Abstract
False data injection attack (FDIA) is a typical cyber-attack aiming at falsifying measurement data for state estimation (SE), which may incur catastrophic consequences on cyber-physical system operation. In this paper, we develop a deep learning based methodology for detection, localization, and data recovery of FDIA on power systems in a coherent and holistic manner. However, the multi-modal probability distributions of both measurements and state variables in SE due to ever-changing operating points and structural/topological changes pose great challenges in detecting and localizing FDIA. To address this challenge, we first propose an enhanced attack model to launch massive FDIA on limited access points. Second, we train an auto-encoder (AE) with a Bayesian change verification (BCV) classifier using contingencies to detect FDIA with unseen operational topologies. Third, to avoid model collapse caused by multi-modal measurement distribution, an AE-based generative adversarial network (GAN) is derived to generate a diverse candidate set of normal measurement vectors with various operational topologies. Finally, we develop a pattern match algorithm to localize and recover the falsified measurements and state variables by comparing the falsified measurement vectors with the normal measurement vectors in the candidate set. Case studies with IEEE benchmark systems and a modified 415-bus China Southern Grid system are provided to validate the proposed methodology. It shows that the proposed methodology achieves an average 95% accuracy for detection, over 80% accuracy for localization of FDIA, and recovers the measurement and state variables close to their true values.
UBIQUITOUS applications of information technologies and tele-communications pose great challenges to the security and resilience of power grid operation. Cyber-attacks have been identified as major threats for power grids and associated stakeholders. False data injection attack (FDIA) is a typical cyber-attack aiming at falsifying measurement data for static state estimation (SE), which may incur catastrophic consequences on the power grid operation [
Even though FDIA was first proposed and realized in power grid operation, cyber-physical systems (including the new generation of smart grids) built upon communications and publicly accessible sensor networks are also vulnerable to FDIA, as these access points are exposed to cyber-attackers. Despite that FDIA can cause adverse effect on dynamical system, e.g., [
To address FDIA challenges, we take effort in developing a systematic defense methodology for online detection, localization, and recovery of both measurements and state variables from FDIA. Different from the existing work focusing on one single technical problem, we place the emphasis on the entire chain from issuing alarms of FDIA, identifying compromised measurements, and mitigating adverse impacts by the recovery of both measurements and states. However, it is difficult to identify the characteristics of the probability density function (PDF) of measurement and state vectors of SE, as these distributions are intrinsically multi-modal. Therefore, the FDIA detector should be generalized for uncertain/unseen PDFs. To achieve this goal, we have applied generative deep-learning models to learn the deep structure of the multi-modal PDF and falsified measurements and state variables.
The challenges of FDIA were first identified by [
For the detection of FDIA, both model-based algorithms [
The above research works have missed a key aspect to improve the overall effectiveness in defending FDIA. We notice that the distribution of the measurement has multi-modal properties due to the diversified and ever-changing system structure, i.e., operating points and topologies, of power systems. We hereby make mild assumptions on the distribution of measurements, rather than assume a particular family of distributions. In this paper, we assume that the defender and the attacker possess the complete information of the power grid. In designing our defense methodology based on deep-learning techniques, we resolve the generalization difficulties caused by multi-modal distribution to a wider range of uncertain operating points of power systems. As a result, the proposed detection/localization model trained offline can be generalized to online ever-changing operating points without re-training.
To summarize, we make the following contributions.
1) We develop an enhanced attack model to launch FDIA with a limited number of targeted access points. The key feature of this model, as compared with [
2) We develop an auto-encoder (AE) feature extractor together with Bayesian change verification (AE-BCV) classifier to detect FDIA. The AE is trained to learn lossless mapping from multi-modal joint probability density distribution of state variables along with normal/falsified measurement vectors into a lower-dimensional distribution. Then, the BCV classifier is applied to detect FDIA with adaptiveness for unseen topological changes of power grids.
3) We derive an AE-based generative adversarial network (AE-GAN) for the offline generation of various multi-modal probability distributions of normal measurements under unseen power system topologies, which constructs a candidate set for localization and recovery of falsified measurement data. Compared with [
4) We develop a pattern match algorithm for the online recovery of falsified measurements/states to their normal values: ① clean the measurement vectors by locating and removing suspicious falsified measurements; ② compare the similarities of the cleaned measurement with the candidate set and choose the most similar measurement vector from the candidate set as a recovered measurement vector; ③ recover state variables with the cleaned measurements.
