1

Enhanced Hidden Moving Target Defense in SmartGrids

Jue Tian, Rui Tan, Member, IEEE, Xiaohong Guan, Fellow, IEEE, and Ting Liu, Member, IEEE

Abstract—Recent research has proposed a moving target de-fense (MTD) approach that actively changes transmission linesusceptance to preclude stealthy false data injection (FDI) attacksagainst the state estimation of a smart grid. However, existingstudies were often conducted under a weak adversarial setting, inthat they ignore the possibility that alert attackers can also try todetect the activation of MTD before they launch the FDI attacks.We call this new threat as Parameter Confirming-First (PCF) FDI.To improve the stealthiness of MTD, we propose a hidden MTDapproach that cannot be detected by the attackers and prove itsequivalence to an MTD that maintains the power flows of thewhole grid. Moreover, we analyze the completeness of MTD andshow that any hidden MTD is incomplete in that FDI attacks maybypass the hidden MTD opportunistically. This result suggeststhat the stealthiness and completeness are two conflicting goalsin MTD design. Finally, we propose an approach to enhancingthe hidden MTD against a class of highly structured FDI attacks.We also discuss the MTD’s operational costs under the dc and acmodels. We conduct simulations to show the effectiveness of thehidden MTD against PCF-FDI attacks under realistic settings.

Index Terms—False data injection attack, moving target de-fense, smart grid, state estimation.

I. INTRODUCTION

As critical infrastructures, power grids must remain stable,safe, and secure. However, recent security incidents such asStuxnet have alerted us to a general class of data integrityattacks called false data injection (FDI). The Stuxnet worm [1]injected malicious control commands to induce the centrifugesin Iranian nuclear facilities out of control, and meanwhilecorrupted the system state readings to cover the ongoing faults.Similar FDI attacks can also be launched against the stateestimation (SE) of power grids while keeping stealthy to theSE’s bad data detection (BDD) mechanism [2], if the attackers

This paper has supplementary downloadable material available athttp://ieeexplore.ieee.org.

This research was funded by a Start-up Grant at Nanyang Techno-logical University, National Key Research and Development Program ofChina (2016YFB0800202), National Natural Science Foundation of China(61472318, 61632015, 61772408, U1766215, U1736205), Fok Ying-TongEducation Foundation (151067), and the Fundamental Research Funds forthe Central Universities.

J. Tian is with Systems Engineering Institute, MOE KLINNS Lab, Xi’anJiaotong University, China. The majority of this work was completed whileJue Tian was a visiting student and then a research intern at School ofComputer Science and Engineering, Nanyang Technological University (e-mail: juetian@sei.xjtu.edu.cn).

R. Tan is with School of Computer Science and Engineering, NanyangTechnological University, Singapore (email: tanrui@ntu.edu.sg).

X. Guan is with Systems Engineering Institute, MOE KLINNS Lab, Xi’anJiaotong University, China and also with the Center for Intelligent andNetworked Systems, Department of Automation, Tsinghua University, China(email: xhguan@sei.xjtu.edu.cn).

T. Liu is with Systems Engineering Institute, MOE KLINNS Lab, Xi’anJiaotong University, China (email: tliu@sei.xjtu.edu.cn).

know the details of the BDD and can compromise the sensormeasurements through hardware intrusion or data tamperingduring network transmission. The wrong grid state estimatescaused by the stealthy FDI attacks can result in erroneouscontrols that endanger grid safety.

Aiming at precluding the FDI attacks, existing studies haveresorted to securing the sensor measurements and adding moredata integrity check mechanisms. In [3], [4], a minimum subsetof sensors and their data links are identified such that securingthem can preclude the FDI attacks. Secure data collectionprotocols based on in-network data aggregation [5] and en-route filtering [6] have also been developed. The bus voltagephases measured by phasor measurement units (PMUs) canbe used to verify the integrity of the state estimation based onpower flow measurements only [7]. However, a high securitylevel of the sensors’ and PMUs’ data is often very costly.

Alternatively, we can invalidate the attackers’ knowledgeabout the power system to preclude or reveal stealthy FDIattacks. To this end, recent studies [8], [9], [10] proposed amoving target defense (MTD) approach that actively changesthe power system configuration. In the past decade, adjustingsystem configuration to maintain desirable power flows hasbeen studied. The emerging distributed flexible ac transmissionsystem (D-FACTS) devices, which can change the transmis-sion line impedance, are promising for wide deployment due totheir decreasing cost and thus enhancing the system operator’scapability in adjusting the power system configuration. Thisincreasing capability can foster the adoption of the proposedMTD approach.

However, existing MTD studies [8], [9], [10] were con-ducted under a weak adversary setting, in that they ignorethe possibility that alert attackers can also try to detect theactivation of MTD before they launch an FDI attack. In thispaper, we show that the attackers can detect the activation ofMTD easily and immediately, by applying the BDD based onthe original power system configuration to the eavesdroppedsensor measurements. The detection will drive the attackers tostop FDI and invest more resources to launch data exfiltrationattacks that can always obtain the latest system configuration.In this sense, existing MTD approaches may not decrease therisk faced by the system substantially. We call this new threatas Parameter Confirming-First False Data Injection (PCF-FDI).

To improve the stealthiness of MTD, in this paper, wepropose a hidden MTD approach that cannot be detected by theattackers. Specifically, on the activation of the hidden MTD,the attackers’ BDD based on the original system configurationwill not raise an alarm. The FDI attacks, crafted based on the

2

original system configuration, will be mostly caught by thesystem’s BDD after MTD, and then discarded or redirectedto a honeypot for further forensic analysis that can helpexpose the details of the attackers. Hence, this hidden MTDapproach can induce the attackers to launch futile attacks andincrease their chance of getting exposed. In contrast, with theexisting MTD approach, the forensic analysis is impossibleand the system faces heightened threats since the persistentattackers will try to defeat the MTD. Thus, under a highlyadversary setting, making the defense stealthy to the attackersis generally beneficial to the defenders in the attack-defenserace, just like the attackers also try to make their attacksstealthy to the defenders.

In addition to stealthiness, we also analyze the completenessof MTD to show that the attackers may construct an FDIattack to bypass the BDD after the MTD without the newsystem configuration. Though this bypassing is opportunistic,it is important to study a desirable complete MTD approachthat can preclude any possible bypassing and understandthe relationship between stealthiness and completeness. Forinstance, an interesting question to ask is: Can we design anMTD approach that is hidden and complete simultaneously?

In this paper, we make the following contributions tounderstand the stealthiness and completeness of MTD:

• We study PCF-FDI and propose hidden MTD to addressPCF-FDI. We prove that a necessary and sufficient condi-tion for hidden MTD is that the power flows of the wholegrid are maintained after MTD. Based on this result, wedevelop algorithms to compute the needed parameter per-turbations to the D-FACTS-equipped transmission linesunder both the dc and ac power flow models. Underthe dc model, we analyze a basic feasibility conditionfor hidden MTD when a subset of lines are D-FACTS-equipped. With this condition, we can assess whether thehidden MTD can be implemented for a power grid. Thus,it can guide the grid design and enhancement.

• We define the completeness of MTD and enhance thehidden MTD to address a class of highly structured FDIattacks. Specifically, our analysis shows that real-worldpower grids generally do not provide sufficient trans-mission lines needed for realizing complete MTD. Wefurther show that any hidden MTD must be incomplete,suggesting that the stealthiness and completeness are twoconflicting goals in MTD design. Moreover, we analyze aclass of FDI attacks against incomplete MTD and proposean enhanced MTD approach that precludes these attacksby strategically deploying D-FACTS devices. Since thecomplete MTD is generally not realizable, the enhancedhidden MTD is desired in practice.

• Since the MTD may change the total generation and thegeneration dispatch, we analyze MTD’s operational costsin terms of the generation cost change both under the dcand ac models.

• We conduct simulations based on the IEEE 14-bus systemto compare the stealthiness and completeness of hiddenMTD with existing MTD approaches.

The rest of this paper is organized as follows. Section

II discusses the background by reviewing existing failurescenarios and overviews the proposed approach. Section IIIpresents preliminaries and related work. Section IV states ourresearch problems. Section V presents the hidden MTD ap-proach. Section VI analyzes the MTD’s completeness. SectionVII analyzes MTD’s operational cost. Section VIII presentssimulation results. Section IX discusses the system settings,attack identification and mitigation. Section X concludes.

II. BACKGROUND

In this section, we review the US National Electric SectorCybersecurity Organization Resource (NESCOR) failure sce-narios and recent security incidents to motivate the threatsconsidered in this paper. Then, we overview the proposedapproach and its effects on a networked power system.

A. Failure Scenarios in Smart Grids

To foster energy sector cybersecurity research, the NESCORTeam 1 has summarized the cybersecurity failure scenariosbased on more than 100 cybersecurity incidents in 9 domainsof the smart grids that have generated negative impacts [11].The NESCOR failure scenarios show the security risks of thesmart devices (e.g., phasor measurement unit (PMU) and smartmeters) in the wide area. Here are several relevant instancesfrom NESCOR:• The control signals to the smart devices may be altered

or injected into malicious messages through a spoofingattack (from WAMPAC.2 in [11]);

• The sensor measurements may be modified or stolendue to a backdoor or malware (from WAMPAC.4 andWAMPAC.8);

• The historical measurement data in the database may bestolen, corrupted or deleted (from WAMPAC.7).

These security risks are derived from and have been repeatedlyalerted by the cybersecurity incidents in cyber-physical sys-tems. The cyber-attacks against supervisory control and dataacquisition (SCADA) systems have doubled since 2013 andmostly target the power plants, factories, or refineries [12].The Stuxnet worm (2011) [1] and BlackEnergy trojan (2016)[13] injected malicious control commands and/or sensor datainto industrial control systems and caused physical damages tothe nuclear facilities and a power plant, respectively. Similarattacks also subverted the safe operations of Polish trains andcity tram system (2008) [14], and Illinois water utility (2011)[15], etc. In addition, various malwares (e.g., the Night Dragon(2011) [16], Duqu (2011) [17], Flame (2012) [18], Dragonfly(2014) [19]) started the attacks by first obtaining privilegedaccesses into the industrial control systems and then exfiltratedor gathered the sensitive information about the systems.

The FDI threat considered in this paper is aligned with theNESCOR security risks. The FDI attack injects false sensormeasurements that are crafted based on a measurement matrixused in power grid state estimation. First, the false sensormeasurement injection is an important security risk consideredby NESCOR/WAMPAC.4 and WAMPAC.8. Second, recentstudies showed that the measurement matrix can be estimatedby a blind FDI approach [20] or topology leaking attacks [21]

3

TABLE ISUMMARY OF NOTATIONS

Symbol Definition Symbol Definition

n system state dimension m number of linesx system state vector x̂ estimated system state vectorz measurement vector H measurement matrixHij H’s row about line (i, j) H̃ immutable part of HB bus susceptance matrix p bus power injection vectora FDI attack vector K set of linesKD set of D-FACTS-equipped lines KA set of compromised linesKC critical set bij susceptance of line (i, j)b′ij line susceptance after MTD ∆bij variation of line susceptanceqm MTD’s perturbation magnitude qd load’s variation magnitudeσ system noise deviation d magnitude of attack{·}′ quantity after MTD H′ {·}′∗ SCOPF point after MTDT MTD’s execution cycle Ta model learning timeη threshold of BDD C0 generation cost under SCOPFC1 generation cost after MTD and

convergence of frequencycontrols

C2 generation cost after MTD andgeneration redispatch

bminij lower bound of susceptance

modificationbmaxij upper bound of susceptance

modification

based on a certain amount of historical sensor data. Moreover,as the measurement matrix is a static information in the tradi-tional power grids, from NESCOR/WAMPAC.2, WAMPAC.4,WAMPAC.8 and WAMPAC.7, the attackers may obtain themeasurement matrix and launch the stealthy FDI attacks. Thus,the stealthy FDI attack is an important security concern.

