Model-Measurement Data Integrity Attacks

The vulnerabilities of information and communication technology (ICT) infrastructures leave room for cyber attacks threatening the reliable operations of power systems. Based on the real-world evidence of the Ukraine power grid attack and the popular technical discussion that cyber attacks could be launched at the control-center level, this paper reveals a new attack strategy: model-measurement data integrity (MMI) attack. Instead of compromising measurements only, we investigate the possibility where network parameters are coordinately manipulated when constructing false data injection attack (FDIA) vectors. Furthermore, we model cyber adversaries’ possible behavior of co-planning the manipulated measurement channels and parameter attack vectors prior to the launch of FDIAs. The revealed MMI attack strategy allows a drastic reduction of measurement channels to compromise in run-time for keeping the stealth property. Simulations in the IEEE 14-bus test system and the IEEE 118-bus test system demonstrate the feasibility of the revealed MMI attack strategy.


Model-Measurement Data Integrity Attacks
Gang Cheng, Graduate Student Member, IEEE, Yuzhang Lin , Member, IEEE, Jun Yan , Member, IEEE, Junbo Zhao , Senior Member, IEEE, and Linquan Bai , Senior Member, IEEE Abstract-The vulnerabilities of information and communication technology (ICT) infrastructures leave room for cyber attacks threatening the reliable operations of power systems.Based on the real-world evidence of the Ukraine power grid attack and the popular technical discussion that cyber attacks could be launched at the control-center level, this paper reveals a new attack strategy: model-measurement data integrity (MMI) attack.Instead of compromising measurements only, we investigate the possibility where network parameters are coordinately manipulated when constructing false data injection attack (FDIA) vectors.Furthermore, we model cyber adversaries' possible behavior of co-planning the manipulated measurement channels and parameter attack vectors prior to the launch of FDIAs.The revealed MMI attack strategy allows a drastic reduction of measurement channels to compromise in run-time for keeping the stealth property.Simulations in the IEEE 14-bus test system and the IEEE 118-bus test system demonstrate the feasibility of the revealed MMI attack strategy.
Index Terms-Cyber security, false data injection attack, network parameter, optimization, power system modeling, state estimation.

I. INTRODUCTION
S TATE estimation (SE) plays an essential role in power system monitoring and control by providing real-time situational awareness to support various advanced applications.The measurement data utilized in SE are typically gathered from the supervisory control and data acquisition (SCADA) system or phasor measurement units (PMUs), whose supporting information and communications technology (ICT) infrastructures are vulnerable to a variety of cyber attacks [1], [2].Adversaries may temper the readings of meters [3], manipulate the substation networks [4], or even hack into the control center [5], [6] to falsify the information technology (IT) software or databases [7] and mislead the SE function.Possible consequences introduced by cyber attacks may include the falsification of locational marginal prices (LMPs) [8], [9], malfunctions of safety and stability control systems [10], [11], or even blackouts of power systems [12], [13].
As a major type of cyber attacks against power system SE, data integrity attacks, also known as false data injection attacks (FDIAs), were first proposed by Liu et al. [14].Successful FDIAs have two critical characteristics: stealth and sparsity.Stealth implies that the injected false data can mislead SE without being detected by the conventional residual-based bad data detection (BDD) methods [15].Sparsity implies that false data should be injected into the fewest measurement channels to reduce the required attack resources and the risk of detection [16].
Numerous studies have been carried out regarding the construction of stealthy and sparse FDIAs.For example, [16] proposes two security indices by exploiting the l 0 -and l 1 -norm to investigate the sparsity of FDIAs.The smallest set of attacked meters [17] and an attack subgraph [18] are determined for stealthy FDIAs with the least effort by exploring the graph theory.In [19], two typical attack scenarios, i.e., random and targeted attacks, are studied.Cyber attacks against PMUs and an optimal restoration strategy are investigated in [20].Unlike the attack strategies in [16], [17], [18], [19], [20], where accurate and complete network information is assumed to be known for attackers, FDIAs with incomplete network information have also been widely studied.In [21], the feasibility of constructing perfect and imperfect FDIAs with incomplete network information is verified.Local attack strategies are proposed in [22], [23].The uncertainties and upper bounds of successful FDIAs with incomplete network information are analyzed in [24].
As reviewed above, FDIA strategies involving the manipulations of measurement data have been widely investigated.These data are collected at substations and transmitted across wide-area networks (WANs) with a large surface for attacks.Recently, the manipulation and exploitation of databases at the control-center level have received increasing attention.Compared to the substation-level measurement data, databases at the control center are well-protected and more challenging to access.Nevertheless, adversaries still have the chance to intrude into the industrial control system (ICS) network to wrest the control authority, temper the human-machine interface (HMI), and forge the databases [25].Moreover, malicious employees can implement insider attacks with less effort because they have intimate knowledge of the entire power system and the authority to access the databases [26], [27].The possibility of control-center-level attacks has been verified by the real-world event of the Ukrainian power grid attack c 2023 The Authors.This work is licensed under a Creative Commons Attribution 4.0 License.
For more information, see https://creativecommons.org/licenses/by/4.0/Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
in December 2015 [5], [6], where adversaries hacked into the information and operational networks and manipulated data in the control center.Apart from this event, many other cyber-attack incidents have also been reported and summarized in [28], [29], demonstrating cyber adversaries' possible capability to intrude into well-protected control center networks and falsify data.In view of such realistic threats, a significant volume of literature has investigated attack models at the control-center level.A transmission line rating attack to manipulate nodal prices in real-time markets is studied in [30].
A cyber attack against load forecasting [31] is investigated to misguide operators to make unsuitable decisions for electricity delivery.A cyber-vulnerability analysis model is developed in [32], where the attack paths include unit bids, generation capacities, and line ratings.Cyber attacks against critical network parameters are investigated in [33] to gain unlawful benefits from electricity markets.Meanwhile, network parameters play a critical role in SE and other energy management system (EMS) applications.Although they are stored at control center networks, their vulnerability to outsider and insider FDIAs cannot be overlooked for the following reasons.1) While stealthy measurement FDIAs require simultaneous tempering of multiple meters of communication links deployed in different locations, parameter FDIAs can be launched as long as cyber adversaries acquire the credentials to model databases.2) Network parameters only need to be modified once to exert permanent impacts, which could be done whenever the cyber adversaries are most ready.On the contrary, to launch a measurement FDIA, measurement data streams have to be manipulated continuously in run-time.3) While measurement FDIAs can only affect online EMS applications, parameter FDIAs can affect both online and offline applications, yielding a wider range of impact.Therefore, parameter FDIAs could be rather advantageous for cyber adversaries under certain circumstances.
Although preliminary studies on parameter FDIAs have been reported recently [33], [34], [35], [36], several major issues remain to be addressed.1) Existing works only focus on specific types of parameters (e.g., critical parameters in [33] and transformer tap ratios and phase-shift angles in [34]), and there lacks a general framework for modeling parameter FDIAs.2) The different characteristics of parameter FDIAs (one-time and offline implementation) and measurement FDIAs (continuous and real-time implementation) have not been considered or coordinated.3) The sparsity of attack vectors has not been fully optimized since the l 1 -norm optimization problem has not been fully adjusted to ensure sparsity and the change of measurement channels due to operating point variation during FDIA has not been considered.
This paper develops a general framework to cover network parameter FDIAs, measurement FDIAs, and their coordination in the context of AC SE, namely model-measurement data integrity (MMI) FDIA.Compared with the existing literature, the unique contributions of the proposed framework are as follows.
1) A generic attack model that covers all types of network parameters and measurements is proposed.It is observed that by strategic injection of false parameters into the model database, attackers can drastically reduce the number of measurement channels to be compromised.
2) Based on the fact that network parameters only need to be manipulated once and measurement streams need to be continuously manipulated in run-time, a two-stage coordinated attack framework is proposed.The pre-attack stage determines false parameter vectors and the set of measurement channels to be manipulated offline, and the run-time-attack stage determines the false measurement vectors for each measurement snapshot online.This framework better mimics attackers' behaviors of planning and preparing for attacks in advance.
3) An adaptive group basis pursuit (AGBP) optimization algorithm is developed to enhance the sparsity of compromised measurement channels.The weight adaptation scheme for the regularization terms leads to the oracle property with sparser solutions than existing l 1 -regularization-based FDIA algorithms.
The rest of this paper is organized as follows.Section II reviews the basics of SE, BDD, and FDIAs in AC SE.Section III provides an overview of the proposed MMI FDIA framework.Section IV details the pre-attack and run-timeattack procedures.Section V presents the weight adaptation scheme to enhance the attack sparsity.Section VI presents the solution algorithm of the developed optimization formulation.Section VII demonstrates the effectiveness of the developed framework via simulations.Section VIII concludes the paper.

