Exec. Summary – The research paper below addresses detecting false data attacks (FDAs) in power systems. While improving the operation of the power system, integrating multi-layered cyber-physical networks poses substantial security risks. In particular, the FDAs can fool the Chi-square detector-based detection mechanism by manipulating the communication layer data. For this reason, researchers focus on proposing a novel spatial–temporal features-based detection framework against false data attacks (FDAs). The proposed detection framework consists of two steps as follows: Kepler Optimization Algorithm (KOA)-convolutional neural networks (CNN)-based spatial features extraction; bidirectional gate recurrent unit (BiGRU)-based temporal features extraction. KOA is introduced to optimize the related parameters of CNN, such as learning rate and convolution kernel size, to enhance the performance of extracting spatial features in CNN. Traditional GR models, such as the BiGRU model, have been developed to extract the forward and backward temporal features. In addition, an attention mechanism is introduced to focus on important feature data information. Through the bilevel extraction of spatio-temporal features, the proposed detection framework can identify the normal or abnormal data in the power system. Finally, simulation cases on the IEEE 14-bus and 118-bus grid systems are provided to verify the effectiveness of the proposed KOA-CNN-BiGRU-Attention framework. Compared with existing detection models, such as GCN and GGNN-GAT, accuracy, precision, F1-score, and recall can be improved under the proposed detection model.
Introduction - As the key to the new energy transformation, the power grid's security directly affects people's livelihood and social stability. Due to the profound cross-fertilization of cyber-physical power systems, the security of new power systems stems from both physical and cyber systems [1,2]. However, the traditional security control of the cyber or physical power system is challenging in coping with the high-level persistent threat from cyber-physical space[3]. Research has shown that the number of malicious attacks by power systems is increasing, especially the danger of false data attacks[4,5]. At present, malicious attacks on power systems can be classified into two categories: denial-of-service attacks (DoS) and false data attacks (FDAs)[6]. As shown in Fig. 1, due to the openness of the power system, hackers can inject malicious attacks, such as DoS and FDA. DoS attacks aim to disrupt the communication layer of the power system, causing it to go down[7]. It's worth noting that DoS attacks can be detected by using KF state estimation.
In contrast, FDAs can bypass the above detection mechanism by injecting a bank of false data[8,9]. With incomplete network information, Jin et al. constructed an FDI attack aiming at AC state estimation[10]. For instance, the power system in Taiwan suffered a hacking attack that caused huge losses in 2023. An attacker can wreak havoc on the power system without a timely response to the above cyber-physical attacks. In this regard, rapidly and accurately detecting false data attacks is a critical issue for cyber-physical power systems.
Fig. 1
Description of malicious attacks on the power grid.
A lot of research has been devoted to detecting injected FDAs. The existing detection methods can be classified into two categories: model-based techniques and learning-based techniques. Model-based detection techniques are based on static power data. By constructing accurate mathematical models, model-based techniques can detect and identify the injected attacks[11,12,13,14,15,16]. In [11], a secure observer-based attack detection approach was developed. The proposed method considered the influence of FDAs on the system and designed a security technique for detecting and preventing FDAs using observer residuals. In[12], an attack detection and reconstruction approach was proposed. The state residual generated by a robust sliding mode observer was used to detect and reconstruct the dynamic load altering attacks (DLAAs). In addition to cutting down the influence of precomputed threshold, an adaptive observer-based detection approach using an adaptive threshold was developed[13]. Motivated by the super-twisting sliding mode algorithm, a practical attack detection and reconstruction framework was constructed[14].
In contrast to the above centralized detection methods, Chowdhury rt al. developed a decentralized estimator to detect and identify distributed FDAs in a power system[15]. In [16,] a novel detection method using unknown interval observer was proposed. The proposed detection approach can use interval residuals to replace the traditional precomputed threshold. In sum, model-based detection techniques can enhance detection performance against FDAs to a certain extent. Meanwhile, the accuracy of the power model and the design of detection thresholds are key factors affecting model-based detection techniques.
