Modelling and Performance Evaluation of Stealthy False Data Injection Attacks on Smart Grid in the Presence of Corrupted Measurements

# Modelling and Performance Evaluation of Stealthy False Data Injection Attacks on Smart Grid in the Presence of Corrupted Measurements

Adnan Anwar Abdun Naser Mahmood Mark Pickering School of Engineering and Information Technology (SEIT),
The University of New South Wales Australia, Canberra, ACT 2610, Australia
###### Abstract

The false data injection (FDI) attack cannot be detected by the traditional anomaly detection techniques used in the energy system state estimators. In this paper, we demonstrate how FDI attacks can be constructed blindly, i.e., without system knowledge; including topological connectivity and line reactance information. Our analysis reveal that existing FDI attacks become detectable (consequently unsuccessful) by the state estimator if the data contains grossly corrupted measurements such as device malfunction and communication errors. The proposed sparse optimization based stealthy attacks construction strategy overcomes this limitation by separating the gross errors from the measurement matrix. Extensive theoretical modelling and experimental evaluation show that the proposed technique performs more stealthily (has less relative error) and efficiently (fast enough to maintain time requirement) compared to other methods on IEEE benchmark test systems.

###### keywords:
Smart grid, false data injection, blind attack, principal component analysis (PCA).

## 1 Introduction

Recently, smart grid cyber-security has come to the forefront of national security priorities. Several power system anomalies have been attributed to cyber-attacks, highlighting the importance of research on the impact of new kinds of attacks on complex power systems. Nation states and utilities are increasingly concerned about power system integrity, privacy and confidentiality, particularly in the aftermath of the infamous ‘Stuxnet worm’ stuxnet attack in 2010. Recently, the ‘Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)’ reported that among the cyber incidents across all sectors of the critical infrastructure in the fiscal year 2014, the majority (32% or 79 incidents) were in the energy sector ICSreport2015 . In today’s smart grid, the physical energy system and the information and communications technology based cyber system are highly coupled which introduces new security threats.

The state estimator (SE) is a key operational module used in a smart grid energy management system (EMS) to estimate the power system states (e.g., voltage magnitudes and angles) from sensor measurements by minimizing estimation error. A bad data detector module (BDD) works in conjunction with the SE module to identify any anomalies in the measurement data abur2004power . Recent studies have revealed that these critical operational modules (e.g., SE and BDD) are vulnerable to a class of cyber-attack Liu:2009:FDI:1653662.1653666 ; yu7001709 ; AnwarBookApelVi , known as a false data injection (FDI) attack. In a seminal work Liu:2009:FDI:1653662.1653666 , Liu et al. have shown that an attacker can construct a stealthy FDI attack that cannot be detected by traditional anomaly detection modules (BDD) of an EMS. Due to this hidden FDI attack, the SE estimates wrong system states, which misleads the system operator in taking wrong operational decisions that can lead to degradation of the system efficiency, reliability and may trigger cascading failures. Hence, significant research has been carried out on FDI attacks to investigate their stealthiness and construction strategies Liu:2011:FDI:1952982.1952995 ; Kosut5622045 ; Hug6275516 ; Kim6840319 ; Qingyu6490324 ; Ozay6547838 ; Esmalifalak6102326 ; Kim6996007 ; yu7001709 ; Anwar2016pes , along with prospective detection and prevention measures Suzhi6787030 ; Qingyu6490324 ; Hug6275516 ; Jokar6655271 ; Pan7063234 . The objective of this work is to demonstrate circumstances when attacks no longer remain stealthy, and a potential strategy that an attacker can apply to circumvent it. Next, we provide more background on this problem followed by a discussion on the significance and novelty of the proposed approach.

### 1.1 Related Work

There is a growing number of research papers on different aspects of FDI attacks. While some (e.g, Liu:2011:FDI:1952982.1952995 ; yu7001709 ) consider that all measurement devices are vulnerable to cyber attacks, others assume that a subset of measurement devices are compromised Bi6787030 . Some attack detection strategies, e.g., Liu et al. assume that phasor measurement unit (PMU) data is not compromised and build their model around this assumption Liu6740901 ; Liu6655269 . Examples of PMU attack include false data injection, and GPS based spoofing attack. For example, intelligent cyber-attackers can gain access through networked devices and gain the access to PMU by false-using of IP Multicast routing protocols Mousavian6816087 . In addition, authors describe in detail Shepard2012146 how a GPS based PMU can be attacked and wrong data can be injected. In Shepard2012146 , it was reported that currently there are no defences available against these types of PMU attacks. Apart from the PMUs, supervisory control and data acquisition (SCADA) protocols (e.g., modbus), that is widely used to collect remote sensor data, are also vulnerable to cyber attacks Queiroz6009221 .

