Sustainable Energy, Grids and Networks 38 (2024) 101347

Contents lists available at ScienceDirect

Sustainable Energy, Grids and Networks

journal homepage: www.elsevier.com/locate/segan

Data-driven learning-based classification model for mitigating false data

injection attacks on dynamic line rating systems
Olatunji Ahmed Lawal a, b, Jiashen Teh a, *, Bader Alharbi c, *, Ching-Ming Lai d
a
School of Electrical and Electronic Engineering, Universiti Sains Malaysia (USM), Nibong Tebal, Penang 14300, Malaysia
b
Department of Electrical and Electronic Engineering, Institute of Technology, Kwara State Polytechnic, Ilorin, Nigeria
c
Department of Electrical Engineering, College of Engineering, Majmaah University, Al-Majmaah 11952, Saudi Arabia
d
Department of Electrical Engineering, National Chung Hsing University, Taichung 402, Taiwan

A R T I C L E I N F O A B S T R A C T

Keywords: The increasing need to explore electric power grid expansion technologies like dynamic line rating (DLR) systems
Dynamic line rating systems and their dependence on real-time weather data for system planning necessitates research into false data in­
Cyber-physical power systems jection attacks (FDIA) on cyber-physical power systems (CPS). This study aims to develop a robust machine
False data injection attacks
learning model to mitigate FDIA in DLR systems, focusing on statistical data processing, feature ranking, se­
Affordable & clean energy
Energy security
lection, training, validation and evaluation. It synthesises z-score and other statistical analyses with minimum
Industry, innovation & infrastructure redundancy maximum relevance (MR-MR) feature ranking and selection algorithm to improve model perfor­
mance and generalisation of binary generalised linear model logistic regression (BGLM-LR) and other machine
learning classification algorithms. The resulting models formed with BGLM-LR, Gaussian naïve Bayes (GNB),
linear support vector machine (LSVM), wide neural network (WNN), and decision tree (DT) were trained and
tested with 10-year hourly DLR history data features. The evaluation of the models on unseen data revealed
enhanced validation and testing accuracies after the MR-MR feature ranking and selection. BGLM-LR, GNB,
LSVM, and WNN showed promising performance for mitigating FDIA. However, the study identifies DT’s limi­
tations as overfitting and lacking generalisation in FDIA mitigation. z-score-MR-MR-BGLM-LR and z-score-MR-
MR-LSVM models exhibited outstanding performances with zero false negative rates highlighting the significance
of feature ranking and selection. Still, the z-score-MR-MR-BGLM-LR combination exhibits the highest marginal
improvement from training to testing, the lowest training and validation time and a perfect area under curve
(AUC) of the receiver operating characteristics making it the best choice in mitigating FDIA when computational
resources are limited.

1. Introduction efficiency, reliability, and sustainability of electricity generation,

Smart grids came up to improve the efficiency and reliability of
traditional power grids. They are sizeable cyber-physical power systems
(CPS), combining physical components and cyber components of
advanced information communication technology (ICT) to improve the
transmission, and distribution [1,2]. The power system components
(PSC), dynamic line rating (DLR) sensors, and phasor measurement units
(PMUs) form the physical part. In contrast, elements such as supervisory
control and data acquisition (SCADA) systems, human-machine in­
terfaces (HMIs), and remote terminal units (RTUs) form the cyber part.

Abbreviations: ARP, Address Resolution Protocol; AUC, Area Under Curve; BiLSTM, Bi-directional Long Short-Term Memory; BGLM-LR, Binary Generalised Linear
Model Logistic Regression; CPS, Cyber-physical Power Systems; DLR, Dynamic Line Rating; DoS, Denial of Service; DT, Decision Tree; FL, Federated Learning; FN,,
False Negative; FNR, False Negative Rate; FP,, False Positive; FPR, False Positive Rate; FDIA, False Data Injection Attack; GAB, Gentle AdaBoost; GGNN, Gated Graph
Neural Network; GNB, Gaussian Naïve Bayes; HMI, Human Machine Interface; ICT, Information and Communication Technology; IEEE, Institute of Electrical and
Electronics Engineers; LSTM, Long Short-Term Memory; LSVM, Linear Support Vector Machine; MIQ, Mutual Information Quotient; MR-MR, Minimum Redundancy-
Maximum Relevance; PCA, Principal Component Analysis; PMU, Phasor Measurement Unit; PSC, Power System Component; ReLU, Rectified Linear Unit; RES,
Renewable Energy Source; RTU, Remote Terminal Unit; ROC, Receiver Operating Characteristics; SCADA, Supervisory Control and Data Acquisition; SPDS, Safety
Parameter Display System; SVR, Support Vector Regression; TN,, True Negative; TP,, True Positive; UPS, Un-interruptible Power Supply; WNN, Wide Neural Network.
* Corresponding authors.
E-mail addresses: jiashenteh@usm.my (J. Teh), b.alharbi@mu.edu.sa (B. Alharbi).

https://doi.org/10.1016/j.segan.2024.101347
Received 5 October 2023; Received in revised form 17 February 2024; Accepted 11 March 2024
Available online 15 March 2024
2352-4677/© 2024 Elsevier Ltd. All rights reserved.
O.A. Lawal et al.
This combination enables remote monitoring and control of the grid.
These systems are designed to be resilient by enhancing the interoper­
ability of physical devices and the communication networks that con­
nect them, enabling optimal power delivery.
In tackling global energy crises, clean and affordable, modern energy
for all could be achieved as stated in the targets of sustainable devel­
opment goal 7 (SDG 7) by matching the increase in renewable energy
sources (RES) with grid expansion technologies like the DLR [3]. DLR
helps to reduce congestion on the grid, by increasing the
current-carrying capacity of the transmission lines, thereby enabling the
integration of more clean and affordable energy towards the achieve­
ment of SDG 7 [4]. DLR operations have been reviewed and imple­
mented in various studies [5-7] to rely on real-time measured weather
parameters, such as wind speed, wind angle, and ambient temperature,
to calculate the capacity of transmission lines and plan for future op­
erations. These weather parameters are used to determine the convec­
tive cooling, radiative cooling, and solar heating effects on the lines [8].
Unfortunately, as illustrated in Fig. 1, DLR sensors collecting these
data communicate weather conditions and line ratings in real-time with
operators [4] making them particularly susceptible to false data injec­
tion attacks (FDIA). FDIA is the infiltration of erroneous data into RTUs,
leading operators to misconceive line conditions, generators’ output, or
demand, inducing instability and potentially causing a section or the
entire power grid network to collapse. Attackers focus on components
that are operating in real-time like the DLR to have a maximum impact
on the PSC. DLR systems are the preferred target for these attackers [9]
because DLR systems rely on ICT, which inevitably makes them
vulnerable. Steps are taken to prevent these potentially compromising
cyber attacks to achieve data confidentiality and integrity while main­
taining the data’s security and reliability.
Other forms of these cyber-attacks include resource disconnection
and denial of service (DoS) [10-12]. They range in severity and scope,
and the solutions are categorised according to implementation
complexity and mitigation efficacy. Resource disconnection attacks
involve hackers accessing systems like SCADA, HMI, or RTU to control
circuit breakers, manipulate power flow, and disconnect customers.
Fig. 1. FDIA and Mitigation Illustration.
2
Sustainable Energy, Grids and Networks 38 (2024) 101347
Some cases even have the software used to restore service after an
outage being targeted, making it inaccessible to operators. DoS attacks
prevent customers from reporting their outage experiences to the utility.
Practical strategies for mitigating FDIA on smart grids should be able
to prevent, preempt and identify vulnerabilities, pinpoint the sources of
attacks if they occur, and replace false data with accurate data. With
this, smart grid systems can bolster their resilience against cyber threats
and ensure the integrity and reliability of grid operations. This research
hopes to achieve these with a review of studies on different types of
cyber-attacks on power grids, focusing on FDIA and real cases in Section
2. Discussion of data-driven, learning-based algorithms designed to
prevent, detect, and mitigate these attacks in Section 3. Assessment of
the resilience of the developed algorithm and other viable algorithms
against FDIA to determine the most reliable method for mitigating these
attacks without errors in Section 4. Concluding observations and di­
rections for future research are presented in Section 5.
2. Cyber-attacks and FDIA review
DoS, theft of service, spying and plant damage on power system in­
frastructures have benefited attackers with ransom, spying data for
military information and other political reasons, stealing operational
technologies and espionage. The following sub-sections of FDIA studies,
cases and state estimation reveal recent studies on FDIA prevention and
mitigation during cyber-physical attacks on smart grids.
2.1. FDIA studies
The concept of FDIA for power grid state estimation was introduced
by Liu, Ning and Reiter [13]. They pointed out that attackers can infil­
trate the CPS and ICT network infrastructure to manipulate measure­
ment devices and obtain network parameters and topology. These will
have them construct false measurement data that satisfies the con­
straints of state estimation, thereby bypassing the bad data detection
process. It further enables the attacker to launch attacks unnoticed by
the control centre, causing it to lose its ability to accurately perceive the
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