B. Overview of the Enhanced Hidden MTD Approach

This paper proposes an enhanced hidden MTD approach forenhancing smart grid cybersecurity. We now overview how theproposed approach can be deployed in real systems and therelevant requirements. First, the system operators will needto deploy D-FACTS devices on the appropriately selectedlines. The selection of the lines will be discussed in detailin Section VI-B. Then, a software program implementing ourproposed algorithm will run in the control center to computethe parameter settings of all the D-FACTS devices based on thedeployment, the parameter boundaries of D-FACTS devices,and the current sensor measurements to achieve the enhancedhidden MTD. Once the proposed approach is implemented,the power system can defend against the attackers who canlaunch the FDI attacks to bypass the BDD as studied in [2]and also try to detect the activation of the arbitrary MTDapproach proposed in [10]. As a result, the implementation ofour approach will provide enhanced protection for the smartgrid.

III. PRELIMINARIES AND RELATED WORK

A. FDI Attacks against SE

Table I summarizes the notations used in this paper. We usea boldface letter (e.g., H) to denote a matrix or a vector.

This paper mainly considers the dc power flow model thatignores transmission line resistance and assumes identical busvoltage magnitude. We note that, under the ac model, thesystem state consists of the voltage phasors (i.e., voltagemagnitude and voltage phase) of all the buses. Under the dcmodel, due to the simplification of assuming identical busvoltage magnitude, the system state consists of all buses’

voltage phases only. Although the dc model is less accuratethan the ac model, the dc power flow analysis is faster andmore robust than the ac power flow analysis. Section V-Cextends our analysis to address the ac model. The SE isexecuted periodically, e.g., every five minutes. In this paper,this time period is referred to as SE period. Under the dcmodel, in the tth SE period, the system state, denoted byxt ∈ Rn (n is the number of buses), contains the voltagephases of all the buses. It is determined by the bus powerinjections and bus susceptance matrix. Specifically, pt = Bxt,where pt ∈ Rn is the vector of bus power injections, andB ∈ Rn×n is the bus susceptance matrix that encompassesboth the system topology and the susceptances of all lines.For a connected power system, the B is non-singular. Thus,xt = B−1pt. Moreover, zt = Hxt + et, where zt ∈ Rmdenotes the vector of the active power flow measurementsthrough a total of m monitored lines and m ≥ n; et ∈ Rmis the vector of measurement noises; H ∈ Rm×n is themeasurement matrix with full column rank, i.e., rank(H) = n.Denote by zt,ij the measurement of the power flow through theline (i, j) that connects bus i and j, by et,ij the measurementnoise contained in zt,ij , and by xt,i the element in xt thatcorresponds to bus i. We have zt,ij = −bij(xt,i−xt,j)+et,ij ,where bij is the line susceptance. Thus, the corresponding rowvector of H, denoted by Hij , is given by [4]

Hij =[0 ... 0 −bij︸︷︷︸

ith column

0 ... 0 bij︸︷︷︸jth column

0 ... 0].

If the measurement noises are independent and identi-cally distributed Gaussians, the estimated system state x̂t =(HTH)−1HT zt gives the minimum mean squared error. TheBDD of SE detects existence of corrupted measurements bycomparing the 2-norm estimation residual rt = ‖zt −Hx̂t‖2with a threshold η. Specifically, if rt > η, BDD yields apositive detection result. If the measurement noises follow thenormal distribution N (0, σ2), the threshold η can be set to beσ√χ2

(m−n),α to ensure a false alarm rate of (1 − α), where

χ2(m−n),α represents the 100α%-percentile of the χ2

(m−n)

distribution, since the (r/σ)2 follows a χ2(m−n) distribution.

In this paper, we set α = 0.95. The study [2] showed that, ina stealthy FDI attack, the compromised measurement vector(zt + at) will not trigger the BDD if the attack vector atsatisfies at = Hc, where c ∈ Rn is an arbitrary vector. Inother words, at ∈ col(H), where col(·) represents the columnspace of a matrix.

To simplify the discussions, in the analysis of this paper, weassume that the sensor measurements are noiseless (i.e., e = 0and z consists of the actual power flows). In this case, thethreshold η can be set to be 0, which ensures a zero false alarmrate. We will discuss the impact of the measurement noiseson our analysis when applicable. Moreover, our simulationsin Section VIII will evaluate the impact of the measurementnoises on the effectiveness of our MTD approach.

B. MTD Model

In general, MTD actively introduces controlled changes toa system to increase uncertainty and complexity for attackers.

4

In this paper, the defender actively perturbs the reactance ofD-FACTS-equipped transmission lines, aiming at precludingFDI attacks. For simplicity of exposition, we adopt the linesusceptance instead of reactance. We note that the productof a line’s susceptance and reactance is −1 under the dcmodel. Specifically, if a transmission line (i, j) is equippedwith a D-FACTS device, the defender can actively modify itssusceptance to a target value bt,ij , where bminij ≤ bt,ij ≤ bmaxij ,bminij and bmaxij denote the susceptance limits that the D-FACTS device can achieve. As a result, the measurementmatrix H becomes time-varying. We re-denote it by Ht. Weassume that the attackers need at least Ta SE periods toobtain the susceptance values through data exfiltration attacks.Specifically, in the tth SE period, the attackers can obtain Hν

only, where ν ≤ t − Ta. To ensure that the attackers alwayslack timely knowledge of the current system, the defendershould execute MTD every T SE periods, where T ≤ Ta. As aresult, the MTD operates in an ex-ante mode, i.e., there are noongoing FDI attacks on the time of MTD. If the attacker injectsan attack vector that is crafted based on Hν as at = Hνc, thedefender’s estimation residual is

rt =∥∥(zt+Hνc)−Ht(H

Tt Ht)

−1HTt (zt+Hνc)

∥∥2.

When m = n, Ht(HTt Ht)

−1HTt = Im and the above residual

is zero, where Im ∈ Rm×m denotes the identity matrix. Whenm > n, Ht(H

Tt Ht)

−1HTt is generally not Im, and according

to Theorem 3.2 in [2],(Im −Ht(H

Tt Ht)

−1HTt

)at = 0 if

and only if at ∈ col(Ht). As m > n in actual power gridsand Hν 6= Ht, the above residual is mostly non-zero and theattack will be detected.

In the analysis of this paper, we assume that the loads donot change in a time duration around the activation of theMTD. This assumption is referred to as steady loads. We willdiscuss and evaluate through simulations the impact of thissimplification on the effectiveness of our MTD approach.

C. Related Work

Recent research has studied the FDI attacks against theSE of power grids. Liu et al. [2] analyzed the condition forbypassing the BDD of SE to mislead the control center into anincorrect system state estimation. In consideration of severalpractical constraints, Yuan et al. [22] considered an FDI-basedload redistribution (LR) attack. Both the general FDI attackand the LR attack can be launched based on complete orincomplete information obtained by the attackers [23], [24]. Inaddition, FDI attacks for different malicious objectives havebeen studied, including maximizing the system operationalcost [22], obtaining profits from financial misconducts inelectricity markets [25], [26], and inducing economic dis-patch into an infeasible region [27]. Hug and Giampapa [28]introduced a physical-property-based analytical technique toassess the vulnerability of ac SE under the FDI attacks at theremote terminal unit (RTU) level. Wang et al. [29] analyzedthe feasibility of launching the alter-and-hide (AaH) attack,which is a stealthy hybrid attack consisting of behavioraland cyber attacks, from the attackers’ capabilities and theattack execution plan in the substations. Ginter [30] thoroughly

discussed the security, cyber attacks and the defense failuresin SCADA, and used Stuxnet as a case study to illustrate theseissues.

To detect the stealthy FDI attacks, Bobba et al. [3] proposedto protect a set of strategically selected sensor measurementssuch that no FDI attack vectors satisfying the stealthy con-dition analyzed in [2] can be found. Better attack detectionalgorithms have also been developed. For instance, Huanget al. [31] used adaptive CUSUM test to improve detectionperformance. Liu et al. [32] designed a new detector based onthe separation of nominal and abnormal power grid states. Liuet al. [33] used a colored Petri net describing the informationflows in smart meters to detect FDI attacks in advancedmetering infrastructures. An alternate approach to the FDIattack detection is to leverage out-of-band information that isassumed to be intact. For instance, the analysis in [7] showsthat (p + 1) PMUs deployed at carefully chosen locations ina grid can neutralize a collection of p irreducible FDI attacks.Besides, several detection methods are derived from the datacorrelation between multiple SE periods. Gu et al. [34] usedhistory data to track the dynamics of measurement variations.Ashok et al. [35] used the predicted data for FDI attackdetection.

MTD approaches of mutating hosts’ IP addresses can en-hance network security [36]. The MTD concept has beenrecently applied to increase the barrier for the attackers tolaunch stealthy FDI attacks against power grids. Morrow etal. [8], [9] proposed an ex-post MTD approach to detectongoing FDI attacks. Specifically, if an attack is present, afterapplying known perturbations to the system configuration,the observed power flow changes will be different from thepredicted changes. Rahman et al. [10] proposed an ex-anteMTD approach that randomly selects a subset of transmissionlines and randomly perturbs their susceptance, as well asrandomly select a subset of sensor measurements for SE, suchthat the attackers lack the knowledge of the system to launchFDI attacks. However, as discussed in Section I, the activationof this ex-ante MTD approach can be detected by the attackers.In contrast, as an ex-ante MTD approach, our hidden MTD isstealthy to the attackers due to the unchanged power flows.

Our preliminary work [37] has described the hidden MTDunder the dc model and its construction algorithm. Based on[37], we make four new contributions in this paper. First, weextend the hidden MTD construction algorithm to address theac model. Second, we study and evaluate the completeness ofMTD in terms of attack space. Third, we analyze a class ofstructured FDI attacks against incomplete MTD and enhancehidden MTD by strategically deploying the D-FACTS devices.Fourth, we analyze MTD’s operational cost both under the dcand ac models.

In addition to the FDI attacks against SE, various intelligentattacks against power systems have been studied. For instance,Kim and Tong [4] proposed the topology attacks against thegeneralized SE to mislead the control center into an incorrectnetwork topology understanding. Wang et al. [29] proposed theAaH attack, which executes disruptive switching actions andtampers with the actual measurements to cover the maliciousswitching actions. Liu et al. [38] developed the coordinated

5

switching attacks to cause frequency and voltage instabilitiesin the transmission systems. The MTD can be applied toenhance the system resilience against these attacks, if thestealthiness of the attacks is based on the assumption of un-changed system parameters. For example, for the AaH attackimplemented based on the replay attack against the distributednetwork protocol (DNP) [29], the replayed measurements maybe diagnosed as normal when the measurement matrix is fixed,but can be detected by MTD, since the replayed measurementsare inconsistent with the new measurement matrix.