With the rapid development of AI technology, learning-based detection techniques are gradually being applied to detect anomalous data in power grids. Unlike model-based detection techniques, learning-based detection techniques are not limited by the model accuracy and design of detection thresholds. In[17], an improved random forest algorithm-based detection algorithm against FDAs and random attacks was proposed in power grids. Based on the established linear power model, a data-driven approach using a low-rank detection approach was developed[8]. Considering the unknown system parameters, a detection approach using the observable Markov decision process was proposed[18]. In[19], a support vector machine-based detection model was developed to identify the injected FDAs. However, the detection accuracy of the above learning-based methods can be affected by the selection of the detection threshold. In[20,] a machine learning-based detection technique using semi-supervised generative adversarial network was proposed to detect and locate the injected FDAs. In addition, the deep convolutional neural network (CNN) has gradually been an effective method for feature extraction. In21, a group-fusion one-dimensional CNN was proposed to improve the model recognition accuracy. A multi‐scale group‐fusion one‐dimensional CNN for high‐resolution range profile (HRRP) target recognition was presented[22]. To reduce the computational complexity of vanilla CNNs, a lightweight depth-wise separable fusion CNN for ballistic target HRRP recognition is developed[23]. A graph convolutional network framework was constructed to detect FDAs, which considered the impact of the attack on the spatial properties of the grid system structure[24]. However, the above learning-based detection techniques lack consideration of attack detection from a spatio-temporal perspective. By ignoring the topological relationship among various instruments within a grid deployment, these techniques frequently lead to incomplete spatial information extraction. Furthermore, a recent study in[25] indicates that load variations in smart grids have distinct spatial-temporal characteristics.
Motivated by the above problems, this paper explores a spatial-temporal detection framework against FDAs in power grids. As shown in Fig. 2, the proposed detection framework consists of Kepler Optimization Algorithm (KOA)-convolutional neural networks (CNN), bidirectional gated recurrent unit (BiGRU), and attention mechanism. Specifically, CNN mainly extracts local and spatial features from data. Through convolutional and pooling layers, CNN can extract local features of power network data (such as voltage, current, power, etc.) from time series data; BiGRU is an enhanced recurrent neural network (RNN) that can simultaneously capture the forward and backward dependencies of time series data. Through gate control mechanisms (reset and update gates), BiGRU can capture long-term dependencies in network data, such as the correlation between abnormal events before and after. Attention mechanisms dynamically assign weights, highlight essential features, and suppress irrelevant ones. There can be a large amount of noise or redundant information in power system data, and attention mechanisms can help models focus on key features of anomalous data, improving detection accuracy. In addition, KOA is an optimization algorithm used to adjust the hyperparameters of a model, such as learning rate, convolution kernel size, number of GRU units, etc. Grid data typically has high dimensionality and complexity, and KOA can help find the most appropriate model parameters for data features, thereby improving detection accuracy. Main contributions can be summarized as follows.
1. A spatial–temporal detection framework against FDAs is proposed, consisting of a spatial features extraction model using KOA-CNN and temporal features extraction using BiGRU. KOA is introduced to enhance the feature extraction performance of MCNN, and an attention mechanism is further proposed to improve the detection performance of the constructed detection model.
2. Simulation tests on the IEEE 14-bus and 118-bus grid systems are provided. Compared with the existing detection methods, the detection indicators, such as accuracy, missed alarm, precision, F1-score, and recall, were improved by at least 1.49%, 1.15%, 11.24%, and 4.15%, respectively. In addition, simulation results verify that the proposed detection model has a good robustness performance against attack intensity.
Fig. 2
Spatial–temporal detection framework against FDAs.
The framework of this work is organized as follows. The "Background" section presents the covert features of FDAs. The proposed spatial-temporal detection framework against FDAs is provided in Section "The spatial-temporal detection framework against FDAs". Simulation cases are tested in the "Case studies" section. Section "Conclusions and discussion" shows the conclusion and future works.”
Background - In general, a Phasor Measurement Unit (PMU) can acquire the operating status of the power system in real time, such as power voltage, phase angles, etc. Based on the collected data, Supervisory Control and Data Acquisition (SCADA) can implement data anomaly analysis and anomaly alerts by using a state estimator. Therefore, accurate state estimation is critical to power system security. According to the work in 26, the designed FDA can fool the detection mechanism using a chi-square detector. Based on this, the power grid and FDA models are presented in this section.
Power system model - This section presents an AC power model. Considering power voltage, phase angles, etc, the AC power model can be described as follows27.
z=H(x)+v,
(1)
where z=[z1,…,zm] is measurement data, x=[x1,…,xm] is system state, v is measurement noise, H=[H1,⋯, Hm] denotes the Jacobian matrix for power system estimation, which describes the relationship between measurement data and system state as follows.
