SPECIAL SECTION ON SECURITY ANALYTICS AND

INTELLIGENCE FOR CYBER PHYSICAL SYSTEMS

Received June 2, 2017, accepted June 18, 2017, date of publication July 18, 2017, date of current version August 8, 2017.
Digital Object Identifier 10.1109/ACCESS.2017.2728681

Achieving Efficient Detection Against False

Data Injection Attacks in Smart Grid
RUZHI XU1 , RUI WANG1 , ZHITAO GUAN1 , (Member, IEEE), LONGFEI WU2 ,
JUN WU3 , (Member, IEEE), AND XIAOJIANG DU2 , (Senior Member, IEEE)
1 School of Control and Computer Engineering, North China Electric Power University, Beijing 102206, China
2 Department of Computer and Information Sciences, Temple University, Philadelphia, PA 19122, USA
3 College of Information Security Engineering, Shanghai Jiao Tong University, Shanghai 200240, China
Corresponding author: Zhitao Guan (guan@ncepu.edu.cn)
This work was supported in part by the Natural Science Foundation of China under Grant 61402171 and Grant 61471328, in part by the
Fundamental Research Funds for the Central Universities under Grant 2016MS29, and in part by the U.S. National Science Foundation
under Grant CNS-1564128.

ABSTRACT Internet of Things (IoT) technologies have been broadly applied in smart grid for monitoring
physical or environmental conditions. Especially, state estimation is an important IoT-based application
in smart grid, which is used in system monitoring to get the best estimate of the power grid state
through an analysis of the meter measurements and power system topologies. However, false data injection
attack (FDIA) is a severe threat to state estimation, which is known for the difficulty of detection. In this
paper, we propose an efficient detection scheme against FDIA. First, two parameters that reflect the physical
property of smart grid are investigated. One parameter is the control signal from the controller to the
static Var compensator (CSSVC). A large CSSVC indicates there exists the intense voltage fluctuation.
The other parameter is the quantitative node voltage stability index (NVSI). A larger NVSI indicates a
higher vulnerability level. Second, according to the values of the CSSVC and NVSI, an optimized clustering
algorithm is proposed to distribute the potential vulnerable nodes into several classes. Finally, based on these
classes, a detection method is proposed for the real-time detection of the FDIA. The simulation results show
that the proposed scheme can detect the FDIA effectively.

INDEX TERMS Smart grid, state estimation, false data injection attack, control signal, node voltage stability
index.

I. INTRODUCTION from information system to smart grid [4]–[7]. For instance,

As the next generation power supply system, the smart grid
can achieve reliable and effective transmission of electric-
ity from power generators to factories or household electric
appliances with the support of the recent communication
and information technologies [1]–[3]. Taking advantage of
the Internet of Things (IoT) technology, different compo-
nents in smart grid can collaborate and exchange information,
so the control center can monitor the physical conditions of
the power grid and make the proper decisions. As shown
in Fig. 1, the monitoring data in smart grid is collected
by field devices, like sensors, meters and remote terminal
units (RTUs). Electrical power grid is integrated together with
communication and information networks; besides power
flow, information flow is also transmitted on most of the
network links.
However, there are cons and pros in applying information
technology to smart grid. Cyber security threats also extend
false data injection attack (FDIA) is one dangerous security
threat in wireless sensor networks. In FDIA, the attackers
inject malicious packets into the targeted network to dis-
rupt network services, by either compromising the sensor
nodes or hijacking the communication channel. Liu et al
firstly demonstrated that FDIA can also become a serious
threat in smart grid; they presented two FDIA attack scenarios
in which they can successfully inject malicious data to the
state estimation in smart grid [8], [9].
Power system monitoring is crucial to guarantee the secure
and steady operation of power grid. As shown in Fig. 1,
first, the monitoring data is collected and transferred to the
supervisory control and data acquisition (SCADA) system.
It usually includes the active and reactive power flows of
branches, the active and reactive power injections of buses,
and the bus voltages in every subsystem of the smart grid.
Second, the optimal power grid state estimation is performed

2169-3536
2017 IEEE. Translations and content mining are permitted for academic research only.
VOLUME 5, 2017 Personal use is also permitted, but republication/redistribution requires IEEE permission. 13787
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

