A Novel Sparse Attack Vector Construction Method for False Data Injection in Smart Grids

: To improve the security of smart grids (SGs) by ﬁnding the system vulnerability, this paper investigates the sparse attack vectors’ construction method for malicious false data injection attack (FDIA). The drawbacks of the existing attack vector construction methods include avoiding discussing the feasible region and validity of the attack vector. For the above drawbacks, this paper has three main contributions: (1) To construct the appropriate attack evading bad data detection (BDD), the feasible region of the attack vector is proved by projection transformation theory. The acquisition of the feasible region can help the defender to formulate the defense strategy; (2) an effective attack is proposed and the constraint of effectiveness is obtained using norm theory; (3) the domain of the state variations caused by the attack vector in the feasible region is calculated, while the singular value decomposition method is adopted. Finally, an attack vector is constructed based on l 0 -norm using OMP algorithms in the feasible domain. Simulation results conﬁrm the feasibility and effectiveness of the proposed technique.


Introduction
The heavy usage of non-renewable fossil fuels is the primary contributor to the greenhouse effect by releasing carbon dioxide [1]. Zaidi et al. reveal that non-renewable energy is the main contributor to pollution by analyzing renewable and non-renewable energy consumption [2]. Awan et al. highlight that industrialization increases the demand for renewable energy resources and decreases sustainability of greenhouse gas emissions [3]. With the emergence of environmental problems and the consumption of non-renewable energy, the application of renewable energy such as wind and solar energy is more and more important [4]. Shady et al. highlight in [5] that the establishment of SGs is very important to improve the efficiency and security of energy supply. SGs would help in reducing energy consumption during peak load, and in reducing emissions of pollutants. However, a large number of instruments and equipment with network communication in new energy are applied in SGs. Due to the lack of adequate protection measures, the risk of network attack on SGs is greatly increased; access to distributed and renewable energy resources brings great uncertainty to the cyber security of SGs [6]. In 2003, a computer network at Davis-Besse nuclear power plant was penetrated. In 2010, the nuclear power plant in Iran was penetrated by Stuxnet [7]. In December 2015, malicious software called "Black Energy" penetrated the national grid of Ukraine, causing serious damage to the supervisory control and data acquisition (SCADA) system [8]. In January 2016, Israel's electricity authority suffered a serious cyber attack, in which ransom ware was distributed by mail to trick its staff into executing from the above model, the residual increment caused by the attack is ensured within the threshold and a construction method of attack vectors based on ADMM is proposed in [30]. The attack vector design relaxed.
While the above methods can find the attack vector, the sparseness and effectiveness of attack vectors are difficult to be satisfied simultaneously. Moreover, the existing methods also do not provide a feasible domain of attack vector. In conclusion, there are three problems: • To pass BDD, what is the range of attack vector? • What extent can an attack be called effective attacks? • How to design the sparse attack vectors within the feasible domain to achieve the desired attack effect?
Aiming at these problems, this paper investigates the feasible region of attack vector and a novel sparse attack vector construction method is presented. The main contributions are: • According to the state estimation technique, the feasible region of attack vector is obtained using linear algebra.

•
The constraint of the effectiveness of attack is derived based on whether it can cause the operator to misbehave.

•
The state estimation variations domain is proposed based on the feasible region of the attack vector.
Furthermore, the greatest contribution considered by the authors should be the discussion of the attack vector range in this paper.
The rest is organized as follows. Section 2 illustrates the BDD mechanism and the principle of FDIA based on the DC model. Section 3 presents the main results of the paper. The simulation results are presented in Section 4.

Formulate Problem
Power system state estimation can be used for inference the operation state by the available measurements of various meters in the power grid [16]. The available measurements include bus real power and reactive power injection, and branch real power and reactive power flow. The measurement model of the AC power flow is described as where z = (z 1 , z 2 , . . . , z m ) T is denoted as measurement vector; x = (x 1 , x 2 , . . . , x n ) T is the system state vector; v = (v 1 , v 2 , . . . , v m ) T is the Gaussian measurement noise caused by environmental factors and measuring instrument, and h(.) is the functional dependency between measurements and state variables. When the weighted least squares (WLS) algorithm is used in the model, the system state can be inferred from the following optimization problem arg min Here, the state estimation based on the DC model can be used, the details of the DC power flow measurement model are as follows: where z = (z 1 , z 2 , . . . , z m ) T is denoted measurement vector, including active powers and reactive powers, x = (x 1 , x 2 , . . . , x n ) T is the voltage phase angle of each node, v = (v 1 , v 2 , . . . , v m ) T is the Gaussian measurement noise caused by environmental factors and measuring instrument, H is the measurement matrix which depends on the topology of network and line parameters.
The system state can be inferred from the following optimization problem arg min where W = diag σ −2 i , 0 and σ 2 i is the variance of measurement noise associated with the i-th meter (1 ≤ i ≤ m) [28]. If the matrix H T W H is invertible, the solution of Equation (4) can be written aŝ Let vector r = z − Hx is the measurement estimation residual. Since the noise vector satisfies Gaussian distribution, J(x) = r T Wr satisfies the Chi-square distribution with a degree of freedom (m − n). Then the binary hypothesis test is established as BBD, this is the Chi-square detection. When the confidence level is 1 − α, the binary hypothesis test can be expressed as

