Electric Power Systems Research 215 (2023) 108975

Contents lists available at ScienceDirect

Electric Power Systems Research

journal homepage: www.elsevier.com/locate/epsr

A comprehensive review of cyber-attacks and defense mechanisms for

improving security in smart grid energy systems: Past, present and future
Mohammad Ghiasi a, b, *, Taher Niknam b, *, Zhanle Wang a, Mehran Mehrandezh a,
Moslem Dehghani b, Noradin Ghadimi c
a
Faculty of Engineering and Applied Sciences, University of Regina, Regina, SK, Canada
b
Department of Electrical and Electronic Engineering, Shiraz University of Technology, Shiraz, Iran
c
Young Researchers and Elite Club, Ardabil Branch, Islamic Azad University, Ardabil, Iran

A R T I C L E I N F O A B S T R A C T

Keywords: Due to the advancement in communication networks, metering and smart control systems, as well as the
Security prevalent use of Internet-based structures, new forms of power systems have seen moderate changes with respect
Cyber-attack to several aspects of contradictory Cyber–Physical Power Systems (CPPSs). These structures usually have con­
Power systems
nections between power sections and cyber parts. CPPSs confront newly emerging issues including stability,
Smart grids
resiliency, reliability, vulnerability and also security. Studying, analyzing and providing solutions to mitigate or
Defense mechanism
solve these problems highly depend on accurate modeling methods and examining the interaction mechanisms
associated with the cyber-security of Smart Grids (SGs). This paper aims to systematically summarize different
methods and techniques and to review corresponding solution approaches in cyber-security in energy systems. In
the first step, we discuss the interactive features of cyber-security; then, their modeling and mechanisms are
reviewed and summarized in detail. Furthermore, the characteristics and applicability of different cyber-attack
models are technically discussed and analyzed. The cutting-edge cyber security approaches such as blockchain
and quantum computing in SGs and power systems are stated, and recent research directions are highlighted. The
decisive problem-solving approaches and defense mechanisms are presented. Finally, some points regarding the
role of cyber-security in the future of SGs are presented.

1. Introduction communication network security through intelligent systems lend

1.1. Background
The infrastructure and operating of power and energy systems are
constantly improved via the integration of new power generation de­
signs, and the incorporation of the latest protection and control tech­
nologies. So, in order to have a reliable operation of smart energy
systems, different protection methods and control mechanisms are
required. Using new digitization techniques in the power system is of
paramount importance in recent decades due to the fact that almost all
parts of our lives rely on electricity and power supply in various ways.
Structures such as smart cities, Smart Grids (SGs), smart homes, smart
appliances, and smart gadgets are some domains in which smart tech­
nologies are integrated to. Advances in data transmission with
communication networks and various protocols to improve
themselves as the current research trend in this realm [1,2]. However,
the use and integration of modern technologies can create new chal­
lenges in the security and stability of energy systems. An example here is
the incorporation of Renewable Energy Sources (RES) like Photovoltaics
(PVs) and Wind Turbines (WTs) in power generation, which acts as a
viable option for solving pollution and environmental problems, while
their alternating output power can impair frequency stability perfor­
mance [3,4]. RESs are adopted as significant energy resources all over
the world, and owing to the enhancement of renewable power genera­
tion technologies, smart inverters [5,6], smart controllable loads, and
using Distributed Generations (DGs), we can have more access to cheap
green energy than before. Smart inverters not only have been greatly
utilized in various parts of power systems with Distributed Energy Re­
sources (DERs), but they can assist to adjust load flow and detect failures
[7,8]. All these systems benefit from cyber infrastructure. The notable

* Corresponding author.
* Corresponding author.
E-mail addresses: mgy918@uregina.ca (M. Ghiasi), niknam@sutech.ac.ir (T. Niknam).

https://doi.org/10.1016/j.epsr.2022.108975
Received 19 July 2022; Received in revised form 10 November 2022; Accepted 14 November 2022
Available online 21 November 2022
0378-7796/© 2022 Elsevier B.V. All rights reserved.
M. Ghiasi et al.
advances in cyber infrastructures are leading to an intelligence revolu­
tion in power systems. It is noteworthy that smart and intelligent devices
in SGs are prone to cyber-attacks via wired and wireless Communication
Channels (CCs), which can have adverse effects on the reliability and
stability of energy systems [9,10]. Besides, systems based on Internet of
Things (IoT) and wide area protection and Control technologies are now
increasingly expanded for intelligent power networks with different
DERs [11,12].
One of the important parts of energy systems are controllers.
Generally, controllers should be able to maintain energy systems sta­
bility. Existing systems of Supervisory Control and Data Acquisition
(SCADA) have been extensively utilized for controlling and monitoring
operational conditions which are dispersed in power transmission and
distribution grids. In addition to this, Distributed Control Systems (DCS)
have been utilized for small or remote geographical regions, whereas
Programmable Logic Controllers (PLC) or Remote Terminal Units (RTU)
frequently monitor and control the system data [13,14]. In recent years,
new forms of smart controllers and devices have been introduced in
different parts of the power grids. Many studies are presented in order to
develop the performance of the modern power system at different levels.
These studies focus on various parts of power systems such as forecasting
algorithms, new types of power electronic devices, smart and Microgrids
(MGs), reliability [15], resilience, Cyber-Physical Systems (CPSs)
[16–18], integrations of renewable energy generations into power sys­
tem, Electric Vehicle (EV) connected to power grid [19], dynamic
analysis of power system [20], cost assessment, and optimization tech­
niques [6,21-25]. Fig. 1 displays various parts of a typical power
network system from generation to consumption, and its communica­
tion structure.
Many parts of the power network use sensors, controllers, meters,
and wireless networks to control and transmit data [26]. Also, in order
to make the network smarter, the related equipment transmits infor­
mation from both the generation and the consumption sides over the
Internet, and the number of devices connected to this network increases
daily. In this regard, we aim to comprehensively review various forms of
cyber-attacks and defense mechanisms related to SGs and energy
systems.
Generation
Transmission Lines
Generating Step Up
Transformer
RTOs
GENs
BA EMS
Fig. 1. Various parts of power system and its communication.
2
Electric Power Systems Research 215 (2023) 108975
Since new concepts such as the Internet of Energy (IoE), SGs, and
smart equipment connected to the grid such as smart meters are
expanding, the issues caused by cyber-attacks on these types of in­
frastructures should receive more attention. Using different techniques
to identify and deal with these attacks is one of the effective ways to
stabilize the SGs and energy systems [27]. Therefore, providing accu­
rate, up-to-date and efficient overviews and details in recognizing and
dealing with cyber-attacks can be an effective way to researchers and
engineers in the fields of electrical, control, and telecommunication
engineering, as well as information technology (IT) and computer
science.
1.2. Concepts and applications of cyber-security in SGs
Different solutions aiming to calculate the optimal generation and
pattern of distribution in SGs and data storing in the energy system are
presented. Therefore, in this section we aim to provide important parts
of cyber-physical systems involved in SGs and energy systems. In addi­
tion, increasing concerns about environmental issues along with the
effective production and distribution of power is one of the topics that
has recently been considered, and one of the effective solutions is the use
of DER in smart MG [28]. Many experts confirm that distributed smart
MG is a highly efficient approach to plan the global power system [29].
In other words, in order to make the power grid automated and intel­
ligent, SG integrates technologies, and digital processes into power
systems which will make it vulnerable to cyber-physical attacks [30].
Fig. 2 illustrates the main constructions of conventional power net­
works and different parts of SG to show their differences. As can be seen,
unlike one-direction energy flow in traditional energy systems, infor­
mation and energy can flow in two-directions of the two sides of gen­
eration and distribution in smart energy systems. For SG, no rigid system
exists. Electricity production from renewable power plants like solar and
wind farms or from DG sources can be done on the consumer side. In this
topology, electricity can be two-directional way, which is shown in this
picture with energy storage resources in houses and even electric vehi­
cles [31].
Distribution
Sub-transmission
Customer
Substation Primary Customer
Step Down
Transformer
Secondary Customer
UTILs, CO-Ops, etc
Other BAs
M. Ghiasi et al. Electric Power Systems Research 215 (2023) 108975

Power Plant (Generation)

High Voltage
(HV)
Distribution

Low Voltage
(LV)
Distribution Factory/
Industry
Office Residence

(a)

Wind Power

Storage with
Interface Solar Power

Solar Home
System

Generation

Residence

Factory
Office
(b)
Fig. 2. Utility grids: (a) conventional grid (b) SG [32].

1.3. Wireless sensor network and internet of things
Due to the significant advances in wireless communications that
have various applications such as mobile devices, environmental
tracking sensors and drones, it opens up new services by connecting to
SGs. Wireless Sensor Networks (WSNs) consist of inexpensive stand-
alone devices that are equipped with sensors which can measure
events with locally or globally values, and store them [33]. They can
also manage sensitive data and communicate with each other. Thus, the
convergence of WSN has paved the way for the development of
communication platforms called IoT, which has high potential and can
be implemented for a large variety of utilizations in different fields.
Stable communication is a main component of the SG system which
needs devices equipped with the ability of receiving, sensing, process­
ing, and transmitting data. The network which is made by that equip­
ment and linked to the other nodes via the Internet, is IoTs. In the IoTs,
each object is identified with its own digital identity, and all are linked
via a complicated grid. IoT includes smart items that have data pro­
cessing, self-awareness and interact with the environment. Smart de­
vices can communicate with each other including objects in the system

