Review of the false data injection attack against the cyber-physical power system

: With the development of synchronous measuring technology and communication technology, the units of measurement, calculation, execution and communication are deeply integrated into energy manage system, which can achieve panoramic state awareness through the fast and accurate state estimation algorithm. Meanwhile, the cyber-attack has become an important issue posing severe threats to the secure operation of power systems. A well-designed false data injection attack (FDIA) against state estimation can effectively bypass the traditional bad data detection methods and interfere with the decision of the control centre, thus causing the power system incidents. This study comprehensively discusses the characteristics of FDIA including not only the goals, construction methods and consequences of FDIA from the perspective of attackers but also the protection and detection countermeasures from the perspective of defenders. Moreover, a game-theory-based FDIA against the substation information network is simulated to reveal the interactions between attackers and defenders.

2 Principles and modelling of the attack process against the CPPS The power physical system is composed of power generation, transformation, transmission, distribution and supply sides, while the power information system is the technological basis for the awareness of the system situation. The whole framework of CPPSs is shown in Fig. 1. According to the location in the power supply chain, the information systems can be classified into the systems in the generation side (e.g. supervisory information system), in the transmission side [e.g. SCADA, energy management system (EMS), electricity market operation system and tele meter reading] and in the user side (e.g. demand response management). These power production information, transmission information and market information may be affected by FDIAs through the vulnerable channels such as measurement units, communication networks and control devices, which will eventually interfere with power application services.
In the traditional FDIA, SCADA and subsequent EMS are mainly chosen as the attack objects, and the following gives a brief introduction to the EMS architecture.
As shown in Fig. 2, according to functions, EMS can be divided into information collection and command execution part (i.e. SCADA), database management and information processing control software. The basic functions of SCADA include 4R (i.e. remote measuring, remote communicating, remote adjusting and remote controlling) functions in the remote terminal units (RTUs). The upper software is designed to perform the real time or off-line researches on the power generation or network analysis. The purpose of FDIA is to mislead the upper application service by tampering the correct information in the database.
The database of EMS is the data source to realise all services of EMS. According to the origins, it can be divided into the basic data, real-time data, prediction data and historical data. The basic data is the basic and unchanged data including the configuration parameters of the power system operation and measurement equipment. The real-time data is derived from the remote measuring and remote communication of RTUs including the state variables of the measurement device and system operation. The prediction data is generated by the application software to provide future operation status of the power system. The historical data is a record of previous state running, which is mainly used for the analysis, prediction and training of the power system. Generally, the real-time data is most important for the decision making of the upper application software, which is taken as the main object of FDIA.

Hierarchical analysis of attack goals
2.1.1 FDIA aiming at the information layer: The invasion toward power communication network is the first step of the FDIA. The possible option includes the measuring units, communication networks and control devices. Owing to the tightly protective device of the control devices, they are often difficult for invasion. Therefore, the FDIA is usually implemented in the first two ways.
To destroy the data in the measurement units such as RTUs and phasor measurement units (PMUs), the inherent vulnerabilities in encryption and authentication mechanisms are utilised to modify the original data. In [11], the susceptibility of PMUs to the time synchronisation attack by spoofing its global positioning system (GPS) has been revealed. Since the GPS signal does not have any encryption or authorisation mechanism, attackers could generate the counterfeit GPS signals which receivers are unable to distinguish from the original data. In [12], the coloured Petri net is used to describe the information flows and vulnerabilities among smart metres. On the basis of this, a threat model to describe specific attacks toward smart meters is established.
To invade the communication networks, DOS attacks and manin-the-middle attacks may be deployed between measurement units and the control centre so that the measurements or control information through the communication channels could be tampered. In [13], an interference matrix of communication data is put forward to deflect the transmitted data from the original value. In [14], a cyber threat called grey-hole attack is addressed, where the PMU data packets are dropped during the transmission in the network, resulting in loss of observability, and subsequently incorrect control decisions.
After successfully injecting false data into the information layer, attackers can subsequently manipulate the controlling services in the power physical layer, which requires the adequate knowledge of power system operation and protection.