system’s current operating state or topology. As a result, the control Table 1

centre produces incorrect estimates and issues incorrect instructions and FDIA studies.
commands disrupting the regular operation of the power grid [14]. FDIA Description Prospects Constraints
While traditional algorithms have effectively detected bad data, Studies
recent advances in deep learning have also made it possible to estimate [13] This study introduces It raises awareness The study lacks
system states more accurately, even in cyber-attacks. A Gaussian the concept of FDIA about potential specific detection
mixture model has been proposed by Shi, Xie and Peng [15]; the pro­ for power grid state vulnerabilities in methods and
posed model was tested on Institute of Electrical and Electronics Engi­ estimation. power grid systems. evaluation results. It
Highlights the created arbitrary
neers (IEEE) buses and had between 1.5% and 5% improvement in possibility of attack scenarios and
accuracy compared with other models. The evaluation scenarios did not attackers did not focus on DLR
encompass the full range of potential attacks or system conditions. This manipulating systems but instead on
limited evaluation scope could restrict the generalisability and reli­ measurement the impact of FDIA on
devices and state estimation.
ability of the proposed FDIA detection methods when applied to
bypassing bad data However, it suggests
different power grid configurations. In a study by Xiong et. al [16], a detection. utilising network
machine learning algorithm, the support vector machine-gentle ada­ anomaly detection
boost (SVM-GAB), was used to detect FDIA. GAB was used to cascade techniques to protect
multiple weak support vector machine (SVM) classifiers to make a against false data
injection attacks in
robust classifier capable of distinguishing normal from abnormal data. other areas of the
The authors used IEEE performance metrics, including mean time to power system
detection and accuracy, to evaluate the effectiveness of the SVM-GAB network.
algorithm. The results showed that the false alarm rate of the [14] This study describes Highlights the The study lacks a
how attackers can impact of attacks on specific solution or
SVM-GAB algorithm was 25% lower than that of traditional detection
launch unnoticed the control centre’s evaluation method,
algorithms. attacks on the power ability to perceive focuses on linear
Moradzadeh et al. [17], evaluated the reliability and accuracy of grid, causing the system’s abnormalities, and
deep learning techniques, such as support vector regression (SVR), long disruption. operating state. suggests exploring
short-term memory (LSTM), and bi-directional LSTM (BiLSTM), in pre­ more complex ones. It
is limited to the IEEE
dicting DLR using real-world data from two transmission lines. The
24-bus system and
authors examined the resilience of these algorithms by simulating lacks generalisation.
cyber-attacks. However, they focused on increasing the wind speed, The method relies on
angle, and ambient temperature of the historical data by chosen per­ static line ratings. To
enhance the approach,
centages without providing a rationale for these choices of variations. It
the study recommends
is important to note that data variations could encompass increases, incorporating machine
decreases, and changes in percentages, ratios, and exponentials. This learning to detect
raises questions about the comprehensive assessment of the algorithms’ abnormalities in load
performance in handling various scenarios and data variations. patterns, enabling
more effective
Another study deployed a spatiotemporal machine-learning algo­
countermeasures.
rithm to detect FDIA [18]. The authors emphasised using machine [15] This study proposes a It advances deep The study did not
learning algorithms that recognise normal distribution dynamics, such Gaussian mixture learning for accurate address DLR, lacked
as an LSTM, autoencoder or other unsupervised learning methods, as the model for FDIA state estimation, coverage of potential
detection, showing even in cyber attacks. attacks and system
most effective way to detect FDIA. This is because these models can
improved accuracy conditions, and
analyse the data and identify patterns that deviate from the normal compared to other provided insufficient
distribution, which may indicate the presence of an FDIA. It showed that models. information on the
other unsupervised learning methods, such as clustering or density model used.
estimation, could also be used. Assessing the residual of the measure­ [16] SVM-GAB algorithm It demonstrates the It did not consider
was deployed to effectiveness of DLR. It did not provide
ments with or without basic and stealth FDIA was used to adjudge the
detect FDIA with a machine learning detailed information
algorithm’s efficacy. Graph-based detection of FDIA in the power grid lower false alarm algorithms for FDIA on the SVM-GAB
was proposed [19]. Spatial features of the grid topology were extracted rate than traditional detection using algorithm and the
through a graph neural network, and the study discovered that the ac­ methods. metrics such as attack intensity rule
accuracy and recall. used to perform the
curacy of most data-driven detection methods decreases as the topology
volatility test,
of the network changes. differentiating FDIA
On the contrary, the gated graph neural network (GGNN) increases and power flow surge.
accuracy as topology changes [20]. A stacked autoencoder network was [17] This study evaluated It explores the use of The study lacks a
used to extract cyber-physical attack genes, a fine-tuning amplifier for the reliability and real-world data and rationale for the
accuracy of deep the simulation of specific data
training and updating network parameters and a cuckoo search algo­
learning techniques cyber-attacks. variations, limiting the
rithm for optimising the model parameters were used to enhance attack (SVR, LSTM, comprehensive
detection. The description of FDIA studies, prospects and limitations are BiLSTM) for algorithm
explained in Table 1. predicting DLR and performance
Most of the algorithms described in Table 1 considered FDIA detec­ their resilience to assessment.
cyber-attacks.
tion and did not include DLR data in their analyses. They are also [18] This study deploys It addresses the FDIA In most cases, when
deficient in accuracy and sensitivity because they did not use extensive spatiotemporal challenges that may these models are
historical data. In addition, while these algorithms may demonstrate learning algorithms, be encountered in efficient, trade-offs
improvements in accuracy or false alarm rates in some cases compared such as LSTM DLR forecasting. It exist in computational
autoencoder and highlights complexity, resource
to traditional algorithms, there is usually a trade-off in other aspects,
unsupervised unsupervised requirements, and
such as computational complexity, resource requirements and commu­ learning methods, learning methods’ detection latency.
nication latency. An overview of the real cases of FDIA on cyber-physical (continued on next page)
power systems is presented to provide an appropriate understanding of

3
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

Table 1 (continued ) Table 1 (continued )

FDIA Description Prospects Constraints FDIA Description Prospects Constraints
Studies Studies

for FDIA detection. effectiveness and protection against of training data,

Emphasises the ability to detect cyberattacks potentially leading to
importance of deviations from inaccuracies in certain
models recognising standard distribution regions
normal distribution patterns.
dynamics.
[19] Graph-based It offers a novel Model complexity, the impact on the utilities and their host communities.
detection of FDIA approach using resource requirements,
using a graph neural graph neural and mitigation are the
network. Shows that networks for FDIA limitations of the
2.2. FDIA cases
the accuracy of data- detection. proposed model. It did
driven detection not incorporate DLR in
methods decreases the analyses. It has been established that cyber-attacks on smart grids can be
with changing motivated by various goals, including military, theft, politics, or hos­
network topology, tility. One of the earliest known cyberattacks on a power grid occurred
while the GGNN
in 2003 when the Slammer malware affected the David-Besse plant in
improves accuracy.
[20] It utilised a stacked It introduces a The structure of the the United States [23]. The nuclear power plant had a safety monitoring
autoencoder comprehensive deep network model is system called the safety parameter display system (SPDS) used to
network, fine-tuning approach involving complex, and the monitor and control the plant’s safety. However, attackers bypassed the
amplifier, and multiple techniques model training time is
firewall and gained access to the SPDS through a consultant working
cuckoo search for attack detection. extended. To speed up
algorithm for cyber- the model training
with one of the plant’s applications. As a result, the attackers caused a
physical attack process, the dynamic slowdown of the servers and a DoS. The Slammer worm disabled access
detection. Mentions optimisation method to the server for 5 hours and demonstrated the potentially devastating
deficiencies in of the learning rate consequences of a cyberattack on the control of system components.
accuracy and and other parameters
Another notable example is the Ukrainian smart grid attack in 2015
sensitivity of in the training process
algorithms that do will be considered in [24]. The cyber-attack on the Ukrainian power grid caused outages that
not use extensive future work. affected over 225,000 households in three provinces. The episode star­
historical data. ted with operators falling victim to a spear phishing attack, in which
[21] This article proposes It offers promising Testing against
they downloaded a document from their emails that contained malware.
ensemble learning prospects for DLR different data points is
algorithms for DLR forecasting, essential to ensure the
This malware gathered information about the system’s state and gave
forecasting to providing accurate reliability of the attackers access to the network through corporate user accounts. The
address transmission predictions without forecasting models attackers also launched a telephony DoS attack, which flooded the call
congestion caused by extensive across various line centre and prevented real customers from reporting the outage. In
high renewable infrastructure. The segments.
addition, the attackers turned off uninterruptible power supplies (UPS),
energy penetration. demonstrated Additionally, the
Traditional DLR capacity increase effectiveness of the corrupted the firmware of the RTUs and used a ‘kill disk’ to wipe out
methods require highlights the proposed approach HMIs and several workstations. This coordinated attack targeted six
extensive potential for this may depend on factors energy companies, but three were vulnerable and suffered outages [25].
infrastructure, but approach to improve such as data quality Several other high-profile cyber-attacks on power grids have
the proposed grid efficiency and and the severity of
approach leverages reliability, cyberattacks.
occurred in recent years, including the ‘Stuxnet’ attack on the Iranian
historical particularly in Addressing these nuclear power station in 2010. ‘Stuxnet’ is a computer worm that targets
meteorological data. regions experiencing constraints is crucial to programmable logic controllers to automate power systems. It typically
Simulations transmission ensuring the practical targets Windows operating system computers and real-time data trans­
demonstrate the congestion due to applicability and
mission software. In the Iranian attack, the worm was planted on critical
effectiveness of renewable energy reliability of ensemble
ensemble learning integration. learning algorithms for infrastructure management centres, allowing the attackers to collect
algorithms, DLR forecasting real-time data from industrial systems. They also caused the uranium gas
achieving a centrifuges to spin out of control, causing widespread damage to the
significant capacity power grid. The Stuxnet virus was also detected in power, chemical, and
increase for 400 kV
lines, and alleviating
industrial control plants in Germany that used SCADA and Siemens
congestion issues software. While it targeted the ‘WinCC’ software, it was discovered and
without additional patched before it could affect any economic or real-time data aggrega­
infrastructure. tion operations. In 2017, a cyber-attack involving the Address Resolu­
[22] This article presents FL offers promising Despite its benefits, FL
tion Protocol (ARP) cache virus targeted a wind farm in the United
a novel approach prospects for DLR implementation faces
using federated forecasting, enabling constraints related to States. Another similar attack on the Venezuelan hydropower plant’s
learning (FL) for DLR accurate predictions data availability, control centre occurred in 2019 [26].
forecasting, crucial even in regions privacy, and These cyber-attacks, for whatever reasons, could come in several
for enhancing grid- lacking data. The infrastructure ways. One common tactic attackers use to cause cascading failures is to
side flexibility by global supermodel requirements.
accurately predicting generated by FL has Ensuring data security
conceal physical damage to power system components by injecting false
overhead the potential to and addressing data into the energy management system or communication network,
transmission line improve grid computational thereby altering the system’s state [27]. FDIA can also occur when data
capacity. FL reliability and challenges are key from DLR sensors, which are used for monitoring and real-time control
generates a global flexibility, providing considerations.
purposes, is affected by false data. The false data can alter the normal
model from data timely forecasts Additionally, the
across different global supermodel’s power flow of the network or introduce unnecessary monitoring and
regions, ensuring performance may vary operation delays, leading to outages, equipment damage, operator in­
security and based on the diversity juries, and even fatalities. Therefore, it is essential to implement pre­
vention, early detection, and countermeasures to protect against FDIA