A. Power System State Estimation
In the AC-based SE, the relationship between measurements and state variables can be expressed as follows [37]: where z ∈ R m×1 is the measurement vector; m is the number of measurement channels; x ∈ R n×1 is the state variable vector; n is the number of state variables; h(•) is the function relating x to z; and e ∈ R m×1 is the measurement error vector.It is assumed that measurement errors follow Gaussian distributions with zero mean and covariance matrix R ∈ R m×m , i.e., e ∼ N(0, R).
The most common weighted least squares (WLS) SE is constructed as: where x ∈ R n×1 is the vector of state estimates and J(•) is the objection function based on the WLS criterion.The Gauss-Newton algorithm [37] is used to solve the WLS problem (2).

B. Bad Data Detection Methods
The Chi-square test and the largest normalized residual (LNR) test are the most widely used BDD methods in WLS SE.The Chi-square test detects bad data by comparing the objective function value, i.e., J(x), with a threshold χ 2 , bad data will be suspected.
The LNR test is a more accurate method for BDD.It is devised by using the normalized residuals, where i is the index of a measurement; I m ∈ R m×m is an identity matrix.If the LNR is larger than a set threshold, the corresponding measurement will be suspected as bad data.
The Chi-square test and the LNR test are residual-based methods.Generally, bad data can be detected only when it induces large measurement residuals in SE.To bypass the residual-based detection methods, the malicious false data must be deliberately designed to achieve the stealth property.

C. False Data Injection Attacks in AC SE
An AC-based measurement FDIA can be designed to stealthily mislead SE by the following criterion [15], where a represents the measurement attack vector; x is the state estimates in the absence of FDIAs; c is a bias vector superposed onto state estimates.The manipulated measurements will be z a = z + a, resulting in measurement residuals as follows: where r a represents the measurement residual vector in the presence of FDIAs.Therefore, the false measurements, i.e., z a , will not be detected by conventional residual-based BDD methods.In addition to the stealth property, attackers also wish to launch an FDIA by manipulating the minimal number of measurements as either part of the meters are well protected or the attack budget is limited [38], [39].This is translated into an l 0 optimization problem [16]: where a o represents that the attack target is to manipulate the oth measurement channel by one per unit; ϒ denotes the set of measurement channels as attack targets.However, there are two issues with using the l 0 -norm.1) Problem ( 7) is non-convex and generally difficult to solve; 2) The entries in solution vector a based on the l 0 optimization may be extremely large, resulting in a divergence issue [16].Therefore, l 1 optimization is used to construct the AC-based FDIAs: The l 1 -norm can achieve a compromise between the sparsity and the magnitudes of the attack vector a.Moreover, the solution to problem (8) can be transformed into the solution to a successive set of linear programming (LP) problems, which can be efficiently solved by existing methods [40].
Limitations: The above FDIA strategy only involves the manipulation of measurement data and does not consider the vulnerability of network parameters.In addition, the measurement attack vectors are optimized snapshot by snapshot independently.As the system operating point varies, the measurement channels to be manipulated in different snapshots may be different, resulting in a large number of channels to be manipulated over the entire course of FDIAs.Furthermore, attackers do not know which measurement channels should be manipulated until they obtain the measurement data and solve (8) during the attack; thus, they cannot prepare for intrusion into measurement channels in advance.Finally, the sparsity may not be optimally achieved as various quantities may be in different scales yet are given uniform weights in the objective function.