There are mainly two classes of FDI attacks: one class of attacks make the assumption that various degrees of the system knowledge is known to the attacker, (e.g., network topology, branch and node information, etc.) that can be used for attack construction Liu:2011:FDI:1952982.1952995 ; Kosut5622045 ; Hug6275516 ; Kim6840319 ; Qingyu6490324 ; Ozay6547838 ; another class of FDI attack relaxes the requirement of prerequisite knowledge and these attacks are more realistic yu7001709 ; Anwar2016PAISI . For example, in Liu:2011:FDI:1952982.1952995 , it is discussed how an FDI attack can be constructed using power system information which includes power system topology and line parameters, known as the system Jacobian. Based on the system Jacobian, an attacker can introduce arbitrary errors in the calculation of the state variables by the state estimator module, through injection of false information into sensor measurement data. In Kosut5622045 , an efficient algorithm using a graph theoretic approach was proposed that can construct an stealthy attack. Another graph based attack strategy utilizing power system topology was proposed in Hug6275516 . A data framing FDI attack was proposed in Kim6840319 , where it was shown that an attacker can inject data in such a way that the EMS identifies correctly functioning measurement devices as a false data injection source. In our previous work Anwar2015jrnl1 , we have described a relationship between the power system stability indices and the FDI attacks in a smart grid environment when the attacks are injected through smart meters. In Qingyu6490324 , an attack was defined that maximizes the deviations of the system states. In Ozay6547838 , a collective sparse attack strategy was proposed where state variables in the same cluster are attacked by the same attack vector. However, in a real-world system, it is very difficult to obtain the detailed system information required by these types of FDI attacks. To overcome this limitation, authors in Rahman6503599 assume that the attacker has partial or limited information about the system topology and power system parameters. In Esmalifalak6102326 , a method based on independent component analysis (ICA) was proposed to construct a stealthy attack with low detection rate. In that work, it was assumed that the attacker has no knowledge of the system information and a stealthy attack was constructed based on the measurement matrix. A similar method for attack construction considering both full measurements and partial measurements was proposed in Kim6996007 . Another data-driven attack that did not need any prior system Jacobian information, is studied in yu7001709 . In Kim6996007 ; yu7001709 , the authors show that a power system knowledge-free FDI attack can be constructed using a subspace method which exhibits stealthiness. Most recently in yu7001709 , the authors proposed a Principal Component Analysis (PCA) based blind FDI attack construction strategy that was shown to successfully and stealthily attack the system by the measurements using its subspace information. There are two main drawbacks of this approach. First, the key parameter of the PCA based approach requires the proper selection of the dimensionality parameter, which requires the knowledge of the total number of states of any system (rank of Jacobian matrix). Since the total number of states of a system is unknown to an outside attacker, this strategy cannot be used as a zero knowledge based attacks. Second, these data-driven attack strategies assume that the measurements are noiseless or include random noise that follows Gaussian distribution. However, like other application areas (e.g., image processing, bio-informatics), gross errors (e.g., errors that do not follow Gaussian distribution) are also ubiquitous in smart grid measurement data due to sensor failures or communication errors. Theoretically, it has been proven Candes:2011:RPC:1970392.1970395 that the accuracy of PCA is affected if the data contains gross errors. Furthermore, in Section 6.3, we demonstrate that PCA based attack strategies are ineffective in the presence of gross errors.

### 1.2 Contribution

In the context of stealthy attack generation without system knowledge (e.g., topology, system states), this paper has the following contributions to the state-of-the-art research:

(1) Existing attack strategies (see section 3) require the system Jacobian matrix H, which represents the interconnectivity information (as well as resistance/reactance values) of all the buses and branches of a power grid. Recent techniques have emerged, where an adversary can construct a blind attack without the system Jacobian information H. However, as discussed in the first drawback of existing literature in Section 1.1, these techniques Kim6996007 ; yu7001709 assume that the number of system states—that is the rank of H yu7001709 —is known to the adversary. In practice, neither the information H nor the number of system states () is available to the adversary. This paper proposes a technique that can create an attack vector without knowing H or .

(2) Existing FDI attack techniques assume that the measurement data contains only Gaussian noise. However, as discussed in the second drawback of existing literature in Section 1.1, previous research did not consider device malfunction or missing data, which we refer to gross error. With extensive experiments, we demonstrate in Section 6.3 that existing data-driven FDI attacks do not remain stealthy in the presence of gross errors.

(3) This paper presents a blind FDI attack construction strategy in the presence of gross errors and Gaussian noises using sparse optimization technique. We show that the proposed attack construction technique using augmented lagrange multiplier (ALM) method can generate stealthy FDI attacks successfully in the presence of grossly corrupted measurements.

(4) We also evaluate the performance of the ALM based technique with three other effective sparse optimization techniques: accelerated proximal gradient (APG) Lin2009fast , singular value thresholding (SVT) Cai:2010:SVT:1898437.1898451 and the dual method Lin2009fast . Extensive experimental evaluation on benchmark IEEE test systems, the ALM based attack construction technique shows its effectiveness over other exixting methods in terms of both accuracy and efficiency.

The organization of this paper is as follows- in Section 2, a smart grid measurement model is discussed which provides the background on the SE and BDD module. In Section 3, an adversary model is presented, where we first review the attack strategies that need power system Jacobian knowledge. Data-driven blind attack strategy is discussed in Section 4. The proposed attack strategy in the presence of grossly corrupted measurements is presented in Section 5. Extensive experimental results considering benchmark test systems and multiple scenarios are presented in Section 6. The paper concludes with some brief remarks in Section 7. The terms and their explanations used in the paper are listed in Table 1.

## 2 Preliminaries on Smart Grid Measurement Model

The real-time operation of an energy management system (EMS) depends on the measurement data obtained from a supervisory control and data acquisition (SCADA) system. The operational functionalities (optimal power flow, economic dispatch, contingency analysis, etc) of a smart grid require knowledge of the power system states (typically, voltage magnitudes and angles) for making real-time operational decisions. However, power system measurement signals are often noisy and subject to missing values. For reliable power system operation, treatment of measurement data is necessary to obtain system states by removing noises and anomalous data. In an EMS, the state estimator (SE) and bad data detector (BDD) are responsible for performing these tasks. In the presence of Gaussian noise (which is widely used in the literature as these types of errors are common in measurement data), the measurement vector z can be represented as:

 z=h(x)+e (1)

where h() is the system Jacobian matrix which defines the non-linear relationship of the measurements and the system states (x). Here, e is a vector of zero mean Gaussian noise elements. Generally, it is assumed that the noise elements are independent (so, =R=) abur2004power , where is the standard deviation of each measurement . Generally, Direct Current (DC) power flow model is widely used by the power engineers as well as Smart Grid cyber-security researchers yu7001709 ; Kim6996007 ; Liu6740901 to describe the linear approximation of Alternative Current (AC) abur2004power power flow model. The DC approximation is widely accepted as a substitute for AC model because (i) it guarantees faster convergence; (ii) reduces algorithmic complexities of power flow analysis, (iii) particularly used for transmission system analysis as it produces highly accurate results abur2004power ; Liu:2011:FDI:1952982.1952995 . Considering a DC approximation, the linearized measurement model becomes as follows abur2004power ; yu7001709 :

 z=Hx+e (2)

where H is the system Jacobian matrix. For number of measurement devices and system states, the dimension of H matrix is . A system will be observable if H is a full rank matrix which leads to the assumptions that and (H)= Kim6996007 .