IV. PROBLEM STATEMENT

In this section, we introduce the threat model and state theproblems addressed in this paper with a motivating example.

A. Threat Model

We assume that the attackers have the following capabilities:• Capability 1: The attackers can eavesdrop on the mea-

surements of the sensors on all the lines.• Capability 2: As discussed in Section II-A and III-B,

the attackers may obtain the susceptance values of allthe lines through data exfiltration attacks. The minimumrequired time to obtain the susceptances is Ta SE periods.Thus, if the MTD’s execution cycle T ≤ Ta, the attackersalways lack timely knowledge of the current system.

• Capability 3: The attackers can tamper with a subset ofor all the sensor measurements.

Moreover, we assume that the attackers adopt the followingstrategy. The attackers verify their information about the targetpower system before they inject false data. They launch theFDI attack only when the verification succeeds; otherwise,they should cancel any FDI attack. Thus, we name the threatconsidered in this paper as Parameter Confirming-First FalseData Injection (PCF-FDI). Specifically, the attackers test theeavesdropped sensor measurements using the BDD based onthe possibly out-of-date measurement matrix Hν . The 2-normestimation residual computed by the attackers using the sensormeasurements in the tth time period, denoted by r̄t, is

r̄t =∥∥zt −Hν(HT

ν Hν)−1HTν zt∥∥

2.

Similar to the BDD described in Section III-A, when m > nand zt /∈ col(Hν), the above residual is mostly non-zero. Theattackers would detect the activation of MTD if the residualexceeds a predefined threshold.

We now discuss the Capability 1 and 3 of the attackers. Alltraditional power systems adopt a centralized control theme.Specifically, all the sensor measurements are transmitted toa control center for system monitoring. If the attackers caneavesdrop on the data flows through several critical routersclose to the control center or directly eavesdrop on the dataflows in the control center (which is not impossible as evi-denced in the recent high-profile intrusions such as Stuxnet),they can get read access to all the power flow measurements.We note that with this assumption, as shown in Section IV-B,the attackers can detect the activation of the arbitrary MTD.As the focus of this paper is to develop a defense approach, itis beneficial to assume a strong adversary model (i.e., assume

the attackers can have read access to all measurements). Thedefense based on this strong adversary model will be alsoeffective to the weaker attackers who can obtain a subset ofthe measurements only. With Capability 3, the attackers canlaunch the FDI attacks. We note that the Capability 1 and3 are aligned with NESCOR/WAMPAC.2, WAMPAC.4 andWAMPAC.8.

We now discuss the Capability 2 of the attackers. Theanalysis in the rest of this paper focuses on the SE periodwhen MTD is activated. For conciseness, we use H to denotethe original measurement matrix before the MTD, and H′ todenote the new measurement matrix after the MTD. Fromthe discussions in Section II-A on NESCOR/WAMPAC.7 andrecent studies [20], [21], it is possible for the attackers toobtain the measurement matrix H. However, obtaining thematrix takes time. In this paper, we assume that the minimumtime for obtaining the matrix is Ta SE periods. The typicalvalues of Ta will be discussed in detail in Section IX-A. Thus,if MTD’s execution cycle is smaller than Ta, the attackerscannot obtain the H′ that is in use in the current MTD cycle.In this paper, we also use the prime symbol (′) to modify thequantities after the MTD.

B. Problem Statement

Existing studies [8], [9], [10] mainly focus on an arbitraryMTD approach, i.e., the setpoints of the D-FACTS devices arearbitrarily chosen for MTD. The activation of such an arbitraryMTD would be easily detected by PCF-FDI attackers.

We illustrate PCF-FDI with an example based on a 3-bussystem shown in Fig. 1. Bus 1 is chosen as the referencebus. Each bus is connected with a load. Two generators areconnected to bus 1 and bus 3, respectively. The original loadand generation profile is pd1 = 50 MW, pd2 = 170 MW,pd3 = 280 MW, pg1 = 182 MW, pg3 = 318 MW, wherepdi denotes the active load on bus i, and pgj denotes thegenerator’s power output on bus j. The line susceptance valuesare b12 = −19.84, b13 = −17.48, and b23 = −15.72. Thus,H =

[−19.84 00 −17.48

15.72 −15.72

]. The system state can be derived as

x = [−3.10 −0.81]T . The first row of Table II shows theoriginal system state and the power flow measurements. Inthe table, ∆bij denotes the line susceptance perturbations inan MTD; KD represents the set of lines equipped with D-FACTS devices. The result of an arbitrary MTD approach isgiven in Case 1 of the table, where only the susceptance ofthe line (1, 2) is changed by ∆b12 = −1.98. After the MTD,the estimation residual computed by the attackers, i.e., r̄, is5.1. Thus, the MTD is not stealthy to PCF-FDI attackers.

To push the state of the art in MTD design, we study thefollowing two problems in this paper:Stealthiness of MTD: How to schedule the new setpoints of D-FACTS devices such that the activation of the MTD cannot bedetected by PCF-FDI attackers? Such MTD is called hiddenMTD and is studied in Section V.Completeness of MTD: Whether hidden MTD can detect allpossible FDI attacks? If not, how to enhance the hidden MTDto detect certain types of highly structured attacks that bypasshidden MTD? This is the subject of Section VI.

6

G1

bus1 bus3

bus2

G3

Fig. 1. 3-bus system.

TABLE IIRESULTS OF SEVERAL MTD APPROACHES ON THE 3-BUS SYSTEM.

Case KD ∆b12 ∆b13 ∆b23 z′12 z′13 z′23 x′2 x′3 r̄

Original -107.26 -24.74 62.74 -3.10 -0.81 0Case 1 {(1, 2)} -1.98 0 0 -110.21 -21.79 59.79 -2.89 -0.71 5.1Case 2 {(1, 2), (1, 3), (2, 3)} -1.04 0.83 -1.47 -107.26 -24.74 62.74 -2.94 -0.85 0Case 3 {(1, 2), (2, 3)} -1.04 0 -1.14 -107.26 -24.74 62.74 -2.94 -0.81 0

*Power quantifies in MW; line susceptance quantifies in p.u.; phase quantifies in deg.

V. HIDDEN MTD

In this section, we propose the hidden MTD to defendagainst PCF-FDI, and present the properties and constructionalgorithm of hidden MTD under the dc model. Moreover, theconstruction algorithm is extended to address the ac model.

A. Hidden MTD and Its Properties

This section defines the hidden MTD and shows its equiv-alence to a power flow invariant MTD (PFI-MTD) approach.

Definition 1. A hidden MTD ensures zero BDD residual com-puted by the attackers, i.e., r̄ = ‖z′−H(HTH)−1HT z′‖2 =0.

Definition 2. A PFI-MTD approach maintains the powerflows unchanged after the prescribed changes to the electricalcharacteristics of transmission lines are applied.

Lemma 1. An MTD H′ is a PFI-MTD if and only if thereexists x′′ ∈ Rn, such that Hx = H′x′′.

Proof. (Sufficiency) Let x′, z′ and B′ denote the system state,the actual line flows, and the susceptance matrix after MTDthat gives a new measurement matrix H′, respectively. Notethat the x′′ is defined as an arbitrary vector that satisfies Hx =H′x′′. Thus, its definition is different from that of x′. Now,we prove x′′ = x′.

As loads do not change in a time duration around theactivation of the MTD (see Section III-B), the generators’power outputs do not change as well given the already estab-lished balance between generation and load. (A more detailedexplanation from a perspective of frequency control is given inRemark 1 after this proof.) Thus, the power injection of eachbus, which is the difference between the load’s power draw andthe generator’s output at the bus, remains unchanged. Hence,we have p = B′x′. By denoting pi and Bi the ith elementsof p and B, respectively, we have pi = Bix. Note that thebus power injection is the sum of power flows through all theoutgoing lines, i.e., Bi =

∑∀j,(i,j)∈K Hij , where K is the

set of all the transmission lines. From Hx = H′x′′, we haveBix =

∑∀j,(i,j)∈K Hijx =

∑∀j,(i,j)∈K H′ijx

′′ = B′ix′′.

Thus, p = B′x′′ = B′x′. As B′ is non-singular, we havex′′ = x′. Thus, z′ = H′x′ = H′x′′ = Hx = z, i.e., the lineflows remain unchanged. Hence, H′ is a PFI-MTD.

(Necessity) Since H′ is a PFI-MTD, we obtain z = z′. Fromz = Hx and z′ = H′x′, x′ satisfies Hx = H′x′.

Remark 1. As assumed in Section III-B, the loads are steadyaround the activation of MTD. Each generator’s output is au-tomatically adjusted by the primary and secondary frequencycontrols. Since the loads are steady, the total generation is

equal to the total load and the frequency is at the nominalvalue. Under the dc model, the line loss is always zero.Therefore, after MTD, the balance between generation andload remains and the frequency is still at the nominal value.Thus, each generator’s output will not be adjusted and the buspower injections remain unchanged.

As H′ is non-singular, if there exists x′′ satisfying Hx =H′x′′, the x′′ is unique and must be the system state afterexecuting MTD H′. As an example, in Case 2 of Table II, theMTD is H′ =

[−20.89 00 −16.65

17.19 −17.19

]. There exists x′′ =

[−2.94−0.85

],

such that Hx = H′x′′. Thus, H′ is a PFI-MTD and the systemstate becomes x′′ after MTD. In addition, this MTD is stealthyto the attackers because r̄ = 0 as shown in the table.

Now, we show that PFI-MTD is equivalent to hidden MTD.

Proposition 1. An MTD is a hidden MTD if and only if it isa PFI-MTD.

Proof. (Sufficiency) For a PFI-MTD H′, z = z′. From z =Hx, the estimation residual computed by the attackers, i.e.,r̄ = ‖z′ −H(HTH)−1HT z′‖2 = ‖z−H(HTH)−1HT z‖2 =‖z−Hx‖2 = 0. Thus, H′ is a hidden MTD.

(Necessity) For a hidden MTD H′, r̄ = ‖z′ −H(HTH)−1HT z′‖2 = 0. Thus, we have z′ = Hx′′, wherex′′ ∈ Rn. Moreover, from z′ = H′x′, we have H′x′ =Hx′′. Since the bus power injections remain unchangedright after the MTD, we have p = Bx = B′x′. FromH′x′ = Hx′′, we have pi = B′ix

′ =∑∀j,(i,j)∈K H′ijx

′ =∑∀j,(i,j)∈K Hijx

′′ = Bix′′. Thus, p = Bx′′ = Bx. As B is

non-singular, we have x′′ = x. Thus, z′ = H′x′ = Hx′′ =Hx = z, i.e., H′ is a PFI-MTD.

B. Construction of Hidden MTD

From Lemma 1 and Proposition 1, the construction ofhidden MTD is to find an H′ that satisfies Hx = H′x′′. Thissection presents an approach to constructing such an H′ andanalyzes a basic feasibility condition of hidden MTD when asubset of lines are D-FACTS-equipped.