FDIA aiming at the physical layer:
After the invasion of the information layer, attackers can obtain the capability of measurement modification. Through modifying the real-time price, load and power flow information, which are enabled to bypass the bad data detection module, attackers could interfere with the subsequent control services [15].
Generally speaking, the state estimation can be formalised by where z represents measurements including bus voltage, generator output and branch active and reactive power flows. x represents the state vector including the amplitude and phase angle of the node voltage. Here, h(x) is the mapping matrix between the measurement variables and the state variables, which covers the topology of the system. Generally, the number of measured variables is larger than that of state variables, and the redundancy is used to improve the estimation accuracy.
In reality, the measurements EMS received are not totally correct. Owing to the equipment failure, sensor offset, error connection and communication interference, the state estimation would deviate from the true value. In this paper, we focus on the AC-state estimation model and corresponding largest normalised residual (LNR) method to detect and eliminate the possible errors. The judging formula is as follows: where z − h(x) represents the estimation error of measurements, and LNR follows the chi-square distribution. When LNR is larger than the threshold ξ, it suggests that the measurement vector contains bad data. The largest error value is eliminated, and the detection method is repeated until the condition of (2) is satisfied or the number of measurements is not enough to perform the state estimation.

Construction methods of FDIA
The change of one certain measurement will cause changes of adjacent measurements according to the power flow. When falsifying one element (e.g. measurements of the node or line), to bypass the bad data detection, attackers should consider the power flow law to find a minimum space where the measurements change accordingly. Therefore, the minimum space requiring a coordinated attack is defined as the minimum related space of this element, which satisfies the power flow law and optimal resource utilisation law when performing an FDIA. In addition to the above conditions, a successful FDIA is required to meet the following constraints due to the power system operation characteristics: (i) The boundary node of the attacking element's minimum related space should not be zero injection nodes. Since the sum line power adjacent to a zero injection node should be zero, the minimum related space of another adjacent line to the node should be changed, in order to make the change value of both lines is equal in value, opposite in sign. (ii) Generally, there is a balanced node in a power system, whose voltage amplitude and phase angle are constant and cannot be falsified. (iii) The load and generation value calculated by the interfered state estimation should be close to the predicted value. On the basis of the historical data prediction and the generator's actual characteristics, the limit of load and generation is set. If the estimated value exceeds this threshold, the FDIA will fail. (iv) To attack a region with redundancy meters, attackers should manipulate all meters in this region to perform a successful FDIA. Otherwise, there will be inconsistencies among multiple measurements, resulting in attack failure.
If attackers can only grasp partial system information (e.g. system topology, parameters of nodes or lines, protection and detection algorithm), in order to improve the success rate of the FDIA, the attackers need to assume some unknown information to minimise the residuals of state estimation after tampering. The common construction methods of blind false data include principal component analysis and Lagrange multipliers method [16,17].

Attack consequences 2.3.1 Consequences of economic dispatch:
The economic benefit is an important motivation to attack the power grid. It mainly includes profit through the price difference in the electricity market or directly stealing electricity. In [18], the drawbacks of bad data detection algorithms may be leveraged by attackers for consistent financial arbitrage such as virtual bidding at selected pairs of nodes.
For the spot market of electricity, the prices from the generation side and the predicted network state are combined to get the locational marginal prices (LMPs) of each node. Attackers can achieve profits by buying low and selling high strategy, which could be obtained by falsifying the line blocking level. In [19], it is shown that the power system state space is partitioned into price regions of convex polytopes. Under different bad data models, the worst-case impacts of bad data on real-time LMP are analysed.

Consequences of security control:
In terms of power system operation control, the direct consequence of FDIA is the impact of online security assessment including misleading the dispatcher's operation and causing safety and stability control system to malfunction.
For a successful attack, the control centre misjudges the power system into an emergency state. The power system automatic control device moves rapidly, so that the circuit breakers trip the line. The change of power system topology may lead to a chain reaction, which leads to problems such as overload, expansion of fault area and even out-of-step splitting of the power system. In [20], aiming at the DOS attack resulted from false data, attackers flood the communication interfaces in order to disrupt the PMU data, which may cause bad control action and even a blackout.
For a failed attack, falsified measurements will be eliminated by the bad data detection. As a result, the attacked area is unobservable from the control centre and dispatch centre. EMS cannot observe, analyse and control the dynamic state of this area, thus causing the follow-up risk of system operation.