3
M. Ghiasi et al.
[34]. The commonest smart items used in the network, for instance the
smart meter, can fall into this class.
The objects can give the exact information needed for automated
support and deciding, giving the smart grid unique capabilities that can
make the grid smart. One important point is that all this data should be
processed, managed and stored in real time. Historical data can also be
used to decide specific cases. Different studies are carried out in the
smart energy network using data achieved by smart objects in various
databases, feeders, and posts [35,36]. The resources of information used
will be of different values such as market data, lighting, power system
meters, geographic information and even weather data. Therefore, grid
optimization in terms of energy or data security from generation and
transmission to energy distribution requires an efficient, reliable and
accurate forecasting design for electrical energy use. For instance, in the
paper [37], energy consumption data (in terms of kilowatt per hours) for
100,000 m in smart consumers at 15-min sampling ranges show that
ensuring the data quality gathered is a particular challenge for designs to
predict and evaluate their performance for SG. Various factors including
renewable power generation, power cost in energy markets, and
day-ahead planning of load distribution should be predicted. Such fac­
tors are of importance in SG’s security and sustainability [38,39].
New infrastructures that enable the SG to do many duties on the
Internet that older networks cannot do include several network-
connected devices that can exchange information and get commands
to operate in a particular method. All devices have been linked to their
related grids by extensive Internet connection. Internet-connected de­
vices are now an integral part of everyday life, and more and more of
these devices are being built and connected to the network. Smart
homes, smart cities, or smart transportation [40] are examples of in­
frastructures built on the Internet, which make extensive use of
network-connected smart devices. Each of these networked objects
include their own built-in computation system that allows them to be
estimated by a specific IP and protocol and to be able to communicate
and connect with each other. Sensors, networks and communication
protocols as well as the utilization program are the most important parts
for cyber-attacks on the IoTs. The IoTs consists of more than 50 billion
devices in 2020 and completely demonstrates the current use of IoTs
applications [41].
Fig. 3 shows typical connections in the IoTs architecture. As shown in
this figure, data collected by sensors sent to various systems that utilize
different types of software to perform intended tasks. Open source
software such as Apache Spark can be one of the methods used in the
IoTs. Spark uses its fault-tolerant variables to automatically operate in a
distributed manner, the Resilient Distributed Dataset (RDD). Since all
computations are done in memory on Spark, the execution of an appli­
cation will be significantly up to 100 times faster than applications like
Hadoop. Programming algorithms in this field have also been developed
in the manner and location of data distribution, parallel complexity or
fault tolerance in Python of R platform [42].
The high volume of data processing, transmission and storage in an
SG network raises the complication of information evaluation. There­
fore, a Dynamic Energy Management (DEM) system will be needed to
process this large data value to optimize power flow, real-time system
Distributed Computing Other Sources
using Spark & Destinations
Store
Analyze
In HDFS
Sensors Ingest Transform Sink (Hadoop
File
System)
Predict/Machine Learning
Fast Data
in Python or R Platform
Fig. 3. IoT architecture.
4
Electric Power Systems Research 215 (2023) 108975
operation, monitoring of system, and production planning [43–49].
High volume of data (big data), which cannot be handled via traditional
processes, becomes another challenge in SGs. Researchers focus on big
data-based challenges in energy systems, optimization and prediction
which consider renewable power generations [50,51]. A higher per­
centage of the created data in SG includes secret information of indi­
vidual users. Transmitting this data type is needed to be secured with
lawful standards [52,53]. In addition, this data usually consists of
classified and sensitive information about corporations or power control
centers of a country. By connecting SG to the Internet network, big data
communication and safe operation can be affected by malwares or at­
tackers. As a result security and privacy play important roles in IoT and
SGs. An IoT combined into SG is classified as a CPS, so it is more likely to
be prone to cyberattacks [54]. Proper protections are needed to
adequately ensure SG operation, securing data, and preventing any kind
of cyber-physical attack on smart power systems. Fig. 4 displays
fundamental protection problems of IoT combined into the SG system.
Based on this figure, protection problems of IoTs can be classified into 4
basic kinds including encryption, physical, and software, and network
threats. In the physical threat section, we can have mechanical and
untheorized changes in the system. In the network threat part, we can
have data traffic interference, eavesdropping on confidential data, and
systems access gain. Also, in the software threat category, we face
manipulating, stealing or damaging of data in the system. In addition,
we can have encryption attacks in the system which can have a negative
impact in encoding systems.
Seamless communication is identified as a key characteristic of a SG
that is essential for its suitable performance, so IoT integration can also
help with SG communications. There are currently four main models
applied for IoT technologies of communication, including backup data
sharing, device-to-cloud, device-to-device, and device-to-gateway pat­
terns [55]. Also, for IoT implemented SG systems, three layered
communication systems have been developed including Wide Area
Network (WAN), Home Area Network (HAN), and Neighbor Area
Network (NAN). HAN includes wireless and wired platforms. An
example for wired platforms is power-line communications. For wireless
communications, we have some protocols for WiFi, Bluetooth, and
ZigBee. A Home Gateway (HG) is identified as a main feature of HAN
that gathers data of home appliances. NAN needs a communication
structure to be able to support a radio connection of 1000 m. NAN
collects the energy meters information in the HAN system and sends that
information to the WAN [56]. Fig. 5 illustrates the structure of IoT
implemented layers for SG systems where every layer of IoT refers to a
specific SG infrastructure layer.
The efficient management of load is one of main advantages of using
the IoT technology. Practically, system malfunctions that may cause
power shortages will be offset by adjustment of the load by demand. This
setting will keep the other network components active. Therefore,
intelligent control and reduction of load must lead to lessening energy
outages in an unexpected load alteration in the network. To perform
such tasks, an automated system by means of IoT devices is needed that
can manage and control generation and demand side information at any
time. Considering these issues, article [57] provided an approach to
predict the next day’s load and track existing power generation. In this
method, when the intelligent system uses the IoTs to realize that the load
is more toward the generation, it can propose to the user to turn off
several appliances or plan to use unimportant loads to work during
off-peak hours. Based on this research, Fig. 6 displays smart load con­
trolling and load shedding structure. To predict in this system, data of
common users, information of weather and historic data of the network
have been applied. Also, the analysis and decisions in this article are
done in the cloud infrastructure, while system components communi­
cate via power line connections or WSN technologies.
M. Ghiasi et al.
Fig. 4. Protection problems of IoT combined into SG system.
Fig. 5. Mechanism for IoT performed layers of SGs.
1.4. Motivation and principal contributions of this review article
As explained in the previous section, cyber security in smart grids
will play a significant role in the stability of the power grid and
providing sustainable services with high reliability. Knowing different
types of attacks and strategies to deal with them can also help re­
searchers to use or improve current solutions more effectively. In this
regard, the most important contributions of this article are summarized
as follows:
• Presenting the concept of cyber-attack to the smart energy systems,
and a detailed explanation of how different types of these attacks
work.
• Providing important parts of cyber-physical systems involved in SGs
and energy systems such as WSN and IoT in latest mechanisms to
5
Electric Power Systems Research 215 (2023) 108975
Fig. 6. Smart load control and load shedding structure.
deal with cyber-attacks and strategies to improve cyber security of
the SGs including, machine learning techniques, signal processing,
blockchain technology, quantum computing, and SGs with big data
analysis
• Collecting, studying and providing the latest mechanisms for
recognizing different types of cyber-attacks in SG systems such as
sensor and actuator attacks, Denial of Service (DoS), Data Integrity
Attacks (DIA) and False Data Injection Attack (FDIA), Zero Dynamics
Attack (ZDA), Resonance Attack (ResA), And Time Delay Switch
Attack (TDSA), and man-in-the-middle attack (MiTMA).
• Optimum classification and presentation of figures and graphs that
make the concepts of attacks easier to implement and test in smart
energy systems.
M. Ghiasi et al.
1.5. Paper structure
The rest of this review article is organized as follows: in Section 2, we
will introduce different types of cyber-attacks in SGs and energy systems
in detail. In Section 3, we will present various common detection
methods and defense mechanisms of cyber-attack in SGs. In Section 4,
we will review new strategies used in recently published papers to in­
crease cyber security in SGs, and discuss the most efficient, possible and
applicable solutions and methodologies to detect and confront cyber-
attacks in energy systems. In Section 5, also, we will present our view­
points regarding the role of cyber-security in the future of SGs, and
finally in Section 6, we will conclude this review study.
2. Types of cyber attacks in SGs and energy systems
In this section of the review paper, we first introduce the different
forms of cyber-attacks. To begin, a simple mechanism, theory and
equations of cyber-attack are presented. In order to visualize the pro­
cedure of a simple cyber-attack in a typical SG system, we can consider a
scenario where the state of an energy grid is represented in complicated
voltages magnitudes and bus angles. So we can define state vector S as
follows [58]:
S = [δ1 δ2 δ3 ...δn V1 V2 V3 ...Vn ]T (1)
Where V and δ represent voltage magnitudes and bus angles. Based on
the reference [59], we can define state estimation as:
∑
n edge or information source can consist of data about the model of plant,
minH(x) = qi (bi − gi (X))2 (2)
i=1
Where, g(X) represents the function of measurement which gives the
weights measurement (b and q); n depicts the measurement maximum
number. So without having any error, the equation is:
Bi = gi (X) (3)
With having error, the equation is:
Bi = gi (X) + ei (4)
Where e gives the measurement error. In the event of a cyber-attack with
the aim of inserting malicious data into the power system, which can
change the measurement data by threat vector a, the system of con­
trolling can obtain the measuring data as follows:
Bi = gi (X) + ei + α (5)
Fig. 7 shows a typical layered security framework for SG systems.
This Figure illustrates a comprehensive security approach at every stage
of the infrastructure, starting from the outer layer (organization) and
continuing through the inner physical layer. As can be seen, from the
outer layer to the inner layer, we have business process layer, data layer,
meter or host layer, network layer and physical layer, all of them can be
targets of malicious attacks. An important point here is that the physical
layer has the most technical action while the organizational layer has the
most strategic performance.
In Fig. 8, we provide a diagram for the most important attacks
affecting SG networks and the cyber-attack procedure. In the following,
various forms of cyber-attacks, modeling of attack types (according to
the sensor and actuator attack classifications), and attack scenarios in SG
systems are discussed in detail.
2.1. Sensor and actuator attacks in SG system
In order to have a comprehensive illustration of attacks in a SG
system, two basic elements are required; first we need to know mathe­
matical models of the SG concept, and then, an attack policy description.
The adversary attack model is defined utilizing an attack policy that
6
Electric Power Systems Research 215 (2023) 108975
Fig. 7. Layered security framework for SGs.
gives prior knowledge and information of the model of the system ob­
tained by the enemy and the set of data that is accessible through the
disclosure of sources. Some of these kinds of attack can be applied on
power electronic devices and DC converters [60,61]. The prior knowl­
the technique or methodologies utilized in the controller system and
Anomaly Detectors (ADs) [62–64].
2.2. Denial of service
Denial of Service (DoS) has been defined as an imperative malicious
attack, which is able to obstruct the channel of communication by
transmitting a huge amount of unauthentic packets. This attack acts in a
Cyber-Layer (CL) which can cause serious transmission load; also it can
consume excessive quantities of network bandwidth which cause in­
terruptions in the part or whole control, communication or connection
network [65,66]. In network controlling systems, overall, DoS attacks
can be injected by manipulating channels, therefore, it can prevent the
data of measurement and control from reaching destinations [67]. DoS
attacks, also, do not need revelation abilities. Besides, some attack ap­
proaches like Bernoulli do not use the prior knowledge and data of the
system for Cyber-Attack (CyA) [68]. Generally, DoS attack behaviors are
selected by the attackers which have little data regarding the controlling
system [69]. However, DoS attacks can be detected easily. Poor network
situations, also, can have an effect on the easiness of attacks and
detections.
In the SG systems, the transmission channels infrastructures
including, first, connection between RTU or Phasor Measurement Units
(PMU) to the control center [70], and second, connection between
control center and governor) are considered as the principal disruption
sources of DoS attacks. DoS attacks are able to block the measurement
information which are transferred to the control center, also it can affect
the upgrading of the commands from the control center or delay the
controlling signals which are transmitted to the actuator destroying the
performance of the energy system [71]. In addition to this, The various
forms of DoS attacks are usually so powerful that they negatively in­
fluence the dynamic operation of the system of Load Frequency Control
(LFC) when the threat is carried out too soon before the system con­
verges [72]. OF the different forms of this attack in SG systems,
energy-limited Pulse Width Modulation (PWM) jamming signal attack
has been more widely used because of the simplicity of performance and
avoidance of detection [73]. In general, such attacks use network faults
to consume the resources of the system to disable normal operating
M. Ghiasi et al.
Fig. 8. A typical diagram of various forms of attacks in SG systems.
conditions [74].
From a network hardware perspective, slower speeds of processing
servers and insufficient memory have been usually the major targets of
DoS Attacks (DoSA). Nevertheless, for higher-performance networks of
communicating capable of parallel processing, DoS synchronous attack
is usually performed using automated remote clients distributed by at­
tackers. Such attacks, which also have the ability to block high-
performance communication networks, are often defined as Distrib­
uted Denial of Service (DDoS) attacks. SGs generally have wide area
network infrastructures for controlling the system comprising process
layer 2- bay layer and 3- station layer [75,76]. Having such distributed
networks in SGs with a large number of computations in the control
system leads to higher possibility of DDoS attacks. The communication
delays which are led by DDoS will have negative effects on the stability
of frequency. Generally, DDoS attacks which have been executed at
applications or Domain Name System (DNS) servers, do not need high
knowledge of the system to be easily detected. Also the detection process
is hard as the attacker is hidden [77]. Hence, request packets which are
sent by an enemy, motivated by the use of system resources, mimic or
resemble legitimate requests. In this regard, studying DDoS attack and
coordinated defense usually needs background information of interac­
tive features of control devices, physical environment and the commu­
nication networks [25,78,79].
2.3. Data integrity attacks
Data Integrity Attacks (DIAs) are performed via manipulating the
control and measurement signals which are sent through the cyber
sections of the SG [80]. In this form of attack, attackers usually carry out
manipulating information or injecting malicious data in sensors, actu­
ators, and channels, in that, the transferred data is within its allowable
limit. In case of violating these conditions, malicious data detection
plans will simply detect such kinds of attacks which lead to unan­
nounced attacks. In this way, for the succession of attack, it has to follow
the principles of the power system [81]. Therefore, to better understand
this issue, different forms of deception and data integrity attacks on SGs
are presented as follows.
2.3.1. False data injection attacks (FDIAs)
This form of attack is known as a general classification of Integrity
Attack (IA) which can destroy real-time data, such as frequency, in every
SG system. FDI attacks, for signal injection, usually obey predefined
attack patterns. However, in the real-world, resourceful attackers often
utilize approaches which adjust themselves in the attack time [78,
82-84]. The introductory step should be designed to discover the
7
Electric Power Systems Research 215 (2023) 108975
configuration of the system, utilizing and disclosing sources and earn
real-time information. The next step is to disrupt the resources that
affect the normal operation of the system [85]. FDI attacks have been
usually exerted to the metering system and controlling channels of the
SG, that are in the forms of input attack vectors, such as ayi (t) or aui (t)
which formulated with attack patterns or data corruption approaches.
The data corruption yai (t) or uai (t)which exerted to execute FDIA at
actuators or sensor channels have been modelled as following equation:
{
0 ∈ τa
for t ∕
yai (t) or uai (t) = (6)
λ.F() for t ∈ τa
Where in this equation, i = 1, 2, .....,m; and j = 1, 2,....., n; alsoτa gives the
period time of attack, λ represents the attack parameter, and F(.) pro­
vides a function which is reliant on time, signals of sensor and actuator.
Using references [68,81,86], different forms of FDIAs are presented as
follows:
2.3.1.1. Ramp attack (RamA). RamA, in general, includes the changing
of outputted values which is often displayed with y(t) or control signals
(CSs) which is displayed byu(t) utilizing a slowly reducing or rising
function of ramp for time duration of an attack (ta ). At the attack time,
yai (t) or uai (t) can be λr .t, in which, λ = λr denote the parameter of ramp
and F(.) equals t.
2.3.1.2. Pulse attack (PA). PA, in general, includes the amendment of
outputted amounts or CSs utilizing temporarily distanced short pulses
with several parameter of attack which is often displayed with λp .
Moreover, F(.) defines the pulse form features.
2.3.1.3. Random attack (RandA). RandA, in general, includes the
amendment of outputted amounts or CSs, during the period of attack
time, via the adding amounts reverted from a uniformly random func­
tion which is displayed by rand(a, b). According to reference [87], here
λ = 1 and F(.) equals to rand (a, b), here (a, b) shows the minimum and
higher ranges of u(t) or y(t).
2.3.1.4. Scaling attack (SA). SA, in general, includes the amendment of
outputted amounts or CSs to lower or higher amounts according to the
parameter of scaling λs . The attack at the channels of actuator and sensor
is as follows:
yai (t) = λF() = λs yi (t) and uaj (t) = λF() = λs uj (t) (7)
Whenever the parameter λs is regulated that:
M. Ghiasi et al.
λs yi (t) = ymin or λs uj (t) = umin (8)
This attack has been named min attack, here, ymin and umin respec­
tively represent the lowest amounts of the outputted and CSs. Also ifλs
has been regulated which:
λs yi (t) = ymax or λs uj (t) = umax (9)
It is named max attack, where ymax and umax define respectively the
highest amounts of the output and CSs.
2.3.1.5. Bias injection attack (BIA). According to the reference [68,88],
BIA has been defined as the easiest attack, in that the CSs or sensor of the
aimed channel have been inserted with a fix signal of bias, also the
vectors of attack is modelled respectively for channels of sensor and
actuator as:
ayi (t) = bi and auj (t) = bj (10)
Automatic Generation Control (AGC) is a fair goal of FDI attacks
since it can control frequency of grid which is each power system’s vital
global variable. This attack has been launched in the system of SG by the
ways defined below based on references [9,89-92].
• Attacking on Physical Sensors (PhS) using sensor spoofing
• Applying CCs of actuator and sensor data
• Yielding the computational techniques of the control center
• Yielding the reasonably separate channels of VPN from the distrib­
uted sensors
• GPS spoofing: this enables penetration to PMU and influences sub­
stations’ clock synchronization causing to incorrect phase angle
amounts
Nevertheless, the measurement CC has always been the mainly tar­
geted disruption source of FDI adversaries, owing to the robust security
of computer applications at the control center and also the low pro­
portionality of distributed PhSs [93,94]. In addition, FDI attacks require
a well knowledge and learning of configuration of system and models of
attack effect for computing optimum attack sequence [95].
In case of having comprehension of system structure by attackers,
however restricted having availability to measure meters owing to their
physical maintenance, the attackers can find a solution for the problem
of optimization for the estimation of the lowest sensors’ or meters’
number with highest vulnerability [96,97]. Nonetheless, at an imperfect
data scenario, topology data is collected by FDI attackers to launch
authentic FDI attack via the methods below [98]:
• Via the collecting online and offline information utilizing manual
materials or using deploying meters for accessibility of the data of
the network
• Utilizing the market information associated with the economic
dispatch problem
• Utilizing measurements of load flow: The correlation via the mea­
surements of load flow often gives configuration information, while
the specifications of systems such as passive and active loads have
been altered.
2.3.2. Replay attack (RA)
Replay attacks are defined as other forms of data integrity attacks
which are performed by initially implementing a disclosure attack for
collecting data sequences from the compromising sources and thus it
replays the documented data till the end of the period the attack [63,88].
Principally, RAs follow the framework of fraudulent delaying or
repeating the authentic transmitted data [99]. There is no requirement
for any earlier knowledge regarding the design of the system for these
kinds of Attacks, such as the data of modelled estimators and controllers
[80].
Nonetheless, in the scenario of attack, a predetermined Physical
8
Electric Power Systems Research 215 (2023) 108975
Attack (PhA) with a RA, approach reliant knowledge has been needed
for the carrying out PhA. RAs need disclosure potentialities to obtain
information of the CCs of the system of control. Besides, it can disrupt
the channels of data which have been revealed [68,100]. The attacks
will be modelled as time-variant delays, with unidentified data about the
higher range and Rate Of Change (RoC) [99].
In the Byzantine RAs, attackers repeat the registered information
from the attacked actuators and sensors for a certain period. The attacks
on sensors have been performed by the cryptography mechanism
cracking or by containing incorrect readings of the sensor via controlling
local surroundings [101,102]. The RA at the channel of sensor is
modelled as following equation [103,104]:
ay (t) = − Cx(t) + y(t − τ) (11)
In the Eq. (11), 0 < τ < t; besides y(t − τ) represents the data of
sensor collected by monitoring. The 2 phases of RA (replay stage (RS)
and monitoring stage (MS) have been modelled and given as below:
MS (0 ≤ t〈t0 ): at the MS, the collected measurements of sensor have
been saved in J(t).
ya (t) = 0 and J(t) = Γy .y(t) (12)
RS (t0 ≤ t〈2t0 ): at the RS, the gathered data of sensor has been
delivered to the controller until the attack finishes.
ya (t) = J(t − t0 ) and J(t) = J(t − 1) (13)
The RAs at the channel of actuator are modelled in the similar way as
in the channel of sensor.
2.3.3. Covert attack (CA)
CAs are other forms of cyber-attacks which make a strong and hidden
attack framework by the system’s accurate information which utilizes its
availability to measurement and control of sent signals over the CAs
[102,105,106]. The hidden agent has been considered to include sources
to give availability and injecting data to channels of actuation and
measurement. CAs are working via cancelling the effect of attack signals
through computing the system output answer and deducting it from the
readings of measurement [63,107]. As a result, at the controller side, the
diagnosis system gets the information of measurement without attack
data. These actions make the covert attack.
Besides, it can exploit the threshold kept in the logic of decision of
diagnosis systems to decrease alarms of failure owing to the presence of
type lack of certainty and undefined disruptions. Thus, the attack will
stay hidden despite the discrepancies of the model occurring from the
attacker’s plant model to the actual procedure [105]. The attack
covertness was explained in 2 various fields including cyber and phys­
ical domains. From a cybernetic viewpoint, CAs usually have less pos­
sibility of diagnosis by the diagnostic approaches monitoring the
communication and dynamics of the system. The CAs in the CPPSs are
able to change the system behavior to prompt physical impacts with no
identification by the individual observer [108]. The CA needs disruption
and disclosure abilities, and completes dynamics knowledge of plant and
system structure [109]. The CAs on SG system have not been fully
studied in the publications.
2.4. Zero dynamics attack (ZDA)
ZDAs can exploit the data of the model of the whole system to
generate signals of attack which do not make every modification in the
output measure [110]. They use the zeros and linearity properties in the
function of transfer to produce a mechanism of attack that uncouples
itself from the output of a closed-loop system. There is no need for any
M. Ghiasi et al.
abilities of disclosure because it can follow a strategy of open-loop
attack. Abilities of disruption on the actuator CCs have been required
for ZDAs, and the complete information regarding system‘s
zero-dynamics was needed which is possible to be calculated from
matrices of output and state equations [111]. Generally the systems of
SG are not liable to ZDAs owing to the lack of zero that is a least phase
system.
2.5. Resonance attack (ResA)
In power systems, having a safe and secure operation can also be
ensured with acceptable intervals between the frequency and the RoC of
Frequency (RoCoF). Another form of attack in the power system titled
‘resonance attack’ is defined as a different attack type that can cause to
have an unusual frequency and/or RoCoF with changing the load of
power or signals of tie-line based on a resonance resource. Generally, the
resource of resonance is the output function or the output of a system. In
such cases, power signals or the modified loads have been maintained in
an acceptable period so that it becomes very small to be detected by
diagnosis approaches [112]. Since the RoCoF divergence can lead to the
frequency divergence, the electric grid has been given with particular
RoCoF Protection Delays (PDs) according to the electric network inertia.
Such PDs might travel as a result of adverse attacks which can move the
RoCoF value further beyond their predefined boundaries. Therefore, it
can bring about power systems’ blackouts.
2.6. Time-Delay switch attack (TDSA)
Some hackers can prompt TDSAs in systems of control operation with
planned setting latency in sensors or control loops to reduce system
stability. If significant delays can occur in remote measurement systems
and time delays are injected into equipment or control signals, SG sys­
tems will unstable or break down. Therefore, this way is one of the
methods to destabilize the network used by hackers.
Generally, a SG network including a TDSAs can be modelled as a
combined system by action of switch including ‘Off/Delay-by-τ’, here
τrepresents the delay period by random which demonstrated by the
control signals or measuring condition. As a result, injecting delays of
time in different dynamic system modes can make the power grid vol­
atile [113].
2.7. Man-in-the-Middle attack (MiTMA)
Another form of attacks in CPSs can be MiTMA. In the MiTMA, an
intruder engages himself in a conversation between two devices in order
to eavesdrop or impersonate one of the devices. In this case, it seems that
the exchange of information works in a normal condition. Therefore, the
intruder can carry out an FDI attack. Also, it can compromise the mea­
surement of values, control, operation, and operation and information
transmission in the power system. According to the type of operation of
this attack, the methods of identifying and countering MiTMA in a smart
network can be difficult. By designing and implementing multi-step
MiTMA intrusions in a physical cyber power system, hackers can, for
example, use an artificial network model to cause incidents of relay
malfunctions, incorrect measurements, and even physical problems in
the SG. Therefore, detection mechanisms can enable stakeholders to
defend against this type of covert cyber-attacks. This problem can be
overcome to a great extent by using online and intelligent network
monitoring detection tools and multiple warnings by intrusion detection
systems. One of the most common types of man-in-the-middle attacks is
implementing a public Wi-Fi network through a malware-infected
router. In this method, any user connected to the public Wi-Fi network
who sends information packets or receives information packets inad­
vertently sends a copy of the information to a third party. One of the best
and most reliable methods that can be used to identify this attack is
network traffic monitoring and analysis [114].
9
Electric Power Systems Research 215 (2023) 108975
In Table 1, some important papers which have studied cyber-
physical security, threats and resilience strategies are compared. A
complete view about attacks and defense mechanisms can lead to having
resilient SGs against malicious events. In this regard, different research
have considered resiliency of SGs along with cyber security, which are
presented in Table 1.
3. Detection and defense mechanisms of cyber-attack in SGs
Various research dealt with design robust techniques for detecting
and/or defense strategies against cyber-attacks, for instance, false data-
driven or data-injection attack [126], perfect or imperfect false data
attack [127], designing a resilient communication network [128], or
detection mechanisms using federated learning methods [129]. How­
ever, in this section, we classify and discuss almost all principal ap­
proaches regarding the detection and defense mechanisms of
cyber-attacks in power systems and SGs.
3.1. DoS attack
DoS adversaries include widespread attacks on the network protocol
with network traffic floods and congestion of communication channels,
thereby carrying out attacks on CPS transmission channels. In state
estimation problems, the general detection and defense mechanisms
against DoSA contain hypothesis testing problem detection method,
improved Kalman filtering method [130,131], and also game theory
method [132]. The secured controlling mechanisms of DoSA in CPS
contain methods including systems of triggering, small gain, stochastic
time-delay, impulsive, and theory of game.
A resilient and flexible controlling mechanism against a periodic DoS
attack in SG with communication delay has been presented in the
reference [133]. The proposed method has been coordinated with the
diagnosis system to differentiate attacks of DoS from delays of the
network. Their criteria for tolerable DoSA have been obtained using the
Lyapunov-Krasovskii approach and the switched system mechanism.
Also in the reference [134], a resilient communication plan resulting
from the event-triggered of interconnected SGs which tolerates infor­
mation losses owing to energy-bound DoS attack has been introduced.
This paper focused on the improvement of the resilient control strategy
lacking the preceding information of extra possibility of DoSAs. In the
reference [73], authors developed a novel switching system type of the
multiple-area electric network with the concurrent existence of sto­
chastic deception and DoS attacks. According to Lyapunov’s theory of
stability, the quadratic exponential system stability has been achieved.
Here, a periodical electricity limit signal has been applied to form the
DoSA, and the Deception Attack (DA) signal has been designed as a
quantifiable outputs’ nonlinear function. In addition to the concepts of
resilience control of cyber-attack, some recent papers focused on
enhancing defense strategies toward DoSAs by Cellular Computing
Network (CCN) forecasts and methods based on machine learning. For
instance, in reference [135], DoS attack mitigation in an integrated
dual-zone power supply system with PV resources has been presented by
the application of a synchro-phasor network (SPN). In this research, the
authors have used a CCN to predict the dropped information of the PMU,
where the expected information of CCN has been utilized to perform a
SPN. In the paper [71], researchers have proposed a defense strategy by
‘Deep Auto-Encoder Extreme Learning Machine’ (DAELM). The sug­
gested optimizer has supplied dropped data via forecasting and stables
usual system conditions. The expected lost frequency owing to the attack
has been performed by a historic databank and the information pre­
dicting approach. Hence, the power control center will send the actuator
signal communicating to the frequency of prediction to maintain the
system’s usual performance condition.
M. Ghiasi et al. Electric Power Systems Research 215 (2023) 108975