Our approach firstly defines the system state after MTD(i.e., x′′) and then computes the new line susceptance b′ij usingzij = −bij(xi − xj) = −b′ij(x′′i − x′′j ) since the power flowshould remain unchanged. In addition, b′ij must be within thesusceptance limits, i.e., bminij ≤ b′ij ≤ bmaxij . We now considertwo cases. For a line (i, j), if its power flow is zero (i.e.,−bij(xi − xj) = 0), xi − xj = x′′i − x′′j = 0 and the newsusceptance b′ij can be arbitrarily chosen from [bminij , bmaxij ].If its power flow is non-zero, (x′′i −x′′j ) needs to be non-zero.Thus, b′ij = bij

xi−xj

x′′i −x′′j. To ensure bminij ≤ b′ij ≤ bmaxij , x′′i and

7

x′′j must meet bijbminij≤ x′′i −x

′′j

xi−xj≤ bij

bmaxij

. We now summarizethe constraints that x′′ and b′ij need to satisfy as follows:

bijbminij

≤x′′i − x′′jxi − xj

≤ bijbmaxij

, if xi 6= xj , (i, j) ∈ K;

x′′i = x′′j , if xi = xj , (i, j) ∈ K.

(1)

b′ij = bij

xi − xjx′′i − x′′j

, if xi 6= xj , (i, j) ∈ K;

bminij ≤ b′ij ≤ bmaxij , if xi = xj , (i, j) ∈ K.

(2)

If some transmission lines are not equipped with D-FACTSdevices, the above two constraints may not be satisfied, i.e.,a PFI-MTD may not exist. The condition for the existence ofPFI-MTD is given by the following proposition.

Proposition 2. Denote by H̃ the immutable part of H, i.e., H̃consists of the H’s rows corresponding to all the lines withno D-FACTS devices. If each element of z is non-zero, a PFI-MTD exists if and only if rank(H̃) < rank(H).

Proof. (Sufficiency) Suppose z̃ = H̃x̃, where z̃ consists of thez’s elements corresponding to the rows in H̃, and x̃ ∈ Rn.By denoting s = rank(H) − rank(H̃), we have x̃ = x +∑

1≤l≤s wl · ul, where the vectors ul ∈ Rn, 1 ≤ l ≤ s, are abasis of the kernel of H̃ and wl ∈ R is arbitrary. Thus, wheneach element of z is non-zero, there always exists a groupof wl, 1 ≤ l ≤ s, such that x̃ 6= x, and x̃ is subject to theconstraint in (1). Thus, we find a PFI-MTD H′ different fromoriginal measurement matrix H.

(Necessity) Suppose rank(H̃) = rank(H), i.e., H̃ has fullcolumn rank, then x = (H̃T H̃)−1H̃T z̃. If there exists a PFI-MTD H′, we have z′ = z. Then, z̃′ = z̃, where z̃′ consistsof z′’s elements corresponding to the elements in z̃. Note thatH̃ is the immutable part of H, i.e., the corresponding part inH′ is also H̃. Then, x′ = (H̃T H̃)−1H̃T z̃′. Thus, we havex′ = x. From (2) and each element of z is non-zero, we havebij = b′ij , ∀(i, j) ∈ K, i.e., H′ = H. In other words, the powerflow is invariant unless without MTD, which contradicts theassumption that a PFI-MTD exists.

In fact, the sufficiency proof of Proposition 2 encompassesa method to construct the PFI-MTD. Algorithm 1 gives thepseudocode of this method.

We now use Case 3 in Table II to illustrate, where only twolines of the 3-bus system in Fig. 1 are equipped with D-FACTSdevices. We have H̃ =

[0 −17.48

]. As rank(H̃) = 1 <

rank(H), we have x̃ = x+w1

[1 0]T

. By setting w1 = 0.16, x̃

meets the constraint in (1). Thus, x′′ = x̃ =[−2.94 −0.81

]T.

Then, we can compute the susceptances using (2). The tablegives the corresponding susceptance perturbations. Note thatfor Case 1 in Table II, KD = {(1, 2)} and H̃ =

[0 −17.48

15.72 −15.72

].

As rank(H̃) = rank(H), there does not exist a PFI-MTD.We now discuss the impact of noisy measurements and

load changes on the construction of hidden MTD. When themeasurements are noiseless, the x̂ obtained from Line 1 ofAlgorithm 1 is exactly the actual state x, i.e., x̂ = x. In thiscase, the MTD constructed by Algorithm 1 ensures invariantpower flows and is thus hidden. When the measurements

Algorithm 1 Method to compute a PFI-MTD.Input: z, H, KD , bmin

ij , bmaxij , for any line (i, j)

Output: a PFI-MTD H′

1: x̂ = (HTH)−1HT z2: construct H̃ from the H’s rows corresponding to all the transmission

lines not in KD

3: if rank(H̃) == rank(H) then4: return null5: end if6: s = rank(H)− rank(H̃)7: compute ul ∈ Rn, 1 ≤ l ≤ s, i.e., the kernel bases of H̃8: randomly generate a set of wl ∈ R, 1 ≤ l ≤ s, such that x′′ meets (1),

where x′′ = x̂ +∑

1≤l≤r wl · ul

9: compute H′ using x′′ from (2)10: return H′

contain noises, x̂ given by Line 1 will be slightly differentfrom x. As a result, the MTD constructed by Algorithm 1may lead to small changes of power flows. Thus, the MTDmay not be stealthy, depending on the non-zero BDD thresholdchosen by the attackers to reduce the false alarm rate. Thus,the attackers also face a trade-off between the false negativeand positive rates in choosing the threshold. The impact ofthe load changes is similar to that of measurement noises.In Section VIII-A, we will evaluate their impacts throughsimulations.

C. Hidden MTD under Ac Model

This section presents the approach to constructing hiddenMTD under the ac model that captures both the line loss andreactive power flows. The measurement vector z consists ofthe active and reactive power flows measured at the two endsof each line. The system state consists of voltage magnitudes(denoted by v) and voltage phases (denoted by θ). We adopt abranch model [39] illustrated in Fig. 2, which simultaneouslycaptures the electrical characteristics of a transmission line anda transformer. Specifically, the transmission line is modeled asa standard π line with series admittance gij + jbij and totalcharging susceptance yij . We note that gij + jbij = 1

rij+jXij,

for all (i, j) ∈ K, where rij + jXij denotes the impedance ofthe line (i, j). The transformer with a tap ratio magnitude ofτij is located at the from end of the branch. Under the abovebranch model, the network power flows are given by z =h(v,θ, r,X ,y, τ ), where r, X , y and τ represent the vectorsof line resistance, line reactance, total charging susceptance,and tap ratio, respectively. Specifically,

pij = 1τ2ijv2i gij − 1

τijvivjbijsinθij − 1

τijvivjgijcosθij ,

pji = v2j gij + 1

τijvivjbijsinθij − 1

τijvivjgijcosθij ,

qij =− 1τ2ijv2i (bij+yij)+ 1

τijvivjbijcosθij− 1

τijvivjgijsinθij ,

qji = −v2j (bij + yij) + 1

τijvivjbijcosθij + 1

τijvivjgijsinθij ,

where pij and qij denote the active and reactive line flows ofline (i, j) measured at bus i, respectively; vi and θi representthe ith element of v and θ, respectively, and θij = θi − θj .

We construct the PFI-MTD as follows. First, we choosethe targeted voltage phases after MTD, which are denotedby θ̊. Then, we use Newton’s method to solve the nonlinearequations system h(v,θ, r,X ,y, τ ) = h(v, θ̊, r′,X ′,y′, τ ′)to obtain the new four line parameters after MTD, i.e., r′, X ′,

8

bus jbus i

Fig. 2. Branch model.

G1

bus1

bus3

bus2

G4

bus4

Fig. 3. 4-bus system (n = 3, m = 6).

y′, and τ ′. Thus, after applying these new line parameters,the system state will change to 〈v, θ̊〉 and the power flowsremain unchanged. Compared with the PFI-MTD under thedc model that adjusts a single line parameter (i.e., reactance),the PFI-MTD under the ac model adjusts four line parametersto maintain the active and reactive power flows at the twoends of each line unchanged. Note that we maintain thevoltage magnitude v to ensure voltage stability. The Newton’smethod can start from the original line parameters for quickconvergence. We have applied the above MTD constructionalgorithm to the IEEE 14-bus test system and show that theresulted MTD can maintain the active and reactive power flowsat the two ends of each line. This result can be found inAppendix A in the supplementary file of this paper.1

In practice, the D-FACTS devices may not support changingall the four line parameters. We now discuss an approach tomitigate this potential limitation using an example situationwhere the D-FACTS device can only perturb the line reactanceX . Due to the limited degree of freedom, the equations systemh(v,θ, r,X ,y, τ ) = h(v, θ̊, r,X ′,y, τ ) generally has noexact solutions. Instead, the new line reactance X ′ is chosento minimize the power flow changes:

X ′=arg minX ′

∥∥∥h(v,θ, r,X ,y, τ )−h(v, θ̊, r,X ′,y, τ )∥∥∥

2.

We call the MTD that perturbs the lines’ reactance only byfollowing the above result as constrained PFI-MTD. Whenh(v,θ, r,X ,y, τ ) 6= h(v, θ̊, r,X ′,y, τ ), the system stateafter MTD, i.e., 〈v′,θ′〉, is not exactly equal to 〈v, θ̊〉 and thepower flows will change after applying the new line parameterX ′. We have applied the above approach to the IEEE 14-bustest system. The resulted MTD can maintain the active powerflows nearly unchanged. The details of this numeric examplecan be found in Appendix B in the supplementary file of thispaper.

VI. COMPLETENESS OF MTD

This section analyzes the completeness of MTD in termsof attack space under the dc model. Then, we analyze a classof highly structured FDI attacks against incomplete MTD andpropose an approach to enhancing incomplete MTD. Lastly,we discuss the taxonomy of the MTDs analyzed in this paper.

A. Complete and Incomplete MTDs

The attackers cannot detect the activation of a hidden MTD.Thus, they will launch the FDI attack crafted based on their

1Due to space limitations, all appendixes are omitted and can be found inthe supplementary file of this paper.

old knowledge H. This section studies the possibility for theattack to bypass the hidden MTD H′ using the concepts ofattack space and completeness of MTD. We define these twoconcepts for the general MTD as follows.

Definition 3. The attack space of an MTD is col(H)∩col(H′).

Definition 4. If an MTD gives an attack space of {0}, it iscomplete; otherwise, it is incomplete and the dimension of itsattack space is called degree of incompleteness (DoI).

If an attack belongs to the attack space of an incompleteMTD, it cannot be detected by the MTD. As the attackersmay randomly choose a vector c to construct the attack asa = Hc, the DoI indicates the chance that the attack canbypass the incomplete MTD. On the other hand, there doesnot exist an attack that can bypass a complete MTD.

Complete MTDs exist. For instance, for a 4-bus systemin Fig. 3 with Bus 1 as the reference bus, the originalline susceptance values are b12 = −19.84, b13 = −26.88,b24 =−26.88, b34 =−15.72, b14 =−23.09, b23 =−17.42. Foran MTD H′ with susceptance perturbations of ∆b12 =−0.99,∆b13 = 0.80, ∆b24 = 0.98, ∆b34 = 0, ∆b14 = 0, ∆b23 = 0, wecan verify that col(H)∩col(H′) = {0}. Thus, H′ is complete.

