Abstract
With the proliferation of advanced communication technologies and the deepening interdependence between cyber and physical components, power distribution networks are subject to miscellaneous security risks induced by malicious attackers. To address the issue, this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for cyber-physical distribution networks (CPDNs) against coordinated cyber attacks. First, an attack graph-based CPDN architecture is constructed, and representative cyber-attack paths are drawn considering the CPDN topology and the risk propagation process. The probability of a successful coordinated cyber attack and incurred security risks are quantitatively assessed based on the absorbing Markov chain model and National Institute of Standards and Technology (NIST) standard. Next, a risk-oriented defense resource allocation strategy is proposed for CPDNs in different attack scenarios. The trade-off between security risk and limited resource budget is formulated as a multi-objective optimization (MOO) problem, which is solved by an efficient optimal Pareto solution generation approach. By employing a generational distance metric, the optimal solution is prioritized from the optimal Pareto set of the MOO and leveraged for subsequent atomic allocation of defense resources. Several case studies on a modified IEEE 123-node test feeder substantiate the efficacy of the proposed security risk assessment method and risk-oriented defense resource allocation strategy.
IN order to effectuate a reliable and efficient power supply, power distribution networks have gradually evolved into cyber-physical distribution networks (CPDNs) with the accelerating development of smart grids [
In the context of CPDN that is subject to potential cyber-attack threats, security risk can be generally seen as a comprehensive measure of the occurrence probability and severity of attacks. Existing security risk assessment methods can be broadly categorized into two groups, i.e., risk modeling [
For risk quantification methods, the semi-Markov process model was utilized to delineate the process of cyber attacks against the supervisory control and data acquisition (SCADA) system [
To ensure robust cyber-physical interaction and mitigate security risks, researchers have begun probing how to allocate defense resources [
Driven by the limitations and challenges above, this paper proposes a security risk assessment method and a risk-oriented defense resource allocation strategy for CPDNs. Evolving from existing studies that mainly consider single-domain attacks, the proposed method takes into account the risk propagation process and vulnerabilities of system measurements according to the attack graph-based CPDN architecture. Based on an absorbing Markov chain model, the CPDN security risk is quantified under coordinated cyber attacks that aim to corrupt pseudo and real-time measurements. The devised resource allocation strategy is risk-oriented following the previous security risk assessment results. By solving a multi-objective optimization (MOO) problem, the optimal defense resource allocation setting is prioritized via a generational distance metric and leveraged for the atomic allocation approach. Overall, the contributions of this paper are mainly threefold:
1) A security risk assessment method for CPDN is proposed under coordinated cyber attacks, in which the probability of a successful attack and provoked security risk are quantitively evaluated based on the constructed attack graph-based CPDN architecture and representative cyber-attack paths.
2) A risk-oriented defense resource allocation strategy is designed to mitigate the quantified security risk. Specifically, the formulated MOO problem addresses the trade-off between security risk and limited resource budget, which is solved by an efficient optimal Pareto solution generation approach.
3) An atomic allocation approach for defense resources is developed to further alleviate the overall system risk, in which the limited budget is divided into atomic units and iteratively deployed to the measurement with the highest risk reduction.
The remainder of this paper is structured as follows. Section II presents the preliminaries and problem formulation. Section III details the proposed security risk assessment method. The risk-oriented defense resource allocation strategy is given in Section IV. Case studies are shown and analyzed in Section V. Finally, Section VI concludes the paper.
Fueled by the proliferating information and communication technologies (ICTs) and advanced metering infrastructures (AMIs), distribution networks are transforming into CPDNs with deep cyber-physical coupling. The schematic diagram of CPDN is displayed in

Fig. 1 Schematic diagram of CPDN.
As shown in
While the observability and controllability of the network are significantly upgraded by advanced ICTs and widely deployed AMIs, CPDN is also becoming more susceptible to external security risks caused by malicious attacks, which can be categorized according to their targets (e.g., substations, communication links, and physical terminals) into two types: cyber attacks and physical attacks [
From the perspective of system operators, to mitigate the mounting cybersecurity threats, intrusion detection systems (IDSs) and firewalls are massively deployed for the backbone layer, which operates in a relatively isolated manner with a very limited number of channels that adversaries can exploit (see Case 1 in
Referring to previous records of major outage events [
Note that the access and physical layers in CPDN are more susceptible to external security threats, thereby different kinds of cyber and physical attacks under Cases 2 and 3 in
To characterize the cross-domain security risk propagation process triggered by coordinated cyber attacks against load profiles and real-time measurements, two representative graph-based cyber-attack paths consisting of logical nodes and topology are drawn in

Fig. 2 Graph-based cyber-attack paths in CPDN. (a) Load profile attack. (b) Real-time measurement attack.