4
O.A. Lawal et al.
and the negative consequences of these attacks. A comprehensive study
explored various spatiotemporal perspectives to improve the security of
CPS against FDIA [28]. The study identified data-driven corrective
measures, including false data identification, correction and traffic
anomaly detection, as effective ways to prevent FDIA.
It is essential to note that implementing these measures may also
increase communication latency and potentially impact the data used
for decision-making processes. To mitigate this, a large amount of
training and testing data needs to be analysed using data processing
algorithms to understand the relationship between accurate and false
data and subsequently correctly classify the data and resolve any issues
that may arise. A data-driven and learning-based approach considering
communication latency is proposed in this study to identify and mitigate
FDIA. This will not be possible without assessing the state of the power
system network before FDIA and after FDIA.
2.3. State Estimation
State estimation using DLR sensors is a technique that utilises sensors
to determine the state variables, such as the ampacity of a power system.
DLR sensors are installed on transmission lines to measure actual tem­
perature and weather conditions, which are used to determine the
thermal rating of the line in real-time. The measurements obtained from
these sensors are integrated into the state estimation equations, which
are then used to estimate the state variables of the power system. The
state estimation equations are developed based on the measurements
acquired from the DLR sensors and are used to estimate the power sys­
tem flows. The primary objective is to minimise the difference between
the actual measurements obtained from the DLR sensors and the esti­
mated values acquired from the state estimation equations to achieve
the most accurate estimation possible. Consider the actual state of a
system of measurements,
x = H − 1 (z) (1)
The equation for state estimation in the presence of false data in­
jection attacks can be modelled as in (2):
x = H − 1 (z − Hs)
̂ (2)
where ̂ x is the estimated state, z is the measurement vector, H is the
measurement matrix, and s is the vector representing the false data in­
jection attack. The objective of the attacker is to manipulate the mea­
surement vector z so that the estimated state, ̂
x deviates from the actual
state x. FDIA is achieved by adding a false measurement s to the mea­
surement vector z. FDIA disrupts the outcomes of state estimation within
DLR systems directly. By surreptitiously altering sensor readings, at­
tackers introduce undetected errors into the calculation of state vari­
ables and values. Consequently, the estimated state of the DLR system
diverges from the actual state, impacting decision-making processes
significantly. The compromised state estimation resulting from FDIA can
cause the grid regulator to make erroneous decisions, affecting the
operation and stability of the power grid. This threat extends to the
overall security of grid operations, potentially disrupting power flow
management, load balancing, and fault detection mechanisms [29],
[30], [31].
To counter such attacks, it becomes crucial to design and deploy a
hybrid algorithm that can detect and mitigate the impact of FDIAs,
ensuring accurate state estimation despite manipulated measurements.
It is necessary to incorporate additional constraints and measurements
to the state estimation problem to detect and mitigate the effects of false
data injection attacks. For example, the differences between the
measured and estimated values are appropriate for detecting anomalies
in the measurement vector using residuals. Another approach is to use
decentralised state estimation, where each node in the system inde­
pendently estimates its state and the final estimate is obtained through
consensus. It is worth noting that countering false data injection attacks
5
Sustainable Energy, Grids and Networks 38 (2024) 101347
poses a significant challenge, prompting the development of various
models proposed in the existing literature to tackle this issue. Selecting a
specific approach relies on system specifications and the type of attack
under consideration. Once precise estimates of the state variables are
obtained, they become valuable resources for making real-time de­
cisions regarding power system operation. These decisions encompass a
range of actions, including power distribution across different regions,
control of generators and transmission lines, and management of power
system contingencies. Moreover, the estimated values play a crucial role
in analysing the impact of dynamic line rating, consequently enhancing
the effectiveness and reliability of power system operation.
Researchers must develop a model to safeguard critical infrastruc­
ture and ensure a resilient power system. The primary objective of this
research is to propose an effective data-driven, learning-based classifi­
cation model capable of identifying and mitigating FDIA in DLR sensor
data. This model will be picked from several models trained, tested and
affirmed as the best protection against FDIA. It is imperative to build a
robust and accurate classification system to distinguish genuine ‘Good
Measure’ data from potentially malicious FDIA instances. An integrated
model for training and testing viable mitigation approaches to fortify
DLR systems against FDIA is described in the methodology section.
3. Methodology
An approach to determine the most accurate algorithm for a classi­
fication problem is to evaluate the accuracy of candidate algorithms and
select the one with the best validation and testing accuracy. Still, no
consensus exists on which way is best to judge the efficacy of individual
algorithms because no single classification metric can determine the
overall proficiency of an algorithm [32]. In addition, combining classi­
fiers through ensemble creation has been proposed to improve indi­
vidual classifier performance across several metrics, and various
ensemble creation methods have been suggested. Therefore, research on
building good ensembles of classifiers is an active area of study in su­
pervised learning. Nonetheless, ensemble methods have weaknesses,
including increased storage and computation requirements and
decreased comprehensibility. Top of Form
Data-driven FDIA mitigation algorithm should identify and correct
data errors to estimate a system’s state, such as a power grid. This in­
volves formulating a mathematical optimisation problem to find the
most accurate estimate of the system’s state based on the available data
while considering uncertainties and errors. On the other hand, a
learning-based algorithm depends on patterns learnt from historical
data to predict the system’s state. Both methods use statistical or ma­
chine learning models to implement the mitigation. Major models used
to detect FDIA are classified into statistical analysis, anomaly detection
and intrusion detection. Examples of statistical analysis are normal
distribution function, SVM, k-means and neural networks anomaly
detection, while intrusion detection involves decision trees and random
forests. Anomaly and intrusion detection algorithms include the prin­
cipal component analysis (PCA) and Naïve Bayes. The machine learning
methods of logistic regression, SVM, decision trees, naïve Bayes and
neural networks are prominent among these methods because of their
proficiency in binary classification. This section first assesses the exist­
ing and proposed classification algorithms, discusses the proposed
model training, validation and testing methods, and eventually in­
troduces a feature ranking and selection algorithm to improve the effi­
cacy of the existing and proposed algorithms.
3.1. Classification algorithms
The characteristics, structure, parameters and optimisation benefits
of the proposed model and other existing algorithms will be compared to
mitigate the potential consequences of FDIA attacks, such as commu­
nication disruptions and equipment damage. FDIA classification models
are designed to identify and correct data errors to ensure the system’s
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