### 2.1 The State Estimator

In the state estimator module, the system state vector x is obtained using a weighted least square (WLS) estimator which can be formulated as follows:

 \operatornamewithlimitsargminxJ(x)=1σ2∥z−Hx∥22 (3)

where the difference between z (measurement data) and Hx (H is the system Jacobian and x is the system states) is called the residual r abur2004power .

 r=z−Hx (4)

The problem formulated in (3) can be solved iteratively (e.g., using gradient based Newton’s method) abur2004power .

### 2.2 The Bad Data Detector

In a power system BDD, the chi-square () test is widely used to detect bad measurement data abur2004power ; Kekatos6340375 . As it is assumed that noise samples follow a normal distribution with zero mean and they are independent, will follow a () distribution with a degree of freedom, where  abur2004power . Considering a desired significance level (e.g., 95%), a threshold- from the chi-square distribution can be obtained. If there exists an anomalous (bad) data, the value of . Once the existence of anomalous data is determined, then the largest normalized residual (LNR) test is employed to identify the corrupted data abur2004power ; Teixeira5717318 :

 {  $baddataexists,$   if max~% {}(1σ2|r(i)|)>τ  $nobaddata,$   otherwise (5)

where and is the bad data detection threshold abur2004power . In the existing BDD module, an ‘alarm’ is raised if any bad data is detected. Next, the bad data is removed from the measurement vector and the state estimator re-computes the states followed by a BDD operation. This task is continued until all the bad data have been removed.

## 3 The Adversary Model with known System Jacobian

Adversary models for FDI attacks can be classified into two broad categories- (i) a model that requires knowledge of system parameters and topology (system Jacobian), (ii) a model that does not require any information about the system Jacobian. In this section we review the prior model which was proposed by the Liu et al. Liu:2009:FDI:1653662.1653666 . According to that model, an attacker with system knowledge can strategically inject an attack vector with the measurement signals which cannot be identified by the traditional SE and BDD modules Liu:2009:FDI:1653662.1653666 . Suppose, for an attack vector , the new corrupted measurements become = +. Based on this manipulated measurements, the SE module will produce wrong system states instead of the original states . The mismatch of system states is considered as c, where = x + c. Liu et al. shows both theoretically and experimentally that the attack remains hidden if the attack vector satisfy the condition a=Hc Liu:2009:FDI:1653662.1653666 . Following this strategy, the residual of the estimation becomes as below:

 ∥z′−Hx′∥=∥z+a−H(x+c)∥ ⟹∥z′−Hx′∥=∥z+a−Hx−Hc∥ ⟹∥z′−Hx′∥=∥z−Hx∥     (as, a=Hc) ⟹rnormal=rattack

Here, the residual of the attack measurements () is the same as the one without any attack (). Hence, the BDD module will fail to detect it using the current statistical testing used in the utilities. Therefore, attack remains hidden which will change the system states affecting critical operational failures.

## 4 The Adversary Model with unknown System Jacobian- Blind Attack Strategy

### 4.1 Stealthy Attack using Measurements Only

The blind FDI attack strategy is a data-driven approach where the stealthy attack-vector is prepared solely from the measurement matrix. For any blind attack strategy that requires measurement data, the assumption is that all yu7001709 or partial (by satisfying observability Kim6996007 ) measurement data is available to the attacker. An attacker can obtain the data by gaining access to the PMUs (as mentioned earlier in the literature review Mousavian6816087 ), using man-in-the-middle attack on data in transit (e.g., attacking the router, or by spoofing as fake measurement devices, etc.) Wang20131344 . Hence, measurement data Z is known to the adversary. Measurement signal based blind attack is possible because for a small range of time, the power system consumptions (loads) vary in a small dynamic range Esmalifalak6102326 . Unless there is a reconfiguration of the system, power system topology remains the same. Hence, due to the slow dynamic nature for a short period of time, the equivalent knowledge of the topology can be revealed using the correlations among multiple power flow measurements Esmalifalak6102326 ; yu7001709 ; Kim6996007 . Hence, the attacker monitors the measurement data vector , where is the measurement of i- device. Observing number of measurement vectors, the attacker constructs the measurement matrix Z, where each row represents an observation of all measurement devices at time t (see Fig. 1). Next, this measurement matrix is used to construct blind attack as discussed below. Fig. 1 shows the conceptual diagram of how an attacker would construct the attack from measurement data Z. The detailed technical procedure of attack construction strategy is also discussed in Algorithm 2.

Recently, Kim et al. in Kim6996007 shows that the subspace estimation method can be used successfully to learn the system operating subspace without the need of system knowledge (e.g., topology and system parameters) to generate FDI attacks. In another recent study, Yu et al. showed that PCA can be used to transform the measurement data into a new subspace, preserving the spatial characteristics as much as possible yu7001709 . Using these approaches it is possible to construct FDI attacks based on the data of the new projected space. If the column space of any matrix is represented as , designing a stealthy attack is equivalent to finding a nonzero vector in  Kim6996007 . Therefore, kim et al. has pointed out that attack can be constructed using a basis matrix of without knowing H Kim6996007 . Detailed procedure is explained below:

Consider the time-series measurement matrix , where each row represents a time instant (observations) and each column corresponds to the measurement variables, the state vectors are independent and identically distributed (i.i.d.), and the noise vectors and the state vectors are uncorrelated. Then, the covariance () of the measurement matrix becomes as follows Kim6996007 :

 Σ{Z}≜E[({Z}−E[{Z}% ])({Z}−E[{Z}])T]={H}∑{x}{H}T+σ2I (6)

Now the task is to find a basis matrix of . First, we perform a singular value decomposition (SVD) of and obtain unitary matrix U. The rank of is . So, columns of U form a basis of . As is equivalent of  Kim6996007 , the same columns of U form a basis of . As a result, attackers can construct attacks using the subspace information described above without knowing the information of the original H matrix. More information and proof regarding this type of measurement subspace based attack strategy can be obtained from Kim6996007 .