•
Hypothesis H 0 : J(x) ≤ τ, there is no bad data and H 0 is true.

•
Hypothesis H 1 : J(x) > τ, there is a bad data and H 1 is true.
However, Even if the result of the state estimator is changed by FDIA, the BDD alarm is not triggered only if the residual increment is within the threshold. The FDIA for the state estimation exploits the vulnerabilities of the Chi-square detector. Figure 1 illustrates the FDIA frame. If the target's topology and line parameters are obtained by the attackers, they may capture measurement z through invading advanced parts such as phase measurement units (PMUs)/remote terminal units (RTUs). Then, the adversaries use z to construct an attack a. After that, a is injected into measurement and makes z become z a . Next, z a will be transmitted to the SCADA system via the communication network. In SCADA system, the WLS state estimation algorithm is employed to estimate the system state and identify bad data. Once z a is not detected by BDD, it will be used for system power flow calculation and scheduling.  Remark 1. The SCADA system collects the measurements from the remotes, which may cause packet data random sequence false, loss and other situations because of transmission through the network. The construction of attack vectors is the main focus in this paper, so where network communication is in an ideal situation.

Demand
The Chi-square detector is a residual detector centered on measurement and estimated residual. The successful FDIA depends on that the attack vector can pass BDD and the result of the attack is effective. The construction of the attack vector is the key for attackers. Therefore, this paper focuses on the feasible and effective domains of attack vectors and the state variation domains caused by attack vectors using linear algebra.

Remark 2.
The research on the feasible domain of attack vector can not only facilitate the attacker but also be significant to the defender. If the defenders know the feasible domain, they can reduce the feasible domain to improve the security. The discussion on effectiveness has the same effect.

Feasible Domain of Attack Vector
Definition 1. When the attack vector a ∈ Π a , the alarm is not triggered. The range Π a is defined as the feasible domain of attack vector a.
The feasible domain of attack vector is not delved into in the existing research. It will be proved that the attack vector is only selected from a subset of Π a in the existing methods, which leads to a sparseness of attack vectors. In this subsection, the research of Π a will be a great guide to the design of the attack vector.

Definition 2 ([31]
). In the finite-dimensional space, a square matrix P is called a projection matrix if it is equal to its square, i.e., P 2 = P.

Lemma 1 ([31]
). Let C m be a finite dimensional vector space and the matrix P be a projection on C m . If the subspaces L and M are the range and kernel of P, respectively, P has the following properties: Every vector d ∈ C m can be decomposed uniquely as d = e + f with e = Pd and The calculation of Lemma 2 is shown below.
According to Definition 2, B is a projection matrix. Since substituting Equation (6) into Equation (7), we have Thus square matrix (I m − B) is also a projection matrix.

Theorem 1. Π a includes projection subspace and kernel subspace of projection transformation matrix
Proof of Theorem 1. Let z a be the measurement contained the attack vector. z a can be written as Letx a as the attacked estimate. When there exists the attack,x a can be written aŝ where c is the perturbation of the state caused by a. When a = 0, according to the Equation (5), Letẑ a as the attacked measurement estimate. Because ofẑ a = Hx a , the attacked residual r a can be expressed as From Equations (9)-(11), r a is rewritten as When there is no an attack, normal measurement can pass through the detector because of z − Hx 2 ≤ τ. Hence, if z a attempt to pass the Chi-square detector, a must satisfy (5), Equation (14) can be rewritten as Since B is an m-dimensional square matrix, Lemma 2 states that (I m − B) is a projection transformation matrix in C m space, and C m = L ⊕ M, where the subspaces L and M are the range and kernel of (I m − B), respectively. According to the nature of the idempotent matrix, z + a can be expressed as where z L + a L ∈ L and z M + a M ∈ M. Using Lemma 1, it follows that The projection transformation projects the vector z + a from the original space C m to the projection subspace L. Combining Equations (16) and (18), the feasible domain of the attack vector can be obtained as in the subspace M, Therefore, Equation (19) shows that Π a is a sphere in the projection subspace L of the projection transformation. The feasible domain in the subspace M can be calculated from Equation (20) and the a M is any. The Π a proposed in this paper is a sufficient and necessary condition. Furthermore, it covers all feasible domains of perfect attack vectors and imperfect attack vectors.

