Evaluating Power System Vulnerability to False Data Injection Attacks via Scalable Optimization
aa r X i v : . [ c s . S Y ] M a y Evaluating Power System Vulnerability to FalseData Injection Attacks via Scalable Optimization
Zhigang Chu, Jiazi Zhang, Oliver Kosut, and Lalitha Sankar
School of Electrical, Computer, and Energy EngineeringArizona State UniversityTempe, AZ, 85287
Abstract —Physical consequences to power systems of false datainjection cyber-attacks are considered. Prior work has shown thatthe worst-case consequences of such an attack can be determinedusing a bi-level optimization problem, wherein an attack is chosento maximize the physical power flow on a target line subsequentto re-dispatch. This problem can be solved as a mixed-integerlinear program, but it is difficult to scale to large systems dueto numerical challenges. Three new computationally efficientalgorithms to solve this problem are presented. These algorithmsprovide lower and upper bounds on the system vulnerabilitymeasured as the maximum power flow subsequent to an attack.Using these techniques, vulnerability assessments are conductedfor IEEE 118-bus system and Polish system with 2383 buses.
I. I
NTRODUCTION
With integration of real-time monitoring, sensing, communi-cation and data processing, electric power systems are becom-ing increasingly efficient and intelligent. However, similar toall computer network integrated systems, this integration alsomakes power systems more vulnerable to cyber attacks whichcould result in serious physical consequences or even systemfailure. Therefore, it is crucial to evaluate system vulnerabilityto credible attacks before they happen, and develop techniquesto detect potential attacks and protect the system.False data injection (FDI) involves a malicious adversary re-placing a subset of measurements with counterfeits. It has beenshown that FDI attacks can be designed to target system states[1], [2], [3], system topology [4], [5], generator dynamics [6],and energy markets [7]. Some of these involve designing anoptimization problem to determine the worst-case FDI attacksthat can cause line overflow [8], operating cost change [9],[10], or locational marginal price change [11]. However, theresults are only demonstrated for small systems. Similar to[8], we consider an optimization problem to determine theworst-case FDI attack that causes line overflow, but our goalis to design optimization algorithms that scale to significantlylarger systems ( i.e. thousands of buses).In [8], an FDI attack against state estimation (SE) that leadsto an overflow is introduced. Subsequent to the attack, thesystem operator re-dispatches the system generation, leadingto an overload on a target line. Modeling such attacks leadsto formulation of a bi-level optimization problem in whichthe first level models the attacker’s ability and limitationswhile the second level models the system response via optimalpower flow (OPF). This bi-level optimization problem is re-formulated to a single level mixed-integer linear problem (MILP) by replacing the second level by its Karush-Kuhn-Tucker (KKT) conditions and rewriting the non-convex com-plementary slackness conditions as mixed integer constraints.As the system size scales, this optimization problem be-comes hard to solve because of the increasing number ofconstraints as well as number of binary variables. But therecent cyber attack in Ukraine (see [12]) reminds us that itis imperative to characterize the vulnerability of large powersystems. To this end, we introduce three computationally effi-cient algorithms to characterize the vulnerability of systems. Insome cases, these algorithms give the optimal attack. In othercases, finding the optimal attack is intractable, so instead thesealgorithms provide lower and upper bounds on the optimalobjective value. A lower bound represents a feasible solution,and thus, highlights a specific overflow vulnerability for thesystem. An upper bound, on the other hand, constitutes a limiton the severity of this class of attacks.The first algorithm provides the optimal solution to theproblem by reducing the number of line thermal limit con-straints as well as the binary variables associated with them.The second algorithm further reduces the number of generationlimit constraints and corresponding binary variables. However,by doing this we give up a guarantee on optimality, so thealgorithm only provides a lower bound on the objective.The third algorithm provides both a lower bound and anupper bound via linear programming (LP) that maximizesthe difference between target line cyber and physical powerflows. All three algorithms are tested on the IEEE 118-bussystem and the Polish system (2383 buses) to evaluate systemvulnerability.The outline of this paper is as follows. In Sec. II, powersystem state estimation and the attack model are described.Sec. III describes how to formulate the bi-level optimizationproblem and how to convert it to a MILP, while Sec. IV in-troduces three algorithms to solve such optimization problem.Simulation results and concluding remarks are presented inSec. V and VI, respectively.II. S