Principles and modelling of the defence process against the FDIA in the CPPS
The traditional and static security measures cannot adapt to the dynamic network environment, so some novel network security theories have been proposed [21]. The Internet security systems of the USA proposed an adaptive network security model, which is gradually developed into P2DR model (i.e. policy, protection, detection and response). The system recovery process is not considered in the P2DR model, which is updated into the P2DR2 model (i.e. policy, protection, detection, response and recovery) by adding the recovery loop. In the above models, the policy is the key part, and the complete dynamic security protection system is guided by a unified security strategy.
From the integration of devices and the society, WPDRRC model (i.e. warning, protection, detection, response, recovery and counterattack) is proposed to point out the importance of people, strategies and management. This model includes six loops and three key components (i.e. people, strategy and technology), which realise interaction and dynamic feedback to promise the confidentiality, availability, controllability and authenticity of information. The development from P2DR model to P2DR2 model to WPDRRC model is shown in Fig. 3.
In this paper, we focus on two main parts in the defence procedures: protection method and detection method.

Detection-based defence methods
3.1.1 State estimation-based detection methods: As mentioned above, if attackers master sufficient knowledge of the target system, they can construct a data falsifying strategy that can avoid the existing bad detection algorithm. On the basis of the data falsifying characteristics, the original state estimation algorithm has been improved into novel forms including detection methods of residuals, measurement revulsion and measurement correlation [22][23][24].

Trajectory prediction-based detection methods:
The detection method based on state estimation is mainly used in the static analysis to detect the attack behaviour at a certain time point. In the continuous dynamic operation of the power system, there is a strong spatial and temporal relationship among multiple states. Therefore, we can perform the trajectory analysis based on historical data, so as to match the current measurements of the power grid with the prediction results. The contradiction between two sets of variables can be utilised to find out possible attacked areas. Main detection methods using trajectory prediction include the statistical consistency detection, sequential detection for generalised likelihood ratio and sensor track prediction [25][26][27].

Artificial intelligence-based detection methods:
In addition to the traditional mathematical modelling methods, some artificial intelligence-related detection methods have been put forward in recent years, which are mainly based on neural network, deep learning and fuzzy clustering [28,29].
The uniqueness of the neural network method is simple in structure but uneasy in the parameter adjustment. Numerous tests should be utilised to train the network model. The choice of model depth and the threshold will affect the model precision and correct rate of results. The deep learning method originates from the neural network, which can solve the over fitting problems well but the training method is more complex.
From the perspective of fuzzy clustering, N data analysis technique is used. Moreover, the data mining method and fuzzy integration method are combined to judge the false data. However, this method requires the artificial measurement and determination of the membership degrees, which contains a strong subjectivity.
The remarkable characteristics of artificial intelligence methods are the strong computing power and clear framework. However, due to the complexity of power system operations, the interpretability of these methods is usually poor.

Protection-based defence methods
In the security planning of power grid, the important and fragile areas in the power grid are analysed to deploy the limited protection resources. The direct protection methods include physical isolation, channel encryption and firewalls, while the indirect protection method is to enhance the measurement redundancy by deploying redundant sensors.

Programming-based protection methods:
From the constraint conditions, the programming method can be divided into linear programming for DC power flow and non-linear programming for AC flow. The mixed integer linear programming (MILP) model is the most common method to judge the critical regions in the power system. In [30], a bi-level MILP model is proposed to determine the least number of measurements to be protected. To reduce the computational complexity, a decomposition approach is adopted to obtain the suboptimal solution. In [31], to solve a novel problem of price modification attacks in the smart grid, a bi-level MILP protection scheme against price modification attacks is proposed; afterwards, an efficient heuristic algorithm is adapted to protect most critical nodes. Overall, the programming methods are fit for the off-line optimisation of protection resources.