Table 1
Important research studied cyber-physical security, threats and resilience strategies in SGs.
Refs. Fields of study Main focus of the research Sub-focus of the research Main results

[115] Power systems assessment against Reliability and resilience Resilience values assessment A review of conceptual strategies of power system
unexpected events resilience
[116] Smart energy systems resilience Disaster modeling Natural disaster New method against unexpected natural disasters
[117] Energy systems resilience Resilience enhancement efforts Analysis in some typical countries Analytical resilience comparisons of smart energy
with various regions systems
[118] Methods used in SGs for multi-energy SGs and energy hubs Advanced operation mechanisms New method for physical resilience of multi energy
improving security system
[119] Methods used in SGs for Resiliency improvement for AC-DC Centralized, decentralized, and Improving physical resilience in AC-DC MGs
improving resiliency and hybrid SGs and MGs hierarchical approaches
[120] Communication, event-based, and Communication stability Networks analysis Improving ICT structures
component resilience
[121] Communication, event-based, and Event-based resilience Security analysis of power New strategy for enhancing security of
component security components communication structure
[122] CPSs Renewable energies in SGs and Reliability, resilience and data Novel framework for improving CPS security
energy systems security
[92] CPSs Cyber-attacks in SGs DoS attacks and control for energy Novel strategy for cyber-attack detection
storage systems
[123, CPSs Risk management and energy Cyber-physical risk modeling in Securing data in CPS
124] market SGs
[17,64, False data injected attacks Signal processing Blockchain, fast Fourier transform, Different strategies for FDIA detection with signal
97,98] Hilbert Huang transform, processing
[125] False data injected attacks Machine and deep learning False data detection Wavelet transform and singular value
methods decomposition based on machine learning in FDIA
detection

3.2. FDIA
FDIA is another form of cyber-attacks which can work via the ma­
licious injection data and information manipulation. Thus, in order to
detect FDIAs and for ensuring the power systems’ operational reliability,
the monitoring of the system via State Estimation (SE) approaches and
Meter Measurements (MMs) has been typically employed [61,98]. The
common detection methods used in SG systems include optimizers to
test if the measurements achieved from the parameters of the electric
system are at satisfactory intervals or not. Overall, a good detection
algorithm for FDIAs has to be able to provide real-time data about the
size, time and the location of the attack. Detection structures in the
networking system of control have mainly been named as ADs which are
combined by controller [89].
In typical and common power systems with AGC, the SE techniques
have been executed at almost high time intervals; as a result, it is not
able to contribute to improving the sensor data reliability which is sent
to AGC [136]. Indeed, modern systems of power have high efficiency
computation mechanisms and data acquisition parts which run SE ap­
proaches that have decreased performance period. So, it is able to
improve the measurement data consistency which transmit to AGC op­
timizers, after having passed them via SE optimizers [93]. Nevertheless,
the FDIAs on such electric structures include the ability to disturb the SE
procedure, which leads to transmit altered measurements of detector
and sensor to the power controlling center. This primarily takes
advantage of the tolerance of SE techniques against little measurement
errors. [137,138]. Besides, whenever a power network faces a
cyber-attack, the compromised information was put in comparison with
a system’s healthy measuring data using systems of monitoring for
detecting such kinds of attacks. But, if attackers have access to good
knowledge and information of the system, small signals of practical
attack are almost unrecognizable and lead to a covert DA. [139]. The
detailed study of the covertness attributes of FDIAs in Linear Time-­
Invariant (LTI) systems of control has been carried out herein [140].
The countermeasures of FDIAs is also able to be categorized into pro­
tection and detection-based methods [141]. Protection-based defense
approaches can help to identify and protect the critical sensors;
detection-based approaches also focus on the detecting FDIAs utilizing
estimation methods [142]. The vulnerability of the power system’s ports
and terminals makes the electric grid further vulnerable to IAs. Thus,
protection of the collection of sensors, detectors and measurement
systems is one of the defense mechanisms against FDIAs. A good
example of this strategy is reference [59] which authors demonstrated
that when the amount of compromised MMs (k) applies to a specific
state, a successful FDI vector is done. When k ≥ m − n + 1, we will have
an effective attack vector which is able to manipulate measurements
without to be detected. In this equation, m represented the meter
numbers of measurement, also n gives the amount of condition param­
eters. When the amount of measurement devices and meters which have
been attacked is below m-n + 1, we can detect an attack. According to
this situation, in reference [142], it has been shown that protecting an
essential measurement set will be needed and enough for detecting
FDIAs.
The SE methodologies also might have drawbacks, for instance, the
inefficacy in attack detection which can inject measurement information
identical to historical information. As a result, a new form of detection
technique using the measurement variation dynamics tracking has been
presented in paper [142]. In this approach, the distance from the mea­
surement variations to probability distributions has been derived uti­
lizing Kullback Leibler Distance (KLD) with the AC model of estimating.
The higher KLD displays the higher measurement deviation of the his­
toric information, such as the wrong data. Given the FDIAs’ sparse na­
ture, a diagnosis method according to the sparse optimization has been
presented in the reference [143]. The approaches of nuclear norm
minimization and low rank matrix factorization have been suggested to
divide the nominal and anomalies conditions of the electric system. In
order to find the exact place of the main endangered measurement set
devices utilizing graphical meters, paper [144] suggested a new strat­
egy. In addition to this, some effective research of literature which
focused on various detection mechanisms utilized in FDIAs are also
presented in the following. Reachability mechanisms have been used in
references [145,146] for identifying the existence of FDIAs that are able
to cause various safety conditions’ violation. In the reference [59], the
undefined vulnerability of current distorted or bad data diagnose
mechanisms for 2 different attacks’ classes (generalized FDIAs and
FDIAs) with the attack aims to find an attack by random and aimed
attack vectors has been studied. According to the attack algorithms, the
attack form is primarily categorized into generalized FDIA and FDIA. In
FDIAs, the attacker usually inserts bad data into devices like MMs and
detectors while it keeps the measurement of residual unchanged. The
attacker, in generalized FDIAs, usually uses a typical form of measure­
ment error tolerance with SE techniques which helps attack to keep

