Keywords

1 Introduction

In recent years, the industrial control system and the power system automation, intelligent level continuous improvement make the power system rapidly develop. It also makes the grid security defense face more severe challenges at the same time [13]. By tampering the estimated value of power system state estimation, the false data injection attacks (FDIAs) would mislead control center to make wrong decisions and consequently impact severely on the grid’s stability and reliability. Unconsciously, the FDIAs become one of the focuses of current researchers [48]. For this serious vulnerability, how to detect and identify the FDIAs has attracted a lot of attention among researchers. Although there are lots of articles about the FDIAs, most of the existing FDIAs detection methods rarely consider the impact of false data injection attacks on the power system. They ignore the connection of the FDIAs and the power system physical properties. However, for the system operators, it is an effective way that analysis the physical properties of power system to improve the detection and protection ability for FDIAs.

For a given initial operating condition, the voltage stability reflect the ability of power system that regaining state operating equilibrium after being subjected to a physical disturbance [9]. It is very convenient that system operators use fast, simple and correct methods to monitor the proximity of voltage collapse of a power system. Moreover, the node voltage stability can quantitatively measure the stability and reflect the impact of false data injection attacks on the power grid. So, we study and analyze this physical property of power system. We also construct the relationship between the false data injection attack and the node voltage stability to identify the vulnerability level of each node in the complex system, which can help power operators to targeted detection and take the corresponding protective measures timely.

In this paper, we present an efficient detection method against FDIAs. And the main contributions of this paper can be summarized as the following:

We study and analyze the physical property of power system and introduce an index to quantitatively measure the impact of false data injection attacks on the power system. We also construct the relationship between the false data injection attacks and the node voltage stability to identify the vulnerability of each node in the complex system;

According to the value of the node voltage stability, we use the improved clustering method to cluster the nodes into three different clusters. As the result of clustering, the nodes with similar vulnerability level get together for a cluster;

We use the effective state forecasting method to obtain state prediction and detect the false data injection attacks. Besides, we simulate the tests on the IEEE 30-bus systems to verify the effectiveness and performance of the proposed method.

2 Related Work

False data injection attacks (FDIAs), a new typical data integrity attack which is one of the most threatening cyber-attacks in smart grids, is presented firstly in [10]. For this serious vulnerability, many smart algorithms are applied to detect the FDIAs [11], such as geometrically designed residual filter, the generalized likelihood ratio test [4]. And the cumulative sum (CUSUM) test-based detection mechanism introduced in [1214] is also designed for these stealth attacks. The researchers of [15] use the machine learning method to deal with the stealth false data. Moreover, how to economically deploy PMUs to facilitate the state estimator and detect the FDIAs has become an interesting problem [16, 17]. In [18], a detection method based on the PMU is proposed, the authors assume that the measuring of a portion in the system is absolute secure under the protection of the secure physical parts, and the attackers couldn’t tamper the protected meters, otherwise it will be detected as an attack and carry on a limit to the attackers’ behavior. Later, with the power systems increasingly interconnected in the smart grid, distributed state estimate (DSE) becomes an important alternative to centralized and hierarchical solutions [19, 20]. In [21], two new methods of distributed state estimation are proposed, one is using the incremental mode of cooperation, and the other is based on diffusive interaction pattern. The authors of [22, 23] apply the distributed state estimation (DSE) into the fully distributed power system for attack detection. In [24], a bad data detection method based on an extended distributed state estimation (EDSE) is presented. A power system is decomposed into several subsystems using graph partition algorithms. For each subsystem, buses are classified into three groups: internal bus, boundary bus and adjacent bus. Simulation results demonstrate that the detection accuracy of the EDSE-based method is much higher than the traditional method on average, and its computation complexity is significantly lowered.

Nowadays, various methods have been proposed to address the problems of false data injection attacks in Smart Grid. However, the study of the physical property and analyzing networks data to detect the false data injection attacks is very meager. So, we study the corresponding work in this paper.

The rest of this paper is organized as follows. In Sect. 3, the system model and background are discussed. The proposed node vulnerability level identification is shown in Sect. 4. The state forecasting method is discussed in Sect. 5. We simulate the test and the effectiveness and performance of the proposed model and detection method are evaluated in Sect. 6. Finally, the paper is concluded in Sect. 7.

3 System Model and Background

In this section, we briefly discuss the state estimation in power system and the node voltage stability index.

3.1 Notations

In order to check the convenience, some important notations used in our paper are listed in the Table 1.