Remark 4.
When designing an attack vector, the attacker must ensure that the attack vector is within the feasible domain. Therefore, an attacker prefers the feasible domain to be as large as possible. However, Π a relates to the threshold of τ. From the view of power system security, τ should be as small as possible. A small τ limits the scope of the attack.
Further, it will be proved that the attack vector is only selected from the kernel space in the methods of a = Hc. Because the selection is so small, which leads to the sparseness of attack vectors is greatly limited. Proof of Theorem 2. According to matrix theory, there is Combining Equations (21) and (22), (I m − B)H = 0 is always true, so the column vectors of measurement matrix H belong to the kernel space of (I m − B).

Remark 5.
In the constraint a = Hc, a is a linear combination of the columns of H, so a is one member of the vector space of the columns of H. According to Theorem 2, the vector space of the columns belongs to the kernel space of (I m − B). Hence, the design scheme of a = Hc is based on kernel space, which is only a subset of the feasible domain proposed in this paper.

Lower Bound of the Attack Vector
As seen in the previous section, the feasible domain of a is discussed. The question of attack vector range is answered. However, apart from the feasible domain, another main issue is the effectiveness when the attack constructed. In this subsection, the effectiveness of attacks will be investigated. We propose that the criterion of causing operator's wrong action is taken as the index of effective attack and the constraint of an effective attack is suggested.
When the operators find the estimated state deviated from their expected without considering the existence of an attack, they take actions such as adjusting the generator output or changing loads. These actions based on incorrect state variables may harm the normal operation of SGs. Thus, only attacks that can harm the power grid operation will be called effective attacks.

Definition 3.
An effective attack can make the state estimated deviate from its given normal operating range for the power grid.
For example, a harmful attack is an attack which causes the voltage deviation exceeds 5% of the nominal. Next, the constraints on the attack vector will be derived for such an effective attack. Suppose that each state deviation is less than C min during normal operation. Therefore, by Definition 3, the potential attackers need to design attack a so that the maximum state variable more than C min . Equation (11) shows that the state variation caused by the attack is c. Combined with Definition 3, where ∞ is the maximum. According to Equation (11), Equation (23) can be re-written as Noting A = H T W H −1 H T W, Equation (24) can be re-written as Aa ∞ ≤ Aa 2 combined with Equation (25) can be derived as where A 2 is the induced norm, also known as the spectral norm of the matrix A.
According to the definition of the spectral norm of the matrix, (26) can be re-written as Remark 6. To induce the operator's mistake, the attack vector designed must meet certain conditions. As shown in Equation (27), which condition distinguishes the effectiveness of the attack vector and indicates the system's tolerance to noise.

The Range of State Estimate Variable
When the attackers make an attack, they need to specify an expected state variable c 0 at first. The attackers construct a to implements such a state variable. Therefore, it is very essential to understand the range of c and select c 0 in the domain. An attacker can construct the desired attack vector result from picking a suitable value within this domain. However, if an attack is in the range of Corollary 1 in Section 3.1, what is the domain of state variables in the state space? In this subsection, we study the topic. This is a map from attack domain to result domain. As an attacker, this is the knowledge to have before constructing an attack.