III. FRAMEWORK OF PROPOSED ATTACK STRATEGY
In this section, the framework of the proposed MMI attack strategy will be presented.It consists of two parts: the preattack stage and the run-time-attack stage.The pre-attack stage is an offline attack planning stage that can occur over a long period, i.e., weeks to months.It represents the attackers' activities to prepare for the implementation of the attacks.In this stage, attackers aim to determine the set of measurement channels to compromise and the set of parameters to falsify by exploiting historical state estimates.Based on this, they can begin breaching the target measurement channels and manipulating the target network parameters when opportunities arise.On the other hand, the run-time-attack stage refers to a relatively much shorter online attack stage that lasts minutes to hours.It represents the attackers' activities to manipulate realtime measurement streams to achieve their goals, e.g., gaining financial profits or inflicting damages to the power system.The run-time-attack stage is performed based on the outcomes of the pre-attack stage, i.e., the compromised measurement channels and falsified parameter data.It obtains the current state estimate and determines the falsified measurement values to be injected at every instant in the attack interval.The proposed two-stage MMI FDIA framework is shown in Fig. 1.
It should be noted that the MMI attack model assumes that the adversaries have some means to access the control center network, but this does not imply that they have unlimited capabilities or resources.As a result, a minimization of attack effort is still critically needed by the adversaries for the following reasons: 1) Limited opportunities to launch FDIAs for insider attackers.Although malicious employees have intimate knowledge of the entire power system and the authority to access the databases, the opportunities of launching insider attacks are still restricted.For example, opportunities will arise only when malicious employees are on duty in the control center.The time window for implementing the attack is limited, and the time required to implement the attack is related to Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.the number of network parameters to manipulate.2) Risk of detection.In control centers, simultaneous changes of a large number of network parameters appear suspicious and could quickly draw the attention of operators.Hence, to reduce the risk to be detected, attackers desire to minimize the number of parameters to manipulate in the database.3) Limited access to meters.Measurement falsification is non-trivial as well.Measurement data must be manipulated in a live streaming fashion.Therefore, even attackers that have access to the control center network do not have unlimited capability to falsify arbitararily many measurements as they desire.Hence, they are likely to implement a model that minimizes the number of measurement channels.
According to Eq. ( 8), the measurement attack vector a is related to x, h(•), and a o .In transmission systems, the daily load profiles have strong regularities [41], and the parameters and topologies do not change frequently [42].For instance, a few days' load profiles of ISO New England [43] are presented in Fig. 1.Consequently, if attackers plan to launch FDIAs in a given interval, they can collect enormous historical data with similar patterns to help plan the attack, i.e., determining the measurement channels to compromise and the parameter data to falsify.This motivates the pre-attack stage of the proposed framework.When the actual attack is carried out, attackers only need to manipulate the pre-determined set of measurement channels, as described by the run-time-attack stage.
Define the span of the run-time-attack stage as the attack interval.Let {x 1 , x2 , . . ., xN } represent the set of state estimates from historical data, where N is the number of snapshots.In order to represent the trend of power flows in the attack interval, in the pre-attack procedure, enormous snapshots of data are collected from similar historical days.The pattern of power flows is impacted by a variety of factors.To ensure that the pre-selected measurement channels and network parameters are most effective for the run-time-attack stage, the time interval of historical data used in the pre-attack stage should be similar to the targeted run-time-attack interval in the following aspects: time of day, day of week, season of year, weather condition, holidays, etc., to ensure that the power flow patterns of historical data are as similar to those in the targeted run-time-attack interval to the greatest extent.The data sampling scheme is shown in Fig. 1.Let and b * represent the set of measurement channels for intrusion and the parameter attack vector, respectively, both determined in the pre-attack stage.Let x and ã represent state estimate vector and the measurement attack vector in the run-time-attack stage, respectively.A high-level framework of the proposed MMI attack strategy is presented in Fig. 2, where T represents the length of the attack interval.

IV. ATTACK PROBLEM FORMULATION
In Section III, the high-level framework of the proposed MMI FDIA strategy has been discussed.In this section, the mathematical problem formulations of both the pre-attack and the run-time-attack strategies will be presented in detail.
The following measurement equations with network parameters explicitly shown will be used: where p ∈ R s×1 is the network parameter vector; s is the number of network parameters; h p (•) is the nonlinear function relating x and p to z.The stealthy MMI FDIA condition with both the measurement attack vector a ∈ R m×1 and the parameter attack vector b ∈ R s×1 is given by:

A. Determination of Compromised Measurement Channels and Parameter Attack Vector in the Pre-Attack Stage
In the pre-attack stage, the cyber adversaries aim to identify the set of measurement channels to compromise and determine the network parameters to falsify based on historical measurement data.Four points below are to be noted.
1) The primary objectives are to keep the attack stealthy and to minimize the number of measurement channels to compromise.The coordinated manipulation of network parameters will help reduce the number of measurement channels to compromise.
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
2) The number of falsified parameters is also to be minimized, but it is of secondary importance.The reason is that once the cyber adversaries access the network parameter database, increasing the number of falsified parameters does not cost as much as increasing the number of compromised measurement channels.
3) If the attack targets (i.e., variables that attackers aim to manipulate) are not wide-spread, only local measurements and network parameters need to be obtained and manipulated by attackers, and there is no need to obtain complete information of the grid [21].
4) The result should satisfy the stealthy property under various operating points, so multiple measurement snapshots that cover the range of possible operating points when the run-time attack is launched should be incorporated into the problem.
Based on the above rationales, the pre-attack stage is formulated into an AGBP problem as given below, where M i is the ith group in vector M; w i is the weight of the ith group; a is the target value of variables to be manipulated; p and p represent the plausible lower and upper bounds of the parameter attack vector b, respectively.The symbol "hat" is used to denote an estimated value.Noticeably, the inequality constraints enable a customized parameter attack vector with respect to quantities and types.If some parameters cannot be modified, one should simply set p = p = 0 for these parameters.
The developed AGBP problem sparsifies the variables in the objective function in a group manner.It puts the measurement attack values in different snapshots but of the same channel into the same group, each network parameter attack value into an individual group, and all state biases into one group.As such, the vector M can be expressed as, where a j i represents the measurement attack value of the ith channels in the jth snapshot; N is the number of measurement snapshots; c j ∈ R n×1 is the state bias vector for the jth snapshot.The formulation will lead to 1) minimization of the number of measurement channels (instead of the number of measurement data points) to compromise; 2) minimization of the number of network parameters to falsify; and 3) no sparsification of the state bias vector, as it does not cost attack resources.It should be noted that measurement data points and measurement channels are essentially different.A measurement data point refers to the measured value of a physical variable in an individual snapshot.A measurement channel refers to the sensing and communication resources dedicated to collecting measurement data points associated with a physical variable.The developed AGBP problem aims to achieve the optimal sparsity of attacked measurement channels instead of measurement data points, and it tends to enforce the attacked measurement data points to stay in the same set of measurement channels (attacked channels).
The setting of weight w i in the objective function is a key task for enhancing sparsity in AGBP.This problem will be discussed in Section V.
In measurement FDIA model ( 8), the conditions for having feasible solutions satisfying the stealth constraint (5) have been analyzed and demonstrated [1], [14], [16], [24], [38].In our developed MMI FDIA model, a higher degree of freedom is provided to the adversary, as they can manipulate not only measurements or also model parameters.In this case, it is even easier to find a feasible solution to (11) satisfy the stealth constraint (10), and all the conditions for existence of solutions derived for pure measurement FDIAs (e.g., [1], [14], [16], [24], and [38]) are sufficient conditions for the existence of solutions for the proposed MMI FDIA.A simple example is that any measurement attack vector a generated from a pure measurement FDIA (e.g., [1], [14], [16], [24], and [38]) is a solution to the proposed MMI FDIA by setting the parameter attack vector b to zero.
As the MMI FDIAs are developed based on the nonlinear AC power flow models, the AGBP problem (11) cannot be readily solved.Expanding the nonlinear function h p (x + c, p + b) into its Taylor series around b k and c k and neglecting the higher order terms, the nonlinear AGBP problem can be transformed into a successive set of linearized problems and solved iteratively.In this paper, the initial guesses of b and c are set to zero.At the kth iteration, the linearization yields, where k is an index of iteration; b k and c k represent the update values; The kth iteration of the AGBP problem ( 11) can be written in compact form as follows: where Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
where the binary matrix where bk and ĉk represent the solution vector at the kth iteration for the parameter attack vector and the state bias vector, respectively; ĉk = [(ĉ 1,k ) T , (ĉ 2,k ) T , . . ., (ĉ N,k ) T ] T ∈ R (N•n)×1 .Note that the final solution of the measurement attack vector a is directly obtained at the final iteration.The updated estimates, i.e., bk+1 and ĉk+1 , will be used as initial guesses to expand the Taylor series at a new data point.The updated estimates will typically be better approximations to the nonlinear function's solutions than the previous estimates, and the method can be iterated to achieve more accurate solutions.Theoretically, if bk and ĉk converge to zero, the higher-order terms of the Taylor series will be zero.Thus, equation (13) for the stealth condition will be exactly met, In algorithmic implementation, the outer loop terminates when bk and ĉk satisfy the termination tolerance, i.e., bk ∞ ≤ b and ĉk ∞ ≤ c .By controlling the tolerance b and c , the original nonlinear constraint (10) for ensuring stealthy attack can be satisfied at any desirable accuracy level.
Based on the vector solution M * , the set of manipulated measurement channels can be expressed as, where M * i is the solution of the ith group; is the set of measurement channels to manipulate, which will be used to prepare for the intrusion and to guide the run-time-attack stage.

