Resilience Enhancement for Power System State Estimation Against FDIAs with Moving Target Defense

Abstract

False data injection attack (FDIA) by tampering with the sensor measurements is a big threat to the system’s observability. Power system state estimation (PSSE) is a critical observing function challenged by FDIAs in terms of its resiliency. Therefore, in this paper, we analyze the effectiveness of moving target defense (MTD) in enhancing the resiliency of PSSE against FDIAs. To begin with, the resiliency factor of PSSE against FDIAs is quantified using the relative estimation error against the injected measurement error. Then, the MTD is strategically designed to improve the resiliency factor by changing the line parameter and measurement case, for which the analytical results are provided. Furthermore, the infrastructure and operation costs caused by MTD are optimized to construct a cost-effective MTD. Finally, extensive simulations are conducted to validate the effectiveness of MTD in enhancing PSSE’s resiliency against FDIAs, which show that the MTD can improve the system’s resiliency factor by 10–20% and the generation cost can be reduced by about 10 USD/MWh after MTD.

1. Introduction

Power system state estimation (PSSE) is a critical function for the efficient operation and control of the modern power system. It is supported by the wide area monitoring system that is realized through the information and communication infrastructure. A typical example is supervisory control and data acquisition (SCADA), which monitors and controls the modern power system. However, the vulnerabilities exposed in the network and devices make the power system prone to cyberattacks [1]. Recent attack events (such as the BlackEnergy [2] and cyberattack during the two-country war (Pak military says it “paralyzed 70% of India’s power grid,” with further verification needed, but power facilities are vulnerable targets: expert, https://www.globaltimes.cn/page/202505/1333740.shtml (accessed on 19 August 2025))) have demonstrated the cyber risk of power systems. Therefore, a natural derivation is that PSSE can be attacked by cyber intrusions.

False data injection attack (FDIA) is a typical cyberattack that has attracted attention for more than a decade [3]. The attacker injects malicious errors into the sensor measurements to cause biases in the state estimates of PSSE [4]. As the data authenticity is destroyed, the downstream functions are affected. The typical FDIAs include error injection [5,6], load-altering attack [7], stealthy attack [8,9], and adversarial attack [10]. For the error injection attack, the attacker injects errors into the measurements or control commands with the goal to affect the system operation and control. Zhang et al. [11] proposed an attack that targets the load frequency control system by injecting errors into the control command of the capacitor compensation device. For the load-altering attack, the attacker modifies the load measurements to cause an increase in generation cost and/or nodal prices. Alaa and Zhao [12] developed a testbed with a cyber–physical setting and a real-time digital simulator to evaluate the impact of load-altering attack on the topology control. For the stealthy attack, the attacker aims to coordinate multiple attacks to bypass the anomaly detector. Zhang et al. [13] coordinated the time-delay and false data injection attacks to conceal the impact of either attack on the frequency control system. For the adversarial attack, the attacker aims to thwart machine-learning-based power system applications. Therefore, the power system is vulnerable to FDIAs. The attack can cause economic loss by injecting false consumption and generation information [14]. The resiliency of PSSE against FDIAs must be investigated for enhancing the system’s security.

Moving target defense (MTD) is a typical defense approach against FDIAs. The MTD can be designed by perturbing the physical parameters of the system topology [15] and the communication channels of the communication network [16]. PSSE is a typical protection target with MTD [17]. The basic insight of MTD is to change the attack space and increase the information uncertainty for potential attackers. It enables the defender to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase the complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency. However, most existing studies focus on the design of MTD for detecting FDIAs from the information layer. Since MTD changes the power network and/or communication network, it also induces an intrinsic enhancement of defense capability (i.e., resiliency) against FDIAs. In our opinion, the related investigation is necessary and worthy for the further implementation of MTD.

Therefore, in this paper, we analyze the effectiveness of MTD in enhancing the resiliency of PSSE, aiming to minimize its deployment cost. Although the deployment cost of MTD has been discussed in [18], the performance constraints are different since the existing studies mainly consider the attack detection constraint. The resiliency is a new metric for quantifying the effectiveness of MTD. Our idea is to analyze the sensitivity of PSSE against FDIAs before and after MTD. The upper bound is derived to measure the change in the relative error against the injection error. The deployment cost of MTD considers two aspects: infrastructure cost and operation cost. The infrastructure cost acts as the constraint for optimizing the operation cost. Overall, the contributions are fourfold:

• First, we use a new metric (i.e., resiliency) to quantify the effectiveness of MTD in defending against FDIAs.
• Second, the analytical upper bounds for the resiliency of PSSE against FDIAs under different MTD scenarios are derived.
• Third, the deployment cost of MTD is optimized to realize a cost-effective defense strategy.
• Fourth, extensive simulations are conducted to validate the performance of MTD in enhancing the resiliency of PSSE against FDIAs.

The remainder of this paper is organized as follows. We introduce the system model and attack model in Section 2. The resiliency enhancement and cost optimization for MTD are analyzed in Section 3. The simulation results are provided in Section 4. Section 6 concludes the paper. The abbreviations used in this paper are given in the Abbreviations list.

2. System Model and Attack Model

PSSE is introduced for the background knowledge, and the attack model can help the following derivations. The model is constructed according to the power transmission network, which is formed by transmission lines (shortened by “line”) and buses. PSSE is used to estimate the voltage phase angles of buses.