Pn=Vn∑k=1mVk(Gnkcosθnk+Bnksinθnk)
(2)
Qn=Vn∑k=1mVj(Gnksinθnk−Bnkcosθnk)
(3)
Pnk=−Vn2Gnk+VnVk(Gnkcosθnk+Bnksinθnk)
(4)
Qnk=−Vn2Gnk−VnVm(Gnksinθnk−Bnkcosθnk)
(5)
where θnk=θn−θk denotes the phase difference between bus n and k, Vk denotes voltage amplitude, Gnk and Bnk are conductance and susceptance, respectively, Pn and Qn denote the active and reactive power, respectively, Pnk and Qnk denote the real and reactive power flow between bus n and k, respectively.
Based on the collected measurement data from the PMU, SCADA can determine the operational status of the power system. A bad data detection mechanism (BDDM) is commonly used as a criterion for judging anomalous data, which can be described as follows[26].
γ=z−z~
(6)
z~=H(x~)
(7)
x~=minx[z−h(x~)]TR−1[z−h(x~)]
(8)
where γ, z~ ~, and x~ ~ denote the measurement residual, measurement estimated value, respectively.
Based on precomputed threshold and measurement residuals in Eq. (6), the corresponding detection criterion can be expressed as
{||γ||≤υ,Normal||γ||>υ,Abnormal
(9)
where υ is the precomputed threshold. It is noted that the selection of the precomputed threshold is given in[26].
False data attack model
To fool the BDDM, hackers can design a bank of false data, which satisfies the following constraint as9
ξf=H(δ)
(10)
where ξf is the false attack sequence, δ is the attack-induced state change.
Taking the false attack sequence ξf into Eq. (6), one can obtain
γf=‖zf−Hx~f‖=‖(z+ξf)−H(x~+δ)‖=‖(z−H(x~))+(ξf−H(δ))‖=‖z−H(x~)‖+‖ξf−H(δ)‖=γ
(11)
Equation (11) indicates that γf=γ if a hacker can inject false data to satisfy ξf=H(δ). Since measurement residual γf under FDAs cannot exceed the precomputed threshold υ, the BDDM can be cheated without triggering an alarm. Example 1 shows the FDA's covert feature.
Example 1 - As shown in Fig. 3, it is assumed that hackers can inject false data into generator one at t=80s on the IEEE 6-bus grid system. Of note, the related simulation parameters are given in 26. Figures 4 and 5 show the state and residual change under FDAs.
Fig. 3
IEEE 6-bus grid system.
Fig. 4
Change in power voltage under the FDAs.
Fig. 5
Change in residual under FDA.
The simulation results in Example 1 demonstrate the covert feature of FDAs. By exploring the vulnerability of BDDM, hackers can tamper with grid operation without triggering alarms. For this reason, detection of FDAs is a pressing issue for current grid security mechanisms. Based on this, a spatial-temporal detection framework using the KOA-CNN-BiGRU-Attention detection framework is developed.
The spatial–temporal detection framework against FDAs - In this section, a spatial-temporal detection framework against FDAs is proposed. The proposed detection framework includes the CNN-based spatial feature extraction and BiGRU-based temporal feature extraction. In addition, KOA is introduced to enhance the feature extraction performance of CNN; an Attention mechanism is further proposed to improve the detection performance of the constructed detection mode. The detailed framework is given as follows:
CNN-based spatial feature extraction - A CNN model is constructed to extract spatial features from the grid dataset. As shown in Fig. 6, the constructed CNN model consists of the input layer, a convolutional layer, a pooling layer, and a fully connected layer. The input layer obtains the input data (including normal and abnormal) of the power system; the convolution and pooling layers extract the spatial features of the input data; finally, the fully connected layer outputs the features. KOA was introduced to enhance CNN's feature extraction performance.
Fig. 6
KOA-CNN-BiGRU-Attention-based spatial–temporal feature extraction framework.
In the convolutional layer, the convolutional kernel is summed by multiplying with the corresponding positions of the input data matrix γ=[x1,⋯⋯,xm], respectively. Then, the spatial features of the data are extracted using a sliding window; the corresponding mathematical formulas is given as follows:
Fi=ρ(Wi∗γ+bi)
(12)
Where Fi is the ith convolutional layer output, ρ is the nonlinear activation function ReLU, Wi is the ith convolutional kernel, and bi denotes the bias term in the convolutional layer. The role of the pooling layer is mainly to reduce the amount of data processing. After the pooling layer, reducing the amount of data to be processed and preserving the characteristic information of the input signals is possible. The corresponding mathematical formulas are given as follows:
Si/max=maxpool[Fi]
(13)
where maxpool indicates a maximum pooling operation, Si/max is the ith pooling layer output. The fully-connected layer comprises high-level features obtained from multiple convolutional and pooling layers. The corresponding mathematical formulas are given as follows:
ζi=ReLU(ξi∗Si/max+ηi)
(14)
ηi denotes the bias term in the fully-connected layer, ξi is the weight value, and ζi is the ith fully-connected layer output.