Proposition 3. For a given system with n system states andm transmission lines, a complete MTD exists only if m ≥ 2n.

Proof. We use dim(·) to denote the dimension of aspace. Thus, dim (col(H) ∩ col(H′)) = dim(col(H)) +dim(col(H′)) − dim(col(H) ∪ col(H′)) = rank(H) +rank(H′) − rank([H H′]). Since rank(H) = rank(H′) = nand rank([H H′]) ≤ min(m, 2n), we have dim(col(H) ∩col(H′)) ≥ 2n − min(m, 2n). For a complete MTD H′,col(H) ∩ col(H′) = {0}, i.e., dim(col(H) ∩ col(H′)) = 0.Thus, min(m, 2n) ≥ 2n and m ≥ 2n.

The 4-bus system in Fig. 3 satisfies the necessary conditionfor complete MTD given by Proposition 3. However, only oneout of totally 38 test systems contained in the MATPOWERpackage [39] satisfies the condition. The details of eight IEEEtest systems are given in Appendix C in the supplementaryfile of this paper. Note that most real-world power grids havelow degrees of connectivity (i.e., small m values) for the sakeof high costs in deploying transmission lines. Thus, completeMTD may not be implementable in real-world power grids.Nevertheless, as the attackers do not know H′, the chance forthat their attacks happen to bypass an incomplete MTD is low.

Proposition 4. Any hidden MTD is incomplete.

Proof. From Lemma 1 and Proposition 1, for any hidden MTDH′, ∃x′′ such that Hx = H′x′′. Thus, an attack a = Hx ∈col(H) also belongs to col(H′), since ∃x′′ such that a =Hx = H′x′′. As a 6= 0, H′ is incomplete.

Proposition 4 suggests that the objectives of achievinghidden MTD and complete MTD are conflicting. If a completeMTD is applied, although the defenders are sure that any attackconstructed based on the old measurement matrix H must bedetected, alert attackers must be able to detect the activation ofthe complete MTD, which motivates them to cancel the FDI

9

attacks and launch further data exfiltration attacks to obtainH′. On the other hand, if a hidden MTD is applied, there isalways a possibility that the FDI attack happens to bypass theMTD.

We now discuss the impacts of measurement noises andload changes on a complete MTD. To deal with measurementnoises, a positive η is needed to reduce BDD’s false alarmrates. Thus, the FDI attacks with small magnitudes may bypassa complete MTD designed under the assumption of noiselessmeasurements. Besides, according to Definition 3 and 4, thecompleteness of MTD is related to the measurement matrixH and H′. Since the measurement matrix encompasses boththe system topology and the susceptances of all lines, thecompleteness of MTD is independent of the load changes.

B. Enhancing Incomplete MTD

This section analyzes a class of highly structured FDIattacks against incomplete MTD and proposes an approachto enhancing incomplete MTD. First, we restate a concept ofcritical set that is related to attack detection.

Definition 5 ([40]). A subset of lines KC is a critical set ifremoving H’s rows corresponding to all the lines in KC de-creases H’s rank, whereas removing H’s rows correspondingto all the lines in any strict subset of KC does not.

Note that a system can have multiple critical sets. Thestudies [7], [40] showed that an FDI attack can bypass BDDwhen KA contains at least one critical set, where KA is theset of the transmission lines under attack. Thus, a critical setKC is said to be uncovered by MTD if KC∩KD = ∅, whereKD is the set of D-FACTS-equipped lines. Now, we describea class of structured attacks against incomplete MTD.

Proposition 5. For a given KD, if KA is the union of theuncovered critical sets, any MTD cannot detect the attack.

Proof. Since KA is the union of uncovered critical sets, KA∩KD = ∅. We prove by contradiction. Suppose that an FDIattack a is detected by an MTD H′ when KA ∩ KD = ∅.For a = Hc, we have aij = −bij(ci − cj), ∀(i, j) ∈ K,where ci is the ith element of c. From KA ∩KD = ∅, wehave aij = 0 and ci − cj = 0, ∀(i, j) ∈ KD. Therefore,0 = aij = −b′ij(ci−cj) = H′ijc, ∀(i, j) ∈ KD. Moreover, thesusceptances of the lines not belonging to KD are immutable,that is, Hij = H′ij , ∀(i, j) /∈ KD. Thus, aij = Hijc = H′ijc,∀(i, j) /∈ KD. Then, we have a = H′c. Therefore, the attacka is undetected, which contradicts the supposition.

We now use Case 1 in Table II to illustrate the above result,where KD = {(1, 2)}. The 3-bus system contains three crit-ical sets: {(1, 2), (1, 3)}, {(1, 2), (2, 3)}, {(1, 3), (2, 3)}. Thecritical set {(1, 3), (2, 3)} is uncovered. Under the structuredattack, i.e., a = H

[0 ε]T

, where H has been given inSection IV-B and ε ∈ R is arbitrary, the residual computedby the defender is always zero. Thus, the attack is undetected.

To launch the structured attacks, the attackers need KD tocompute all uncovered critical sets and then decide KA. Theattackers can launch data exfiltration attacks to obtain KD orinfer KD by observing the historical H matrices.

Complete MTDIncomplete MTD

Hidden MTD

Enhanced MTD

Fig. 4. Relationships between various MTDs studied in this paper.

To defend against the structured attacks, we may enhanceMTD by deploying D-FACTS devices such that all criticalsets are covered by MTD. Such MTD is called enhancedMTD. It can be easily proved that enhanced MTD requiresrank(HD) = n, where HD consists of H’s rows correspond-ing to all the lines in KD. Now, we use Case 3 in Table II toillustrate this result, where KD = {(1, 2), (2, 3)}. The threecritical sets are covered. Thus, the MTD is an enhanced MTD.

C. MTD Taxonomy

Fig. 4 illustrates the relationships between the MTD strate-gies studied in this paper. Any MTD is either complete orincomplete. From Proposition 4, hidden MTD is a subset ofincomplete MTD. Since any complete MTD must be ableto detect the structured attack analyzed in Section VI-B,complete MTD is a subset of enhanced MTD. Note that, as thehidden MTD can also be enhanced by following the D-FACTSdeployment strategy proposed in Section VI-B, in Fig. 4,hidden MTD and enhanced MTD intersect. As discussed inSection VI-A, complete MTD may not be realizable in practicebecause of limited transmission lines. Thus, enhanced hiddenMTD is a desirable defense strategy.

VII. OPERATIONAL COST OF MTD

The MTD’s operational cost is defined as the differencebetween the power system’s generation costs before and afterMTD. We assume that the system operates at the security-constrained optimal power flow (SCOPF) operation pointbefore MTD. Denote by C0 the generation cost under SCOPF.Right after MTD, the primary and secondary frequency con-trols will take effect. Denote by C1 the total generation costafter the convergence of the frequency controls. Then, thesystem can redispatch the generations to achieve SCOPF.Denote by C2 the total generation cost after the generationredispatch. This section discusses the relationships betweenC0, C1 and C2 under the PFI-MTD and arbitrary MTD,respectively. We separately consider the dc and ac models asfollow. Table III summaries the analysis results.

A. Dc Model

As discussed in Remark 1, under the dc model that assumeszero line loss, the generators’ power outputs will not beadjusted by the frequency controls because the MTD will notaffect the already established balance between generation andload. Therefore, for both the arbitrary MTD and PFI-MTD,C0 = C1. For PFI-MTD, the power flows remain unchangedafter MTD. Thus, C1 = C2. For arbitrary MTD, we considertwo cases:• Case A: The power system has no congested line (i.e., the

power flow through each line is under the line capacity)

10

TABLE IIISUMMARY OF MTD’S OPERATIONAL COST

Model MTD Type Operational cost

dcPFI-MTD C0 = C1 = C2

arbitrary MTD (no congestion before MTD) C0 = C1 ≤ C2

arbitrary MTD (congestion before MTD) C0 = C1 ≶ C2

ac PFI-MTD C0 = C1 ≥ C2

arbitrary MTD C0 ≶ C1 ≶ C2

before arbitrary MTD. If the power flows through all linesdo not exceed the line capacities right after the arbitraryMTD, the generators’ outputs will not be adjusted bythe SCOPF operation and C1 = C2; If the power flowthrough any line exceeds the line capacity right after ar-bitrary MTD, the total generation cost will increase afterthe SCOPF-based generation redispatch, i.e., C1 < C2.

• Case B: The power system has a congested line beforethe arbitrary MTD. If the power flow through this linebecomes larger than the line capacity after MTD, thegeneration cost will increase after the SCOPF-basedgeneration redispatch, i.e., C1 < C2; If the power flowthrough this line decreases and the line is no longer con-gested, the generation cost will decrease, i.e., C1 > C2. Insummary, the relationship between C1 and C2 depends onthe power flows after the arbitrary MTD. We use C1 ≶ C2

to denote these two possibilities.

B. Ac Model

Under the ac model, the line loss should be considered.We first consider the PFI-MTD. Since the power flows andgenerators’ power outputs remain unchanged right after PFI-MTD, we have C0 = C1. As all the controlled power systemvariables (including all the generators’ power outputs andthe power flows through all the lines) before and right afterMTD must satisfy the SCOPF’s constraints, the current valueof generators’ power outputs is a feasible solution underthe security constraints. Thus, the total generation cost willnot increase after the SCOPF-based generation redispatch. Inparticular, the generation cost may decrease since the lineresistance will be changed by the MTD (see Section V-C),i.e., C1 ≥ C2. In summary, for PFI-MTD, C0 = C1 ≥ C2.

Then, we consider the arbitrary MTD. After the arbitraryMTD, the line loss may increase or decrease and the gener-ation will accordingly increase or decrease by the frequencycontrols. Thus, we have C0 ≶ C1. We now consider two casesfor the relationship between C1 and C2.• Case A: For the power system has no congested line

before arbitrary MTD, if all the controlled power systemvariables satisfy the SCOPF’s constraints right after thearbitrary MTD, similar to the analysis of the PFI-MTDunder the ac model, we have C1 ≥ C2; if any controlledvariable is beyond the security constraints, the generatorcost may increase, i.e., C1 ≤ C2. In summary, C1 ≶ C2.

• Case B: For the power system with a congested linebefore the arbitrary MTD, similar to the analysis of thearbitrary MTD under the dc model, we have C1 ≶ C2.

C. Numerical Results

Now we use the 3-bus system shown in Fig. 1 as an exampleto illustrate. We impose the following constraints: Generator’soutput limit is 0 ≤ pgi ≤ 500 MW, i = 1 or 3; transmissionline capacity is |zij | ≤ 100 MW, (i, j) ∈ K. The generators’cost functions are costg1 = 0.05p2

g1 + 1.2pg1 + 600 $/hr andcostg3 = 0.11p2

g3 + 5pg3 + 300 $/hr. The loads before MTDare pd1 = 50 MW, pd2 = 170 MW, pd3 = 280 MW. Therefore,we can compute the power flows, generators’ outputs and thetotal generation cost under SCOPF, which are given in thefirst row of Table IV. Note that we use the superscript {·}′∗to denote SCOPF operation point after MTD. The line (1, 2)is congested. The result of PFI-MTD is given in Case 1 of thetable. We can see that C0 = C1 = C2. The results of arbitraryMTD are given in Case 2 and 3 of the table, which correspondto the two situations in Case B in Section VII-A. In Case 2,the power flow through the line (1, 2) is larger than the linecapacity right after MTD, and we can see that C0 = C1 < C2.In Case 3, the power flow through line (1, 2) decreases, andwe can see that C0 = C1 > C2. These results are consistentwith our analysis in Section VII-A.