Malicious cyber attackers can randomly pick attack portals and exploit the corresponding security loopholes to capture the control permissions. In CPDN, the logical nodes are assumed to be independent of each other, namely, the infiltration of a specific portal does not affect the attack path formed by other portals. Therefore, it is presumed that: ① the selection of attack portals is independent of each other; and ② an attack path can only be formed from a single attack portal. In this way, the attacker can intercept and spoof data packets to eavesdrop or falsify the load profile/real-time measurement starting from the orange arrows in
(1) |
where , , , and are the independent probabilities of router, substation, access network, and IED being designated to form a specific attack path , respectively.
The yellow nodes and purple arrows in
(2) |
where and are the selected probability and exploitability of the security loophole , respectively; and is the total number of loopholes () at a specific portal.
The exploitability of security loophole (i.e., ) is represented by the green arrows in
(3) |
where and are the scale and shape parameters, respectively; and , , and are the AV, AC, and AU scores of under the CVSS standard, respectively.
The black arrows in
(4) |
where is the disposed attack resource for a single attack; and is the scaling coefficient, which yields . The fraction satisfies , and indicates the attacker’s cost for exploiting the vulnerability of the communication link.
To derive the probabilistic expression for cyber-attack paths shown in
Attack portals and the pseudo/real-time measurements in
Combining (1)-(4), the transition probabilities between different logical nodes can be calculated, thereby constituting the transition matrix of an absorbing Markov chain as:
(5) |
where and are the matrices of absorbing states and transient states, respectively; and I is the identity matrix.
Recall the Property ② above, the probability that the chain will be absorbed always equals one. Hence, when the cardinality of states , we have . For the canonical form (5) of absorbing Markov chain , the matrix has an inverse , which is the fundamental matrix of . To measure the likelihood of a single attack eventually reaching the absorbing state, and in the canonical form (5) are used to calculate the success probability of each attack path . The element signifies the probability of being absorbed by state given an initial state . Therefore, can be described as , which is derived by successively multiplying the selected probability, loophole exploitability, and logical node transition probabilities (1)-(4).
Different attack paths can be elaborately combined for a single attack target to reconfigure the load profile or real-time measurements. Thus, it is assumed that multiple attack paths can be exploited concurrently and the success probability of a single attack path is independent of each other. As a result, the success probability of multiple attack paths can be calculated:
(6) |
where is the number of all possible attack paths for compromising the th attack target; is the success probability; and and are the matrix quantities (which have been defined above) corresponding to the th attack path.
As illustrated in Section III-A, specific approaches and skill levels of an attacker are considered as the attack resource. Similarly, the defense resource can be represented by the degrees of practical defense means. To evaluate the risk, the attack and defense resources need to be quantified by the same metric considering the practical significance. That is, all attack and defensive means can be evaluated by the monetary value.
Practical security controls, e.g., IDSs, firewalls, anti-virus software/hardware, and data integrity checking software, require significant monetary expense to be effective. Likewise, a great amount of monetary expenditure is indispensable for antagonists to elaborate on valid attack strategies. Therefore, the practical significance of the amount of attack/defense resources is defined by the monetary value, and the base number of a resource unit can be presumed as one thousand or one million in any currency. In this way, the attacker/system operator can quantify the employed intrusion techniques or security controls via dividing their monetary investments by the base number of a resource unit, so as to derive the dimensionless resource value.
Since the attack in this study targets load profiles and real-time measurements, the attack resource is represented by the relative cost of exploiting loopholes and executing attacks for a cyber intrusion, while the expense required (i.e., invested physical facilities and defensive software) for mitigating the vulnerability of a single measurement signifies the defense resource. Real-time measurements originate from meter units in the physical domain, and a successful attack on a single unit means that any measurement channel collected by that unit can be falsified. As for the load profile represented by pseudo measurements, we presume that it interacts with other logical nodes through data packets, of which successful interception can manipulate an arbitrary load data it contains. Similar to (4), the relationship between measurement vulnerability and deployed defense resource is written as [
(7) |
(8) |
where is the disposed defense resource for the th measurement unit; and is the defender’s cost to reduce with the predetermined fraction .