BiGRU-based temporal feature extraction - As shown in Fig. 6, the BiGRU-based temporal feature extraction framework is constructed. The BiGRU model, including update gate, reset gate, and new candidate state, is a recurrent neural network that consists of two independent GRU units. Of note, one GRU aims to process the data in the forward direction of the time series, and the other GRU seeks to process the data in the reverse direction. With the above bi-directional structure, the constructed BiGRU model can capture forward and backward data information to extract the sequence's temporal feature. The temporal feature extraction calculation procedure for the BiGRU model is as follows.
ht/1=χ(Ψo⋅[ht−1/1xt]+Φo)
(15)
ht/2=χ(Ψμ⋅[ht−1/2xt]+Φμ)t−1
(16)
h⌣t=[ht/1ht/2]
(17)
where ht/1 is hidden status in the forward at t,χ is activation function, Ψo is weight matrix in the forward, Ψμ is weight matrix in backward,xt is data input, Φo is the bias parameter in the forward, ht−1/1 is hidden status in the forward at t−1,ht/2 is hidden status in the backward at t, Φμ is the bias parameter in the backward, ht−1/2 is hidden status in the backward at t−1, Φo is the output of BiGRU model.
To enhance CNN-BiGRU's feature extraction performance, KOA is applied to optimize three critical parameters in the CNN-BiGRU model: learning rate, number of iterations, and number of neurons. The settings of these parameters will directly affect the model's performance and accuracy. The detailed process of KOA is given below.
The algorithm is initialized as 28:
{Xi=Xlow+rand(Xup−Xlow)κi=rand[0,1]λi=|j|,i=1,⋯,m
(18)
where Xi denotes the ith planet, Xlow and Xup denote the lower and upper bounds, rand[0,1] is a random number between 0 and 1, κi is the eccentricity, λi is the orbital period, and j is a normally distributed random number.
The velocity Vi calculation of KOA is given as:
Vi={∫1×∫4+∫2×∫5+∫3×∫9×∫10×j→5×∫7if1−φinj4×[η×(ℜ1+ℜ2)|2ℜ3+ς−1ℜ4+ς|]12×∫6+∫3×∫9×∫11×j→5×∫8else
(19)
with
∫1=L→×(j3×(1−j4)+j4)×[η×(ℜ1+ℜ2)|2ℜ3+ς−1ℜ4+ς|]12
∫2=(1−L→)×(j3×(1−j→5)+j→5)×[η×(ℜ1+ℜ2)|2ℜ3+ς−1ℜ4+ς|]
∫3=(1−φin),∫4=2j4X→i−X→a,∫5=X→a−X→b
∫6=X→a−X→i,∫7=X→up−X→low,∫8=j3X→up−X→low
L→={0j→5≤j→61Else,∫9={1j4≤0.5−1Else,∫10={0j→5≤j41Else,∫11={0j3≤j41Else
Where and are random numbers between 0 and 1, and are random vectors between 0 and 1, and are solutions, which are selected at random from the population, is the universal gravitational constant, anddenote the mass, denotes the distance, is the the semimajor axis, denotes a small value, is the normalizing the Euclidian distance. Updating positions and distances is presented as
X→i/t+1=X→i/t+∫9×V→i/t+(λ+|j|)×L→×(X→s−X→i/t)
(20)
(21)
where X→i/t+1 is the next momentary position of X→i/t, X→s is the sun, and λ is the universal law of gravitation.
The elitist strategy of KOA is given as
X→i,new/t+1={X→i/t+1if f(X→i/t+1)≤f(X→i/t)X→i/telse
(22)
Using the above KOA, the related parameters of the CNN-BiGRU model, such as learning rate, number of iterations, and number of neurons, can be optimized. Of note, detailed algorithmic calculations and benefits are given in[28].
Attention-based detection module
Based on the output results in the BiGRU model, the attention score is calculated as
Δei=a(h⌣t)
(23)
where a denotes the Query.