safe and efficient operation. The demerits of most of the models Table 2
mentioned above are assumptions leading to false alarms, complexity, Machine-Learning Classification Models.
and limited fault coverage. The characteristics, structure parameter Models Characteristics Structure and Optimisation
constraints and optimisation benefits of the machine learning algo­ parameter benefits
rithms deployed in the binary classification of DLR data are represented description
in Table 2. Linear Linear Support This algorithm tries LSVM can be
Support Vector Machines to find a straight- computationally
Vector (LSVMs) are line boundary expensive,
3.2. Proposed model training, validation and testing Machines suitable for small between especially for large
to medium-sized categories. It datasets.
DLR sensors measure hourly weather data and use it to calculate the datasets and automatically LSVMs often
problems with adjusts the struggle with
DLR that makes the history data. DLR history data calculated for ten clear margins importance of this imbalanced
years for a typical power transmission line is used in this case study. between classes. boundary based on datasets, requiring
Latency values indicate the delay in computing and communicating Versatile with the data. If a data additional
these values for real-time use. The following procedure explains the different kernel point is techniques such as
functions to misclassified, a class weighting or
model that identifies and mitigates false data in a DLR array:
handle linear and penalty is resampling. Feature
nonlinear decision determined by a selection makes the
(I) Statistical procedure: boundaries. They value of 1. Before model more
work well in cases processing, the efficient for FDIA
Step 1: Inputting history data where the data is adjusted to detection, especially
instances are less have an average in high-dimensional
The history data (Hα ), consists of hourly ampacities spread over ten than the features. value of 0 and a spaces. It improves
years. They are calculated using the IEEE 738 standard for estimating consistent spread generalisation by
the current/temperature relationship of overhead conductors, while the (standardised). focusing on
latency data, Lα (ms) corresponds to the delay in relaying each sensor essential features,
aiding SVMs in
measurement to the servers containing the algorithm. This makes the
managing
hourly latency data and history data size depend on the number of imbalanced FDIA
days in a month. It may be 24 ∗ 300 for a 30-day month, 24 ∗ 310 for a datasets.
31-day month, and 24 ∗ 282 for February over ten years. Wide Neural Wide Neural Wide Neural They are
Networks Networks (WNN) Networks can learn computationally
⎡ ⎤
are complex complex nonlinear intensive and may
m1.1 m1.2 … m1.d˝×y
⎢ ⎥ models involving relationships require significant
⎢ ⎥ interconnected between features, computational
⎢ m2.1 m2.2 … m2.d˝×y ⎥
Hα = ⎢⎢
⎥
⎥ (3) layers and making them resources, especially
⎢ ⋮ ⋮ ⋱ ⋮ ⎥ activation highly flexible and for large and
⎣ ⎦
m24.1 m24.2 … m24.d˝×y functions. Suitable powerful. complex models.
for problems with They can handle Large neural
complex high-dimensional networks can be
where m1.d˝× y represents the first hour of the last day of a particular relationships and data and more susceptible to
month in the 10-year historical data. A simplified example of Lα and Hα large amounts of automatically vanishing gradients
data. They are extract relevant and overfitting,
for the first month (January) is given in (4) (5).
highly flexible features from raw requiring additional
⎡ ⎤ with nonlinear input. The WNN techniques such as
249 296 382 … 334 378 decision deployed here has batch normalisation
⎢ ⎥
⎢ 456 269 374 … 370 360 ⎥ boundaries. one hidden layer and dropout.
⎢ ⎥
L1 = ⎢ ⎥ (4) with 100 Feature selection
⎢ ⋮ ⋮ ⋮ ⋱ 432 469 ⎥ processing nodes. optimises the wide
⎣ ⎦
442 400 403 … 453 370 After each node neural network’s
processes data, it performance by
⎡ ⎤ uses a function focusing on the most
3456 3906 4230 … 4534 3787 called Rectified critical attributes in
⎢ ⎥ Linear Units FDIA detection to
⎢ 4867 3987 4208 … 4670 4360 ⎥
⎢ ⎥ (ReLU) to decide enhance
H1 = ⎢ ⎥ (5)
⎢ ⋮ ⋮ ⋮ ⋱ 4532 4369 ⎥ on the output. The interpretability and
⎣ ⎦ training process training efficiency.
5421 5217 6129 … 4513 3870 will run for a
maximum of 1000
Step 2: Checking for the corresponding Latencies of daily times to adjust and
measurements improve. No
Each element of the daily data denoting the measured ampacity has additional rule
prevents it from
a delay time stamp (L1 ), to deliver the measurements to where it is
fitting too closely
needed for computation. For the most recent measurement in the his­ to the training
torical data, the first element in the first row and column of H1 in (5), data. Just like in
3456 was delivered after 249 ms, while the subsequent measurement the SVM, the data
is adjusted to have
from the element in the second row and first column, 4867, was deliv­
an average value of
ered after 456 ms. Assuming a latency threshold of 400 ms was set for 0 and a consistent
this delivery, which, when exceeded, will make the DLR data unusable, a spread before
previous hour reading will be used to avoid any suspicion of FDIA. processing.
Step 3: Computing the hourly measurements. Decision Tree Decision trees They provide a It sometimes leads
(DTs) use a set of hierarchical to poor
The daily data are computed from each hourly data that meets the
if-else conditions structure of generalisation of
latency requirement. This makes, for example, daily data, D1,1 , the first to recursively split decisions based on unseen data.
day of the first month to be dimension 24 ∗ 1. This dimension will be the (continued on next page)
same for all days in all months.

6
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

Table 2 (continued ) Table 2 (continued )

Models Characteristics Structure and Optimisation Models Characteristics Structure and Optimisation
parameter benefits parameter benefits
description description

the feature space feature splits. This Overfitting can relationships. It applicability.
based on the makes them occur when the tree has limited feature Lastly, threshold
values of input understandable becomes too deep, interaction capture adjustment in
features. The and easy to and decision trees but is effective for BGLM-LR enables
decision tree can interpret. They can may struggle with binary precise calibration
be represented as a handle both capturing certain classification of predictions,
hierarchical numerical and complex tasks. It can especially when
structure of categorical features relationships or provide certain errors have
decision and leaf effectively. The logic patterns. probability more severe
nodes. decision tree has a Additionally, small estimates for consequences than
maximum depth changes in the data anomaly detection others.
controlled by can lead to different using an Regularisation
allowing up to 100 tree structures and unbounded and Strength (Lambda)
decision-making potential instability. continuous log of was set to 0.5 by
points. When odds termed the default to control
deciding how to logit function model complexity,
branch, it uses with higher values
Gini’s diversity leading to more
index, which helps robust
differentiate regularisation.
between
categories. If a
primary decision
⎡ ⎤
3307
rule isn’t ⎢ 3265 ⎥
applicable, there’s D1,1 =⎢
⎣ ⋮ ⎦
⎥ (6)
no backup rule
because the
3277
surrogate decision
Step 4: Checking if the daily data can fit into the history data
split is turned off.
Gaussian Gaussian naïve GNB models GNB feature through z-score
Naïve Bayes Bayes (GNB) is a assume that rating independence Obtain the elements of the daily data.
probabilistic features are assumption might Perform a check to determine if the daily data element should be
classification conditionally not hold in real-
added to the history data:
algorithm that independent given world scenarios,
assumes the the class label. This leading to
features are is usually not the suboptimal a. Place the corresponding daily data element in the first column of the
conditionally case because a performance. history data array.
independent given temporal Feature selection b. Calculate the z-score of the new daily data element based on the
the class label. It correlation exists will assist in
standard deviation and mean of the history data.
may struggle with between DLR identifying crucial
rare events or zero ratings. For this features for FDIA c. If the z-score exceeds 1.0, skip adding the daily data element to the
probabilities. method, when it detection and history data and use the previous hour’s data before proceeding to
Efficient for looks at numerical maintaining the test the next hour’s data in the daily data.
probabilistic data, it assumes a independence d. If the z-score of the subsequent data is within the limit, update the
classification tasks bell-curve-like assumption. It will
and datasets with (Gaussian) also impact
initial and present hour of the history data with the successful
feature distribution. For handling rare events element in the daily data. This ensures all elements in the daily data
independence categorical data, of zero probabilities are within the set limit.
like the presence or by focusing only on e. At the end of each day, all the daily data elements would have
absence of FDIA, it influential features.
replaced the first column of the history data, thereby shifting every
assumes a
distribution that other column by one column to the right and eliminating the last
counts occurrences column of the updated history data to maintain the matrix size. The
(multinomial). updated history data in (5) now appears like (7)
Binary Binary Generalised Logistic regressions Feature selection
Generalised Linear Model are linear models can help identify the
Linear Logistic with sigmoid most relevant
The updated history data is used to train machine learning classi­
Model Regression functions. features for FDIA fication models. This learning-based training validation and testing are
Logistic (BGLM-LR) Coefficient detection, reducing done in step 5.
Regression assumes a linear estimation is noise and improving ⎡ ⎤
relationship pivotal because it model 3307 3456 3906 … 3397 4534
between the defines how each interpretability. - ⎢ ⎥
⎢ 3265 3867 3987 … 4562 4670 ⎥
features and the feature affects the Particularly ⎢ ⎥
Hu1 = ⎢ ⎥ (7)
log odds of the outcome, ensuring beneficial when ⎢ ⋮ ⋮ ⋮ ⋱ 3989 4532 ⎥
binary outcome predictions are dealing with high- ⎣ ⎦
variable. It is a anchored in the dimensional 3277 5421 5217 … 4598 4513
specialised form of data’s true datasets or feature-
generalised linear patterns. rich FDIA scenarios.
model designed for Regularisation in (I) Machine Learning:
binary BGLM-LR guards
classification against over-
tasks. It may optimising training
Steps 1–4 represent the data-driven process involving the statistical
struggle with samples, ensuring calculation of the z-score. In contrast, Step 5 represents the learning-
complex nonlinear the model’s broad based approach that utilises BGLM-LR to learn from features and clas­
sify each reading as either a ‘Good Measure’ or FDIA. Fig. 2 illustrates