For sake of clarification, the major differences between this research work and closely related research works are summarized below.
1) Although the proposed attack models are extended based on [
2) The proposed methodology places an emphasis on the topological changes in the detection/localization of falsified measurements and recovery of corresponding state variables, as compared with [
3) We aim to localize and recover the falsified measurements rather than state variables, to provide more insights for the prevention/consolidation against FDIA. Compared with [
The rest of this paper is structured as follows. In Section II, the enhanced FDIA model is formulated. From Section III to Section V, an overview of the proposed defense methodology, methods for detection, and localization and data recovery of FDIA are described, respectively. Case studies are provided in Section VI. Finally, we conclude our work in Section VII.
In this section, we propose an enhanced FDIA model that can launch massive FDIA by falsifying a larger number of measurements with fewer attack points, as compared with the existing models without triggering bad data detection (BDD). For ease of verification and a moderate research scope, we focus on the DC SE model with complete information, and formulate our proposed model into a convex optimization problem. Note that the proposed model can also be extended to full AC SE, which will be applied to generate FDIA samples for training deep learning models in subsequent sections.
BDD had been regarded as a strong guarantee for measurement reliability in power system SE [
SE aims to estimate the states of the power system via the measurement model. Considering m measurements in an n-bus power system, the measurement model using DC power flow is:
(1) |
where is the measurement vector, normally including phase angles, transmission line power flows, etc.; , denotes the state variables, namely the phase angles ; is the irreducible measurement noise; and is the Jacobian matrix containing the information about the power grid topology. Therefore, H is time-varying due to the changes of system structures or topologies.
The DC SE model can be solved by minimizing the weighted least square (WLS) as (2), and the estimation result has a closed form given by (3).
(2) |
(3) |
where R is a diagonal matrix with diagonal elements equal to , and is the measurement error of the
Based on BDD theory, bad data can be detected if the following condition holds:
(4) |
where is the pre-defined threshold for BDD.
Let a denote the injection data for z, and is the falsified measurement vector, c denote the introduced error in the estimation, and denote the estimated state vector after FDIA attack.
If condition (5) holds [
(5) |
(6) |
Given the complete information on , , and H, cyber attackers are able to launch the most effective and concealed FDIA by solving a convex FDIA attack model [
(7) |
However, cyber-attackers need to compromise meters by using the above model. As shown in [
We propose an enhanced FDIA model by adding several constraints to (7) based on two realistic attack preferences. These expansions of the model enable the attackers to launch massive FDIA with fewer compromised meters. The FDIA can be raised to a specified intensity on a preselected set of buses.
In this model, the attacker aims to cause valid errors on the system without specific targeting. The optimal strategy of this model is to: ① ensure that the total impact on estimation reaches a given level; and ② minimize the number of compromised meters. This strategy enables the attacker to launch a massive FDIA with restricted accesses to meters. The model is given by:
(8) |
where k entitled attack intensity is a given value ensuring that the total caused estimation error is k times larger than the sum of the absolute values of real estimation.
Targeted FDIA aims to cause valid errors on a selected set of estimated measurements. The optimal strategy of this model is to: ① cause the impacts on given variables to reach a given level; ② minimize the number of compromised meters and the total error of the estimate state. This model is formulated as:
(9) |
where is a given vector, and ce represents the expected errors on the estimated state variables; and xe is the affected state vector. If the variable is not expected to be falsified, , otherwise . The constraint ensures that valid errors are injected into pre-selected state variables.
k specifies the attack strategies of the attackers with a limited budget of accessible attack points. By increasing k, the attackers cause a larger deviation of many state variables (untargeted FDIA), or a selected set of state variables (targeted FDIA). System operators have priori knowledge to perceive abnormal state deviation, it is still difficult to assert an FDIA event in case of extreme operational conditions or in junction with physical attacks [
We propose a comprehensive methodology as in

Fig. 1 Proposed methodology for defensing FDIA.
This methodology includes three co-related tasks as follows.
1) Detection. z, H, are first sent to the BDD module. If no bad data are detected, z and will be sent to the AE-BCV classifier to detect FDIA.
2) Localization. Once an FDIA event is detected, z will be labelled as that will be sent to the localization module, aiming to identify the set of measurements having been falsified.
3) Recovery. Once the injections on measurements are located, will then be sent to the recovery module. The falsified variables on will be recovered to approximate its original values. Finally, the true value of is re-estimated based on the recovered and H.
