Next Article in Journal
Impact of Southbound Expansion on Clustered OpenFlow Software-Defined Network Controller Synchronisation Using ODL and ONOS
Previous Article in Journal
Privacy-Protection Method for Blockchain Transactions Based on Lightweight Homomorphic Encryption
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Information
Volume 15
Issue 8
10.3390/info15080439
information-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

A Review of Power System False Data Attack Detection Technology Based on Big Data

by
Zhengwei Chang
1,
Jie Wu
1,
Huihui Liang
1,
Yong Wang
2,*,
Yanfeng Wang
1 and
Xingzhong Xiong
2
1
Research Institute of Electric Power Science, State Grid Corporation of Sichuan Province, Chengdu 610095, China
2
School of Automation and Information Engineering, Sichuan University of Science and Engineering, Yibin 644000, China
*
Author to whom correspondence should be addressed.
Information 2024, 15(8), 439; https://doi.org/10.3390/info15080439
Submission received: 27 June 2024 / Revised: 26 July 2024 / Accepted: 26 July 2024 / Published: 28 July 2024
(This article belongs to the Section Review)
Browse Figures
Versions Notes

Abstract

:
As power big data plays an increasingly important role in the operation, maintenance, and management of power systems, complex and covert false data attacks pose a serious threat to the safe and stable operation of the power system. This article first explores the characteristics of new power systems, and the challenges posed by false data attacks. The application of big data technology in power production optimization, energy consumption analysis, and user service improvement is then investigated. The article classifies typical attacks against the four stages of power big data systems in detail and analyzes the characteristics of the attack types. It comprehensively summarizes the attack detection technologies used in the four key stages of power big data, including state estimation, machine learning, and data-driven attack detection methods in the data collection stage; clock synchronization monitoring and defense strategies in the data transmission stage; data processing and analysis, data integrity verification and protection measures of blockchain technology in the third stage; and traffic supervision, statistics and elastic computing measures in the control and response stage. Finally, the limitations of attack detection mechanisms are proposed and discussed from three dimensions: research problems, existing solutions, and future research directions. It aims to provide useful references and inspiration for researchers in power big data security to promote technological progress in the safe and stable operation of power systems.