The attention weight is calculated as
Δαi=exp(Δei)∑j=1n(Δej)
(24)
Then, we can get the weighted sum as
Δc=∑i=1nΔαih⌣t
(25)
In sum, the model prediction output can be obtained as
ypre=∑i=1TSoftMax(Δc)
(26)
Since the FDA detection task is a binary classification task, the cross-entropy loss function is given as:
Loss=−1T∑i=1T[yilog(y^pre)+(1−yi)log(1−y^pre)]
(27)
Remark 1—Attention mechanisms dynamically assign weights, highlight important features, and suppress irrelevant features. Power system data can contain a large amount of noise or redundant information, and attention mechanisms can help models focus on key features of anomalous data, improving detection accuracy.
Algorithm 1
Detection process of FDAs using KOA-CNN-BiGUR-Attention.
KOA-CNN-BiGRU-attention-based detection framework. By constructing the KOA-CNN and BiGRU-Attention model, a detection framework using spatial–temporal features is developed, as shown in Fig. 7. The detailed process is shown below.
Fig. 7
FDA attack detection model using KOA-CNN-GRU-Attention network.
Step 1: Establish the CNN-based spatial features extraction model.
Step 2: Optimize the related parameters of the CNN model by using KOA,
Step 3: Construct the BiGRU-based temporal features extraction model;
Step 4: Input power measurement to train the above model offline based on KOA-CNN-BiGRU-Attention.
Step 5: Apply KOA-CNN-BiGRU-Attention-based detection model to identify normal and abnormal data online.
Based on the above detection step, the detection algorithm against FDAs is summarized in Algorithm 1.
Case studies—In this section, simulation tests are provided to demonstrate the performance of the constructed spatial-temporal detection framework against FDAs. Compared with the existing detection models, such as GCN and GGNN-GAT, simulation studies on IEEE 14-bus and IEEE 118-bus power systems verify the superiority of the proposed detection model.
Simulation and data setup - The simulation environment in this paper is realized on a desktop computer based on MATLAB 2023a with the following configuration: i9-13900HX, 2.20 GHz, 16G RAM, and NVIDIA TITAN RTX 4060 graphics card. KOA: the population size: 20, maximum iteration times: 100; the optimized parameters are 0.00408136, 4, 86. CNN: Convolution layers; Convolutional kernel size: 3x1; Activation function: ReLU. BiGRU: Number of hidden units: 128; Number of layers: 2; Dropout rate: 0.2. Attention dimension: 64. Optimizer: Adam; Learning rate: 0.001;gamma=2.
Consistent with work in[29], researchers created the dataset using the publicly accessible data released by NYISO. Leveraging the 2022 user load fluctuation pattern of New York, they utilized linear interpolation to expand the dataset with a five-minute time interval. Following this, analysts standardized the obtained dataset in relation to the capacities of the grid systems under consideration. Subsequently, the research group linked the expanded dataset to each of the aforementioned two grid systems and utilized the Matpower 7.0 toolbox to conduct power flow analyses.
The specific division of the training and test datasets is shown in Table 1.
Table 1: Training and Test Datasets Division.
Evaluation indicators—To evaluate the detection model's performance, evaluation indicators (Accuracy, Missed Alarm, Precision, F1-Score, and Recall Alarm) are selected30. Then, the corresponding mathematical expressions are given as follows.
Acc=πTN+πTPπTN+πTP+πFN+πFP
(28)
Ma=πFNπTP+πFN
(29)
Pr=πTPπTP+πFP
(30)
Ra=πTPπTP+πFN
(31)
F1/S=2Pr×RaPr+Ra
(32)
where πFN denotes the number of normal data in the data judged to be abnormal, πFP denotes the number of abnormal data in the data judged to be normal, πTP denotes the number of normal data in the data judged to be normal, πTN denotes the number of abnormal data in the data judged to be abnormal, Acc, Ma, Pr,Ra and F1/S denote the accuracy, missed alarm, precision, recall and F1-Score, respectively.
Ablation analysis—To evaluate the contributions of KOA, CNN, BiGRU, and Attention modules to the KOA-CNN-BiGRU-Attention model's performance, we designed the following ablation experiments: In this section, the full KOA-CNN-BiGRU-Attention model is established as the benchmark.
The performance of the following ablation models is considered: Model 1: Removing KOA and using default hyperparameters. Model 2: Removing CNN and utilizing only BiGRU Attention. Model 3: Removing BiGRU and utilizing only CNN Attention. Model 4: Removing Attention and using only CNN BiGRU. Model 5: Removing both CNN and BiGRU, utilizing only Attention. The comparative results are presented, as shown in Fig. 8.