In the subsequent sections, we elaborate the models and algorithms for detection, localization, and measurement recovery, respectively.
The detection of FDIA aims to determine whether the measurement vector is falsified by FDIA. Therefore, we formulate the FDIA detection as a binary classification problem. However, the detection of FDIA is faced with two major challenges. First, the large size of the measurement vector causes unobvious variation on a subset of measurements, reducing the sensitivity of the classifier for the change of measurement distribution. Second, the ever-changing operating points of the power grid (especially the topology of the power grid) pose great challenges in training the classifier, as the training datasets cannot cover all possible unseen operational scenarios in the training stage. The unseen probability distributions of measurements in the test dataset will be viewed by the classifier as a novel category that is not included in the training, which may lead to poor performance in the identification of FDIA.
In view of these challenges, we propose to apply AE [
AE is a feed-forward neural network consisting of an encoder qd and a decoder pd. As in

Fig. 2 AE-based feature extractor model.
Both the encoder and the decoder are essentially nonlinear mapping, which are briefly written as:
(10) |
(11) |
where and are the weights of mapping layers; b and are the biases; and is the activation functions such as ReLU, Sigmoid, etc. Parameters in AE model, i.e., weights and biases, will be determined in the training process, which minimizes the mean square error between the input and reconstructed input as:
(12) |
After the AE is well-trained, we will only use the encoder as the feature extractor. The input will first map to the compressed code by the encoder. Then, this code will be sent to the BCV-based decision maker, as shown in

Fig. 3 BCV-based decision maker model.
The BCV-based decision maker proposed in [
(13) |
where c1 is the given code of a reliable measurement vectors from a training dataset containing N codes; c2 is the code of the detection input we want to test; H1 is the hypothesis where c1 and c2 are equally reliable; and H2 is the hypothesis where c2 is falsified by FDIA. The difference in the two codes is given by , and is a given threshold. Based on the maximum a posterior (MAP) rule, we make the decision by testing the log-likelihood ratio r, where r measures the similarity between c1 and c2 [
With N training samples, the posterior probabilities of based on H1 and H2 can be calculated by:
(14) |
In this section, we aim to locate the falsified variables in the measurement vector and recover those variables. The localization and recovery process contain two steps: ① an AE-GAN model is proposed to generate a candidate set of distributions of normal measurements; ② a pattern match algorithm is proposed to locate the attacked point and identify the most likely candidate measurement in the candidate set.
A major challenge to fulfill this goal comes from the multi-modal distributions of power grid measurements, i.e., while the power grid is operating normally, there exists multiple reasonable distributions for the measurement vector. It is infeasible to fit all these reasonable distributions and determine which one is the most likely.
To overcome this challenge, AE-based GAN is used to capture the multi-modal distributions and generate a diverse candidate set of measurement distributions under normal operational conditions. By theoretical analysis and case studies, AE-GAN can generate an infinite number of multi-modal distributions that are highly similar with measurement vectors under normal operational conditions. Meanwhile, the AE-GAN model has overcome model collapse [
The general GAN consists of two networks, i.e., the generator and the discriminator. The discriminator aims to classify the generated input, whereas the generator aims to cheat the discriminator by generating various distributions for normal/falsified measurements. These two networks will be trained by playing dynamic optimization games against each other [
In AE-GAN model, the decoder in AE will be set as the generator in GAN. The AE model approximates the distribution of generated measurements to the distribution of normal measurements. To generate as many candidate measurements as possible, the trained decoder uses Gaussian distribution as the input code, as the Gaussian distribution is the most extensively used input distribution of generative models. Thus, Gaussian noise is set as the reference in the GAN training process to approximate the input code of the decoder to Gaussian distribution.
Compared with conventional GAN models, the design of AE-GAN in

Fig. 4 AE-GAN model.
1) Model collapse. The training of GAN has brittle convergence properties due to the model collapse in this problem. Model collapse is one kind of GAN training failure incurred by the multi-modal distributions of input data [
2) Generate infinite multi-modal candidate data. Since the training of GAN approximates the generated data to the real input, the decoder is mapping the Gaussian distribution to multi-modal distribution of power system measurement data. Thus, a well-trained decoder can generate infinite multi-modal candidate data with infinite Gaussian random samples.