PCA can also be used to design such blind attack as demonstrated in yu7001709 . PCA is a multivariate statistical technique widely used for dimensionality reduction and data transformation. It can transform the correlated observations into uncorrelated variables which are known as principal components. These orthogonal principal components are the linear combinations of the original observations. After a successful PCA transformation, we obtain the vector of principal components u and the transformation matrix  yu7001709 . Therefore, the PCA relationship can be represented as:

 ~MTZ=u (7)

Now, measurement matrix Z can be approximated by,

 Z≈⎡⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢⎣~M1,1~M1,2⋯~M1,m⋮⋮⋱⋮~Mn,1~Mn,2⋯~Mn,m⋮⋮⋱⋮~Mm,1~Mm,2⋯~Mm,m⎤⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥⎦⎡⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢ ⎢⎣u1⋮un⋮um⎤⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥⎦ (8)

where the principal components and corresponding eigenvectors are arranged based on their eigenvalues in descending order. As the rank of the original H matrix is , authors in yu7001709 suggest to consider only n principal components. Hence (8) can be rewritten as follows:

 Z≈⎡⎢ ⎢ ⎢⎣~M1,1~M1,2⋯~M1,n⋮⋮⋱⋮~Mm,1~Mm,2⋯~Mm,n⎤⎥ ⎥ ⎥⎦⎡⎢ ⎢⎣u1⋮un⎤⎥ ⎥⎦ (9)
 ≡Hpcaupca (10)

where the reduced transformation matrix has been considered as , which is then used for stealthy attack construction. In that case, the attack vector will be,

 apca=Hpcac (11)

where c is an arbitrary non-zero vector of length  yu7001709 . Therefore, the attacked measurement vector becomes

 zattack=z+apca (12)

The proof of such stealthy attack strategy is given in yu7001709 .

### 4.2 Approximation of the Rank of the System Jacobian

During the PCA based attack construction, authors in yu7001709 suggest to consider only n number of principal components where n is chosen based on the rank of the system Jacobian H matrix. Similar consideration is observed in Kim6996007 . As the rank of the Jacobian matrix is equal to the number of system states yu7001709 , attacker can only get the information of the total number of system states if the system Jacobian H is known. If it is assumed that the attacker has no knowledge on the H matrix, it is also logical to assume that the rank of the H matrix, i.e., is also unknown to the attacker. In this section, we describe a heuristic based on eigenvalue analysis to approximate the rank of H matrix and use it to construct a stealthy attack in Section 5 when (number of system states) is not known. In Fig. 2, we plot the eigenvalues of the principal components obtained from the measurement matrix using PCA for three IEEE benchmark test systems. Based on the eigenvalues, the contribution of each component can be estimated in order to make an approximation of the measurement subspace. In Fig. 2, we observe that the first few components have larger values compared to the remaining components. We refer to these principal components as the influential principal components and the total number of influential principal components are denoted by . The dimension of the new projected space is reduced by considering only principal components and is calculated as follows:

In Algorithm 1, the eigenvalues are arranged in descending order in vector v and is the number of influential principal components which is obtained using a precision threshold by identifying the knee of the scree plot Valenzuela6362259 shown in Fig. 2. The precision threshold determines the size of regular subspace and approximates the noiseless measurement matrix. Here, is a tunable parameter which is obtained empirically using trial and error until a high successful stealthy attack construction rate is achieved. We observe that the precision threshold value 0.995 leads to high successful rate of stealthy attack construction (shown in Section 6). The indicates that we consider 99.5% of the noisy measurement matrix to approximate the regular subspace. As the noise vector is independent and identically distributed (i.i.d), the above eigenvalue based dimension selection approach will also suppress the noise. We observe that the attacker can construct the attack based on the dimension (), obtained using the eigenvalue analysis explained above, which shows almost the same stealthy characteristics as for the case with known . The experimental validation is demonstrated in Section 6.

## 5 Attack in the presence of grossly corrupted measurements

In Section 4.2 and 4.1, we showed how to solve the problem of unknown system states and system Jacobian information. In this section we show how to construct a stealthy FDI attack in the presence of gross measurement errors in the data.

The data-driven attack described in the above sections is completely dependent on the measurement data. In an industrial smart grid, corrupted measurement is fairly common in sensor data, due to device malfunction and communication error. It is well established in theory that PCA cannot handle grossly corrupted data Candes:2011:RPC:1970392.1970395 ; Lin2009aug . Furthermore, we demonstrate through experiments (see Section 6.3) that the previously mentioned strategy (in Section 4.1 Kim6996007 ; yu7001709 ) does not work in the presence of gross errors. In this section, we show how to construct a stealthy FDI attack even in the presence of gross errors. Typically, grossly corrupted measurements are only a small fraction of the total number of measurements. Therefore, gross error matrix can be considered as a sparse matrix. On the other hand, slowly varying system states lead to a low-rank measurement matrix. Hence we utilize a low-rank and sparse matrix separation technique to estimate the original low-rank measurement matrix by separating the gross errors. Next, the estimated measurement matrix is used for attack construction. We formulate the problem as follows.

The original measurement matrix is a low rank matrix Liu6740901 and the gross errors can be assumed to be sparse. Therefore, sparse optimization technique can be used to approximate the original low-rank measurement matrix from the observed measurement matrix (with gross errors). If the original low-rank measurement matrix is A, sparse matrix of missing values is E, and the observed measurement matrix with gross errors is Z, then we can form the relationship as follows:

 Z=A+E (13)

Now, we can formulate the problem as a matrix recovery problem and the exact recovery of A and sparse E can be represented mathematically as Anwar2016pes :

 min  ∥A∥∗+λ∥E∥1,    s.t.  Z=A+E (14)

In this convex optimization problem, and denotes the nuclear norm and norm of a matrix, respectively, and is a positive weighting parameter Lin2009fast . To solve this problem, we use augmented lagrange multiplier (ALM) Lin2009aug method as discussed below Anwar2016PAISI :

The ALM method can be used for the general constraint optimization problem as follows:

 min  f(x),    s.t.   h(x)=0 (15)

Using the ALM method, the objective function of the above optimization problem can be written as a lagrangian function:

 L(x,Y,μ)=f(x)+⟨γ,h(x)⟩+μ2∥h(x)∥2F (16)

where is the lagrange multiplier and is a positive scalar. Considering , the Lagrangian function can be written as:

 L(A,E,γ,μ)=f(x)=∥A∥∗+λ∥E∥1+⟨γ,(Z−A−E)⟩+μ2∥Z−A−E∥2F (17)