1. Introduction

The traditional power system consists of four core parts: power generation, transmission, transformation, and distribution. Each link works together to ensure the efficient flow and use of power from the source to the end user. With the advancement of artificial intelligence and big data technology, the power system is transforming into a new era of automation, intelligence, and digitalization. The power cyber-physical system (CPS) was born [1]. It integrates advanced computing, communication, and network technologies to conduct real-time monitoring, control, and analysis of the power system, significantly improving the operating efficiency and reliability of the system.
In the power system driven by big data, the four key links of data collection, transmission, analysis and processing, control and response interact closely with various parts of the traditional power system to form an efficient network. Specifically: data collection focuses on monitoring the output power and efficiency of the generator, as well as environmental conditions in the power generation stage to ensure stable power generation [2]. In the transmission stage, sensors track the current, voltage, and temperature of the transmission line in real time to ensure efficient and safe transmission. In the substation stage, data collection focuses on the working status of the transformer, including oil temperature, load rate, and insulation condition, to prevent failures. In the distribution stage, the feeder current, voltage, switch status, and user-end power quality are monitored to ensure the quality of the power supply. Data transmission serves as a bridge to ensure the smooth flow of data from power plants to users. For example, power generation data is transmitted to the dispatching center, and dispatching instructions must also be issued to each substation and distribution terminal [3]. At each stage, data analysis and processing provides support for system optimization and fault prediction, such as optimizing fuel consumption, predicting line load capacity, formulating transformer maintenance plans, and improving power quality [4]. The control and response stage is the specific implementation of data-driven decisions. At this stage, control instructions are sent to power generation, transmission, substation, and distribution equipment to achieve real-time adjustment of the power system. For example, adjust the generator output according to load changes, optimize the transmission flow according to line status, and adjust the distribution network according to user needs to ensure the flexibility and responsiveness of the system [5].
However, as power systems become more dependent on big data technologies, a new security challenge arises data attacks. False data attack, also known as data spoofing or data tampering attack, is a kind of malicious behavior targeting CPS, in which the attacker aims to disrupt the normal operation of the power system, cause grid accidents, and even threaten the national security and social stability by tampering with or falsifying sensor data, state estimation, and market transaction information. For example, the cyberattack on the Ukrainian power grid at the end of 2015 is a typical case of a false data attack [6]. The attackers used malware to send a message to the data acquisition and surveillance control system (Supervisory Control And Data Acquisition, SCADA), injecting false data and deleting the original data, causing operators and control equipment to lose considerable control over the system, resulting in a large-scale proliferation of faults difficult to recover, and ultimately leading to a power outage of about 700,000 households for several hours.
The impact of false data attacks on power CPS is multifaceted. First, it may lead to misjudgment of the operating status of the power system, which may trigger wrong dispatching decisions, cause an imbalance between power supply and demand, and even cause grid accidents. Second, false data attacks may lead to unfair transactions in the power market, affect the interests of market participants, and increase the maintenance cost of power equipment and the risk of accidents. In addition, false data attacks may also cause security risks, increase the risk of power grid accidents, and may even be utilized by hackers to attack the power system, resulting in serious consequences.
To deal with the threat of false data attacks on electric power CPS, researchers in the electric power industry and the information security field are conducting a large number of research and practices. These studies and practices include but are not limited to, the following: strengthening the research on detection and defense techniques for false data attacks to improve the security protection capability of the power system [7]; strengthening the research on emergency response and recovery capability for false data attacks to improve the anti-interference capability and reliability of the power system [8]; and strengthening the research on monitoring and early warning techniques for false data attacks to improve the real-time monitoring and early warning capability of the power system [9].
However, it is important to note that the detection and defense of false data attacks is a complex process involving multiple aspects of technologies and methods. At present, although some important research results have been achieved, there are still many challenges and problems to be solved, and most of the research has not yet fully considered the problem of false data attack detection in the big data environment, and the lack of systematic summarization and combing. Because of this, this paper comprehensively and in detail analyzes the impact of false data attack types and attack characteristics on power systems. From the perspective of big data, the attack analysis of false data in different parts of the electric power big data system is analyzed in detail. The currently commonly used methods for detecting false data attacks on electric power systems are categorized and compared, which provides a reference for researchers to choose the appropriate methods. Finally, the challenges and problems that need to be solved in the detection of false data attacks on electric power systems are summarized, and the future research direction is proposed.
The rest of the paper is organized as follows. Section 2 surveys the current status of the application of big data technologies in the power industry. Section 3 classifies the typical attacks against the four phases of power big data systems and analyzes the characteristics of the four attack types. Section 4 comprehensively summarizes the attack detection techniques employed in the four critical stages of power big data, Section 5 presents the research challenges and future directions, and finally, Section 6 concludes the paper.
It is worth noting that we used Web of Science and Google Scholar databases to retrieve the relevant literature during the study. Web of Science is considered one of the authoritative academic databases due to its strict selection criteria and high-quality data management. Google Scholar covers a wide range of academic literature including books, articles, conference papers, etc., and is updated at a faster rate. Among the numerous articles retrieved, we developed a series of criteria to select the articles that were ultimately discussed in the review. These criteria included the selection of keywords, the publication date of the article, the quality of the research, the relevance of the research methods, and the importance of the research results. A detailed analysis of this series of criteria is as follows:
(1)
Keyword selection: Choose keywords that accurately reflect the topic and research content of the article. Make sure that the selected keywords cover all aspects of power system big data analysis and false data attack detection. For example: “big data”, “power system”, “false data attack”, “blockchain”, “state estimation”, “machine learning” and “data-driven”, etc.
(2)
Publication date of the literature: Literature published within the past 3–5 years is usually selected to ensure that the technologies and methods discussed are the latest and most relevant. Big data technology and power system security are developing rapidly, and early literature may be outdated and cannot reflect the current research progress and technical level.
(3)
Research quality: Consider articles published in journals or conferences with high impact factors, as well as articles that are widely cited. A higher impact factor for a journal generally means higher quality articles. Articles with many citations often have a greater impact on other research in the field. The specific evaluation method follows: Perform a preliminary screening based on the title and abstract and eliminate irrelevant articles. Find the impact factor of the journal or conference where the article was published. Use Google Scholar or other academic search engines to check the number of citations of the article.
(4)
Relevance of research methods: Select the literature that uses advanced big data analysis methods or power system-specific false data detection techniques in the research. Read the abstract and method section of the literature to confirm whether the methods used are relevant to big data and false data attack detection. Compare the methods of different studies and select the most innovative and practical research.
(5)
Importance of findings: Select studies that have a significant impact on practical applications or significantly advance the theory. Investigate whether the research results can be applied to the safety protection of actual power systems and whether the research proposes new theories and models and makes important contributions to the academic community. Read the conclusion part of the literature and analyze the practical application and theoretical contribution of its research results.