B. Determination of Measurement Attack Vectors in the Run-Time-Attack Stage
In Section IV-B, the set of measurement channels to manipulate and the parameter attack vector are determined in an offline fashion.In this subsection, this information will be used to construct measurement attack vectors based on the system operating conditions in the attack interval.
With the set of the measurement channels to compromise obtained from the pre-attack stage, the least squares (LS) criterion is utilized to construct measurement attack vectors that satisfy the stealth condition to the greatest extent: where ˆ x ∈ R n×1 is the state estimate vector in the attack interval; c is the bias vector injected into ˆ x; b * is the preestimated parameter attack vector from the pre-attack stage; a o is the attack target in the attack interval; a i = 0, ∀i / ∈ represents that the measurement channels that do not belong to set should not be manipulated in the run-time-attack stage.
Similar to Eq. ( 13), the approximation of the objective function in Eq. ( 22) at the kth iteration can be presented as, where k is an index of iteration, and variables with a tilde sign represent those in the run-time-attack stage.
The kth iteration can be written in a compact form as follows: where and I m ∈ R m×m is an identity matrix.By successively solving Problem (24), the overall solution can be updated via the following equation, Similar to the pre-attack stage, the final measurement attack vector a is directly obtained at the last iteration.The iteration will terminate when Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

V. ENHANCING SPARSITY VIA WEIGHT ADAPTATION
The original AGBP problem (11) and its linearized version (14) aim to minimize the number of compromised measurement channels to the FDIA that could be launched with the least effort.However, the sparsity cannot be maximized if the weights in the objective function are set to unity or randomly given.This section will address the weight adaptation problem for AGBP.It has been shown that with unity weights, quantities with larger scales will be penalized more heavily, resulting in sub-optimal sparsity [44].This is of greater concern in our proposed MMI FDIA formulation, where various measurements and network parameters commonly have various scales.
To truly minimize the set of compromised measurement channels, we develop a weight adaptation scheme motivated by the adaptive group LASSO formulation [45], [46] and the grid search algorithm [47], [48].The adaptive group LASSO estimator enjoys the oracle property and can achieve the sparsity property for different groups and perform consistent variable selection [49].In this paper, ridge regression is used to obtain the initial estimates for weight settings due to its stability [49].The ridge regression variant of Problem (11) with the removal of inequality constraints can be equivalently expressed as a successive set of linearized problems, where λ is the regularization coefficient.
The weights in (11) can then be defined using the ridgeregression-based solution, where âridge i ∈ R N×1 and bridge i−m are the estimates of the measurement attack vectors and the parameter attack value in the ith group, respectively; γ is a tuning parameter commonly ranging from 0.5 to 2. Note that the weight of the last group, the state bias vector c, is set to zero since they should not be penalized.
It can be found that the values of weights are subjected to two tuning parameters, i.e., λ and γ .Therefore, an optimal pair of (λ, γ ) needs to be searched to achieve the sparsest set of compromised measurement channels.The steps of the proposed weight adaptation scheme are summarized as follows.
Step 2: Choose η 1 and η 2 candidates for λ and γ in the corresponding intervals, respectively.
Step 3: Compute âridge i and bridge i−m by solving the ridge regression problem in (29) with respect to all λ; then, compute w i via Eq.( 30) with respect to all γ .
Step 4: Execute the pre-attack procedure to test the performances of all sets of weights obtained in Step 3; then, find the optimal λ t and γ t that result in ϑ q = min | |.
Step 6: Output the optimal weights corresponding to λ t and γ t .
Note that the solutions â, b, and ĉ for the AGBP problems (11) under different weights obtained from different tuning parameters (λ, γ ) are independently obtained, and the weight leading to the sparsest solution â is finally selected as the optimal one.As the AGBP problems under different weights are processed separately and in parallel, no numerical convergence issue is present in this selection process.

VI. ADMM-BASED SOLUTION ALGORITHMS
In this section, the alternating direction method of multipliers (ADMM) is customized and exploited to solve the proposed AGBP problem ( 14) for the pre-attack stage and the proposed LS problem (24) for the run-time-attack stage.

A. ADMM Algorithm
ADMM is an algorithm blending the decomposability of dual ascent with the superior convergence properties of the method of multipliers [50].It solves problems in the form of: via the following iterations: where l is the index for iterations in ADMM algorithm, ρ is the augmented Lagrangian parameter.In this paper, ρ is set to 1.