Without losing generality, assuming that an attacker aims to alter measurements. For the single th measurement unit with attack paths available, the probability of a successful attack can be obtained by firstly accumulating the success probability of each path by (6), and then multiplying them by the measurement vulnerability (7) as: . As a consequence, the success probability of a coordinated cyber attack can be computed by multiplying the success probability of each measurement unit cumulatively:
(9) |
Remark 1: it can be intuitively inferred from (9) that the success probability is proportional to the number of attack paths for a single target measurement. However, raising the number of target measurement units can degrade the likelihood of successful coordinated cyber attacks.
Referring to the National Institute of Standards and Technology (NIST) SP 800-82r3 standard for risk assessment [
(10) |
where and are the security risk and physical consequences provoked by the th coordinated cyber attack, respectively; is the success probability of the th attack; and is the total number of coordinated cyber attacks.
Remark 2: existing studies mostly employ load shedding as the indicator for . However, such a metric for transmission systems may not be applicable to CPDNs under quasi-steady operation conditions. In contrast, the number of corrupted measurements is adopted for modeling the game in [
CPDNs generally suffer from the inadequacy of security controls, thereby the protection of critical assets needs to be prioritized. To fully utilize the limited defense resource budget and mitigate cybersecurity risks, a novel risk-oriented defense resource allocation strategy is proposed in this section.
Because the system risk is delineated by the product of occurrence probability and physical impact, the attacker can boost the risk level by distributing more resources for a cyber intrusion, and the risk can be mitigated by an increased number of defense resources. Thus, from the perspective of system operators, the defense resource allocation problem can be investigated considering the interaction of attackers and defenders, where each player’s action space comprises all the possible attack and defense strategies. For the attacker, the attack strategy is the practical means by which coordinated cyber attacks can be implemented and the amount of attack resources can be deployed for a specific one. Assume the attacker launches coordinated cyber attacks, then the disposed attack resource can be written as a column vector:
(11) |
(12) |
where is the attack resource positioned for the th attack and satisfies ; and is the limited attack resource budget. On the contrary, the defender distributes a limited defense resource budget over all the system measurements. Similarly, the column vector of defense resource is given by:
(13) |
(14) |
where is the deployed defense resource for the th measurement and satisfies . Note that the practical significance of attack and defense resources have been illustrated in Section III-B.
The payoff within attack-defense interactions is generally assessed by the system loss/gain value (i.e., the variation of system risks) caused by the attack/defense strategy. The attacker’s objective is to maximize the risk by increasing the success probability and physical consequence to the greatest possible extent, whose payoff can be formulated as:
(15) |
where and are the arbitrary non-optimal strategies of the attacker and defender, respectively; and is the attacker’s optimal strategy that can maximize the payoff , denoted by the incremental risk .
For the defender, an opposite objective is endowed, who intends to minimize the incremental risk in the presence of an attack strategy as:
(16) |
where is the optimal defense resource allocation strategy that can minimize , i.e., the payoff . Therefore, the four-tuple strategy of attack-defense interactions subjects to the following inequality set:
(17) |
(18) |
(19) |
Referring to related studies [
(20) |
s.t.
(21) |
(22) |
(23) |
(24) |
(25) |
where is the defense resource deployed for the th measurement against the th attack; and are the lower and upper bounds of resource budget, respectively; and and are the lower and upper limits of allocation precision, respectively.
The MOO objective (20) aims to minimize and simultaneously with the defense strategy (i.e., the decision variable ) under all the potential coordinated cyber attacks (i.e., the decision variable ). Constraints (21) and (22) specify the constitution of , , and from (10), (12), and (14). Constraints (23) and (24) indicate the lower and upper limits for the defense resource budget and the allocation precision (which will be detailed in Section IV-C), respectively. Constraint (25) ensures that defense resources are initially allocated to each measurement equally.
By solving the formulated MOO, the optimal solution can only be described by a set of optimal Pareto solutions due to the contradiction of the two objective functions. Note that the number of attacks is relatively small at the beginning of cyber intrusions, and the defense strategy space scale is therefore limited. In this case, traversing methods can be leveraged to approach the optimal Pareto front. However, the strategy space can be exponentially expanded in practice as the attack-defense interactions evolve with time. To address the issue, the nondominated sorting genetic algorithm III (NSGA-III) [
Initially, a parent population is arbitrarily generated in the NSGA-III, thus the two objective values corresponding to each individual in can be evaluated. Then, each individual is ranked by the nondominated sorting procedure [
1) Given the parent population with individuals from
2) Form a combined population of size from and as: .