The solution optimization process is driven by the following two update steps,

 Ak+1=arg min L(A,Ek,γk,μk) (18)
 Ek+1=arg min L(Ak+1,E,γk,μk) (19)

Eq. (18) can be computed from the soft-shrinkage formula Liu6740901 , using an iterative thresholding (IT) approach that uses the singular value decomposition (SVD) of the matrix  Lin2009aug . After performing the SVD, the unitary matrix , and the rectangular diagonal matrix is obtained. Then, is updated as,

 Ak+1=Uξμ−1k[S]VT (20)

and is updated as,

 Ek+1=ξλμ−1k[Z−Ak+1+μ−1kλk] (21)

here and is a soft-thresholding (shrinkage) operator, defined as Lin2009aug :

 ξε[x]=⎧⎪⎨⎪⎩  x−ε,   if x>ε  x+ε,   if x<−ε  0,   otherwise, (22)

During each of the iterations, and are updated as follows:

 γk+1=γk+μk(Z−Ak+1−Ek+1) (23)
 μk+1=Ωμk (24)

where is a positive constant. The optimization process continues until the convergence criteria is satisfied. The convergence is checked based on the relative error using (25) against a tolerance, .

 cidxk=∥Z−Ak+1−Ek+1∥F/∥Z∥F; (25)

The proof of convergence of the ALM algorithm can be obtained from Lin2009aug . Once the algorithm has converged, the principal component matrix, of the recovered measurement matrix is obtained by following the procedure discussed in Section 4.1. Next, we use (11) to construct an FDI attack. The whole procedure of the FDI attack construction considering grossly corrupted measurements is presented in Algorithm 2.

Detailed Explanation of Algorithm 2: The detailed description of Algorithm 2 is analysed step by step below:

Step 1: In this step, the attacker uses ALM based sparse matrix optimization technique Lin2009aug to separate the gross errors (E) from the measurement matrix (Z) in order to obtain the gross-error free matrix (A).

Step 2: PCA transformation is then performed on the gross-error free matrix (A) to obtain a new projected subspace of the measurements. Here, PCA provides the transformation matrix (that contains all the principal components), and corresponding eigenvalues in vector v, where . In , the first column is the most informative principal component and the significance of principal components decreases gradually as the column number increases.

Step 3: Using the eigenvalues from Step 2, and applying the heuristic described in Algorithm 1, we obtain which is used in next to generate stealthy attack.

Step 4: In order to generate an attack, we first obtain reduced transformation matrix from by taking the first principal components using the approach discussed in Eq. (8)-(10).

Step 5: We construct the stealthy attack vector using of Eq. (11), where c Liu:2011:FDI:1952982.1952995 is a non-zero Gaussian random vector of length .

Step 6: The injected attack vector () modifies the original measurements (z) as, following Eq. (12).

## 6 Experimental Evaluation:

### 6.1 Test Systems:

All experiments were conducted using benchmark IEEE power systems, which include IEEE 14 bus, IEEE 30 bus and IEEE 57 bus test systems. Power system data can be obtained from wtestcases ; Zimmerman5491276 . There is no known publicly available real-world smart grid cyber-attack data Valenzuela6362259 . Hence, realistic power system simulation is carried out using Matlab based simulation tool MATPOWER Zimmerman5491276 . MATPOWER is widely used for simulating power system data and reflects a realistic simulation environment for the real-life complex power systems Zimmerman5491276 ; Esmalifalak6102326 ; yu7001709 . The state estimation formulation and attack construction strategies are also implemented in Matlab on a PC with an Intel(R) core i7 @ 3.4 GHz- 3.4 GHz processor and 16 GB of RAM.

### 6.2 Comparison of different FDI attack strategies without gross errors (Contribution 1):

In this section, we evaluate the performance of different attack construction strategies and compare their stealthiness against the case when no attack vector is injected. First, we consider a single scenario to illustrate the attack strategies and then we consider a monte carlo simulation of 1000 runs to evaluate the performance over a broad selection of scenarios and test setups. Here, we consider the voltage angles as system states, which is obtained after a successful SE. The vector of measurement signals (z) is necessary for SE operation, which is obtained from the power flow solution of the test system using MATPOWER. Now, data-driven blind FDI attack needs multiple observations. Hence, samples (observations) are generated using the same mean of (z) with gaussian distribution similar to Kim6996007 . The impact of measurement noise is also considered by introducing zero mean Gaussian noise with the ideal power flow measurements. We have considered signal-to-noise ratio (SNR) between db during the simulation. All the branch power flows (both incoming and outgoing) and bus power injections have been considered to generate the measurement vector. For example, the IEEE 14 bus test system has 20 line sections (branches) and 14 buses (nodes). Therefore, the total measurements consist of 20 incoming power flow sensors, 20 outgoing power flow sensors, and 14 power injection sensors (total 54 sensors). These sensors are shown in Fig. 3, where the sensors are marked with individual symbols. Similarly, the IEEE 30 bus test system has 41 line sections and 30 buses which includes 112 measurement sensors. The IEEE 57 bus test system has 80 line sections and 57 buses, which includes a total of 217 measurement sensors. The IEEE 14 bus, 30 bus and 57 bus systems have 13, 29 and 56 unknown system states, respectively. Note, the number of unknown system states is always at least one less than the total number of buses as one bus is considered as a reference bus during power flow simulation and removed from the unknown system state vector.

Attack construction using known system information: In our test setup, the IEEE 14 bus system has 54 measurements and 13 states, which provides a degree of freedom of 41. Following a chi-square test considering 95% confidence interval, the anomaly threshold for BDD module becomes 56.94 abur2004power . Under normal operating conditions (no attack scenario), the estimated system states follow the true states. One such scenario is shown in Fig. 4(a)-(b) which has a residual value of 39.88 (well below the threshold) obtained using the IEEE 14 bus test system. Note that, Fig. 4(a) and Fig. 4(b) both contains two graphs each (one for normal and the other for estimated), but due to superimposition the two graphs cannot be distinguished (residual = 39.88). We simulate the attack strategy proposed by Liu et al. with known system information (system Jacobian H) in Fig. 4 (c)-(d). From Fig. 4 (d), the estimated states are too far away from the original system states and the SE module minimizes the cost assuming the attacked signal is the original signal (see Fig. 4(c)). Interestingly, for the attacked case, we obtain the same residual value (39.88) although the system states have been changed heavily. Thus, the attack remains hidden as the residual of the attacked case is also below the threshold of the existing detection technique. Therefore, a successful attack can be constructed using known system information.