B. Solution Algorithm for the AGBP Problem in the Pre-Attack Stage
The developed AGBP problem at the kth iteration can be written in the form of Eq. ( 31 where The iterative procedures of solving the AGBP problem using the ADMM algorithm are as follows: Eq. ( 37) is the soft thresholding operator, which is defined as where It should be noted that the lower and upper bounds of the parameter attack vector b are enforced as shown in Problem (11), so as to avoid detection by simple rules of thumb.Consequently, for the parameter attack vector, the soft thresholding operator is modified as follows, where ψ k i and ψ k i are the lower and upper bounds of vector ψ k i , respectively.In this paper, the parameter attack vector is constrained between p and p.Hence, ψ k i and ψ k i are set as, where bk i−m is the estimate of the parameter attack at the kth iteration; p i−m and p i−m represent the corresponding entries of p and p, respectively.
The termination criterion can be set as that M k,l+1 − v k,l+1 2 ≤ pri and v k,l+1 − v k,l 2 ≤ dual .The flowchart of the solution algorithm is shown in Fig. 3, which consists of the inner loop and outer loop procedures.The inner loop procedure aims to solve the linearized AGBP problem via the ADMM algorithm to obtain the updates, i.e., âk , bk and ĉk , and the outer loop procedure aims to update the estimates for variables b and c and generates a new linearized problem around the new values of b and c for the inner loop to solve.

C. Solution Algorithm for the LS Problem in the Run-Time-Attack Stage
We treat the LS problem as a LASSO problem without the penalty term, and thus, it can be readily solved by the ADMM algorithm.
The LS Problem ( 24) at the kth iteration can be written in the form of Eq. ( 31), The iterative procedures for solving the LS problem using the ADMM algorithm are as follows: where l is the index of the iteration in the ADMM algorithm.
The termination criterion can be set as that  To ensure the stealth of FDIAs in the run-time-attack stage (i.e., on-line stage), the attack strategies obtained from the pre-attack stage (i.e., off-line stage) should be re-evaluated at times.The re-evaluation of the attack strategies obtained from the pre-attack stage is determined on whether the power flow pattern in the run-time-attack stage deviates significantly from that in the pre-attack stage.One feasible means to evaluate the degree of deviation is to observe the value of the objective function in Eq. (22).Specifically, the value of the objective function can be calculated prior to the actual implementation of FDIAs and compared with a specific threshold.If the value of the objective function is larger than the threshold, it implies that the stealth of FDIAs in the run-time-attack stage will be weakened due to the deviation of the power flow pattern from the pre-attack stage.Then, the run-time-attack stage should not be implemented, and the pre-attack stage should be re-evaluated.Otherwise, the pre-selected set of measurement channels for intrusion and pre-estimated false parameter values can still be utilized to launch the run-time attack.

D. Convergence of the Solution Algorithm
The convergence properties of the solution algorithms are discussed as follows.
1) Convergence of the Inner Loop Procedure: The inner loop aims to solve a linearized AGBP problem (14) via the ADMM algorithm.In [50], [51], [52], it has been proven that if the objective functions, i.e., f and g in the ADMM algorithm, are closed, proper, and convex, and the Lagrangian L 0 has a saddle point, then the primal residual can converge to zero and the objective function can converge to the optimal solution.Besides, it has been proven that the ADMM algorithm is still convergent when solving nonconvex problems as long as specific constraints are satisfied [53], [54], such as the objective functions f and g are Lipchitz differentiable, the penalty parameter is chosen large enough, etc.In the inner loop procedure of our proposed AGBP problem, the objective functions f and g are all convex, wherein f is a linear indicator function and g is a l 2 -norm-based function.Moreover, constraints are all linear.Hence, the convergence of the inner loop procedure using the ADMM algorithm can be achieved.
2) Convergence of the Outer Loop Procedure: The outer loop aims to solve the nonlinear AGBP problem ( 14) via successive linearization.Note that this is a widely used method for solving nonlinear programming problems [55], [56], [57].While the convergence from any initial guess to the solution point cannot be rigorously proven, this method has achieved wide success in the optimization of power systems and many other areas.Just to name a few among many, power system state estimation with nonlinear measurement models using the WLS estimator [37], [58] and the least absolute value (LAV) estimator [37], [59], model reduction of induction machines using the nonlinear LASSO [60], autonomous tracking and state estimation using the generalized group LASSO [61], etc.As has been shown extensively in existing literature, this method has satisfactory performance for a wide variety of nonlinear programming problems in practice.Furthermore, as shown in Section IV-A, it is guaranteed that when the termination criteria of the outer loop bk ∞ ≤ b and ĉk ∞ ≤ c are met, the solution to the original nonlinear AGBP problem is obtained.
In the outer loop procedure, as the algorithm converges more easily when the initial guess is closer to the solution point, taking the state estimate of the same measurement scan instead of the flat start (i.e., setting voltage magnitudes to nominal and angles to zero) as the initial guess makes the algorithm converge much faster.The state estimate could be the one from system operator's historical database or one obtained by feeding the measurement scan to a state estimation algorithm developed by the cyber adversaries.

VII. CASE STUDIES
In this section, the developed two-stage MMI FDIA strategy is tested on IEEE 14-bus and 118-bus systems [62].In the IEEE 14-bus system, there are 47 SCADA measurements including 5 voltage magnitude measurements, 8 pairs of active and reactive power injection measurements, and 13 pairs of active and reactive power flow measurements.In the IEEE 118-bus system, there are 410 SCADA measurements including 54 voltage magnitude measurements, 52 pairs of active and reactive power injection measurements, and 126 pairs of active and reactive power flow measurements.The measurement errors follow a Gaussian distribution with zero mean and standard deviation of 0.01 p.u.
To verify the effectiveness of the proposed MMI FDIA strategy, 10 simulation cases are designed: Cases 1-5 for the IEEE 14-bus system and Cases 6-10 for the IEEE 118-bus system.Moreover, three scenarios are designed for each case.Scenario 1: Network parameters are not manipulated, and only Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