10
M. Ghiasi et al.
stealthy and anonymous to be detected [137].
Another notable cyber-attack defense mechanism against SG-ES at
the power control center has been presented in the reference [147]. The
proposed method has used a new adaptive Cumulative Sum (CUSUM)
optimizer to quickly detect the adversary with no violation of the ac­
curacy level of diagnosis. The defense framework for a power network
that is usually divided into MG sets has been displayed in research [148].
In this work, authors presented boundaries and data sharing framework
of MGs which were completely reconfigured, so that it is not possible to
make a synchronized FDIA. Further descriptions of FDIAs diagnosis
strategies in electric systems have been presented in references [98,
149-153].
Artificial-based strategies such as Neural Networks (NN) also play an
important role in data security, cyber-attack detection and defense
mechanisms in SGs [154]. In paper [155], a NN detection-based tech­
nique for FDIAs for sensing loop of two-zone system of distribution has
been presented. In the proposed method, the inputted and output con­
trol measurement conditions were transmitted to the Levenberger
observer for the ES. The NN diagnose unit received the values to detect
and track FDIAs. The ability of the proposed NN for estimating the
nonlinear behavior of the system was another benefit of this approach.
In reference [156], authors proposed an AGC system with non-linearity
such as time-delay and governor dead-band which was provided by a
diagnose method utilizing a particle mechanism based on filter and
Sequential Importance Sampling (SIS) approach. We should state that
particle filters are defined as tools for tracking the dynamic states of a
nonlinear system and are modelled by the Bayesian network. In refer­
ence [157], a Recurrent Neural Network (RNN) approach has been
presented to detect FDIA in an AGC system with non-linearity such as
governor dead band and transportation time delay. Also, in the paper
[87], authors proposed a detection method which depends on a strategy
based on physics and Deep Learning Method (DLM). In this work, the
deep learning technique used frequency historical information and
tie-line load flow measurements to learn data models and to predict ACE
amounts via the learnt templates. Besides, in another paper [158], for an
optimum interconnected attack such as FDIAs and load operation as a
countermeasure, authors proposed a threshold-based detection mecha­
nism. For AGC, a simultaneous detection and mitigation strategy against
FDIA via the concurrent evaluation of condition and input has been
suggested in the paper [159]. In this work, authors have used a recursive
3-stage filter for the performance of 3 stages which included updating of
time, updating of measurement, and undefined input evaluation.
One of the variants of FDIAs is bias injection attack. Reference [160]
discussed an evaluation of the effect of having BIA over a SG system. The
study has focused to find the major effects of attack on the system
whenever the frequency of the system is invaded by an attacker and to
maintain it in a secure and normal balanced amount lacking an alarm. In
paper [161], the SE issue in stochastic dynamical linear systems with
BIAs has been analyzed. In this research, to compensate for the effect of
the cyber-attack, authors presented criteria for selecting sensors to be
secured. In the proposed method, the utilized estimator was the Kalman
filter which the attack detection has been performed with the
chi-squared test. In another research, a set-theoretic diagnose strategy
for BIA has been suggested in the paper [136]. In the paper [162], the
authors have proposed the distributed diagnose strategy and separation
of BIA in SGs which used an internal observer. This paper presented
global and local stages for the distributed diagnosis in sets of sensor
attack according to a judgment matrix. In this research, authors have
also examined the experimental perspectives such as detection delay,
bias injection attack detection accuracy, and pre-calculated threshold
constraint while applying the detection strategy.
3.3. RA
Reply attacks have also been considered as other forms of cyber-
attacks. An online detection framework for some cyber sabotage on
11
Electric Power Systems Research 215 (2023) 108975
AGC like replay attacks, noise-injected attacks, and destabilization at­
tacks have been proposed in paper [163]. The presented technique in
this research basically employed the dynamic watermarking approach to
diagnose tampered values; where the generating block overlaps the
control signal with a small magnitude signal randomly that has a specific
probability distribution. Therefore, the honest detectors can show sta­
tistical attributes like the superimposed signal, while over-distorted
detectors do not show these relevant statistical features. As a result,
malicious acting can be discovered via specific tests of such statistical
attributes. In this research, also, the authors stated that the presented
framework is able to be used even if the opponents were fully knowl­
edgeable of the physical and statistical types of the system.
Another approach to detect replay attacks in systems’ controllers of
SGs has been proposed in reference [164], where the control law has
been varied between random and static for improving the detection rate
in RAs. But, the proposed strategy comprises the efficiency of the
detection in some levels. In reference [101], authors have evaluated the
possibility of replay attacks in Gaussian LTI control systems using an
specific anomaly detector and infinite Linear Quadratic Gaussian (LQG)
controllers. In this paper, the authors claimed that the presented strategy
can guarantee the desired level of diagnose possibility with trading off
LQG efficiency and diagnose delay, by increasing the control attempt or
by the decreasing of control precision. From a resiliency viewpoint, in
paper [165], authors presented a resilient control approach toward RAs
in a SG control system by receding horizon control rule.
3.4. CA
The covert attack diagnose method generally includes the assessment
of weak attack points and changing the behavior of power generation
after the attackers have discovered the model of the system. It can be
said that the basic weak point of covert attack is highly relying on entire
knowledge of the system. A good example here, in covert attack, is
presented in paper [108] where a modulation matrix has been included
in the control variables path to warn the input attitude of the procedure,
to develop a remedial action. This measure can make an adversary lose
the entire information of the system and can help the attacks to be
detected.
The prohibitive actions against some forms of covert attacks consist
of raising the difficulty to have access in control loops. Based on the
paper [166], having undesirable accessibility to the control systems can
be decreased with use of firewalls, which can be applied to the network
segmentation and with utilizing special architecture. Besides, having
access to the information flow will be decreased with utilizing time
stamping approaches and encryption algorithms. Another countermea­
sure can be using control functions such as switching controllers which
are almost difficult to be estimated [105].
3.5. ResA
ResA is identified as a form of DAs which usually have two pre­
conditions. The initial prerequisite is the possibility of access to the
resonance resource, and the next prerequisite is the possibility of
injecting or modifying the input of the power plant based on the refer­
ence of resonance. Thus, protecting the inputted data can be the highest
effective counteraction. In references [112,167], efficient countermea­
sures including the tempering and manipulating of reshaped input for
the resonance effects weakening have been proposed. Also, crypto­
graphic algorithms with sequential numbers or time stamps can be uti­
lized for ensuring the data authenticity.
3.6. TDSA
Another attack titled TDSA which performed in SG will have nega­
tive effects on the stability of the system and deteriorate implementa­
tion. Delay injection on the system can be implemented with delaying
M. Ghiasi et al.
the telecommunication packets or at the size of sensor sampled data
points [168]. In addition, another negative effect can be accessibility to
CC for switching on or off. The evaluation of stability in the SG system
with TDSA has been effectively given in reference [169]. Authors of the
paper [170] have determined the delay margins in a SG with steady and
time-variant delays utilizing Linear Matrix Inequality (LMI) approaches
considering the stability criteria of delay dependency. Also, in this case,
authors of the reference [169] have suggested a prevention technique
utilizing a time delay estimator where in order to track injected time
delays, the controller is reinforced by a delay estimator. Advancement in
Wide Area Measurement Systems (WAMS) and PMU has developed co­
ordination stability and control techniques without ignoring time delays
of energy system measures. As a result, it is important to assess the effect
of time delays in energy system analysis which are investigated in ref­
erences [170,171].
3.7. MiTMA
There are some solutions in the references [172,173] to face MiTMA
where the most important of which are the following:
• Two-way authentication: In this method, public and private keys
are sent based on an irregular encryption pattern called Hash. In this
case, viewing passwords or decoding hashed messages is a problem
that will require a powerful system.
• Determining the delay period: Normally, the process of performing
cryptographic calculations is done by the Hash function and a spe­
cific period of time is considered for it. For example, if the decoding
process of the sender and receiver takes 25 s, but the sending and
receiving process takes 60 s, it indicates that a third party is
eavesdropping.
• Authentication-based on the Carry-Forward pattern: One of the
most comprehensive methods to deal with man-in-the-middle at­
tacks is to check the certificates issued by the certificate issuing
authority.
• Identification of unauthorised fake access points: One of the
common methods used by hackers to implement man-in-the-middle
attacks are fake access points or, more precisely, rough access points.
Wireless devices automatically connect to access points that have a
strong signal. Once a fake access point is deployed in a building,
wireless equipment is connected to it and then connected to the
domain that the hackers manage. In this case, all network traffic is
intercepted or manipulated by hackers.
4. New strategies to increase cyber security in SGs
4.1. Machine learning and deep learning techniques in SG
In general, Machine Learning (ML) is a term of using a system to
learn and predict a process from existing data. ML can be used as an
effective tool to perform the heavy task of overcoming the large quantity
of data generated in a sensor structure based on sensors and the IoTs. ML
techniques can also be used as the last piece in an SG system that uses it
to collect and analyze data and make appropriate decisions. It thus en­
ables the SG to operate optimally and as intended. ML consists of various
algorithms and techniques that analyze existing data by an instruction
set to generate decisions or predictions based on data. ML is designed
under a rigorous process and results in the programming of explicit
optimizers with the estimated operation. The functionalities of ML
techniques consist of predictions of power generation and consumption,
future optimum schedule, adaptive control energy price, fault detection,
size, and detection of grid troublemakers during a data flaw [174–178].
ML techniques are widely used in detection of cyber-attacks today. In the
following, some new valuable research which used machine learning
techniques and focused on the diagnosis strategies in AGC structures are
discussed. Machine learning techniques have been widely and recently
12
Electric Power Systems Research 215 (2023) 108975
used as a good solution for big data processing as well as the imple­
mentation of efficient security solutions. One of the important points to
keep in mind is that big data generation comes from smart grids, and
efficient methods for analyzing them are valuable for extracting infor­
mation. It should be noted that without extracting useful information
from the network, the gathered information has little value. In this re­
gard, paper [179] presented an assessment framework to analyze tran­
sient constancy that used ELM which indicated effective computational
speed and accuracy.
Also, ML can be applied in SG for different security applications. For
instance, authors of the papers [125,180] have proposed the application
of ML and optimization algorithms to develop stability for unplanned
islanding in MG, which analyzed big data for prediction, monitoring and
detecting cyber-attacks incidents which happen before the stabilization
stage. Several approaches dealt with the issue of cyber security
improvement and detection mechanisms in SGs. For example, in the
reference [181], authors proposed a multiple-layer perceptron (MLP)
and a diagnostic approach based on classifiers for CyAs in SG systems. In
this research, the MLP classifier has been presented by samples of
training of area control error (ACE) amounts gathered by compromised
and normal states. The appropriate ACE signals’ characteristics have
been elicited to estimate the difference of compromised and normal
signals. Then, the classifier efficiency has been assessed utilizing
objective function and an optimal subset. A concise diagram of using ML
techniques is displayed in Fig. 9. However, one of the most important
parts of using ML techniques is in the renewable energy sectors. As can
be seen, ML can be classified into supervised and unsupervised learning.
In supervised learning, large set of labeled data and missing labeled data
can be trained. In unsupervised classification, we have clustering, as­
sociation rule learning, and dimensionality reduction. Each of which can
be categorized into different subsections to detect attacks.
4.2. Signal processing techniques for improving cyber security in SG
Analog or digital Signal Processing (SP) is one of the topics that are
widely used and are still expanding and updating. In general, Digital
Signal Processing (DSP) is a digital processing method that uses digital
signal processors to recognize, detect, encode, decode, optimize, and
perform signal processing. The signals that are processed using this
method can generally be a sequence of numbers that represent samples
of a continuous function or variable in the domains of time, space, or
frequency. DSP applications are widely used in sound processing, speech
processing, radar frequency processing, sonar processing, as well as
other sensor arrays, or in other areas such as statistical signal processing,
system spectral density estimation, digital image processing, telecom­
munication signal processing., control systems and seismology and
many others [182].
DSPs can be also comprised of linear and non-linear operators. In
order to process the nonlinear signal, we generally need to identify the
nonlinear system, so this system can be implemented in time, frequency,
or space-time domains. With the expansion of the use of digital systems,
the use of digital computing in signal processing has become much more
widespread than analog processing. Therefore, digital processing in
fields such as error correction and identification in communication and
data compression gives many advantages to users. One of the important
points is that DSP can be used both for static and stored data and for
streaming data. Since in the real world signals are analog, in order to
analyze a continuous analog signal, this signal must be digitized by an
Analog-to-Digital Converter (ADC). Another important topic is the
sampling of these signals, which are usually discretized and quantified
in two stages. Discretization is a process in which the signal is divided
into equal time intervals. In each interval, the signal is represented by a
measured amplitude [60]. In quantification, each domain of measure­
ment is approximated by a value from a limited and small set. For
example, rounding real numbers to integers can be mentioned as an
example of this technique.
M. Ghiasi et al.
Fig. 9. The use of ML in SG protection.
Discrete Wavelet Transform (DWT) and Fourier transform can be
mentioned from numerical analysis and distribution analysis methods.
In (DWT, wavelets can be sampled discretely whenever possible. The
main advantage of wavelet transforms over the Fourier transform is its
time resolution. In this conversion, generally both frequency informa­
tion and location information are received from the system. However, in
general and according to the principle of uncertainty, the accuracy of
time-frequency separation in this case is limited in time-frequency do­
mains. Using combination of effective methods based on artificial in­
telligence and signal processing approaches such as Hilbert Huang
Transform (HHT), wavelet singular values or wavelet singular entropy,
and Fourier singular values for detecting cyber-attacks can make SGs
more secure and resilient against these types of attacks, which in turn,
help to enhance the stability of CPS. Some papers have used signal
processing techniques to deal with cyber-attacks, for instance, refer­
ences [17,82,97] the authors have used wavelet singular entropy and
HHT to detect FDIA which enhance the security in the DC-MGs. The
proposed method has analyzed the current and voltage signals in con­
trollers and sensors by extracting the signal details. In reference [125],
authors proposed a combination of wavelet singular values and deep
machine learning to detect an attack on SG.
In terms of topology and configuration, SGs have distributed
equipment that is structurally interconnected, which monitoring of this
network can be done through the analysis of continuous data stream
signals from various measuring devices located throughout the system.
A good example here is the paper [183], which used Graph Signal
Processing (GSP) to display and analyze power grid measurement data.
This paper illustrated that GSP can enable various analyzes for the
structural data of the power grid and the dynamics of its interconnected
components. Also, in this study, the effects of different cyber and
physical tensions in the SGs have been evaluated and investigated both
in the vertex and frequency domains of the signal diagram. Different
techniques for detecting and locating cyber and physical attacks based
13
Electric Power Systems Research 215 (2023) 108975
on GSP techniques have been presented and their performance has been
evaluated and compared. The presented study confirmed that GSP can
be a suitable approach for SG data analysis.
4.3. Blockchain techniques in SG
The use of blockchain technology in modern power systems is
expanding and this technology requires a coherent structure based on
validation, computing and storing data. In this regard, first we should
know the approaches data validation and storing methods [184].
Distributed Ledger Technology (DLT), as a database, is defined to
replicate and share and synchronize data between distributed numerous
devices [185]. In DLT, the data is saved in a sequence arrange and it
makes a digital ledger series. Whenever a block which contains a data
collection is included into the chain, this data is notable to be modified
again whit any authorities. Therefore, this system will be inherently
tamper-proof [186]. In Fig. 10, based on the processing of validating and
storing data, the DLT is basically categorized into 3 kinds including
Tempol ledger, blockchain, and directed graph data. High penetration
and using blockchain in practical applications has been well studied.
Blockchain technology is also subdivided into four categories consist of
blockchain one for doing uncomplicated cryptographic currency pur­
poses, blockchain two for smart contract utility purposes, blockchain
three for distributed use purposes, and blockchain four for education
purposes [187].
It should also be noted that blockchain is a Peer-To-Peer (P2P)
distributed network database whose security is enabled using several
encryption technologies. Various formats of blockchain technology are
suggested to meet various needs and practical applications according to
the mechanism of consensus and network openness including private,
consortium, and public.
M. Ghiasi et al. Electric Power Systems Research 215 (2023) 108975

Fig. 10. Classification of distributed ledger technology.