In
In each training step, the normal measurement ylr is sent to AE to output generated measurement , then the entire AE network is trained one time to minimize (12). Since we must enforce the code distribution obeying Gaussian distribution, this code will be regarded as the fake input of discriminator, denoted as cfake. Then, cfake and the Gaussian random sample creal are sent to discriminator D(c), which will output the probability, and c is a reliable measurement vector. Based on the output result, the entire network is trained by [
(15) |
where is a Gaussian distribution. By training with (15), the generated distribution will approach Gaussian distribution, and the Nash-equilibrium is achieved.
Among the massive measurements in normal operational conditions generated by AE-GAN, we can identify the most likely one to approximate the original measurement vector. Then, the falsified measurements are replaced by corresponding variables in the selected measurement vector.
To pinpoint the falsified measurement, we propose an iterative algorithm for FDIA localization in
Then, a pattern match algorithm for measurement recovery is proposed in
In this section, we evaluate the proposed attack model and the defense methodology against FDIA.
Our evaluations are conducted on a computer with 16 GB RAM, an Intel i7-8750H CPU, and an Nvidia RTX 2070 GPU. The dataset is generated by the proposed convex optimization models (8) and (9) with the power system simulation tool MATPOWER and the optimization modeling tool CVX. The proposed methodology is implemented with PyTorch.
We test our methodology using IEEE 57-bus system, IEEE 118-bus system, and IEEE 300-bus system from MATPOWER, and a synthesized 415-bus system with 627 branches based on a part of the China Southern Grid (CSG). Power flow calculations are performed on these systems to obtain base cases.
We diversify normal operational cases as follows: ① perform Monte-Carlo simulations to conduct (configurable for training, validation, and test) line switch to the base cases; ② vary the bus power injection by 50% to 150% of the base case values; ③ perturb the bus power injection by white noise with the variance of 1% of the base case values.
Cases with falsified measurements by FDIA are generated by overlaying the injection data a and introduced error c, both determined by (8) and (9) on normal operational samples.
We combine the normal cases and FDIA cases into a dataset for training and evaluating AE and AE-GAN models. To ensure that some topology changes are unseen in the test stage, we construct training and validation datasets with 5% line switching, while the test dataset is constructed with up to 8% line switching. The sizes of datasets for training, validation, and test are set to be 80%, 10%, and 10%, respectively. We do not conduct additional normalization for the data-set because the measurements and states are recorded as per-unit value.
Each item in the dataset includes features and a label as in
We study the performance of our FDIA model based on two aspects: the ability to bypass the BDD; and system-wide impact with limited resources and access to meters.
We categorize attacks into three levels: strong attack (SA), moderate attack (MA), and weak attack (WA). The intensity of attacks is measured by the magnitude of introduced error c, determined by the parameter k in models (8) and (9). In untargeted FDIA, the total estimated error is set as k times larger than the sum of absolute values of real estimation. In targeted FDIA, the attacked points are randomly selected and the error on selected points is set as k times larger than base values. The ranges of k are shown in
1) The performance of bypassing the BDD: BDD works if and only if the residual threshold detection model (5) works successfully. Comparing the deference of residuals between normal and attacked scenarios, we can evaluate whether the attacked measurements can bypass BDD.
We conduct simulations on IEEE 118-bus and 300-bus systems. Each level of attack has been simulated 1100 times. We average the normal operational residual (NOR) and the difference caused by SA, MA, and WA of targeted, and untargeted attack models in
(16) |
(17) |
Note: TA represents targeted; and UA represents untargeted.
We can see that the differences of FDIA attack at each level are far less than the NOR, indicating the proposed FDIA models are able to bypass BDD.
2) System-wide impact assessment. We compare the performance of our model and the conventional FDIA model [
We evaluate the accuracy of FDIA detector as follows. ① We test our detectors under various attacks, including targeted and untargeted attacks at three intensity levels. ② For the sake of robustness, we train only one detector for each power system for all types of attacks. Meanwhile, several types of attacks unseen in the training process are included in the test process to verify the robustness of the proposed model. ③ We only use normal measurements to train AE. Using only normal measurements in the training can effectively compress the sample space of AE, which facilitates and accelerates the training. To train the BCV, normal measurements, targeted, and untargeted attacks are considered. Half of the training dataset is generated on the base topology, and the other half is based on topological changes with up to 5% line outages. We also limit the intensity level of the attack for training, where only SA is used in the training dataset. However, we test our detectors using WA, MA, and SA. In other words, the AE-BCV detector can detect less tangible FDIA events in realistic attack scenarios.