Lemma 3 ([31]
). Let D be a real m-by-n matrix and rank(D) = r. Then the image set of unit sphere surface in R n under linear transformation T D has the following properties: 1. If r = n, the image set in R m is an ellipsoid surface, in basis P which can be expressed as 2. If r < n, the image set in R m is an ellipsoid, in basis P which can be expressed as where P is the left singular matrix of D and ς i is the singular value of matrix D.
As seen in Section 3.1, the feasible domain of a is derived. The question of attack vector range is answered. A subset of a is determined in Corollary 1, which is a solid sphere whit the centre of sphere −z and the radius τ.
Let y = 1 τ (z + a) . Combining with Corollary 1, z + a 2 ≤ τ can be re-written as Equation (30) shows that column vector y is constrained to a unit sphere and the attack vector a expressed as a = τy − z.
Because A = H T W H −1 H T W, combining Equations (11) and (31), state variations caused by an attack can be written as Sincex = Az, Equation (32) can be re-written as 1 τ (c +x) = Ay.
The singular value decomposition of matrix A can be express as Lemma 3 shows that in R m the image set of y is an ellipsoid, Using the columns of U as a set of basis, the ellipsoid can be written as Equation (35) can be re-written as c +x where Σ r is a diagonal matrix whose elements are the singular values of matrix A. Equation (36) shows the range of state change under attack. An attacker can select a specific c 0 in the range to construct an attack vector when they make an FDIA. However, since the representation of the state is under the natural basis E, it is necessary to convert the coordinate representation of U into the representation of the natural basis E. Since the matrix U is a unitary matrix, the basis transformation matrix U T can convert the coordinates under the basis U into coordinates under the basis E. The coordinates of the image set of y with E as the basis can be expressed as Remark 7. If attack vector satisfies Corollary 1, its effect on state is limited.

Sparse Attack Vector Construction Based on l 0 Norm
In this subsection, c is selected with the restriction of Equation (37) as derived in Section 3.3. Attackers also needs to consider that it is unrealistic to tamper with the measurements on a large scale. This will not only increase the cost but also increase the possibility of being detected. Therefore, the sparseness of the attack vector is chosen as the objective function, the design problem is transformed into an optimization problem of l 0 -norm.
Since c = Aa, after the desired state variable c 0 is determined as the attackers, if they have access to all the measuring instruments, the current measurements will construct the attack vector to meet the attacks' needs. To reduce the cost and risk of the attack, the attackers tend to the modified measurement as little as possible, i.e., the attack vector should be as sparse as possible. Therefore, the attacker's requirements can be described as Equation (39) represents a constrained l 0 -norm optimization problem, which is a non-convex optimization. Compare with the methods in [25][26][27], the constraint in this method z + a 2 ≤ τ on attack vectors are relaxed, which can improve the sparseness of attack vectors. Compare with the literature [30], the effectiveness of the attack in this method is explicitly specified. Moreover, the variable domain of the state is proposed in this method, which gives the attacker a reference when carrying out an attack. Since the above model is the l 0 -norm optimization problem, the greedy algorithm can be used to solve it. In this paper, the OMP algorithm is used to solve the problem. The OMP algorithm is often used in the study of compressed sensing, and it described in the literature [32]. The OMP algorithm pseudo-code (Algorithm 1) is given below.

Algorithm 1 OMP algorithm for sparse constrained a
Require: Expected state variation c 0 , dictionary A, sparseness k. Ensure: Sparse attack vector a.
1: Initial solution a 0 = 0, initial residual r 0 = c 0 , i = 1, initial Λ = ∅.  4: t k = arg max k t k : ∀k / ∈ Λ (Find new minimizer) 5: If z + a 2 ≤ τ, else break; (Update residual) 9: The attackers implement an attack that can be expressed as follows. First, adversaries implant virus software by hacking into the target host. Then, the adversaries continuously steal measurement z. After that, adversaries can construct the appropriate attack vector a using this method based on the stolen measurements. Then, the constructed attack is implanted in the available measurement and uploaded to the control station. Finally, the control station will be misled by the attacked data and makes a series of wrong operations, which will cause the system to crash.

Simulations Study
To verify its feasibility and effectiveness, the proposed new sparse attack strategy is tested on the Institute of Electrical and Electronic Engineers (IEEE) 14-bus system and a coastal distribution network. After the measurement z captured, there are four steps for designing: Step 1: Determine Π a which is the feasible domain of the attack vector. (see Section 3.1). 2.
Step 2: The state variation domain can be calculated by Π a (see Section 3.3). 3.
Step 3: Select c 0 in the state variation domain as the expected variation. 4.
Step 4: Construct an attack vector using the Algorithm 1. Figure 2 is the one-line diagram of the IEEE 14-bus system. Node 1 is the reference node. Assuming the system is fully measurable. For the system, there are 54 measurements, and z ∈ R 54×1 . z (1:14) are the active power of the bus, z (15:34) are the inflow nodes branch power and z (35:54) are the outflow nodes branch power. The measurement is subject to the Gaussian distribution noise v i ∈ N 0, 0.05 2 . The full measurement matrix H ∈ R 54×13 . The degrees of freedom of the Chi-square detector is m − n = 41. According to the Chi-square distribution table, the BDD detection threshold is τ = 56.942 when the significance level is 0.05.