Table 1. Some important notations
Full size table

3.2 Problem Formulation

In our work, we present a common formulation of the state estimation problem when using a DC power flow. The measurements vector z is an m × 1 vector in a power system such as power flows at transmission lines, and power injections and loads at buses. The power flow measurements can be taken at one or both ends of a transmission line. In the progress of state estimation, we are interested in using the collected set of measurements to estimate an n × 1 vector x of unknown state variables, where \( m \ge n \). The unknown state variables are the voltage angles or voltage magnitudes at different nodes. H denotes the \( m \times n \) measurements Jacobian matrix.

$$ z = Hx + e $$
(1)

Where, the \( e \) is the measurement noise. And the noise is normally Gaussian distributed with zero mean, then the estimated state variables can be express as:

$$ \hat{x} = (H^{T} WH)^{ - 1} H^{T} Wz $$
(2)

Where the \( W \) is a diagonal matrix whose diagonal elements are given by \( W_{ii} = \delta_{i}^{ - 2} \), and \( \delta_{i}^{2} \) is the variance of \( e_{i} \), for \( i = 1,2, \ldots ,n \).

In the FDIAs, an adversary try his/her best to hack the readings of sensors such that the vector of measurement z is replaced by a compromised vector \( z_{f} = z + a \), where the \( a \) is a \( m \times 1 \) attack vector. The attacker constructs the attacked vector \( a \) to be a linear combination of the rows in matrix H, i.e., \( a = Hc \) for some arbitrary n × 1 vector c, then the traditional detection methods based on residue test will not be able to detect the attack since the injected false data will no longer affect the residue:

$$ \begin{aligned} \parallel r\parallel \, & = \,\parallel z_{f} - H\hat{x}_{f} \parallel \\ & = \,\parallel z + a - H(\hat{x} + c)\parallel \\ & = \,\parallel (z - H\hat{x}) + (a - Hc)\parallel \\ & = \,\parallel z - H\hat{x}\parallel < \tau \\ \end{aligned} $$
(3)

and

$$ \begin{aligned} \hat{x}_{f} \, & = \,\hat{x}{\text{ + (H}}^{T} {\text{WH)}}^{ - 1} H^{T} WHc \\ & = \,\hat{x} + c \\ \end{aligned} $$
(4)

By using the knowledge of the line admittances and the power topology, the adversary can successfully implement false data injection attacks which not be detected by the traditional detection methods. But the attacked vectors to the measurements cause the deviation of the state estimation, and this will lead to the grid power collapse or paralysis.

3.3 Node Voltage Stability Description

As we all know, many methods and techniques have been reported for voltage stability analysis and voltage collapse prediction. A number of static voltage stability index have been widely used for evaluating and predicting the proximity of the system to voltage stability. In our paper, we introduce the node voltage stability index (NVSI) presented by the authors in [25], as follows,

$$ NVSI(N_{i} ) = 4U_{j}^{ - 4} (RQ_{i} - XP_{i} )^{2} - 4U_{j}^{ - 2} (XQ_{i} + RP_{j} ) $$
(5)

where the \( NVSI(N_{i} ) \) is the voltage stability index at the node \( i \), \( U_{j} \) is the voltage magnitude of node j. \( R \) and \( X \) are the resistance and reactance of branch respectively, which can be obtained from the power network electric topological database. Besides, \( P_{i} ,Q_{i} \) are the summation of the real power and reactive power. After a successful power flow solution of system, all parameters of Eq. (5) are known, and the \( NVSI(N_{i} ) \) index of each node can be calculated. This index can provide important information about the proximity of the system stability, which enables us to set an index threshold to monitor and predict system stability on-line so that a proper action can be taken to prevent the system from collapse timely and detect the false data in smart grid.

4 Node Vulnerability Level Identification

For real-time or extended real-time operation, the electricity operator collects power data from the SCADA. If an attacker has access to any or all of the measurements, he will manipulate the power data by injecting false data. When the measurements under FDIAs, the corrupted real and reactive power measurements, \( P_{i} \), \( Q_{i} \) and \( U_{j} \) will be changed. Any higher value of the \( NVSI \) indicates that the system is highly likely to voltage collapse. So, the system operators should become concerned about keeping the system with instability margin.

In the light of the \( NVSI \) values of all monitored nodes, we can identify the weakest nodes of the system. The \( NVSI \) at the weakest node will be very large when the system approaches its voltage collapse point. Therefore, a threshold of \( NVSI \) can be easily set up to trigger an emergency remedial action scheme to remind the operator to detect the FDIAs and take appropriate measures protecting the system from voltage collapse.