FIGURE 1. False Data Injection Attack (FDIA) in smart grid.
through analyzing the monitoring data and the power sys-
tem topologies. The outputs of state estimation are some
immeasurable state variables like the voltage amplitude val-
ues and voltage phase angles, which can be used as the
input of many EMS (Energy Management System) appli-
cations, i.e., the power dispatch, accident analysis, power
flow analysis. Therefore, state estimation is an important
application to assist the smart grid to operate safely and
reliably.
In Fig. 1, the illustration of FDIA in smart grid is shown.
The attackers may inject the falsified monitoring data by three
means: compromising the smart meters, sensors or RTUs;
hijacking the communication between sensor networks and
the SCADA system; or intruding the SCADA system. As the
result, incorrect estimate of the smart grid state will be derived
due to the false ‘‘measurements’’. This will further mislead
the control center to make wrong decisions and operations,
such as bad real-time electricity pricing and even large-area
power failure accidents [9], [10].
To tackle with such threats, great attentions have been
paid to the identification, filtering, and detection of
FDIA [8]–[11]. However, existing FDIA detection methods
seldom take the correlation between FDIA and the power sys-
tem physical parameters into consideration. In fact, the values
of physical parameters are closely related to the status of the
power system. For instance, under certain initial operating
condition, the voltage stability reflects the ability of the power
system to return the stable state after suffered from a physical
interference [12].
13788
R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid
In this paper, based on analyzing the impact of FDIA on
the voltage stability, we present an efficient detection method
against FDIA. And the main contributions of our work can be
summarized as following:
G We describe the FDIA problem with a unified logic for
state estimation, and give the formal model of FDIA,
which can deal with complex environment of smart grid
with high dynamics.
G We investigate the relationship between two physical
parameters and FDIA. The first parameter is the Control
Signal from the Controller to the Static Var Compen-
sator (CSSVC), which can be used to analyze the node
voltage fluctuation to get the impact of FDIA on voltage
deviation. The second parameter is the Node Voltage
Stability Index (NVSI), we also studied the relationship
between FDIA and the node voltage stability, which can
be used to quantitatively depict the impact of FDIA on
the system measurements.
G An optimized clustering algorithm is proposed, which
takes the topology of the power system, and the values
of CSSVC and NVSI as the input, and distributes the
potential vulnerable nodes into different classes.
G Based on the above, we propose a state forecasting
method to make state prediction and detect FDIA. And
we perform the simulation in the IEEE 39-bus and IEEE
118-bus systems to verify the efficiency and perfor-
mance of the proposed scheme.
The rest of this paper is organized as follows.
Section II introduces the related works. In Section III,
VOLUME 5, 2017
R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid
TABLE 1. The compared result of each detection method.
the preliminaries are given. The node vulnerability level iden-
tification method is stated in Section IV. In Section V, based
on the results of Section IV, the FDIA detecting method
is stated. In Section VI, the performance of the proposed
scheme is evaluated. The paper is concluded in Section VII.
II. RELATED WORK
FDIA, as a typical data integrity attack, is one of the most
threatening cyber-attacks in smart grid. It is first presented
in [8]. To mitigate this serious vulnerability, many algo-
rithms have been proposed to detect FDIA [13], such as
the geometrically designed residual filter and generalized
likelihood ratio test [5]. The cumulative sum (CUSUM) test-
based detection mechanism introduced in [14] and [15] is also
designed to counter FDIA. Other works [16], [17] use the
machine learning method to deal with the stealthy false data.
In [18], the relationship between the physical characteristics
of the power system and FDIA is analyzed, and the vulnerable
nodes can be identified. Moreover, how to deploy Precision
Measurement Units (PMUs) economically and effectively to
assist the state estimator and improve FDIA detection has
become a valuable question [19], [20]. In [21], a detection
method based on PMU is proposed; the authors assume that
the measurements in part of the system are guaranteed to
be reliable due to the physically protected hardware, for
example, the attackers couldn’t tamper the protected meters;
otherwise it will be detected as an attack and enforce a
restraint to the attackers’ behavior. With the increasingly
interconnected power systems in smart grid, distributed state
estimation (DSE) has become an important alternative to the
centralized and hierarchical solutions [22], [23]. In [24], two
new methods of distributed state estimation are proposed, one
method uses the incremental mode of cooperation, and the
other is based on diffusive interaction pattern. The work [25]
VOLUME 5, 2017
apply distributed state estimation (DSE) into fully distributed
power systems for the detection of FDIA. Cramer et al. [26]
propose a bad data detection method based on an extended
distributed state estimation (EDSE). In EDSE, each power
system is divided into several subsystems by using graph
partition algorithms. Buses are divided into three categories in
each subsystem: internal bus, boundary bus and adjacent bus.
Simulation results indicate that the EDSE-based method has
higher overall detection accuracy than the traditional method.
However, the EDSE-based method has lower computation
complexity.
Many feasible false data injection attack detection methods
have been proposed in existing literatures. In this paper,
we analyzed and compared the advantages and disadvantages
of these methods. The results are summarized in Table 1.
Most of the existing detection methods have their respec-
tive advantages and disadvantages, and each detection
method is generally adapted to one specific scenario. Besides,
various methods have been proposed to address the problems
of false data injection attacks in Smart Grid. It is one novel
approach to utilize the physical parameters of the power
system to detect FDIA [18].
In this paper, inspired by the work [18], we also
study the relationship between the physical parameters of
the power system and FDIA. Only one physical param-
eter is taken into consideration in [18], while multiple
physical parameters are analyzed together in our work.
In [18], all nodes are identified the level of vulnerability,
which can needs much computational cost. While, in our
work, only some of key nodes, the reactive compensation
leading nodes, will be considered for vulnerability level
identification, which can reduce the computational cost
significantly and is more suitable for large scale power
system. In addition, we propose an efficient FDIA detection
13789

method based on the results of vulnerable nodes
identification.
III. PRELIMINARIES
In this section, all important notations are listed. The state
estimation in power system is introduced. Next, the control
of voltage stability and the node voltage stability index are
briefly discussed.
A. NOTATIONS
The important notations used in this paper are listed in Table
2.
TABLE 2. Description for Notations.
B. PROBLEM FORMULATION
1) STATE ESTIMATION
State estimation is of vital significance in connecting mea-
surements collected via the communication network and con-
trolling the physical operations in a smart grid. Using the
redundancy of real-time measurement system to improve the
data accuracy, the state estimation automatically eliminates
the error information caused by random interferences, esti-
mate or predict system operating state. The main task of the
state estimators is conducted in a control center with the
following three main functions:
13790
R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid
1) Improving the accuracy of data measurements. The
noise and disturbance in data acquisition and trans-
mission may cause data error. Using state estimation,
the best estimate of the system status can be got.
2) Detecting and identifying the bad data. Then, delete or
correct bad data, and improve the reliability of the data
measurements.
3) Forecasting the future trend and possible state of the
system. The forecast data enriches the contents of the
database, and provides the necessary conditions for the
safety analysis and operation planning.
The procedure of state estimation is shown in Fig. 2.
FIGURE 2. The flowchart of state estimation.
The states in smart grid usually include the voltage magni-
tude and the bus phase angles. In this paper, the state vector
is denoted by v. If a system contains n buses, the state vector
will be written as:
v = [v1 , v2 , . . . , vn ]T (vi ∈ R) (1)
Where vi indicates the state variable at the i-th bus, usually
includes the voltage angle or voltage amplitude.
Take measurement vector z into account. For a system
contains n buses, the measurement vector is denoted as
z ∈ Rm×1 , m>2n-1.Then, z should be:
z = [z1 , z2 , . . . , zm ]T (zi ∈ R) (2)
For nonideal sensors, there exsit some errors between mea-
surement function values and actual measurement values.
Take measurement errors into account, state estimation in
actual electric power system can be described as:
h1 (v1 , v2 , . . . , vn )
     
z1 e1
 z2  ..  h2 (v1 , v2 , . . . , vn )   e2 
z =  . =   +  . . .  = h(v) + e
... ...
     