Attack construction without system information: If the system information (system Jacobian H) is not known, still the attack can be constructed based on the principal components of the measurement subspace. The state vectors at different time instances are independent and identically distributed (i.i.d) which follows a Gaussian distribution with mean equal to the operating point defined by the test systemKim6996007 . Here, 500 time instances were considered during the creation of the measurement matrix following the relationship expressed in Eqn. 6. Measurement noise is considered to be between dB. The data-driven FDI attack without power system knowledge is constructed using the method discussed in Section 4.1. Fig. 5 shows the probability of false negative, (attack incorrectly identified as normal) under different attack scenarios considering the IEEE 14 bus, 30 bus and 57 bus test systems, respectively. For each of the three figures, we plot the following attack strategies- (1) FDI attack based on system knowledge H as proposed by Liu et al Liu:2011:FDI:1952982.1952995 , (2) blind FDI attack using PCA yu7001709 , (3) data-driven FDI attack using SVD Kim6996007 , (4) random attack without system knowledge and (5) ALM based proposed attack model.

In Fig. 5(a), first we plot the probability of detection for a normal scenario, referred to as the no attack case, for the IEEE 14 bus test system considering both noiseless measurements (ideal) and measurements with Gaussian noises (practical). Next, we simulate each of the above discussed attack strategies 1000 times considering different noise vectors and plot the corresponding for different threshold values. We observe that all attack strategies have almost the same stealthy nature as the no attack case except the random attack strategy which performs very poorly. For any specific threshold value, the random attack without system knowledge has the lowest . Therefore, it can be easily distinguishable from the no attack case. Other than the random attack, all other attack strategies including our proposed method conform with the no attack case and become indistinguishable in the existing BDD module. Similar observations were made when performing experiments on the two other benchmark test systems which are plotted in Fig. 5(b) and Fig. 5(c).

### 6.3 Inefficiencies of existing attack strategies in the presence of gross errors (Contribution 2):

In the previous section, we have shown that all the attack strategies (except the random attack) maintain stealthy characteristics similar to that of the no attack case, and remain hidden, however, this observation is only true when the measurement matrix does not have a missing value or grossly corrupted measurement. We observe that, a stealthy FDI attack based on the PCA method becomes detectable by the State Estimator detection modules if the measurement data contains one or more grossly corrupted measurement data or missing value. This limitation of traditional PCA is discussed in Candes:2011:RPC:1970392.1970395 . Here, we show an example of the PCA based attack using sensor measurements that contain only one single gross error. We consider the IEEE 14 bus test system and create a measurement matrix based on the operating conditions provided in the test system using MATPOWER. The measurement matrix contains the measurements of 54 sensors for 500 different observations. Next, we consider a single gross error in the measurement matrix, which can be any sensor value of any observation. We construct a PCA based blind FDI attack vector using the measurement matrix. This process is repeated 100 times to generate different attack cases. All of the 100 cases are detected as the residuals produced under this attack scenario are significantly larger than the detection threshold of the BDD module. One such scenario is shown in Fig. 6, where the measurements and state variables are plotted in (c) and (d) respectively. We see that the estimated state variables have different values than the true variables. However, the estimated measurements can not follow the attacked measurements (which is assumed to be true at the utility’s detection module), which leads to a high estimation error (residual). For example, for this specific case, the Weighted Sum of Squared Error (WSSE) is and the detection threshold is 56.94. Therefore, the attack is easily detectable using the existing BDD module. If the measurement matrix does not include that gross error, we obtain the plots of Fig. 6 (a) and (b) for the same experimental setup. From those figures, we see that the estimated state variables are far away from the true states but the estimated measurements coincide with the attack measurements. Therefore, the WSSE is 45.54 (clearly below the threshold) and the attack is successful. In summary, we conclude that any single gross error can make the PCA based data-driven attack detectable.

### 6.4 Proposed attack strategy in the presence of gross errors (Contribution 3):

The poor performance of the PCA-based attack is due to its brittleness in the presence of gross error. Here, we demonstrate how to construct an undetectable FDI attack by recovering the true low-dimensional subspace of the measurement data from the noisy data. Here, we use ALM based sparse optimization technique to approximate the measurement matrix that is very close to the true matrix by separating the sparse gross error. The same experiment discussed in the previous section is repeated using the ALM based method. We observe that the ALM based sparse optimization technique can approximate the true measurement and sparse gross error very accurately, as plotted in Fig. 7. Hence, a data-driven attack is possible based on the low-rank approximation which is very close to the true measurement matrix. In this section, we set up an experiment where we generate a measurement matrix using 500 observations for the 54 measurement sensors of the IEEE 14 bus test system in a similar manner to that discussed in the previous section. Next we add gross errors and missing values to the measurement matrix to create a grossly corrupted observation matrix. Here, we define gross errors as a sparse matrix with the same dimensions of the measurement matrix but a high value, which is significantly larger than the true measurements. Once the grossly corrupted measurement is generated, the aim of this work is to test whether the cyber-attacker can construct an undetectable attack. Hence, we employ the ALM based method and see that undetectable attack construction is indeed possible as the ALM method recovers a highly accurate approximation (relative error is around ) of the true measurement matrix. Here, relative error is defined as:

 RE=∥(Z−A−E)∥2∥Z∥2 (26)

where, Z is the corrupted measurement, and are the approximation of the true low-rank and sparse matrix, respectively. Fig. 7 shows the state variables and the measurement vectors under the normal and ALM based attack cases. We observe that the estimated state variables possess a different value than the true states (Fig. 8.[a]) and the estimated measurement follows the manipulated attack measurements perfectly. For this specific case, the WSSE is which is well below the threshold. As demonstrated, the ALM based data-driven FDI attack is successful and remains stealthy.