3) Evaluate objective values for each individual in , then compute its nondomination rank () and perpendicular distance to the reference line ().
4) Go through the nondominated sorting procedure, then form a new population for the next generation by the reference-point-oriented elitist selection approach [
5) Increment the generation counter: .
The step-by-step loop above is iterated until the counter reaches the maximum number of generations, and the detailed formulation of NSGA-III can be found in [
To satisfy the requirements of optimizing multiple objective functions, it is necessary to select an optimal solution from the optimal Pareto set derived from NSGA-III. Hence, the generational distance metric in [
(26) |
where and are the sum of security risks and the sum of defense resources under all the cyber attacks, respectively.
A random vector in the Pareto front can be seen as a scatter point in the two-dimensional space, where the -axis and -axis are represented by and , respectively. Then, the generational distance metric measures the proximity between a random objective vector and the ideal vector, thus the optimality of the corresponding solution in the optimal Pareto set can be quantitively evaluated. As shown in (20), the minimum value of each objective in the Pareto front constitutes the ideal vector, described by:
(27) |
Then, each objective vector is normalized based on the ideal vector value in the two-dimensional space:
(28) |
where and are the normalized values of and , respectively.
Finally, the -norm of the normalized objective vector is computed to derive the generational distance metric as:
(29) |
Remark 3: according to the generational distance metric, different solutions in the optimal Pareto set can be prioritized. The solution with the minimum distance metric is the optimal one, since it enables the corresponding objective vector closest to the ideal vector in the two-dimensional space.
Based on prioritized optimal solutions, the defense resource allocation budget can be specified for the subsequent defensive countermeasure design. However, it is noteworthy that defense resources are equally allocated for each measurement in the previous step, which is not applicable in the face of varying coordinated cyber attacks. To allocate the limited budget more efficiently, an atomic allocation approach is proposed in this subsection for the defender to further trim down the overall system risk.
Referring to [

Fig. 3 Flow chart of proposed atomic allocation approach for defense resources.
Step 1: initialization. Initially, the defense resources on all measurement devices are set to be . The defense resource budget is divided into multiple atomic units according to the allocation precision , and set the iteration counter .
Step 2: iteration of measurements. At the th iteration, deploy an atomic unit (i.e., ) to each measurement as:
(30) |
where is the deployed resource of the th measurement.
Then, calculate the system risk under all the possible cyber attacks, and the set of system risks after each measurement is equipped with an atomic unit can be obtained as:
(31) |
where is the system risk when the th measurement is equipped with an atomic unit at the th iteration.
Step 3: atomic unit allocation. Identify the minimum value in (assumed to be the th element ), then assign the th atomic unit to the th measurement:
(32) |
where is the allocated resource for the th measurement.
Step 4: terminate evaluation. Except for the th measurement, defense resources of all the measurements are reset to be for the next iteration. Moreover, set , if , the iteration terminates, indicating that all the atomic units have been distributed, and the system risk value can be determined based on the current allocation scheme. Else, the iteration continues and returns to Step 2.
The proposed security risk assessment method and risk-oriented defense resource allocation strategy are developed in MATLAB R2022b environment. The simulation is implemented on a PC with an Intel Core i5-10400F CPU and 32 GB RAM. To emulate the CPDN, an unbalanced distribution test feeder consisting of pseudo measurements, SCADA units, and PMUs is employed as the testbed for the proposed method. The standard IEEE 123-node test feeder is modified by integrating several DGs with a P-Q controlling strategy. Details of feeder configuration, line impedances, regulator data, and transformer data can be found in [
Referring to the U.S. National Vulnerability Database [
No. | CVE-ID | CVSS score | Exploitability |
---|---|---|---|
CVE-2016-5053 | 0.5403 | ||
CVE-2020-10923 | 0.3848 | ||
CVE-2015-7599 | 0.3088 | ||
CVE-2018-5678 | 0.5387 | ||
CVE-2018-19524 | 0.5368 | ||
CVE-2020-8958 | 0.5282 | ||
CVE-2018-0453 | 0.1398 | ||
CVE-2015-4684 | 0.1626 | ||
CVE-2014-8684 | 0.3857 | ||
CVE-2014-3569 | 0.2146 | ||
CVE-2015-4879 | 0.4064 | ||
CVE-2015-2822 | 0.5056 |
Metric | Level | Value |
---|---|---|
AV | Local () | 0.55 |
Adjacent network () | 0.62 | |
Network () | 0.85 | |
AC | High () | 0.44 |
Medium () | 0.58 | |
Low () | 0.77 | |
AU | Multiple () | 0.27 |
Single () | 0.61 | |
None () | 0.85 |
The CPDN is assumed to be exposed to external attacks in this subsection, whereby the budget value is initialized to zero without deploying defense resources. Load profiles are distributed in CPDN in the form of pseudo measurements, represented by all the nodal power injections except for the reference node at the slack bus in

Fig. 4 Modified IEEE 123-node test feeder and its network topology.