zm hm (v1 , v2 , . . . , vn ) em
VOLUME 5, 2017
R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid

where, 2) FDIA

h1 (v1 , v2 , . . . , vn )
 
e1

v1
  Bad data is generated due to the random errors of measure-
 h2 (v1 , v2 , . . . , vn )   e2   v2  ments, while false data is deliberately constructed by the
h(v) =  , e =  , v =   malicious attackers. Traditional bad data detection method in
     
 ...  ... ... state estimation work efficiently for detecting bad data, but it
hm (v1 , v2 , . . . , vn ) em vn is ineffective for detecting FDIA.
(3) Under FDIA, the falsified data b is maliciously injected
into the power flow measurement vector as:
Here, v is the state vector, e is the Gaussian
P error noise
with a zero mean and a covariance matrix e and h(v) is z = Hv + b + e (8)
the theoretical calculation of measurement z. We all know The observed measuring zf is represented as
that h(v) is used to describe Alternating Current (AC) power
system. So it is a set of nonlinear functions of the state zf = [zf1 , zf2 , . . . , zfm ]T (9)
variables. However, if the load flow equations submitted to
And the injected false data vector is
Direct Current (DC) approximations, h(v) would be a set of
linear functions. Hence, the DC power model for the real b = [b1 , b2 , . . . , bm ]T (10)
power measurements can be represented in a compact vector-
matrix form as: Then, zf will be equaled with

z = Hv + e (4) zf = z + b (11)
When there exist false data injected by some attackers, b

where, H = ∂h(v)∂v v=v0 is an invariable Jacobi matrix.

will be a nonzero vector.
State estimation aims to find an estimated value of v, The estimation state variable v0 will be changed into v0F due
denoted by v0 . v0 is the optimal solution for the equa- to the injected false data and there is v0F = v0 +c, where c is an
tion z = Hv + e. The Weighted Least Squares Algo- n-dimensional and nonzero vector. Assuming that the injected
rithm is often used to solve such problems. The form of data vector zf equals to Hc, b will be ignored by the traditional
state estimation is transformed into a quadratic optimization detection method as mentioned above. This is because
problem:
zf − Hv0 = z + b − H (v0 + c) = z − Hv0 (12)

X F
J (v) = [z − Hv]T e−1 [z − Hv] (5)
Thus FDIA is able to escape from traditional detections.
And the estimated linearized state vector v’ is given by
X X C. CSSVC
v0 = (H T e−1 H )−1 H T e−1 z (6)
CSSVC is the control signal from the controller to the Static
Let Q = (H T
P −1 −1 T P −1
e H) H e , and then the mea- Var Compensator (SVC), which is used to support reactive
surement residuals ψ can be expressed as: power compensation and voltage control of the corresponding
nodes. SVC is with a complicated higher-order nonlinear
ψ = z − Hv0 = (I − Q)(Hv + e) = (I − Q)e (7) model, and it is usually controlled by the Proportion Integral
Differential (PID) controller. So CSSVC can be calculated by
The Weighted Least Squares estimation method takes the
PID algorithm, which is shown as follows,
minimum square residual as the objective function f . Most of Z
the existing detection methods are based on the Chi-square d1Ui
CSSVC(Ni ) = Kp 1Ui + Ki 1Ui dt + Kd (13)
test or the Residual test. Taking Chi-square test as an example, dt
the identification basis of this method is shown in Table 3, When the power system works in normal status, the voltage
where v0 is a vector of estimation state variable and τ is of each node will only float in a small range (±5%) around the
a threshold [8]. The definition of the constant τ is a key rated value. In (13), 1Ui is the deviation between the voltage
issue. Assuming that all the variables are mutual independent magnitude of node i and its rated value. The first part contains
and that
the 0measuring
2 errors follow the normal distribu- the current status information in the voltage control process;
tion, z − Hv will follow Chi-squared distribution, whose

the second integral part contains the past status information;
degree of freedom is m-n. and the differential part contains the future status information.
To sum up, CSSVC reflects the fluctuation of voltage in the
TABLE 3. Criterion of bad data detection. power system.
When the power grid is under FDIA, the voltage of relevant
nodes will fluctuate for a period of time, so there will exist
deviation between the voltage magnitude of these nodes and
their rated value. The controller will be triggered by the volt-
age deviation to send abnormal high CSSVC to the control

VOLUME 5, 2017 13791

 R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid

center, and the system administrator can analyze the abnormal
data to locate the fault point.
With the increasing complexity of the higher voltage level
and network structure, voltage stability control is becom-
ing more difficult. In this work, the method for partitioning
the power system at the voltage stability critical point is
adopted [31], which is proved effective to solve the volt-
age control problem of complex power grid. In each parti-
tion, the appropriate reactive compensation node is selected
according to the sensitivity analysis. SVC is installed in these
reactive power compensation leading nodes, and more details
is stated in Section IV-C.
help the administrator to locate the injected points. The details
are as follows.
A. THE INFLUENCE OF FDIA ON CSSVC
For the real-time control system, CSSVC can be transmitted
to the control center through the communication network.
However, if an attacker has launched FDIA, the state variables
such as voltage of reactive compensation nodes might be
changed. We analysis the voltage control system as a close
loop system and take the tampered state variable as the feed-
back, as shown in Fig. 3.