2.1. System Model

With the DC model [19], the power flow equations are usually modeled as

$$F_{ij}=-B_{ij}({\beta }_i-{\beta }_j),P_i=\sum _{j\in {\mathcal{F}}_i}{F}_{ij},$$

(1)

where $F_{ij}$ is the power flow from bus i to bus j, $B_{ij}$ is the equivalent susceptance (reciprocal of the reactance) of line $\{i,j\}$, ${\beta }_i$ are the voltage phase angles of bus i, $P_i$ is the power injection of bus i, and ${\mathcal{F}}_i$ are neighboring buses connected to bus i. Suppose that the lines form a set $\mathcal{L}\doteq \{l_1,l_2,\cdots ,l_n\}$ and the buses form a set $\mathcal{M}\doteq \{1,2,\cdots ,m+1\}$ by making bus 1 the reference bus. The remaining n voltage phase angles are ${\beta }_1,{\beta }_2,\cdots ,{\beta }_n$. These variables are denoted by $\mathit{X}\in {\mathbb{R}}^n$ and estimated by PSSE. The line $l_k=\{i,j\}$ forms the connection between bus i and bus j. The measurement function is formulated as

$$\mathit{Z}=\mathit{M}\mathit{X}+\mathit{\zeta }.$$

(2)

where $\mathit{M}$ is the measurement matrix and $\mathit{Z}$ are measurements of power injections and/or power flows.

2.2. Formulation of the Measurement Matrix

The measurement matrix is constructed according to the line–bus incidence matrix and the diagonal line susceptance matrix. The line–bus incidence matrix $\mathit{E}\in {\mathbb{R}}^{n\times (m+1)}$ is formed by

$$E_{ki}=\left\{\begin{array}{cc}1,\hfill & \mathrm{start}\mathrm{from}\mathrm{bus}i;\hfill \\ -1,\hfill & \mathrm{end}\mathrm{at}\mathrm{bus}i;\hfill \\ 0,\hfill & \mathrm{otherwise},\hfill \end{array}\right.$$

(3)

where $E_{ki}$ is the element at position $(k,i)$ of the matrix $\mathit{E}$ and k is the index of the transmission line. Normally, by selecting the first bus as the reference bus, the size of the matrix $\mathit{E}$ is $n\times m$. For the diagonal line susceptance matrix $\mathit{S}\in {\mathbb{R}}^{n\times n}$, its element $S_{kk}$ is $-B_{ij}$ for line $l_k=\{i,j\}$. Thus, we can derive the following matrices:

$$\mathit{B}={\mathit{E}}^T\mathit{S}\mathit{E},\mathit{H}=\mathit{S}\mathit{E},$$

(4)

where $\mathit{B}$ is an $m\times m$ matrix and $\mathit{H}$ is an $n\times m$ matrix. Actually, we have

$$\mathit{F}=\mathit{H}\mathit{X},\mathit{P}=\mathit{B}\mathit{X},$$

(5)

in which $\mathit{F}$ and $\mathit{P}$ are vectors of power flows and power injections, respectively. Suppose that all transmission lines and buses are measured; then, we have a measurement matrix like

$${\mathit{M}}^{\mathrm{full}}={\left[\begin{array}{ccc}\mathit{B}& \mathit{H}& -\mathit{H}\end{array}\right]}^T.$$

(6)

It should be noted that any measurement matrix $\mathit{M}$ is extracted from the measurement matrix ${\mathit{M}}^{\mathrm{full}}$ by selecting some rows. The measurement matrix $\mathit{M}$ usually has a full column rank. In other words, the measurement matrix $\mathit{M}$ is formed by choosing a measurement set $\mathcal{M}$; that is,

$$\mathit{M}={\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}.$$

(7)

For example, there are some transmission lines being monitored while others are not. The vector of power flows $\mathit{F}$ is not fully formed. If only the power flows are measured, then we have

$$\mathit{M}={\mathit{M}}_{\mathcal{L}}^{\mathrm{full}}.$$

(8)

2.3. Power System State Estimation

PSSE is computed based on the measurement model (2) with the least square method. The voltage phase angles are estimated as

$$\widehat{\mathit{X}}={\left({\mathit{M}}^T\mathit{Q}\mathit{M}\right)}^{-1}{\mathit{M}}^T\mathit{Q}\mathit{Z},$$

(9)

where $\mathit{Q}$ is covariance matrix of the measurement noise. Here, we give the definition of the resiliency of PSSE.

Definition 1. 

The resiliency of PSSE is computed according to the estimation error $\Delta \widehat{\mathbf{X}}$ caused by the disturbance $\Delta \mathbf{Z}$ injected by the attacker, i.e.,

$${\displaystyle \frac{\parallel \Delta \widehat{\mathbf{X}}\parallel }{\parallel \widehat{\mathbf{X}}\parallel }}=\sigma \left({\displaystyle \frac{\parallel \Delta \mathbf{Z}\parallel }{\parallel \mathbf{Z}\parallel }}\right),$$

(10)

where $\sigma (\ast )$ is a function of the relative error and $\parallel \ast \parallel$ is any norm of the vector.