Fig. 8
Results of the ablation experiments for each module of the KOA-CNN-BiGRU-Attention model.
As shown in Fig. 8, the contributions of each module to the overall performance can be summarized as follows. After removing KOA, the model performance slightly dropped (F1 score decreased from 96.45% to 94.28%), suggesting that KOA contributes to some degree in hyperparameter optimization, albeit with a relatively minor impact. Upon removing CNN, the model's performance significantly declined (F1 score dropped from 96.45% to 90.65%), revealing CNN's vital role in extracting local features. The removal of BiGRU led to a decrease in model performance (F1 score fell from 96.45% to 89.53%), indicating that BiGRU is important for capturing time series dependencies. With Attention removed, the model's performance suffered a slight drop (F1 score decreased from 96.45% to 92.19%), hinting that the Attention mechanism aids in feature weighting and noise suppression to a certain extent. When both CNN and BiGRU were removed, the model performance drastically declined (F1 score fell from 96.45% to 83.15%), underlining the absolute cruciality of the combination of CNN and BiGRU for model performance.
Detection performance under different detection models - In this section, the accuracy of proposed detection model under KOA is analyzed, as shown in Fig. 9. In addition, compared with other detection models, such as particle swarm optimization (PSO)-CNN-BiGRU-Attention, group-fusion CNN (GFCNN) and CNN, accuracy and loss comparison during training are selected as evaluation indicators under the same conditions. The comparison of the accuracy and loss of each model is shown in Table 2.
Fig. 9
Accuracy analysis of the proposed detection model under KOA.
Table 2 Comparison of the accuracy and loss of each model.
The selection of optimal hyperparameters in the detection model can affect the detection performance against malicious attacks. As the error of the fitness function gets smaller, the KOA can obtain the optimal hyperparameters of the detection model, as shown in Fig. 9. Based on this, the corresponding accuracy of the proposed detection model can be enhanced. In other words, introducing KOA for the proposed detection model can improve the detection performance against attacks.
Simulation results in Table 2 demonstrate that the proposed detection model has the highest accuracy and the lowest value of the loss function, indicating that it has the best overall performance. Compared with PSO-CNN-BiGRU-Attention, the KOA can further improve the ability of the model to generalize by optimizing the hyperparameters. In addition, compared with works such as GFCNN and CNN, the proposed detection model has significantly improved the model's ability to capture time series features. However, compared with standard CNN, it can be seen that GFCNN can further enhance the detection performance of anomalous data.
Detection performance with evaluation indicators under different detection models - To evaluate the detection performance against FDAs under different detection models on the IEEE 14-bus and 118-bus grid systems, evaluation indicators (accuracy, missed alarm, precision, F1-score, and recall) are conducted, as shown in Tables 3 and 4. In addition, the corresponding confusion matrices are presented, as shown in Fig. 10 and Fig. 11.
Table 3 Comparison results of evaluation indicators on the IEEE 14-bus grid system.
Table 4 Comparison results of evaluation indicators on IEEE 118-bus grid system.
Fig. 10
The confusion matrices under different detection models on the IEEE 14-bus grid system.
Fig. 11
The confusion matrices under different detection models on the IEEE 118-bus grid system.
Full-size image
The simulation experiments presented in Table 3 reveal that the accuracy rates of the proposed detection model, GCN, and GGNN-GAT are 98.73%, 95.99%, and 96.35%, respectively. The accuracy rate of the proposed detection model surpasses that of the other models. The precision rates for the proposed detection model, GCN, and GGNN-GAT are 98.85%, 95.23%, and 97.03%, respectively. Furthermore, the proposed detection model's recall rate and F1 score exhibit improvements of 11.34% and 4.15%, respectively. Consequently, compared to the works in 30 and 29, the detection performances of the proposed detection model surpass those of other detection models on the IEEE 14-bus power system. Moreover, the comparison results on the IEEE 118-bus grid system in Table 3 further underscore the enhanced detection performance of the proposed model. Specifically, the evaluation indicators such as accuracy rate, precision rate, recall rate, and F1 score have improved by at least 1.49%, 1.15%, 11.24%, and 8.4%, respectively. In summary, utilizing the KOA-CNN-BiGRU-Attention framework for spatio-temporal detection enhances detection performance compared to GCN and GGNN-GAT detection models.