Fig. 5 Success probabilities of single-target cyber attacks for each measurement.

Fig. 6 Success probabilities of different attack paths of single-target attacks for each meter unit. (a) Pseudo measurements. (b) SCADA units. (c) PMUs.
Coordinated cyber attacks can be categorized according to the number of targets, i.e., the attack indexed by indicates that it randomly chooses targets out of all the vulnerable measurements. This study considers coordinated cyber attacks indexed from 1 to 10 (), where each index is randomly launched 100 times against pseudo measurements, SCADA units, or PMUs. The risk and probability are cumulatively and averagely computed under different , respectively. Utilizing the security risk assessment method in Section III-B, success probabilities and induced risks of coordinated cyber attacks are summarized in
1 |
1.7290×1 | 18.1952 | 6 |
3.3802×1 |
2.3012×1 |
2 |
1.9400×1 | 3.8387 | 7 |
6.2835×1 |
4.5991×1 |
3 |
6.1096×1 | 1.2373 | 8 |
8.0135×1 |
5.8516×1 |
4 |
5.3866×1 | 0.1984 | 9 |
1.3116×1 |
1.0798×1 |
5 |
1.1987×1 | 0.0102 | 10 |
2.2315×1 |
1.5379×1 |
To validate the efficacy of the proposed method, two probabilistic risk assessment methods, namely, the method based on resource conversion coefficients (RCCs) [
Cyber attacks with index are first adopted against pseudo measurements since such a scenario exhibits the highest risk.

Fig. 7 Success probability of each attack path using different methods.
Method | Security risk value | ||
---|---|---|---|
RCC [ |
4.4702×1 |
2.2640×1 |
9.3206×1 |
RCS [ |
1.3010×1 |
5.0400×1 |
1.8591×1 |
Proposed |
2.1133×1 |
4.1695×1 |
1.2548×1 |
The formulated MOO and solution selection procedure are evaluated under coordinated cyber attacks against arbitrary measurements. Attack settings are the same as in

Fig. 8 Optimal Pareto solutions of MOO.
Besides, it is noteworthy in
Strategy | ||||
---|---|---|---|---|
1.7547 | 3454 | 1.0000 | 1 | |
2.0115 | 3273 | 0.8560 | 1 | |
2.1477 | 3167 | 0.7808 | 1 | |
2.2481 | 3063 | 0.7105 | 1 | |
2.5493 | 2882 | 0.6426 | 1 | |
2.9278 | 2673 | 0.6584 | 1 | |
3.1192 | 3353 | 1.1253 | 2 | |
3.2689 | 2500 | 0.7529 | 1 | |
3.4729 | 2408 | 0.8336 | 1 | |
3.8363 | 2270 | 1.0000 | 1 |
Existing allocation approaches [
Approach I [
Approach II [
Given the same budget value and allocation precision (set as 5000 for satisfying the upper limit and ensuring accurate allocation), comparative defense resource allocation results for each measurement are presented in

Fig. 9 Defense resource allocation results. (a) Pseudo measurements. (b) SCADA units and PMUs.