2. Application Status of Big Data Technology in the Power Industry

With the digital transformation of the power industry, big data technologies are becoming more and more important in the power sector, and have been applied in charge prediction, fault analysis, and control decision making. However, the massive nature and low-value density of big data poses challenges in information mining, and the development of its potential for deeper integration with the industry is still in its early stages.

2.1. Optimization of Energy Production

Optimization of energy production processes is a core strategy for improving energy efficiency and reducing costs [10]. The process involves maximizing the use of raw materials and energy resources, as well as in-depth analysis of the data generated during the production process to reduce waste and improve overall efficiency. Significant reductions in energy waste can be achieved by improving energy conversion processes, such as combustion efficiency. For example, optimizing combustion parameters not only improves fuel utilization but also reduces energy losses carried in the exhaust gases, thereby improving overall energy efficiency. Secondly, the energy production process generates a huge amount of data, including equipment operating parameters, production batch records, energy consumption, product quality indicators, and so on. Using big data analytics, this data can be monitored and analyzed in real time, so that bottlenecks in the production process, such as equipment failures, operational errors, or raw material shortages, can be identified promptly. This real-time monitoring capability enables production managers to make quick adjustments to minimize production disruptions and energy losses. Further, the analysis of historical data can reveal recurring problematic aspects of the production process, such as excessive heating, cooling, or ventilation, providing data to support process improvement. By optimizing these links, energy consumption can be reduced and productivity increased. In addition, big data analytics can predict equipment maintenance needs [11]. By continuously analyzing equipment operating data, potential failures, and downtime can be predicted, leading to the implementation of predictive maintenance. This approach can intervene before equipment failures occur, reducing unplanned downtime, extending equipment life, and improving equipment utilization. Finally, optimizing the energy production process not only reduces resource consumption but also reduces environmental pollution and promotes sustainable development. Through the application of big data analytics, energy producers can better balance economic efficiency and environmental responsibility and realize the goals of green production and clean energy.

2.2. Analysis of Energy Consumption

Big data technologies play a crucial role in the digital transformation of the power industry. In the past, power companies relied on basic electricity consumption information to manage energy consumption, and this single perspective often led to an imbalance between power supply and demand, which in turn triggered energy waste and economic losses. However, with the rapid development of big data analytics, power companies are now able to utilize massive amounts of existing and historical data to accurately predict future electricity demand, thereby realizing the scientific allocation and efficient utilization of power resources [12].
The core of energy consumption forecasting lies in making accurate predictions of future energy consumption [13]. To do so, electric utilities need to collect a wide range of data, including customers’ electricity consumption history, weather conditions, economic activities, holiday schedules, and market trends. These data come from different channels and systems, which together constitute a large and complex dataset, providing a rich source of information for prediction models. With the help of machine learning and artificial intelligence technologies, electric utilities can build predictive models such as time series analysis, regression analysis, and neural networks. These models are designed to mine the data for underlying patterns and correlations to accurately predict future electricity demand. Through such predictions, power companies can plan generation and supply schedules more scientifically, optimize grid operations, reduce energy waste, and improve economic efficiency.
In addition, power companies can utilize the forecast results to make more effective resource allocation and pricing strategy development in the power market to enhance market competitiveness [14]. The application of big data analytics in the power industry not only improves the operational efficiency and reliability of the power system but also helps to promote the sustainable development of the power industry. With the continuous progress of technology, the application of big data analytics in the power industry will be more in-depth and extensive in the future, bringing more value to power companies and users.