4.3.1. Applications of blockchain in SG

For different applications in SG, the selection of the type in block­
chains should be considered from the nodes classes and the anonymity
need. Also computational performance and limitation on accessibility
should be given into account [188,189]. The investigation into block­
chain for cyber-security in SG is basically classified into three different
levels including (1) communications and field measurement; (2) gen­
eration and transmission of power; and (3) distribution and utilization of
power. In reference [190], authors have proposed the blockchain-based
smart meter for protecting the accuracy and covertness of electrical
power consumption data of customers. In Fig. 11, the operational dia­
gram of blockchain-based smart meter is given.
By integrating blockchain and optimization approaches including
economical load distribution and dynamic load redistributing in systems
of transmitting, the security of sending and receiving network infor­
mation can be increased by using smart contracts and Decentralized
Fig. 12. Blockchain-assisted economic dispatch strategy.
Application Services (DAPPS). For instance, the economic distribution
function system can automatically request tenders from the bidder using
blockchain technology. Also, it can sort the wholesale electricity market for the location used for smart contracts.
by tender, and provide the demanded power quantities and settled Various blockchains can be used in the main energy grid for various
electrical power costs. In this regard, in paper [191], the authors pro­ applications and securing the exchanged information, for example, real-
vided a blockchain- supported economic dispatch strategy for operation time and online monitoring in the energy management system or energy
of the system of power distribution which the mechanism is given in bidding in the wholesale electricity market can be done based on this
Fig. 12. As can be seen from this schematic, in blockchain, peers framework. By using blockchain technology in the cyber system of SGs,
(counterparts) are accountable for execution of smart contracts and it is possible to update and support operations and develop the security
transactions, as well as keeping global status and data of transactions as of transactions. It is also possible to perform automatic machine-to-
the head office distributed in the structure. Customers and system op­ machine transactions that require cyber security, such as auctions,
erators can connect the blockchain by communication of a peer via the bidding and payments in smart networks. An important point is that the
Fabric Certification Mechanisms (FCA). After connecting the block­ main network of the blockchain technology in SGs will be related to the
chain, customers renew their electrical power production and con­ controlling and monitoring system such as the national energy grid,
sumption priorities, for example, marginal prices of electrical power network operators, operation the meters, as well as maintenance com­
production and marginal facilities for electrical power consumption and panies, which are the higher monitoring system of the SCADA network.
renewed global priorities are saved in the blockchain. Operators of the Using this technology, users can have full access to the main network,
system are able to access preferential data from the global government and will be able to monitor, make changes to smart contracts, and send
and send an economic submission to receive the final price of electricity information more securely to networks like local area network.

Fig. 11. A typical operational diagram of a blockchain-based smart meter.

14
M. Ghiasi et al. Electric Power Systems Research 215 (2023) 108975

4.4. Quantum computing (QC) in smart grid energy systems

In classical computers, operations are performed digitally by infor­

mation conversion into a set of binary bits or digits, then work on the
bits by Integrated Circuits (ICs) that contain lots of transistors. In binary
systems only 2 executable amounts of 0 or 1 per bit exists. Data pro­
cessing in this type of computer is done by manipulating these bits. QC is
a fundamental change in the data processing system that researchers are
currently working on and can bring about fundamental changes in
computing. In a quantum-based computer, data is also processed as bits’
set, which is qubits, where a qubit can be like a normal 0 or 1 bit, except
that a qubit may be in both at the same time. This computational ability,
in which both possible binary modes can operate, will lead to potential
exponential scalability in the qubits’ number in computing of the sys­
tem, which is a tremendous advantage [54]. Therefore, by a qubit’s
features, 2 N numbers can be used simultaneously with N qubits. Also,
computers which using this processing technology and computational
algorithms are able to process data far more quickly and consume lower
power toward conventional computers.
With the advent of intelligent technology and the use of various
protocols and techniques to optimize the network and secure informa­ Fig. 13. Big data characteristics.
tion such as blockchain, as well as the possible analysis of transient
stability or the IoT with a large number of customers in the power sys­ targeted in cyber-attacks including Financial Information (FI) and In­
tem, the need for high processing capabilities with less consumption is tellectual Property (IP) have been shown in Fig. 14. As can be seen, FI
felt more than before. Therefore, using quantum computing can be very and IP can be very appealing objectives for attackers, who are attacked
useful in smart networks. This technology can be a suitable way to detect in about 80% of cases. Data of research and other information and
cyber-attacks and malwares in SG. systems of control have been also other main objectives of the attack.
Recently, some studies have been done in this field, for instance, Given the components connected to the Internet, information generated
papers [192,193] dealt with QC and its challenges in power systems. In from IoT devices is a major attack option, which alone can be sufficient
the paper [194], authors have reviewed using QC in different parts of to show the importance of attention and the requirement for
SGs as well as software tools, quantum hardware specifications, and cyber-protection for systems of SG.
algorithms and their analysis. In [195], using a Quantum Direct
Communication (QDC) method, a method for flexible power networks is 5. Role of cyber-security in the future of SG
presented along with providing highly secure communication. In this
approach, the authors have claimed to use QDC with a security scheme As discussed in detail, SG cyber security against sophisticated cyber-
based on information theory. Using suitable programming software can attacks is one of the challenges that can disrupt the provision of services
make its implementation easier. Also, different models of cyber-attacks to customers. Different types of cyber-attacks show that smart power
can be checked using these models. For example, in reference [196], the systems can be vulnerable to different cyber-attacks. Since the IoT-based
authors have used an open source framework based on Python, in order SG is highly dependent on the Internet and information and communi­
to implement the QDC network. In this study, QDC protocols against cation technology, flexible information and communication technology
eavesdropping attacks have also been investigated. To evaluate security is a prerequisite for reliable performance in SG applications. Thus,
in smart network communications, as well as quantum encryption al­ cyber-attacks can create a challenge for equipment and objects related to
gorithms, other articles such as [197,198] have reviewed using QC for the Internet network. Due to the many types of cyber-attack in the smart
securing data, cryptographic methods, and communication protocols in energy system, existing methods are evolving and updating, and new
SGs. countermeasures are being developed by researchers. Another point is

4.5. SG with big data analysis

As aforementioned, to move towards SG power, we will have to

integrate IoT devices into each part of the infrastructure of the network.
These devices must be able to communicate with different devices and
controlling centers and transmit valuable information. Therefore, huge
volumes of data will be produced in a coordinated network, which will
pose challenges for customary approaches of transmission of data,
storage and evaluations [199]. Fig. 13 defines three sectors of big data.
As can be seen, large data with several variations can be produced,
stored, and sent at a fast speed. Other intelligent items like smart homes,
smart cities, and smart transportation with huge amounts of data also
need critical big data analysis.
Integrating IoT into SG systems will create a complicated inter­
connected web with big data volume. This amount of data will be stored
into cloud storages, which will create serious cyber threats [200].
Cyber-security issues of such complicated networks of power systems are
completely critical in the supply and the demand sides [61,82,201]. In
SG systems, cyber-attacks can be implemented for causing damage to
CPS components. The most important system assets that are most Fig. 14. Typical targets of cyber-attacks.