2.4. Attack Model

Before introducing the attack model, we introduce the attack on the Ukrainian power grid [2]. The details of the attack are as follows:

• Initial Access: The attackers gained access to the corporate networks of three Ukrainian energy distribution companies through spear-phishing emails containing the BlackEnergy 3 malware. This initial compromise occurred months before the actual attack, allowing the hackers to conduct reconnaissance.
• Reconnaissance and Planning: Over several months, the attackers used the malware to map out the networks, steal credentials, and identify vulnerabilities. They moved from the corporate IT networks to the operational technology (OT) networks that control the power grid’s physical components.
• The Attack Phase: On the day of the attack, the hackers remotely took control of the supervisory control and data acquisition (SCADA) systems at the utility companies’ control centers. They used the operators’ human–machine interfaces (HMIs) to open circuit breakers at about 30 substations, causing a blackout for over 230,000 customers in the Ivano-Frankivsk region.
• Other coordinated attacks: The attacker wiped data from servers and workstations using KillDisk malware and flooded the customer service call centers with fake calls in a denial-of-service (DoS) attack, preventing customers from reporting the outage.

The attack resulted in a power outage that lasted from one to six hours, affecting hundreds of thousands of people during the holiday season. From this attack example, we find that the attacker has the capability of executing the FDIA. As modern power systems integrate solar photovoltaics (PVs), wind farms, fuel cells (FCs), and battery chargers (BCs), Kamel et al. [20] proposed a two-control system approach to manage uncertainty and maintain the system’s stability. On the other hand, in this paper, our goal is to enhance the resiliency of power system state estimation against FDIAs.

As given in [21], the vulnerability of the communication network always exists due to the unavoidable flaws in the digital devices and systems. The cyberattack event that happened in Ukraine demonstrates the weakness of the grid’s information and communication infrastructure against attacks. In this paper, we mainly consider that the sensor measurements are targeted and modified by the attacker. As for the typical FDIA, it is formulated into three types:

• Random FDIA (R-FDIA): A random error ${\mathit{\omega }}^r$ is injected into the measurement, i.e.,

  $${\mathit{Z}}^a=\mathit{Z}+{\mathit{\omega }}^r.$$

  (11)
• Noise-based FDIA (N-FDIA): A very small error ${\mathit{\omega }}^s$ is injected into the measurement with the attempt to avoid being detected, i.e.,

  $${\mathit{Z}}^a=\mathit{Z}+{\mathit{\omega }}^s.$$

  (12)
• Stealthy FDIA (S-FDIA): A strategically designed error $\mathit{M}{\mathit{\omega }}^d$ is injected into the measurement with the attempt to bypass the bad data detector (BDD), i.e.,

  $${\mathit{Z}}^a=\mathit{Z}+\mathit{M}{\mathit{\omega }}^d.$$

  (13)

For the random FDIA, the attacker has the capability of compromising the sensor measurements; however, they do not know how to modify the measurement due to the limited knowledge of the system. For the noise-based FDIA, the attacker has the capability of compromising the sensor measurement and observing that the measurement has noise. The attacker can manipulate the sensor measurement by injecting the error following the noise distribution. For the stealthy FDIA, the attacker not only has the capability of compromising the sensor measurement but also has full knowledge of the system parameters. This is a powerful attack that can hide the abnormal measurement in the normal measurements. Therefore, these three attacks indicate that the attacker has stronger and stronger capabilities.

3. Resiliency Enhancement for PSSE with Moving Target Defense

In this section, we prove that the moving target defense (MTD) can enhance the resiliency of PSSE. Zhao et al. [22] improved the resilience of the renewable-energy-integrated system by protecting critical nodes and deploying energy storage nodes. However, our goal is to improve PSSE’s resiliency by strategically designing the MTD.

3.1. Moving Target Defense

The main function of MTD is to increase uncertainty for attackers. The unexpected change can make the attacker lose invisibility after MTD. In power systems, there are two types of MTD: physical MTD (pMTD) and network MTD (nMTD). These two kinds of MTD are introduced as follows.

pMTD: The flexible alternating current transmission system (FACTS) is usually used to eliminate the electricity transmission constraints and bottlenecks, which works by modifying the reactances of transmission lines [23]. It is used to construct the MTD by changing the line susceptance [24]. The MTD is used for defending against S-FDIAs based on the idea that the attacker can only know the old measurement matrix while the new one is created by MTD and not expected by the attacker [15]. Suppose that the susceptance of line $l_k=\{i,j\}$ is modified. Then, the parameters are changed successively; that is,

$$\begin{array}{cc}\hfill & \mathrm{Choose}{l}_k\mathrm{for}\mathrm{MTD}\Rightarrow B_{ij}\mathrm{is}\mathrm{changed}\hfill \\ & \Rightarrow \mathit{M}\mathrm{is}\mathrm{changed}\mathrm{correspondingly}\Rightarrow {\mathit{M}}^{\mathrm{pMTD}}\hfill \end{array}$$

(14)

nMTD: The network traffic can be controlled and redirect in a dynamic manner. As the measurements are collected from RTUs, IEDs, and/or PMUs, these communication traffic flaws can be periodically selected and forwarded to the control center for PSSE. In that case, the measurement set $\mathcal{M}$ can be changed by the defender to enhance the resiliency of PSSE. By denoting the measurement set ${\mathcal{M}}^{\mathrm{MTD}}$ for N-MTD, the measurement matrix is constructed as

$${\mathit{M}}^{\mathrm{nMTD}}={\mathit{M}}_{{\mathcal{M}}^{\mathrm{MTD}}}^{\mathrm{full}}.$$

(15)

With the change in the measurement set, the unexpected changes cause the attack to fail or be detected.