2.3. User Service Improvements

User experience optimization is the key to delivering quality services for electric utilities. In the early days, user experience optimization relied heavily on qualitative user feedback and experience-driven decision making [15]. This usually involved collecting user opinions through questionnaires, telephone interviews, or face-to-face interactions. However, there are several limitations to this approach. First, it takes a long time to collect and analyze data, resulting in a potential relative lag in the implementation of optimization measures. Second, the lack of sufficient data to understand the unique needs of each user prevents electric utilities from providing personalized services to users [16]. With the introduction of big data technologies, user experience optimization shifted to a more data-driven approach. Electric utilities began to collect and analyze large-scale, multidimensional datasets to provide more comprehensive insights into the user experience [17]. These datasets include user behavior data, service interaction data, social media data, geolocation data, and more, providing a rich source of information for electric utilities. By analyzing this data, electric utilities can achieve quantitative assessment and prediction of user experience to more accurately understand user needs. In addition, big data technology enables power companies to provide personalized services to users. By analyzing user data, power companies can customize their service content to meet users’ individual needs [18]. This approach not only improves service quality and efficiency but also enhances user satisfaction and loyalty. Therefore, the application of big data technology in the electric power industry, especially in user experience optimization, not only improves the competitiveness of electric power companies but also helps to promote the sustainable development of the electric power industry.

3. Overview of False Data Attacks

As power system data continues to proliferate, the threat of attacks is expanding. This subsection provides an overview of false data attacks. Figure 1 illustrates the scenario of false data attacks in the power system data flow, including four phases: data acquisition, transmission, analysis and processing, and control response. In this paper, false data attacks are categorized into three types of attacks. Including false data injection attacks [19], timestamp tampering attacks [20], and data deletion and tampering attacks [21]. The typical denial-of-service attacks [22] that are widely found in the control and response phases of power systems are included in the consideration of this article, and each of these four types of attacks has different characteristics.

3.1. False Data Injection Attack

A power system false data injection attack refers to an attacker injecting false data into the system monitoring and control equipment by tampering with or forging real-time measurement data of the power system to mislead the system operation and decision making [23]. This type of attack may cause the power system monitoring and control mechanisms to incorrectly determine the state of the power system, which in turn leads to incorrect control strategies and ultimately triggers power system failures and abnormal behavior. The attack sites mainly include smart meters and sensors, field device control systems (such as SCADA systems), and data collectors and gateways. Attackers gain physical or remote access to smart meters and tamper with their measured data, causing them to report incorrect power consumption information. By interfering with or replacing sensor signals, false electrical parameters such as voltage and current are entered into the system. These invade the SCADA system, and directly tamper with the measurement data of field equipment, so that the control center receives the wrong status information. Attackers invade the data collector or gateway to modify or generate false data, which affects the accuracy of data. In addition to injecting false measurement data into the power system, this type of attack also includes false command injection, false state signal injection, and false communication attacks [24]. As shown in Figure 2, the types of false data injection attacks can be mainly summarized as the following three characteristics: deception, concealment, and persistence.
The deceptive nature of false data is mainly reflected in the distortion of the inputs and results of data analysis models [25], leading to load forecasting errors and disruption of energy market transactions, which can seriously affect the analysis and decision-making behavior of the power system. The hidden nature of false data is a major problem for the security protection mechanism of the power system [26]. Due to the complexity and volume of big data in the power system, it is often very difficult to trace the source of false data injection, and attackers may also inject false data into environments with highly noisy or redundant data to obfuscate it from the real data. Additionally, attackers persistently inject false data into the power system through suggestive data changes. The use of big data techniques to obfuscate fake data behind real data has consequences such as data consistency disruption, proliferation of fake data, and masking of malicious behavior [27].

