model-based fault detection systems rely on mathematical models to identify malicious activities but struggle with the complexity of modern systems. This paper explores the application of artificial intelligence, specifically machine learning, to develop fault detection mechanisms that do not depend on these models. We focus on operational technology for fault detection, isolation, and identification (FDII) within smart grids, specifically examining a load frequency control (LFC) system. Our proposed approach uses sensor data to accurately identify threats, demonstrating promising results in simulated environments.

Power grid network security: A lightweight detection model for composite false data injection attacks using spatiotemporal features

The stability of power systems is paramount to industrial operations. The deleterious inherent characteristics of false data injection attacks (FDIA) have drawn substantial interest due to their severe threats to power grids. Contemporary detection systems face numerous challenges as attackers employ various tactics, such as injecting complex elements into measurement data and formulating quick attack strategies against critical nodes and transmission lines in the power grid network topology. Conventional models often fail to adapt to the intricacies of practical situations because they focus predominantly on detecting individual components. To overcome the above predicaments, this paper proposes a lightweight detection model integrating deep separable convolutional layers, squeeze neural networks, and a bidirectional long short-term memory architecture named DSE-BiLSTM. The acquisition process of network topological characteristics is accomplished through variable graph attention autoencoder (VGAAE). This approach leverages the effectiveness of the graph convolution (GCN) layer to acquire each node’s topological feature and the graph attention (GAT) module to identify and extract the topological features of critical nodes. Furthermore, the topology information obtained by the both techniques is embedded in one-dimensional vector space in the same form as measurement data. By combining the output of VGAAE with meter measurements, the feature fusion of temporal and spatial modalities is realized. DSE-BiLSTM with optimal hyperparameters achieves an F1-score of 99.56% and a row accuracy (RACC) of 93.10% on the conventional dataset. The experimental results of FDIA detection with composite datasets of IEEE 14-bus and IEEE 118-bus systems show that the F1-score and RACC of DSE-BiLSTM remain above 84.51% and 83.56% under various attack strengths and noise levels. In addition, as the power grid network scales up, noise level’s effect on detection performance decreases, while attack strength’s effect on recognition capability increases. DSE-BiLSTM can effectively process the composite data of spatiotemporal multimodes and provides a feasible solution for the localization and detection of FDIA in realistic scenes.

The Method for smart grid false data injection attack detection based on multilevel fingerprint identity authentication

The Method for smart grid false data injection attack detection based on multilevel fingerprint identity authentication

Detection of false data injection attacks in smart grid based on adaptive inhibition unscented Kalman filter

Abstract False data injection attacks (FDIAs) cause incorrect system states by tampering with measurements, seriously affecting the EMS’s control process. However, the well-designed FDIAs can bypass traditional bad data detection (BDD) mechanisms. Aiming at the challenge, we improve the unscented Kalman filter and combine AIUKF with weighted least squares (WLS) to detect FDIAs. Utilizing the different convergence rates of the two estimators, the cosine similarity is introduced for FDIA detection. Various test conditions in IEEE-14-bus are simulated to underline the capability of AIUKF in state estimation. The results indicate that the proposed detection approach is superior for detecting FDIAs.

Detection of False Data Injection Attacks on Smart Grids Based on A-BiTG Approach

A false data injection attack (FDIA) is the main attack method that threatens the security of smart grids. FDIAs mislead the control center to make wrong judgments by modifying the measurement data of the power grid system. Therefore, the effective and accurate detection of FDIAs is crucial for the safe operation of smart grids. However, the current deep learning-based methods do not fully exploit the short-term local characteristics and long-term dependencies of power grid data and have poor correlation with past and future time series information, resulting in a lack of credibility in the detection results. In view of this, an FDIA detection model combining a bidirectional temporal convolutional network and bidirectional gated recurrent unit with an attention mechanism (A-BiTG) was proposed. The proposed model utilizes a bidirectional time convolutional network (BiTCN) and bidirectional gated recurrent unit (BiGRU) to consider past and future temporal information in the grid. This enhances the ability of the model to capture long-term dependencies and extract features, while also solving the model’s problem of exploding and vanishing gradients. In addition, an attention mechanism (AM) was added to dynamically assign weights to the extracted feature information and retain the most valuable features to improve the detection accuracy of the model. Finally, the proposed method was compared with existing methods on the IEEE 14-bus and IEEE 118-bus test systems. The results show that the proposed detection model is more robust and superior under different noise environments and FDIA signals with different intensities.

Codesign of FDI Attacks Detection, Isolation, and Mitigation for Complex Microgrid Systems: An HBF-NN-Based Approach.

The primary purpose of this article is to design an intelligent false data injection (FDI) attacks detection, isolation, and mitigation scheme for a class of complex microgrid systems with electric vehicles (EVs). First, a networked microgrid with an EV model is well established, which takes load disturbance, wind generation fluctuation, and FDI attacks into account so as to truly reflect the operation process of the complex system. Then, an intelligent hyper basis function neural network (HBF-NN) observer is designed to accurately estimate the state of the microgrids, learn, and reconstruct the possible attack signal online. Subsequently, a novel HBF-NN-based H∞ controller is skillfully designed to mitigate the negative impact of FDI attacks online, so as to ensure the normal operation of the complex systems in an unreliable network environment. Finally, a two-stage integrated intelligent detection and maintenance algorithm is summarized and one simulation is presented to provide tangible evidence of the feasibility and superiority of the proposed FDI attacks detection, isolation, and mitigation methodology.