By applying the three allocation approaches, the risk incurred by each coordinated cyber attack and the overall system risk are both cumulatively calculated. As shown in
Security risk value | ||||
---|---|---|---|---|
No defense | Approach I | Approach II | Proposed | |
1 |
1.8195×1 |
6.2164×1 |
3.9439×1 |
1.5791×1 |
2 |
3.8387×1 |
2.3025×1 |
1.2984×1 |
5.1200×1 |
3 |
1.2373×1 |
4.3120×1 |
2.1750×1 |
4.6000×1 |
4 |
1.9840×1 |
1.3200×1 |
7.5392×1 |
5.3725×1 |
5 |
1.0200×1 |
8.2942×1 |
3.9350×1 |
7.1204×1 |
6 |
2.3012×1 |
6.5645×1 |
1.4296×1 |
3.2655×1 |
7 |
4.5991×1 |
7.2703×1 |
2.0103×1 |
3.0728×1 |
8 |
5.8516×1 |
5.2238×1 |
1.6333×1 |
1.2726×1 |
9 |
1.0798×1 |
9.2246×1 |
4.6166×1 |
9.6958×1 |
10 |
1.5379×1 |
1.6478×1 |
6.8449×1 |
4.7354×1 |
2.3483×1 |
8.9642×1 |
5.4677×1 |
2.0963×1 |
This paper proposes a novel security risk assessment method and risk-oriented defense resource allocation strategy for CPDNs. By constructing an attack graph-based CPDN architecture, the success rate of a coordinated cyber attack and corresponding security risks are properly evaluated using the security risk assessment method. Moreover, the incurred risk is efficiently mitigated by the developed risk-oriented defense resource allocation strategy, in which the prioritized MOO solution is able to reasonably address the trade-off between security risk and limited resource budget. Extensive simulation results on the modified IEEE 123-node test feeder have verified the efficacy of the proposed method and strategy in evaluating security risk, solving the formulated MOO problem, and allocating limited defense resources in the presence of multiple coordinated cyber attacks.
Results derived from this paper can shed some light on the defensive studies for assessing the mounting cyberspace risks in CPDNs. A plausible defense resource allocation framework is also provided for addressing the security issues in modern CPDNs under cyber attacks. In the future, we will focus on taking additional vulnerable system components and a realistic cyber-physical coupling environment into account, so as to devise more comprehensive and representative risk assessment methods in the context of varying attack scenarios. Besides, the scalability of the proposed method and strategy in the variants of CPDNs, e.g., industrial control systems and industrial Internet of Things, is worthy of further investigation.
References
Y. Zhang, M. Ni, and Y. Sun, “Fully distributed economic dispatch for cyber-physical power system with time delays and channel noises,” Journal of Modern Power Systems and Clean Energy, vol. 10, no. 6, pp. 1472-1481, Nov. 2022. [Baidu Scholar]
Y. Yang, P. Zhang, C. Wang et al., “State transition modeling method for optimal dispatching for integrated energy system based on cyber-physical system,” Journal of Modern Power Systems and Clean Energy, vol. 12, no. 5, pp. 1617-1630, Sept. 2024. [Baidu Scholar]
D. Du, M. Zhu, X. Li et al., “A review on cybersecurity analysis, attack detection, and attack defense methods in cyber-physical power systems,” Journal of Modern Power Systems and Clean Energy, vol. 11, no. 3, pp. 727-743, May 2023. [Baidu Scholar]
Z. Wei, K. Xie, B. Hu et al., “Distribution system restoration with cyber failures based on co-dispatching of multiple recovery resources,” Journal of Modern Power Systems and Clean Energy, vol. 12, no. 4, pp. 1096-1112, Jul. 2024. [Baidu Scholar]
K. Pan, A. Teixeira, M. Cvetkovic et al., “Cyber risk analysis of combined data attacks against power system state estimation,” IEEE Transactions on Smart Grid, vol. 10, no. 3, pp. 3044-3056, May 2019. [Baidu Scholar]
S. Deng, J. Zhang, D. Wu et al., “A quantitative risk assessment model for distribution cyber-physical system under cyber attack,” IEEE Transactions on Industrial Informatics, vol. 19, no. 3, pp. 2899-2908, Mar. 2023. [Baidu Scholar]
S. Li, C. K. Ahn, and Z. Xiang, “Decentralized sampled-data control for cyber-physical systems subject to DoS attacks,” IEEE Systems Journal, vol. 15, no. 4, pp. 5126-5134, Dec. 2021. [Baidu Scholar]