Figures 10 and 11 show the comparison results of the confusion matrices for different detection models. As seen in Figs. 10 11 the proposed detection model can identify the abnormal data better than other detection models on the IEEE 14-bus and 118-bus grid systems. Compared with GCN and GGNN-GAT detection models, the proposed detection model accurately identifies positive and negative samples and has fewer false positives and false negatives in the prediction, which indicates the effectiveness of the proposed KOA-CNN-BiGRU-Attention loss for improving the binary classification task distinguishability.
From the above experiments, analysts can conclude that the proposed detection model using KOA-CNN-BiGRU-Attention has powerful detection performance, which makes it outperform the compared methods in both test accuracy for detecting FDAs.
Detection performance with variable attack intensity and ROC under different detection models—To evaluate the robustness of the proposed detection model, we further select the variable attack intensity and ROC as indicators on the IEEE 14-bus system. As shown in Fig. 12, the detection rate under different attack strengths for the proposed detection model, GCN, and GGNN-GAT is tested. The ROC under all detection models is shown in Table 5.
Fig. 12
Detection rate under different attack strengths under different detection models.
Table 5 Comparison results of ROC under different detection models.
Figure 11 demonstrates the detection rate under different attack strengths under different detection models. Detection rates become more accurate as the intensity of the attack increases. However, the detection rate under the proposed detection model is higher than that of other detection models under the same attack strength. Compared with other detection models, simulation experiments in Table 5 indicate that the ROC of the proposed detection model for FDA detection is best. It is concluded that our proposed detection framework can achieve a high detection rate and robustness for FDAs in power grids.
Conclusions and discussion - In this paper, we construct a spatio-temporal detection framework for FDAs in power networks. First, a CNN-BiGRU-based network model is established, which can effectively extract the spatio-temporal features of power data. Secondly, the KOA and attention mechanisms incorporated in the constructed model can effectively improve the detection performance against FDAs. Finally, compared with GCN and GGNN-GAT detection models, the accuracy, precision, score, and recall of the proposed detection model can be improved on the IEEE 14-bus and 118-bus grid systems. Additionally, simulation experiments have verified that our detection models for FDA detection show robustness to attack strength. However, certain deficiencies remain that serve as incentives for further research in the future.
1. References (footnotes):
Oyewole, P. A. & Jayaweera, D. Power system security with cyber-physical power system operation. IEEE Access 8, 179970–179982 (2020).
2. Zhang, X., Ma, H. & Tse, C. K. Assessing the robustness of cyber-physical power systems by considering wide-area protection functions. IEEE J. Emerg. Select. Top. Circuits Syst. 12(1), 107–114 (2022).
3. Alvarez-Alvarado, M. S. et al. Cyber-physical power systems: A comprehensive review about technologies, drivers, standards, and future perspectives. Comput. Electr. Eng. 116, 109149 (2024).
4. Lu, K.-D. & Wu, Z.-G. Multi-objective false data injection attacks of cyber-physical power systems. IEEE Trans. Circuits Syst. II Express Briefs 69(9), 3924–3928 (2022). Return to ref 4 in the article
5. Chen, L. & Wang, B. Robustness assessment of weakly coupled cyber-physical power systems under multi-stage attacks. Electr. Power Syst. Res. 231, 110325 (2024).
6. Cheng, Z., Hu, S., Yue, D., Dou, C. & Shen, S. Resilient distributed coordination control of multi-area power systems under hybrid attacks. IEEE Trans. Syst. Man Cybern. Syst. 52(1), 7–18 (2022).
7. Chawla, A. et al. Denial-of-service attacks, a pre-emptive and detection framework for synchrophasor-based wide area protection applications. IEEE Syst. J. 16(1), 1570–1581 (2022).
8. Mukherjee, D. Data-driven false data injection attack: A low-rank approach. IEEE Trans. Smart Grid 13(3), 2479–2482 (2022).
9. Liu, Y., Ning, P. & Reiter, M. K. False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. 14(1), 1–33 (2011).
10. Jin, S. False data injection attack against smart power grid based on incomplete network information. Electr. Power Syst. Res. 230, 110294 (2024).
11. Sadeghikhorami, L., Varadharajan, V. & Safavi, A. A. A novel secure observer-based controller and attack detection scheme for Networked Control Systems. Inf. Sci. 575, 185–205 (2021).
12. G. Rinaldi, M. Cucuzzella, P. P. Menon, A. Ferrara and C. Edwards, Load Altering Attacks Detection, Reconstruction and Mitigation for Cyber-Security in Smart Grids with Battery Energy Storage Systems. 2022 European Control Conference (ECC), London, United Kingdom, pp. 1541–1547, (2022).