3.2. Resiliency Enhancement with MTD

According to Definition 1, the resiliency of PSSE is considered as the relative error against the error injected into the measurement. Here, we consider two cases to enhance the resiliency of PSSE with MTD.

3.2.1. Fully Measured Power Injections

First, we consider that the power injections of buses are fully measured. In other words, the vector of power injections $\mathit{P}$ is complete. Therefore, we have

$$\mathit{P}=\mathit{B}\mathit{X}.$$

(16)

Since the matrix $\mathit{B}$ is symmetric invertible (can be proved using (3) to (5)), we can estimate the state variables as

$$\widehat{\mathit{X}}={\mathit{B}}^{-1}\mathit{P}.$$

(17)

Considering that the power injections are measurements, the estimation results are sensitive to the measurement error. Supposing that the error of FDIA injected into the measurement of power injection is $\Delta \mathit{P}$, we have

$${\mathit{P}}^{\mathrm{att}}=\mathit{P}+\Delta \mathit{P}.$$

(18)

In the following, we analyze the resiliency of PSSE against the general FDIA (including R-FDIA, N-FDIA, and S-FDIA). Suppose that the estimation error caused by FDIA is $\Delta \widehat{\mathit{X}}$; then, we have

$$\mathit{P}+\Delta \mathit{P}=\mathit{B}(\mathit{X}+\Delta \widehat{\mathit{X}}).$$

(19)

Thus, we can derive that

$$\Delta \widehat{\mathit{X}}={\mathit{B}}^{-1}\Delta \mathit{P}.$$

(20)

With (16) and (20), we can use the norm compatibility to obtain

$${\parallel \mathit{P}\parallel }_{\pi }\le {\parallel \mathit{B}\parallel }_{\pi }\parallel \widehat{\mathit{X}}{\parallel }_{\pi },\parallel \Delta \widehat{\mathit{X}}{\parallel }_{\pi }\le \parallel {\mathit{B}}^{-1}{\parallel }_{\pi }{\parallel \Delta \mathit{P}\parallel }_{\pi },$$

(21)

where $\pi$ can be 0, 1, 2, and ∞; actually, it can be any norm. Hence, we can further derive that

$${\displaystyle \frac{\parallel \Delta \widehat{\mathit{X}}\parallel }{\parallel \widehat{\mathit{X}}{\parallel }_{\pi }}}\le \parallel {\mathit{B}}^{-1}{\parallel }_{\pi }{\parallel \mathit{B}\parallel }_{\pi }{\displaystyle \frac{{\parallel \Delta \mathit{P}\parallel }_{\pi }}{{\parallel \mathit{P}\parallel }_{\pi }}}.$$

(22)

From Definition (10), the resiliency of PSSE against FDIAs is closely related to the factor $\eta =\parallel {\mathit{B}}^{-1}{\parallel }_{\pi }{\parallel \mathit{B}\parallel }_{\pi }$: the smaller the factor $\eta$, the more resilient PSSE is against FDIAs. Therefore, we define $\eta$ as the resiliency factor.

For the construction of matrix $\mathit{B}={\mathit{E}}^T\mathit{S}\mathit{E}$, we find that it is related to the system topology (the matrix $\mathit{E}$ represents the connection relationship between transmission buses) and line parameters (the matrix $\mathit{S}$ is formed by the line susceptance). According to Section 3, pMTD can change the line parameter and hence change the resiliency factor $\eta$; that is, we have

$$\begin{array}{cc}\hfill & \mathrm{Choose}{l}_k\mathrm{from}\mathrm{a}\mathrm{line}\mathrm{set}{\mathcal{L}}^{\mathrm{pMTD}}\mathrm{for}\mathrm{MTD}\hfill \\ & \Rightarrow B_{ij}\mathrm{for}\mathrm{all}{l}_k\in {\mathcal{L}}^{\mathrm{pMTD}}\mathrm{is}\mathrm{changed}\hfill \\ & \Rightarrow \mathit{B}\mathrm{is}\mathrm{changed}\mathrm{correspondingly}\hfill \\ & \Rightarrow \mathrm{The}\mathrm{resiliency}\mathrm{factor}\eta \mathrm{is}\mathrm{changed}.\hfill \end{array}$$

(23)

By denoting the measurement matrix and resiliency factor after pMTD as $\tilde{\mathit{B}}$ and ${\eta }^{\mathrm{pMTD}}$, respectively, we have

$${\eta }^{\mathrm{pMTD}}=\parallel {\tilde{\mathit{B}}}^{-1}{\parallel }_{\pi }{\parallel \tilde{\mathit{B}}\parallel }_{\pi }.$$

(24)

To enhance the resiliency of PSSE against FDIAs, we need to guarantee that

$${\eta }^{\mathrm{pMTD}}<\eta .$$

(25)

Therefore, the effectiveness of pMTD for improving the resiliency of PSSE is given by

$$\Delta \eta =\eta -{\eta }^{\mathrm{pMTD}}<0.$$

(26)