15
M. Ghiasi et al.
definitely the evolution of a SG mechanism based on blockchain with
intrusion diagnose system and DAPPS, particularly for SG uses with
different architectures. For example, a test mechanism for blockchain-
enabled SGs can be created with regards to various DDoS-attack, rout­
ing-attack and Sybil-attack. We highlight, in the following, the potential
research directions for the future of smart power distribution systems.
New security technologies such as blockchain in smart contracting
can be done in a distributed behavior, where the blockchain grid of the
system of entire transmittance will be created by combining distributed
blockchain grids. This could potentially address the failure in increasing
the level of penetration of DGs and hamper the transmission from
malfunctioning and creating a breaking point. For instance, a system of
power transmittance can be separated into several zones, each of which
is monitored by ICT-enabled IoT devices and control algorithms. In
order to have a cyber-secured RTUs and IEDs controlling system in SG,
the smart blockchain-based meters can be developed with complicated
algorithms. It can be used in DG controllers for commanding DG outputs
to regulate voltage and power quality. These issues make cyber security
in SGs unpredictable and dynamic. Considering these issues, we can
better understand the growing trend, threats and future technologies in
SGs.
In this regard, it is necessary to provide suitable solutions and ap­
plications in order to identify and deal with them for the smart grid.
Considering that this field is expected to be increasingly expanded in the
coming years, providing practical suggestions in the security of the
future intelligent network can be a way forward. Therefore, studies and
future research process can be explained as follows:
• Accurate recognition and constant updating of different methods of
detecting cyber-attacks in the smart energy network
• Updating and creating effective methods of dealing with cyber-
attacks.
• Creating backup information storage networks in cloud platforms.
• Changing, updating, or creating new communication protocols with
high security in order to prevent the access of attackers according to
the needs of smart energy network programs.
• Designing and updating global standard platforms for having a
secure communication in SGs programs
• Investigating new methods of information analysis, like data mining
and according to the knowledge recognition, information theory,
neural networks, and machine learning in order to evaluate cyber
security methods.
• Updating smart grid information and equipment related to the grid
and assessing cyber security consequences caused by the integration
of DERs in SGs and energy systems.
• Encrypting information exchanged between equipment on the
internet platform in a smart network, such as using blockchain
technology.
• Use of security dynamic evolutionary techniques, especially for
smart sensors and meters.
• Developing dynamic communication ports and effective methods to
identify, prevent and warn for unexpected variations in the behavior
of consumers and equipment related to the network.
• Providing optimal architecture and hardware frameworks for cyber
defense.
• Development of dynamic self-healing systems like cloud-based
flexibility.
• Development of smart network devices and applications based on the
IoT in order to perform safer transactions.
6. Conclusion
As a result of advancement of intelligent technologies in smart power
systems, different structures of power systems of cyber–physical nature
are further prone to cyber-attacks. The use of intelligent methods, based
on machine learning techniques, will enhance the operation of the smart
16
Electric Power Systems Research 215 (2023) 108975
power grids in terms of efficiency and failure prevention. Knowing the
different methods of cyber-attacks in the power systems and how to deal
with them will make the network more resilient. This article presented a
systematic review of different methods and cutting-edge techniques and
possible solution approaches for cyber-security in SGs. We discussed the
interactive features of cyber–physical power systems, connections, and
interactions between power systems and cyber systems. Furthermore,
different cyber-attacks in SGs and their models and mechanisms have
been reviewed and summarized in detail. In addition, the characteristics
and applicability of such related models have been technically analyzed.
Various cyber characteristics of wireless sensor networks, big data
analysis, IoTs, and technologies like blockchain and quantum computing
used in SGs have been comprehensively discussed. Finally, some
possible applications of using new techniques and their roles in
improving cyber-security in the futuristic SGs were presented. Knowing
the different methods of cyber-attacks on the SGs and energy systems as
well as applicable, possible and up-to-date defense mechanisms, can
effectively give researchers the opportunity to effectively study them,
and to improve various methods to deal with the new forms of cyber-
attacks in SGs and energy systems.
Declaration of Competing Interest
The authors declare that they have no known competing financial
interests or personal relationships that could have appeared to influence
the work reported in this paper.
Data availability
No data was used for the research described in the article.
References
[1] M. Ghiasi, Detailed study, multi-objective optimization, and design of an AC-DC
smart microgrid with hybrid renewable energy resources, Energy 169 (2019)
496–507.
[2] M.H. Khooban, T. Niknam, F. Blaabjerg, M. Dehghani, Free chattering hybrid
sliding mode control for a class of non-linear systems: electric vehicles as a case
study, IET Sci. Meas. Technol. 10 (2016) 776–785.
[3] M. Ghiasi, S. Esmaeilnamazi, R. Ghiasi, M. Fathi, Role of renewable energy
sources in evaluating technical and economic efficiency of power quality,
Technol. Econ. Smart Grids Sustain. Energy 5 (2020) 1.
[4] M. Dehghani, M.H. Khooban, T. Niknam, S. Rafiei, Time-varying sliding mode
control strategy for multibus low-voltage microgrids with parallel connected
renewable power sources in islanding mode, J. Energy Eng. 142 (2016),
05016002.
[5] B. Arbab-Zavar, E.J. Palacios-Garcia, J.C. Vasquez, J.M. Guerrero, Smart inverters
for microgrid applications: a review, Energies 12 (2019) 840.
[6] M. Dehghani, A. Kavousi-Fard, T. Niknam, O. Avatefipour, A robust voltage and
current controller of parallel inverters in smart island: a novel approach, Energy
214 (2021), 118879.
[7] M. Ghiasi, N. Ghadimi, E. Ahmadinia, An analytical methodology for reliability
assessment and failure analysis in distributed power system, SN Appl. Sci. 1
(2018) 44.
[8] B. Li, M. Ghiasi, A new strategy for economic virtual power plant utilization in
electricity market considering energy storage effects and ancillary services,
J. Electr. Eng. Technol. (2021).
[9] N. Bayati, H.R. Baghaee, A. Hajizadeh, M. Soltani, Localized protection of radial
DC microgrids with high penetration of constant power loads, IEEE Syst. J.
(2020) 1–12.
[10] M. Fathi, M. Ghiasi, Optimal DG placement to find optimal voltage profile
considering minimum DG investment cost in smart neighborhood, Smart Cities 2
(2019) 328–344.
[11] Y. Xiang, X. Lu, Z. Yu, D. Shi, H. Li, Z. Wang, IoT and edge computing based direct
load control for fast adaptive frequency regulation, in: Proceedings of the IEEE
Power & Energy Society General Meeting (PESGM), IEEE, 2019, pp. 1–5.
[12] B.S. Balaji, P.V. Raja, A. Nayyar, P. Sanjeevikumar, S. Pandiyan, Enhancement of
security and handling the inconspicuousness in IoT using a simple size extensible
blockchain, Energies 13 (2020) 1795.
[13] M. Ghiasi, E. Ahmadinia, M. Lariche, H. Zarrabi, R. Simoes, A new spinning
reserve requirement prediction with hybrid model, Smart Sci. 6 (2018) 212–221.
[14] M. Ghiasi, M. Irani Jam, M. Teimourian, H. Zarrabi, N. Yousefi, A new prediction
model of electricity load based on hybrid forecast engine, Int. J. Ambient Energy
40 (2019) 179–186.
M. Ghiasi et al.
[15] H. Karimi, T. Niknam, M. Dehghani, M. Ghiasi, M. Ghasemigarpachi,
S. Padmanaban, et al., Automated distribution networks reliability optimization
in the presence of dg units considering probability customer interruption: a
practical case study, IEEE Access 9 (2021) 98490–98505.
[16] M. Ghiasi, M. Dehghani, T. Niknam, H.R. Baghaee, S. Padmanaban, G.
B. Gharehpetian, et al., Resiliency/cost-based optimal design of distribution
network to maintain power system stability against physical attacks: a practical
study case, IEEE Access 9 (2021) 43862–43875.
[17] M. Ghiasi, M. Dehghani, T. Niknam, A. Kavousi-Fard, P. Siano, H.H. Alhelou,
Cyber-attack detection and cyber-security enhancement in smart DC-microgrid
based on blockchain technology and hilbert huang transform, IEEE Access 9
(2021) 29429–29440.
[18] S. Mehrdad, S. Mousavian, G. Madraki, Y. Dvorkin, Cyber-physical resilience of
electrical power systems against malicious attacks: a review, Current Sustain./
Renew. Energy Reports 5 (2018) 14–22.
[19] S. Mousavian, M. Erol-Kantarci, T. Ortmeyer, Cyber attack protection for a
resilient electric vehicle infrastructure, in: 2015 IEEE Globecom Workshops (GC
Wkshps), 2015, pp. 1–6.
[20] X. Hu, S. Zhou, T. Chen, M. Ghiasi, Optimal energy management of a DC power
traction system in an urban electric railway network with dogleg method, in:
Energy Sources, Part A: Recovery, Utilization, and Environmental Effects, 2021.
[21] M. Ghiasi, J. Olamaei, Optimal capacitor placement to minimizing cost and power
loss in Tehran metro power distribution system using ETAP (A case study),
Complexity 21 (2016) 483–493.
[22] M. Ghiasi, Technical and economic evaluation of power quality performance
using FACTS devices considering renewable generations, Renew. Energy Focus 29
(2019) 49–62.
[23] M. Ghiasi, A detailed study for load flow analysis in distributed power system, Int.
J. Ind. Electron. Control Optim. 1 (2018) 159–160.
[24] A. Ramezani, M. Ghiasi, M. Dehghani, T. Niknam, P. Siano, H.H. Alhelou,
Reduction of ripple toothed torque in the internal permanent magnet electric
motor by creating optimal combination of holes in the rotor surface considering
harmonic effects, IEEE Access 8 (2020) 215107–215124.
[25] P. Duan, H. Soleimani, A. Ghazanfari, M. Dehghani, Distributed energy
management in smart grids based on cloud-fog layer architecture considering
PHEVs, IEEE Trans. Ind. Appl. (2020), 1-1.
[26] Mohammad Ghiasi, Taher Niknam, Moslem Dehghani, Hamid Reza Baghaee,
Zhanle Wang, Mohammad Mehdi Ghanbarian, et al., Multipurpose FCS model
predictive control of VSC-based microgrids for islanded and grid-connected
operation modes, IEEE Syst. J. (2022) 1–12.
[27] M. Ghiasi, Z. Wang, M. Mehrandezh, S. Jalilian, N. Ghadimi, Evolution of smart
grids toward the internet of energy: concept and essential components for deep
decarbonization, IET Smart Grid (2022) 1–15.
[28] S. Abdollahy, A. Mammoli, F. Cheng, A. Ellis, J. Johnson, Distributed
compensation of a large intermittent energy resource in a distribution feeder, in:
2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT), 2013,
pp. 1–6.
[29] S. Sahoo, T. Dragičević, F. Blaabjerg, Cyber security in control of grid-tied power
electronic converters–challenges and vulnerabilities, IEEE J. Emerg. Sel. Top
Power Electron. (2019).
[30] L. Sgrafetto, P. Emmerich, M. Klingel, Smart grids and data–exploring emerging
data-driven solutions for distribution system operators, in: PESS2020; IEEE Power
and Energy Student Summit, 2020, pp. 1–6.
[31] S. Mousavian, M. Erol-Kantarci, L. Wu, T. Ortmeyer, A risk-based optimization
model for electric vehicle infrastructure response to cyber attacks, IEEE Trans.
Smart Grid 9 (2017) 6160–6169.
[32] E. Hossain, I. Khan, F. Un-Noor, S.S. Sikander, M.S.H. Sunny, Application of big
data and machine learning in smart grid, and associated security concerns: a
review, IEEE Access 7 (2019) 13960–13988.
[33] L. Siyi, H. Aliev, Quality of service assessment routing protocols for performance
in a smart building: a case study, Energy Sources, Part A: Recovery, Utilization,
and Environ. Effects 44 (2022) 7217–7236.
[34] A. Amato, R. Aversa, B. Di Martino, S. Venticinque, A cyber physical system of
smart micro-grids, in: 2016 19th International Conference on Network-Based
Information Systems (NBiS), 2016, pp. 165–172.
[35] A.N. Babadi, S. Nouri, S. Khalaj, Challenges and opportunities of the integration
of IoT and smart grid in Iran transmission power system, in: 2017 Smart Grid
Conference (SGC), 2017, pp. 1–6.
[36] C. Choi, J. Choi, Ontology-based security context reasoning for power IoT-cloud
security service, IEEE Access 7 (2019) 110510–110517.
[37] J. Shishido, E.U. Solutions, Smart meter data quality insights, ACEEE Summer
Study on Energy Efficiency in Build. (2012) 277–288.
[38] S. Aman, Y. Simmhan, V.K. Prasanna, Holistic measures for evaluating prediction
models in smart grids, IEEE Trans. Knowl. Data Eng. 27 (2014) 475–488.
[39] S. Aman, M. Frincu, C. Chelmis, M. Noor, Y. Simmhan, V.K. Prasanna, Prediction
models for dynamic demand response: requirements, challenges, and insights, in:
Proceedings of the IEEE International Conference on Smart Grid Communications
(SmartGridComm), IEEE, 2015, pp. 338–343.
[40] B. Raouf, S. Mousavian, K. Ghazinour, Interconnected and complex electric power
and transportation systems: a SWOT analysis. Current Sustainable/Renewable
Energy Reports, 2021, pp. 1–15.
[41] H. Song, G. Fink, S. Jeschke, Security and Privacy in Cyber-Physical Systems,
Wiley Online Library, 2017.
[42] R. Talavera-Llames, R. Pérez-Chacón, A. Troncoso, F. Martínez-Álvarez, Big data
time series forecasting based on nearest neighbours distributed computing with
Spark, Knowl. Based Syst. 161 (2018) 12–25.
17
Electric Power Systems Research 215 (2023) 108975
[43] M. Pourbehzadi, T. Niknam, J. Aghaei, A. Kavousi-Fard, A. Dehghan, Stochastic
energy management in renewable-based microgrids under correlated
environment, in: 2020 IEEE International Conference on Environment and
Electrical Engineering and 2020 IEEE Industrial and Commercial Power Systems
Europe (EEEIC/I&CPS Europe), 2020, pp. 1–6.
[44] M. Dabbaghjamanesh, A. Kavousi-Fard, Z.Y. Dong, A novel distributed cloud-fog
based framework for energy management of networked microgrids, IEEE Trans.
Power Syst. 35 (2020) 2847–2862.
[45] M.R. Forozan Nasab, J. Olamaei, Reactive power management in micro grid with
considering power generation uncertainty and state estimation, Signal Process.
Renew. Energy 3 (2019) 25–35.
[46] E. Fouladi, H.R. Baghaee, M. Bagheri, G.B. Gharehpetian, Power management of