### 6.5 Comparison of the proposed method with benchmark sparse matrix separation techniques (Contribution 4):

In this section, we compare the performance of the proposed attack strategy in terms of accuracy and the time-efficiency with a number of sparse optimization techniques (SVT, APG and DUAL methods) considering three IEEE benchmark test systems (IEEE 14, 30 and 57 bus systems).

(1) The accuracy of the approximate measurement matrix (Fig. 9): The accuracy of the approximate matrix can be determined using the relative error in Eqn. (26). In this section we measure the performance of the ALM method in terms of accuracy- how close the approximations are to the true subspace. We also compare the performance against three other established algorithms. Here, we consider the IEEE 14 bus test system. First we generate a measurement vector based on the operating point defined in the test system using MATPOWER. Next, we generate a measurement matrix by considering 500 time instances where the state vectors at different time instances are Gaussian random vectors (i.i.d) with the same mean equal to the operating condition. To include the effect of the gross errors, we add a sparse matrix that has the same dimension as the true measurement matrix with random values that are significantly higher than the true measurements. We apply Algorithm 1 to the grossly corrupted matrix to construct an undetectable attack vector using the ALM, APG, SVT and Dual methods. For each method we repeat the procedure 100 times considering different measurement realizations, Gaussian noise (SNR between 20dB 35dB), 1% and 5% sparse gross errors. For each method we report the relative approximation error. Similar experiments were performed for the IEEE 30 bus and 57 bus test systems. All results are shown in Fig. 9 For all test setups, we consider maximum iteration equal to 3000 for all methods and initial conditions as defined in Lin2009aug ; Lin2009fast ; Cai:2010:SVT:1898437.1898451 . From Fig. 9, we see that the best performing algorithm in terms of less relative error is the proposed ALM method and the second best algorithm is the APG method. The other two methods, SVT and Dual, have higher relative errors than the the ALM and APG based methods. The ALM method produces less relative error for both 1% and 5% sparsity as the low-dimensional approximation of the true measurements is more accurate for this algorithm than for the three other methods.

(2) The time-efficiency of the attack construction (Fig. 10): The attack construction also needs to meet a time requirement to increase its probability of becoming stealthy. If the time required for attack construction is too high, the power system operating conditions may change and this will increase the probability of the attack being detected. Hence, in this section we measure the performance of the ALM method in terms of efficiency- how fast can it generate an attack. We will compare the performance against three other well-performed algorithms.

The time requirement of the above discussed scenarios for all four algorithms is plotted in Fig. 10. Although the APG based method has close accuracy to the ALM based method (as seen in the previous section), it performs poorly in terms of solution speed as evident from Fig. 10. For example, the ALM based attack construction method takes less than 1 s (as low as 0.11s for the 14 bus test case) for all three test systems. On the other hand, the APG based attack construction method takes a minimum of 7.2s (average 7.22s) for the 14 bus test system and 62.9s (average 63.5) for the 57 bus test system. Therefore, the ALM method outperforms the APG method as it has lower relative errors and faster processing capabilities, as observed for all three test systems in all test setups. The SVT and the Dual methods also require longer computational time.

## 7 Conclusion

The vulnerability of smart grid state estimation to an FDI attack was highlighted in this paper. Existing attack strategies assume some system information is known, including the Jacobian matrix H and the number of system states is known to the adversary. In practice, neither the information on H nor is available to the adversary. This paper proposed a technique that can create an attack vector without knowing H or . We have shown that the stealthiness of the PCA based existing blind attack cannot be guaranteed if the measurement data contains any gross errors. We have argued that an attacker can circumvent this problem by using an alternative form of attack. Here, we proposed an ALM based attack construction strategy where the original low dimensional measurement matrix (based on what the attacker can generate in a blind attack) can be approximated by using sparse optimization. With extensive experiments that consider multiple benchmark test systems, we have demonstrated that an attacker can successfully inject ALM based hidden FDI attacks in the presence of gross errors. Different sparse optimization based attack strategies are considered to validate the proposed method. This paper concludes that the proposed ALM based FDI attack can be generated without prior system knowledge and state information and can handle different types of noise cases e.g., Gaussian errors, and grossly corrupted measurements more efficiently (in time) than existing techniques. Effective detection and prevention techniques for these types of attack are under preparation and will be presented in future work.