The smaller the $\Delta \eta$, the better designed the pMTD. $\Delta \eta$ is used as an indicator for the performance of the designed pMTD to defend against FDIAs. Given the first ($\pi =1$), second ($\pi =2$), and infinity ($\pi =\infty$) norm as examples, we have

$$\begin{array}{cc}\hfill & {\parallel \mathit{B}\parallel }_1=\underset{1\le j\le m}{max}\sum _{i=1}^n\mid B_{ij}\mid ,{\parallel \mathit{B}\parallel }_{\infty }=\underset{1\le i\le n}{max}\sum _{j=1}^m\mid B_{ij}\mid ,\hfill \\ \hfill & {\parallel \mathit{B}\parallel }_2=\sqrt{\mathrm{Trace}\left({\mathit{B}}^T\mathit{B}\right)}=\sqrt{\mathrm{Trace}\left(\mathit{B}\mathit{B}\right)}.\hfill \end{array}$$

(27)

Suppose that the system topology is not changed; then, we can see that the resiliency factor is related to the line parameters (i.e., susceptance). If the line parameters are smaller after pMTD, then the resiliency of PSSE against FDIAs can be improved; that is, the pMTD should be designed as

$$\begin{array}{cc}\hfill & B_{ij}\mathrm{for}{l}_k=\{i,j\}\in {\mathcal{L}}^{\mathrm{pMTD}}\mathrm{is}\mathrm{reduced}\hfill \\ \hfill & \Rightarrow {\eta }^{\mathrm{pMTD}}<\eta \Rightarrow \Delta \eta <0\hfill \end{array}$$

(28)

3.2.2. Partially Measured Measurements

In a general case, the power flows and injections are partially measured. The measurement function refers to (2). Given a measurement set $\mathcal{M}$, we have

$$\mathit{Z}={\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}\mathit{X}.$$

(29)

Similarly, we can derive the following resiliency results. Suppose that the measurement error caused by FDIAs is denoted by $\Delta \mathit{Z}$ and the estimation error is $\Delta \widehat{\mathit{X}}$; then, we have

$$\mathit{Z}+\Delta \mathit{Z}={\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}(\mathit{X}+\Delta \widehat{\mathit{X}})$$

(30)

Hence, by using the Moore–Penrose pseudoinverse of ${\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}$, we can derive that

$$\Delta \widehat{\mathit{X}}={\underline{\mathit{M}}}_{\mathcal{M}}^{\mathrm{full}}\Delta \mathit{Z},$$

(31)

where ${\underline{\mathit{M}}}_{\mathcal{M}}^{\mathrm{full}}$ is the Moore–Penrose pseudoinverse. Moore–Penrose pseudo-inverse is the most widely known generalization of the inverse matrix. The advantage of using the Moore–Penrose pseudo-inverse is that it can compute a “best fit” (least squares) approximate solution to a system of linear equations that lacks an exact solution [25]. From (29)–(31), we have

$$\begin{array}{cc}\hfill & {\parallel \mathit{Z}\parallel }_{\pi }\le \parallel {\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}{\parallel }_{\pi }{\parallel \mathit{X}\parallel }_{\pi }{,\parallel \Delta \mathit{Z}\parallel }_{\pi }\le \parallel {\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}{\parallel }_{\pi }{\parallel \Delta \widehat{\mathit{X}}\parallel }_{\pi },\hfill \\ & \parallel \Delta \widehat{\mathit{X}}{\parallel }_{\pi }\le \parallel {\underline{\mathit{M}}}_{\mathcal{M}}^{\mathrm{full}}{\parallel }_{\pi }{\parallel \Delta \mathit{Z}\parallel }_{\pi }.\hfill \end{array}$$

(32)

Further, the resiliency of PSSE against FDIAs is given by

$${\displaystyle \frac{\parallel \Delta \widehat{\mathit{X}}{\parallel }_{\pi }}{{\parallel \mathit{X}\parallel }_{\pi }}}\le \parallel {\underline{\mathit{M}}}_{\mathcal{M}}^{\mathrm{full}}{\parallel }_{\pi }·{\parallel {\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}\parallel }_{\pi }·{\displaystyle \frac{{\parallel \Delta \mathit{Z}\parallel }_{\pi }}{{\parallel \mathit{Z}\parallel }_{\pi }}}.$$

(33)

From Definition 1, the resiliency factor in this measured case is

$$\eta =\parallel {\underline{\mathit{M}}}_{\mathcal{M}}^{\mathrm{full}}{\parallel }_{\pi }·{\parallel {\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}\parallel }_{\pi }.$$

(34)

Since ${\mathit{M}}_{\mathcal{M}}^{\mathrm{full}}$ is constructed according to the line parameters and system topology, the pMTD and nMTD can be used to enhance the resiliency of PSSE. For the pMTD, it works similarly to the case given in Section 3.2.1. By changing the line parameters, the measurement matrix is changed accordingly. Thus, the resiliency factor is made smaller than that before pMTD. For the nMTD, it works by changing the measurement set. Suppose that the measurement set after nMTD is ${\mathcal{M}}^{\mathrm{nMTD}}$; then, the resiliency factor after nMTD is

$${\eta }^{\mathrm{nMTD}}=\parallel {\underline{\mathit{M}}}_{{\mathcal{M}}^{\mathrm{nMTD}}}^{\mathrm{full}}{\parallel }_{\pi }·{\parallel {\mathit{M}}_{{\mathcal{M}}^{\mathrm{nMTD}}}^{\mathrm{full}}\parallel }_{\pi }.$$

(35)

