Complexity

Volume 2018, Article ID 8503825, 16 pages

https://doi.org/10.1155/2018/8503825

## A Novel Sparse False Data Injection Attack Method in Smart Grids with Incomplete Power Network Information

^{1}School of Mechatronic Engineering and Automation, Shanghai University, Shanghai, China^{2}School of Mechanical and Electrical Engineering, Shanghai Normal University, Shanghai, China

Correspondence should be addressed to Chuanjiang Li; nc.ude.unhs@jcil and Xue Li; nc.ude.uhs.i@euxil

Received 8 June 2018; Revised 5 September 2018; Accepted 16 September 2018; Published 1 November 2018

Guest Editor: Liang Hu

Copyright © 2018 Huixin Zhong et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

The paper investigates a novel sparse false data injection attack method in a smart grid (SG) with incomplete power network information. Most existing methods usually require the known complete power network information of SG. The main objective of this paper is to propose an effective sparse false data injection attack strategy under a more practical situation where attackers can only have incomplete power network information and limited attack resources to access the measurements. Firstly, according to the obtained measurements and power network information, some incomplete power network information is compensated by using the power flow equation approach. Then, the fault tolerance range of bad data detection (BDD) for the attack residual increment is estimated by calculating the detection threshold of the residual L2-norm test. Finally, an effective sparse imperfect strategy is proposed by converting the choice of measurements into a subset selection problem, which is solved by the locally regularized fast recursive (LRFR) algorithm to effectively improve the sparsity of attack vectors. Simulation results on an IEEE 30-bus system and a real distribution network system confirm the feasibility and effectiveness of the proposed new attack construction method.

#### 1. Introduction

The traditional power systems operate in an isolated physical environment, where their security mainly focuses on the random failures of the system components [1]. With the deep integration of electricity infrastructure and modern information and communication technology, a smart grid (SG) uses two-way flows of electricity and information to create a widely distributed automated energy delivery network [2–10], leading to the great improvement of the comprehensive level of automation and management. However, SG has been found vulnerable to cyberattacks as a large number of smart devices are deployed over unencrypted cyber communication environments [11–15]. Malicious cyberattacks are one type of the most popular cyberattacks, which may trigger the catastrophic damage to power supplies and widespread power outages [16, 17]. For example, during the Christmas of 2015, a synchronized and coordinated cyberattack compromised three Ukrainian regional electric power distribution companies, resulting in power outages and further affecting approximately 225,000 customers for several hours [18]. Moreover, the US PJM system received 4090 cyberattacks in one month in 2015, which was equivalent to 5.5 times per hour [19]. Moreover, the Israeli power supply system was hit by a major cyberattack in 2016, forcing a large number of computers in the power supply system to run offline [20]. Therefore, cyber security of SG is an important and open problem, which has attracted great interests from the government, industry, and academia. Cyber security can be studied from two perspectives to improve the system reliability. The remote state estimation was investigated from the perspective of defense [21] under possible false data injection attacks, where the whole knowledge of the system model must be known. However, this paper is aimed at finding the vulnerability of the power system with incomplete power grid information by developing an effective sparse false data injection attack strategy from the attackers’ perspective.

State estimation is usually employed to estimate or predict the system operational states, which provides real-time information and effective supervision of SG. The traditional state estimation based on the least squares (LS) method and the fast decoupling method derived from the LS has been applied for many years [22]. As the scale of the power system continues to increase, the dispatch center puts higher and higher requirements on the accuracy and stability of state estimation. Some power grids use a weighted least squares method based on a fixed Jacobian matrix and introduce orthogonalization [23]. This state estimation method has better numerical stability and faster calculation speed. Others use a two-level distributed state estimation method [24], which makes full use of a large amount of redundant measurement information in the substation: the first step is to perform high-precision local estimation and the second one is to perform global coordination, so that a more reliable real-time state estimation result of the whole network can be obtained. Moreover, the distributed state estimation has also been employed for a large-scale power system to support the system operation [25].

False data injection attacks (FDIAs), as one typical type of malicious cyberattacks, can purposely manipulate measurements to perturb the results of state estimation without posing any anomalies to the bad data detection (BDD) while producing a serious threat or damage to SG operations [26, 27]. A common assumption on FDIAs in most works is that the attacker must obtain complete knowledge of the power network information [8, 26–28], i.e., topology information and transmission line parameters of the power grid. However, a practical attacking situation needs to be usually considered from two aspects: (1) it is difficult for an attacker to know all power network information of a power grid due to the strict protection of the control center and the lack of knowledge of real-time grid parameters such as the position of circuit breaker switches and transformer tap changers and (2) the attacker may access only a part of smart meters due to the limited attack resources and the physical protection of some important smart instruments.