TABLE I
ATTACK TARGETS OF THE 10 SIMULATED FDIA CASES measurements are manipulated as in conventional measurement FDIAs [17], [18], [19], [20]; Scenario 2: Measurements and network parameters are coordinately manipulated, but there is no weight adaptation to enhance the sparsity of measurement channels, i.e., unity weights are set in (11); Scenario 3: Measurements and network parameters are coordinately manipulated, and the proposed weight adaptation scheme is applied.The attack targets, i.e., a o , of the 10 cases are shown in Table I.The magnitude of a o is 0.1 p.u., i.e., a = 0.1, for all cases.In real-world power systems, the value of the attack target can be customized by attackers to achieve their particular goals, such as gaining illegal profit from electricity markets.In this section, the simulations aim to verify the effectiveness of the proposed MMI attack strategy in general.Hence, a uniform value, i.e., a = 0.1, is selected for all cases.The upper and lower bounds for the parameter attack vector are set to 2p and −0.8p, respectively, i.e., 0.2p ≤ p + b ≤ 3p.The bounds make sure that the falsified values of the model parameters look plausible and cannot be easily detected by simple rules of thumb, for example, line reactance should not be negative, or should not be orders-of-magnitude different from a normal value, etc.The tolerances for the ADMM algorithm are set to that pri = 10 −6 p.u. and dual = 10 −6 p.u., and the tolerances for the estimation of measurement and parameter attack vectors are set to that b = 10 −6 p.u. and c = 10 −6 p.u. Compared with the normal ranges of the decision variables, which are commonly larger than 10 −2 p.u., these tolerances are small enough to declare convergence of the algorithm without affecting the accuracy of the solution.In addition, the absolute values of entries in the measurement or parameter attack vector below 10 −3 or 10 −4 p.u. have negligible impacts on the stealth of FDIAs as measurement errors will overshadow the 10 −3 or 10 −4 p.u. FDIA estimation error range, and thus they will be dropped.The Chi-square test is used to detect the false data, and the false alarm rate setting is set to 1% for all cases.

A. Validation of the Coordinated Manipulation of Measurements and Network Parameters in a Single Snapshot
This subsection aims to validate the concept of coordinated manipulation of measurement and network parameter data, and illustrate its benefit (and thus motivation) for cyber adversaries.It does not involve the two-stage sophisticated strategy described in Section III, but simply assumes that measurements and network parameters are coordinately manipulated in a single snapshot.This is done by executing the AGBP problem (11) with N = 1, in which case each group reduces to a single quantity.
The numbers of compromised measurement channels under the 3 scenarios in all the 10 cases are shown in Fig. 5.It can be found that the number of compromised measurement channels  is significantly reduced when the parameters are coordinately manipulated.This shows that by strategically manipulating a few network parameters in the model database (exemplified by the parameter attack vectors in Cases 1-5 of the IEEE 14-bus system under Scenario 3 are shown in Fig. 6), the cyber adversaries can breach into much fewer measurement channels for keeping the FDIA stealthy.This could be a desirable strategy for cyber adversaries, as under certain circumstances, manipulating the streaming data in multiple measurement channels in run-time could be a more challenging task than falsifying network parameters only once.This advantage will be further illustrated and discussed in Section VII-B.Furthermore, it is observed that compared with the unity weight setting, i.e., Scenario 2, the number of compromised channels is further reduced when the weight adaptation scheme described in Section V is employed, i.e., Scenario 3.This verifies the importance of adaptive weight setting for achieving the sparsity of measurement channels.
In order to verify the stealth of the proposed attack strategy, the measurement residuals in Cases 1-5 of the IEEE 14-bus system under Scenario 3 along with measurement residuals in the absence of FDIAs are shown in Fig. 7.It can be seen from this figure that the measurement residuals of different measurement channels in the 5 cases closely match the measurement residuals in the absence of FDIAs.This implies that the proposed MMI FDIAs will not change the measurement residuals, and thus cannot be differentiated from the normal operating condition.For further verification, the conventional residual-based BDD method, i.e., the Chi-square test, Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.   is repeated 2000 times with the average result reported.The positive rate (PR) represents the percentage of samples for which the Chi-square test claims detection of an anomaly.Note that the PR value is not zero even in the absence of FDIAs, since the false alarm rate setting of the test is 1%.The PRs in different cases with the weight adaptation of IEEE 14bus and 118-bus systems are shown in Table II and Table III, respectively, along with those in the absence of FDIAs.In Table II, the PR is 1.05% when there is no FDIA, closely matching the false alarm rate setting of 1%.Noticeably, the PRs of the 5 cases in the presence of FDIAs are also close to the false alarm rate setting, implying that the BDD cannot differentiate between the cases with or without FDIAs under background measurement noise that normally exists.Similar results are seen in Table III.All the results in the two tables again demonstrate the stealth of the proposed MMI FDIA strategy.

B. Validation of the Proposed Two-Stage MMI FDIA Strategy
The simulation cases in Section VII-A demonstrates the concept of MMI FDIA on a single measurement snapshot.This subsection aims to comprehensively verify the two-stage MMI FDIA framework, where the sets of compromised measurement channels and the network parameter attack vector are determined offline based on historical measurement snapshots (i.e., the pre-attack stage), and the measurement attack vectors are determined online for each incoming measurement snapshot in run-time (i.e., the run-time-attack stage).In the  pre-attack stage, 10 snapshots from the historical data are used to solve the AGBP problem, i.e., N = 10, retrieved from the ISO New England public dataset [43].The attack interval is chosen as 4:00-8:00 on Dec. 2, 2021, i.e., T = 4h.In the attack interval, 10 measurement snapshots retrieved at randomly selected instants are used for online measurement attack vector construction.
As the outcomes of the pre-attack stage, the numbers of compromised measurement channels in the attack interval of IEEE 14-bus and 118-bus systems under all the 3 scenarios are shown in Tables IV and V, respectively.The results indicate that: 1) the number of attacked measurement channels can be reduced by coordinately manipulating measurements and parameters; 2) the sparsity of measurement attack vectors can be further enhanced via the proposed weight adaptation scheme.The actual manipulated measurement data points at different instants in the run-time-attack stage of the IEEE 14-bus system are illustrated in Fig. 8. Compared with the sole measurement attacks, MMI attacks require the manipulation of much fewer measurement channels in real-time.For example, in Case 2, the number of compromised measurement channels is reduced from 13 to 5. The results indicate that compared with conventional measurement FDIAs, the sparsity of compromised measurement channels can be greatly enhanced even if multiple snapshots are incorporated in the AGBP problem (as opposed to the single-snapshot case in Section VII-A).Obviously, both the coordinated manipulation of network parameters and the adaptation of weights are contributing to this enhancement.
Besides the above two reasons, however, there is a third noteworthy reason for the minimization of the number of compromised measurement channels: the set of compromised channels is planned across various operating points in the preattack stage.With the group sparsity formulation, the AGBP problem at the pre-attack stage encourages sharing of the same compromised channels in the multiple snapshots covering various system operating points, and once these channels are selected, the cyber adversaries can keep the attack stealthy with the same set of channels regardless of the operating point changes.The conventional attack strategies, however, do not offer such offline planning features and solve the measurement attack vectors of different snapshots in the realtime attack independently.As a result, although the attacked measurement data points are minimal for each snapshot, the channels may change across different snapshots due to the fluctuation of system operating points.This implies that cyber adversaries may need to manipulate data points in different channels at different instants during an attack, leading to a large number of measurement channels being compromised.For example, in Fig. 8-g, the 8 th instant (snapshot) and the 9 th instant (snapshot) require manipulation of many different channels, and cyber adversaries have to access all of them.In fact, as they cannot exactly predict which channels will be needed, they have to intrude into an even larger set of channels that are potentially needed.Our proposed MMI FDIA strategy, by contrast, has a consistent set of measurement channels to manipulate across all the instants (snapshots).Furthermore, these channels are selected prior to the run-time-attack stage, which minimizes the risk of requiring unpredicted channels.This attack strategy can greatly reduce the efforts to launch an FDIA in power systems.
As in the two-stage MMI FDIA strategy, the manipulated measurement channels are pre-determined and not allowed to change in the run-time-attack stage, the constructed measurement attack vectors in the attack interval may not be a perfect match with the stealth condition.To evaluate the stealth performance of the proposed strategy, the same Chi-square test is applied.The PRs at different instants in the IEEE 14-bus system and the IEEE 118-bus system under Scenario 3 are shown in Tables VI and VII, respectively, along with those in the absence of FDIAs.The PRs with and without MMI FDIA are at a similar level, indicating that the statistically effective detection of the FDIAs based on the Chi-square test is impossible.The results demonstrate that the developed attack strategy keeps the desirable stealth feature when multiple measurement snapshots with various operating points are involved.