Clustering algorithms are often used to measure the similarity between different data sources and to classify the data sources into different clusters. K-means++ algorithm is an efficient and well know unsupervised clustering algorithm which has a wide range of applications. However, a major problem of K-means++ is that it may trap in one of the local minima algorithm. In our work, we use the CFPSO algorithm to optimize that imperfection. At the beginning, we set the K-means++ algorithm is replicated \( {s \mathord{\left/ {\vphantom {s 2}} \right. \kern-0pt} 2} \) times, where \( s \) is the population size of the CFPSO. We obtain the cluster centroids from the replicated K-means++ algorithm and use them as half of the initial population of the swarm. Besides, the remaining half swarm population are initialized randomly based on the solution space. In this way, the remaining half input vectors of the swarm still be capable to produce enough diversity in the velocities of the particles to reach to a better solution. In order to identify the nodes vulnerability level, we set \( K = 3 \). So the nodes will be clustered into 3 clusters, which indicates three vulnerability levels, the most vulnerable level, the vulnerable level and the stable level separately. In our analysis, we formulate the total sum of the distance of each particle to the centroids considered as a objection function \( F_{sum\_dis} \).

At the beginning of identifying the nodes vulnerability level, it is a key problem that how to get the best quality clustering centroid. The step-by-step procedure of the proposed solution is described briefly in Fig. 1.

Fig. 1.
figure 1

The procedure of obtaining the centroids

Full size image

Then the following steps describe the vulnerability identification procedure:

  • Read the system data and calculate of each node;

  • Obtain the best quality clustering centroid from above progress, and cluster the nodes into three swarm according the value;

  • Identify the nodes vulnerability level of three swarms. The most vulnerability level, the vulnerability level and the stable level separately.

We simulate experiment at the IEEE 30-bus at one moment, and the result of node vulnerability level in Table 2.

Table 2. The node vulnerability level of IEEE 30-bus system
Full size table

5 State Forecasting Method

The main advantages of identifying the nodes vulnerability level are convenient in modeling and calculations, and ease in real time or on-line applications. The clustering results show that the nodes vulnerability level can reflect the weakest nodes causing system instability, but also help the operators detect the FDIAs. Combining this feature, we propose a new detection method considering two consecutive time frames from to forecast the state of power system and detect the FDIAs.

In the quasi steady state operation of the power system, we can obtain the prediction model by using the historical data and the state estimation. And the forecasting model is

$$ x_{t} = G_{t - 1} x_{t - 1} + Q_{t - 1} $$
(6)

Where \( G_{t - 1} \) is state transition matrix, \( x_{t - 1} \) is state estimated value at time sample \( t - 1 \) and the \( Q_{t - 1} \) is nonzero diagonal matrix. Sampling time is at \( t - 1 \) and \( t \) separately. Hence, we can calculate the forecasting measurements as:

(7)

The measurement residuals at is

(8)

where \( z \) is estimated value at \( t \), the is the forecasting measurements using the data at \( t \). In order to simplify the complexity of the formula, we will omit time scale \( t \) in the following work.

6 Simulation

In this paper, the proposed method is tested on IEEE 30-bus. The experiment model is constructed in the MATPOWER [26], and the test data is obtained from it. We use the \( J(x) \) detector and \( LNR \) detector with our power system physical property for detecting the FDIAs to prove the performance. We construct the attacked vectors using the similar way in [12, 13].

We compare the \( J(x) \) detector and the \( LNR \) detector with our method to see the effectiveness at different false alarm. In the Fig. 2, the ROC shows the trade-off between the probability of attack detection at different probability of false alarms. In our method, if the historical state data is available, the state forecasting is performed.

Fig. 2.
figure 2

The detecting results in IEEE 30-bus system

Full size image

From the Fig. 2, we can find that the detection rate is gradually increased with the change of false alarm. The \( J(x)1 \) indicates the detection rate of traditional detect method, and the \( J(x)2 \) shows the detection rate of our method. Similarly, \( LNR1 \) and \( LNR2 \) denote the traditional and our method respectively. On the other hand, we can see that the detection rate of the \( LNR \) detector is higher than the \( J(x) \) detector.

In a word, according to the node voltage stability index, we can identify the node vulnerability level. After that, we focus on the most vulnerability level firstly, and it help operators take efficient measures timely. State forecasting make operators determine whether exist any false data at time sample \( t \). Finally, the simulation result verifies that the proposed mechanism can effectively detect FDIAs in the smart grid.

7 Conclusion

To deal with the problem of data integrity in smart grid, which may lead to wrong decision makings in power dispatch or electric power market operations, we propose an efficient FDIAs detection scheme based on power system physical property. Firstly, we analysis the power system and introduce the node voltage stability index to identify the vulnerability level of nodes in power system. As the result, we define three levels to cluster the system nodes into three swarms. In the progress of clustering, we use the improved cluster algorithm and realize the nodes clustering. This step help us to find the suspected false data injection points easily. Then we use the state forecasting method to obtain the states of power system. In addition, the and test methods are used to find the sensitive measurement vectors. In the simulation, we built different types of attack vectors, which makes an abundant experimental results. Finally, the simulation result verifies that the proposed mechanism can effectively detect FDIAs in the smart grid.