For the first case, an attacker cannot gain the complete network information; i.e., the Jacobian matrix is an incomplete matrix, but it is critical for the construction of a perfect FDIA strategy [26]. To overcome the strong requirement of knowing the full topology and parameter information of a power grid, the first attempt is made successfully to design false data injection attacks with incomplete power information [29]. Here, the limited parameter information obtained by the attacker is expressed as , where represents the difference between the complete parameter information and the obtained partial parameter information . Then, two cases of perfect attacks and imperfect attacks are studied, and the residual increments caused by perfect attacks and imperfect attacks are zero and nonzero, respectively. Furthermore, the range of residual increments caused by the undetectable imperfect FDIAs is given as in [30], where denotes the residual increments caused by the attacks and represents the angle between the null space of the real Jacobian transpose matrix and the image space of the inaccurate Jacobian matrix . The attackers only need to obtain the power network information of the local attacking region to inject false data into smart meters in the local region of the power grid without being detected [31], and a strategy is designed to determine the optimal attacking region of a single load bus by obtaining less power network information [32]. The phenomenon of intermittent faults is described by Bernoulli distribution in [33], as the intermittent faults in the nonuniformly sampled multirate systems occur randomly. However, the incomplete power network information in this paper is the incomplete power information of the system parameter; i.e., the parameter information of the whole power network is known well. The above works do not consider the compensation for the incomplete information in the measurement Jacobian matrix to reduce the estimation error of the predesigned false data to be injected into certain measurements. Furthermore, the fault tolerance range of the BDD unit for the residual increment caused by an imperfect false data is not analyzed in detail, which cannot ensure the high success rate for an attack to avoid the BDD.

For the second case, the attackers always tend to compromise as fewer measurements as possible to implement successful attacks, namely, constructing sparse attack vectors. It has stimulated several research works [34–37]. These sparse attack models still require the full-power network information. Moreover, to the best of our knowledge, there is no feasible algorithm that can efficiently construct highly sparse undetectable attack vectors with incomplete power network information.

It seems to be much more difficult to launch an undetectable sparse attack when considering both aspects of the practical attacking situation. However, to improve the robustness of SG, it is very necessary to find the system vulnerability by developing a new and practical FDIA strategy. However, the following challenges and difficulties need to be addressed: (1)The first challenging problem is how to compensate unknown power information in the measurement Jacobian matrix and distinguish the secure measurement set and the attackable measurement set after the compensation(2)How to estimate the fault tolerance range of the BDD unit for the attack residual increment is another difficult problem(3)The third difficult problem is how to design and solve a sparse imperfect attack model to obtain an effective sparse imperfect strategy

To address these difficulties, this paper investigates a novel sparse imperfect FDIA construction method by modifying only a much smaller number of measurements. The main contributions of the paper include: (1) according to the obtained measurements and power network information, some unknown information in the measurement Jacobian matrix is compensated by solving the power flow equation, and the secure measurement set and the attackable measurement set are constructed by determining whether the attackers can inject false data. (2) To ensure that the attack can bypass the BDD with a high success rate, the fault tolerance range of the BDD unit for the attack residual increment is estimated by calculating the detection threshold of the residual L2-norm test based on the largest normalized residual (LNR) test. (3) Based on the attackable measurement set, an effective sparse imperfect strategy is proposed by regarding the choice of measurements as a subset selection problem of a linear regression model with noise. This can then be solved by the locally regularized fast recursive (LRFR) algorithm, which can effectively improve the sparsity of the attack vector.

The rest of the paper is organized as follows. Section 2 describes the problem formulation of the sparse imperfect attack strategy. In Section 3, the LRFR algorithm is used for the smallest subset selection of attack vector elements. Simulation results are provided in Section 4, followed by concluding remarks in Section 5.

#### 2. Problem Formulation

Considering the practical attacking situation, the schematic block diagram of a power network control system under FDIAs is shown in Figure 1. The attacker can only inject false data into certain measurements. That is, the system contains an attackable measurement set and a secure measurement set , which will be defined in detail in the later section. Then, the contaminated measurements are transmitted to the state estimator for the identification of state variables. Furthermore, the bad data detector is used to identify and detect anomaly data based on the results of state estimation. If the attack cannot be detected by the BDD, the misleading state estimate results will be transmitted to the control system, which may pose seriously potential threats to system security and economic operation. Therefore, for SG with unknown power information, how to design a new sparse imperfect attack strategy is the following work. It will lay the foundation for finding system vulnerabilities and designing the corresponding protection strategies.