7
O.A. Lawal et al.
Fig. 2. Data-driven, learning-based FDIA mitigation.
the proposed data-driven, learning-based model to mitigate these chal­
lenges. Features to learn from for each month consist of over 300 daily
historical and statistical data. The MR-MR algorithm will be used to
assess all features and select the essential ones for training, thus
reducing the occurrence of false positives and false negatives. Since this
is a binary classification scenario to minimise misclassifications,
particularly instances of false negatives, the combination of BGLM-LR
with the z-score and a minimum redundancy-maximum relevance
(MR-MR) algorithm aims to outperform its counterparts. The model
8
Sustainable Energy, Grids and Networks 38 (2024) 101347
hopes to excel in detecting FDIA by distinguishing genuine and manip­
ulated data instances through binary classification. Its probabilistic
outputs enable nuanced certainty assessments in FDIA predictions, and
model coefficients offer valuable insights into key features driving FDIA
detection. Despite its linear assumptions, BGLM-LR captures complex
FDIA patterns using techniques like polynomial terms, making it ideal
for real-time detection and large datasets. Its simplicity, interpretability,
and robustness to noisy data contribute to effective FDIA detection and
make it suitable for real-world mitigation.
O.A. Lawal et al.
Step 5: Train the Machine learning algorithm with the updated
history knowledge base
Training:
a. Preprocessing of Data: The historical data is updated and trans­
formed into predictors, incorporating additional columns that
represent statistical measures of mean, median, range, standard de­
viation, and z-score for each hour. This preprocessing step ensures
the data is appropriately formatted and ready for training.
b. Feature Ranking: Besides preprocessing, feature selection and
extraction techniques are applied to the data to identify the most
relevant and impactful features for the classification task. This is
done by the MR-MR algorithm selecting the most relevant and least
redundant features from the training dataset comprising hundreds of
features from hourly ratings for each month over ten years as ob­
tained in (7), their mean, median, range and z-score. This technique
helps reduce the dimensionality of the data and eliminate irrelevant
or redundant features, enhancing the training efficiency by reducing
computational complexity.
c. Data Splitting for Training: After feature ranking and selection, the
data is split into training and testing datasets. The algorithm is
trained using eight months of hourly data (January to August), while
the remaining four months (September to December) are reserved for
testing. This splitting is achieved using a 67–33% training-to-testing
ratio. This ratio is carefully chosen to prevent overfitting while
considering data volume, computational efficiency, complexity, and
variation.
Testing:
Classification Algorithm Evaluation: The four months of data
reserved for testing will be tested for FDIA. Once the proposed model is
trained using the training dataset, the efficacy of the proposed model
and other similar machine-learning algorithms are evaluated using the
testing dataset. The evaluation assesses their performance and gener­
alisation to new, unseen data. The model’s ability to accurately detect
and distinguish between ‘Good Measure’ and FDIA instances is thor­
oughly assessed during this phase.
Validation:
Model Validation: The trained z-score-BGLM-LR model is subjected
to the same procedure as the Support Vector Machines, Neural Network,
and Naïve Bayes. This makes them a z-score-LSVM, z-score-WNN, z-
score-GNB and z-score-DT. They were all validated using fundamental
and derived classification validation metrics. Accurate identification of
the presence and absence of FDIA is of utmost importance, with the
additional significance of avoiding false identification of the presence of
FDIA as a ’Good Measure’. The models’ performance is rigorously
evaluated through comprehensive validation tests, ensuring their reli­
ability and efficacy in detecting and mitigating FDIA accurately.
In summary, the procedure entails training classification models
through data preprocessing, data splitting into training and testing
datasets, feature selection and extraction for training and testing. The
models are then evaluated using the testing dataset to assess their per­
formance and generalisation capabilities. Finally, the trained models
undergo validation to ensure their accuracy and effectiveness in
detecting and mitigating false data injection attacks. This comprehen­
sive approach, including feature selection and extraction, contributes to
developing a robust and reliable system to safeguard the integrity of the
CPS against potential false data injection attacks. Under normal oper­
ating conditions, the physical part of the CPS functions as intended, and
cyberspace processes distribute information with normal communica­
tion latency. However, if extraneous data infiltrates the DLR sensor, it
can inhibit the communication rate between the sensors and operators,
causing traffic anomalies and fluctuations in the communication space.
This leads to abnormal operations of the cyber and physical components
of the CPS. In another sense, an attacker could alter the DLR data,
causing an exponential increase or decrease in the anticipated line
9
Sustainable Energy, Grids and Networks 38 (2024) 101347
rating, thereby causing operators to erroneously pick or drop loads,
causing damage to several pieces of equipment, accidents, and fire
outbreaks. The contributions of this study to false data injection attacks
on CPS are:
(a) Integrated Mitigation Model: This study proposes an innovative
model integrating data-driven and learning-based techniques to detect
FDIA in DLR sensor data. Combining statistical analysis and machine
learning via z-score, MR-MR and a BGLM-LR classifier, it addresses
uncertainties and errors in sensor measurements, forming the historical
data for DLR operations in real-time power systems. The integration
enables the model to distinguish between genuine ‘Good Measure’ data
and potential FDIA through a robust feature selection, training, testing
and validation.
(b) Feature Selection: It incorporates the MR-MR feature ranking
and selection algorithm as a crucial step in the integrated mitigation
model. By applying this technique, the model identifies the most rele­
vant and impactful features from the historical data to improve the
computational efficiency of the proposed model. Feature selection and
extraction help reduce the dimensionality of the data, eliminate irrele­
vant and redundant features, and focus on those that contribute most to
distinguishing between ‘Good Measure’ and potential FDIA instances.
(c) Performance Metrics and Algorithm Validation: This study
rigorously validates the proposed model’s performance using funda­
mental and derived classification error metrics. By extensively exploring
multiple classifiers used for similar purposes, including LSVM, WNN,
GNB and BGLM-LR, it identifies the best-performing algorithm capable
of accurately distinguishing between ‘Good Measure’ data and potential
FDIA using fundamental and derived metrics. This systematic validation
ensures reliable and efficient DLR data protection for the security of
cyber-physical systems.
3.3. MR-MR Feature Ranking and Selection
MR-MR algorithm allows the identification of the most important
and informative DLR entries that contribute significantly to determining
the presence or absence of FDIA. It avoids redundant or irrelevant en­
tries that may not provide additional insights. This feature selection
process is especially useful when dealing with large and dynamic data­
sets like DLR histories, as it can help improve the efficiency and accuracy
of analytical models and decision support systems. The basic steps
involved are:
1. Initialisation:
(a) Define an empty set, SelectedFeatures.
(b) Compute the mutual information between each DLR feature and
the hourly measures of central tendencies and dispersions
calculated with the FDIA classification target. Store these values.
2. Initial Selection:
(c) Identify the DLR feature with the highest mutual information
with the FDIA target. This represents the most relevant feature.
(d) Add this feature to the SelectedFeatures set.
3. Iterative Feature Selection:
(e) For each remaining unselected DLR feature, compute its mutual
information quotient (MIQ). This is done by:
(i) Calculating its mutual information with the FDIA target
(relevance).
(ii) Calculate its average mutual information with the Selected
Features in the SelectedFeatures set (redundancy).
(iii) Taking the quotient: MIQ = Relevance / (1 + Redundancy).
(f) From the unselected features, pick the one with the highest MIQ
value. This feature is relevant to the FDIA target and minimally
redundant with the previously selected features.
(g) Add this feature to the SelectedFeatures set.
(h) Repeat this step until a pre-defined stopping criterion is met (e.
g., a certain number of features are selected, or the MIQ value
falls below a threshold).
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

4. Final Feature Set: 4. Results and Discussion

(i) The SelectedFeatures set now contains best ranked DLR fea­
tures and statistical measures selected based on their MIQ values The simulation output shows how FDIA affects DLR historical data
concerning the FDIA classification task. and latency values. Combining a statistical (data-driven) algorithm
(ii) Use this set for improving the viable machine learning algo­ based on the hourly z-score with several machine-learning (learning-
rithms prepared for the FDIA classification model. based) models allowed hybrid algorithm training. The training and
testing were done in the first instance without feature ranking and se­
Integrating the feature ranking and selection with machine learning lection and they were repeated after feature ranking and selection. The
algorithms guarantees that the chosen DLR features and statistical MR-MR algorithm significantly impacts machine learning algorithms’
values provide the most relevant insights into FDIA cases by maximising training, validation, and testing for mitigating FDIA. During training,
their relevance to the classification task and minimising information MR-MR aids in ranking and selecting the most relevant, distinguished
redundancy, resulting in efficient classification. However, the proposed features, reducing overfitting, and improving model generalisation to
model using real-time DLR data features, resource limitations, assump­ unseen data. Among these DLR features and their statistical represen­
tions regarding known attack models and insufficient consideration of tations, 30 highly ranked features were selected by the MR-MR algo­
adversarial behaviour are imminent limitations. Overcoming these ob­ rithm. These are the z-score, class (Good Measure or FDIA), new
stacles will require more robust interdisciplinary cooperation to devise measure and other 27 different days DLR data features. In the validation
resilient and scalable solutions that adequately safeguard power systems phase, MR-MR refines the model’s performance by excluding irrelevant
from FDIA threats. or redundant features, resulting in more reliable output.

