Local False Data Injection Attack Theory Considering Isolation Physical-Protection in Power Systems

Cyber security is a matter of the utmost importance in prosumer energy management systems and modern electric power transmission networks. Modern power system is a typical cyber physical system, which is formed by the deep integration of power network and information network. Cyber physical power system has the outstanding advantages of autonomy, reliability, flexibility and efficiency, which give hackers a chance to attack the power systems. Considering the energy distributions and local load redistributions, we propose a local AC false data injection attack model. Both the line power losses, and energy conservation are taken into account in establishing the local false data attack model. Because the state estimation in the actual power system allows some errors, we take the minimum residual in the region as the objective function. The effectiveness and feasibility of the proposed local false data attack theory are verified in the IEEE 57-bus test case. The simulation results show that the residual error of the injection vector obtained by this attack model is less than 30% compared with that in normal operation.


I. INTRODUCTION
There is a striking difference between the cyber physical power system and traditional power system. Cyber physical modeling and cyber security are of vital importance in prosumer energy management system. A significant concern is that multi-energy scheduling operation is a matter of the utmost importance for economy and renewable energy utilization in coupled electricity, heating and natural gas networks [1]. Research has been conducted in this field of integrated modelling and enhanced utilization of power-to-ammonia for high renewable penetrated multienergy systems [2]. Noted that distributed renewable energy resources have a detrimental effect energy management in power systems [3]. To extract wind power time-series features, Wang et al. presented a deep prediction framework combining wavelet transform and deep convolutional neural network [4]. Wind speed time-series features can also be extracted using artificial intelligence, which has high effectiveness, efficiency and application [5], [6]. Artificial The associate editor coordinating the review of this manuscript and approving it for publication was Jiayong Li. intelligence consists of feature learning, weight updater and multiple machine learning regressor [7].
So, it is obvious that before starting the cyber physical power system project, we still have many technical difficulties to overcome. In extreme cases, the solution to the problem of attack detection has been elusive.
With the penetration of modern information and communication technology in power systems, the information exchange between power network and information network is becoming more and more close. Due to the large-scale introduction of advanced information communication technology in the power systems, the automation and intelligence of the power system have been gradually improved, and a cyberattack has become a challenge to the safe operation. Research has been conducted in this field of enquiry.
In terms of cyber-physical system attack, false data injection (FDI) attack is always available in practice. An FDI attack can cause a blackout by evading detection by the bad data detection module in the supervisory control and data acquisition system [8]. A significant concern is that there is a tight link between physical consequences and a cyber-attack, which can induce sequential outages in power systems [9]. VOLUME [10]. An attacker can not only launch an FDI attack at the physical system layer, but also block the wireless transmission channels between sensors and energy control centers [11]. Liu et al. modeled local FDI attacks, which made use of reduced network information and passed the examination of the state estimator [12]. Because false data may be treated as an outlier, Liu et al. designed false data attacks using dummy data, which can be hided among normal data [13]. The study in [14] emphasized that the outages of some lines can be masked via FDI attacks, which maximized the residual of lines. Yu et al. explored the failure probability issue of the false-data injection attack in electricity generation system, and designed stealthy attack and secure control strategies [15]. Because the missing information of power grid topology and transmission-line admittances have an adverse effect on attack damage degree, Yu et al. presented a blind FDI method for cyber-physical system attack using the principal component analysis without Jacobian matrix and state variables [16]. To overcome the attack shortcomings brought by limited information, Zhang et al. presented a multiple linear regression model to seduce the worst possible consequences [17]. In conclusion, scholars now generally agree that an attacker should mount FDI attacks on power systems using limited information rather than the complete knowledge about the power grid topology, transmission-line admittances in reality.
In terms of cyber-physical system attack detection, power system state estimation is always available in practically. Wang et al. presented a novel data analytical approach to mitigate FDI attacks by employing a margin setting algorithm, which yields good results in terms of attack detection accuracy [18]. Yu et al. presented a false data detection mechanism based on the combined wavelet transform and deep neural networks, which can detect operating condition deviations [19]. A deep learning-based intelligent mechanism was presented by He et al. to detect the behavior of FDI using the historical measurement data [20]. Yang et al. presented a novel data fusion algorithm to combat FDI and electronic countermeasure jamming attacks in networked radar systems [21]. Zhang et al. presented a data integrity attack detection method based on a grey relational analysis method, which evaluated the correlation between measurements and control variables [22]. Li et al. presented a proactive false data detection method, which can harness the distributed flexible alternating current transmission system devices, to detect the high-profile FDI attacks [23]. Because traditional weighted least square state estimation methods are invalid for FDI attacks on power systems, Gu et al. measured the distance between two probability distributions using Kullback-Leibler distance, whose deviation can help find the FDI attacks [24]. Manandhar et al. adopted the Kalman filter to estimate the variable range, which can help detect denial-of-service, random attack, and FDI attacks [25]. In conclusion, scholars now generally agree that optimal data attack can bypass the bad data detection (BDD), and new methods should be developed to defend against cyber attacks based on the variation deviations of variable interval or probability characteristics.
Because the defects of information communication system cannot be avoided, integrity attacks can be launched in different ways from many different device entrances. Data integrity attacks have the characteristics of low cost, long time and strong concealment. Although data integrity attack cannot directly affect the primary equipment in the power system, it may seriously damage the normal operation of the secondary equipment. When the communication network of the secondary system is maliciously attacked, it will do harm to the primary power system. The purposeful data integrity attack is enough to cause serious primary system oscillation and large-scale blackout. Data integrity attack is an urgent problem of a cyber physical power system.
The novel contributions of this paper can be summarized as follows. 1) We propose a novel, realistic and feasible FDI attack model. In practice, an attacker can't obtain the complete knowledge about the power grid topology, transmissionline admittances and power system operation information. The proposed attack model only needs to obtain the line parameters and measurement data in a certain area, as well as the terminal power data of the line connecting the boundary nodes in the grid.
2) The attack model considers the isolation physical-protection of the key nodes in actual power systems. We set up the measurement variables that cannot be tampered with and includes generator power output, zero injection node power.
The remainder of this paper is organized as follows. First, the traditional attack model and a new attack model are described. Second, an effective detection method is presented to solve the false data attack problems. Third, four cases are performed to verify the effectiveness of the proposed attack model and detection method.