D. NVSI
Voltage stability is an important concern for power systems.
NVSI is one of the key factor regarding voltage stability,
which can reveal the real-time status of voltage stability
and help to prevent the occurrence of voltage collapse acci-
dents [32]. It has been found that the main advantages of using
NVSI are its accuracy in modeling and calculating, and ease
of measurement in real time or on-line applications. The val-
ues of NVSI alert us the existence of vulnerable nodes. These
FIGURE 3. Structural block diagram of PID voltage regulator.
vulnerable nodes may cause the system instability. When
the system load parameter is close to collapse critical value,
After being attacked, the true value of the node voltage Ui
NVSI values may also take effect. Administrators can use
measured by the system is replaced by false data Ui0 , which
NVSI values on-line to monitor the system stability and even
leads to a deviation 1Ui between the voltage magnitude of
make the prediction. Based on NVSI values, administrators
node i and its rated value Urated . The deviation 1Ui triggers
can take proper action to prevent voltage collapse. So, in this
PID controller, and PID controller produces the CSSVC. SVC
paper, we identify the vulnerable nodes by means of the
accepts a false command and changes the true node voltage.
CSSVC and NVSI at first, and then perform the detection for
We take IEEE 39-bus system as an example for sim-
FDIA at each node according to the vulnerability level.
ulation. Due to space limitation, we display voltage fluc-
In our scheme, we use the method presented in [32] for
tuations for only one of the reactive power compensation
calculating the NVSI of each reactive power compensation
nodes under FDIA. From Fig. 4 we can see that after FDIA,
leading node in the power system, as follows,
the true value of the node voltage varies with the false value.
NVSI (Ni ) = 4Uj−4 (RQi − XPi )2 − 4Uj−2 (XQi + RPj ) (14) We compare the values of CSSVC before and after attack
in Table 4. In general, the more intensive the voltage fluc-
The NVSI only needs measurements information about tuation is, the larger the CSSVC is. The weaker the voltage
nodes, which can be easily obtained from the synchronized fluctuation is, the smaller the CSSVC is.
PMUs or the existing state estimator of EMS at control
TABLE 4. The values of CSSVC before/after attack.
centers. It can be calculated in a very short time so that it
can be applied in real-time or on-line environment.
In (14), NVSI (Ni ) is the voltage stability index at the node
i, Uj is the voltage magnitude of node j. Pi , Qi are the sum-
mation of the real power and reactive power. Besides, R is
the resistance of branch. X is the reactance of branch. We can
obtain R and X from the power network electric topological
database. By doing a successful power flow solution, all
parameters of (14) can be obtained, and the NVSI of each
reactive power compensation leading node can be calculated
in short order.
B. THE INFLUENCE OF FDIA ON NVSI
IV. NODE VULNERABILITY LEVEL IDENTIFICATION The system operation data can be obtained in real-
In this section, we use the CSSVC and NVSI to analyze time or extended real-time operation easily. For instance,
the impact of FDIA. We use an optimization algorithm to the operation data can be obtained from synchronized
distinguish which nodes are tend to be attacked, which can PMUs or the existing state estimator of EMS at control center.

13792 VOLUME 5, 2017

R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid

The k-means clustering is popular in datamining field.

It is a vector quantization method developed from signal
processing. However, its defiect is that it randomly selects
K points as the initial cluster centroids at the beginning, and
it is easily trapped in the local optimum. We adopt a valid
method to get better clustering results. The improved k-means
clustering based on the particle swarm optimization (PSO) is
efficient to obtain the quality cluster centroids initially. The
steps of the method are as follows:
Step 1). Algorithm initialization
K nodes are selected randomly as the initial center
of clustering. The encoding of particle i is expressed
FIGURE 4. Voltage fluctuation after attack. as follows:
par(i) = {loc[], vel[], fit} (15)
However, if some or all of the measurements are accessible
for an attacker, these measurements will be modified and The position encoding of the particle i is expressed
injected by false data. Once the measurements are tampered, as follows:
the real and reactive power measurements Pi , Qi and Uj par(i).loc[] = [X θ1 , X θ2 , · · · , X θK ] (16)
will be changed, and the value of NVSI will change corre-
spondingly. In general, the smaller the NVSI is, the better Where X θj represents the θj th cluster centroid cal-
the system node voltage stability is; the greater the NVSI is, culated by particle par(i).
the worse the system node voltage stability is. In the worst The velocity encoding of the particle is expressed
condition, the node voltage will collapse when it approaches as follows:
the system voltage collapse critical point. So, the system
par(i).vel[] = [V1 , V2 , . . . , VK ] (17)
administrator should be vigilant to the vulnerable nodes and
keep the system from FDIA attacks or the verge of instability. The location of a particle corresponds to the set of
We try to imitate the attackers who inject the false data and K cluster centers.
tamper the measurements. In the simulations, we assume that Step 2). Fitness calculation
the state variable Pi , Qi and Uj are gradually and proportion- According to the clustering algorithm criteria,
ally increased to stress the system with a constant factor §, the definition of the fitness of par(i) in swarm is
which can be seen as the attack intensity. For each state as equation below:
variable in the power system, we use § times its real estimate
K P 2
as the injected error. § is set to 1, 1.5, 2, 2.5, 3 respectively, and P
(Xi − X (θj ) )
the results of IEEE 14-bus system and IEEE30-bus system are j=1 Xi ∈θj
shown in Fig. 5 and Fig. 6. Here, §=1 indicates that there is par(i).fit = (18)
Mp
no attack. From the two figures, we can see that the value
of NVSI increases as the attack intensity § increases, which Where Mp is the input size of clustering
reflects that the node becomes unstable. algorithm.
Step 3). If the iteration number reaches the maximum
limitation, then turn to Step 8, if not, turn to
C. THE METHODS OF IDENTIFYING THE NODE
Step 4.
VULNERABILITY LEVEL
Step 4). Store the best centroids
According to the CSSVC and NVSI values of all reactive If par(i) gets a smaller fitness, store the particle
power compensation nodes, we can identify the vulnerable as the individual optimal solution pid . The position
nodes in the power system preliminarily. Therefore, the vul- of particle with the minimum fitness among all the
nerable nodes can easily trigger an emergent remedial action particles is stored as pgd .
scheme to remind the administrator to detect the FDIA and Step 5). Swarm regeneration
take appropriate measures to protect the system. It is worth The position updating algorithm is as follows:
thinking how to identify these vulnerable nodes in the power
system. Next, we will analyze our methods. par(i).vel[] = ς ∗ par(i)vel[]
According to the similarity between different data sources,
clustering algorithms can classify the data sources into dif- − c1 ∗ r1 (pid (i).loc[] − par(i).loc)
ferent clusters. If clustering the vulnerable nodes with larger + c2 ∗ r2 (pgd .loc[] − par(i).loc[])
value of NVSI and higher CSSVC into the same cluster, it will
(19)
not be hard to distinguish these vulnerable nodes, which can
help the administrator to identify the injected data roughly. par(i).loc[] = par(i).loc[] + par(i).vel[] (20)