TATE E STIMATION AND A TTACK M ODEL
In this section, we introduce the mathematical formulationfor SE and the attack model. Throughout, we assume there are n b buses, n br branches, n g generators, and n m measurementsin the system. For tractability, we focus on the DC power flowodel and DC SE, but the attacks introduced in this paper canalso be performed against AC SE as in [8]. A. State Estimation
The DC measurement model is described as z = Hx + e (1)where z is the n m × measurement vector whose entriesare measurements of the system; x is the vector of busvoltage angles; H denotes the n m × n b matrix describing therelationship between the system states and measurements; e is the n m × measurement error vector, whose entries areassumed to be independent and Gaussian distributed with zeromean and covariance matrix R = diag ( σ , σ , ..., σ n m ) .Observability analysis is performed before the state estima-tion process to check whether the system is fully observable.The weighted least-square (WLS) method is utilized to solvethe SE problem, and the solution is given by [1] ˆ x = ( H T R − H ) − H T R − z (2)where ˆ x is the estimated system state vector. We assumeclassical bad data detection, based on measurement residuals,is used to detect large errors in measurement data. Note thattraditional bad data detectors cannot necessarily detect FDIattacks. Indeed, unobservable attacks, as defined below, cannotbe detected by any bad data detector based on measurementresiduals. B. Attack Model
We first assume that the attacker has the following knowl-edge and capabilities:1) The attacker has full system topology information viapower transfer distribution factors (PTDF).2) The attacker has knowledge of load distribution, genera-tion costs and line thermal limits of the system.3) The attacker has control of the measurements in a subset S of the network.As discussed in [8], in the absence of noise, an attack isdefined to be unobservable when there exists an n b × attackvector c = 0 such that for all i , the measurement ¯ z i modifiedby the attacker satisfies ¯ z i = z i + H i c , where H i denotes the i th row of H . Given an attacker with control of the measurementsin S , it can execute this attack with attack vector c if H i c hasnon-zero entries only in S .Given an attack vector c , the following procedure producesa subgraph S that, if controlled by the attacker, can executean unobservable attack. For an attack vector c , load buses ( i.e. , buses with load) corresponding to non-zero entries of c are denoted as center buses . Given an attacker vector c , thesubgraph S controlled by the adversary is constructed usingthe following algorithm introduced in [3]:1) Let S be the set of all center buses.2) Extend S by including all branches and buses adjacentto center buses. 3) If any bus on the boundary of S is a non-load bus ( i.e. ,no load is present), extend S by including all adjacentbranches and buses to this bus.4) Repeat step 3) until all boundary buses are load buses.Constructing S with this method ensures that only measure-ments inside S can be modified by the attacker. The systemoperator will see the results of this unobservable attack asload changes at load buses within S , while the total load ofthe system remain unchanged.III. W ORST - CASE L INE O VERFLOW A TTACKS
In [8], a bi-level optimization problem is introduced tofind the worst-case unobservable line overflow attack vectorgiven the attacker’s limited resources to change states. Inthe optimization problem, the first level models the attacker’sobjective to maximize the power flow on a target line, subjectto constraints on (1) the attacker’s resources, characterizedby the number of center buses in c , and (2) the attacker’sdetectability, characterized by the load shift, or the differencebetween the cyber load and the original load, as a percentageof the original load. The second level is a DCOPF problemsimulating the system response to the attack. It is demonstratedin [8] that unobservable attacks solved with the MILP cansuccessfully lead to generation re-dispatch that maximizephysical