II. ENGINEERING PRACTICE
There are some differences in communication mode and communication network defense between domestic and foreign information systems. Foreign power grid enterprises use microwave and carrier communication, and also use public network link to set up private network virtual private network for communication. Domestic power grid enterprises attach great importance to the security of power grid information system, and divide several security levels to ensure communication security. The power grid dispatching automation system is deployed in safety zone I, which uses optical fiber communication dispatching data private network for communication, and isolates with other safety zones through physical isolation devices, thus effectively ensuring the safety of the system. Data processing and calculation services of power grid metering automation system are deployed in safety zone III. The gateway data of power plants and substations are communicated by special dispatching data networks, and the measurement data of public transformer, special transformer and low-voltage side are communicated by general packet radio service or mobile public network. The communication architecture of power grid dispatching automation system and metering system is shown in Fig.1.
The effective methods to prevent the cyberattack of power grid information physical system are: physical security, communication security and information security. In the aspect of physical security, it can improve the redundancy of the system by increasing the minimum number of meters in the right place, thus enhancing the immunity of the system to cyberattacks. In this case, the attacker needs to tamper with more measurement tables and increase the attack amplitude. At this time, the cost of cyberattacks in the physical system of power grid information will be increased a lot, and the probability of attack detection will be greatly increased. It is an important means to defend against cyberattacks by protecting vulnerable nodes of power communication networks. From the perspective of the attacker, local false data attack is more practical than data integrity attacks.

III. ATTACK MODEL
The state estimation of power system is the state estimation of real-time power flow. Considering measurement errors, the reliable state variables can be estimated using state estimation theories. It is realized by using the redundancy of the realtime measurement systems. State estimation can improve the accuracy of data, and eliminate the error information caused by random interference. State estimation is an important part of the power system energy management system, and the first threshold of cyberattack. Therefore, the attack model will consider the consistent state estimation.

A. TRADITIONAL ATTACK MODEL
Most of the existing attack models assumes that the attacker has known all the information of power system states, and attackers can determine the best attack vector. Data integrity attacks can disrupt the normal operation of the power grid and bypass the bad data detection mechanism. To bypass the detection mechanism of bad data, the attack vector should meet the following equation: P a n = 0, Q a n = 0, n ∈ 0 (11) where z is the measured vector, x a is the state vector under the attack, h(x a ) is the estimated vector, P a i is the active power injection at the i th node under the attack, Q a i is the reactive power injection at the i th node under the attack, V a i is voltage amplitude at the i th node under the attack, θ ij is the phase angle difference between the i th node and the j th node under the attack, G ij and B ij are the real and imaginary parts of the elements in the row and column of the node admittance matrix, g ij is the conductance of the i th node to the j th node, y c is the ground susceptance between the i th node and the j th node, P a ij is the active loss between the i th node and the j th node under the attack, Q a ij is the reactive loss between the i th node and the j th node under the attack, P * i is the real active power injection at the i th node, Q * i is the real reactive power injection at the i th node, S max k represents the apparent power limits for the k th branch, L represents the load number, n represents zero-injection node, a represents the false data, * represents the real data, L is the set of lines, load is the set of load, gen is the set of generators, 0 is the set of zero-injection buses. If the attacker has known all the information of the exact network topology, the attack vector can be established.