Therefore, the goal of designing an effective nMTD is to make the following term satisfied:

$${\eta }^{\mathrm{nMTD}}<\eta .$$

(36)

By coordinating the pMTD and nMTD, we construct an MTD strategy to improve the resiliency of PSSE against FDIAs. In other words, the coordinated pMTD and nMTD results in the resiliency factor being

$${\eta }^{\mathrm{MTD}}=\parallel {\underline{\tilde{\mathit{M}}}}_{{\mathcal{M}}^{\mathrm{nMTD}}}^{\mathrm{full}}{\parallel }_{\pi }·{\parallel {\tilde{\mathit{M}}}_{{\mathcal{M}}^{\mathrm{nMTD}}}^{\mathrm{full}}\parallel }_{\pi },$$

(37)

where ${\tilde{\mathit{M}}}_{{\mathcal{M}}^{\mathrm{nMTD}}}^{\mathrm{full}}$ denotes the measurement matrix in which the line parameters are changed. Therefore, our goal is to make

$${\eta }^{\mathrm{MTD}}<\eta .$$

(38)

The effectiveness of the coordinated pMTD and nMTD is quantified as

$$\Delta \eta =\eta -{\eta }^{\mathrm{MTD}}<0.$$

(39)

3.3. Optimal MTD for Enhancing the Resiliency of PSSE

With the foregoing analysis, we have proved that the resiliency of PSSE against FDIAs can be enhanced by MTD. However, the deployment cost must be considered due to the impact of MTD on the system’s operation [26]. Typically, the deployment cost of MTD includes two parts: infrastructure cost and operation cost. For the infrastructure cost of pMTD, it is defined as the sum of the relative injected error of the line parameter; that is,

$$\sum _{\{i,j\}\in {\mathcal{L}}^{\mathrm{pMTD}}}\mid {\displaystyle \frac{\Delta B_{ij}}{B_{ij}}}\mid .$$

(40)

The line parameter of line $\{i,j\}$ after pMTD is ${\tilde{B}}_{ij}=B_{ij}+\Delta B_{ij}$. For the infrastructure cost of nMTD, it is defined as the change in the measurement set; that is,

$$\Delta \mathcal{M}=\mathcal{M}/{\mathcal{M}}^{\mathrm{nMTD}}\cup {\mathcal{M}}^{\mathrm{nMTD}}/\mathcal{M},$$

(41)

where the operation $\mathcal{M}/{\mathcal{M}}^{\mathrm{nMTD}}$ means that the measurements are in $\mathcal{M}$ but not in ${\mathcal{M}}^{\mathrm{nMTD}}$.

To economically operate the power system, the generation cost is minimized by solving the optimal power flow (OPF) problem with given loads. The OPF problem is usually formulated as

$$\begin{array}{cc}\hfill & U_0=\underset{\mathit{G}}{\min }U\left(\mathit{G}\right)\hfill \end{array}$$

(42)

$$\begin{array}{cc}\hfill & s.t.{\mathit{G}}^{\min }\le \mathit{G}\le {\mathit{G}}^{\max }\hfill \end{array}$$

(43)

$$\begin{array}{cc}\hfill & \sum \mathit{G}=\sum \mathit{D}\hfill \end{array}$$

(44)

$$\begin{array}{cc}\hfill & -{\mathit{F}}^{\max }\le \mathit{S}\mathit{E}{\mathit{B}}^{-1}\tilde{\mathit{P}}\le {\mathit{F}}^{\max },\hfill \end{array}$$

(45)

in which, $\mathit{G}$ is a vector of generations, $\mathit{D}$ is a vector of loads, $U_0$ is the optimal generation cost, and $U\left(\mathit{G}\right)$ represents a convex function of power generations, which is

$$G\left(\mathit{g}\right)=\sum _{i=1}^q{c}_i{G}_i^2+c_i^{\prime }{G}_i+c_i^{″},$$

(46)

in which q is the number of generators and $c_i$, $c_i^{\prime }$, and $c_i^{″}$ are cost coefficients. If the $i^{th}$ element of $\mathit{G}$ is 0, it means that the corresponding bus does not connect to a generator. If the $i^{th}$ element of $\mathit{D}$ is 0, it means that the corresponding bus does not connect to any load. ${\mathit{G}}^{\min }$ and ${\mathit{G}}^{\max }$ are lower and upper limits of generation outputs. ${\mathit{F}}^{\max }$ is a vector of positive congestion power flows. $\mathit{F}=\mathit{S}\mathit{E}{\mathit{B}}^{-1}\tilde{\mathit{P}}$ is a vector of power flows. $\tilde{\mathit{P}}$ is obtained by maintaining all but the first element of the vector $\mathit{P}=\mathit{G}-\mathit{D}$. The constraint (43) denotes the generation limits. The constraint (44) represents the power balance between power generation and load. The constraint (45) indicates the transmission limits. We recognize that the change caused by MTD will affect the generation cost. Since $U_0$ is the minimum generation cost before MTD, the optimization of MTD can be formulated as

$$\begin{array}{cc}\hfill & \Delta U^{*}=\underset{\mathit{G},{\tilde{B}}_{ij},\{i,j\}\in {\mathcal{L}}^{\mathrm{pMTD}}}{\min }U\left(\mathit{G}\right)-U_0\hfill \\ \hfill & s.t.\left(43\right),\left(44\right)\hfill \end{array}$$

(47)

$$\begin{array}{cc}\hfill & v^{\min }\le {\tilde{B}}_{ij}/B_{ij}\le v^{\max },\{i,j\}\in {\mathcal{L}}^{\mathrm{pMTD}}\hfill \end{array}$$

(48)

$$\begin{array}{cc}\hfill & -{\mathit{F}}^{\max }\le \tilde{\mathit{S}}\tilde{\mathit{E}}{\tilde{\mathit{B}}}^{-1}\tilde{\mathit{P}}\le {\mathit{F}}^{\max },\hfill \end{array}$$

(49)

$$\begin{array}{cc}\hfill & \sum _{\{i,j\}\in {\mathcal{L}}^{\mathrm{pMTD}}}\mid {\displaystyle \frac{\Delta B_{ij}}{B_{ij}}}\mid \le \psi ,\hfill \end{array}$$

(50)

$$\begin{array}{cc}\hfill & \mid \Delta \mathcal{M}\mid \le \gamma ,\hfill \end{array}$$

(51)

$$\begin{array}{cc}\hfill & \Delta \eta <0,\hfill \end{array}$$

(52)

in which $\Delta U^{*}$ is the operation cost spent for deploying MTD, $v^{\min }$ and $v^{\max }$ are the limits for the susceptance change, $\psi$ and $\gamma$ are infrastructure costs, respectively, $\tilde{\mathit{S}}$, $\tilde{\mathit{E}}$, and $\tilde{\mathit{B}}$ are matrices formed after pMTD and/or nMTD, and $|\Delta \mathcal{M}|$ is the size of $\Delta \mathcal{M}$. The constraint (48) represents the limits of the line parameter change (in this paper, $v^{\min }=-0.2$ and $v^{\max }=0.2$). The constraint (50) represents the limit of the infrastructure cost of pMTD. The constraint (51) represents the limit of the infrastructure cost of nMTD. The constraint (52) indicates the effectiveness of MTD. Therefore, the overall deployment cost for the optimal MTD is computed by

$$U^{\mathrm{MTD}}=C\left(\Delta U^{*},\sum _{\{i,j\}\in {\mathcal{L}}^{\mathrm{pMTD}}}\mid {\displaystyle \frac{\Delta B_{ij}}{B_{ij}}}\mid ,\mid \Delta \mathcal{M}\mid \right),$$

(53)

in which $C(·)$ is a function used to merge these costs with different units into one cost. To solve this problem, we use the $quadprog$ and $fmincon$ packages in MATLAB (R2019b). However, the change in measurement set does not impact the generation cost. Therefore, the constraint (51) can be ignored for computing the optimization problem.

4. Simulation Results

Next, extensive simulations are conducted to validate the resiliency of PSSE and the effectiveness of MTD. The IEEE standard power systems are used to evaluate the theoretical results. The settings of the system topology, line parameters, and distribution of buses are extracted from MATPOWER (https://matpower.org/ (accessed on 19 August 2025)).

4.1. Resiliency Enhancement of PSSE After pMTD and nMTD

Here, we take the IEEE 30-bus power system as an example. The system is shown in Figure 1. The line parameters are given in

Table 1. The branch susceptances in two different configuration cases.

Line	Susceptances in Case 1 (Before pMTD)	Susceptances in Case 2 (After pMTD)
$l_1$	16.67	20
$l_2$	5.26	7.37
$l_3$	5.88	8.24
$l_4$	25	25
$l_5$	5	5
$l_6$	5.56	5.56
$l_7$	25	5
$l_8$	8.33	1.67
$l_9$	12.5	12.5
$l_{10}$	25	25
$l_{11}$	4.76	4.76
$l_{12}$	1.79	1.79
$l_{13}$	4.76	5.24
$l_{14}$	9.10	9.10
$l_{15}$	3.85	3.85
$l_{16}$	7.14	7.14
$l_{17}$	3.85	3.85
$l_{18}$	7.69	7.69
$l_{19}$	5	5
$l_{20}$	5	5
$l_{21}$	5.26	5.26
$l_{22}$	4.54	4.54
$l_{23}$	7.69	7.69
$l_{24}$	14.29	11.43
$l_{25}$	4.76	4.76
$l_{26}$	12.5	12.5
$l_{27}$	14.29	14.29
$l_{28}$	6.67	6
$l_{29}$	50	50
$l_{30}$	5	5
$l_{31}$	5.56	5.56
$l_{32}$	3.70	3.70
$l_{33}$	3.03	3.03
$l_{34}$	2.63	2.63
$l_{35}$	4.76	4.76
$l_{36}$	2.5	2.5
$l_{37}$	2.38	2.38
$l_{38}$	1.67	1.67
$l_{39}$	2.22	2.22
$l_{40}$	5	5
$l_{41}$	16.67	7

, which provides two cases (case 1 is before pMTD and case 2 is after MTD).

First, the performance of pMTD is evaluated. The original susceptance values and those after pMTD are presented. Considering the 1-norm, 2-norm, and ∞, the resiliency factors before pMTD and after pMTD are given in

Table 2. The resiliency factors before and after pMTD.

Resiliency Factor	Case 1	Case 2
$\pi =1$	961.5342	961.5342
$\pi =2$	110.1516	105.7965
$\pi =\infty$	961.5342	961.5342

. With these two cases, the norm of the relative estimation error with respect to the norm of the measurement injection error is shown in Figure 2 before and after pMTD. From the second row of Table 2, the resiliency factor after pMTD is smaller than that before pMTD, while the results presented in Figure 2 show that the relative estimation error is smaller after pMTD, which is consistent with the indicator of the resiliency factors before and after pMTD. We can see that the designed pMTD can improve the resiliency of PSSE against FDIAs. The theoretical results in Section 3.2 are validated.

Second, the performance of nMTD is evaluated. The original measurement case is that all power flows and power injections are measured. The measurement set includes the set of power flows and the set of power injections. For designing the nMTD, the measurement set includes the set of all power flows and the measurements of power injections of buses 13, 18, 20, and 23. The resiliency factor before and after nMTD is 110.1516 and 103.0243, respectively. The resiliency factor after nMTD is smaller than that before nMTD. The norm of the relative estimation error with respect to the norm of the measurement injection error is shown in Figure 3 before and after nMTD. We can see that the relative estimation error is smaller after nMTD, which is consistent with the indicator of the resiliency factors before and after nMTD. We can see that the designed nMTD can improve the resiliency of PSSE against FDIAs. The theoretical results in Section 3.2 are validated.

Third, the performance of the coordinated pMTD and nMTD is evaluated. The parameters of these two MTDs are consistent with the above. The resiliency factors before and after the coordinated MTD are 110.1516 and 102.583, respectively. The resiliency factor after nMTD is smaller than that before MTD. The norm of the relative estimation error with respect to the norm of the measurement injection error is shown in Figure 4 before and after MTD. We can see that the relative estimation error is smaller after MTD, which is consistent with the indicator of the resiliency factors before and after MTD.

Moreover, the resiliency factors after the pMTD, nMTD, and coordinated pMTD and nMTD are shown in

Table 3. The resiliency factors before and after pMTD, nMTD, and the coordinated pMTD and nMTD.

Before MTD	After pMTD	After nMTD	After the Coordinated pMTD and nMTD
110.1516	105.7965	103.0243	102.583

. We find that the resiliency factor after the coordinated pMTD and nMTD is the smallest. These results indicate that the coordinated pMTD and nMTD achieves the best performance in enhancing PSSE’s resiliency against FDIAs.

4.2. Optimal MTD for Enhancing the Resiliency of PSSE

Next, we evaluate the optimization performance for deploying the MTD. The IEEE 14-bus power system from MATPOWER is used. The line parameters and system topology are default settings. For constructing the pMTD, the susceptances of the 10th, 18th, and 19th transmission lines are changed. The parameter $\psi$ is set as 0.15. The real-world data from the New York ISO (https://www.nyiso.com/load-data (accessed on 19 August 2025)) is adopted. The MTD is designed under different load scenarios. For the nMTD, the measurements are only power flows after nMTD, while those before nMTD are a fully measured case where all power flows and power injections are measured. Therefore, the resiliency factor before MTD is 39.7088.

The load change and resiliency factor after MTD are shown in Figure 5. We can see that although the load changes, the resiliency factor after MTD is always smaller than that before MTD. Actually, the resiliency factor is not affected by loads. Since the resiliency difference $\Delta \eta$ is smaller than 0, the designed MTD is effective.

The cost reduction is also shown in Figure 5. We find that although the infrastructure cost must be spent, the generation cost can be reduced. In other words, we can save the deployment costs by using the saved generation cost to pay for the infrastructure cost. For example, the generation cost can be maximally reduced −17.18 USD/MWh for all our tests. Therefore, we can design a cost-effective MTD for optimizing the defense and deployment cost.

5. Discussion

In this paper, we do not propose a new defense mechanism to replace MTD but rather introduce a novel framework to analyze, quantify, and optimize MTD from a resilience and cost-effectiveness standpoint. The advantages lie in shifting the security paradigm from reactive detection to proactive resilience, providing a new analytical metric for evaluation, and integrating economic optimization to ensure practical viability. We believe that these dimensions highlight the significant contributions of our study to the field. We will be sure to emphasize these comparisons more explicitly in a revised version of the manuscript. The comparison of the proposed method with existing methods is given in

Table 4. Comparing the proposed method with existing methods.

Dimension	Existing Methods	Proposed Method
Primary Objective	Attack detection	Resilience enhancement
Evaluation Metric	Detection Rate, False alarm rate	“Resiliency Factor” (quantifies system robustness)
Core Concept	Make attacks visible to detectors	Minimize the impact of undetected attacks
Economic Focus	Cost as a constraint (if considered)	Cost as an optimization objective (cost-effective design with potential savings)

.

6. Conclusions

In this paper, we mainly analyzed the MTD’s capability in enhancing the resiliency of PSSE against FDIAs. First, we defined the resiliency of PSSE by measuring the sensitivity of the estimation error against the injection error. Second, we derived the upper bounds of the resiliency of PSSE against FDIAs before and after MTD, respectively, which were used to quantify the effectiveness of MTD. Third, the generation cost was optimized after MTD to realize a cost-effective MTD. Finally, we conducted extensive simulations to evaluate the performance of MTD in enhancing PSSE’s resiliency against FDIAs. Evidence has shown that the MTD can improve the system’s resiliency factor by 10–20% and the generation cost can be reduced by about 10 USD/MWh after MTD.