Bayesian GAN-Based False Data Injection Attack Detection in Active Distribution Grids With DERs

Bayesian GAN-Based False Data Injection Attack Detection in Active Distribution Grids With DERs

A Fusion Adaptive Cubature Kalman Filter Approach for False Data Injection Attack Detection of DC Microgrids

With the widespread application of information technology in microgrids, microgrids are evolving into a class of power cyber–physical systems (CPSs) that are deeply integrated with physical and information systems. Due to the high dependence of microgrids’ distributed cooperative control on real-time communication and system state information, they are increasingly susceptible to false data injection attacks (FDIAs). To deal with this issue, in this paper, a novel false data injection attack detection method for direct-current microgrids (DC MGs) was proposed, based on fusion adaptive cubature Kalman filter (FACKF) approach. Firstly, a DC MG model with false data injection attack is established, and the system under attack is analyzed. Subsequently, an FACKF approach is proposed to detect attacks, capable of accurately identifying the attacks on the DC MG and determining the measurement units injected with false data. Finally, simulation validations were conducted under various DC MG model conditions. The extensive simulation results demonstrate that the proposed method surpasses traditional CKF detection methods in accuracy and effectiveness across different conditions.

Dynamic Reconfiguration for Resilient State Estimation Against Cyber Attacks

The increasing complexity and connectivity of critical infrastructures makes it increasingly likely that they will be subject to malicious attacks that compromise operation. Recent studies have shown that these systems are vulnerable to a wide range of cyber-attacks, including False Data Injection (FDI) attacks that bypasses conventional detection techniques. Conventional security monitoring, protection, and control tools are based primarily on passive defense strategies. In this paper, we propose an approach for active defense that improves system security and the detection rate of FDI attacks. The key insight for this approach is that emerging micro-grids can utilize distributed energy resources to dynamically reconfigure the system (e.g. power flow paths), across multiple acceptable configurations. Instead of using information from only a single static configuration to detect FDI attacks, our proposed approach uses <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">dynamic reconfiguration</i> to compare measured and estimated states under multiple configurations to accurately detect FDI attacks. We describe an implementation and supporting infrastructure for a secure reconfigurable microgrid. <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">Dynamic reconfiguration</i> also makes it more difficult for attackers to gain knowledge on the system's parameters, which increases the difficulty for attackers to construct hidden attack vectors. We evaluate our approach in the specific scenario of emerging micro-grids. We develop a novel technique for state estimation using multiple configurations and demonstrate that this approach significantly improves FDI detection accuracy.

A Framework for Detecting False Data Injection Attacks in Large-Scale Wireless Sensor Networks.

False data injection attacks (FDIAs) on sensor networks involve injecting deceptive or malicious data into the sensor readings that cause decision-makers to make incorrect decisions, leading to serious consequences. With the ever-increasing volume of data in large-scale sensor networks, detecting FDIAs in large-scale sensor networks becomes more challenging. In this paper, we propose a framework for the distributed detection of FDIAs in large-scale sensor networks. By extracting the spatiotemporal correlation information from sensor data, the large-scale sensors are categorized into multiple correlation groups. Within each correlation group, an autoregressive integrated moving average (ARIMA) is built to learn the temporal correlation of cross-correlation, and a consistency criterion is established to identify abnormal sensor nodes. The effectiveness of the proposed detection framework is validated based on a real dataset from the U.S. smart grid and simulated under both the simple FDIA and the stealthy FDIA strategies.

End-Edge-Cloud Collaboration-Based False Data Injection Attack Detection in Distribution Networks

False data injection attack (FDIA) can pose a severe threat to the distribution networks (DN), and the accurate detection of FDIA plays a key role in the safe and reliable operation of the DN. In this paper, an end-edge-cloud collaboration-based detection framework is proposed to detect FDIA in the DN. First, in order to effectively preserve the privacy of different stakeholders in the DN and solve the problem of data island, a federated learning (FL)-based edge-cloud collaboration mechanism is designed according to the proposed end-edge-cloud collaboration framework to jointly train the local FDIA detection models and eventually build a comprehensive FDIA detection model. Then, considering the temporal-spatial correlation of measurement data, a local data-driven FDIA detection model is proposed based on a novel temporal-spatial graph convolutional network (TSGCN) which can extract temporal-spatial features of the measurement data and improve the FDIA detection performance. In general, compared with the traditional centralized FDIA detection methods, the proposed method can make full use of the computational capacity of distributed edge devices and reduce the pressure of computation on the control centre. Finally, simulation results based on the modified IEEE 14- bus and IEEE 118- bus distribution systems indicate that the proposed method can effectively improve the accuracy of FDIA detection compared with other methods.