VOLUME 5, 2017 13793

 R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid

FIGURE 5. The value of NVSI under different attack intensity of IEEE 14-bus system.

FIGURE 6. The value of NVSI under different attack intensity of IEEE 30-bus system.

Where ς is the inertia weight of velocity updating. Step 6). Inertia weight regeneration
The initial value of ς is 1. According to the following equation to renew the
If par(i) falls beyond the range of possible solu- inertia weight ς :
0 , X 0 ], then the location of par(i) is
tions [Xmin ςmax − ςmin
ς = ςmax − iter
max
0 or X 0 ; similarly if a new generated (21)
set to Xmin max itermax
velocity of par(i) is beyond the velocity range
Where iter is the present iteration number, and
0 , V 0 ], the new generated velocity will be set
[Vmin max itermax is the maximum limitation of iteration num-
0 or V 0 .
to Vmin max
ber, ςmax = 1,. ςmin = 0

13794 VOLUME 5, 2017

R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid
Step 7). If the global best of the swarm, pgd , keep stable for
a number of iterations, turn to Step 8; if not, turn to
Step 3.
Step 8). Use the traditional k-means algorithm to complete
the clustering program.
We summarize the total steps of the vulnerable node iden-
tification procedure as follows:
1) READ THE SYSTEM DATA AND CALCULATE THE NVSI OF
EACH REACTIVE POWER COMPENSATION LEADING NODE
Usually, the system administrator can easily obtain the power
data from synchronized PMUs or the existing state estimator
of EMS at the control center. So it is convenient to calculate
the NVSI quickly. The CSSVC is transmitted to the control
center in real time. In our work, we use the test data obtaining
from the power simulation package, MATPOWER [33]. And
we calculate the NVSI of two IEEE standard test systems,
IEEE 39-bus and IEEE 118-bus.
2) OBTAIN THE HIGH-QUALITY CLUSTERING CENTROIDS
FROM IMPROVED ALGORITHM, AND CLUSTER THE
SYSTEM NODES INTO DIFFERENT CLASSES
In this procedure, we set K = 3, which means that we will
cluster all nodes into three different classes. Most impor-
tantly, if we want to get better cluster results, we need three
better centroids firstly and each centroid obtained from the
PSO algorithm. Then, the high-quality centroids will be used
as the real initial cluster centroids to perform the standard
k-means algorithm again and cluster the reactive compensa-
tion nodes into three classes according to their CSSVC and
NVSI, each of the classes represents one different vulnera-
bility level.
3) IDENTIFY THE NODES VULNERABILITY LEVEL
OF DIFFERENT CLASSES
In order to identify the vulnerable nodes, we use each of the
classes to represent one vulnerability level. For example, the
Level.1 indicates the most vulnerable level with higher value
of CSSVC and higher value of NVSI, the Level.2 indicates
vulnerable level and the Level.3 indicates the stable level,
respectively. Therefore, we can easily identify the vulnerable
nodes according to the different nodes vulnerability levels.
We conduct experiments using the measurements at the
moment t in the IEEE 39-bus and IEEE 118-bus. Firstly,
we try to inject the false data into the measurements of some
nodes and then calculate the NVSI of each reactive power
compensation leading node quickly. Secondly, we get PID
output of these nodes at moment t. Then, it is easy to cluster
all reactive power compensation leading nodes into three
classes and determine the vulnerability level of these nodes
by the improved algorithm proposed above. The simulation
results of the two standard systems are shown in Fig. 7 and
Fig. 8. In order to make it easier to observe, we use different
colors to distinguish the node vulnerability levels. Specif-
ically, the red color represents the most vulnerable level,
VOLUME 5, 2017
FIGURE 7. The node vulnerability level of IEEE 39-bus system.
namely Level.1. Similarly, blue represents Level.2 and green
represents Level.3.
After the vulnerable nodes are found, the administrator
can treat them as the suspicious false data injection attacks
targets. Then, they should take a precise detection measures
immediately.
V. DETECTING FDIA
In Section IV, the most vulnerable nodes are recognized. It is
expected to decrease the cost of detecting FDIA greatly since
the recognized vulnerable nodes that are the most suspicious
targets of FDIA will be checked preferentially.
Next, we propose a FDIA detection method named
State Forecasting Detection (SFD), in which two steps are
included.
Step 1 (Measurement Forecasting): It needs to get the real
measurement and the forecasted measurement of a specific
moment. The forecasted measurement is got based on the
short-term forecasting technology. The short-term forecast-
ing technologies have been used in many fields [35], [36].
Based on the historical measurements, the next measurement
can be forecasted. The short-term prediction methods include
statistical regression method, time series method, neural net-
work method, etc. In our scheme, the auto-regressive model
is adopted for FDIA detection. Consider two consecutive
moments t − 1 and t, using the measurement zt−1 of t − 1
moment, we can estimate the measurement − →zt of t moment.
We can also get the measurement zt of t moment.
The details of step 1 is as follows.
v0t = Gt−1 vt−1 + Qt−1 (22)
where Gt−1 is the state transition matrix, vt−1 is the esti-
mated state value and Qt−1 is the nonzero diagonal matrix at
t − 1 moment. Considering two sampling time t − 1 and t,
we calculate the forecasting measurements of time t as:
−
→
zt = Hv0t (23)
13795
 R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid

FIGURE 8. The node vulnerability level of IEEE 118-bus system.

At time t, we obtain the measurement vector zt , and detect the SFD with two traditional methods for detecting FDIA
the FDIA by verifying the consistence of the measurements on vulnerable nodes, Largest Normalized Residue (LNR)
and the forecasting measurements. The premise of the pre- method and the Object Detection J (v) method. For J (v) is
diction is the assuming that the system measurements at t − 1 the most widely used method for FDIA detection; and the
moment are not under any attack. That is, the state variable proposed SFD method is proposed based on LNR method.
vt−1 is not under attack.
Step 2 (Detecting FDIA): Using − →
zt and zt as the input,
(zt − − →

zt ) ≤ τ, H0 is true
H0 assumption : √


R + H 6H T
∞
(zt − − →

 zt ) > τ, H0 is false

H1 assumption :

√
R + H 6H T ∞

(24)

where H0 is the null hypothesis and H1 is the alterna-

tive hypothesis. R is diagonal covariance matrix of the
measurement. τ is the detection threshold. If H0 is true,
no attack is being found; on the contrary, if H0 is false,
there exists FDIA. The proposed detection method is verified
effective and accurate in IEEE 39-bus and IEEE 118-bus
power system.

VI. PERFORMANCE EVALUATION
The simulation environment is set up using
MATPOWER [33], and the test data is obtained from it.
We construct the false data vectors using the similar way
as [14]. After vulnerable nodes are recognized, we compare
FIGURE 9. The detecting results in IEEE 39-bus system.
In Fig. 9 and Fig. 10, the detecting results in IEEE 39-bus
system and IEEE 118-bus system are shown. It can be
seen that the detection rate increase with the false alarm