Game-based protection methods:
The traditional protection methods for the FDIA are usually based on the process analysis of attack or defence mechanism. According to the consequences and difficulties of an FDIA, the weak or important regions can be found out. From the perspective of attack analysis, the existing research focuses on the vulnerability and accessibility of information devices. Accordingly, the attack target, intrusion process and construction method of false data are optimised [32,33]. From the perspective of defence analysis, the existing research focuses on optimising the performance of bad data identification algorithm, data encryption algorithm and invasion detection mechanism, so as to enhance the multi-level defence ability against FDIA [34]. On this basis, solutions of attack-defence strategy mostly remain in the static level, the weakest or the most important region is taken as the attack-defence object. In fact, because of the limited resources, both sides need to optimise their choices based on the rival's other's possible choices actions, which is a typical forming a double-player dynamic game process [35]. Therefore, the process analysis of FDIA should be integrated with the game theory where both the attacker and defender are seen as rational decision makers.
From the perspective of the joint game, the goal of an FDIA is usually economic loss or stability reducing. Regarding economic loss, the power market price is used as an attack object in [36], a Stackelberg game process is operated using a distributed learning algorithm to reflect the interactions between one defender and several attackers. The attack and defence means are simplified by choosing a certain number of measurements to be changeable or unchangeable, without considering the principle of intrusion process. Regarding stability reduction, in [37,38], a multistage stochastic game and a Markov model are, respectively, used to simulate the FDIA against the line and the load shedding consequences. The state transition matrix is used to characterise the anticipatory actions of both players, and optimal load shedding is used to quantify the attack consequences. In former two types of researches, a simplification lies in that the attack and defence processes are represented by the failure rate and repair rate of power lines. In [39], the economic and stability indexes are combined. The manipulation of the transformers and power line breakers is chosen as the attack method, while the generator redispatching is adopted to reduce the power loss. The load shedding and generator tripping are taken to qualify the economic benefits of FDIA. The attack graph-based game process is used to analyse the optimal paths for both players, where the defender is only allowed to deploy an ex-post remedy instead of premeditated defence.
Overall, a set of sound defence strategies include the coordination among warning, protection, detection, response, recovery and counterattacks. Moreover, in the environment of CPPS, in terms of the information layer, the intrusion detection system and data encryption algorithm are utilised to identify the correctness of the data protocol and logic. In terms of the physical layer, the rationality of the data content should be identified based on the power professional knowledge, and then some remedial measures need to be performed to eliminate the attack effects.

Case: FDIA against substation information network
In this section, the FDIA against the substation information network is taken as the case to illustrate the basic attack process and defence strategies; afterwards, the optimal resource deployment is simulated through a double-player zero-sum game.
The analysis of the FDIA process requires to be combined not only with the target and strategies of attackers but also with the detection and protection strategies of defenders. The most basic knowledge is the action steps of the FDIA, which are shown in Fig. 4. Cyber-attacks fail the corresponding information services through information equipment failures, then result in the disturbance of the power system.

Attack graph of the substation
The D2-1-type substation is taken as the object of FDIA, whose information network is shown in Fig. 5. According to the information transmission path, the information layers can be divided into three layers (i.e. process layer, bay layer and station layer). According to the types of bays, they can be divided into the line bay, transformer bay and bus bay. According to the type of intelligent electronic device (IED), the devices can be divided into the breaker IED, merging unit (MU) IED and P&C IED. In the D2-1 intelligent substation, sampling signals of MU are spread by the sampled analogue values (SAV) message, while sampling signals of the P&C IED are spread by generic object oriented substation event (GOOSE) message. 'Publisher/reader' mode is utilised to transmit information in multicast mode. According to the data flows, we could summarise the information devices and their link relationship as an attack graph as shown in Fig. 6. Among them, points A1-A7 belong to the process layer L1; points B1-B5 belong to the bay level L2; and points C1-C4 belong to the station layer L3. We assume that if attackers invade these three layers through one certain path, they can manipulate the host to result in a power system failure.
The third layer contains the controlling service, according to the common applications of the substation, four typical services are summarised in nodes C1-C4 (i.e. information measurement, protection function, monitoring control and automatic control). The node D1 in the top layer represents the power system fault.