3.4. Error Metrics 4.1. Performance evaluation metrics

Accuracy and precision metrics are vital; however, like in medical Table 4(a) through 4(d) provide a comprehensive overview of the
diagnosis, forensics and fraud detection, the best model should have the evaluation metrics observed during both the validation and testing
highest sensitivity and the lowest false negative rate (FNR). Table 3 phases of BGLM-LR and other algorithms. These metrics offer a
depicts the fundamental and derived error metrics used to gauge the comparative analysis between models utilising MR-MR feature ranking
efficacy of FDIA mitigation algorithms [32], [33]. and selection and when it was unutilised. Derived from the confusion
matrix for each model, the error metrics reflect average values for
informedness, specificity, and markedness, coupled with satisfactory
levels of accuracy, precision, and recall during the validation phase.

Table 3
Error metrics.
Error Metrics Formulae Characteristics

FUNDAMENTAL
METRICS
ACCURACY TP + TN Accuracy is easy to understand and widely used in many fields. However, it can be
TP + F N + F P + TN misleading in imbalanced datasets where it may give a high score even though the
classifier only correctly identifies the majority class.
PRECISION TP Precision provides an idea of the number of correctly identified positive instances out of
TP + F P all the cases identified as positive by the classifier but does not consider false negatives.
RECALL TP Recall provides an idea of the number of correctly identified positive instances out of all
(SENSITIVITY) TP + F N positive samples in the dataset, making it essential in cases where false negatives are more
costly.
FALSE NEGATIVE FN FNR provides an idea of the number of false negatives out of all positive instances in the
RATE TP + F N dataset but does not consider false positives.
SPECIFICITY TN Specificity provides an idea of the number of correctly identified negative instances out of
F P + TN all instances identified as negative by the classifier. It is crucial in cases where false
positive predictions are more costly than false negatives but do not consider false
negatives.
DERIVED METRICS
F-MEASURE (PRECISION ∗ RECALL) F-measure ranges from 0 to 1, where 0 indicates the worst performance, and 1 indicates
2 ∗
(PRECISION + RECALL) the best performance. F-measure is useful when the data is imbalanced.
INFORMEDNESS TPR + TNR – 1 This depicts the extent to which the model’s predictions are better than random guessing.
It ranges from − 1–1, where − 1 indicates the worst performance, and 1 indicates the best
performance (the entire agreement between the model’s predictions and the actual
values).
MARKEDNESS PPV + NPV – 1 Positive predictive value (PPV) is the same as precision, and negative predictive value
(NPV) involves dividing the number of true negatives by the sum of true and false
negatives. Markedness measures the extent to which the model’s positive predictions are
more informative than random guessing. Markedness ranges from − 1–1, where − 1
indicates the worst performance, and 1 indicates the best performance (total agreement
between the model’s predictions and the actual values).
CORRELATION (TP ∗ TN ) − (FP ∗ FN ) Correlation quantifies the extent of the linear connection between the predictions of a
√̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅̅
((TP + FP ) ∗ (TP + FN ) ∗ (TN + FP ) ∗ (TN + FN )) model and the actual values. Correlation ranges from − 1–1, where − 1 indicates a perfect
negative correlation, and 1 shows a perfect positive correlation.
∫1
ROC (AUC) TPR(FPR) dFPR The area under the receiver operating characteristics (ROC) curve (AUC) is a standard
0
metric used to evaluate the performance of a binary classifier. AUC ranges from 0 to 1,
where 0 indicates the worst performance, and 1 indicates the best performance.

Where TP , TN , FP , FN TPR, TNR, FPR represent the true positive, true negative, false positive and false negative, true positive rate, true negative rate and false positive
rate respectively.

10
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

Table 4 (a)
Model Validation Results.
Machine learning BINARY GENERALISED LINEAR MODEL GAUSSIAN NAÏVE LINEAR SUPPORT VECTOR WIDE NEURAL FINE DECISION
model LOGISTIC REGRESSION BAYES MACHINE NETWORK TREE
Metrics

FUNDAMENTAL
METRICS
ACCURACY 0.714 0.770 0.755 0.760 1.000
PRECISION 0.789 0.815 0.764 0.778 1.000
RECALL 0.827 0.885 0.935 0.935 1.000
FNR 0.250 0.167 0.063 0.094 0.000
SPECIFICITY 0.415 0.471 0.093 0.302 1.000
TRAINING TIME (s) 66.70 65.44 64.33 59.19 72.34
DERIVED METRICS
F-MEASURE 0.807 0.848 0.850 0.850 1.000
INFORMEDNESS 0.427 0.542 0.542 0.521 1.000
MARKEDNESS 0.266 0.424 0.424 0.418 1.000
CORRELATION 0.254 0.389 0.281 0.315 1.000
ROC (AUC) 0.681 0.798 0.819 0.751 1.000

Intriguingly, MR-MR-selected features yielded noticeable improvements
across these metrics. Particularly noteworthy is the marginal improve­
ment in the BGLM-LR model validation, as highlighted in Table 4(a) and
4(b). MR-MR feature selection surged precision from 0.789 to 0.897,
while informedness rose significantly from 0.427 to 0.833 during the
validation phase. These enhancements underscore the efficacy of inte­
grating the MR-MR feature ranking and selection approach, showcasing
its ability to refine model performance and bolster effective
classification.
In the pre-MR-MR scenario of Table 4(a), a notable presence of false
negatives was recorded during validation. With the utilisation of the
MR-MR feature selection, as outlined in Table 4(b), there was a signif­
icant improvement in model performance. For instance, BGLM-LR’s
accuracy improved from 0.714 to 0.917 post-MR-MR application, indi­
cating the technique’s effectiveness in enhancing model generalisation.
This improvement was further validated by a decrease in its false
negative rate (FNR) from 0.250 to 0.000. LSVM performed at par with
the BGLM-LR in the pre and post-MR-MR ranking and selection while
GNB and WNN had an average performance but were lower in most
cases than the BGLM-LR. The training time for BGLM-LR pre-MR-MR
feature selection was highest at 66.70 s among pairs behind the DT of
72.34 s. While BGLM-LR is a powerful and interpretable algorithm, its
performance may be inferior to other algorithms in scenarios charac­
terised by imbalanced classes, non-linear relationships and high-
dimensional data.
Post-MR-MR feature selection, training and validation the BGLM-LR
surpassed all other algorithms in their training and validation time as
illustrated in Table 4(b). Since the dimensionality of the data has been
reduced, it achieved a training time of 69.68 s while GNB, LSVM, WNN
and DT were completely trained and validated after 79.37 s, 77.38 s,
122.22 s and 72.34 s. Its simplicity, efficiency, scalability, interpret­
ability, and ability to provide probabilistic predictions make binary GLM
logistic regression a valuable choice for quick training in classification
problems, particularly when computational resources are limited or
when interpretability and model transparency are essential.
During the testing phase, the models initially demonstrated
commendable performance across various metrics such as F-measure,
recall, markedness, and correlation. However, following the integration
of the MR-MR feature ranking algorithm, these metrics experienced a
remarkable transition from commendable to exceptional levels. Table 4
(c) and 4(d) provide specific insights into this transition, particularly
highlighting the BGLM-LR model’s performance post-feature selection.
Notably, the model exhibited optimal values for FNR and recall, with
FNR reduced to 0.000 and recall reaching 1.000. These values represent
a substantial improvement from their previous counterparts, where FNR
stood at 0.042 and recall at 0.942. This significant enhancement un­
derscores the efficacy of incorporating the MR-MR feature ranking
approach. It demonstrates the algorithm’s ability to refine model per­
formance, effectively reducing false negatives and enhancing recall,
thereby fortifying the model’s classification capabilities and overall
reliability.
The empirical findings reveal that the BGLM-LR, GNB, LSVM, and
WNN models exhibited commendable performance on novel data
following MR-MR feature optimisation. These algorithms demonstrated
elevated metrics in accuracy, precision, recall, and F-measure, high­
lighting their suitability for practical FDIA detection deployments.
Variability in performance metrics was observed among the models,
with the Fine DT model particularly standing out with exemplary scores

Table 4 (b)
MR-MR Ranked Features Model Validation Results.
Machine learning BINARY GENERALISED LINEAR MODEL GAUSSIAN NAÏVE LINEAR SUPPORT VECTOR WIDE NEURAL FINE DECISION
model LOGISTIC REGRESSION BAYES MACHINE NETWORK TREE
Metrics