3.2. Timestamp Tampering Attack

Digital substations require devices to make precise measurements and transmit data at the microsecond level to provide high-time accuracy sampling and fault detection. The accuracy and reliability of these operations depend on time synchronization between devices. Timestamp tampering attacks are attacks that disrupt system operation and monitoring by modifying timestamps in the power system [28]. Timestamps are used in power systems to identify the time of events and are widely used in real-time measurements and recordings. The attack sites mainly include communication networks, data transfer stations, data storage equipment, and so on. For example, in the process of data transmission, through a man-in-the-middle attack (MITM), the timestamp information of the data packet is tampered with, causing the receiver to mistake the data in real time or at the wrong time. The attacker breaks into the data forwarding server or router, modifies the timestamp of the transmitted data, and interferes with the system’s time synchronization mechanism which tamper with the data in the storage device, change the timestamp of the data record, and affect the accuracy of data analysis. The main features of this attack include timing errors, security vulnerabilities, and cross-system consistency issues. As shown in Figure 3. Timing errors include impaired timing dependencies and time inconsistencies [20]. Impaired timing dependency affects tasks that rely on timestamp execution, such as timed tasks and certificate validation. Time inconsistency, on the other hand, is when an attacker modifies the timestamp, resulting in the system time not matching the real time. Tampering with timestamps may also bypass security validation, resulting in security event sequence confusion and vulnerabilities [29]. In multi-system synchronization, timestamp tampering can lead to consistency issues that affect data accuracy and trustworthiness [30]. In addition, because timestamps are modified, the system may not be able to correctly correlate events with the device or region to which they belong, increasing the difficulty of fault location and problem troubleshooting.

3.3. Data Deletion and Tampering Attacks

Power system data deletion and tampering attacks are attacks in which an attacker interferes with the operation and monitoring of the system by deleting or modifying data in the power system [21]. This attack may result in data loss, inconsistency, and misleading operations. Data deletion attacks cause direct damage to the target system through data loss, system paralysis, and unrecoverable data, leading to serious consequences such as power outages and disruption of energy supply. A data tampering attack is the act of maliciously altering, modifying, or destroying data. The attack sites mainly include data centers, data processing servers, analysis software, and platforms. Attackers break into data centers and delete or modify critical data sets, distorting analysis results. They directly access and tamper with the data being processed through malware or permission promotion, resulting in incorrect processing results. They also, exploit software vulnerabilities or backdoors to modify data in analysis algorithms or processing to make the output unreliable or misleading. Therefore, data deletion and tampering attack characteristics are mainly characterized by three major features: misleading analysis results, impairing system reliability, and violating regulatory requirements, as shown in Figure 4.
Attackers may use deletion or manipulation of data to interfere with analytical models, leading to fault diagnosis errors and misleading energy demand analysis [21]. This class of combined attacks causes multiple damages to the reliability of the power system, including, but not limited to, load balancing failures and distorted reliability assessments. Due to the confidentiality and security of power system data, especially as it relates to data preservation, archiving, privacy protection, and security management, data deletion and tampering combination attacks can significantly impact data archiving and retention as well as threaten data privacy and confidentiality [31]. Data deletion attacks provide a prerequisite for data tampering attacks. By deleting critical data, an attacker can disrupt the operation and management of a power system, creating the conditions for subsequent data tampering behavior. Data deletion attacks can be considered a special form of data tampering. Data deletion is also an act of data tampering, which destroys the integrity and availability of the data [32]. Data deletion attacks and data tampering attacks can, therefore, be interrelated and used in combination to some extent to produce more serious consequences.