B. NOVEL ATTACK MODEL
A cyber defender can ensure that parts of the state variables cannot be tampered by enhancing patrol inspection or deploying redundant phasor measurement units. Load redistribution attack stands that the attacker can only attack the injected power and branch power flow, but not the the power station and zero injected node. The attack mode differences of this paper and [26] can be summarized as follows. 1) The traditional attack model assumes that the complete information can be obtained, but this is not realistic. Therefore, the proposed attack model is based on the local information.
2) The VOLUME 8, 2020 traditional attack model assumed that the sum of power loads remains fixed, and the load redistribution is unchanged. The proposed attack model considers the sum of power loads and power losses remains fixed, which makes the attack more secretive. 3) To ensure that the attack can bypass the traditional residual test, voltage amplitudes and phase angles of the boundary nodes remain fixed in the proposed attack model. (13) subject to (2)-(6) and P a n = 0, Q a n = 0, n ∈ ω 0 (20) where ω A is the set of the attacked nodes, ω load is the set of power loads in the attack region, ω gen is the set of generators in the attack region, ω 0 is the set of zero-injection nodes in the attack region, d represents the boundary node set, x d is the initialize state array of boundary buses, P * ij is the real active power between the i th node and the j th node, and Q * ij is the real reactive power between the i th node and the j th node.

IV. DEFENSE MODEL
Compared with the state estimation method, the interval analysis method has lower calculation cost. Interval analysis method is a possibility method to describe the uncertainty rule of power system operation. A complete process has been established, as shown in Fig.2. The daily load curve is predicted using the data correlation rules, and the future load interval can be obtained. One can calculate the state variable intervals of the next period according to the load intervals of the next period. The attack should be detected by judging whether the state variables of power flow calculation are within the above ranges.

V. CASE STUDY AND DISCUSSIONS
We use a step-by-step validation method to demonstrate our example. The IEEE 57-bus test case is presented as the study object, as shown in Fig.3. Cyberattack and defense behaviors are simulated using MATLAB. YALMIP-master and IPOPT are used as mathematical model solvers. The machine performance will affect the simulation time. The simulations in this paper were performed at a Dell notebook, whose processor is an Intel(R) Core (TM) i7-9750HQ CPU @ 2.60 GHz, with 8 GB of available memory.  The attacker's goal is to overload transmission lines 39-57 and 56-57. The attack region contains PQ nodes 11,35,36,37,39,40,41,42,43,56,57. It is assumed that the attacker can obtain the following measurement information in the above region: voltage amplitude, node injection power, branch power. It is assumed that the attacker can obtain the following measurement information in the regional boundaries: the branch power into the above region. The attacker can tamper the following measurements: voltage amplitude, node injection power and branch power in the region. The attacker can't tamper the following measurements: voltage amplitudes of boundary nodes 11, 35, 37 and zero injection node injection power. The detection error setting parameters of interval estimation are as follows. The FDI attack model in [26] are presented to test the performance of the proposed method. The simulation differences of this paper and [26] can be summarized as follows. 1) This paper considers both the power losses and power loads, but [26] only consider the power loads. 2) This paper considers the measurement error constraints of boundary node voltage amplitudes, but    the true values of the amplitudes and phase angles of the boundary node voltages are adopted in [26]. In this regard, the attack model in this paper is more in line with the actual project. Four cases are designed to prove the correctness of the proposed method, and the simulation conditions are shown in table 1.
We not only compare the impacts of power losses on cyberattack and detection, but also compare the impacts of global and local false data injection on cyberattack and detection, as show in Figs. 4, 5, 6, 7 and 8.
With respect to local FDI considering power losses, there are four detected nodes, whose voltage amplitudes are out  of limits. With respect to local FDI without considering power losses, there are five detected nodes, whose voltage amplitudes are out of limits. The local FDI model with power loss is more secret than that without power losses. The reason is that interval estimation takes power losses into account, and it is easier to expose without power losses.
The attack of data integrity can obtain more information than FDI using local data, so the attack is more secretive than FDI using local data. When the attack of data integrity considers power losses, the traditional interval estimation can't detect the attack any more. The above simulation results just show that it is very important to realize physical protection for key nodes.
The detection of phase angle becomes a new method besides the detection of amplitude. From the simulation results, it can be seen that one abnormal point is detected for the FDI model considering power losses, and there are two points are detected for the FDI model without considering power losses. The importance of power losses in constructing attack model is illustrated and should address more concern. The essence of cyberattack is to destroy the power grid operation on the basis of satisfying the rules of data detection. The essence of cyberattack defense is to discover cyberattack by using more operation rules of power systems.

VI. CONCLUSION
The attack of cyber physical power system is a difficult problem that must be faced on the road of power grid informatization. There are few researches on local attack. Most of the works focus on the data integrity attack, which is inconsistent with the engineering practice. However, a local false data attack is the source of security risk. In this paper, local false data attack modeling and simulation are carried out. This paper first analyzes the attack of load redistribution in detail, and demonstrates the feasibility in practice. The attack model includes power flow constraints, attack constraints of PV and PQ nodes, power injection constraints of contact nodes, and total power injection constraints. Then we test the detection effect of local false data attacks on state interval estimation detection, and the simulations verify the effectiveness of the proposed method. The local attack and detection methods of cyber physical power system need to be further studied and explored, and the security defense theory is very important for the safe operation of power grid. DECHANG YANG (Member, IEEE) was born in 1983. He received the M.S. degree in electric engineering from China Agricultural University, Beijing, China, in 2008, and the Ph.D. degree in power system from TU Dortmund, in 2012. He is currently an Associate Professor with China Agricultural University. His research interests include active distribution network operation and control, integrated multi-energy system collaborative planning, economic dispatching, and optimal management.