microgrids including PHEVs based on maximum employment of renewable
energy resources, IEEE Trans. Ind. Appl. 56 (2020) 5299–5307.
[47] S. Talari, M. Shafie-Khah, N. Mahmoudi, P. Siano, W. Wei, J.P. Catalão, Optimal
management of demand response aggregators considering customers’ preferences
within distribution networks, IET Gener. Transm. Distrib. 14 (2020) 5571–5579.
[48] G. Kumar, P. Kaliannan, S. Padmanaban, J.B. Holm-Nielsen, F. Blaabjerg,
Effective management system for solar PV using real-time data with hybrid
energy storage system, Appl. Sci. 10 (2020) 1108.
[49] P. Singh, B. Khan, O.P. Mahela, H.Haes Alhelou, G. Hayek, Managing energy plus
performance in data centers and battery-based devices using an online non-
clairvoyant speed-bounded multiprocessor scheduling, Appl. Sci. 10 (2020) 2459.
[50] P.D. Diamantoulakis, V.M. Kapinas, G.K. Karagiannidis, Big data analytics for
dynamic energy management in smart grids, Big Data Res. 2 (2015) 94–101.
[51] A. Arjomandi-Nezhad, M. Fotuhi-Firuzabad, M. Moeini-Aghtaie, A. Safdarian,
P. Dehghanian, F. Wang, Modeling and optimizing recovery strategies for power
distribution system resilience, IEEE Syst. J. (2020) 1–10.
[52] M. El-Hendawi, Z. Wang, An ensemble method of full wavelet packet transform
and neural network for short term electrical load forecasting, Electr. Power Syst.
Res. 182 (2020), 106265.
[53] K. Ginigeme, Z. Wang, Distributed optimal vehicle-to-grid approaches with
consideration of battery degradation cost under real-time pricing, IEEE Access 8
(2020) 5225–5235.
[54] R. Eskandarpour, P. Gokhale, A. Khodaei, F.T. Chong, A. Passo, S. Bahramirad,
Quantum computing for enhancing grid security, IEEE Trans. Power Syst. 35
(2020) 4135–4137.
[55] Q. Ou, Y. Zhen, X. Li, Y. Zhang, L. Zeng, Application of internet of things in smart
grid power transmission, in: 2012 Third FTRA International Conference on
Mobile, Ubiquitous, and Intelligent Computing, 2012, pp. 96–100.
[56] G. Wibisono, S.G. Permata, A. Awaludin, P. Suhasfan, Development of advanced
metering infrastructure based on LoRa WAN in PLN Bali toward Bali Eco smart
grid, in: 2017 Saudi Arabia SmartGrid (SASG), 2017, pp. 1–4.
[57] H. Mortaji, S.H. Ow, M. Moghavvemi, H.A.F. Almurib, Load shedding and smart-
direct load control using internet of things in smart grid demand response
management, IEEE Trans. Ind. Appl. 53 (2017) 5155–5163.
[58] A. Anwar and A.N. Mahmood, "Cyber security of smart grid infrastructure," arXiv
preprint arXiv:1401.3936, 2014.
[59] Y. Liu, P. Ning, M.K. Reiter, False data injection attacks against state estimation in
electric power grids, ACM Trans. Inf. Syst. Secur. (TISSEC) 14 (2011) 13.
[60] M. Dehghani, M. Ghiasi, M. GhasemiGarpachi, T. Niknam, A. Kavousi-Fard,
H. Shirazi, Stabilization of DC/DC converter with constant power load using exact
feedback linearization method based on backstepping sliding mode control and
nonlinear disturbance observer, in: 2021 12th Power Electronics, Drive Systems,
and Technologies Conference (PEDSTC), 2021, pp. 1–6.
[61] M.R. Habibi, H.R. Baghaee, T. Dragičević, F. Blaabjerg, False data injection cyber-
attacks mitigation in parallel dc/dc converters based on artificial neural
networks, IEEE Trans. Circuits and Syst. II: Express Briefs (2020).
[62] H.S. Sánchez, D. Rotondo, T. Escobet, V. Puig, J. Quevedo, Bibliographical review
on cyber attacks from a control oriented perspective, Annu. Rev. Control 48
(2019) 103–128.
[63] F. Pasqualetti, F. Dörfler, F. Bullo, Attack detection and identification in cyber-
physical systems, IEEE Trans. Autom. Control 58 (2013) 2715–2729.
[64] M. Dehghani, T. Niknam, M. Ghiasi, P. Siano, H. Haes Alhelou, A. Al-Hinai,
Fourier singular values-based false data injection attack detection in AC smart-
grids, Appl. Sci. 11 (2021) 5706.
[65] Y. Shen, M. Fei, D. Du, Cyber security study for power systems under denial of
service attacks, Trans. Inst. Meas. Control 41 (2019) 1600–1614.
[66] Y. Li, Z. Li, L. Chen, Dynamic state estimation of generators under cyber attacks,
IEEE Access 7 (2019) 125253–125267.
[67] S. Amin, A.A. Cárdenas, S.S. Sastry, Safe and secure networked control systems
under denial-of-service attacks, in: International Workshop on Hybrid Systems:
Computation and Control, 2009, pp. 31–45.
[68] A. Teixeira, I. Shames, H. Sandberg, K.H. Johansson, A secure control framework
for resource-limited adversaries, Automatica 51 (2015) 135–148.
[69] A. Cetinkaya, H. Ishii, T. Hayakawa, An overview on denial-of-service attacks in
control systems: attack models and security analyses, Entropy 21 (2019) 210.
[70] S. Mousavian, J. Valenzuela, J. Wang, A probabilistic risk mitigation model for
cyber-attacks to PMU networks, IEEE Trans. Power Syst. 30 (2014) 156–165.
[71] Y. Li, P. Zhang, L. Ma, Denial of service attack and defense method on load
frequency control system, J. Franklin Inst. 356 (2019) 8625–8645.
[72] H.H. Alhelou, M.E.H. Golshan, N.D. Hatziargyriou, A decentralized functional
observer based optimal lfc considering unknown inputs, uncertainties, and cyber-
attacks, IEEE Trans. Power Syst. 34 (2019) 4408–4417.
M. Ghiasi et al.
[73] J. Liu, Y. Gu, L. Zha, Y. Liu, J. Cao, Event-triggered $ H_\infty $ load frequency
control for multiarea power systems under hybrid cyber attacks, IEEE Trans. Syst.
Man Cybern. Syst. 49 (2019) 1665–1678.
[74] Q. Wang, W. Tai, Y. Tang, H. Zhu, M. Zhang, D. Zhou, Coordinated defense of
distributed denial of service attacks against the multi-area load frequency control
services, Energies 12 (2019) 2493.
[75] H. Cui, X. Dong, H. Deng, M. Dehghani, K. Alsubhi, H.M.A. Aljahdali, Cyber
attack detection process in sensor of dc micro-grids under electric vehicle based
on hilbert-huang transform and deep learning, IEEE Sens. J. (2020), 1-1.
[76] M. Dehghani, A. Kavousi-Fard, M. Dabaghjamanesh, O. Avatefipour, Deep
learning based method for false data injection attack detection in AC smart
islands, IET Gener. Transm. Distrib. (2020).
[77] G.A. Jaafar, S.M. Abdullah, S. Ismail, Review of recent detection methods for
HTTP DDoS attack, J. Comput. Netw. Commun. vol. 2019 (2019).
[78] M. NAYERİPOUR, A.H. RAJAEİ, M.M. GHANBARİAN, M. DEHGHANİ, Fault
detection and classification in transmission lines based on a combination of
wavelet singular values and fuzzy logic, Cumhuriyet University Faculty of Sci. Sci.
J. (CSJ) 36 (2015).
[79] M. Ghiasi, A comparative study on common power flow techniques in the power
distribution system of the Tehran metro, Tehnički glasnik 12 (2018) 244–250.
[80] M.S. Mahmoud, M.M. Hamdan, U.A. Baroudi, Modeling and control of cyber-
physical systems subject to cyber attacks: a survey of recent advances and
challenges, Neurocomputing 338 (2019) 101–115.
[81] S. Sridhar, G. Manimaran, Data integrity attacks and their impacts on SCADA
control system, in: IEEE PES general meeting, 2010, pp. 1–6.
[82] M. Dehghani, M. Ghiasi, T. Niknam, A. Kavousi-Fard, S. Padmanaban, False data
injection attack detection based on hilbert-huang transform in AC smart islands,
IEEE Access 8 (2020) 179002–179017.
[83] M. Dehghani, M.H. Khooban, T. Niknam, Fast fault detection and classification
based on a combination of wavelet singular entropy theory and fuzzy logic in
distribution lines in the presence of distributed generations, Int. J. Electric. Power
Energy Syst. 78 (2016) 455–462.
[84] M. Ghiasi, M. Dehghani, T. Niknam, A. Kavousi-Fard, Investigating overall
structure of cyber-attacks on smart-grid control systems to improve cyber
resilience in power system, IEEE Smart Grid Newsletter (2020).
[85] R. Tan, H.H. Nguyen, E.Y. Foo, D.K. Yau, Z. Kalbarczyk, R.K. Iyer, et al., Modeling
and mitigating impact of false data injection attacks on automatic generation
control, IEEE Trans. Inf. Forensics Secur. 12 (2017) 1609–1624.
[86] S. Sridhar, M. Govindarasu, Model-based attack detection and mitigation for
automatic generation control, IEEE Trans. Smart Grid 5 (2014) 580–591.
[87] A. Jevtic, F. Zhang, Q. Li, M. Ilic, Physics-and learning-based detection and
localization of false data injections in automatic generation control, IFAC-
PapersOnLine 51 (2018) 702–707.
[88] A. Teixeira, D. Pérez, H. Sandberg, K.H. Johansson, Attack models and scenarios
for networked control systems, in: Proceedings of the 1st international conference
on High Confidence Networked Systems, 2012, pp. 55–64.
[89] A. Abbaspour, A. Sargolzaei, P. Forouzannezhad, K.K. Yen, A.I. Sarwat, Resilient
control design for load frequency control system under false data injection
attacks, IEEE Trans. Ind. Electron. 67 (2019) 7951–7962.
[90] N. Bayati, H.R. Baghaee, A. Hajizadeh, M. Soltani, Z. Lin, Mathematical
morphology-based local fault detection in DC Microgrid clusters, Electric Power
Syst. Res. (2020), 106981.
[91] A. Kavousi-Fard, W. Su, T. Jin, A machine-learning-based cyber attack detection
model for wireless sensor networks in microgrids, IEEE Trans. Ind. Inf. 17 (2021)
650–658.
[92] A. Afshari, M. Karrari, H.R. Baghaee, G.B. Gharehpetian, Resilient
synchronization of voltage/frequency in AC microgrids under deception attacks,
IEEE Syst. J. (2020) 1–12.
[93] R. Tan, H.H. Nguyen, E.Y. Foo, X. Dong, D.K. Yau, Z. Kalbarczyk, et al., Optimal
false data injection attack against automatic generation control in power grids, in:
Proceedings of the ACM/IEEE 7th International Conference on Cyber-Physical
Systems (ICCPS), ACM/IEEE, 2016, pp. 1–10.
[94] S.D. Roy, S. Debbarma, Detection and mitigation of cyber-attacks on AGC systems
of low inertia power grid, IEEE Syst. J. (2019).
[95] X. Liu, Z. Li, False data attack models, impact analyses and defense strategies in
the electricity grid, Electr. J. 30 (2017) 35–42.
[96] M. Ghiasi, T. Niknam, M. Dehghani, P. Siano, H. Haes Alhelou, A. Al-Hinai,
Optimal multi-operation energy management in smart microgrids in the presence
of RESs based on multi-objective improved DE algorithm: cost-emission based
optimization, Appl. Sci. 11 (2021) 3661.
[97] M. Dehghani, M. Ghiasi, T. Niknam, A. Kavousi-Fard, E. Tajik, S. Padmanaban, et
al., Cyber attack detection based on wavelet singular entropy in AC smart islands:
false data injection attack, IEEE Access 9 (2021), 1-1.
[98] M.R. Habibi, H.R. Baghaee, T. Dragiˇcevi, F. Blaabjerg, Detection of false data
injection cyber-attacks in DC microgrids based on recurrent neural networks,
IEEE J. Emerg. Sel. Top Power Electron. (2020).
[99] D. Ding, Q.L. Han, Y. Xiang, X. Ge, X.M. Zhang, A survey on security control and
attack detection for industrial cyber-physical systems, Neurocomputing 275
(2018) 1674–1683.
[100] H. Shirazi, M. Ghiasi, M. Dehghani, T. Niknam, M.G. Garpachi, A. Ramezani,
Cost-emission control based physical-resilience oriented strategy for optimal
allocation of distributed generation in smart microgrid, in: 2021 7th International
Conference on Control, Instrumentation and Automation (ICCIA), 2021, pp. 1–6.
[101] Y. Mo, B. Sinopoli, Secure control against replay attacks, in: 2009 47th annual
Allerton conference on communication, control, and computing (Allerton), 2009,
pp. 911–918.
18
Electric Power Systems Research 215 (2023) 108975
[102] R. Fritz, P. Zhang, Modeling and detection of cyber attacks on discrete event
systems, IFAC-PapersOnLine 51 (2018) 285–290.
[103] Y. Mo, S. Weerakkody, B. Sinopoli, Physical authentication of control systems:
designing watermarked control inputs to detect counterfeit sensor outputs, IEEE
Control Syst. Mag. 35 (2015) 93–109.
[104] H.S. Sanchez, D. Rotondo, T. Escobet, V. Puig, J. Saludes, J. Quevedo, Detection
of replay attacks in cyber-physical systems using a frequency-based signature,
J. Franklin Inst. 356 (2019) 2798–2824.
[105] A. Hoehn, P. Zhang, Detection of covert attacks and zero dynamics attacks in
cyber-physical systems, in: 2016 American Control Conference (ACC), 2016,
pp. 302–307.
[106] W. Li, L. Xie, Z. Wang, A novel covert agent for stealthy attacks on industrial
control systems using least squares support vector regression, J. Electric. Comput.
Eng. 2018 (2018).
[107] R.S. Smith, Covert misappropriation of networked control systems: presenting a
feedback structure, IEEE Control Syst. Mag. 35 (2015) 82–92.
[108] A.O. de Sá, L.F.R. da Costa Carmo, R.C. Machado, Covert attacks in cyber-physical
control systems, IEEE Trans. Ind. Inf. 13 (2017) 1641–1651.
[109] A.O. de Sá, L.F. da Costa Carmo, R.C. Machado, A controller design for mitigation
of passive system identification attacks in networked control systems, J. Internet
Serv. Appl. 9 (2018) 1–19.
[110] G. Park, C. Lee, H. Shim, Y. Eun, K.H. Johansson, Stealthy adversaries against
uncertain cyber-physical systems: threat of robust zero-dynamics attack, IEEE
Trans. Automat. Contr. 64 (2019) 4907–4919.
[111] Y. Mao, H. Jafarnejadsani, P. Zhao, E. Akyol, N. Hovakimyan, Detectability of
intermittent zero-dynamics attack in networked control systems, in: Proceedings
of the IEEE 58th Conference on Decision and Control (CDC), IEEE, 2019,
pp. 5605–5610.
[112] Y. Wu, Z. Wei, J. Weng, X. Li, R.H. Deng, Resonance attacks on load frequency
control of smart grids, IEEE Trans. Smart Grid 9 (2017) 4490–4502.
[113] A. Abbasspour, A. Sargolzaei, M. Victorio, N. Khoshavi, A neural network-based
approach for detection of time delay switch attack on networked control systems,
Procedia Comput. Sci. 168 (2020) 279–288.
[114] H. Huang, P. Wlazlo, Z. Mao, A. Sahu, K. Davis, A. Goulart, et al., Cyberattack
defense with cyber-physical alert and control logic in industrial controllers, IEEE
Trans. Ind. Appl. 58 (2022) 5921–5934.
[115] Y. Wang, C. Chen, J. Wang, R. Baldick, Research on resilience of power systems
under natural disasters—a review, IEEE Trans. Power Syst. 31 (2016) 1604–1613.
[116] G. Liu, T. Jiang, T.B. Ollis, X. Li, F. Li, K. Tomsovic, Resilient distribution system
leveraging distributed generation and microgrids: a review, IET Energy Syst.
Integr. (2020).
[117] E.W. Prehoda, C. Schelly, J.M. Pearce, US strategic solar photovoltaic-powered
microgrid deployment for enhanced national security, Renew. Sustain. Energy
Rev. 78 (2017) 167–175.
[118] A. Khodaei, Resiliency-oriented microgrid optimal scheduling, IEEE Trans. Smart
Grid 5 (2014) 1584–1591.
[119] M.H. Amirioun, F. Aminifar, H. Lesani, Towards proactive scheduling of
microgrids against extreme floods, IEEE Trans. Smart Grid 9 (2017) 3900–3902.
[120] C. Chen, J. Wang, F. Qiu, D. Zhao, Resilient distribution system by microgrids
formation after natural disasters, IEEE Trans. Smart Grid 7 (2016) 958–966.
[121] A. Hussain, A.O. Rousis, I. Konstantelos, G. Strbac, J. Jeon, H.-.M. Kim, Impact of
uncertainties on resilient operation of microgrids: a data-driven approach, IEEE
Access 7 (2019) 14924–14937.
[122] V. Venkataramanan, A. Hahn, A. Srivastava, CP-SAM: cyber-physical security
assessment metric for monitoring microgrid resiliency, IEEE Trans Smart Grid 11