C. Validation of the Proposed Two-Stage MMI FDIA Strategy Under Network Parameter Uncertainties and Moving Target Defense
In Section VII-B, the stealth and sparsity of the proposed two-stage MMI attack strategy have been demonstrated under  constant network parameters.In real-world power systems, a few network parameters may slightly change with the variations of external environments or operating states.For example, line resistance will be affected by the ambient temperature, and turns ratios of transformers and susceptance of shunt capacitor/reactor banks will be adjusted for voltage regulation.Moreover, network parameters may also change with the implementation of the moving target defense (MTD) strategy using distributed flexible AC transmission system (D-FACTS) devices, which can thwart FDIAs by proactively Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.perturbing the line reactance [23], [63], [64], [65], [66], [67], [68], [69].In this subsection, the effectiveness of the proposed MMI attack strategy will be demonstrated under network parameter uncertainties and MTD, respectively.

1) MMI Attack Strategy Under Network Parameter Uncertainties:
To mimic the uncertainties of network parameters in realistic power systems, simulations in this subsection assume that part of the network parameters, including line resistance, turns ratios of transformers, along with susceptance of shunt capacitor/reactor banks, change between the pre-attack stage and the run-time-attack stage.
In the pre-attack stage, network parameters of the IEEE 14-bus system and the IEEE 118-bus system are extracted from standard databases [62].In the run-time-attack stage, it is assumed that line resistance follows a uniform distribution on the interval [0.95r std , 1.05r std ], where r std represents the vector of standard line resistance; turns ratios of transformers are increased by 0.02 p.u.; and susceptance is increased by 50% for all shunt capacitor/reactor banks.It should be noted that only the turns ratios of transformers and susceptance of shunt capacitor/reactor banks are reported to the control center in the run-time-attack stage; the variations of line resistances are unknown to both grid operators and cyber adversaries.
The PRs at different instants in the attack interval of the two test systems under Scenario 3 along with those in the absence of FDIAs are presented in Tables VIII and IX, respectively.2) MMI Attack Strategy Under Moving Target Defense: It is shown recently that by perturbing line reactances via D-FACTS, the stealth of FDIA could be broken to facilitate attack detection [63], [64], [65], [66], [67], [68], [69].In most power systems today, D-FACTS devices are still scarce.The simulations in this section assume that 40% transmission lines are equipped with D-FACTS devices, representing a possible future scenario with the significant proliferation of D-FACTS technologies.In the pre-attack stage, network parameters of IEEE 14-bus and 118-bus systems are extracted from standard databases [62].In the run-time-attack stage, it is assumed that D-FACTS devices can perturb the line reactance within a rational interval, i.e., [0.5X std , 1.5X std ], where X std represents the value of standard line reactance.It should be noted that MTD is implemented by randomly choosing the branches equipped with D-FACTS devices and the values of perturbations for all cases.
The PRs at different instants in the attack interval of the two test systems under Scenario 3 along with those in the absence of FDIAs are presented in Tables X and XI, respectively.Two interesting results can be found in these two tables.i) PRs of Cases 4, 5, and 6 are larger than the case without FDIA, implying a full or partial success of the MTD in thwarting MMI FDIAs.Meanwhile, the PRs of Cases 1, 2, 3, 7, 8, 9, and 10 remain similar to the case without FDIA, indicating that the MTD is not effective in these cases.For example, in Case 1, the manipulated measurement channels include V 1 , V 2 , V 3 , P 3 , P 5 , Q 2 , and Q 5 , and the falsified parameters include resistance/reactance/changing susceptance at branches 1-2, 1-5, 2-3, 2-4, 5-6, 4-9, and 4-7.In MTD, the perturbed reactance/changing susceptance are located at branches 9-10, Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.In our designed cases, only 40% branches, i.e., 8 branches for the IEEE 14-bus system and 72 branches for the IEEE 118-bus system, are assumed to be equipped with D-FACTS devices.Hence, attackers may still have opportunities to launch stealthy FDIAs to modify the state variables on these buses whose incident branches are not deployed with D-FACTS devices.ii) PRs of Cases 4, 5, and 6 are different, implying that the performance of MTD varies even among the cases where it shows effectiveness.The performance of MTD may be affected by the distribution of measurement errors, the values of attack targets, and the degree of line perturbations, etc.Overall, the simulation results provide intuitive insight into the effect of MTD on the detection of MMI attacks, yet systematic studies are required to further understand and extend the design of MTD for defense against the joint modelmeasurement attacks, which is well beyond the scope of this paper.