3.4. Denial of Service Attack

Denial of service attack refers to an attack method in which attackers consume the resources of the power system, such as bandwidth, processing power, or storage capacity so that legitimate users cannot access or use the power system services normally [33]. The attack sites mainly include a control center, real-time control system, and communication network. By sending a large number of requests or malicious traffic, the attacker paralyzes the control center’s servers, making it unable to process normal control instructions. A DoS attack on a SCADA system or other control device causes the system to fail to respond to a live event or command promptly. In addition, attackers launch large-scale network traffic attacks, blocking the transmission path of critical control signals, so that control instructions cannot reach their destination. This attack aims to weaken the performance of the power system or even completely paralyze the system, posing a serious threat to the availability and reliability of the system. As shown in Figure 5, a denial-of-service attack has three characteristics: resource exhaustion, bandwidth occupation, and distributed attack. Attackers can spoof IP protocol fields at the Internet Protocol (IP) layer of the power system, such as forging routing information and changing IP address allocation, as well as exploit system vulnerabilities at the transport layer to exhaust some computing resources [34]. When the system processes a large number of requests or is attacked by malicious data, the load increases sharply, exceeding its normal processing capacity, causing the system to be unable to respond effectively, and ultimately leading to service denial. This will cause real-time data to fail to reach the data center or control center in time, affecting the accuracy and real-time nature of data processing and decision making, thereby affecting the control and response capabilities of the power system. Denial-of-service attacks can target almost any networked system, including websites, applications, servers, cloud services, and network infrastructure [35].

4. Analysis of False Data Attacks in Four Aspects of Power Big Data System

Power big data refers to the large amount of data generated, collected, and stored during the operation of the power system. These data include all aspects of power production, transmission, distribution, and use. The key stages of power big data mainly include data acquisition, data transmission, data processing and analysis, and control and response stages. These four key stages of power big data constitute a closed-loop system, and each stage depends on the output of the previous stage and affects the performance of the subsequent stage.
The power big data system covers four stages of data acquisition, transmission, processing and analysis, as well as control and response. Although this process is used in many other systems, power systems are unique in their specificity and complexity in this process. First of all, in the data acquisition stage, the data types of the power system are rich and diverse, including not only the basic electrical volume such as voltage, current, and frequency, but also the ambient quantity such as temperature, humidity, and mechanical state. These data have strong temporal correlation and spatial correlation, and there are complex physical connections between different types of data [36]. Compared to many other systems, data acquisition for power systems is often performed at a high frequency and on a large scale to ensure that the real-time state of the grid can be accurately captured. Data from other systems, while also likely to show some correlations, typically do not have the same tight physical connection as data from power systems, and therefore have relatively low requirements in dealing with data correlation and complexity.
Secondly, in the data transmission stage, the periodic and seasonal changes in power system data are pronounced. For example, electricity demand can vary significantly between day and night, which requires data transmission systems to be stable and reliable to cope with cyclical changes in load patterns [37]. At the same time, the load of the power system may change suddenly due to unexpected events (such as equipment failure or bad weather), which puts higher requirements on the real time and accuracy of data transmission. In data processing and analysis, the real-time requirement of the power system is very high. If false data attacks are not effectively detected at this stage, they may mislead grid dispatching and control, leading to power supply interruption or quality degradation [38]. Therefore, the detection technology of false data attacks, not only needs to have high accuracy but also must minimize the false positive rate, so as not to cause unnecessary interference to the normal operation of the power grid. Finally, in the control and response stage, the security of the power system is directly linked to the economic and social foundations of the country. False data attacks not only threaten the stable operation of the power grid but also may directly affect national security and economic stability [39]. Therefore, for the security and integrity of data, the power system puts forward extremely high requirements, which makes it difficult to match other systems.
To sum up, there are significant differences between big data power systems and other systems in terms of data type, acquisition frequency, real-time requirements, and security. These differences require that the big data technology applied in the power system must have higher reliability, be in real time, and have security to ensure the stable operation of the power grid and the national energy security. Therefore, these differences need to be taken into special consideration when designing and optimizing the detection technology of false data attacks for power systems to ensure that the technology can meet the specific needs of power systems and improve the accuracy and reliability of detection.

4.1. Data Collection Stage

The power system data acquisition phase involves collecting data from various parts of the power system and sending it to a data center or monitoring system. In this process, it is crucial to ensure the reliability of the data source. The most typical type of data attack in this phase is a data injection attack.