power flow on the target line, and hence, can resultin line overflow for IEEE RTS 24-bus system.In [8], B - θ method is used to fomulate the DCOPF problem,where the line power flow is calculated as the product ofthe dependency matrix of power flow and voltage angle B and the voltage angle vector θ . In contrast, in this paper weequivalently formulate the DCOPF using PTDF, where the linepower flow is calculated as the product of PTDF matrix andpower injection. Note that in this formulation, the variablevector θ is eliminated, and hence, the thermal limit constraintsbecome independent of each other. Without loss of generality,we assume the power flow on the target line is positive. If itis not, we just maximize the negative of it.The bi-level optimization problem is formulated as follows:(dual variables for second level problem are written in paren-theses)maximize c P l − σ k c k (3)subject to P = PTDF ( G B P ∗ G − P D ) (4) k c k N (5) − L S P D Hc L S P D (6) { P ∗ G } = arg (cid:26) min P G C G ( P G ) (cid:27) (7)subject to P n g g =1 P Gg = P n b i =1 P Di ( λ ) (8) − P max PTDF ( G B P G − P D + Hc ) P max ( F ± ) (9) P min G P G P max G ( α ± ) (10)2here the variables: c is the n b × attack vector; P is the n br × vector of physical line power flow; P l is the physical power flow of target line l ; P G , P ∗ G are n g × vectors of generation dispatch vari-ables and optimal generation dispatch solved byDCOPF, respectively; λ is the dual variable of the generation-load balanceconstraint; F + , F − are n br × dual variable vectors of the upper andlower bound of thermal limits, respectively; α + , α − are n g × dual variable vectors of the upperand lower bound of generator capacity limits,respectively;and the parameters: L S is the load shift factor; P D is the n b × vector of active load at each bus; N is the l -norm constraint integer; H is the n b × n b dependency matrix between powerinjection measurements and state variables; G B is the n b × n g generator to bus connectivity matrix; C G is the cost function of the generation vector; P max is the n br × vector of line thermal limit; P min G , P max G are n g × vectors of minimum and maximumgenerator output, respectively; σ is the weight of the norm of attack vector c .In the first level objective function, σ is chosen to be a smallpositive number to minimize the contribution of the secondterm in the objective; constraint (4) calculates the physicalpower flow of the system; constraint (5) models the limitedresources that the attacker can use to change states. Ideally,the l -norm would be used, giving the exact sparsity of c , butfor tractability we use the l -norm as a proxy. Constraint (6)ensures the load changes are small enough to avoid detection.In the second level, the system response to the attack vectordetermined in the first level is modeled via DCOPF as in(7) − (10).The bi-level optimization problem introduced above is non-linear. We modify several constraints to convert the originalformulation into an equivalent MILP as in [8]. The modifica-tions include:1) Linearize the l -norm constraint in (5) by introducing aslack vector s as c s, − c s, X i ∈L load s i N (11)where L load is the set of load buses. Meanwhile, theobjective function (3) becomesmaximize c,s P l − σ X i ∈L load s i (12)2) Replace the second level DCOPF problem by its KKToptimality conditions as introduced in [13], as (8) − (10) = ∇ [ C G ( P G )] + ∇ ( n g X g =1 P Gg − n b X i =1 P Di ) · λ + ∇ [ PTDF ( G B P G − P D + Hc ) ∓ P max ] · F ± + ∇ ( P G − P max G ) · α + + ∇ (cid:0) P min G − P G (cid:1) · α − (13) F ± (14) α ± (15) = diag ( F ± ) [ PTDF ( G B P G − P D + Hc ) ∓ P max ] (16) = diag ( α + ) ( P G − P max G ) (17) = diag ( α − T ) (cid:0) P min G − P G (cid:1) (18)where constraint (13) is the partial gradient optimalcondition, (14) and (15) are the dual feasibility con-straints, (16)–(18) represent the complementary slacknessconstraints.3) Linearize the complementary slackness constraints inKKT conditions by introducing new binary variables δ and a large constant M as [ δ ± F ; δ ± α ] ∈ { , } (19) (cid:26) F ± M δ ± F P max ∓ PTDF ( G B P G − P D + Hc ) M ( − δ ± F ) (20) α ± M δ ± α P max G − P G M ( − δ + α ) P G − P min G M ( δ − α − ) (21)The whole problem then becomes a single level MILP withobjective (12), subject to (4), (6), (8)–(11), (13)–(15), and(19)–(21). Throughout this paper, this problem is denotedas the original MILP with P ∗ l as the optimal objective.This problem is NP-hard, thus it is not guaranteed that asolution can be found in polynomial time. As the systemnetwork size scales, the number of binary variables increases,resulting in an increased computational burden. We have foundexperimentally that for the IEEE 118-bus system, the originalMILP fails to converge in a reasonable length of time usingsolver GUROBI. Since power systems in the real world aretypically very large ( e.g., the PJM system includes 15000buses, 2800 generators and 20000 branches), a straightforwardapproach to solving this problem for real-world systems doesnot allow a characterization of the worst-case attacks.IV. C OMPUTATIONAL E FFICIENT A LGORITHMS TO S OLVE A TTACK O PTIMIZATION P ROBLEMS