W. He, S. Li, C. K. Ahn et al., “Sampled-data stabilization of stochastic interconnected cyber-physical systems under DoS attacks,” IEEE Systems Journal, vol. 16, no. 3, pp. 3844-3854, Sept. 2022. [Baidu Scholar]
H. Qin, J. Weng, D. Liu et al., “Risk assessment and defense resource allocation of cyber-physical distribution system under denial of service attack,” CSEE Journal of Power and Energy Systems, doi: 10.17775/CSEEJPES.2020.04550 [Baidu Scholar]
Y. Zhang, L. Wang, and Y. Xiang, “Power system reliability analysis with intrusion tolerance in SCADA systems,” IEEE Transactions on Smart Grid, vol. 7, no. 2, pp. 669-683, Mar. 2016. [Baidu Scholar]
Z. Liu, W. Wei, L. Wang et al., “An actuarial framework for power system reliability considering cybersecurity threats,” IEEE Transactions on Power Systems, vol. 36, no. 2, pp. 851-864, Mar. 2021. [Baidu Scholar]
R. Zeng, Y. Cao, Y. Li et al., “A general real-time cyberattack risk assessment method for distribution network involving the influence of feeder automation system,” IEEE Transactions on Smart Grid, vol. 15, no. 2, pp. 2102-2115, Mar. 2024. [Baidu Scholar]
Y. Zhao, Y. Li, Y. Cao et al., “Risk-based contingency analysis for power systems considering a combination of different types of cyber-attacks,” Applied Energy, vol. 348, pp. 1-10, Oct. 2023. [Baidu Scholar]
Y. Zhao, Y. Cao, Y. Li et al., “Risk-based contingency screening method considering cyber-attacks on substations,” IEEE Transactions on Smart Grid, vol. 13, no. 6, pp. 4973-4976, Nov. 2022. [Baidu Scholar]
W. Xia, D. He, and J. Chen, “On the PMU placement optimization for the detection of false data injection attacks,” IEEE Systems Journal, vol. 17, no. 3, pp. 3794-3797, Sept. 2023. [Baidu Scholar]
M. Zhang, Z. Wu, J. Yan et al., “Attack-resilient optimal PMU placement via reinforcement learning guided tree search in smart grids,” IEEE Transactions on Information Forensics and Security, vol. 17, pp. 1919-1929, May 2022. [Baidu Scholar]
H. Lei, S. Huang, Y. Liu et al., “Robust optimization for microgrid defense resource planning and allocation against multi-period attacks,” IEEE Transactions on Smart Grid, vol. 10, no. 5, pp. 5841-5850, Sept. 2019. [Baidu Scholar]
P. Lau, W. Wei, L. Wang et al., “A cybersecurity insurance model for power system reliability considering optimal defense resource allocation,” IEEE Transactions on Smart Grid, vol. 11, no. 5, pp. 4403-4414, Sept. 2020. [Baidu Scholar]
C. Shao and Y. Li, “Optimal defense resources allocation for power system based on bounded rationality game theory analysis,” IEEE Transactions on Power Systems, vol. 36, no. 5, pp. 4223-4234, Sept. 2021. [Baidu Scholar]
W. Chen, W. Chen, and A. Xue, “Security risk assessment and defense resource allocation of power system under synergetic cyber attacks,” Power System Technology, vol. 43, no. 7, pp. 2353-2360, Jul. 2019. [Baidu Scholar]
Y. Song, X. Liu, Z. Li et al., “Intelligent data attacks against power systems using incomplete network information: a review,” Journal of Modern Power Systems and Clean Energy, vol. 6, no. 4, pp. 630-641, Jul. 2018. [Baidu Scholar]
G. Liang, S. R. Weller, J. Zhao et al., “The 2015 Ukraine blackout: implications for false data injection attacks,” IEEE Transactions on Power Systems, vol. 32, no. 4, pp. 3317-3318, Jul. 2017. [Baidu Scholar]
M. Zhou, C. Liu, A. A. Jahromi et al., “Revealing vulnerability of N-1 secure power systems to coordinated cyber-physical attacks,” IEEE Transactions on Power Systems, vol. 38, no. 2, pp. 1044-1057, Mar. 2023. [Baidu Scholar]
Y. Cheng, “State estimation in three-phase unbalanced distribution system with false data injection attacks,” M.S. thesis, School of Cyber Science and Engineering, Southeast University, Nanjing, China, 2021. [Baidu Scholar]
M. Schiffman. (2023, Sept.). Common vulnerability scoring system (CVSS). [Online]. Available: http://www.first.org/cvss/ [Baidu Scholar]