VIII. CONCLUSION AND FUTURE WORK
This paper proposes a general two-stage MMI FDIA framework to reveal the cyber threats against both measurement data and network parameter data as well as their possible interaction.Compared with the bulk of the existing measurement FDIA strategies, it is shown that the coordination with network parameter FDIA significantly reduces the required number of measurement channels to manipulate in run-time.The MMI FDIA is formulated as an AGBP problem to achieve the sparsity and stealth properties.It is shown that the weight adaptation is critical for sparsifying the measurement channels to compromise.The proposed attack takes a two-stage process to mimic the attack planning activities of cyber adversaries.It is shown that such planning activities can help select measurement channels to keep the attack stealthy during the whole attack interval with operating point variations.Simulation results in the IEEE 14-bus test system and the IEEE 118-bus test system demonstrate the stealth and sparsity of the developed MMI FDIA framework.
Future studies may involve the impact analysis of MMI FDIAs on power system operations and effective countermeasures.It is known that the operation of electricity markets is heavily dependent on network parameters.Errors in network parameters can impact the transmission line congestion patterns, LMPs, and financial transmission right (FTR) revenues, thus misleading the operation of electricity markets [36].Compared to conventional errors or measurement FDIAs, MMI FDIAs incorporate the manipulations of measurements and network parameters simultaneously, which is more complex and may lead to unpredictable results.Hence, the impact analysis of MMI FDIAs on the electricity market is worth further investigation.Moreover, security assessment, including contingency analysis and transient stability simulation algorithms, is an essential function in modern EMS.An accurate security assessment can provide operators with reliable dispatch plans for system operation.Similarly, the security assessment algorithms are also heavily dependent on network parameters.If network parameters are manipulated or biased, operators may miss critical security violation scenarios and make a wrong decision, resulting in severe consequences, such as cascading failures, once a fault occurs.Hence, it is desirable to study the impact of MMI FDIAs on security assessment in the future.
In addition, effective countermeasures against MMI attacks are worth further investigation in the future.One possible defense strategy is to develop a secure dedicated backup mechanism to detect model parameter falsifications.Specifically, the backup database should not be automatically synchronized with the regular database, which is subject to malicious false data injection.On the contrary, it is located in a wellprotected "trust zone", and the data communication between the trust zone and the external network (including the regular database) is one-way: only the trust zone can access the external network, not the other way around.At the same time, the trust zone is also installed with an FDIA detection algorithm that stores the information about which parameters are likely to be manipulated by cyber adversaries, which is obtained from an impact analysis of model parameters on power flow patterns.With this, the FDIA detection algorithm located in the trust zone can identify suspicious parameter change behaviors and raise alarms to security personnel for investigating the related activities.
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
Another possible defense approach is the MTD by proactively perturbing branch reactance with D-FACTS [63], [64], [65], [66], [67], [68], [69].This idea is shown to be capable of breaking the stealth property of measurement FDIAs, thus making them detectable.However, D-FACTS devices will remain limited in number in most power systems in the near future.While there have been extensive studies on the MTD for measurement FDIAs [63], [64], [65], [66], [67], [68], [69], it is critical to investigate the necessary/sufficient conditions for D-FACTS configurations against MMI FDIAs as well as optimal placement and operation strategies.In addition, it is imperative to study how the distribution of measurement errors, the values of attack targets, and the degree of line reactance perturbations impact the performance of MTD, as shown to be critical by the simulation results in this paper.
Besides the aforementioned potential strategies, other countermeasures could also be developed against the proposed MMI attack model.Overall, the ultimate motivation of the paper is to draw the attention of the technical community on the security vulnerabilities regarding model-measurement datasets in power system operation and encourage research and implementation of effective defense measures.

Fig. 1 .
Fig. 1.Data sampling scheme and framework of the proposed paradigm.

Fig. 2 .
Fig. 2. A high-level framework of the proposed MMI attack strategy.

Fig. 3 .
Fig. 3. Flowchart of the solution algorithm for the AGBP problem.

Fig. 4 .
Fig. 4. Flowchart of the solution algorithm for the LS problem.

Fig. 5 .
Fig. 5. Numbers of compromised measurement channels in the 10 cases under the 3 scenarios.a) the IEEE 14-bus system; b) the IEEE 118-bus system.

TABLE II PRS
IN CASES 1-5 (THE IEEE 14-BUS SYSTEM) WITH THE WEIGHT ADAPTATION, i.e., SCENARIO 3, ALONG WITH PR IN THE ABSENCE OF FDIAS

TABLE III PRS
IN CASES 6-10 (THE IEEE 118-BUS SYSTEM) WITH THE WEIGHT ADAPTATION, i.e., SCENARIO 3, ALONG WITH PR IN THE ABSENCE OF FDIAS

TABLE IV NUMBERS
OF COMPROMISED MEASUREMENT CHANNELS IN THE ATTACK INTERVAL UNDER 3 SCENARIOS (THE IEEE 14-BUS SYSTEM)

TABLE V NUMBERS
OF COMPROMISED MEASUREMENT CHANNELS IN THE ATTACK INTERVAL UNDER 3 SCENARIOS (THE IEEE 118-BUS SYSTEM)

TABLE VI PRS
IN THE ATTACK INTERVAL UNDER SCENARIO 3 ALONG WITH THOSE IN THE ABSENCE OF FDIAS (THE IEEE 14-BUS SYSTEM)

TABLE VII PRS
IN THE ATTACK INTERVAL UNDER SCENARIO 3 ALONG WITH THOSE IN THE ABSENCE OF FDIAS (THE IEEE 118-BUS SYSTEM)

TABLE VIII PRS
IN THE ATTACK INTERVAL UNDER SCENARIO 3 ALONG WITH THOSE IN THE ABSENCE OF FDIAS (THE IEEE 14-BUS SYSTEM WITH NETWORK PARAMETER UNCERTAINTIES)

TABLE X PRS
IN THE ATTACK INTERVAL UNDER SCENARIO 3 ALONG WITH THOSE IN THE ABSENCE OF FDIAS (THE IEEE 14-BUS SYSTEM UNDER MOVING TARGET DEFENSE) Two interesting results can be found in these two tables: i) PRs are increased in the absence of FDIAs in Tables VIII and IX compared to that in Tables VI and VII.The reason is that line resistance is not reported to the control center in the run-timeattack stage.With a mismatch between the network model and the measurements, larger PRs are present even in the absence of FDIAs in the run-time-attack stage.ii) In all cases, the PRs in the presence of FDIAs and the PRs in the absence of FDIAs are still at a very similar level, demonstrating the stealth of FDIAs (i.e., the infeasibility to distinguish between FDIAs and regular noises) under network parameter uncertainties.