In this section, we introduce three computational efficientalgorithms to overcome the computational challenges broughton by a large number of binary variables. Algorithm 1 (A1)reduces the number of line thermal limit constraints as well asthe number of binary variables associated with them from theoriginal MILP. If it converges, the optimal objective P ∗ ( A l solved with Algorithm 1 is guaranteed to be equal to the3ptimal objective of the original MILP. However, as the systemsize scales, even though the number of binary variables associ-ated with line thermal limit constraints is significantly reduced,the number of binary variables associated with generation limitconstraints is still large enough to make the problem hard tosolve. As an experimental verification, we note that Algorithm1 works efficiently for the IEEE 118-bus system, but it fails toconverge in a reasonable length of time for the Polish systemwith 2383 buses. Thus, similar to Algorithm 1, we proposeAlgorithm 2 (A2), in which we further reduce the numberof generation limit constraints as well as the binary variablesassociated with them from the original MILP. Algorithm 2gives a feasible solution, but the solution can be sub-optimal.Thus, the resulting objective value P ∗ ( A l is a lower boundon P ∗ l . Finally, we propose Algorithm 3, which maximizes thedifference between the target line cyber and physical powerflows, to evaluate system vulnerability without modeling thesystem response to the attack. This reduces to a linear program,whose optimal solution can be used to derive both a lowerbound P ∗ ( A , lb ) l and an upper bound P ∗ ( A , ub ) l on P ∗ l . Acomparison of these three algorithms is given in Table I. A. Reducing the Number of Binary Variables Associated withLine Thermal Limit Constraints
In [14] and [15], the authors suggest that a constraint reduc-tion technique can be used to accelerate the solving processfor optimization problems for large power systems, such asunit commitment and security constrained economic dispatch(SCED). The thermal limit constraints which are likely to benon-binding at the optimal solution are removed for speed.In Algorithm 1, we apply a similar method to improve theefficiency of the original MILP by reducing the number ofbinary variables associated with line thermal limits constraints.For lines whose pre-attack power flow are much lower thantheir ratings, their thermal limit constraints are unlikely to bebinding in the optimal solution of the optimization problem,and hence, can be removed. Thus, we propose Algorithm 1 toremove constraints from (19) and (20) without violating anyconstraints of the original MILP.
Algorithm 1
Attack optimization problem with reduced ther-mal limit constraints1) Perform a system wide DCOPF assuming no attack ispresent.2) Let Q be the set of lines whose power flow are more than90% of ratings (denote as critical lines ).3) For each line k , if k / ∈ Q , remove the correspondingconstraints from (9), (13)–(14), (19), and (20).4) Solve the reduced problem, and use the optimal dispatch P ∗ ( A G to calculate the cyber power flow of the system.5) If there exists any cyber overflow, add those lines to Q ,and go back to 3).6) Let P ∗ ( A l be the optimal objective value of the reducedproblem.If the algorithm terminates, the solution is guaranteed to be the optimal solution of the original MILP ( i.e. P ∗ ( A l = P ∗ l )because no thermal limits are violated. B. Reducing the Number of Binary Variables Associated withPower Generation Limit Constraints
Algorithm 2 modifies Algorithm 1 by further reducing thenumber of binary variables, now focusing on generation limitconstraints. Since constraint (6) ensures the load changes aresmall, the generation re-dispatch is likely to be limited withina small number of generators (denote as marginal generators )corresponding to these load changes. Algorithm 2 reducesthe number of binary variables associated with generatorsby assuming the generation level of non-marginal generatorsremains unchanged after attack.