The detailed structure and the parameters of the AE-BCV detector are listed in Appendix A. The confusion matrices of the proposed detectors are listed in
To evaluate the robustness of the proposed detectors, we focus on the accuracy of the test using unseen test samples.The performance of detectors against unseen MA and WA is listed in Tables
We also make a rough comparison of the detection accuracy between the proposed AE-BCV detector and the detection models in [
We first visualize the training process of the AE-GAN to show that the Nash-equilibrium is achieved. Next, we analyze the performance of the localization algorithm. Finally, detailed cases of measurement recovery are demonstrated.
The training dataset for AE-GAN only contains normal measurements z. And the testing set for localization and recovery only consists of measurements under untargeted attacks. We assume that each sample in the testing set has been identified as “under attack” by the detector. The topology change has been considered in the testing set, up to 8% line outages may occur based on the base topology. We have prepared a test set for all kinds of attacks.
1) The visualization of the AE-GAN training: it is crucial to train the discriminator and the generator at the same pace and maintain the confrontation between these two models. Otherwise, the equilibrium will not be achieved.

Fig. 5 Moving average of training loss in IEEE 118-bus system.
2) The performance of FDIA localization. The recovery process aims to minimize the search error measured by the distance to .

Fig. 6 Manhattan distance versus iteration of IEEE 118-bus system.

Fig. 7 Recovered measurements of IEEE 118-bus system.
3) The performance of measurement recovery. As shown in
The computation time is listed in
It is shown that, despite that the offline training of the classifier and the AE-GAN model are time-consuming, the computation time for online classification, localization, and recovery is short. Therefore, the proposed methodology is efficient for online defense against FDIA.
It is seen that the computation time increases slightly as the scale of the power system expands. On one hand, the AE-BCV detector is designed to capture the deep characteristics of joint PDF of . Therefore, FDIA can be detected if the falsified measurements cause the density of joint probability derivate from normal distributions. As a result, the training dataset for the AE-BCV detector is not necessarily large. On the other hand, note that the size of the neural network in the AE-BCV detector and AE-GAN (as shown in Appendix A) is medium, the training time of these neural networks depend primarily on the size of training dataset. Therefore, the training time will increase mildly as the size of the power system grows.
To address the challenges of FDIA, we design a deep-learning-based methodology for detecting and locating FDIA using DC power flow and recovering the falsified measurement/state variables. Importantly, we aim to improve the generalization of the proposed methodology with uncertainty under operational conditions.
To this end, we first propose two attack models to demonstrate the system-wide impact of massive FDIA even with limited access to meter and sensors. Second, we design a robust AE-BCV detector to learn the deep feature of the joint probability function of state variables and measurements, and then classify FDIA by the MAP rule. The proposed detector outperforms the existing methods with over 95% detection accuracy for FDIA, even if the system structure, i.e., the operational topology of the power grid in the application context, is unseen to the detector in the training stage. Third, we design an AE-GAN to generate a diverse dataset containing measurement samples under the normal operational conditions. Subsequently, we design a pattern match algorithm to recover falsified measurements from the dataset based on Manhattan distance. From comprehensive case studies, the proposed methodology achieves an 80% localization accuracy and recovers the state variables close to the true values.
The advantages of the proposed methodology are as follows. First, the proposed AE-BCV detector can be directly applied with AC power flow model, as we train the joint probability distribution of states and measurements. Second, the proposed AE-GAN can generate a sufficiently large candidate set for falsified measurement localization without model collapse.
Our future research can be extended in the following aspects. First, the attack model can be modified to consider AC power flow model. Second, the algorithmic efficiency for localization and recovery can be improved by constructing a refined candidate set. Third, the proposed methodology can be applied in the context of dynamic SE with asymmetric information possessed by cyber attackers and defenders.
Appendix
This case is to verify the scalability of the model. The 1354-bus system in MATPOWER is used in the simulation. The topological changes are not considered, whereas other setting is the same as that in case studies. The positive false rate is 0.1% and the negative false rate is 4.7%.
The detailed structure and the parameters of the AE-BCV detector and AE-GAN are listed in Table AI and Table AII. The values of for localization are 0.01 for IEEE 118-bus system and 0.5 for CSG 415-bus system.