13796 VOLUME 5, 2017

R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid
FIGURE 10. The detecting results in IEEE 118-bus system.
probability gradually. From Fig. 9, it can be seen in IEEE
39-bus system, when the percentage of the attacked measure-
ments is low, the three methods are not effective for detection.
No matter how large the percentage is, the three methods
cannot detect all the attacks. That is because the system is
not large enough so that the changes of FDIA on the system
is not very obvious. Among the three methods, the pro-
posed SFD has a higher detection rate at the same attack
percentage. From Fig. 10, it can be seen in IEEE 118-bus
system, when the percentage of attacked measurements is
low, all the three methods can detect a small part of attacks.
With the increase of the attack percentage, the detection rates
of the three methods increase. When all the measurements
in the system are under attack, the detection rate of SFD
can reach 90%. From Fig. 9 and Fig. 10, we find that SFD
have higher accuracy and higher detection rate. On the other
hand, we compare two different systems and find that there
is a higher detection rate and accuracy in larger systems. In a
word, the effectiveness of SFD is verified by the simulation.
VII. CONCLUSION
To deal with the problem of FDIA in smart grid, which may
lead to wrong decision makings in power dispatch or elec-
tric power market operations, we propose an efficient FDIA
detection scheme based on power system physical parame-
ters. Firstly, we analyze the power system and investigate the
CSSVC and NVSI to identify the vulnerability level of nodes
in the power system. As the result, we define three levels
to cluster the nodes into three swarms. In the progress of
clustering, we use an improved cluster algorithm for nodes
clustering. This step helps us to find the suspicious false
data injection nodes easily. Then we use the state forecasting
method to obtain the states of power system. In addition,
the results based on state forecasting detection methods are
used to find the sensitive measurement vectors. In the simula-
tion, we built different types of attack vectors, which gives us
sufficient experimental results. Finally, the simulation results
VOLUME 5, 2017
demonstrate that the proposed mechanism can effectively
detect FDIA in smart grid. In future work, we will verify the
proposed scheme in larger system, such as IEEE 300-bus and
IEEE 1354-bus system.
REFERENCES
[1] X. Fang, S. Misra, G. Xue, and D. Yang, ‘‘Smart grid—The new and
improved power grid: A survey,’’ IEEE Commun. Surveys Tuts., vol. 14,
no. 4, pp. 944–980, 4th Quart., 2012.
[2] N. Kayastha, D. Niyato, E. Hossain, and Z. Han, ‘‘Smart grid sensor
data collection, communication, and networking: A tutorial,’’ Wireless
Commun. Mobile Comput., vol. 14, no. 11, pp. 1055–1087, Aug. 2014.
[3] X. Hei and X. Du, ‘‘Biometric-based two-level secure access control for
Implantable Medical Devices during emergencies,’’ in Proc. IEEE INFO-
COM, Apr. 2011, pp. 346–350.
[4] T. Liu et al., ‘‘Abnormal traffic-indexed state estimation: A cyber-
physical fusion approach for Smart Grid attack detection,’’ Future Generat.
Comput. Syst., vol. 49, no. 48, pp. 94–103, Aug. 2015.
[5] F. Pasqualetti, F. Dorfler, and F. Bullo, ‘‘Cyber-physical attacks in power
networks: Models, fundamental limitations and monitor design,’’ in Proc.
Decision Control Eur. Control Conf., 2011, pp. 2195–2201.
[6] S. Liang and X. Du, ‘‘Permission-combination-based scheme for Android
mobile malware detection,’’ in Proc. IEEE ICC, Jun. 2014, pp. 2301–2306.
[7] X. Hei, X. Du, S. Lin, I. Lee, and O. Sokolsky, ‘‘Patient infusion pattern
based access control schemes for wireless insulin pump system,’’ IEEE
Trans. Parallel Distrib. Syst., vol. 26, no. 11, pp. 3108–3121, Nov. 2015.
[8] Y. Liu, P. Ning, and M. K. Reiter, ‘‘False data injection attacks against state
estimation in electric power grids,’’ ACM Trans. Inf. Syst. Security, vol. 14,
no. 1, pp. 1–33, May 2011.
[9] Z. Guan, P. An, and T. Yang, ‘‘Matrix partition-based detection scheme for
false data injection in smart grid,’’ Int. J. Wireless Mobile Comput., vol. 9,
no. 3, pp. 250–256, Jan. 2015.
[10] Z. Guan, N. Sun, Y. Xu, and T. Yang, ‘‘A comprehensive survey of false
data injection in smart grid,’’ Int. J. Wireless Mobile Comput., vol. 8, no. 1,
pp. 27–33, 2015.
[11] E. N. Asada, A. V. Garcia, and R. Romero, ‘‘Identifying multiple interact-
ing bad data in power system state estimation,’’ in Proc. IEEE Power Eng.
Soc. General Meeting, Jun. 2015, pp. 571–577.
[12] T. Zabaiou, L. A. Dessaint, and I. Kamwa, ‘‘Preventive control approach
for voltage stability improvement using voltage stability constrained
optimal power flow based on static line voltage stability indices,’’ IET
Generat., Transm. Distrib., vol. 8, no. 5, pp. 924–934, May 2014.
[13] S. Cui, Z. Han, S. Kar, T. T. Kim, H. Poor, and A. Tajer, ‘‘Coordinated
data-injection attack and detection in the smart grid: A detailed look at
enriching detection solutions,’’ IEEE Signal Process. Mag., vol. 29, no. 5,
pp. 106–115, Sep. 2012.
[14] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, ‘‘Malicious data attacks on the
smart grid,’’ IEEE Trans. Smart Grid, vol. 2, no. 4, pp. 645–658, Oct. 2011.
[15] S. Li, Y. Yilmaz, and X. Wang, ‘‘Quickest detection of false data injection
attack in wide-area smart grids,’’ IEEE Trans. Smart Grid, vol. 6, no. 6,
pp. 2725–2735, Dec. 2014.
[16] L. Liu, M. Esmalifalak, Q. Ding, V. A. Emesih, and Z. Han, ‘‘Detecting
false data injection attacks on power grid by sparse optimization,’’ IEEE
Trans. Smart Grid, vol. 5, no. 2, pp. 612–621, Mar. 2014.
[17] Y. Xiao, H. H. Chen, X. Du, and M. Guizani, ‘‘Stream-based cipher
feedback mode in wireless error channel,’’ IEEE Trans. Wireless Commun.,
vol. 8, no. 2, pp. 662–666, Feb. 2009.
[18] A. Anwar, A. N. Mahmood, and Z. Tari, ‘‘Identification of vulnerable node
clusters against false data injection attack in an AMI based smart grid,’’ Inf.
Syst., vol. 53, pp. 201–212, Oct. 2015.
[19] R. Deng, G. Xiao, and R. Lu, ‘‘Defending against false data injection
attacks on power system state estimation,’’ IEEE Trans. Ind. Informat.,
vol. 13, no. 1, pp. 198–207, Aug. 2015.
[20] S. Bi and Y. J. Zhang, ‘‘Graphical methods for defense against false-data
injection attacks on power system state estimation,’’ IEEE Trans. Smart
Grid, vol. 5, no. 3, pp. 1216–1227, May 2014.
[21] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, and K. Poolla,
‘‘Smart grid data integrity attacks,’’ IEEE Trans. Smart Grid, vol. 4, no. 3,
pp. 1244–1253, Sep. 2013.
[22] T. T. Kim and H. V. Poor, ‘‘Strategic protection against data injec-
tion attacks on power grids,’’ IEEE Trans. Smart Grid, vol. 2, no. 2,
pp. 326–333, Jun. 2011.
13797