Algorithm 2
Attack optimization problem with reduced ther-mal limit & generation limit constraints1) Perform a system wide DCOPF assuming no attack ispresent.2) Let Q be the set of critical lines as defined above.3) Let R be the set of marginal generators. i.e. , the set ofgenerators g where P min Gg < P Gg < P max Gg .4) For each line k and each generator g , if k / ∈ Q and g / ∈ R , remove the corresponding constraints from (9)–(10), (13)–(15) and (19)–(21).5) Solve the reduced problem, then take the optimal attackvector c ∗ A to run post-attack DCOPF (7)–(10) to getsystem operator’s corresponding dispatch P post G .6) If P ∗ ( A G = P post G , add those generators with differentdispatch to the set R , and then go back to 4).7) Take P ∗ ( A G to calculate the cyber power flow of thesystem.8) If there exists any cyber overflow, add those lines to Q ,and go back to 4).9) Let P ∗ ( A l be the optimal objective value of the reducedproblem.By significantly reducing the number of binary variables,Algorithm 2 can be efficiently applied to the Polish system.Since some of the variables P G are held constant, the solutionis not guaranteed to be optimal for the original MILP. How-ever, it does provide a feasible solution, and hence, P ∗ ( A l isa lower bound on P ∗ l . C. Maximizing the Difference between Post-attack Physicaland Cyber Power Flows
In this section, we propose Algorithm 3 that provides bothlower and upper bounds on P ∗ l . In the original MILP theobjective is to maximize the physical power flow of a targetline, which is calculated by (4). Substituting (4) into (9) gives − P max − PTDF ( Hc ) P P max − PTDF ( Hc ) . (22)In particular, for target line l , P l P max l − PTDF l ( Hc ) (23)4 ABLE IC
OMPARISON OF T HREE P ROPOSED A LGORITHMS
Algorithm Type of Program Outcome Tractable Test Cases where P max l is a constant and PTDF l is the l th row of thePTDF matrix. Thus, we can maximize − PTDF l ( Hc ) to findan upper bound on P ∗ l constrained by (4), (6), and (11). Thisoptimization problem is formulated asmaximize c,s − PTDF l ( Hc ) (24)subject to (4) , (6) , (11)This optimization is a linear program and can be solvedefficiently for large systems. Algorithm 3
Maximizing the difference between post-attackphysical and cyber power flows1) Solve optimization problem (24). Let c ∗ A be the resultingoptimal attack vector.2) Calculate the upper bound as P ∗ ( A , ub ) l = P max l − PTDF l ( Hc ∗ A ) . (25)3) Perform post-attack DCOPF (7)–(10) with c = c ∗ A tofind dispatch P post G .4) Calculate the lower bound as P ∗ ( A , lb ) l = PTDF l ( G B P post G − P D ) . (26)Once the optimal objective is reached, P ∗ ( A , ub ) l , can becalculated by adding this optimal objective to P max l accordingto (23). The system re-dispatch P post G and line cyber powerflow P cyber are achieved by performing post-attack DCOPF(7)–(10). The resulting physical power flow on the target line, P ∗ ( A , lb ) l , is a lower bound on P ∗ l .Note that if the load shift is too large, it is possible thatthe post-attack DCOPF fails to converge. However, since wekeep the load shift small, this situation is beyond the scope ofthis paper. Furthermore, if P ∗ ( A , ub ) l = P ∗ ( A , lb ) l , they are theoptimal objective of the original MILP. This is the situationwhen (cid:12)(cid:12)(cid:12) P cyber l (cid:12)(cid:12)(cid:12) = P max l , i.e. , (9) holds with equality in theoptimal solution of post-attack DCOPF (7)–(10).V. S IMULATION RESULTS