References
L. Che, X. Liu, Z. Li et al., “False data injection attacks induced sequential outages in power systems,” IEEE Transactions on Power Systems, vol. 34, no. 2, pp. 1513-1523, Mar. 2019. [Baidu Scholar]
G. Liang, S. R. Weller, J. Zhao et al., “The 2015 Ukraine blackout: implications for false data injection attacks,” IEEE Transactions on Power Systems, vol. 32, no. 4, pp. 3317-3318, Jul. 2017. [Baidu Scholar]
H. Wang, J. Ruan, B. Zhou et al., “Dynamic data injection attack detection of cyber physical power systems with uncertainties,” IEEE Transactions on Industrial Informatics, vol. 15, no. 10, pp. 5505-5518, Oct. 2019. [Baidu Scholar]
A. Sargolzaei, K. Yazdani, A. Abbaspour et al., “Detection and mitigation of false data injection attacks in networked control systems,” IEEE Transactions on Industrial Informatics, vol. 16, no. 6, pp. 4281-4292, Jun. 2020. [Baidu Scholar]
F. Li and Y. Tang, “False data injection attack for cyber-physical systems with resource constraint,” IEEE Transactions on Cybernetics, vol. 50, no. 2, pp. 729-738, Feb. 2020. [Baidu Scholar]
Y. Liu, M. K. Reiter, and P. Ning, “False data injection attacks against state estimation in electric power grids,” ACM Transactions on Information and System Security, vol. 14, no. 1, pp. 1-33, May 2011. [Baidu Scholar]
O. Kosut, L. Jia, R. J. Thomas et al., “Malicious data attacks on the smart grid,” IEEE Transactions on Smart Grid, vol. 2, no. 4, pp. 645-658, Dec. 2011. [Baidu Scholar]
Y. Song, X. Liu, Z. Li et al., “Intelligent data attacks against power systems using incomplete network information: a review,” Journal of Modern Power Systems and Clean Energy, vol. 6, no. 4, pp. 630-641, Jul. 2018. [Baidu Scholar]
G. E. Constante-Flores, A. J. Conejo, J. Wang, “Sensitivity-based vulnerability assessment of state estimation,” Journal of Modern Power Systems and Clean Energy, vol. 9, no. 4, pp. 886-896, Jul. 2016. [Baidu Scholar]
N. Živković and A. Sarić, “Detection of false data injection attacks using unscented Kalman filter,” Journal of Modern Power Systems and Clean Energy, vol. 6, no. 5, pp. 847-859, Sept. 2018. [Baidu Scholar]
M. Ansari, V. Vakili, B. Bahrak et al., “Graph theoretical defense mechanisms against false data injection attacks in smart grids,” Journal of Modern Power Systems and Clean Energy, vol. 6, no. 5, pp. 860-871, Sept. 2018. [Baidu Scholar]
B. Chen, H. Li, and B. Zhou, “Real-time identification of false data injection attacks: a novel dynamic-static parallel state estimation based mechanism,” IEEE Access, vol. 7, pp. 95812-95824, Jul. 2019. [Baidu Scholar]
Y. He, G. J. Mendis, and J. Wei, “Real-time detection of false data injection attacks in smart grid: a deep learning-based intelligent mechanism,” IEEE Transactions on Smart Grid, vol. 8, no. 5, pp. 2505-2516, Sept. 2017. [Baidu Scholar]
J. Yu, Y. Hou, and V. Li, “Online false data injection attack detection with wavelet transform and deep neural networks,” IEEE Transactions on Industrial Informatics, vol. 14, no. 7, pp. 3271-3280, Jul. 2018. [Baidu Scholar]
J. Cao, D. Wang, Z. Qu et al., “A novel false data injection attack detection model of the cyber-physical power system,” IEEE Access, vol. 8, pp. 95109-95125, May 2020. [Baidu Scholar]
Y. An and D. Liu, “Multivariate Gaussian-based false data detection against cyber-attacks,” IEEE Access, vol. 7, pp. 119804-119812, Aug. 2019. [Baidu Scholar]
A. S. Musleh, G. Chen, and Z. Y. Dong, “A survey on the detection algorithms for false data injection attacks in smart grids,” IEEE Transactions on Smart Grid, vol. 11, no. 3, pp. 2218-2234, May 2020. [Baidu Scholar]
X. Wang, X. Luo, M. Zhang et al., “Detection and isolation of false data injection attacks in smart grid via unknown input interval observer,” IEEE Internet of Things Journal, vol. 7, no. 4, pp. 3214-3229, Apr. 2020. [Baidu Scholar]