[23] V. Kekatos and G. B. Giannakis, ‘‘Distributed robust power system state
estimation,’’ IEEE Trans. Power Syst., vol. 28, no. 2, pp. 1617–1626,
Oct. 2012.
[24] M. Ozay, I. Esnaola, F. Vural, S. Kulkarni, and H. Poor, ‘‘Distributed
models for sparse attack construction and state vector estimation in the
smart grid,’’ in Proc. IEEE 3rd Int. Conf. Smart Grid Commun., Nov. 2012,
pp. 306–311.
[25] Y. Gu, T. Liu, D. Wang, and X. Guan, ‘‘Bad data detection method for
smart grids based on distributed state estimation,’’ in Proc. IEEE Int. Conf.
Commun. (ICC), Jun. 2013, pp. 4483–4487.
[26] M. Cramer, P. Goergens, and A. Schnettler, ‘‘Bad data detection and han-
dling in distribution grid state estimation using artificial neural networks,’’
in Proc. IEEE Eindhoven PowerTech, Jun. 2015, pp. 1–6.
[27] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, ‘‘Limiting false data attacks
on power system state estimation,’’ in Proc. Inf. Sci. Syst., 2010, pp. 1–6.
[28] D. Wang, X. Guan, T. Gu, C. Chen, and Z. Xu, ‘‘Extended distributed state
estimation: A detection method against tolerable false data injection attacks
in smart grids,’’ Energies, vol. 7, no. 3, pp. 1517–1538, Mar. 2014.
[29] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, ‘‘On malicious data attacks
on power system state estimation,’’ in Proc. Universities Power Eng.
Conf. (UPEC), 2010, pp. 1–6.
[30] K. Manandhar, X. Cao, F. Hu, and Y. Liu, ‘‘Detection of faults and attacks
including false data injection attack in smart grid using Kalman filter,’’
IEEE Trans. control Netw. Syst., vol. 1, no. 4, pp. 370–379, Sep. 2014.
[31] Y.-C. Huang, H.-T. Yang, and C.-L. Huang, ‘‘Solving the capacitor place-
ment problem in a radial distribution system using tabu search approach,’’
IEEE Trans. Power Syst., vol. 11, no. 4, pp. 1868–1873, Nov. 1996.
[32] G. B. Jasmon and L. H. C. C. Lee, ‘‘New contingency ranking tech-
nique incorporating a voltage stability criterion,’’ IEE Proc. C Generat.,
Transmiss. Distrib., vol. 140, no. 2, pp. 87–90, Mar. 1993.
[33] R. Zimmerman and C. Murillo. (Dec. 2016). MATPOWER—A
MATLAB Power System Simulation Package. [Online]. Available:
http://www.pserc.cornell.edu//matpower/
[34] R. C. Eberhart and Y. Shi, ‘‘Comparing inertia weights and constriction
factors in particle swarm optimization,’’ in Proc. Congr. Evol. Comput.,
2000, pp. 84–88.
[35] Z. Wang and Z. Huang, ‘‘An analysis and discussion on short-term traffic
flow forecasting,’’ Syst. Eng., vol. 21, no. 6, pp. 97–100, Jun. 2003.
[36] A. Ding, X. Zhao, and L. Jiao, ‘‘Traffic flow time series prediction based
on statistics learning theory,’’ in Proc. Intell. Transp. Syst., Sep. 2002,
pp. 727–730.
RUZHI XU received the B.Eng. degree in electric engineering from the
Huazhong University of Science and Technology, China, in 1986, and the
Ph.D. degree in computer application from North China Electric Power
University (NCEPU), China, in 2011. She is currently an Associate Professor
with the School of Control and Computer Engineering, NCEPU. Her current
research focuses on smart grid security.
RUI WANG received the B.Eng. degree from North China Electric Power
University in 2016, where she is currently pursuing the master’s degree
with the School of Control and Computer Engineering. Her current research
focuses on smart grid security.
13798
R. Xu et al.: Achieving Efficient Detection Against FDIA in Smart Grid
ZHITAO GUAN (M’13) received the B.Eng. and Ph.D. degrees in computer
application from the Beijing Institute of Technology, China, in 2002 and
2008, respectively. He is currently an Associate Professor with the School of
Control and Computer Engineering, North China Electric Power University.
He has authored over 30 peer-reviewed journal and conference papers in
these areas. His current research focuses on smart grid security, wireless
security, and cloud security.
LONGFEI WU received the bachelor’s degree in telecommunication engi-
neering from the Beijing University of Posts and Telecommunications,
Beijing, China, in 2012. He is currently pursuing the Ph.D. degree with
the Department of Computer and Information Sciences, Temple University,
Philadelphia, PA, advised by Dr. X. Du. His research focuses on the security
and privacy issues of modern computing systems and devices, including
mobile devices, medical devices, Internet of Things, wireless network and
security, big data security, and mobile computing.
JUN WU (M’08) received the Ph.D. degree in information and telecommu-
nication from Waseda University, Japan. He was a Post-Doctoral Researcher
with the Research Institute for Secure Systems, National Institute of
Advanced Industrial Science and Technology, Japan, from 2011 to 2012.
He was a Researcher with the Global Information and Telecommunication
Institute, Waseda University, Japan, from 2011 to 2013. He is currently an
Associate Professor of electronic information and electrical engineering with
Shanghai Jiao Tong University, China. He has hosted and participated in sev-
eral research projects for the National Natural Science Foundation of China,
National 863 Plan, and 973 Plan projects. His research interests include
the advanced computation and communications techniques of smart sensors,
wireless communication systems, industrial control systems, wireless sensor
networks, and smart grids. He is a Guest Editor of the IEEE SENSORS JOURNAL
and a TPC Member of several international conferences, including WINCON
2011 and GLOBECOM 2015.
XIAOJIANG (JAMES) DU (M’04–SM’09) received the B.S. and M.S.
degrees in electrical engineering from Tsinghua University, Beijing, China,
in 1996 and 1998, respectively, and the M.S. and Ph.D. degrees in electrical
engineering from the University of Maryland at College Park, College Park,
in 2002 and 2003, respectively. He was an Assistant Professor with the
Department of Computer Science, North Dakota State University, from 2004
to 2009, where he received the Excellence in Research Award in 2009. He
has authored over 150 journal and conference papers in these areas. He
is currently an Associate Professor with the Department of Computer and
Information Sciences, Temple University. His research interests are security,
cloud computing, wireless networks, computer networks and systems. Dr.
Du is a Life Member of the ACM.
VOLUME 5, 2017