VIII. SIMULATIONS

We conduct simulations using MATPOWER [39] based onthe IEEE 14-bus system model, which consists of 14 buses(n = 13) and 20 transmission lines (m = 20).

A. Impact of Measurement Noises and Variable Loads

Our analysis assumes noiseless measurements and steadyloads. Here, we evaluate the impact of measurement noisesand variable loads on hidden MTD and arbitrary MTD. In thesimulations, all the lines are equipped with D-FACTS devices.We use the probability for MTD to be stealthy to the attackersand attack detection probability as the evaluation metrics.

Fig. 5 shows the probability for MTD to be stealthy to theattackers under different MTD magnitudes and steady loads.For an MTD magnitude of qm, we set bminij = (1 + qm) ·bij and bmaxij = bij/(1 + qm). Note that bij is negative. Inother words, for a larger MTD magnitude, the line susceptancecan be chosen from a larger range, which requires more linesusceptance adjusting capability. In practice, 0.2 is a typicalsetting for qm and 0.9 is achievable [41]. Thus, we vary qmfrom 0.1 to 1. The measurement noises are sampled from thenormal distribution N (0, σ2). For the noiseless case (i.e., σ =0), the PFI-MTD is always stealthy to the attackers, which isconsistent with our analysis. For the noisy case, the PFI-MTDconstructed based on an imperfect system state estimate maynot maintain the power flows exactly. Thus, it may be detectedby the attackers (with a probability of less than 10% as shownin Fig. 5). The arbitrary MTD can be always detected by theattackers.

Fig. 6 shows the probability for PFI-MTD to be stealthy tothe attackers under different load change magnitudes. For aload change magnitude qd, the load when the attackers try todetect MTD is randomly selected between 1/(1+qd) and (1+qd) times of the original load. From the figure, the probabilityof being stealthy decreases with the magnitude of load change,

11

TABLE IVMTD’S OPERATIONAL COST OF SEVERAL MTD APPROACHES ON THE 3-BUS SYSTEM.

Case ∆b12 ∆b13 ∆b23 z′12 z′13 z′23 p′g1 p′g3 C1 z′∗12 z′∗13 z′∗23 p′∗g1 p′∗g3 C2

Original -100.00 -10.28 70.00 160.3 339.7 16770.50Case 1 -1.04 0.83 -1.06 -100.00 -10.28 70.00 160.3 339.7 16770.50 -100.00 -10.28 70.00 160.3 339.7 16770.50Case 2 -1.26 0 0 -101.78 -8.50 68.22 160.3 339.7 16770.50 -100.00 -5.03 70.00 155.0 345.0 17102.76Case 3 1.11 0 0 -98.28 -12.00 71.72 160.3 339.7 16770.50 -100.00 -15.52 70.00 165.5 334.5 16447.05

*Power quantifies in MW; line susceptance quantifies in p.u.; phase quantifies in deg; cost quantifies in $/hr.

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1Magnitude of MTD

00.10.20.30.40.50.60.70.80.9

1

Prob

abili

ty o

f be

ing

stea

lthy

PFI σ=0PFI σ=0.1ARB σ=0ARB σ=0.1

Fig. 5. PFI-MTD vs. arbitrary MTD (ARB) andimpact of noises.

0.02 0.04 0.06 0.08 0.1 0.12 0.14 0.16 0.18 0.2Magnitude of load change

00.10.20.30.40.50.60.70.80.9

1

Prob

abili

ty o

f be

ing

stea

lthy

PFI σ=0.05PFI σ=0.1ARB σ=0.05ARB σ=0.1

Fig. 6. Impact of variable loads and noises on PFI-MTD.

0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1Magnitude of MTD

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

Atta

ck d

etec

tion

prob

abili

ty

PFI σ=0PFI σ=0.1ARB σ=0ARB σ=0.1

Fig. 7. Attack detection probability of PFI-MTDand arbitrary MTD.

6

7

8

9

10

11

12

13

5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Deg

ree

of in

com

plet

enes

s

Number of D-FACTS

PFIARB

Fig. 8. DoI vs. ‖KD‖.

1

10

100

5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Unc

over

ed c

ritic

al s

et

Number of D-FACTS

PFIARB

Fig. 9. Number of uncovered critical sets vs. ‖KD‖.

because the changed load will lead to power flow changes,making the MTD detectable by the attackers. This implies thatthe PFI-MTD should be performed frequently enough suchthat the load will not change too much from the last PFI-MTD.From the figure, a higher noise level leads to higher MTD’sstealthiness probability. This is because, for a higher noiselevel, the BDD should tolerate more deviations between themeasured and estimated power flows to ensure a certain falsealarm rate, which, however, reduces the attackers’ capabilityin detecting MTD. The arbitrary MTD can be always detectedby the attackers.

Fig. 7 shows the MTD’s attack detection probability underdifferent MTD magnitudes. The magnitude of load change isfixed at 0.1. We construct the attack as follows. We choose avector c and then compute the attack vector a from a = Hc.The c’s elements are sampled from the uniform distributionU(−d2 ,

d2 ), where d characterizes the magnitude of attack. In

this experiment, we set d = 0.01. For the noiseless case, thePFI-MTD and arbitrary MTD can always detect the attack. Forthe noisy case, the attack detection probability drops, whichis consistent with intuition. In particular, PFI-MTD performsworse than the arbitrary MTD when the MTD magnitude islow. This is because, PFI-MTD needs to satisfy additional con-straints to maintain power flows, which reduces its detectioncapability. However, the performance gap between PFI-MTDand arbitrary MTD diminishes for larger MTD magnitudes.The result in Fig. 7 suggests that, to implement the hiddenMTD for stealthiness to attackers, more line susceptanceadjusting capability is needed to achieve a certain level of

attack detection probability, compared with the arbitrary MTD.

B. Incompleteness and Uncovered Critical Sets

This section evaluates the DoI and the number of uncoveredcritical sets of the hidden MTD and arbitrary MTD. Fig. 8shows the DoI under different numbers of D-FACTS-equippedlines (denoted by ‖KD‖). Given ‖KD‖, we enumerate allpossible D-FACTS deployments. The error bars show themaximum and minimum of DoI. From the figure, the globalminimum of DoI is 6, which is consistent with our analyticresult of 2n − min(m, 2n). The DoI decreases with ‖KD‖.For arbitrary MTD, the DoI is no less than n − ‖KD‖.PFI-MTD generally yields higher DoI, because it needs tosatisfy additional constraints to maintain power flows. Thedifference between the minimum DoIs achieved by PFI-MTDand arbitrary MTD diminishes when ‖KD‖ is larger than 8.This suggests that by carefully deploying D-FACTS devices,hidden MTD can achieve similar (or even the same) DoI asthe arbitrary MTD.

The IEEE 14-bus system has totally 115 critical sets. Fig. 9shows the error bars for the number of uncovered critical sets.The Y-axis is in logarithmic scale. (In the figure, we use 0.8to represent the logarithm of 0.) The number of uncoveredcritical sets decreases with ‖KD‖. PFI-MTD generally leadsto more uncovered critical sets, because the susceptances ofseveral D-FACTS-equipped lines may not be modifiable tomaintain power flows. From the figure, when ‖KD‖ = 13(i.e., rank(HD) = n), there are 3909 and 485 instances ofD-FACTS deployments to achieve enhanced MTD (i.e., the

12

0

0.2

0.4

0.6

0.8

1

0 0.2 0.4 0.6 0.8 1

Tru

e po

sitiv

e ra

te

False positive rate

Defender No MTDDefender Under MTD

Attacker BDD

Fig. 10. ROC curves when defendersadopt dc and attackers adopt ac model.

0

0.2

0.4

0.6

0.8

1

0 0.2 0.4 0.6 0.8 1

Tru

e po

sitiv

e ra

te

False positive rate

Defender No MTDDefender Under MTD

Attacker BDD

Fig. 11. ROC curves when defendersadopt ac and attackers adopt dc model.

number of uncovered critical sets is zero). When ‖KD‖ < 13,there is no D-FACTS deployments to achieve enhanced MTD.This is consistent with our analysis in Section VI-B.

C. Different Power Flow Models Adopted by Defenders andAttackers

This section discusses the effectiveness of PFI-MTD whenthe defenders and attackers adopt different power flow models.Note that the defenders adopt the power flow model toconstruct PFI-MTD and detect the attacks; the attackers adoptthe model to construct the FDI attacks and detect the activationof MTD. We assume that the power flows in the real systemcan be characterized by the ac power flow model. We adoptthe following settings: the MTD magnitude qm = 0.5; the loadchange rate qd = 0; the noise’s standard deviation σ = 0.1;the attack magnitude d = 0.01. We consider the following twocases.

i) The defenders adopt the dc model and the attackersadopt the ac model. Fig. 10 shows the receiver operatingcharacteristic (ROC) curves in this situation. The ROC curveis a graphical plot that illustrates the true positive rate (TPR)against the false positive rate (FPR) at various thresholdsettings. Different points on an ROC curve correspond todifferent detection thresholds η adopted by the defenders orattackers. The TPR is measured as the ratio of the correctpositive detection results over the total number of detectionsmade when the target in question (i.e., the FDI attack orthe activation of PFI-MTD) is actually present. Specifically,TPR = TP

TP+FN , where TP is the number of true positivesand FN is the number of false negatives (i.e., mis-detections).The FPR, on the other hand, is measured as the ratio ofincorrect positive detection results over the total number of de-tections made when the target in question (i.e., the FDI attackor the activation of PFI-MTD) is actually absent. Specifically,FPR = FP

FP+TN , where FP is the number of false positivesand TN is the number of true negatives. The curves labeled“Defender No MTD” and “Defender Under MTD” refer tothe ROC curves for the defenders to detect the FDI attackswhen the PFI-MTD is absent and present, respectively. Thecurve labeled “Attacker BDD” refers to the ROC curve for theattackers to detect the activation of PFI-MTD. Thus, TPR = 1means that there are no false negatives (i.e., no mis-detections)and FPR = 0 means that there are no false positives indetecting the FDI attacks by the defenders or in detecting thePFI-MTD by the attackers. Thus, the (0, 1) point on an ROCcurve implies perfect detection performance. The first and

second curves are the results for the attack detection before andafter MTD, respectively. We can see that the MTD improvesthe defenders’ attack detection performance. However, the twoROC curves are close to each other because the discrepancybetween the defenders’ dc model and the actual system model(i.e., the ac model) is the dominating factor for the inaccuracyof the attack detection. The third curve is the ROC of theattackers’ BDD in detecting the PFI-MTD activations. Sincethe ROC curve nearly passes through the (0, 1) point, the PFI-MTD constructed from the dc model will be always detectedby the attackers who adopt the ac model and appropriatelyselect the detection threshold. Note that, in our evaluation, weassume that the actual power flows are characterized by the acmodel. Thus, the PFI-MTD constructed from the dc model thatapproximates the actual power flows is inaccurate and can bedetected by the attackers who adopt the accurate ac model. Inaddition, the selection of the detection threshold under the acmodel is similar to that under the dc model in Section III-A.Specifically, the threshold η under the ac model can be set tobe σ

√χ2

(m−n),α to ensure a false alarm rate of (1−α), wherem denotes the number of sensor measurements and n denotesthe number of system states.

ii) The defenders adopt the ac model and the attackersadopt the dc model. Fig. 11 shows the ROC curves in thissituation. The first and second curves are the results for theattack detection before and after MTD, respectively. We cansee that the FDI attack constructed by the dc model can bealways detected when the defenders adopt the ac model. Thethird curve is the ROC of the attackers’ BDD in detectingthe PFI-MTD activations. From the ROC curve, the attacker’sdetection performance is poor. For instance, when the falsepositive rate is 0.5, the true positive rate is also about 0.5.This is also caused by the discrepancy between the attackers’dc model and the actual ac model.