FUNDAMENTAL
METRICS
ACCURACY 0.917 0.984 0.917 0.917 1.000
PRECISION 0.897 0.979 0.897 0.897 1.000
RECALL 1.000 1.000 1.000 1.000 1.000
FNR 0.000 0.000 0.000 0.000 0.000
SPECIFICITY 0.698 0.943 0.698 0.698 1.000
TRAINING TIME (s) 69.68 79.37 77.38 122.2 72.34
DERIVED METRICS
F-MEASURE 0.946 0.989 0.946 0.946 1.000
INFORMEDNESS 0.833 0.967 0.833 0.833 1.000
MARKEDNESS 0.897 0.979 0.897 0.897 1.000
CORRELATION 0.791 0.961 0.791 0.791 1.000
ROC (AUC) 1.000 0.994 0.730 0.730 1.000

11
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

Table 4 (c)
Model Testing Results.
Machine learning BINARY GENERALISED LINEAR MODEL GAUSSIAN NAÏVE LINEAR SUPPORT VECTOR WIDE NEURAL FINE DECISION
model LOGISTIC REGRESSION BAYES MACHINE NETWORK TREE
Metrics

FUNDAMENTAL
METRICS
TESTING ACCURACY 0.698 0.781 0.729 0.729 1.000
PRECISION 0.722 0.786 0.772 0.747 1.000
RECALL 0.942 0.957 0.884 0.942 1.000
FNR 0.042 0.031 0.083 0.042 0.000
SPECIFICITY 0.074 0.333 0.333 0.185 1.000
DERIVED METRICS
F-MEASURE 0.818 0.863 0.824 0.833 1.000
INFORMEDNESS -0.302 -0.219 -0.271 -0.271 1.000
MARKEDNESS 0.560 0.536 0.302 0.303 1.000
CORRELATION 0.030 0.394 0.256 0.196 1.000
ROC (AUC) 0.556 0.847 0.851 0.712 1.000

across accuracy 1.000, precision, recall, F-measure, and ROC (AUC)
during validation. While these outcomes were impressive, concerns
arose regarding potential overfitting, suggesting a possible memo­
risation of the training data. Upon testing the models on new datasets,
initial results captured in Table 4(c) were surpassed post-MR-MR opti­
misation, as demonstrated in Table 4(d). For instance, the WNN’s ac­
curacy improved from 0.729 to 0.802. Similarly, the GNB model’s
precision rose from 0.786 to 0.983, reaffirming the pivotal role of MR-
MR in refining model performance.
4.2. Comparison of Model Validation and Testing Results
In the initial assessment of validation and testing in Fig. 3(a-h),
BGLM-LR demonstrated a performance that could be characterised as
moderate. During validation, Fig. 3(a), achieved an AUC of 0.6809,
while during testing, Fig. 3(b), yielded an AUC of 0.5563, indicative of
performance approaching chance levels, as denoted by the red dotted
line. Conversely, GNB, as depicted in Fig. 3(c) and (d), surpassed BGLM-
LR by achieving an improved testing AUC of 0.8465 and a validation
AUC of 0.7978. Similarly, LSVM outperformed BGLM-LR during both
validation and testing before the application of feature ranking and se­
lection. It recorded AUC values of 0.8188 during validation, Fig. 3(e)
and 0.8514 during testing, Fig. 3(f). The WNN, illustrated in Fig. 3(g)
and (h), also demonstrated competitive results, with an AUC of 0.7513
during validation and 0.7117 during testing.
The integration of MR-MR feature ranking and selection marked a
pivotal enhancement for the algorithms under evaluation. Notably, this
integration propelled BGLM-LR, previously showing moderate success,
to a significantly higher level of performance. Across all evaluation
metrics, BGLM-LR and LSVM emerged as the standout algorithms.
During the evaluation phases, their AUC scores reached an exemplary
1.000, as demonstrated in Fig. 4(c) and 4(d) respectively, highlighting
their superiority over other classifiers. These results strongly affirm the
transformative potential of MR-MR feature selection techniques in
enhancing model efficacy.
Furthermore, GNB and WNN also experienced substantial benefits
from MR-MR optimisation, evident in Fig. 4(a) and (b) respectively.
Their testing AUC scores witnessed remarkable improvements, rising
from 0.8465 in Fig. 3(d) and 0.7117 in Fig. 3(h) to 0.9147 in Fig. 4(a)
and 0.9595 in Fig. 4(b) respectively, indicative of enhanced perfor­
mance. However, it is noteworthy that despite these considerable gains,
they still slightly trailed the BGLM-LR. This underscores the exceptional
effectiveness of BGLM-LR when combined with MR-MR, positioning it as
the leading choice for detecting FDIA.
In summary, this research underscores the critical role of optimisa­
tion techniques like MR-MR in False Data Injection Attack detection.
BGLM-LR’s transformation into a top-performing algorithm exemplifies
the potential of feature selection in elevating model performance, ulti­
mately establishing itself as the premier choice among the evaluated
classifiers.
5. Conclusion
This research has addressed FDIA on DLR systems in cyber-physical
power system networks using integrated statistical and machine
learning models. By standardising DLR ratings with the z-score tech­
nique and employing MR-MR feature ranking and selection, the
misidentification of FDIA was minimized with the learning algorithm.
The research highlights the efficacy of MR-MR in enhancing model
performance, with notable potential seen in BGLM Logistic Regression
and Linear Support Vector Machine. The two algorithms have compa­
rably exceptional results in testing, but BGLM Logistic Regression

Table 4 (d)
MR-MR Ranked Features Model Testing Results.
Machine learning BINARY GENERALISED LINEAR MODEL GAUSSIAN NAÏVE LINEAR SUPPORT VECTOR WIDE NEURAL FINE DECISION
model LOGISTIC REGRESSION BAYES MACHINE NETWORK TREE
Metrics

FUNDAMENTAL
METRICS
TESTING ACCURACY 0.844 0.875 0.844 0.802 1.000
PRECISION 0.821 0.983 0.821 0.813 1.000
RECALL 1.000 0.841 1.000 0.942 1.000
FNR 0.000 0.115 0.000 0.042 0.000
SPECIFICITY 0.444 0.963 0.444 0.444 1.000
DERIVED METRICS
F-MEASURE 0.902 0.906 0.902 0.872 1.000
INFORMEDNESS -0.406 -0.125 -0.156 -0.198 1.000
MARKEDNESS 0.821 0.686 0.821 0.563 1.000
CORRELATION 0.604 0.742 0.604 0.466 1.000
ROC (AUC) 1.000 0.915 1.000 0.960 1.000

12
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

Fig. 3. Confusion matrix of algorithms.

13
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

Fig. 3. (continued).

14
O.A. Lawal et al. Sustainable Energy, Grids and Networks 38 (2024) 101347

Fig. 4. (a) and (b). BGLM-LR Validation and Testing. (c) and (d). GNB Validation and Testing. (e) and (f). LSVM Validation and Testing. (g) and (h). WNN Validation
and Testing.

exhibits marginal improvements in FNR, Recall, and AUC values from
training to testing. Additionally, the training and validation time of
BGLM-LR was minimal compared to LSVM and other models, making it
the fastest model among peers and a desirable choice when conserving
computational resources is pertinent. Implementing this model on CPS
networks will allow the full utilisation of line capacity thereby allowing
more renewables gearing towards the achievement of a sustainable en­
ergy grid. Such integrated solutions would aid in meeting the United
Nations’ 7th and 13th Sustainable Development Goals for 2030, namely,
affordable and greener energy generation, as well as climate change
mitigation [34]. Future studies should explore diverse optimisation
methods and evaluate algorithms across various datasets and environ­
ments to advance FDIA detection methodologies.