13. Wang, X., Luo, X. & Pan, X. Guan, detection and location of bias load injection attack in smart grid via robust adaptive observer. IEEE Syst. J. 14(3), 4454–4465 (2020).
14. Li, J., Sun, Y. & Qingyu, Su. Security control of integral sliding modes for multi-agent systems under false data injection attacks. J. Franklin Inst. 361(4), 106613 (2024).
15. Roy Chowdhury, N., Belikov, J., Baimel, D. & Levron, Y. Observer-based detection and identification of sensor attacks in networked CPSs. Automatica 121, 109166 (2020).
16. Wang, X., Luo, X., Zhang, M., Jiang, Z. & Guan, X. Detection and isolation of false data injection attacks in smart grid via unknown input interval observer. IEEE Internet Things J. 7(4), 3214–3229 (2020).
17. M. Li and T. Qian, False Data Injection Information Detection Method for Power Systems Based on Improved Random Forest. 2024 IEEE 7th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC), Chongqing, China, 1885-1888, (2024).
18. Liu, K., Zhang, H., Zhang, Y. & Sun, C. False data-injection attack detection in cyber-physical systems with unknown parameters: A deep reinforcement learning approach. IEEE Trans. Cybern. 53(11), 7115–7125 (2023).
19. Esmalifalak, M., Liu, L., Nguyen, N., Zheng, R. & Han, Z. Detecting stealthy false data injection using machine learning in smart grid. IEEE Syst. J. 11(3), 1644–1652 (2017).
20. Feng, H., Han, Y., Li, K., Si, F. & Zhao, Q. Locational detection of the false data injection attacks via semi-supervised multi-label adversarial network. Int. J. Electr. Power Energy Syst. 155, 109682 (2024).
21. Xiang, Q. et al. Group-fusion one-dimensional convolutional neural network for ballistic target high-resolution range profile recognition with layer-wise auxiliary classifiers. Int. J. Comput. Intell. Syst. 16, 190 (2023).
22. Xiang, Q. et al. Multi-scale group-fusion convolutional neural network for high-resolution range profile target recognition. IET Radar Sonar Navig. 16(12), 1997–2016 (2022).
23. Xiang, Q. et al. Quadruplet depth-wise separable fusion convolution neural network for ballistic target recognition with limited samples. Expert Syst. Appl. 235, 121182 (2024).
24. Vincent, E., Korki, M., Seyedmahmoudian, M., Stojcevski, A. & Mekhilef, S. Detection of false data injection attacks in cyber–physical systems using graph convolutional network. Electr. Power Syst. Res. 217, 109118 (2023).
25. Yin, L. & Xie, J. Multi-temporal-spatial-scale temporal convolution network for short-term load forecasting of power systems. Appl. Energy 283, 116328 (2021).
26. Lin, Y. & Abur, A. A highly efficient bad data identification approach for very large-scale power systems. IEEE Trans. Power Syst. 33(6), 5979–5989 (2018).
27. Abur, A. & Exposito, A. G. Power System State Estimation: Theory and Implementation (CRC Press, 2004).
28. Abdel-Basset, M., Mohamed, R., Abdel Azeem, S. A., Jameel, M. & Abouhawwash, M. Kepler optimization algorithm: A new metaheuristic algorithm inspired by Kepler’s laws of planetary motion. Knowl.-Based Syst. 268, 110454 (2023).
29. Li, X., Wang, Y. & Lu, Z. Graph-based detection for false data injection attacks in power grid. Energy 263, 125865 (2023).
30. O. Boyaci, M. R. Narimani, K. Davis, and E. Serpedin, Cyberattack detection in large-scale smart grids using Chebyshev graph convolutional networks. In: Proc. IEEE 9th Int. Conf. Elect. Electron. Eng. 217–221 (2022).
This paper was supported by the Doctoral Research Initiation Fund of Taiyuan University of Science and Technology (20202005, 20202007); Shanxi Province Basic Research Program General Project (202203021221153), and the Open Research Fund of Jiangsu Collaborative Innovation Center for Smart Distribution Network at Nanjing Institute of Technology under grant number XTCX202203.
This article is provided free of charge and is intended solely for educational and informational purposes.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
• Reporting: https://www.redskyalliance.org/
• Website: https://www.redskyalliance.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
© 2025 Red Sky Alliance Corporation. All rights reserved.
Comments