Moreover, when both the attackers and defenders adoptthe dc model, the performance of the defenders’ BDD indetecting FDI attacks and the attackers’ BDD in detectingthe PFI-MTD activations is not high, which is also causedby the discrepancy between the adopted dc model and theactual ac model. Specifically, for any detection threshold η, thedefenders’ detector cannot achieve a high TPR and a low FPRsimultaneously. Note that in the numerical results presented inprevious sections, we assume that the power flows in the realsystem can be characterized by the dc model. When both theattackers and defenders adopt the ac model, the FDI attackscan be detected reliably by the defenders’ BDD after MTDand the PFI-MTD cannot be detected by the attackers’ BDD.

Table V summarizes the effectiveness of the BDD, MTD,and PFI-MTD from the perspective of the attackers, when thedefenders and attackers adopt different power flow models.From the table, if the defenders adopt the dc model, theattackers can succeed for sure or with some probability whenthey adopt the ac and dc models, respectively; if the defendersadopt the ac model to design MTD, the attackers cannotsucceed no matter which power flow model they use. Thus,the ac model is a better choice for the defenders. In addition,if the defenders adopt the dc model, by adopting the ac

13

TABLE VEFFECTIVENESS OF BDD, MTD, AND PFI-MTD FROM THE ATTACKERS’PERSPECTIVE WHEN THE ATTACKERS AND DEFENDERS ADOPT DIFFERENT

POWER FLOW MODELS.

Power flow model Bypass BDDwithout MTD

Bypass BDDwith MTD

DetectPFI-MTDActual Defenders Attackers

ac

dc ac X X Xac dc × × ×dc dc X uncertain∗ uncertainac ac X × ×

∗ The ‘uncertain’ means that the defenders’ detector cannot achieve a highTPR and a low FPR simultaneously.

model, the attackers can always succeed; if the defendersadopt the ac model, by adopting the ac model, the attackerscan at least bypass the BDD without MTD. In summary,the ac model is more advantageous than the dc model forthe attackers. However, considering that the dc power flowanalysis is faster and more robust than the ac power flowanalysis, both the attackers and defenders face the trade-off between (i) attack/MTD detection performance and (ii)overheads in the implementation, computation, and reliabilityof the detection algorithms.

IX. DISCUSSIONS

A. System Settings

Based on the above simulation results, we now discuss thesettings of several important system parameters.

1) MTD’s execution cycle: In Section III-B, we require thatthe MTD’s execution cycle T should be no longer than theattackers’ model learning time Ta. In Section VIII-A, we foundthrough simulations that the PFI-MTD should be performedfrequently enough to ensure MTD’s stealthiness. In summary,we require T ≤ min(Ta, Tl), where Tl denotes the maximumnumber of SE periods to ensure MTD’s stealthiness in thepresence of load changes. Now we discuss the settings of Taand Tl, respectively.

According to the attackers’ Capability 1 and 2, the attackerscan eavesdrop on the measurements of the sensors on all thelines and try to learn the new system construction. Now, weconsider two cases.

Case 1: The attackers can identify but cannot locate thesource sensors of the measurements. Thus, no topology infor-mation can be utilized in the power system model learningprocess. We name this process as blind model learning pro-cess. For simplicity of exposition, we assume that the MTD isnot activated. For the noiseless system, from Section III-A, wehave zt = Hxt = HB−1pt. Then, Zt = HB−1Pt, where Ztand Pt respectively consist of the vectors of historical sensormeasurements and bus power injections, i.e., Zt = [z1, ..., zt]and Pt = [p1, ...,pt]. Denote by Z the space of all the possiblesensor measurement vectors, i.e., Z = limt→∞ col(Zt). SinceZ ⊆ col(H), the attackers can construct the stealthy FDIattacks directly through the Hamel base of Z. Denote by uthe number of non-zero injection buses, i.e., the buses thatare connected with at least one generator or load. We haverank(H) = rank(B) = n, and rank(Pt) ≤ u, where n isthe number of buses. Since u ≤ n, we have rank(Zt) ≤ u

and dim(Z) = u. Thus, if the attackers collect the powerflow measurements during more than u SE periods, they cancompute a Hamel base of Z. For the noisy system, to computethe Hamel base of Z, the attackers additionally need the dataduring more SE periods to reduce the influence of systemnoises. We note that for the weak attackers who can obtainread access to a subset of sensor measurements only, theygenerally cannot construct the stealthy FDI attacks throughblind model learning, since they cannot utilize the systemtopology information and thus do not know the correlationamong the sensor measurements. Thus, u is a reference settingfor Ta in this case.

Case 2: The attackers can identify and locate the sourcesensors of the measurements. Thus, the topology informationcan be utilized in the power system model learning process.In this situation, the model learning process can be conductedin several subsystems in parallel. The model learning times inthe subsystems are different, and the attackers can launch localFDI attacks in a subsystem once the model learning processof the subsystem is completed. We leave the detailed analysisof this case for future study.

We set Tl to ensure the stealthiness of PFI-MTD in thepresence of load changes. Note that Tl is related to theload change rate qd. Thus, we firstly select qd by qd =maxqd

(Pr{|r̄(qm, qd, σ)| ≤ η} ≥ β

), where r̄(·) denotes

the residual computed by the attackers, which is a randomvariable due to random PFI-MTD constructed by Algorithm 1,random load change and system noise; the threshold η isselected according to the system noise deviation σ to ensurea certain level of the attackers’ false alarm rate; β denotesa desired probability for the MTD being stealthy. Thus, ifwe can ensure that the load change is within 1/(1 + qd) and(1 + qd) times of the original load, a constructed PFI-MTDwithin the MTD’s magnitude qm can remain stealthy to theattacker with a probability of no less than β. As there is noclosed-form formula for r̄, the qd selection problem can besolved through numeric simulations. Then, we set Tl accordingto qd. Specifically, we set it as the maximum value that ensuresthat the load change rate during Tl SE periods will be no morethan qd.

2) Magnitude of MTD: From the simulations in Sec-tion VIII-A, we found that the magnitude of MTD hassubstantial impact on attack detection probability. Now, wediscuss its setting. We select the MTD’s magnitude by qm =minqm

(Pr{|r(qm, σ, d)| > η} ≥ β

), where r(·) denotes

the residual computed by the defender, which is a randomvariable due to random PFI-MTD constructed by Algorithm 1,random system noise and attack vector; the threshold η isselected according to the system noise deviation σ to ensurea certain level of the defenders’ false alarm rate; β denotes adesired attack detection rate. Thus, if the attackers launch theattacks with the attack magnitude deviation d, a constructedPFI-MTD within the MTD’s magnitude qm can detect theattacks with a probability of no less than β. As there is noclosed-form formula for r, the qm selection problem can besolved through numeric simulations. We note that the setting ofMTD’s magnitude greatly depends on the target power system.For example, for the 14-bus system with σ = 0.1, d = 0.01,

14

and β = 90%, the magnitude of MTD qm should be set as0.4; for the 39-bus system, qm can be set less than 0.2.

B. Attack Identification and Mitigation

On the detection of FDI attacks, it is desirable to iden-tify the attacks, i.e., to identify which sensors have beencompromised (i.e., KA). Then, the impact of the attacksshould be mitigated, or the attacks should be isolated. Notethat the mitigation approach of simply discarding all thecompromised data may make the system unobservable. Wediscuss a possible approach to identify and mitigate the FDIattacks through the MTD approach. The FDI attacks detectedby MTD can be identified through distributed SE proposedin [42], since the residual of BDD based on the normalsensor measurements in the distributed SE will not exceedthe threshold. Now we discuss whether the attack signals andactual measurements can be separated to mitigate the attack.For noiseless system, the power flow model under MTD H′

in the absence of the attack is z′ = H′x′. Then, we have

z′ + a = H′x′ + Hc =[H′ H

] [x′c

]. Therefore, the attack

signal a and actual measurement z′ can be separated whenthe equation system z′ + a =

[H′ H

]xe has a unique

solution, i.e., xe =

[x′

c

], where xe ∈ R2n. Then, we have

rank([H′ H]) = 2n. According to the proof of Proposition 3,we have col(H′) ∩ col(H) = {0}. That is, the attack can bemitigated when H′ is a complete MTD.

X. CONCLUSION AND FUTURE WORK

This paper studies PCF-FDI that tries to detect the activationof MTD before launching an FDI attack. To defend againstPCF-FDI, we propose a hidden MTD approach that maintainsthe power flows and develop an algorithm to construct thehidden MTD. We analyze the completeness of MTD and showthat the stealthiness and completeness are two conflicting goalsin MTD design. Moreover, we propose an approach to enhanc-ing incomplete MTD (including hidden MTD) against a classof highly structured FDI attacks. Finally, we analyze MTD’soperational cost and present numerical results. Simulations areconducted to compare the stealthiness and completeness ofour hidden MTD approach with the existing arbitrary MTDapproach.

We now discuss several issues that can be studied in futurework. First, the relationship between MTD’s operational costand attack detection performance can be studied quantita-tively. The D-FACTS devices are originally used to maintaindesirable power flows and reduce the generation cost. InSection VII, we have performed preliminary and qualitativeanalysis of MTD’s operational cost. In Section VIII-A, wehave conducted simulations to evaluate MTD’s attack de-tection performance. It is interesting to study any trade-offbetween the two aspects such that the defenders can betterschedule the MTD perturbations to achieve a satisfactorybalance. Second, existing industry standards, such as thosefrom International Electrotechnical Commission (IEC) and theCritical Infrastructure Protection (CIP) from North American

Electric Reliability Corporation (NERC), provide guidelinesto enhance smart grid cybersecurity. However, these standardsdo not specifically address open cybersecurity issues, such asthose caused by zero-day vulnerability exploits and the threatsstudied in this paper. Therefore, recommending our approachas an option in these evolving standards can be considered,in order to bring the state-of-the-art research to the practice.Third, besides MTD against FDI attacks on state estimation,it is also interesting to study MTD against FDI attacks onclosed-loop control systems. Detecting FDI attacks on eithersensor or control data in a closed loop has been extensivelystudied. However, detecting FDI attacks on both sensor andcontrol data, which are similar to the Stuxnet attack, has notreceived adequate research. MTD is applied to detect suchStuxnet-like attacks in [43]. In future work, the stealthinessand the completeness of the MTD against Stuxnet-like attackscan be studied.

ACKNOWLEDGMENTS

The authors wish to thank the editors and the anonymousreviewers for providing valuable feedbacks on this work.