X. Luo, Y. Li, X. Wang et al., “Interval observer-based detection and localization against false data injection attack in smart grids,” IEEE Internet of Things Journal, vol. 8, no. 2, pp. 657-671, Jan. 2021. [Baidu Scholar]
S. Wang, S. Bi, and Y. Zhang, “Locational detection of false data injection attack in smart grid: a multi-label classification approach,” IEEE Internet of Things Journal, vol. 7, no. 9, pp. 8218-8227, Sept. 2020. [Baidu Scholar]
M. Mohammadpourfard, A. Sami, and Y. Weng, “Identification of false data injection attacks with considering the impact of wind generation and topology reconfigurations,” IEEE Transactions on Sustainable Energy, vol. 9, no. 3, pp. 1349-1364, Jul. 2018. [Baidu Scholar]
H. Wang, J. Ruan, G. Wang et al., “Deep learning-based interval state estimation of AC smart grids against sparse cyber attacks,” IEEE Transactions on Industrial Informatics, vol. 14, no. 11, pp. 4766-4778, Nov. 2018. [Baidu Scholar]
X. Liu and Z. Li, “False data attacks against AC state estimation with incomplete network information,” IEEE Transactions on Smart Grid, vol. 8, no. 5, pp. 2239-2248, Sept. 2017. [Baidu Scholar]
X. Liu and Z. Li, “Local load redistribution attacks in power systems with incomplete network information,” IEEE Transactions on Smart Grid, vol. 5, no. 4, pp. 1665-1676, Jul. 2014. [Baidu Scholar]
X. Huang, Z. Qin, and H. Liu, “A survey on power grid cyber security: from component-wise vulnerability assessment to system-wide impact analysis,” IEEE Access, vol. 6, pp. 69023-69035, Jun. 2018. [Baidu Scholar]
Y. Li, Y. Wang, and S. Hu, “Online generative adversary network based measurement recovery in false data injection attacks: a cyber-physical approach,” IEEE Transactions on Industrial Informatics, vol. 16, no. 3, pp. 2031-2043, Mar. 2020. [Baidu Scholar]
R. Deng, G. Xiao, R. Lu et al., “False data injection on state estimation in power systems–attacks, impacts, and defense: a survey,” IEEE Transactions on Industrial Informatics, vol. 13, no. 2, pp. 411-423, Apr. 2017. [Baidu Scholar]
A. Tajer, S. Sihag, and K. Alnajjar, “Non-linear state recovery in power system under bad data and cyber attacks,” Journal of Modern Power Systems and Clean Energy, vol. 7, no. 5, pp. 1071-1080, Sept. 2019. [Baidu Scholar]
A. Monticelli, “Electric power system state estimation,” Proceedings of the IEEE, vol. 88, no. 2, pp. 262-282, Feb. 2000. [Baidu Scholar]
Q. Yang, J. Yang, W. Yu et al., “On false data-injection attacks against power system state estimation: modeling and countermeasures,” IEEE Transactions on Parallel and Distributed Systems, vol. 25, no. 3, pp. 717-729, Mar. 2014. [Baidu Scholar]
Electric Power Research Institute, USA. (2016, Feb.). Electric power system resiliency: challenges and opportunities. [Online]. Available: https://www.naseo.org/Data/Sites/1/resiliency-white-paper.pdf [Baidu Scholar]
Z. Chen, C. K. Yeo, B. S. Lee et al., “Autoencoder-based network anomaly detection,” in Proceedings of 2018 Wireless Telecommunications Symposium (WTS), Phoenix, USA, Apr. 2018, pp. 1-5. [Baidu Scholar]
B. Moghaddam, T. Jebara, and A. Pentland, “Bayesian face recognition,” Pattern Recognition, vol. 33, no. 11, pp. 1771-1782, Nov. 2000. [Baidu Scholar]
Z. Lin, A. Khetan, G. Fanti et al., “Pacgan: the power of two samples in generative adversarial networks,” in Proceedings of Advances in Neural Information Processing Systems, Montreal, Canada, Dec. 2018, pp. 1498-1507. [Baidu Scholar]
I. J. Goodfellow, J. Pouget-Abadie, M. Mirza et al., “Generative adversarial nets,” in Proceedings of International Conference on Neural Information Processing Systems, Montreal, Canada, Dec. 2014, pp. 2672-2680. [Baidu Scholar]