15
O.A. Lawal et al.
CRediT authorship contribution statement
Jiashen Teh: Project administration, Validation, Visualization,
Writing – review & editing. Olatunji Lawal: Conceptualization, Data
curation, Formal analysis, Funding acquisition, Investigation, Method­
ology, Resources, Software, Writing – original draft. Bader Alharbi:
Project administration, Supervision, Validation, Visualization, Writing –
review & editing. Ching-Ming Lai: Investigation, Methodology, Project
administration, Supervision, Validation, Visualization, Writing – review
& editing.
Declaration of Competing Interest
The authors declare that they have no known competing financial
interests or personal relationships that could have appeared to influence
the work reported in this paper.
Data availability
Data will be made available on request.
Acknowledgement
The author extends the appreciation to the Deanship of Postgraduate
Studies and Scientific Research at Majmaah University for funding this
research work through the project number (R-2024-1013).
Appendix A. Supporting information
Supplementary data associated with this article can be found in the
online version at doi:10.1016/j.segan.2024.101347.
References
[1] C.-C. Sun, A. Hahn, C.-C. Liu, Cyber security of a power grid: State-of-the-art, Int. J.
Electr. Power Energy Syst. vol. 99 (Jul. 2018) 45–56, https://doi.org/10.1016/j.
ijepes.2017.12.020.
[2] B. Jimada-Ojuolape, J. Teh, Composite reliability impacts of synchrophasor-based
DTR and SIPS cyber–physical systems, IEEE Syst. J. vol. 16 (3) (Sep. 2022)
3927–3938, https://doi.org/10.1109/JSYST.2021.3132657.
[3] P. Glaum, F. Hofmann, Leveraging the existing German transmission grid with
dynamic line rating, Appl. Energy vol. 343 (Aug. 2023) 121199, https://doi.org/
10.1016/j.apenergy.2023.121199.
[4] O.A. Lawal, J. Teh, A framework for modelling the reliability of dynamic line rating
operations in a cyber–physical power system network, Sustain. Energy Grids Netw.
vol. 35 (Sep. 2023) 101140, https://doi.org/10.1016/j.segan.2023.101140.
[5] T. Barton, P. Musilek, Probabilistic forecasting of dynamic thermal line rating with
temporal correlations, Int. J. Electr. Power Energy Syst. vol. 134 (Jan. 2022)
107443, https://doi.org/10.1016/j.ijepes.2021.107443.
[6] C.-M. Lai, J. Teh, Comprehensive review of the dynamic thermal rating system for
sustainable electrical power systems, Energy Rep. vol. 8 (Nov. 2022) 3263–3288,
https://doi.org/10.1016/j.egyr.2022.02.085.
[7] O.A. Lawal, J. Teh, Dynamic line rating forecasting algorithm for a secure power
system network, Expert Syst. Appl. vol. 219 (Jun. 2023) 119635, https://doi.org/
10.1016/j.eswa.2023.119635.
[8] O.A. Lawal, J. Teh, Assessment of dynamic line rating forecasting methods, Electr.
Power Syst. Res. vol. 214 (2023) 108807, https://doi.org/10.1016/j.
epsr.2022.108807.
[9] T. Krause, R. Ernst, B. Klaer, I. Hacker, M. Henze, Cybersecurity in Power Grids:
challenges and opportunities, Sensors vol. 21 (18) (Sep. 2021) 6225, https://doi.
org/10.3390/s21186225.
[10] M.Z. Gunduz, R. Das, Cyber-security on smart grid: threats and potential solutions,
Comput. Netw. vol. 169 (Mar. 2020) 107094, https://doi.org/10.1016/j.
comnet.2019.107094.
[11] A.D. Syrmakesis, C. Alcaraz, N.D. Hatziargyriou, Classifying resilience approaches
for protecting smart grids against cyber threats, Int. J. Inf. Secur. vol. 21 (5) (Oct.
2022) 1189–1210, https://doi.org/10.1007/s10207-022-00594-7.
16
Sustainable Energy, Grids and Networks 38 (2024) 101347
[12] G. Cao, R. Jia, J. Dang, Distributed resilient mitigation strategy for false data
injection attack in cyber-physical microgrids, Front. Energy Res. vol. 10 (2022),
https://doi.org/10.3389/fenrg.2022.845341.
[13] Y. Liu, P. Ning, M.K. Reiter, False data injection attacks against state estimation in
electric power grids, ACM Trans. Inf. Syst. Secur. vol. 14 (Jun. 2011), https://doi.
org/10.1145/1952982.1952995.
[14] J. Liang, L. Sankar, O. Kosut, Vulnerability analysis and consequences of false data
injection attack on power system state estimation, IEEE Trans. Power Syst. vol. 31
(5) (2016) 3864–3872, https://doi.org/10.1109/TPWRS.2015.2504950.
[15] H. Shi, L. Xie, L. Peng, Detection of false data injection attacks in smart grid based
on a new dimensionality-reduction method, Comput. Electr. Eng. vol. 91 (May
2021) 107058, https://doi.org/10.1016/j.compeleceng.2021.107058.
[16] X. Xiong, S. Hu, D. Sun, S. Hao, H. Li, G. Lin, Detection of false data injection attack
in power information physical system based on SVM–GAB algorithm, Energy Rep.
vol. 8 (Aug. 2022) 1156–1164, https://doi.org/10.1016/j.egyr.2022.02.290.
[17] A. Moradzadeh, M. Mohammadpourfard, I. Genc, S. Şeker, B. Mohammadi-Ivatloo,
Deep learning-based cyber resilient dynamic line rating forecasting, Int. J. Electr.
Power Energy Syst. vol. 142 (Nov. 2022) 108257, https://doi.org/10.1016/j.
ijepes.2022.108257.
[18] A.S. Musleh, G. Chen, Z. Yang Dong, C. Wang, S. Chen, Spatio-temporal data-driven
detection of false data injection attacks in power distribution systems, Int. J. Electr.
Power Energy Syst. vol. 145 (Feb. 2023) 108612, https://doi.org/10.1016/j.
ijepes.2022.108612.
[19] X. Li, Y. Wang, Z. Lu, Graph-based detection for false data injection attacks in
power grid, Energy vol. 263 (Jan. 2023) 125865, https://doi.org/10.1016/j.
energy.2022.125865.
[20] Z. Qu, et al., False data injection attack detection in power systems based on cyber-
physical attack genes, Front. Energy Res. vol. 9 (2021). Accessed: Dec. 13, 2022.
[Online]. Available: 〈https://www.frontiersin.org/articles/10.3389/fenrg.2021
.644489〉.
[21] A. Ahmadi, M. Nabipour, B. Mohammadi-Ivatloo, V. Vahidinasab, Ensemble
learning-based dynamic line rating forecasting under cyberattacks, IEEE Trans.
Power Deliv. vol. 37 (1) (2022) 230–238, https://doi.org/10.1109/
TPWRD.2021.3056055.
[22] H. Moayyed, A. Moradzadeh, A. Mansour-Saatloo, B. Mohammadi-Ivatloo,
M. Abapour, Z. Vale, A global cyber-resilient model for dynamic line rating
forecasting based on deep federated learning, IEEE Syst. J. vol. 17 (4) (Dec. 2023)
6390–6400, https://doi.org/10.1109/JSYST.2023.3287413.
[23] T. Alladi, V. Chamola, S. Zeadally, Industrial control systems: cyberattack trends
and countermeasures, Comput. Commun. vol. 155 (Apr. 2020) 1–8, https://doi.
org/10.1016/j.comcom.2020.03.007.
[24] J.E. Sullivan, D. Kamensky, How cyber-attacks in Ukraine show the vulnerability of
the U.S. power grid, Electr. J. vol. 30 (3) (Apr. 2017) 30–35, https://doi.org/
10.1016/j.tej.2017.02.006.
[25] Y. Xiang, L. Wang, N. Liu, Coordinated attacks on electric power systems in a
cyber-physical environment, Electr. Power Syst. Res. vol. 149 (Aug. 2017)
156–168, https://doi.org/10.1016/j.epsr.2017.04.023.
[26] M. Illindala, K. Subramaniam, A tri-level optimization model to mitigate
coordinated attacks on electric power systems in a cyber-physical environment,
Appl. Energy vol. 235 (Feb. 2019) 204–218, https://doi.org/10.1016/j.
apenergy.2018.10.077.
[27] Z. Li, M. Shahidehpour, A. Alabdulwahab, A. Abusorrah, Analyzing locally
coordinated cyber-physical attacks for undetectable line outages, IEEE Trans.
Smart Grid vol. 9 (1) (Jan. 2018) 35–47, https://doi.org/10.1109/
TSG.2016.2542925.
[28] X. Bo, Z. Qu, Y. Liu, Y. Dong, Z. Zhang, M. Cui, Review of active defense methods
against power CPS false data injection attacks from the multiple spatiotemporal
perspective, Energy Rep. vol. 8 (Nov. 2022) 11235–11248, https://doi.org/
10.1016/j.egyr.2022.08.236.
[29] S. Basumallik, S. Eftekharnejad, B.K. Johnson, The impact of false data injection
attacks against remedial action schemes, Int. J. Electr. Power Energy Syst. vol. 123
(Dec. 2020) 106225, https://doi.org/10.1016/j.ijepes.2020.106225.
[30] F. Zhang, Q. Yang, False data injection attack detection in dynamic power grid: A
recurrent neural network-based method, Front. Energy Res. vol. 10 (2022).
Accessed: Feb. 13, 2024. [Online]. Available: 〈https://www.frontiersin.org/ar
ticles/10.3389/fenrg.2022.1005660〉.
[31] Z. Pang, Y. Fu, H. Guo, J. Sun, Analysis of stealthy false data injection attacks
against networked control systems: three case studies, J. Syst. Sci. Complex. vol. 36
(4) (Aug. 2023) 1407–1422, https://doi.org/10.1007/s11424-022-2120-6.
[32] M. Binkhonain, L. Zhao, A review of machine learning algorithms for identification
and classification of non-functional requirements, Expert Syst. Appl. X vol. 1 (Apr.
2019) 100001, https://doi.org/10.1016/j.eswax.2019.100001.
[33] T. Hastie, R. Tibshirani, J. Friedman, The Elements of Statistical Learning. Springer
Series in Statistics, Springer, New York, NY, 2009, https://doi.org/10.1007/978-0-
387-84858-7.
[34] United Nations, Sustainable Development Goals (SDGs), (2023). https://sdgs.un.
org/goals (accessed 16th March 2024).