Parameter setting and model solving process
To perform the risk assessment of the power information network, factors affecting the system security should be considered. The external factors result from the cyber-attacks, while the internal factors result from the risks of devices. The comprehensive security risk of each node is determined by the vulnerability and sensitivity of it. The sensitivity is related with the in-degree and out-degree of the node, representing the frequency of being utilised by all kinds of attacks, and the vulnerability of the device is directly proportional to the safety level of the device itself. G = N, E, S is defined as the standard form of the attack graph, where N is the group of all nodes, E is the group of all directed edges and S is the group of node sensitivities. N and E can be generalised by the topology of the substation system, and S can be calculated by the following equation: where d in (i) and d out (i) represent the in-degree and out-degree of node i, while T in (i) and T out (i) represent the number of links in the lower layer and upper layer. Therefore, the result is the relative sensitivity considering the connectedness in each layer. The comprehensive risk of each node R i can be calculated by the following equation: where V i and S i are the vulnerability and sensitivity of node i, S i can be calculated by (3), while V i is decided by the distributed fault threat, influence scope and occurrence complexity. The calculation process refers to [40]. W vi and W si are the weights of the vulnerability and sensitivity. In this paper, for the sake of analysis convenience, they are set to be equal to 0.5. The vulnerability, sensitivity and comprehensive risks are shown in Table 1.
It can be seen that the attack depth is 4. After the attack through all the lower three layers, the stability of the power primary system is ultimately affected by the malicious control information. The risk value sum of all nodes on the path is used as the comprehensive risk of this attack path. Both attackers and defenders focus on the attack or defence on the information nodes. In fact, due to the finiteness of resources, both sides cannot attack or defend all regions in the grid; consequently, both sides need to optimise their resource deployment based on the other's possible choices, which forms a double-player dynamic game process: G = A, D, U is defined as the standard form of the doubleplayer game strategy, where A = {P(a 1 ), P(a 2 ), …, P(a N A )}: attack strategy. It is assumed that the attacker can choose an attack path. Each attack strategy is a combination of attacked nodes, which are interlinked: a i = (A i1 , B i2 , C i3 , D i4 ). Overall, there are 28 kinds of attack strategies. D = {P(d 1 ), P(d 2 ), …, P(d N D )}: attack strategy. It is assumed that defenders can separately choose one node at the process layer (A1-A7) and the bay layer (B1-B5) as the secure nodes, which are unable to be invaded. Each defence strategy is a combination of defended nodes: d j = (A j1 , B j2 ).Overall, there are 35 kinds of attack strategies.
The reward function of the players. The element u i j is the gain of the players under attack behaviour a i and defence behaviour d j . The calculation method of the attacker's reward function is as follows: The comprehensive risk of the attack path is used as the reward function. Since it is a zero-sum game, the sum of both players' return function values is 0. The attacker's reward function U a is set to be positive and the defender's reward function U d is negative and satisfies U d = −U a .
For a given reward matrix U, there is an attack strategy A * = (P * (a 1 ), P * (a 2 ), …, P * (a N A )), a defensive strategy D * = (P * (d 1 ), P * (d 2 ), …, P * (d N D )) and a constant V that satisfy the following conditions. For any j, there is For any i, there is Consequently, the strategy combination (A * , D * ) is the Nash equilibrium point for the game, and V is the expected gain, which represents the expected path risks within the combination of attack and defence behaviours. According to the above model, the results of optimal strategy and expected gain are shown in Fig. 7. Among 28 kinds of attack paths, only ten kinds will enter the attacker's options, where the path 4 (A3, B3, C3, D1) accounts for the highest selectivity of 17.06%. While there are 10 among 35 kinds of defence options for defenders, and the nodes A2 and B5 are the most possible protection nodes for a selection probability of 21.26%. Under the optimal attack-defence strategy, the expected comprehensive path risk V in the system is 0.0511.

Conclusion
This paper provides an overview of the researches on the FDIA. First, the security vulnerabilities in the measurement equipment and communication network are analysed, which are utilised to inject with the false data; therefore, the safety and economic index are weakened. A framework of FDIA considering the attack goals, construction methods and consequences is established. Second, according to pre-attack defence and ex-post defence, the method of defence based on protection and detection is analysed respectively. A multi-layer space-time cooperative defence framework is constructed. Finally, an FDIA case against the substation information network is simulated to integrate the attack principles with the game-based defence strategies.
The traditional FDIA research is to destroy the application function of SCADA and subsequent EMS system. Actually, with a wide interaction among source, network and load, information systems in the generation side, grid side and load side are all possible to be attacked by false data, thus affecting the monitoring, control, statistical analysis, economic dispatching and security decision of power systems. Therefore, the FDIA against all kinds of information systems in the CPPS requires further researches.