A. Ali, P. Zavarsky, D. Lindskog et al., “A software application to analyze affects of temporal and environmental metrics on overall CVSS v2 score,” in Proceedings of 2011 World Congress on Internet Security, London, UK, Feb. 2011, pp. 1-5. [Baidu Scholar]
S. Abraham and S. Nair, “Exploitability analysis using predictive cybersecurity framework,” in Proceedings of 2015 IEEE 2nd International Conference on Cybernetics, Gdynia, Poland, Aug. 2015, pp. 317-323. [Baidu Scholar]
N. Fardad, S. Soleymani, and F. Faghihi, “Cyber defense analysis of smart grid including renewable energy resources based on coalitional game theory,” Journal of Intelligent & Fuzzy Systems, vol. 35, no. 2, pp. 2063-2077, Aug. 2018. [Baidu Scholar]
S. Abraham and S. Nair, “Cyber security analytics: A stochastic model for security quantification using absorbing Markov chains,” Journal of Communications, vol. 9, no. 12, pp. 899-907, Dec. 2014. [Baidu Scholar]
NIST. (2023, Oct.). NIST special publication 800-82r3. [Online]. Available: https://doi.org/10.6028/NIST.SP.800-82r3 [Baidu Scholar]
J. M. Hendrickx, K. H. Johansson, R. M. Jungers et al., “Efficient computations of a security index for false data attacks in power networks,” IEEE Transactions on Automatic Control, vol. 59, no. 12, pp. 3194-3208, Dec. 2014. [Baidu Scholar]
W. Hao, P. Yao, T. Yang et al., “Industrial cyber-physical system defense resource allocation using distributed anomaly detection,” IEEE Internet of Things Journal, vol. 9, no. 22, pp. 22304-22314, Nov. 2022. [Baidu Scholar]
Z. Sun, Y. Liu, and L. Tao, “Attack localization task allocation in wireless sensor networks based on multi-objective binary particle swarm optimization,” Journal of Network and Computer Applications, vol. 112, pp. 29-40, Jun. 2018. [Baidu Scholar]
K. Deb and H. Jain, “An evolutionary many-objective optimization algorithm using reference-point-based nondominated sorting approach, part I: solving problems with box constraints,” IEEE Transactions on Evolutionary Computation, vol. 18, no. 4, pp. 577-601, Aug. 2014. [Baidu Scholar]
K. Deb, A. Pratap, S. Agarwal et al., “A fast and elitist multiobjective genetic algorithm: NSGA-II,” IEEE Transactions on Evolutionary Computation, vol. 6, no. 2, pp. 182-197, Apr. 2002. [Baidu Scholar]
H. Jain and K. Deb, “An evolutionary many-objective optimization algorithm using reference-point based nondominated sorting approach, part II: handling constraints and extending to an adaptive approach,” IEEE Transactions on Evolutionary Computation, vol. 18, no. 4, pp. 602-622, Aug. 2014. [Baidu Scholar]
S. Jiang, Y. S. Ong, J. Zhang et al., “Consistencies and contradictions of performance metrics in multiobjective optimization,” IEEE Transactions on Cybernetics, vol. 44, no. 12, pp. 2391-2404, Dec. 2014. [Baidu Scholar]
G. Chen, Z. Y. Dong, D. J. Hill et al., “Exploring reliable strategies for defending power systems against targeted attacks,” IEEE Transactions on Power Systems, vol. 26, no. 3, pp. 1000-1009, Aug. 2011. [Baidu Scholar]
IEEE PES AMPS DSAS Test Feeder Working Group. (2023, Aug.). Resources. [Online]. Available: https://cmte.ieee.org/pes-testfeeders/resources/ [Baidu Scholar]
NIST. (2024, Jan.). National vulnerability database. [Online]. Available: https://nvd.nist.gov/ [Baidu Scholar]
S. Frei. (2009, Apr.). Security econometrics: the dynamics of (in) security. [Online]. Available: https://www.research-collection.ethz.ch/bitstream/handle/20.500.11850/151394/eth-154-02.pdf [Baidu Scholar]
W. I. A. Mannai, “Development of a decision support tool to inform resource allocation for critical infrastructure protection in homeland security,” Ph.D. dissertation, Naval Postgraduate School, Monterey, USA, 2008. [Baidu Scholar]
L. Shi and Z. Jian, “Vulnerability assessment of cyber physical power system based on dynamic attack-defense game model,” Automation of Electric Power Systems, vol. 40, no. 17, pp. 99-105, Sept. 2016. [Baidu Scholar]