## References

• (1) R. McMillan, “Siemens: Stuxnet worm hit industrial systems,” COMPUTERWorld, Sept. 2010.
• (2) The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), “Incident response activity (sept. 2014 - feb. 2015).” [Online]. Available: https://goo.gl/9jGIjK
• (3) A. Abur and A. Expósito, Power System State Estimation: Theory and Implementation, ser. Power Engineering (Willis).   CRC Press, 2004.
• (4) Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric power grids,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09.   New York, NY, USA: ACM, 2009, pp. 21–32.
• (5) Z.-H. Yu and W.-L. Chin, “Blind false data injection attack using pca approximation method in smart grid,” IEEE Transactions on Smart Grid, vol. 6, no. 3, pp. 1219–1226, 2015.
• (6) A. Anwar and A. Mahmood, “Vulnerabilities of smart grid state estimation against false data injection attack,” in Renewable Energy Integration.   Springer, 2014, pp. 411–428.
• (7) Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric power grids,” ACM Trans. Inf. Syst. Secur., vol. 14, no. 1, pp. 13:1–13:33, Jun. 2011.
• (8) O. Kosut, L. Jia, R. Thomas, and L. Tong, “Malicious data attacks on smart grid state estimation: Attack strategies and countermeasures,” in International Conference on Smart Grid Communications, Oct 2010.
• (9) G. Hug and J. Giampapa, “Vulnerability assessment of ac state estimation with respect to false data injection cyber-attacks,” IEEE Transactions on Smart Grid, vol. 3, no. 3, pp. 1362–1370, 2012.
• (10) J. Kim, L. Tong, and R. Thomas, “Data framing attack on state estimation,” IEEE Journal on Selected Areas in Communications, vol. 32, no. 7, pp. 1460–1470, July 2014.
• (11) Q. Yang, J. Yang, W. Yu, D. An, N. Zhang, and W. Zhao, “On false data-injection attacks against power system state estimation: Modeling and countermeasures,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 3, pp. 717–729, March 2014.
• (12) M. Ozay, I. Esnaola, F. Vural, S. Kulkarni, and H. Poor, “Sparse attack construction and state estimation in the smart grid: Centralized and distributed models,” IEEE Journal on Selected Areas in Communications, vol. 31, no. 7, 2013.
• (13) M. Esmalifalak, H. Nguyen, R. Zheng, and Z. Han, “Stealth false data injection using independent component analysis in smart grid,” in International Conference on Smart Grid Communications, Oct 2011.
• (14) J. Kim, L. Tong, and R. Thomas, “Subspace methods for data attack on state estimation: A data driven approach,” IEEE Transactions on Signal Processing, vol. 63, no. 5, pp. 1102–1114, March 2015.
• (15) A. Anwar and A. Mahmood, “Stealthy and blind false injection attacks on SCADA EMS in the presence of gross errors,” in IEEE PES General Meeting, USA, July 2016.
• (16) S. Bi and Y. J. Zhang, “Graphical methods for defense against false-data injection attacks on power system state estimation,” IEEE Transactions on Smart Grid, vol. 5, no. 3, pp. 1216–1227, May 2014.
• (17) P. Jokar, N. Arianpoo, and V. Leung, “Intrusion detection in advanced metering infrastructure based on consumption pattern,” in IEEE International Conference on Communications (ICC), June 2013.
• (18) S. Pan, T. Morris, and U. Adhikari, “Developing a hybrid intrusion detection system using data mining for power systems,” IEEE Transactions on Smart Grid, 2015.
• (19) S. Bi and Y. J. Zhang, “Graphical methods for defense against false-data injection attacks on power system state estimation,” IEEE Transactions on Smart Grid, vol. 5, no. 3, pp. 1216–1227, May 2014.
• (20) L. Liu, M. Esmalifalak, Q. Ding, V. Emesih, and Z. Han, “Detecting false data injection attacks on power grid by sparse optimization,” IEEE Transactions on Smart Grid, vol. 5, no. 2, pp. 612–621, March 2014.
• (21) L. Liu, M. Esmalifalak, and Z. Han, “Detection of false data injection in power grid exploiting low rank and sparsity,” in IEEE International Conference on Communications (ICC), June 2013.
• (22) S. Mousavian, J. Valenzuela, and J. Wang, “A probabilistic risk mitigation model for cyber-attacks to pmu networks,” IEEE Transactions on Power Systems, vol. 30, no. 1, pp. 156–165, Jan 2015.
• (23) D. P. Shepard, T. E. Humphreys, and A. A. Fansler, “Evaluation of the vulnerability of phasor measurement units to GPS spoofing attacks,” International Journal of Critical Infrastructure Protection, vol. 5, no. 3 4, pp. 146 – 153, 2012.
• (24) C. Queiroz, A. Mahmood, and Z. Tari, “SCADASim a framework for building scada simulations,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 589–597, 2011.
• (25) A. Anwar, A. Mahmood, and M. Pickering, “Data-driven stealthy injection attacks on smart grid with incomplete measurements,” in Intelligence and Security Informatics: Pacific Asia Workshop, LNCS.   Springer, 2016.
• (26) A. Anwar, A. N. Mahmood, and Z. Tari, “Identification of vulnerable node clusters against false data injection attack in an AMI based smart grid,” Information Systems, Elsevier, vol. 53, pp. 201–212, 2015.
• (27) M. Rahman and H. Mohsenian-Rad, “False data injection attacks with incomplete information against smart power grids,” in IEEE Global Communications Conference (GLOBECOM), Dec 2012.
• (28) E. J. Candès, X. Li, Y. Ma, and J. Wright, “Robust principal component analysis?” J. ACM, vol. 58, no. 3, pp. 11:1–11:37, Jun. 2011.
• (29) Z. Lin, M. Chen, and Y. Ma, “Fast convex optimization algorithms for exact recovery of a corrupted low-rank matrix,” UIUC Technical Report UILU-ENG-09-2214, Tech. Rep., 2009.
• (30) J.-F. Cai, E. J. Candès, and Z. Shen, “A singular value thresholding algorithm for matrix completion,” SIAM J. on Optimization, vol. 20, no. 4, pp. 1956–1982, Mar. 2010.
• (31) V. Kekatos and G. Giannakis, “Distributed robust power system state estimation,” IEEE Transactions on Power Systems, vol. 28, no. 2, pp. 1617–1626, May 2013.
• (32) A. Teixeira, S. Amin, H. Sandberg, K. Johansson, and S. Sastry, “Cyber security analysis of state estimators in electric power systems,” in 49th IEEE Conference on Decision and Control (CDC), Dec 2010.
• (33) W. Wang and Z. Lu, “Cyber security in the smart grid: Survey and challenges,” Computer Networks, vol. 57, no. 5, pp. 1344 – 1371, 2013.
• (34) J. Valenzuela, J. Wang, and N. Bissinger, “Real-time intrusion detection in power system operations,” IEEE Transactions on Power Systems, vol. 28, no. 2, pp. 1052–1062, 2013.
• (35) Z. Lin, M. Chen, and Y. Ma, “The augmented lagrange multiplier method for exact recovery of corrupted low-rank matrices,” UIUC Technical Report UILU-ENG-09-2214, Tech. Rep., 2009.
• (36) “Power systems test case archive.” [Online]. Available:
https://www.ee.washington.edu/research/pstca/
• (37) R. Zimmerman, C. Murillo-Sanchez, and R. Thomas, “MATPOWER: steady-state operations, planning, and analysis tools for power systems research and education,” IEEE Transactions on Power Systems, vol. 26, no. 1, pp. 12–19, Feb 2011.
You are adding the first comment!
How to quickly get a good reply:
• Give credit where it’s due by listing out the positive aspects of a paper before getting into which changes should be made.
• Be specific in your critique, and provide supporting evidence with appropriate references to substantiate general statements.
• Your comment should inspire ideas to flow and help the author improves the paper.

The better we are at sharing our knowledge with each other, the faster we move forward.
The feedback must be of minimum 40 characters and the title a minimum of 5 characters