Case 1:IEEE 14-bus System
The domain Π a can be calculated after the measurement z is knowing to the attacks. Figure 3 is the range of state variation (see Section 3.3) under the basis U, it needs to be transformed into the range under the basis E. Since the state variable is a high-dimensional vector, it cannot be completely presented in two-dimensional coordinates. In Figure 3, the red cycles are the center of the state variable and the triangles are intersection point with each axis coordinate. To verify the effectiveness of the proposed method, a specific state variation is chosen as (40) Figure 4 shows the influence of c 0 on the state estimation results, where the state estimation will deviate greatly from the real estimation results.   Table 1 shows the attacked measurement indexes selected under different sparseness k, which k is the total number of z i under attack. It is observed that z 2 is an important measurement since it is always in the index list to be attacked. Therefore, as a defender, it is important to secure z 2 from being attacked. Avoided as much as possible from attackers.  9 2, 4, 5, 6, 7, 11, 13, 15, 21 11 2, 4, 5, 6, 7, 10, 11, 13, 15, 21, 53 13 2, 3, 4, 5, 6, 7, 9, 10, 11, 13, 15, 21, 53 Figure 5 is the attack vectors with two values of the sparseness k. The horizontal axis represents the measurement indexes and the vertical axis is the value of injected data. There are different effects variations on state estimation with different sparse attack vectors. Figure 6 shows the attack vector's effects with different sparse a. Figure 6 shows that when k = 2, the selected a has been able to achieve the main effect on state estimation. Moreover, with the continuous increase of sparseness, the effect generated by a keeps approaching the expected c 0 . When k =13, the effect basically approximates c 0 . Therefore, an attacker can choose different sparseness a base on their demands. If an attacker expects state variation controlled accurately, they can also choose a as sparse as possible. Or, if only the main variations required, an extreme sparse a can be chosen.
The residual detection is shown in Figure 7. Residual detection results show that the proposed algorithm can trace a sufficiently sparse attack vector a in the feasible domain and the residual caused by a is less than the threshold. Figure 8 is the results of state estimation after different sparseness a injected into measurement, shows the attacks' effectiveness are satisfied.

Network Level Lines
The state variation c 0 is outside ±10%, therefore the control center will adjust the generator output or load. After c 0 is determined, the proposed algorithm can be used to construct the attack vector a. The attack vectors selected under the sparseness k = 1, 2 are shown in Table 5: The attack vectors injected into the corresponding measurement indexes, the results of the Chi-square test is shown in Table 6:  Figure 10 shows that the effect of state estimator under attacking and simulation results show that the proposed method is correct and effective. Moreover, the proposed method guarantees the attack vectors' sparseness.

Discussion
It can be seen from the results of Cases 1 and 2 that the generated attack vector can achieve the effect of the attacker without triggering the BDD alarm. In terms of the sparseness, this method is shown in Figure 6 that the generated attack has been able to achieve the main effect on state estimation when k = 2. This indicates that up to 96% sparseness has been able to achieve the main effect, and the attackers simply needs to tamper with the results of two sensors, and the costs and risks are greatly reduced. Moreover, with the continuous increase of nonzero elements, the effect generated by attack keeps approaching the expected. However, the method proposed in this paper requires the attackers to have access to all the meters, it is valuable to develop method to reduce this demand in the future.

Conclusions
To help to improve SGs security and more effective defense against attacks, the FDIA attack vector design method in SGs is studied. From the point of the attackers, to construct sparser and effective attack vectors, the feasible region of attack vectors based on the vulnerability of the Chi-square detector is derived. Then, the attack vector validity constraint is proposed when the selected attack vectors could impact on the system. Next, the domain of the state variations caused by the attack vector in the feasible region is calculated. This provides the basis for the attacker to select the appropriate target state variable. Finally, an attack vector is constructed based on l 0 -norm using OMP algorithms in the feasible region. The method proposed in this paper can improve the sparseness of attack and reduce the risks and costs. Moreover, the attack vector feasible region and state variable domain derived can also provide theoretical support for other design methods. However, the theory still needs to have access to all the instruments. It will be meaningful to reduce this requirement in future research. Furthermore, it is meritorious to propose a new false data attack detection method in the future.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: