Prerpints.org logo
Preprint
Review

This version is not peer-reviewed.

A Review of Detection, Evolution, and Data Reconstruction Strategies for False Data Injection Attacks in Power Cyber-Physical Systems

Submitted:

13 January 2025

Posted:

14 January 2025

You are already at the latest version

Abstract
The integration of information and physical systems in modern power grids has heightened vulnerabilities to False Data Injection Attacks (FDIAs), threatening the secure operation of power cyber-physical systems (CPS). This paper reviews FDIA detection, evolution, and data reconstruction strategies, highlighting cross-domain coordination, multi-temporal evolution, and stealth characteristics. Challenges in existing detection methods, including poor interpretability and data imbalance, are discussed, alongside advanced state-aware and action-control data reconstruction techniques. Key issues, such as modeling FDIA evolution and distinguishing malicious data from regular faults, are identified. Future directions to enhance system resilience and detection accuracy are proposed, contributing to the secure operation of power CPS.
Keywords: 
power cyber-physical systems
;  
false data injection attacks
;  
attack detection
;  
data reconstruction
;  
system resilience
;  
cross-domain coordination
Subject: 
Engineering  -   Electrical and Electronic Engineering

1. Introduction

As new-generation information technology deeply penetrates the power system [1,2,3], a multitude of electrical, sensing, and computational devices are interconnected via electrical and communication networks, transforming traditional systems centered on physical equipment into highly integrated Cyber-Physical Systems (CPS), i.e., power CPS. This integration of power CPS, underpinned by the physical network of primary electrical equipment for energy flow and the information network for secondary control and protection information flow, signifies a shift towards complex networks where power and information systems converge [4,5,6,7]. The architecture of the power system from the CPS perspective is depicted in Figure 1, encompassing generation, transmission, conversion, distribution, and utilization [8,9,10,11,12]. Measuring devices within the information domain transmit operational state data of the electrical grid to the dispatch data network, which then, through control centers, computing centers, and data centers, issues system control commands that modify the operational state of the physical electrical grid [13,14,15,16,17]. The evolution of power systems towards greater dependence on CPS is evident [18,19,20,21], but this integration also raises the susceptibility of the grid to cyber-attacks [22,23,24,25].
Recent years have seen an increase in cyber-attack incidents where hackers have infiltrated power grids, causing significant damage [26,27,28]. Examples include the Stuxnet virus attacking Iranian nuclear facilities in 2010, the BlackEnergy virus attack on the Ukrainian power grid in 2015, and the ARP cache poisoning at a U.S. wind farm in 2017, among others. These incidents are typical cases where the cyber-physical security of the power systems was compromised, leading to widespread outages.
Preprints 146090 g002
Figure 2. Actual cases of cyber attacks against power grid.
Figure 2. Actual cases of cyber attacks against power grid.
Preprints 146090 g002
Among the various types of cyber-attacks on power CPS, False Data Injection Attacks (FDIAs) are particularly notable due to their accessibility, disruptiveness, and stealthiness [29,30,31]. Introduced by Liu Yao et al. in 2009 [32], FDIAs against state estimation in power grids demonstrate that attackers can infiltrate the power CPS information and communication network, gain access to network parameters and topological structures, and manipulate measurement devices to create fake data that evades bad data detection, thus misleading the control center into making erroneous operational decisions, potentially destabilizing the grid [33,34,35,36,37]. FDIAs in power CPS render traditional bad data detection mechanisms completely ineffective, posing a severe threat to the robust operation of the power grid [38,39]. The typical process of a power CPS FDIA is illustrated in Figure 3.
Attackers infiltrate monitoring systems through pre-designed intrinsic attack steps, intentionally tamper with measurement data to compromise the informational integrity of the power CPS [40,41,42], thereby impacting the upper-level control center’s analysis and decision-making, issuing control commands that lead to system switches and circuit breaker failures or misoperations, resulting in severe consequences such as widespread power outages [43,44,45]. Analyzing the principles and typical processes of FDIAs in power CPS allows us to summarize the characteristics of these attacks as follows:
(1) Cross-domain Coordination: Due to the high integration of information and physical layers in power CPS, attackers use diversified network attack methods to infiltrate the information network. By probing, elevating privileges, and controlling information systems, the attack crosses from the information domain to the power domain, ultimately impacting the physical power grid and causing physical failures in the power system across time and space [46,47,48,49].
(2) Multi-temporal and Spatial Evolution: FDIAs involve multiple attack steps. As time and space change, different attack entities interact at various stages, making the co-evolutionary attack process complex [50,51].
(3) Covert and Persistent Nature: FDIAs, by satisfying state estimation constraints, can successfully evade bad data detection mechanisms. Without detection, these attacks subtly influence control center decisions, leading to incorrect perceptions of the power system’s operational status by control personnel. Additionally, attackers often conceal or destroy evidence after an attack to hide their tracks. Moreover, to gain extensive control, attackers typically lurk within power systems for durations ranging from several hours to days, ready to launch persistent attacks at any time [52,53,54].
Due to the complex characteristics and intricate evolution of FDIAs, existing attack detection methods and defense strategies struggle to effectively address FDIAs. The limitations are primarily evident in:
(1) Lack of Characterization Methods for FDIA Evolutionary Processes: Characterizing the spatial and temporal evolution of FDIAs could provide theoretical support for researching attack detection and data reconstruction methods. However, current achievements are mainly focused on modeling attacks such as electrical quantity manipulation, topological alteration, and GPS synchronization clock forgery, which do not suit the analysis of the temporal and spatial evolution of FDIAs [55,56].
(2) Challenges in Feature Extraction for Model-driven Detection Methods: The interactive processes in power CPS are complex. Although the characteristic results analyzed by existing model-driven detection methods are reasonable and credible, the FDIA model-driven detection processes often remain in a passive detection state. Single model-driven methods struggle to comprehensively analyze and extract features, thus failing to detect FDIAs efficiently and accurately [57].
(3) Poor Interpretability and Significant Data Influence in Data-driven Detection Methods: Power CPS operates in a vast state space. Although existing data-driven detection methods can uncover underlying data patterns, their mechanism interpretability is poor and unconvincing. Furthermore, when system structures change, data-driven methods need time to update information. Additionally, FDIA data-driven detection methods are highly susceptible to data quality, facing severe issues such as data imbalance, high dimensionality, and difficult samples, which complicate the detection process [58].
(4) Lack of Data Reconstruction Methods Post-FDIA Detection: When FDIAs are detected within power CPS, the affected measurement data is often discarded, severely compromising the integrity of the measurement data. In practical power networks, directly discarding a large amount of false data may lead to unobservable local areas within the grid, creating blind spots in the network state and triggering a series of problems. Existing methods capable of reconstructing necessary data for system operation based on the remaining normal measurement data are scarce [59].
Recent years have witnessed significant advancements in the integration of cyber and physical systems within modern power grids. However, this progress has also introduced new vulnerabilities, particularly to FDIAs, which can disrupt system operations, compromise reliability, and cause cascading failures. With the increasing adoption of advanced technologies such as AI, IoT, and big data analytics, addressing these vulnerabilities has become both a technical and operational priority. Existing studies have explored various FDIA detection and defense methods, yet challenges such as the complexity of system interactions, the scalability of detection techniques, and the dynamic nature of attack scenarios remain unresolved. Moreover, the impact of FDIAs on critical aspects such as grid stability, economic efficiency, and system resilience has not been fully quantified in real-world applications. This review seeks to address these gaps by comprehensively analyzing the technological evolution, current challenges, and emerging trends in FDIA detection and defense. By establishing a power CPS coupling security analysis framework, this work aims to characterize the temporal and spatial evolution of FDIAs, develop innovative detection and reconstruction methods, and enhance the overall security and resilience of power CPS in the face of evolving cyber threats. These efforts aim to bridge the gap between theoretical advancements and practical applications, ultimately contributing to the development of more robust and intelligent power systems.

2. Domestic and International Research Status

This section first analyzes the data transmission scenarios and false data injection methods within power CPS, and discusses the impacts of different attack methods. It then explores the current state of research regarding the characterization of attack evolutionary processes, enhancement of attack detection training data, attack detection methods, and data reconstruction methods. Finally, it summarizes the challenges faced in research on false data injection attacks in power CPS.

2.1. Power CPS Data Transmission Scenarios and False Data Injection Methods

In power CPS, Phasor Measurement Units (PMUs) collect data such as nodal current phasors and voltage phasors [60], which are summarized to the Primary Domain Controller (PDC). Remote Terminal Units (RTUs), sensors, or smart meters collect real-time measurement data including nodal voltage magnitudes, reactive and active power injections at nodes, as well as reactive and active power flow on lines, which are then aggregated into data packets sent to the Supervisory Control and Data Acquisition (SCADA) system. Subsequently, the control center performs state estimation on these collected data [61,62], which outputs unmeasurable state variables such as voltage angles and magnitudes, used for decision analysis in other applications of the Energy Management System (EMS) [63,64]. The actual data transmission scenario and the methods of false data injection are shown in Figure 4. The injection methods can be categorized into three types:
Method 1: In-depth intrusion into the SCADA system, PDC, or communication networks to tamper with data, known as information communication network data injection attacks.
Method 2: Direct tampering with data at remote terminal devices, known as remote terminal device data injection attacks.
Method 3: Intrusion into the control center.
Preprints 146090 g004
Figure 4. Data transmission scenario and false data injection forms of power CPS.
Figure 4. Data transmission scenario and false data injection forms of power CPS.
Preprints 146090 g004
Due to the stringent security protections at actual dispatch data centers, the third method is much more difficult to execute compared to the first two methods. In power CPS, according to the principles of "security zoning, network specialization, horizontal isolation, and vertical authentication," the information communication network utilizes highly reliable, high-bandwidth, and secure fiber optic dedicated networks. The likelihood of FDIAs affecting these communication channels and devices is extremely low [65,66]. In contrast, the lower security protection levels of public communication networks and secondary devices at grid terminals often become common points of FDIA penetration. By targeting these potential security vulnerabilities, attackers can successfully execute attacks on power CPS equipment [67,68,69]. Therefore, the main pathways for FDIAs are through the information communication network (method 1) and remote terminal devices (method 2).

2.1.1. Information Communication Network Data Injection Attacks

Data injection attacks on the information communication network represent top-level CPS attacks, typically carried out through side-channel or man-in-the-middle attacks that alter uplink measurement data or downlink control commands. This manipulation leads to control devices executing incorrect actions, thereby affecting the normal operation of the grid. The attack process typically involves three steps: 1) exploiting security vulnerabilities to infiltrate remote interfaces and control hosts to extract system control privileges; 2) using message or protocol vulnerabilities to extend control privileges to related devices; 3) remotely manipulating or disrupting the normal operation of these devices [70]. The impact of FDIAs at different stages of the information communication network is analyzed in Table 1.
From Table 1, it is evident that such attacks can lead to alterations in software and hardware information, execution errors in control commands, manipulation of data, forgery of information, and data desynchronization, ultimately causing controlled physical devices to operate in faulty states and disrupting the normal operation of the grid.

2.1.2. Remote Terminal Device Data Injection Attacks

Remote terminal device data injection attacks are launched from the lower layers of the CPS. In practical power grids, devices such as smart meters, sensors, RTUs, and PMUs are not absolutely secure in network security aspects, as they are primarily designed with a focus on effective control functionality rather than network security. In certain extreme cases, terminal devices are at risk of being attacked, such as through direct physical contact [71]. Attackers exploit security vulnerabilities in these devices, breach encryption and authentication mechanisms, and inject false measurement data or control commands to achieve their objectives. The impact of FDIAs on different segments of remote terminal devices is analyzed in Table 2.
For remote terminal device FDIAs, as shown in Table 2, these attacks can cause alterations in device settings, collection errors, and external execution of control commands, impacting the control center’s dispatch decisions, causing devices to execute incorrect instructions, and affecting the safety and stability of the grid’s operation [72].
Table 2. Impact analysis of FDIAs on different links for remote terminal device.
Table 2. Impact analysis of FDIAs on different links for remote terminal device.
Attack Phase Attack Type Attack Impact
Device Management Function FDIAs targeting the device itself Modification of device settings
Data Collection Process FDIAs targeting measurement devices Errors in collected switch and analog signals
Command Control Process FDIAs targeting execution devices Incorrect execution of control commands
Regardless of whether it is an information communication network data injection attack or a remote terminal device data injection attack, due to different attack stages and methods, the impacts of the attacks vary. Therefore, analyzing the impacts of different FDIAs on the grid requires the development of security analysis models tailored to specific attack scenarios [73,74,75].

2.2. Current Research Status on False Data Injection Attacks in Power CPS

The detection of FDIAs and data reconstruction in power CPS start from enhancing the system’s own protection capabilities [76,77]. The goal is to interrupt attacks before they can cause severe consequences [78,79,80], leveraging an understanding of the attackers’ objectives or behaviors to detect their actions, mitigate the actual damage to the grid, and enhance system security [81,82]. In the research of FDIA detection and data reconstruction, four key issues need to be addressed:

2.2.1. Characterization of the FDIA Evolutionary Process

The essence of characterizing the FDIA evolutionary process is to analyze the temporal and spatial evolution mechanisms of FDIAs and to formally represent these processes. The goal is to develop models that are applicable for analyzing FDIA detection and data reconstruction scenarios [83,84,85,86]. Current research on FDIA evolutionary process characterization varies based on the attack scenario and includes methods for representing electrical quantity manipulation, topology alteration, and GPS synchronization clock forgery attacks, as illustrated in Table 3.
(1) Characterization Methods for Electrical Quantity Manipulation Attack Evolution: These methods focus on the electrical quantity data collected by monitoring systems as the target of the attack. Reference [87] developed a linear programming representation model aimed at minimizing deviations and the number of changed measurements. Reference [88] introduced a dual-layer linear programming model that maximizes the consequences of an attack, calculating attack vectors under a constrained number of tampering attempts. Reference [89] utilized heuristic algorithms to solve the evolutionary representation model of the attack. Reference [90] proposed a method for representing sparse attack vectors, constrained by increasing the number of untamperable state variables. Reference [91] based on the Stackelberg game model, developed an optimized representation method for attack-defense strategies. Reference [92] constructed a feasible attack representation model that utilizes the minimization of measurement data deviation angles under unknown system parameters. Reference [93] introduced a method for inferring system topology and parameters, which requires long-term observation of data from both the information and physical sides. Reference [94] used a mixed integer linear programming model to propose a method for determining feasible attack domains with only partial system parameter information available.
(2) Topological Alteration Attack Evolution Representation Methods: These focus on the power system network topology as the target of the attack. Reference [95] introduced an attack tree representation model that facilitates FDIA topology alteration attacks. Reference [96] proposed a Markov representation model that enumerates FDIAs data infiltration attempts into power CPS and calculates the probability of successful attacks. Reference [97] developed a representation model targeting flow, marginal prices, and generation costs, designing attacks that increase or simultaneously increase and decrease lines, and employed a natural aggregation algorithm to solve for the attack representation model. Reference [98] aimed to increase customer electricity costs and established an FDIA representation model considering power flow constraints. Reference [99] constructed attack vectors based on topology and flow data after a line break, using false data injection to hide real line breaks, leading to more severe cascading failures.
(3) GPS Synchronization Clock Forgery Attack Evolution Representation Methods: These methods focus on the timestamps of synchronized phasor data collected by PMUs as the target of the attack. Reference [100] proposed an optimal attack representation method based on GPS positioning and synchronized time under the constraints of positioning distance differences. Reference [101] constructed an attack vector that includes the location of the attacked PMU and optimal phase angle tampering values, considering the principle of state estimation deviation between PMU and SCADA hybrid measurement systems. Reference [102] developed a method for undetectable GPS clock attacks, identifying one or more optimal attack targets within the PMU measurement system.
In summary, current research on FDIA evolutionary process characterization in power CPS is diverse and varied, with some focusing on attacks on electrical quantity monitoring data, others on switch quantity monitoring data and control commands, and still others on synchronized clock signal attacks. However, from any perspective, the current research focuses on attack modeling or evolutionary process characterization for specific attack targets and lacks methods that consider "data closed-loop flow characteristics" as the driving force for representing the FDIA evolutionary process. The essence of FDIA temporal and spatial evolution is the impact of the attack data stream on the information flow-energy flow conversion process in power CPS. Most existing studies model specific attack scenarios such as electrical quantity manipulation, topology alteration, and GPS synchronization clock forgery, and their representation methods are not suitable for analyzing the temporal and spatial evolution of FDIAs, nor can they provide a theoretical basis for subsequent FDIA detection and data reconstruction methods.

2.2.2. FDIA Detection Training Data Enhancement

Enhancing FDIA detection training data essentially involves algorithmic data balancing and redundancy reduction to improve the classification accuracy of detection models and reduce computational costs [103,104]. Current research on FDIA detection training data enhancement varies based on the data processing method and includes oversampling, undersampling, hybrid sampling, and feature selection data enhancement methods, as shown in Table 4.
(1) Oversampling Data Enhancement Methods involve introducing new minority class samples to achieve data balance. Reference [105] addresses the issue of overgeneralization in Synthetic Minority Over-sampling Technique (SMOTE) by proposing a k-nearest neighbor-based SMOTE algorithm that assigns smaller selection weights to neighboring directions where serious overgeneralization may occur. Reference [106] introduced an oversampling method based on neighborhood safety coefficients, using inverse neighbor sampling safety coefficients to prevent newly generated data from encroaching into other classes’ areas. References [107,108] guide the synthesis of samples by comparing the Hellinger distance within the neighborhood of minority class instances and evaluate the quality of sampling. Reference [109] employs a secondary synthesis strategy, performing an initial synthesis based on support for minority class samples containing important information, followed by a second synthesis through neighborhood samples of minority class sample clusters. Reference [110] uses an adaptive synthetic oversampling algorithm for data balancing, providing different weights to minority classes to adaptively generate minority class samples. Reference [111] proposed an oversampling method based on classification ranking and weights, first sorting within-class samples based on their distance to the hyperplane, then sampling the original samples based on the density of data around the sampling points.
(2) Undersampling Data Enhancement Methods involve removing some majority class samples to achieve data balance. Reference [112] proposes an undersampling method based on class overlap, selecting samples that are crucial for classification based on the degree of class overlap. Reference [113] combines clustering with undersampling to propose a clustering-based undersampling method, undersampling the most informative classes by clustering majority class samples. Reference [114] introduces a genetic algorithm, combining undersampling with the genetic algorithm to achieve a balanced data processing method that trains first and balances later, obtaining multiple sets of classes with the highest information value through a single-class classifier, then using the genetic algorithm to optimize multiple random undersampled data subsets to achieve the best dataset.
(3) Hybrid Sampling Data Enhancement Methods combine oversampling and undersampling techniques to achieve data balance. Reference [115] mixes the SMOTE oversampling method with an Expectation Maximization (EM) clustering undersampling method, with SMOTE responsible for oversampling minority class samples and EM for undersampling majority class samples. Reference [116] combines the SMOTE method with the Fuzzy C-Means clustering method to make all classes have a similar number of instances and randomly selects instances from each cluster to achieve data balance. Reference [117] balances multiple classes based on the overlap of classes and uses minority oversampling and edited nearest neighbor methods separately for minority and majority classes. Reference [118] proposed a multiple random balancing method, using random class proportions for random undersampling and SMOTE oversampling, extending it to multiclass imbalanced datasets, using randomly generated priors for sampling. Reference [119] performs random balanced resampling of majority and minority class samples based on sample weights, using SMOTE oversampling for heavily weighted minority class samples and clustering undersampling for heavily weighted majority class samples.
(4) Feature Selection Data Enhancement Methods involve selecting strongly correlated features to achieve data dimension reduction. Reference [120] proposes a method combining feature selection with instance selection, using feature selection to limit features that may complicate class boundary recognition and instance selection to find the right class distribution to address imbalance and eliminate noise instances. Reference [121] introduces a fireworks algorithm for feature selection based on feature weight selection, continuously updating the optimal feature selection process through storage and selection pools. Reference [122] proposes a rough balance-based feature selection method, borrowing ideas from random subspace and random forest approaches, randomly extracting a subset of attributes from a set containing all attributes to train base classifiers. Reference [123] considers class distribution unevenness through feature significance, calculates the feature significance of each attribute based on the granular structure of each instance in the boundary region, then selects the optimal feature dataset based on feature significance.
In summary, current research on data enhancement for training detection models for false data injection attacks in power CPS is varied and competitive. However, each method has its drawbacks: 1) Oversampling methods generate minority class samples that differ from real collected samples, increasing sample diversity and quantity while introducing sample noise, which may reduce the classification accuracy for minority class samples. 2) Undersampling methods lose a large amount of majority class sample data, preventing the model from fully learning the sample features, thus reducing the accuracy of majority class sample classification. 3) Hybrid sampling methods do not show significant improvement in cases with a low imbalance ratio and have a high time complexity for training. 4) Feature selection methods have poor time performance on large datasets, and selecting features in noisy classes can reduce the generalization ability of classifiers.

2.2.3. FDIA Detection Approaches

FDIA detection essentially involves using data on the operational state of power CPS to determine if there are anomalies within the system and to identify whether these anomalies are caused by natural faults or by attack events [124,125]. Current research on FDIA detection primarily utilizes state estimation, trajectory prediction, and Artificial Intelligence (AI) to detect FDIA incidents, as shown in Table 5.
(1) State Estimation Detection Methods: Reference [126] proposed a new method for FDIA detection and identification that uses equivalent measurement transformation instead of traditional weighted least squares in the state estimation process, with residual detection methods to identify FDIA. Reference [127], after analyzing the FDIA process, explored a detection method by independently verifying or measuring state variable values chosen by a set of strategic sensor measurements. Reference [128], considering the robustness of different state estimators, improved the grid state estimation attack detection by running multiple robust least squares estimators with different breakdown points in parallel, thereby enhancing the overall network security of power CPS state estimation. References [129,130] proposed a tolerable FDIA detection method based on extended distributed state estimation, using graph partitioning to divide the power grid into multiple subsystems. Each subsystem is expanded to generate extended subsystems, and the chi-square test is used to detect erroneous data in each expanded subsystem. This significantly differentiates false data from normal observational errors, thus enhancing detection sensitivity. The existing state estimation detection methods are passive, with the advantage of using mature algorithms that can reflect the characteristics of power CPS well and provide fast detection speeds [131]. However, their drawback lies in their susceptibility to detection threshold settings, which can lead to high rates of false negatives or false positives.
(2) Trajectory Prediction Detection Methods: Reference [132] extended the approximate direct current model to a general linear model, derived a universal FDIA model, and based on this developed a short-term state prediction method considering temporal correlations and statistical consistency testing methods to verify the consistency between predicted and received measurement values. Reference [133] proposed a generalized likelihood ratio sequence detector to address FDIA detection, which is robust against various attack strategies and load conditions in power systems, and its computational complexity is linearly proportional to the number of measurement devices, ensuring high-performance characteristics of the detector. Reference [134] introduced a multi-sensor trajectory fusion model prediction method to extract initial correlation information of attacked oscillation parameters, using a Kalman-like particle filter smoother at each monitoring node, and diagonalized this smoother into subsystems to handle continuous load fluctuations and disturbances caused by FDIA in the grid. Existing trajectory prediction detection methods are passive, with the advantage of predicting the distribution of state variables based on the historical database and operational rules of the system, matching operational trajectories, and effectively detecting various types of false data. However, their drawbacks include inapplicability to complex systems, slow detection speeds, and high computational complexity.
(3) AI Detection Methods: Reference [135] proposed a grid FDIA detection method based on XGBoost combined with Unscented Kalman Filter (UKF), where XGBoost load prediction results are adaptively mixed with state quantities obtained from UKF dynamic state estimation. This method uses the central limit theorem to compare the distribution of random variables for FDIA detection. Reference [138] used deep learning techniques to extract historical measurement data characteristics of FDIA behaviors and employed the captured features for real-time FDIA detection, effectively relaxing assumptions about potential attack scenarios and achieving high detection accuracy. Reference [137] combined batch and online learning algorithms (supervised and semi-supervised) with decision and feature-level fusion to build an attack detection model, analyzing the statistical and geometric properties of attack vectors used in attack scenarios and learning algorithms to detect unobservable attacks. Reference [138] constructed an FDIA detection model based on an improved convolutional neural network, implementing an efficient real-time FDIA detector based on the proposed model. Existing AI detection methods are active, with the advantage of a clear framework and strong computational power, but they suffer from poor interpretability under the complex operational mechanics of power CPS.
In summary, current research on FDIA detection in power CPS is diverse and strong in various aspects. Some focus on state estimation for detection speed, others on trajectory prediction for accuracy, and still others on AI for computational power and framework. However, each approach has its strengths and weaknesses. This paper tentatively classifies state estimation and trajectory prediction as model-driven methods, and AI approaches as data-driven methods, offering a comprehensive analysis of both: on one hand, model-driven methods are theoretically supported, producing reasonable and credible feature results. On the other hand, purely data-driven AI methods, although capable of uncovering underlying data patterns, suffer from poor interpretability and credibility, especially when system structures change and data-driven methods require time to update information. In the vast state space of power CPS, relying solely on model-driven methods makes it challenging to analyze and extract features comprehensively, whereas data-driven methods can capture features that may not yet be understood, overly simplified, or overlooked in theoretical analysis.

2.2.4. FDIAs Data Reconstruction in Power CPS

FDIAs data reconstruction is fundamentally a corrective protection method that uses knowledge of attack vectors or system characteristics to reconstruct damaged data and control signals, aiming to achieve desired control effects [139]. Current research on FDIAs data reconstruction is mainly divided into two categories: state-aware attack data reconstruction methods and action control attack data reconstruction methods, as illustrated in Table 6.
(1) State-Aware Attack Data Reconstruction Methods: These methods address attacks targeting state awareness. References [140,141] proposed an online Generative Adversarial Network (GAN) measurement data reconstruction method for FDIAs, effectively reducing the impact of FDIAs on the power grid. Reference [142] introduced a method based on phase angle deviations to determine the presence of FDIAs and, based on this determination, to localize the attack and correct the affected phase angle data using a reconstruction matrix. Reference [143] utilized a Wasserstein GAN (WGAN) to reconstruct attack measurement data, achieving data integrity defense. Reference [144] employed an approximate Bayesian filter for attack vector estimation and attack detection, reconstructing monitoring errors using the system model based on dynamic power system model analysis of PMU measurement data. Reference [145] proposed a method based on spatial distribution deviation and historical bias to determine the existence of GPS spoofing attacks, deciding whether to reconstruct the pattern analysis results based on model parameters. References [146,147] improved a Self-Attention Mechanism GAN (SAGAN) through training, using the generator to restore deceptive data and enabling proactive defense against GPS spoofing attacks in smart grids. Reference [148] used a GAN trained on incomplete data (MisGAN) to reconstruct malicious attack data in a pervasive power IoT environment. Reference [149] applied a Variational Autoencoder (VAE) model to restore anomalous data to normal operating states, achieving FDIAs data reconstruction.
(2) Action Control Attack Data Reconstruction Methods: These methods address attacks targeting control functions. Reference [150] used an adaptive sliding mode observer to calculate errors in system control and state variables, detecting the presence of FDIAs and reconstructing the signals in case of an attack. Reference [151] proposed a method to adjust feedback controller gain parameters using an energy storage system frequency control signal as an example. Reference [152] designed a reconstruction control scheme suitable for microgrid Distributed Energy Resource (DER) attack scenarios, adopting centralized and distributed control methods for normal DER devices and those affected by attacks, respectively, and implementing additional control loops and adjusting frequency reference values to ensure stable operation and frequency control of the microgrid.
In summary, current research on data reconstruction for FDIAs in power CPS is vibrant and varied. However, there are several limitations in the existing research: 1) Electrical quantities collected by power CPS have certain characteristics of normal measurement data, but existing FDIA data reconstruction methods lack consideration for the distribution characteristics or patterns of electrical quantities; 2) Existing FDIA data reconstruction methods involve the removal, correction, or restoration of measurements, but due to computational resource limitations, convergence speed, and the dynamic variability of power systems, issues such as gradient vanishing can arise.

2.3. Challenges in Research on FDIAs in Power CPS

(1) The Essence of CPS and the Impact of FDIAs: Power CPS fundamentally involves the cyclic conversion between information flow and energy flow, while the essence of FDIA temporal and spatial evolution is the impact of the attack data stream on this conversion process. Most existing research models specific attack scenarios such as electrical quantity manipulation, topology alteration, and GPS synchronization clock forgery, with their representation methods not suitable for analyzing the temporal and spatial evolution of FDIAs. There is a lack of methods to characterize the FDIA evolutionary process from the perspective of CPS “data closed-loop flow characteristics” [153,154,155,156].
(2) Challenges of High-Risk, Low-Frequency Events in Power CPS: FDIAs in power CPS are "low-probability, high-risk" events characterized by imbalanced attack samples, high data dimensions, and noise. From a data-driven perspective, these characteristics are not conducive to training FDIA detection models, leading to low detection accuracy, slow real-time detection efficiency, and poor generalization capabilities [157,158].
(3) Passive Detection Status of FDIAs and Related Issues: Power CPS FDIAs often remain in a passive detection state. Model-driven detection methods struggle with feature extraction, and data-driven detection methods have poor interpretability. Additionally, conventional fault measurement data and FDIA measurement data have high similarity, making it difficult for single model-driven or data-driven detection methods to accurately classify challenging samples, resulting in high false positive and false negative rates [159,160,161].
(4) Immediate Action Required Upon Detection: To prevent further impact of false data on power CPS, it is crucial to promptly remove detected false data. However, this removal can severely compromise the integrity of PMU data and other measurements. In practice, when a large amount of false data is detected and removed, it can lead to unobservable local areas within the grid, thereby triggering a series of problems [162,163,164].

3. Future Research Directions

To address the challenges identified in this review and advance the resilience and security of power CPS, future research should focus on the following areas with clear technical pathways:

3.1. Comprehensive Characterization of FDIA Temporal-Spatial Evolution

FDIAs exhibit complex temporal and spatial evolution characteristics, significantly impacting the interaction between information and energy flows in CPS. Existing studies primarily focus on specific attack scenarios, such as electrical quantity manipulation or topology alterations. However, future research should aim to develop unified modeling frameworks that capture the broader "data closed-loop flow characteristics" of CPS. Advanced techniques, such as graph neural networks (GNNs), spatiotemporal correlation models, and causality analysis tools, can be employed to uncover latent relationships between cyber events and physical system responses. Additionally, hybrid models integrating system dynamics with real-time network behaviors could provide valuable insights into the propagation and mitigation of cascading failures caused by FDIAs.

3.2. Hybrid Detection Frameworks Integrating Model- and Data-Driven Approaches

Current detection methods often rely on either model-driven or data-driven approaches, each with inherent limitations. Model-driven methods provide theoretical robustness but struggle with scalability in complex systems, while data-driven techniques offer adaptability but lack interpretability. Future research should focus on hybrid frameworks that leverage the strengths of both approaches. For instance, explainable AI (XAI) can enhance the transparency of data-driven methods, allowing system operators to understand and trust detection results. Additionally, integrating domain-specific knowledge from physics-based models with machine learning algorithms can improve detection accuracy in dynamic environments. Practical implementations could include multi-layer defense architectures combining real-time anomaly detection with predictive diagnostics.

3.3. Advanced Data Augmentation for FDIA Detection

Training robust detection models requires addressing the imbalance and high-dimensional nature of FDIA datasets. Existing methods, such as oversampling and undersampling, often fail to preserve the statistical characteristics of minority-class samples. Future research should explore advanced techniques, such as generative adversarial networks (GANs), to create realistic synthetic data for training. Federated learning frameworks could enable multiple entities to collaboratively train detection models without compromising data privacy. Furthermore, automated feature engineering methods, including dimensionality reduction and clustering algorithms, can help extract meaningful patterns from high-dimensional datasets, improving detection performance.

3.4. Resilient Data Reconstruction Techniques

When FDIAs compromise measurement data, ensuring the integrity and availability of system information is critical. Current reconstruction methods often ignore the dynamic variability of CPS data and may lead to system observability gaps. Future research should develop probabilistic models, such as VAEs, and self-supervised learning techniques to recover missing or corrupted data while preserving its statistical and temporal characteristics. Incorporating robust optimization methods, such as reinforcement learning, can enhance real-time decision-making during reconstruction. Case studies on practical power grid scenarios will help validate these methods and improve their applicability.

3.5. Information Security in Integrated Energy Systems

Integrated energy systems (IESs) represent the convergence of electricity, gas, heat, and renewable energy resources [165,166,167,168], creating unique cybersecurity challenges. Unlike traditional power grids, an IES involves uncertain renewable energy resources [169,170], together with multiple domains with varying communication protocols and security vulnerabilities. Future research should develop cross-domain security frameworks that address these challenges by leveraging blockchain for secure transactions, digital twins for real-time threat simulations, and multi-layered defense strategies to mitigate cascading attacks. For instance, adaptive intrusion detection systems could analyze communication patterns across domains, enabling early detection of cyberattacks. Collaborative efforts between researchers and industry stakeholders are essential to develop scalable solutions tailored to the complexity of IESs.

3.6. Integration of Emerging Technologies

Emerging technologies offer transformative opportunities to enhance CPS and IES security. Blockchain can ensure tamper-proof records for critical data exchanges [171], while digital twins can model and simulate system behaviors to anticipate vulnerabilities [172]. Data Encryption is able to enchane the security of CPS [173]. In addition, advanced AI is capable of optimizing the secure and economic operation of CPS and identifying appliances’ behaviors through appliance-specific networks [174,175]. Quantum computing, with its unparalleled computational capabilities, could revolutionize attack detection and optimization methods by accelerating the resolution of complex problems [176]. Future research should focus on integrating these technologies into practical systems, emphasizing interoperability, scalability, and cost-effectiveness. Pilot projects demonstrating their real-world applications in smart grids and multi-energy systems will be instrumental in gaining broader acceptance.

3.7. Policy and Standardization

The development of robust technical solutions must be complemented by clear regulatory frameworks and international standards to ensure widespread adoption. Future research should explore the interplay between technology and policy, focusing on areas such as data privacy, cross-border energy trading, and incident response protocols. For example, establishing guidelines for cybersecurity audits and compliance in CPS and IES environments can promote trust among stakeholders. Collaborative efforts between academia, industry, and regulatory bodies are essential to develop cohesive strategies that balance innovation with security requirements.

4. Conlcusions

This review has comprehensively examined the detection, evolution, and data reconstruction strategies for FDIAs in CPS. By analyzing the temporal and spatial evolution of FDIAs, this work has highlighted the significant vulnerabilities introduced by the integration of cyber and physical domains in modern power systems. A critical assessment of existing detection methods has revealed gaps in addressing the scalability, interpretability, and resilience of current solutions. Similarly, data reconstruction approaches were evaluated, underscoring the challenges of maintaining data integrity and system observability during and after an attack.
Future research must focus on developing unified frameworks that incorporate advanced modeling techniques, such as spatiotemporal analysis and machine learning, to better characterize FDIA evolution and enhance detection accuracy. The integration of emerging technologies, including blockchain, digital twins, and quantum computing, also holds promise for improving system resilience and operational security.
By addressing the identified challenges, this work aims to bridge theoretical advancements with practical applications, contributing to the development of robust, intelligent, and secure power CPS capable of withstanding evolving cyber threats. These efforts not only safeguard the reliability of power grids but also provide a foundation for the broader adoption of integrated energy systems.

References

  1. Zhou X, Chen S, Lu Z, et al. Technical Characteristics of China’s New Generation Power System during Energy Transition [J]. Proceedings of the CSEE, 2018, 38(7): 1893-1904.
  2. Guo Q, Xin S, Sun H, et al. Cyber-Physical Integration Modeling and Comprehensive Security Assessment of Power Systems: Drivers and Research Concepts [J]. Proceedings of the CSEE, 2016, 36(6): 1481-1489.
  3. Qu Z, Dong Y, Qu N, et al. Quantitative Assessment of Survivability of Power CPS Considering Load Optimization and Reconfiguration [J]. Automation of Electric Power Systems, 2019, 43(6): 15-24.
  4. Qu Z, Zhao T, Zhang Y, et al. Determination Method of Network Risk Propagation Threshold in Power CPS Based on Percolation Theory [J]. Automation of Electric Power Systems, 2020, 44(4): 16-23.
  5. Wang L, Qu Z, Li Y, et al. Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal-Topological Correlation[J]. IEEE Access, 2020, 8: 57260-57272. [CrossRef]
  6. Qin B, Liu D. Research Progress and Prospects on Analysis and Control of Power Grid Cyber-Physical Systems [J]. Proceedings of the CSEE, 2020, 40(18): 5816-5826.
  7. Haes Alhelou H, Hamedani-Golshan M, Njenda T, et al. A Survey on Power System Blackout and Cascading Events: Research Motivations and Challenges[J]. Energies, 2019, 12(4): 682. [CrossRef]
  8. Yu T, Cheng L, Zhang X. Decentralized Microgrid Based on Integration of Information-Physical-Social Systems and Swarm Machine Learning: Theoretical Research and Analysis of Key Scientific Issues [J]. Science China Technological Sciences, 2019, 49(12): 1541-1569.
  9. Ilić M, Xie L, Khan U, et al. Modeling of Future Cyber-Physical Energy Systems for Distributed Sensing and Control[J]. IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans, 2010, 40(4): 825-838. [CrossRef]
  10. Ilić M, Xie L, Khan U, et al. Modeling Future Cyber-Physical Energy Systems[C]// 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century, 20-24 July 2008, Pittsburgh, PA, USA: 1-8.
  11. Zhao J, Wen F, Xue Y, et al. Research Framework for Modeling Analysis and Control of Cyber-Physical Systems in Power Engineering [J]. Automation of Electric Power Systems, 2011, 35(16): 1-8.
  12. Wang T, Sun C, Gu X, et al. Modeling of Power Communication Coupled Networks and Their Vulnerability Analysis [J]. Proceedings of the CSEE, 2018, 38(12): 3556-3567.
  13. Xu C, Abur A. A Massively Parallel Framework for Very Large Scale Linear State Estimation[J]. IEEE Transactions on Power Systems, 2017, 33(4): 4407-4413. [CrossRef]
  14. Kurt M, Yılmaz Y, Wang X, et al. Distributed Quickest Detection of Cyber-Attacks in Smart Grid[J]. IEEE Transactions on Information Forensics and Security, 2018, 13(8): 2015-2030. [CrossRef]
  15. BaSin D, Cremers C, Kim T, et al. Design, Analysis, and Implementation of ARPKI: an Attack-Resilient Public-Key Infrastructure[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 15(3): 393-408. [CrossRef]
  16. Lin H, Slagell A, Kalbarczyk Z, et al. Runtime Semantic Security Analysis to Detect and Mitigate Control-Related Attacks in Power Grids[J]. IEEE Transactions on Smart Grid, 2016, 9(1): 163-178. [CrossRef]
  17. Qu Z, Zhang Y, Qu N, et al. Method for Quantitative Estimation of the Risk Propagation Threshold in Electric Power CPS Based on Seepage Probability[J]. IEEE Access, 2018, 6: 68813-68823. [CrossRef]
  18. Qu Z, Bo X, Yu T, et al. Active and Passive Hybrid Detection Method for Power CPS False Data Injection Attacks with Improved AKF and GRU-CNN[J]. IET Renewable Power Generation, 2022, 16: 1490-1508. [CrossRef]
  19. Wang L, Xu P, Qu Z, et al. Coordinated Cyber-Attack Detection Model of Cyber-Physical Power System Based on the Operating State Data Link[J]. Frontiers in Energy Research, 2021, 9: 666130. [CrossRef]
  20. Bo X, Chen X, Li H, et al. Modeling Method for the Coupling Relations of Microgrid Cyber-Physical Systems Driven by Hybrid Spatiotemporal Events[J]. IEEE Access, 2021, 9: 19619-19631. [CrossRef]
  21. Qu Z, Xie Q, Liu Y, et al. Power Cyber-Physical System Risk Area Prediction Using Dependent Markov Chain and Improved Grey Wolf Optimization[J]. IEEE Access, 2020, 8: 82844-82854. [CrossRef]
  22. Wei J, Kundur D, Zourntos T, et al. A Flocking-Based Paradigm for Hierarchical Cyber-Physical Smart Grid Modeling and Control[J]. IEEE Transactions on Smart Grid, 2014, 5(6): 2687-2700. [CrossRef]
  23. Olfati-Saber R. Flocking for Multi-Agent Dynamic Systems: Algorithms and Theoty[J]. IEEE Transactions on Automatic Control, 2006, 51(3): 401-420.
  24. Wang Y, Liu D, Lu Y. Research on Hybrid System Modeling Methods for Power Grid Cyber-Physical Systems [J]. Proceedings of the CSEE, 2016, 36(6): 1464-1470.
  25. Lian X, Zhang W, Qian T, et al. Vulnerability Assessment Method for Power Cyber-Physical Systems Considering Information Node Failures [J]. Global Energy Interconnection, 2019, 2(6): 523-529.
  26. Lai K, Illindala M, Subramaniam K. A tri-level optimization model to mitigate coordinated attacks on electric power systems in a cyber-physical environment[J]. Applied energy, 2019, 235(FEB.1): 204-218. [CrossRef]
  27. Xin S, Guo Q, Sun H, et al. Cyber-Physical Modeling and Cyber-Contingency Assessment of Hierarchical Control Systems[J]. IEEE Transactions on Smart Grid, 2015, 6(5): 2375-2385. [CrossRef]
  28. Guo Q, Xin S, Wang J, et al. Comprehensive Security Assessment of Information-Energy Systems from the Ukraine Blackout Incident [J]. Automation of Electric Power Systems, 2016, 40(5): 145-147.
  29. Liu X, Wu Z. Research on Online Defense against Stealthy Data Injection Attacks in Smart Grids [J]. Proceedings of the CSEE, 2020, 40(8): 2546-2558.
  30. Xue Y, Ni M, Yu W. Approach for Studying the Impact of Communication Failures on Power Grid[C]// 2016 IEEE Power and Energy Society General Meeting (PESGM), 17-21 July 2016, Boston, MA, USA: 1-5.
  31. Yu W, Xue Y, Luo J, et al. An UHV Grid Security and Stability Defense System: Considering the Risk of Power System Communication[J]. IEEE Transactions on Smart Grid, 2016, 7(1): 491-500. [CrossRef]
  32. Liu Y, Ning P, Reiter M. False Data Injection Attacks against State Estimation in Electric Power Grids[J]. ACM Transactions on Information and System Security (TISSEC), 2011, 14(1): 1-16.
  33. Li Y, Ma W, Li Y, et al. Enhancing Cyber-Resilience in Integrated Energy System Scheduling with Demand Response Using Deep Reinforcement Learning[J]. Applied Energy, 2025, 379:124831.
  34. Liang J, Sankar L, Kosut O. Vulnerability Analysis and Consequences of False Data Injection Attack on Power System State Estimation[J]. IEEE Transactions on Power Systems, 2016, 31(5): 3864-3872. [CrossRef]
  35. Xie L, Mo Y, Sinopoli B. False Data Injection Attacks in Electricity Markets[C]// 2010 First IEEE International Conference on Smart Grid Communications, 04-06 October 2010, Gaithersburg, MD, USA: 226-231.
  36. Liu S, Tan Y, Zhao F, et al. Coupled Modeling Method for Power Information Systems [J]. Journal of Power Systems and Automation, 2021, 33(3): 89-93.
  37. Ma S, Xu Z, Wang L. Construction Method of Power Grid Cyber-Physical System Model Based on Set Theory [J]. Automation of Electric Power Systems, 2017, 41(6): 1-5.
  38. Qu Z, Dong Y, Li Y, et al. Localization of Dummy Data Injection Attacks in Power Systems Considering Incomplete Topological Information: A Spatio-Temporal Graph Wavelet Convolutional Neural Network Approach[J]. Applied Energy, 2024, 360: 122736. [CrossRef]
  39. Li Y, Wei X, Li Y, et al. Detection of False Data Injection Attacks in Smart Grid: A Secure Federated Deep Learning Approach[J]. IEEE Transactions on Smart Grid, 2022, 13(6): 4862-4872.
  40. Wang L, Qu Z, Li Y, et al. Method for Extracting Patterns of Coordinated Network Attacks on Electric Power CPS Based on Temporal–Topological Correlation[J]. IEEE Access, 2020, 8: 57260-57272. [CrossRef]
  41. Qu Z, Dong Y, Qu N, et al. Survivability Evaluation Method for Cascading Failure of Electric Cyber Physical System Considering Load Optimal Allocation[J]. Mathematical Problems in Engineering, 2019, 2019: 2817586. [CrossRef]
  42. Qu Z, Qu N, Zhou Y, et al. Extraction of Typical Operating Scenarios of New Power System Based on Deep Time Series Aggregation[J]. CAAI Transactions on Intelligence Technology, 2024, 1-17. [CrossRef]
  43. Chen L, Gu S, Wang Y, et al. Stacked Autoencoder Framework of False Data Injection Attack Detection in Smart Grid[J]. Mathematical Problems in Engineering, 2021, 2021(1): 2014345. [CrossRef]
  44. Li Y, Li Z, Chen L, et al. A false data injection attack method for generator dynamic state estimation[J]. Transactions of China Electrotechnical Society, 2019, 34: 3651-3660.
  45. Zhao J, Srivastava A, Guo Y, et al. State Estimation for Integrated Energy Systems: Motivations, Advances, and Future Work[J]. IEEE Transactions on Power Systems, 2024: 1 -17. [CrossRef]
  46. Dai Q, Shi L, Ni Y. Risk Assessment for Cyberattack in Active Distribution Systems Considering the Role of Feeder Automation[J]. IEEE Transactions on Power Systems, 2019, 34(4): 3230-3240. [CrossRef]
  47. Tian M, Dong Z, Wang X, et al. Analysis of Coordinated Cyber-Physical Attacks on Power Systems under Goal Conflicts [J]. Power System Technology, 2019, 43(7): 2336-2344.
  48. Wang X, Tian M, Cao M, et al. Countermeasures to False Data Injection Attacks On Power System State Estimation Based On Protecting Measurements[J]. Journal of Nanoelectronics and Optoelectronics, 2019, 14(5): 626-634. [CrossRef]
  49. Drayer E, Routtenberg T. Detection of False Data Injection Attacks in Smart Grids Based on Graph Signal Processing[J]. IEEE Systems Journal, 2020, 14(2): 1886-1896. [CrossRef]
  50. Xue Y, Li M, Luo J, et al. Coupled Modeling Method of Power Grid Cyber-Physical Systems Based on Correlation Characteristic Matrix [J]. Automation of Electric Power Systems, 2018, 42(2): 11-19.
  51. Shen Y, Zhang W, Ni H, et al. Guaranteed Cost Control of Networked Control Systems with DoS Attack and Time-varying Delay[J]. International Journal of Control, Automation and Systems, 2019, 17(4): 811-821. [CrossRef]
  52. Nath S, Akingeneye I, Wu J, et al. Quickest Detection of False Data Injection Attacks in Smart Grid with Dynamic Models[J]. IEEE Journal of Emerging and Selected Topics in Power Electronics, 2022, 10(1): 1292-1302. [CrossRef]
  53. Rawat D, Bajracharya C. Detection of False Data Injection Attacks in Smart Grid Communication Systems[J]. IEEE Signal Processing Letters, 2015, 22(10): 1652-1656. [CrossRef]
  54. Jokar P, Leung V. Intrusion Detection and Prevention for ZigBee-Based Home Area Networks in Smart Grids[J]. IEEE Transactions on Smart Grid, 2018: 9(3): 1800-1811.
  55. Wang Z, Chen Y, Zeng J, et al. Modeling and Reliability Assessment of Microgrid Cyber-Physical Systems for Fully Distributed Control [J]. Power System Technology, 2019, 43(7): 2413-2421.
  56. Wang C, Dong X, Sun H, et al. Modeling Method of Power Cyber-Physical Systems Considering Multi-layer Coupling Characteristics [J]. Automation of Electric Power Systems, 2021, 45(3): 83-91.
  57. Tang Y, Li M, Wang Q, et al. A Review of Network Attacks and Defense Research in Power Cyber-Physical Systems (Part II: Detection and Protection) [J]. Automation of Electric Power Systems, 2019, 43(10): 1-9+18.
  58. Zhao J, Wen F, Xue Y, et al. Architecture and Implementation Technologies and Challenges of Grid CPS [J]. Automation of Electric Power Systems, 2010, 34(16): 1-7.
  59. He R, Wang D, Zhang Y, et al. Research on Modeling and Static Computation Methods of Information Flow in Smart Grids [J]. Proceedings of the CSEE, 2016, 36(6): 1527-1535.
  60. Li Y, Yang Z. Application of EOS-ELM with Binary Jaya-Based Feature Selection to Real-Time Transient Stability Assessment Using PMU Data[J]. IEEE Access, 2017, 5: 23092-23101. [CrossRef]
  61. Li Y, Li Z, Chen L. Dynamic State Estimation of Generators Under Cyber Attacks[J]. IEEE Access, 2019, 7: 125252-125267. [CrossRef]
  62. Wang H, Zhang Y, Cai Z, et al. Network Information Flow Tide Model and Computational Method for Smart Substation Process Layer [J]. Power System Technology, 2013, 37(9): 2602-2607.
  63. Zhang Y, Cai Z, Li X, et al. Analytical Modeling of traffic Flow in the Substation Communication Network[J]. IEEE Transactions on Power Delivery, 2015, 30(5): 2119-2127. [CrossRef]
  64. Li Y, Li J, Qi J, et al. Robust Cubature Kalman Filter for Dynamic State Estimation of Synchronous Machines Under Unknown Measurement Noise Statistics[J]. IEEE Access, 2019, 7: 29139-29148. [CrossRef]
  65. Buldyrev S, Parshani R, Paul G, et al. Catastrophic cascade of failures in interdependent networks[J]. Nature, 2010, 464(7291): 1025-1028. [CrossRef]
  66. Wang Y, Gao K, Zhao T, et al. Cross-Space Cascading Failure Hazard Assessment of Power Cyber-Physical Systems Based on Improved Attack Graph [J]. Proceedings of the CSEE, 2016, 36(6): 1490-1499.
  67. Chen Y, Zhu Z, Lu X, et al. Intelligent Space Modeling Method Based on Information-Physical Space Mapping [J]. Journal of System Simulation, 2013, 25(2): 216-219+227.
  68. Ji X, Wang B, Dong C, et al. Vulnerability Assessment and Edge Protection Strategy for Power Information-Physical Interdependent Networks [J]. Power System Technology, 2016, 40(6): 1867-1873.
  69. Cai Ye, Cao Yijia, Li Yong, et al. Cascading failure analysis considering interaction between power grids and communication networks[J]. IEEE Transactions on Smart Grid, 2016, 7(1): 530-538.
  70. Wang Y, Lin Z, Liang X, et al. On modeling of electrical cyber-physical systems considering cyber security[J]. Frontiers of Information Technology & Electronic Engineering, 2016, 17(5): 465-478. [CrossRef]
  71. Wang L. Research on Cyber-Physical Coordinated Attack Detection and Sequence Pattern Mining Methods [D]. Jilin: Northeast Electric Power University, 2021.
  72. Li Y, Zhang S, Li Y, et al. PMU Measurements Based Short-Term Voltage Stability Assessment of Power Systems via Deep Transfer Learning[J]. IEEE Transactions on Instrumentation and Measurement, 2023, 72: 2526111.
  73. Cao Y, Zhang Y, Bao Z, et al. Chain Failure Analysis under the Interactive Impact of Power System and Communication Network [J]. Electric Power Automation Equipment, 2013, 33(1): 7-11.
  74. Sridhar S, Hahn A, Govindarasu M. Cyber-Physical System Security for the Electric Power Grid[J]. Proceedings of the IEEE, 2012, 100(1): 210-224. [CrossRef]
  75. Tang Y, Han X, Wu Y, et al. Comprehensive Vulnerability Assessment of Power Systems Considering the Impact of Communication Systems [J]. Proceedings of the CSEE, 2015, 35(23): 6066-6074.
  76. Xiong X, Hu S, Sun D, et al. Detection of false data injection attack in power information physical system based on SVM-GAB algorithm[J]. Energy Reports, 2022, 8(5): 1156-1164. [CrossRef]
  77. Mohammadpourfard M, Sami A, Seifi A. A statistical unsupervised method against false data injection attacks: A visualization-based approach. Expert Systems With Applications[J]. 2017, 84: 242-261. [CrossRef]
  78. Wu T, Xue W, Wang H, et al. Extreme Learning Machine-Based State Reconstruction for Automatic Attack Filtering in Cyber Physical Power System[J]. IEEE Transactions on Industrial Informatics, 2021, 17(3): 1892-1904. [CrossRef]
  79. Wang Z, Chen Y, Liu F, et al. Power System Security Under False Data Injection Attacks With Exploitation and Exploration Based on Reinforcement Learning[J]. IEEE Access, 2018, 6: 48785-48796. [CrossRef]
  80. Chen Y, Huang S, Liu F, et al. Evaluation of Reinforcement Learning-Based False Data Injection Attack to Automatic Voltage Control[J]. IEEE Transactions on Smart Grid, 2019, 10(2): 2158-2169. [CrossRef]
  81. Liu Y, Wang Y. Evolution Mechanism and Active Defense Exploration of Cross-Domain Cascading Failures in New Power Systems [J]. Electric Power, 2022, 55(2): 62-72+81.
  82. Wang Y. Research on Detection and Defense Against False Data Injection Attacks in Smart Grids [D]. Beijing: North China Electric Power University, 2020.
  83. Xue Y, Yu X. Beyond Smart Grid-Cyber-Physical-Social System in Energy Future[J]. Proceedings of the IEEE, 2017, 105(12): 2290-2292.
  84. Gao K, Wang Y, Zhao T, et al. Exploration of Information-Physical Interaction Mechanisms in the Operation of Power Cyber-Physical Systems [J]. Power System Technology, 2018, 42(10): 3101-3109.
  85. Liu T, Sun Y, Yang L, et al. Abnormal traffic-indexed state estimation: A cyber–physical fusion approach for Smart Grid attack detection[J]. Future Generation Computer Systems, 2015, 49(8):94-103. [CrossRef]
  86. Susuki Y, Koo T, Ebina H, et al. A Hybrid System Approach to the Analysis and Design of Power Grid Dynamic Performance[J]. Proceedings of the IEEE, 2012, 100(1): 225-239. [CrossRef]
  87. Aluko A, Carpanen R, Dorrell D, et al. Vulnerability Analysis of False Data Injection Attacks on the Frequency Stability of Isolated Microgrids[C]// 2021 Southern African Universities Power Engineering Conference/Robotics and Mechatronics/Pattern Recognition Association of South Africa (SAUPEC/RobMech/PRASA), 27-29 January 2021, Potchefstroom, South Africa: 1-6.
  88. Liu X, Li Z, Shuai Z, et al. Cyber Attacks Against the Economic Operation of Power Systems: A Fast Solution[J]. IEEE Transactions on Smart Grid, 2017, 8(2): 1023-1025. [CrossRef]
  89. Pan K, Teixeira A, Cvetkovic M, et al. Cyber Risk Analysis of Combined Data Attacks Against Power System State Estimation[J]. IEEE Transactions on Smart Grid, 2019, 10(3): 3044-3056. [CrossRef]
  90. Zhao Y, Goldsmith A, Poor H. Minimum Sparsity of Unobservable Power Network Attacks[J]. IEEE Transactions on Automatic Control, 2017, 62(7): 3354-3368. [CrossRef]
  91. Sanjab A, Saad W. Data Injection Attacks on Smart Grids With Multiple Adversaries: A Game-Theoretic Perspective[J]. IEEE Transactions on Smart Grid, 2016, 7(4): 2038-2049. [CrossRef]
  92. Chin W, Lee C, Jiang T. Blind False Data Attacks Against AC State Estimation Based on Geometric Approach in Smart Grid Communications[J]. IEEE Transactions on Smart Grid, 2018, 9(6): 6298-6306. [CrossRef]
  93. Esmalifalak M, Nguyen H, Zheng R, et al. A Stealthy Attack Against Electricity Market Using Independent Component Analysis[J]. IEEE Systems Journal, 2018, 12(1): 297-307. [CrossRef]
  94. Liu X, Bao Z, Lu D, et al. Modeling of Local False Data Injection Attacks With Reduced Network Information[J]. IEEE Transactions on Smart Grid, 2015, 6(4): 1686-1696. [CrossRef]
  95. Ding M, Li X, Zhang J. Impact of Cyber Attacks on Power System Reliability Targeting SCADA Systems [J]. Power System Protection and Control, 2018, 46(11): 37-45.
  96. Zhang Y, Wang L, Xiang Y. Power System Reliability Analysis With Intrusion Tolerance in SCADA Systems[J]. IEEE Transactions on Smart Grid, 2016, 7(2): 669-683. [CrossRef]
  97. Liang G, Weller S, Zhao J, et al. A Framework for Cyber-Topology Attacks: Line-Switching and New Attack Scenarios[J]. IEEE Transactions on Smart Grid, 2019, 10(2): 1704-1712. [CrossRef]
  98. Liang G, Weller S, Luo F, et al. Generalized FDIA-Based Cyber Topology Attack With Application to the Australian Electricity Market Trading Mechanism[J]. IEEE Transactions on Smart Grid, 2018, 9(4): 3820-3829. [CrossRef]
  99. Deng R, Zhuang P, Liang H. CCPA: Coordinated Cyber-Physical Attacks and Countermeasures in Smart Grid[J]. IEEE Transactions on Smart Grid, 2017, 8(5): 2420-2430. [CrossRef]
  100. Jiang X, Zhang J, Harding B, et al. Spoofing GPS Receiver Clock Offset of Phasor Measurement Units[J]. IEEE Transactions on Power Systems, 2013, 28(3): 3253-3262. [CrossRef]
  101. Risbud P, Gatsis N, Taha A. Vulnerability Analysis of Smart Grids to GPS Spoofing[J]. IEEE Transactions on Smart Grid, 2019, 10(4): 3535-3548. [CrossRef]
  102. Barreto S, Pignati M, Dán G, et al. Undetectable Timing-Attack on Linear State-Estimation by Using Rank-1 Approximation[J]. IEEE Transactions on Smart Grid, 2018, 9(4): 3530-3542. [CrossRef]
  103. Liu D, Qiao S, Zhang Y, et al. A Review of Data Sampling Methods for Imbalanced Classification[J]. Journal of Chongqing University of Technology (Natural Science), 2019, 33(7): 102-112.
  104. Zhou Y, Sun H, Fang Q, et al. A Review of Classification Methods for Imbalanced Datasets [J]. Application Research of Computers, 2022, 39(6): 1615-1621.
  105. Zhu T, Lin Y, Liu Y. Synthetic minority oversampling technique for multiclass imbalance problems[J]. Pattern Recognition, 2017, 72: 327-340. [CrossRef]
  106. Dong M, Liu M, Jing C, et al. Multi-class Imbalanced Oversampling Algorithm Using Sampling Safety Coefficients[J]. Journal of Computer Science and Exploration, 2020, 14(10): 1776-1786.
  107. Dong M, Jiang Z, Jing C, et al. Multi-class Imbalanced Learning Algorithm Based on Hellinger Distance and SMOTE[J]. Computer Science, 2020, 47(1): 102-109.
  108. Cieslak D, Hoens T, Chawla N, et al. Hellinger distance decision trees are robust and skew-insensitive[J]. Data Mining and Knowledge Discovery, 2012, 24(1): 136-158. [CrossRef]
  109. Han M, Guo H, Wang W, et al. QSMOTE Method for Multi-class Imbalance Problems Based on Secondary Synthesis[J]. Journal of Nanjing University (Natural Sciences), 2019, 55(1): 1-13.
  110. He H, Bai Y, Garcia E, et al. ADASYN: Adaptive Synthetic Sampling Approach for Imbalanced Learning[C]// 2008 IEEE International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), 01-08 June 2008, Hong Kong: 1322-1328.
  111. Deng M, Guo Y, Wang C, et al. An oversampling method for multi-class imbalanced data based on composite weights[J]. Plos one, 2021, 16(11): e0259227. [CrossRef]
  112. Wu Y, Shen L, et al. Under-sampling of Imbalanced Multi-class Support Vector Machine Based on Class Overlap Degree [J]. Journal of the University of Chinese Academy of Sciences, 2018, 35(4): 536-543.
  113. Arafat M, Hoque S, Farid D. Cluster-based Under-sampling with Random Forest for Multi-Class Imbalanced Classification[C]// 2017 11th International Conference on Software, Knowledge, Information Management and Applications (SKIMA), 06-08 December 2017, Malabe, Sri Lanka: 1-6.
  114. Krawczyk B, Bellinger C, Corizzo B, et al. Undersampling with Support Vectors for Multi-Class Imbalanced Data Classification[C]// 2021 International Joint Conference on Neural Networks (IJCNN), 18-22 July 2021, Shenzhen, China: 1-7.
  115. Agrawal A, Viktor H, Paquet E. SCUT: Multi-Class Imbalanced Data Classification using SMOTE and Cluster-based Undersampling[C]// 2015 7th International Joint Conference on Knowledge Discovery, Knowledge Engineering and Knowledge Management (IC3K), 12-14 November 2015, Lisbon, Portugal: 226-234.
  116. Pruengkarn R. Enhancing classification performance by handling noise and imbalanced data with fuzzy classification techniques[D]. Perth, Australia: Murdoch University, 2018.
  117. Hartono H, Ongko E. Combining Hybrid Approach Redefinition-Multiclass Imbalance (HAR-MI) and Hybrid Sampling in Handling Multi-Class Imbalance and Overlapping[J]. JOIV: International Journal on Informatics Visualization, 2021, 5(1): 22-26. [CrossRef]
  118. Rodríguez J, Díez-Pastor J, Arnaiz-González Á, et al. Random Balance ensembles for multiclass imbalance learning[J]. Knowledge-Based Systems, 2020, 193(6): 105434. [CrossRef]
  119. Zhang R, Zhang J, Wu P, et al. An Improved AdaBoost.M2 Algorithm for Multi-class Imbalanced Protocol Traffic [J]. Application Research of Computers, 2019, 36(6): 1863-1867.
  120. Fernández A, Carmona C, Jose del Jesus M, et al. A Pareto-based Ensemble with Feature and Instance Selection for Learning from Multi-Class Imbalanced Datasets[J]. International Journal of neural systems, 2017, 27(6): 1750028. [CrossRef]
  121. Sreeja N. A weighted pattern matching approach for classification of imbalanced data with a fireworks-based algorithm for feature selection[J]. Connection Science, 2019, 31(2): 143-168. [CrossRef]
  122. Lango M, Stefanowski J. Multi-class and feature selection extensions of roughly balanced bagging for imbalanced data[J]. Journal of Intelligent Information Systems, 2018, 50(1): 97-127. [CrossRef]
  123. Chen H, Li T, Fan X, et al. Feature selection for imbalanced data based on neighborhood rough sets[J]. Information Sciences, 2019, 483: 1-20. [CrossRef]
  124. Xue Y, Lai Y, et al. Integration of Big Energy Thinking and Big Data Thinking (Part I) Big Data and Power Big Data [J]. Automation of Electric Power Systems, 2016, 40(1): 1-8.
  125. Li P, Liu Y, Xin H, et al. Vulnerability Assessment of Distribution Network Cyber-Physical Systems Under Distributed Collaborative Control Mode [J]. Automation of Electric Power Systems, 2018, 42(10): 22-29+59.
  126. Hu Z, Wang Y, Tian X, et al. False Data Injection Attacks Identification for Smart Grids[C]// 2015 Third International Conference on Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE), 29 April 2015-01 May 2015, Beirut, Lebanon: 139-143.
  127. Bobba R, Davis K, WANG Q, et al. Detecting False Data Injection Attacks on DC State Estimation[C]// First Workshop on Secure Control Systems (SCS 2010), 12 April 2010, Stockholm, Switzerland: 1-9.
  128. Chakhchoukh Y, Ishii H. Enhancing Robustness to Cyber-Attacks in Power Systems Through Multiple Least Trimmed Squares State Estimations[J]. IEEE Transactions on Power Systems, 2016, 31(6): 4395-4405. [CrossRef]
  129. Gu Y, Liu T, Wang D, et al. Bad Data Detection Method for Smart Grids based on Distributed State Estimation[C]// 2013 IEEE International Conference on Communications (ICC), 09-13 June 2013, Budapest, Hungary: 4483-4487.
  130. Wang D, Guan X, Liu T, et al. Extended Distributed State Estimation: A Detection Method against Tolerable False Data Injection Attacks in Smart Grids[J]. Energies, 2014, 7(3): 1517-1538. [CrossRef]
  131. Chen L, Li Y, Huang M, et al. Robust Dynamic State Estimator of Integrated Energy Systems Based on Natural Gas Partial Differential Equations[J]. IEEE Transactions on Industry Applications, 2022, 58(3): 3303-3312. [CrossRef]
  132. Zhao J, Zhang G, Scala M, et al. Short-Term State Forecasting-Aided Method for Detection of Smart Grid General False Data Injection Attacks[J]. IEEE Transactions on Smart Grid, 2017, 8(4): 1580-1590. [CrossRef]
  133. Li S, Yılmaz Y, Wang X. Quickest Detection of False Data Injection Attack in Wide-Area Smart Grids[J]. IEEE Transactions on Smart Grid, 2015, 6(6): 2725-2735. [CrossRef]
  134. Khalid H, Peng J. Immunity Toward Data-Injection Attacks Using Multisensor Track Fusion-Based Model Prediction[J]. IEEE Transactions on Smart Grid, 2017, 8(2): 697-707. [CrossRef]
  135. Liu X, Chang P, Sun Q. Detection of False Data Injection Attacks in Power Grids Based on XGBoost and Unscented Kalman Filter Adaptive Hybrid Prediction [J]. Proceedings of the CSEE, 2021, 41(16): 5462-5476.
  136. He Y, Mendis G, Wei J. Real-Time Detection of False Data Injection Attacks in Smart Grid: A Deep Learning-Based Intelligent Mechanism[J]. IEEE Transactions on Smart Grid, 2017, 8(5): 2505-2516. [CrossRef]
  137. Ozay M, Esnaola I, Vural F, et al. Machine Learning Methods for Attack Detection in the Smart Grid[J]. IEEE Transactions on Neural Networks and Learning Systems, 2016, 27(8): 1773-1786. [CrossRef]
  138. Li Y, Zeng J, et al. A Detection Method for False Data Injection Attacks in Power Grids Based on an Improved Convolutional Neural Network [J]. Automation of Electric Power Systems, 2019, 43(20): 97-104.
  139. Wang Q, Tai W, Tang Y, et al. A Review of False Data Injection Attack Research for Power Cyber-Physical Systems [J]. Acta Automatica Sinica, 2019, 45(1): 72-83.
  140. Li Y, Wang Y, Hu S. Online Generative Adversary Network Based Measurement Recovery in False Data Injection Attacks: A Cyber-Physical Approach[J]. IEEE Transactions on Industrial Informatics, 2020, 16(3): 2031-2043. [CrossRef]
  141. Li Y, Wang Y. Developing graphical detection techniques for maintaining state estimation integrity against false data injection attack in integrated electric cyber-physical system[J]. Journal of Systems Architecture, 2020, 105: 101705. [CrossRef]
  142. Fan X, Du L, Duan D. Synchrophasor Data Correction Under GPS Spoofing Attack: A State Estimation-Based Approach[J]. IEEE Transactions on Smart Grid, 2018, 9(5): 4538-4546. [CrossRef]
  143. Zeng J. Research on Defense Methods for Data Integrity Attacks in Smart Grids [D]. Beijing: North China Electric Power University, 2019.
  144. Khalid H, Peng J. A Bayesian Algorithm to Enhance the Resilience of WAMS Applications Against Cyber Attacks[J]. IEEE Transactions on Smart Grid, 2016, 7(4): 2026-2037. [CrossRef]
  145. Wang Y, Hespanha J. Distributed Estimation of Power System Oscillation Modes Under Attacks on GPS Clocks[J]. IEEE Transactions on Instrumentation and Measurement, 2018, 67(7): 1626-1637. [CrossRef]
  146. Yang S. GPS Spoofing Attacks and Defense for PMUs [D]. Beijing: North China Electric Power University, 2021.
  147. Li Y, Yang S. Defense Method for Smart Grid GPS Spoofing Attacks Based on Improved Self-Attention Mechanism Generative Adversarial Networks [J]. Electric Power Automation Equipment, 2021, 41(11): 100-106.
  148. Huo W. Research on Malicious Data Attacks and Defense in Ubiquitous Power Internet of Things [D]. Beijing: North China Electric Power University, 2021.
  149. Chen B, Li M. Research on a Data-Driven Framework for Defending Against False Data Injection Attacks in Power Systems [J]. Electric Measurement & Instrumentation, 2024, 61(12): 10-16.
  150. Ao W, Song Y, Wen C. Adaptive cyber-physical system attack detection and reconstruction with application to power systems[J]. IET Control Theory & Applications, 2016, 10(12): 1458-1468. [CrossRef]
  151. Farraj A, Hammad E, Kundur D. A Distributed Control Paradigm for Smart Grid to Address Attacks on Data Integrity and Availability[J]. IEEE Transactions on Signal and Information Processing over Networks, 2018, 4(1): 70-81. [CrossRef]
  152. Chlela M, Mascarella D, Joós G. Fallback Control for Isochronous Energy Storage Systems in Autonomous Microgrids Under Denial-of-Service Cyber-Attacks[J]. IEEE Transactions on Smart Grid, 2018, 9(5): 4702-4711. [CrossRef]
  153. Guo J, Han Y, Guo C, et al. Modeling and Vulnerability Analysis of Cyber-Physical Power Systems Considering Network Topology and Power Flow Properties[J]. Energies, 2017, 10(1): 87. [CrossRef]
  154. Sun C, Liu D, Li Q. Study on Dynamic Power Flow in Active Distribution Networks Integrated with Cyber-Physical Systems [J]. Proceedings of the CSEE, 2016, 36(6): 1509-1516.
  155. Cao K, Li R, Zhang X, et al. Research on Uncertainty for Complex Event Streams in Cyber-Physical Systems [J]. Computer Engineering and Science, 2015, 37(3): 415-421.
  156. Yin Z, Zhang K, Du H, et al. Event-Driven Modeling of Cyber-Physical Systems [J]. Microelectronics & Computer, 2015, 32(12): 126-129.
  157. Makedon F, Le Z, Huang H, et al. An event driven framework for assistive CPS environments[J]. ACM Sigbed Review, 2009, 6(2): 1-9. [CrossRef]
  158. Xu G, Tao L, Zhang D, et al. Dual relations in physical and cyber space[J]. Chinese Science Bulltin, 2006, 51(1): 121-128. [CrossRef]
  159. Havlíková M, Jirgl M. Reliability Analysis in Man-Machine Systems[C]// 14th International Carpathian Control Conference (ICCC), 26-29 May 2013, Rytro, Poland: 111-116.
  160. Chen J, Wang Q, Tang Y, et al. Anomaly Detection Method for Power Cyber-Physical Systems Considering Bilateral Characteristics [J]. Power System Technology, 2022, 46(6): 2339-2348.
  161. Fu Y, Chen L, Ma Z, et al. Preventive Control of Power Systems Including Data-Driven Stability Constraints [J]. Proceedings of the CSEE, 2022, 42(15): 5417-5430.
  162. Xue W, Wu T. Active Learning-Based XGBoost for Cyber Physical System Against Generic AC False Data Injection Attacks[J]. IEEE Access, 2020, 8: 144575-144584. [CrossRef]
  163. Ghaderi M, Gheitasi K, Lucia W. A Blended Active Detection Strategy for False Data Injection Attacks in Cyber-Physical Systems[J]. IEEE Transactions on Control of Network Systems, 2021, 8(1): 168-176. [CrossRef]
  164. Deng B, Ou Y. Optimal Defense Strategy Based on the Load Nodes’ Importance against Dummy Data Attacks in Smart Grids[J]. 2020 IEEE 4th Conference on Energy Internet and Energy System Integration (EI2), 30 October 2020-01 November 2020, Wuhan, China: 3134-3138.
  165. Song J, Zhang Z, Mu Y, et al. Enhancing Environmental Sustainability Via Interval Optimization for Low-Carbon Economic Dispatch in Renewable Energy Power Systems: Leveraging the Flexible Cooperation of Wind Energy and Carbon Capture Power Plants[J]. Journal of Cleaner Production, 2024, 442: 140937.
  166. Li Y, Han M, Yang Z, et al. Coordinating Flexible Demand Response and Renewable Uncertainties for Scheduling of Community Integrated Energy Systems with an Electric Vehicle Charging Station: A Bi-Level Approach[J]. IEEE Transactions on Sustainable Energy, 2021, 12(4): 2321–2331. [CrossRef]
  167. Cui Y, et al. Deep reinforcement learning based optimal energy management of multi-energy microgrids with uncertainties[J]. CSEE Journal of Power and Energy Systems, 2024: 1-12.
  168. Li Y, Bu F, Li Y, et al. Optimal scheduling of island integrated energy systems considering multi-uncertainties and hydrothermal simultaneous transmission: A deep reinforcement learning approach[J]. Applied Energy, 2023, 333: 120540.
  169. Yang X, et al. Gaussian Mixture Model Uncertainty Modeling for Power Systems Considering Mutual Assistance of Latent Variables[J]. IEEE Transactions on Sustainable Energy, 2024, 1-4. [CrossRef]
  170. Wang Y, et al. Collaborative optimization of multi-microgrids system with shared energy storage based on multi-agent stochastic game and reinforcement learning[J]. Energy, 2023, 280: 128182. [CrossRef]
  171. Mansour R F. Artificial intelligence based optimization with deep learning model for blockchain enabled intrusion detection in CPS environment[J]. Scientific Reports, 2022, 12(1): 12937. [CrossRef]
  172. Acharya S, Khan A A, Päivärinta T. Interoperability levels and challenges of digital twins in cyber-physical systems[J]. Journal of Industrial Information Integration, 2024: 100714. [CrossRef]
  173. Zhang F, Huang Z, Kou L, et al. Data Encryption Based on a 9D Complex Chaotic System with Quaternion for Smart Grid[J]. Chinese Physics B, 2023, 32(1): 010502. [CrossRef]
  174. Qu Z, Dong Y, Mugemanyi S, et al. Dynamic Exploitation Gaussian Bare-Bones Bat Algorithm for Optimal Reactive Power Dispatch to Improve the Safety and Stability of Power System[J]. IET Renewable Power Generation, 2022, 16: 1401-1424. [CrossRef]
  175. Fang Z, Zhao D, Chen C, et al. Nonintrusive Appliance Identification with Appliance-Specific Networks[J]. IEEE Transactions on Industry Applications, 2020, 56(4): 3443-3452. [CrossRef]
  176. Iftemi A, Cernian A, Moisescu M A. Quantum Computing Applications and Impact for Cyber Physical Systems[C]//2023 24th International Conference on Control Systems and Computer Science (CSCS). IEEE, 2023: 377-382.
Preprints 146090 g001
Figure 1. Architecture of power system from the perspective of CPS.
Figure 1. Architecture of power system from the perspective of CPS.
Preprints 146090 g001
Preprints 146090 g003
Figure 3. Typical power CPS FDIAs process.
Figure 3. Typical power CPS FDIAs process.
Preprints 146090 g003
Table 1. Impact analysis of FDIAs on different links for information and communication network.
Table 1. Impact analysis of FDIAs on different links for information and communication network.
Attack Phase Attack Type Attack Impact
Software Information System FDIAs targeting software or systems Modification of software and hardware information
FDIAs targeting control commands Incorrect execution of control commands
Network Access Process FDIAs targeting protocol vulnerabilities Manipulation of network access data
FDIAs targeting data packets Data packet interception and tampering
Physical Communication Process FDIAs targeting positioning signals GPS positioning information spoofing
FDIAs targeting time synchronization PMU data desynchronization
Table 3. Research status of evolutionary process characterization for FDIAs.
Table 3. Research status of evolutionary process characterization for FDIAs.
FDIA Evolutionary Process Characterization Methods Attack Target Specific descriptions
Electrical Quantity Manipulation Attack Characterization Electrical quantity data collected by monitoring systems Linear programming representation model [87]
Bilevel linear programming representation model [88]
Heuristic algorithm for solving the evolutionary representation model of an attack [89]
Sparse attack vector representation method [90]
Optimization representation method for attack-defense strategies based on a master-slave game model [91]
Feasible attack representation model constructed by minimizing angular deviation of data from both sides [92]
Representation method for inferring system topology and parameters from cyber-physical measurement data [93]
Feasible attack domain representation method using a mixed integer linear programming model [94]
Topological Manipulation Attack Characterization The power system network topology Using an attack tree representation model to implement FDIA topological manipulation attacks [95]
Using a markov representation model to calculate the probability of attack success [96]
Designing attack methods that involve adding and simultaneously increasing or decreasing lines [97]
Fdia representation model considering power flow constraints [98]
Constructing attack vectors based on topology and flow data after a line break [99]
GPS Synchronization Clock Forgery Attack Characterization The timestamps of PMU data Introducing an optimal attack representation method under the constraint of positional distance differences [100]
Constructing an attack vector that includes the attacked PMU position and optimal phase angle manipulation values [101]
Developing an undetectable GPS clock attack method [102]
Table 4. Research status of training data augmentation for FDIAs detection.
Table 4. Research status of training data augmentation for FDIAs detection.
Data enhancement methods Specific descriptions Principles
Over-sampling K-nearest neighbor based SMOTE algorithm [105] Introduce new minority samples for balance
Neighborhood safety coefficient based oversampling [106]
Heilinger distance guided sample synthesis direction [107,108]
Secondary synthetic sample strategy [109]
Adaptive synthetic oversampling algorithm [110]
Classification sorting and weight-based oversampling [111]
Under-sampling Class overlap degree-based undersampling method [112] Remove some majority samples for balance
Cluster-based undersampling method [113]
Undersampling + genetic algorithm [114]
Hybrid sampling SMOTE oversampling + EM clustering undersampling [115] Combine oversampling and undersampling for balance
SMOTE oversampling and fuzzy C-means clustering undersampling [116]
Minority oversampling + editing nearest neighbor undersampling [117]
Random undersampling + SMOTE oversampling [118]
SMOTE oversampling + clustering undersampling [119]
Feature selection Feature selection + instance selection [120] Select relevant features for dimension reduction
Firework algorithm based on feature weight selection [121]
Rough balance-based feature selection method [122]
Feature significance based feature selection method [123]
Table 5. Research status of FDIAs behavior detection.
Table 5. Research status of FDIAs behavior detection.
Detection Methods Specific descriptions Advantages and Disadvantages
State Estimation Equivalent Measurement Transformation + Residual Detection Method [126] Mature algorithms; fast but sensitive to threshold settings
Measurement Protection Strategy + State Variable Verification [127]
Parallel Estimators + Improved State Estimation Algorithm [128]
Graph Partitioning + Chi-Square Test Method [129,130,131]
Trajectory Prediction Short-Term State Forecasting + Consistency Testing Method [132] Detects false data well, but high complexity and slow; unsuitable for complex systems
Generalized Likelihood Ratio+ High-Performance Computing [133]
Multi-Sensor Track Fusion + Particle Filtering [134]
Artificial Intelligence XGBoost Load Forecasting + UKF Dynamic Estimation [135] Strong computational capabilities; clear framework; generally poor interpretability
Deep Learning Techniques + Feature Extraction [136]
Batch Processing + Online Learning Algorithms [137]
Convolutional Neural Network + Model Design [138]
Equivalent Measurement Transformation+ Residual Detection [110]
Table 6. Research status of FDIAs data reconstruction.
Table 6. Research status of FDIAs data reconstruction.
Reconstruction methods Specific descriptions Response Strategies
State Awareness Attack Data Reconstruction Method Online GAN Measurement Data Reconstruction Method [140,141] Response to Attacks Targeting State Awareness
Derivation of Reconstruction Matrix to Correct Attacked Angle Counters [142]
Using IGAN to Reconstruct Attacked Measurement Data [143]
Utilizing System Model to Calculate and Reconstruct Monitoring Errors [144]
Determining Mode Parameters and Reconstructing Mode Analysis Results [145]
Using SAGAN Generated Data to Restore Deceptive Data [146,147]
Using MisGAN to Reconstruct Malicious Attack Data [148]
Using WAE Model to Restore Anomalous Data [149]
Action Control Attack Data Reconstruction Method Deriving FDIAS Signal and Its Reconstruction, Reference [150] Response to Attacks Targeting Control Functions
Adjustment Method for Feedback Controller Gain Parameters [151]
DER Attack Scenario Data Reconstruction Control Scheme [152]
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.
Copyright: This open access article is published under a Creative Commons CC BY 4.0 license, which permit the free download, distribution, and reuse, provided that the author and preprint are cited in any reuse.
Prerpints.org logo

Preprints.org is a free preprint server supported by MDPI in Basel, Switzerland.

facebook logotwitter logolinkedin logo
bsky
MDPI Initiatives
Important Links
Subscribe

Disclaimer

Terms of Use

Privacy Policy

Privacy Settings

© 2025 MDPI (Basel, Switzerland) unless otherwise stated