In this section, we apply algorithms described in Sec. IV toboth the IEEE 118-bus system and the Polish system. As statedin Sec. IV, Algorithm 1 does not converge in reasonable lengthof time for the Polish system. Therefore, only Algorithms 2and 3 are applied on the Polish system. There are 7 criticallines prior to the attack in IEEE 118-bus system and 17 in the Polish system. The number of marginal generators priorto the attack for the two systems are 15 and 6, respectively.We exhaustively evaluate vulnerability of these two systemsby targeting all critical lines with load shift constraint L S = l -norm constraint N is chosen as [0 . , for the118-bus system and [0 . , for the Polish system, both withincrement 0.1. GUROBI is utilized as the solver to solve theoptimization problem. Throughout, we use MATLAB R2014aand MATPOWER package v4.1 to perform the simulation. A. Computational Efficiency
The computational efficiency improved by Algorithms 1and 2 are characterized as the reduction in the number ofbinary variables. In Table I, the th column compares theaverage numbers of binary variables of the original MILP,Algorithm 1, and Algorithm 2 for both test systems. Notethat for the Polish system, the number of binary variables ofAlgorithms 1 is theoretical, as Algorithm 1 does not convergein a reasonable length of time for the Polish system. The th column summarizes the average computation time of thethree methods for two typical test cases, i.e., test cases withtarget line 104 in 118-bus system and target line 292 in thePolish system. As one would expect, Algorithm 3, an LP, iscomputationally the most efficient among the three proposedalgorithms for both test systems. B. Results for the IEEE 118-bus System
Figs. 1(a) and (b) illustrate the maximum power flow ontarget lines 104 and 141, respectively, in IEEE 118-bus systemusing the three different algorithms described in Sec. IV. Weuse this system to compare the bounds of Algorithms 2 and 3to the exact solution provided by Algorithm 1; note, however,that the optimal solution of Algorithm 1 is not available for thePolish system. Both figures illustrate that as N increase, P ∗ l also increases, and all three algorithms can result in overflow.Fig. 1(a) shows that for target line with any N , P ∗ ( A l = P ∗ ( A l = P ∗ ( A , ub ) l = P ∗ ( A , lb ) l = P ∗ l ; that is, all threealgorithms achieve the optimal solution of the original MILP.Fig. 1(b) shows that for target line 141, P ∗ ( A , lb ) l < P ∗ ( A l = P ∗ ( A l < P ∗ ( A , ub ) l , illustrating that P ∗ ( A , lb ) l and P ∗ ( A , ub ) l are not always tight bounds on P ∗ l . In all scenarios we haveconsidered, Algorithm 2 yields the optimal solution for the118-bus system. (This is not true for the Polish system, asillustrated in Fig. 2.)5 .1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.01081121161201241280.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0939699102105108 (b) P l *(A1) P l *(A3,ub) P l *(A2) P l *(A3,lb) l -norm Constraint N (rad) (a) P l *(A1) P l *(A3,ub) P l *(A2) P l *(A3,lb) M ax i m a l P o w er F l o w ( % ) Fig. 1. The maximum power flow v.s. the l -norm constraint ( N ) whentarget lines are (a) line 104, and (b) line 141 of IEEE 118-bus system. C. Results for the Polish System