REFERENCES

[1] S. Karnouskos, “Stuxnet worm impact on industrial cyber-physicalsystem security,” in IECON, 2011.

[2] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks againststate estimation in electric power grids,” ACM Trans. Info. & Syst.Security, vol. 14, no. 1, 2011.

[3] R. B. Bobba, K. M. Rogers, Q. Wang, H. Khurana, K. Nahrstedt,and T. J. Overbye, “Detecting false data injection attacks on dc stateestimation,” in Workshop on Secure Control Systems, 2010.

[4] J. Kim and L. Tong, “On topology attack of a smart grid: Undetectableattacks and countermeasures,” J-SAC, vol. 31, no. 7, 2013.

[5] L. Yang and F. Li, “Detecting false data injection in smart grid in-network aggregation,” in SmartGridComm, 2013.

[6] X. Yang, J. Lin, W. Yu, P.-M. Moulema, X. Fu, and W. Zhao, “A novelen-route filtering scheme against false data injection attacks in cyber-physical networked systems,” IEEE Trans. Comput., vol. 64, no. 1, 2015.

[7] A. Giani, E. Bitar, M. Garcia, M. McQueen, P. Khargonekar, andK. Poolla, “Smart grid data integrity attacks: characterizations andcountermeasures,” in SmartGridComm, 2011.

[8] K. L. Morrow, E. Heine, K. M. Rogers, R. B. Bobba, and T. J. Overbye,“Topology perturbation for detecting malicious data injection,” in Intl.Conf. Syst. Sci., 2012.

[9] K. R. Davis, K. L. Morrow, R. Bobba, and E. Heine, “Power flow cyberattacks and perturbation-based defense,” in SmartGridComm, 2012.

[10] M. A. Rahman, E. Al-Shaer, and R. B. Bobba, “Moving target defensefor hardening the security of the power system state estimation,” in ACMWorkshop on Moving Target Defense, 2014.

[11] NESCOR, “Electric sector failure scenarios and impact analyses version3.0.” [Online]. Available: http://smartgrid.epri.com/doc/NESCORFailure Scenarios v3 12-11-15.pdf

[12] “Scada cyber attacks double in 2014,” 2014. [Online]. Available:https://www.automationworld.com/scada-attacks-double-2014

[13] R. Khan, P. Maynard, K. Mclaughlin, D. Laverty, and S. Sezer, “Threatanalysis of blackenergy malware for synchrophasor based real-timecontrol and monitoring in smart grid,” in International Symposium forICS & Scada Cyber Security Research, 2016, pp. 1–11.

[14] J. Leyden, “Polish teen derails tram after hacking train network,” TheRegister, vol. 11, 2008.

[15] M. Clayton, “Cyberattack on illinois water utility may confirm stuxnetwarnings,” Christian Science Monitor, vol. 18, 2011.

[16] D. Gewirtz, “Night dragon: Cyberwar meets corpoiate espionage,”Journal of Counterterrorism & Homeland Security International, 2011.

[17] B. Bencsth, G. Pk, L. Buttyn, and M. Flegyhzi, “Duqu: Astuxnet-like malware found in the wild,” 2011. [Online]. Available:http://www.crysys.hu/publications/files/bencsathPBF11duqu.pdf

[18] Venafi, “Flame malware - like stuxnet and duqu before it,” 2012.

15

[19] N. Nelson, “The impact of dragonfly malware on industrial controlsystems,” SANS Institute, 2016.

[20] Z. H. Yu and W. L. Chin, “Blind false data injection attack using pcaapproximation method in smart grid,” IEEE Trans. Smart Grid, 2015.

[21] I. Markwood, Y. Liu, K. Kwiat, and C. A. Kamhoua, “Electric gridpower flow model camouflage against topology leaking attacks,” in IEEEINFOCOM, 2017.

[22] Y. Yuan, Z. Li, and K. Ren, “Modeling load redistribution attacks inpower systems,” IEEE Trans. Smart Grid, vol. 2, no. 2, 2011.

[23] M. A. Rahman and H. Mohsenian-Rad, “False data injection attacks withincomplete information against smart power grids,” in 2012 IEEE GlobalCommunications Conference (GLOBECOM), 2012, pp. 3153–3158.

[24] X. Liu and Z. Li, “Local load redistribution attacks in power systemswith incomplete network information,” IEEE Transactions on SmartGrid, vol. 5, no. 4, pp. 1665–1676, 2014.

[25] L. Xie, Y. Mo, and B. Sinopoli, “False data injection attacks inelectricity markets,” in First IEEE International Conference on SmartGrid Communications, 2010, pp. 226–231.

[26] L. Jia, R. J. Thomas, and L. Tong, “Impacts of malicious data on real-time price of electricity market operations,” in Hawaii InternationalConference on System Sciences, 2012, pp. 1907–1914.

[27] J. Kim, L. Tong, and R. J. Thomas, “Dynamic attacks on power systemseconomic dispatch,” in Asilomar Conference on Signals, Systems andComputers, 2015, pp. 345–349.

[28] G. Hug and J. A. Giampapa, “Vulnerability assessment of ac stateestimation with respect to false data injection cyber-attacks,” IEEETransactions on Smart Grid, vol. 3, no. 3, pp. 1362–1370, 2012.

[29] C. Wang, C. W. Ten, Y. Hou, and A. Ginter, “Cyber inference system forsubstation anomalies against alter-and-hide attacks,” IEEE Transactionson Power Systems, vol. PP, no. 99, pp. 1–1, 2016.

[30] A. Ginter, SCADA Security - What’s broken and how to fix it. AbterraTechnologies Inc., 2016.

[31] Y. Huang, H. Li, K. A. Campbell, and Z. Han, “Defending false datainjection attack on smart grid network using adaptive cusum test,” inAnnual Conf. Inf. Sci. & Syst., 2011.

[32] L. Liu, M. Esmalifalak, Q. Ding, V. A. Emesih, and Z. Han, “Detectingfalse data injection attacks on power grid by sparse optimization,” IEEETrans. Smart Grid, vol. 5, no. 2, 2014.

[33] X. Liu, P. Zhu, Y. Zhang, and K. Chen, “A collaborative intrusiondetection mechanism against false data injection attack in advancedmetering infrastructure,” IEEE Trans. Smart Grid, vol. 6, no. 5, 2015.

[34] C. Gu, P. Jirutitijaroen, and M. Motani, “Detecting false data injectionattacks in ac state estimation,” IEEE Trans. Smart Grid, vol. 6, no. 5,2015.

[35] A. Ashok, M. Govindarasu, and V. Ajjarapu, “Online detection ofstealthy false data injection attacks in power system state estimation,”IEEE Trans. Smart Grid, 2016.

[36] E. Al-Shaer, Q. Duan, and J. H. Jafarian, “Random host mutation formoving target defense,” in Intl. Conf. Security and Privacy in Commun.Syst., 2012.

[37] J. Tian, R. Tan, X. Guan, and T. Liu, “Hidden moving target defensein smart grids,” in 2nd Workshop on Cyber-Physical Security andResilience in Smart Grids, 2017.

[38] S. Liu, S. Mashayekh, D. Kundur, T. Zourntos, and K. Butlerpurry, “Aframework for modeling cyber-physical switching attacks in smart grid,”IEEE Transactions on Emerging Topics in Computing, vol. 1, no. 2, pp.273–285, 2014.

[39] “Matpower.” [Online]. Available:http://www.pserc.cornell.edu/matpower/manual.pdf

[40] J. Kim, L. Tong, and R. J. Thomas, “Data framing attack on stateestimation,” J-SAC, vol. 32, no. 7, 2014.

[41] K. Rogers and T. Overbye, “Some applications of distributed flexible actransmission system (d-facts) devices in power systems,” in 40th NorthAmerican Power Symposium, 2008.

[42] D. Wang, X. Guan, T. Liu, Y. Gu, C. Shen, and Z. Xu, “Extendeddistributed state estimation: A detection method against tolerable falsedata injection attacks in smart grids,” Energies, vol. 7, no. 3, pp. 1517–1538, 2014.

[43] S. Weerakkody and B. Sinopoli, “Detecting integrity attacks on controlsystems using a moving target approach,” in IEEE Conf. Decision andControl (CDC), 2015.

Jue Tian received his B.S. degree in automationengineering from School of Electronic and Infor-mation, Xi’an Jiaotong University, Xi’an, China,in 2011, where he is currently pursuing the Ph.D.degree with the Systems Engineering Institute andthe MOE KLINNS Laboratory. He visited Schoolof Computer Science and Engineering, NanyangTechnological University, Singapore, from August2016 to August 2017. His research interests includesmart grid and cyber-physical system security. Hereceived the Best Paper Awards from CPSR-SG’17.

Rui Tan (M’08) is an Assistant Professor at Schoolof Computer Science and Engineering, NanyangTechnological University, Singapore. Previously, hewas a Research Scientist (2012-2015) and a SeniorResearch Scientist (2015) at Advanced Digital Sci-ences Center, a Singapore-based research center ofUniversity of Illinois at Urbana-Champaign (UIUC),a Principle Research Affiliate (2012-2015) at Coor-dinated Science Lab of UIUC, and a postdoctoralResearch Associate (2010-2012) at Michigan StateUniversity. He received the Ph.D. (2010) degree in

computer science from City University of Hong Kong, the B.S. (2004) andM.S. (2007) degrees from Shanghai Jiao Tong University. His research inter-ests include cyberphysical systems, sensor networks, and pervasive computingsystems. He received the Best Paper Awards from IPSN’17, CPSR-SG’17,Best Paper Runner-Ups from IEEE PerCom’13 and IPSN’14.

Xiaohong Guan (M’93-SM’95-F’07) received theB.S. and M.S. degrees in automatic control fromTsinghua University, Beijing, China, in 1982 and1985, respectively, and the Ph.D. degree in electri-cal engineering from the University of Connecticut,Storrs, CT, USA, in 1993. He was a Senior Con-sulting Engineer with PG&E, San Francisco, CA,USA, from 1993 to 1995. He visited the Divisionof Engineering and Applied Science, Harvard Uni-versity, Cambridge, MA, USA, from January 1999to February 2000. Since 1995, he has been with the

Systems Engineering Institute, Xi’an Jiaotong University, Xi’an, China, andwas appointed as the Cheung Kong Professor of Systems Engineering in1999, and the Dean of School of Electronic and Information Engineeringin 2008. Since 2001, he has been the Director of the Center for Intelligentand Networked Systems, Tsinghua University, and served as the Head of theDepartment of Automation, from 2003 to 2008. His research interests includeoptimization of power and energy systems, electric power markets, and cyber-physical systems such as smart grid, sensor networks, etc.

Ting Liu is an Associate Professor in Xi’an JiaotongUniversity, China. He received his B.S. degree inInformation Engineering and Ph.D. degree in SystemEngineering from School of Electronic and Infor-mation, Xi’an Jiaotong University, Xi’an, China, in2003 and 2010, respectively. He was visiting profes-sor in Cornell University during 2016 to 2017. Hisresearches include software engineering and smartgrids. He won “Best Paper Award” in 2017 IEEECPSWEEK CPSR-SG, “Best Research Paper” in2016 IEEE ISSRE and “Best Demo Award” in 2014

SEKE.