(2020) 1055–1065.
[123] E. Karangelos, L. Wehenkel, Cyber–physical risk modeling with imperfect cyber-
attackers, Electr. Power Syst. Res. 211 (2022), 108437.
[124] P.K. Jena, S. Ghosh, E. Koley, D.K. Mohanta, I. Kamwa, Design of AC state
estimation based cyber-physical attack for disrupting electricity market operation
under limited sensor information, Electr. Power Syst. Res. 205 (2022), 107732.
[125] M. Dehghani, T. Niknam, M. Ghiasi, N. Bayati, M. Savaghebi, Cyber-attack
detection in DC microgrids based on deep machine learning and wavelet singular
values approach, Electronics (Basel) 10 (2021) 1914.
[126] Z. Zhao, Y. Huang, Z. Zhen, Y. Li, Data-driven false data-injection attack design
and detection in cyber-physical systems, IEEE Trans. Cybern. 51 (2020)
6179–6187.
[127] J. Tian, B. Wang, T. Li, F. Shang, K. Cao, R. Guo, TOTAL: optimal protection
strategy against perfect and imperfect false data injection attacks on power grid
cyber–physical systems, IEEE Internet Things J. 8 (2020) 1001–1015.
[128] L. Sheng, G. Lou, W. Gu, S. Lu, S. Ding, Z. Ye, Optimal communication network
design of microgrids considering cyber-attacks and time-delays, IEEE Trans.
Smart Grid (2022).
[129] Y. Li, X. Wei, Y. Li, Z. Dong, M. Shahidehpour, Detection of false data injection
attacks in smart grid: a secure federated deep learning approach, IEEE Trans.
Smart Grid (2022).
[130] H. Zhang, Y. Qi, H. Zhou, J. Zhang, J. Sun, Testing and defending methods against
DoS attack in state estimation, Asian J. Control 19 (2017) 1295–1305.
[131] C. Yang, J. Zheng, X. Ren, W. Yang, H. Shi, L. Shi, Multi-sensor Kalman filtering
with intermittent measurements, IEEE Trans. Autom. Control 63 (2017) 797–804.
[132] Y. Wu, Y. Li, L. Shi, A game-theoretic approach to remote state estimation in
presence of a dos attacker, IFAC-PapersOnLine 50 (2017) 2595–2600.
[133] Z. Cheng, D. Yue, S. Hu, X. Xie, C. Huang, Detection-based weighted H∞ LFC for
multi-area power systems under DoS attacks, IET Control Theory Appl. 13 (2019)
1909–1919.
M. Ghiasi et al.
[134] C. Peng, J. Li, M. Fei, Resilient event-Triggering $ H_ {\infty} $ load frequency
control for multi-area power systems with energy-limited DoS attacks, IEEE
Trans. Power Syst. 32 (2016) 4110–4118.
[135] X. Zhong, I. Jayawardene, G.K. Venayagamoorthy, R. Brooks, Denial of service
attack on tie-line bias control in a power system with PV plant, IEEE Trans.
Emerg. Topics in Computational Intelligence 1 (2017) 375–390.
[136] E. Kontouras, T. Anthony, L. Dritsas, Set-theoretic detection of data corruption
attacks on cyber physical power systems, J. Modern Power Syst. Clean Energy 6
(2018) 872–886.
[137] G. Liang, J. Zhao, F. Luo, S.R. Weller, Z.Y. Dong, A review of false data injection
attacks against modern power systems, IEEE Trans. Smart Grid 8 (2016)
1630–1638.
[138] A.M. Mohan, N. Meskin, H. Mehrjerdi, A comprehensive review of the cyber-
attacks and cyber-security on load frequency control of power systems, Energies
13 (2020) 3860.
[139] C. Kwon, W. Liu, I. Hwang, Security analysis for cyber-physical systems against
stealthy deception attacks, in: 2013 American control conference, 2013,
pp. 3344–3349.
[140] A. Teixeira, I. Shames, H. Sandberg, K.H. Johansson, Revealing stealthy attacks in
control systems, in: 2012 50th Annual Allerton Conference on Communication,
Control, and Computing (Allerton), 2012, pp. 1806–1813.
[141] Q. Yang, J. Yang, W. Yu, D. An, N. Zhang, W. Zhao, On false data-injection attacks
against power system state estimation: modeling and countermeasures, IEEE
Trans. Parallel Distrib. Syst. 25 (2013) 717–729.
[142] R.B. Bobba, K.M. Rogers, Q. Wang, H. Khurana, K. Nahrstedt, T.J. Overbye,
Detecting false data injection attacks on dc state estimation, in: Preprints of the
First Workshop on Secure Control Systems, CPSWEEK, 2010.
[143] L. Liu, M. Esmalifalak, Q. Ding, V.A. Emesih, Z. Han, Detecting false data injection
attacks on power grid by sparse optimization, IEEE Trans. Smart Grid 5 (2014)
612–621.
[144] S. Bi, Y.J. Zhang, Graphical methods for defense against false-data injection
attacks on power system state estimation, IEEE Trans. Smart Grid 5 (2014)
1216–1227.
[145] P.M. Esfahani, M. Vrakopoulou, K. Margellos, J. Lygeros, G. Andersson, A robust
policy for automatic generation control cyber attack in two area power network,
in: Proceedings of the 49th IEEE Conference on Decision and Control (CDC), IEEE,
2010, pp. 5973–5978.
[146] P.M. Esfahani, M. Vrakopoulou, K. Margellos, J. Lygeros, G. Andersson, Cyber
attack in a two-area power system: impact identification using reachability, in:
Proceedings of the 2010 American control conference, 2010, pp. 962–967.
[147] Y. Huang, H. Li, K.A. Campbell, Z. Han, Defending false data injection attack on
smart grid network using adaptive CUSUM test, in: 2011 45th Annual Conference
on Information Sciences and Systems, 2011, pp. 1–6.
[148] M. Talebi, C. Li, Z. Qu, Enhanced protection against false data injection by
dynamically changing information structure of microgrids, in: Proceedings of the
IEEE 7th Sensor Array and Multichannel Signal Processing Workshop (SAM),
IEEE, 2012, pp. 393–396.
[149] M. Al-Saud, A.M. Eltamaly, M.A. Mohamed, A. Kavousi-Fard, An intelligent data-
driven model to secure intravehicle communications based on machine learning,
IEEE Trans. Ind. Electron. 67 (2020) 5112–5119.
[150] T.-.Y. Zhang, D. Ye, False data injection attacks with complete stealthiness in
cyber–physical systems: a self-generated approach, Automatica 120 (2020),
109117.
[151] Y. Zhang, J. Wang, B. Chen, Detecting false data injection attacks in smart grids: a
semi-supervised deep learning approach, IEEE Trans. Smart Grid (2020), 1-1.
[152] A.Y. Lu, G.H. Yang, False data injection attacks against state estimation in the
presence of sensor failures, Inf. Sci. (Ny) 508 (2020) 92–104.
[153] M.A. Rahman, H. Mohsenian-Rad, False data injection attacks against nonlinear
state estimation in smart power grids, in: Proceedings of the IEEE Power & Energy
Society General Meeting, IEEE, 2013, pp. 1–5.
[154] S. Mousavian, J. Valenzuela, J. Wang, Real-time data reassurance in electrical
power systems based on artificial neural networks, Electr. Power Syst. Res. 96
(2013) 285–295.
[155] A. Abbaspour, A. Sargolzaei, K. Yen, Detection of false data injection attack on
load frequency control in distributed power systems, in: 2017 North American
Power Symposium (NAPS), 2017, pp. 1–6.
[156] M. Khalaf, A. Youssef, E. El-Saadany, A particle filter-based approach for the
detection of false data injection attacks on automatic generation control systems,
in: Proceedings of the IEEE Electrical Power and Energy Conference (EPEC), IEEE,
2018, pp. 1–6.
[157] A. Ayad, M. Khalaf, E. El-Saadany, Detection of false data injection attacks in
automatic generation control systems considering system nonlinearities, in:
Proceedings of the IEEE Electrical Power and Energy Conference (EPEC), IEEE,
2018, pp. 1–6.
[158] C. Chen, M. Cui, X. Wang, K. Zhang, S. Yin, An investigation of coordinated attack
on load frequency control, IEEE Access 6 (2018) 30414–30423.
[159] M. Khalaf, A. Youssef, E. El-Saadany, Joint detection and mitigation of false data
injection attacks in AGC systems, IEEE Trans. Smart Grid 10 (2018) 4985–4995.
[160] E. Kontouras, A. Tzes, L. Dritsas, Impact analysis of a bias injection cyber-attack
on a power plant, IFAC-PapersOnLine 50 (2017) 11094–11099.
[161] J. Miloševič, T. Tanaka, H. Sandberg, K.H. Johansson, Analysis and mitigation of
bias injection attacks against a Kalman filter, IFAC-PapersOnLine 50 (2017)
8393–8398.
[162] X. Luo, X. Wang, M. Zhang, X. Guan, Distributed detection and isolation of bias
injection attack in smart energy grid via interval observer, Appl. Energy 256
(2019), 113703.
19
Electric Power Systems Research 215 (2023) 108975
[163] H. Karimipour, H. Leung, Relaxation-based anomaly detection in cyber-physical
systems using ensemble Kalman filter, IET Cyber Phys. Syst. Theory Appl. 5
(2020) 49–58.
[164] J. Zhao, J. Wang, L. Yin, Detection and control against replay attacks in smart
grid, in: 2016 12th International Conference on Computational Intelligence and
Security (CIS), 2016, pp. 624–627.
[165] M. Zhu, S. Martinez, On the performance analysis of resilient networked control
systems under replay attacks, IEEE Trans. Autom. Control 59 (2013) 804–808.
[166] K. Stouffer, J. Falco, K. Scarfone, Guide to industrial control systems (ICS)
security, NIST Special Publication 800 (2011), 16-16.
[167] E. Hammad, A.M. Khalil, A. Farraj, D. Kundur, R. Iravani, Tuning out of phase:
resonance attacks, in: Proceedings of the IEEE International Conference on Smart
Grid Communications (SmartGridComm), IEEE, 2015, pp. 491–496.
[168] A. Sargolzaei, K. Yen, M.N. Abdelghani, Delayed inputs attack on load frequency
control in smart grid, in: ISGT 2014, 2014, pp. 1–5.
[169] A. Sargolzaei, K.K. Yen, M.N. Abdelghani, Preventing time-delay switch attack on
load frequency control in distributed power systems, IEEE Trans. Smart Grid 7
(2015) 1176–1185.
[170] L. Jiang, W. Yao, Q. Wu, J. Wen, S. Cheng, Delay-dependent stability for load
frequency control with constant and time-varying delays, IEEE Trans. Power Syst.
27 (2011) 932–941.
[171] F. Milano, M. Anghel, Impact of time delays on power system stability, IEEE
Trans. Circuits Syst. I Regul. Pap. 59 (2011) 889–900.
[172] P. Wlazlo, A. Sahu, Z. Mao, H. Huang, A. Goulart, K. Davis, et al., Man-in-the-
middle attacks and defence in a power system cyber-physical testbed, IET Cyber
Phys. Syst. Theory Appl. 6 (2021) 164–177.
[173] A. Sahu, Z. Mao, P. Wlazlo, H. Huang, K. Davis, A. Goulart, et al., Multi-source
multi-domain data fusion for cyberattack detection in power systems, IEEE Access
9 (2021) 119118–119138.
[174] M. Frincu, C. Chelmis, M.U. Noor, V. Prasanna, Accurate and efficient selection of
the best consumption prediction method in smart grids, in: Proceedings of the
IEEE International Conference on Big Data (Big Data), IEEE, 2014, pp. 721–729.
[175] M. Esmalifalak, L. Liu, N. Nguyen, R. Zheng, Z. Han, Detecting stealthy false data
injection using machine learning in smart grid, IEEE Syst. J. 11 (2014)
1644–1652.
[176] W. Liu, B. Tang, J. Han, X. Lu, N. Hu, Z. He, The structure healthy condition
monitoring and fault diagnosis methods in wind turbines: a review, Renew.
Sustain. Energy Rev. 44 (2015) 466–472.
[177] H. Karimipour, A. Dehghantanha, R.M. Parizi, K.-K.R. Choo, H. Leung, A deep and
scalable unsupervised machine learning system for cyber-attack detection in
large-scale smart grids, IEEE Access 7 (2019) 80778–80788.
[178] H. Karimipour, S. Geris, A. Dehghantanha, H. Leung, Intelligent anomaly
detection for large-scale smart grids, in: Proceedings of the IEEE Canadian
Conference of Electrical and Computer Engineering (CCECE), IEEE, 2019, pp. 1–4.
[179] Y. He, G.J. Mendis, J. Wei, Real-time detection of false data injection attacks in
smart grid: a deep learning-based intelligent mechanism, IEEE Trans. Smart Grid
8 (2017) 2505–2516.
[180] H. Jiang, Y. Li, Y. Zhang, J.J. Zhang, D.W. Gao, E. Muljadi, et al., Big data-based
approach to detect, locate, and enhance the stability of an unplanned microgrid
islanding, J. Energy Eng. 143 (2017), 04017045.
[181] C. Chen, K. Zhang, K. Yuan, L. Zhu, M. Qian, Novel detection scheme design
considering cyber attacks on load frequency control, IEEE Trans. Ind. Inf. 14
(2017) 1932–1941.
[182] Review of signal processing techniques and machine learning algorithms for
power quality analysis, Adv. Theory Simul. 3 (2020), 2000118.
[183] M.A. Hasnat, M. Rahnamay-Naeini, A graph signal processing framework for
detecting and locating cyber and physical stresses in smart grids, IEEE Trans.
Smart Grid (2022).
[184] T.H. Woo, Cybersecurity analysis using the blockchain algorithm in nuclear
power plants to enhance safe operations, Energy Sources Part A Recov. Util.
Environ. Eff. (2020) 1–11.
[185] R. Kuhn, D. Yaga, J. Voas, Rethinking distributed ledger technology, Comput.
(Long Beach Calif) 52 (2019) 68–72.
[186] M. Mylrea, S.N.G. Gourisetti, Blockchain: a path to grid modernization and cyber
resiliency, in: 2017 North American Power Symposium (NAPS), 2017, pp. 1–5.
[187] S. Li, Application of blockchain technology in smart city infrastructure, in:
Proceedings of the IEEE International Conference on Smart Internet of Things
(SmartIoT), IEEE, 2018, pp. 276–2766.
[188] J. Kang, R. Yu, X. Huang, S. Maharjan, Y. Zhang, E. Hossain, Enabling localized
peer-to-peer electricity trading among plug-in hybrid electric vehicles using
consortium blockchains, IEEE Trans. Ind. Inf. 13 (2017) 3154–3164.
[189] W. Xu, J. Li, M. Dehghani, M. GhasemiGarpachi, Blockchain-based secure energy
policy and management of renewable-based smart microgrids, Sustain. Cities Soc.
72 (2021), 103010.
[190] T. Winter, The Advantages and Challenges of the Blockchain for Smart Grids,
Delft University of Technology, 2018.
[191] S. Wang, A.F. Taha, J. Wang, Blockchain-assisted crowdsourced energy systems,
in: 2018 IEEE Power & Energy Society General Meeting (PESGM), 2018, pp. 1–5.
[192] A. Ajagekar, F. You, Quantum computing for energy systems optimization:
challenges and opportunities, Energy 179 (2019) 76–89.
[193] R. Eskandarpour, K.J.B. Ghosh, A. Khodaei, A. Paaso, L. Zhang, Quantum-
enhanced grid of the future: a primer, IEEE Access 8 (2020) 188993–189002.
[194] M.H. Ullah, R. Eskandarpour, H. Zheng, A. Khodaei, Quantum computing for
smart grid applications, IET Gener. Transm. Distrib. (2022).
[195] Z. Jiang, Z. Tang, Y. Qin, C. Kang, P. Zhang, Quantum internet for resilient
electric grids, Int. Trans. Electr. Energy Syst. 31 (2021) e12911.
M. Ghiasi et al.
[196] B. Bartlett, "A distributed simulation framework for quantum networks and
channels," arXiv preprint arXiv:1808.07047, 2018.
[197] P.-.Y. Kong, A review of quantum key distribution protocols in the perspective of
smart grid communication security, IEEE Syst. J. (2020).
[198] Z. Tang, P. Zhang, W.O. Krawec, A quantum leap in microgrids security: the
prospects of quantum-secure microgrids, IEEE Electrif. Mag. 9 (2021) 66–73.
[199] K. Wang, Y. Wang, X. Hu, Y. Sun, D.-.J. Deng, A. Vinel, et al., Wireless big data
computing in smart grid, IEEE Wirel. Commun. 24 (2017) 58–64.
20
Electric Power Systems Research 215 (2023) 108975
[200] Q. Liu, P. Li, W. Zhao, W. Cai, S. Yu, V.C. Leung, A survey on security threats and
defensive techniques of machine learning: a data driven view, IEEE Access 6
(2018) 12103–12117.
[201] B. Wang, M. Dabbaghjamanesh, A.K. Fard, S. Mehraeen, Cybersecurity
enhancement of power trading within the networked microgrids based on
blockchain and directed acylic graph approach, IEEE Trans. Ind. Appl. (2019).