Results for target lines 292, 4, and 1816 obtained withAlgorithms 2 and 3 are illustrated in Figs. 2(a), (b), and(c), respectively. We observe that for target line 292, theupper and lower bounds exactly match, i.e., P ∗ ( A , ub ) l = P ∗ ( A , lb ) l = P ∗ ( A l , in the range N ∈ [0 . , . , andtherefore, the optimal solutions are reached. For the remainingcases, our algorithms do not give the optimal solutions, since P ∗ ( A , lb ) l < P ∗ ( A l < P ∗ ( A , ub ) l . For target line 4, we observethat the upper and lower bounds do not match, but the lowerbound from Algorithm 2 is tighter than that from Algorithm3, whereas for target line 1816, the opposite is true. P l* (A2) P l *(A3,ub) P l *(A3,lb) l -norm Constraint N (rad) P l* (A2) P l *(A3,ub) P l *(A3,lb) P l* (A2) P l *(A3,ub) P l *(A3,lb) M ax i m a l P o w er F l o w ( % ) Fig. 2. The maximum power flow v.s. the l -norm constraint ( N ) whentarget lines are (a) line 292, (b) line 4, and (c) line 1816 of the Polish system.. VI. C
ONCLUSION
This paper presented an approach to evaluate the vulnerabil-ity of power systems to FDI attacks irrespective of the size ofthe network. Three computationally efficient algorithms havebeen introduced to characterize the vulnerability of systems. Itis demonstrated that Algorithm 1 can find worst-case attacks.Algorithms 2 and 3, on the other hand, can find feasible attacksthat can result in significant consequences. Future work willinclude evaluating attack efficiency for arbitrary system sizewhen attacker only has limited information as in [16] using thethree algorithm proposed here. In addition, designing detectioncountermeasures to thwart such attacks is also of interest.A
CKNOWLEDGMENT
This work is supported jointly by the National ScienceFoundation and the Department of Homeland Security underGrant CNS-1449080. R
EFERENCES[1] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks againststate estimation in electric power grids,” in
Proceedings of the 16th ACMConference on Computer and Communications Security , ser. CCS ’09.New York, NY, USA: ACM, 2009, pp. 21–32.[2] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, “Malicious data attackson the smart grid,”
IEEE Transactions on Smart Grid , vol. 2, no. 4, pp.645–658, 2011.[3] G. Hug and J. A. Giampapa, “Vulnerability assessment of ac stateestimation with respect to false data injection cyber-attacks,”
IEEETransactions on Smart Grid , vol. 3, no. 3, pp. 1362–1370, Sept 2012.[4] J. Kim and L. Tong, “On topology attack of a smart grid: Undetectableattacks and countermeasures,”
IEEE JSAC , vol. 31, no. 7, pp. 1294–1305, 2013.[5] J. Zhang and L. Sankar, “Physical system consequences of unobservablestate-and-topology cyber-physical attacks,”
IEEE Transactions on SmartGrid , vol. PP, no. 99, pp. 1–10, 2016.[6] D. Kundur, X. Feng, S. Liu, T. Zourntos, and K. L. Butler-Purry,“Towards a framework for cyber attack impact analysis of the electricsmart grid,” in
Smart Grid Communications (SmartGridComm), 2010First IEEE International Conference on , Oct 2010, pp. 244–249.[7] L. Xie, Y. Mo, and B. Sinopoli, “Integrity data attacks in power marketoperations,”
IEEE Transactions on Smart Grid , vol. 2, no. 4, pp. 659–666, Dec 2011.[8] J. Liang, L. Sankar, and O. Kosut, “Vulnerability analysis and conse-quences of false data injection attack on power system state estimation,”
IEEE Transactions on Power Systems , vol. PP, no. 99, pp. 1–9, 2016.[9] Y. Yuan, Z. Li, and K. Ren, “Modeling load redistribution attacks inpower systems,”
IEEE Transactions on Smart Grid , vol. 2, no. 2, pp.382–390, June 2011.[10] ——, “Quantitative analysis of load redistribution attacks in power sys-tems,”
IEEE Transactions on Parallel and Distributed Systems , vol. 23,no. 9, pp. 1731–1738, Sept 2012.[11] L. Jia, J. Kim, R. J. Thomas, and L. Tong, “Impact of data qualityon real-time locational marginal price,”
IEEE Transactions on PowerSystems
Convex Optimization
IEEEPES General Meeting , Boston, MA, July 2016., Boston, MA, July 2016.