4.1.1. State Estimation

Cyber-attacks can cause abnormal internal states of power systems, such as false data injection to interfere with the measurement process, or topological attacks to change the system structure and affect parameters such as voltage and power. These abnormal behaviors are inconsistent with normal system operation and can be regarded as signs of attacks. Physical model-based detection methods rely heavily on state estimation. The state estimation of a power system is computed through mathematical algorithms that utilize the measurement data provided by the measurement system to obtain optimal estimates of the system state variables. These state variables include node voltage magnitude, phase angle, and line active and reactive power [40]. To ensure the accuracy of the state estimation, the detection method is directly dependent on the power system’s data acquisition system. This system consists of a variety of sensors, smart meters, Phase Measurement Units (PMUs), and other state-of-the-art equipment, which together are responsible for collecting and transmitting high-quality measurement data. These data are the cornerstone of condition estimation, which is essential for maintaining the stable operation of the power system.
In addition, state estimation-based detection methods can be integrated into energy management systems (EMS) to enable real-time detection of false data injection attacks. This approach can effectively guarantee the security and reliability of the power system. State estimation can be divided into two categories: static estimation [41] and dynamic estimation [42]. Static estimation includes weighted least squares (WLS) estimation [43], median filter (MF) [44], and maximum likelihood (ML) estimation [45]. Static estimation methods are effective for typical cyber-attacks, but have weak system transient response and real-time adaptability, and are not suitable for detecting complex and changeable attacks. In contrast, dynamic estimation detection methods, such as Kalman filter (KF) [46] and its variants [47], Gaussian process regression [48], and particle filter [49], are valued for their advantages in system dynamic response and adaptation to diverse loads and operating conditions. Kalman filter minimizes estimation errors by linearizing system models and measurement equations and is suitable for dynamic state estimation. Dayananda et al. [50] used a reconfigurable Kalman filter to detect faults and false data injection attacks in smart grids. Because of the hidden nature of FDIA, Wang et al. [51] proposed an effective FDIA detection scheme based on a two-stage learner of the Kalman filter and recursive neural network (KFRNN). A dynamic threshold is obtained through the two-stage learner to determine whether FDIA occurs. Considering the situation where multiple nodes of the sensor are attacked, Luo et al. [52] adopted an isolation method based on an adaptive Kalman filter library and set an adaptive threshold to solve the detection delay problem caused by the prior threshold in the existing detection method. In addition, some researchers have combined static estimation and dynamic estimation, taking advantage of the complementary advantages of the two, and achieved good results [53].
However, the performance of the Kalman filter is limited in nonlinear systems and non-Gaussian noise environments because it relies on the linear and Gaussian distribution assumptions of the system model and measurement equations. To solve these problems, researchers have proposed improved methods such as the unscented Kalman filter and cubature Kalman filter, which apply to a wider range of nonlinear systems and non-Gaussian noise environments. For example, Živković et al. [54] combined the unscented Kalman filter (UKF) with a state estimation algorithm based on weighted least squares to detect the difference between random fluctuation estimates in real time, thereby identifying false data attacks. Lu et al. [55] explored random variables that obey the Bernoulli distribution to characterize the phenomenon of randomly occurring erroneous data injection attacks, and designs an improved unscented Kalman filter by minimizing the upper limit of the filter error covariance, but lacks anti-attack capabilities and limited prediction accuracy. Table 1 and Table 2 introduce the advantages and disadvantages of static estimation and dynamic estimation methods, respectively. State estimation primarily uses known system models and measured data to calculate unmeasured state quantities in the system, such as node voltages and phase angles. State estimation accurately reflects the physical state of the system and identifies and addresses potential problems by monitoring subtle changes. It provides critical data for optimal system scheduling, fault diagnosis, and load forecasting. However, its accuracy is highly dependent on accurate system modeling and high-quality measurement data.

4.1.2. Machine Learning

The most important part of machine learning-based detection methods is to take full advantage of modeling the physical characteristics of the power system. Power system data has distinct physical characteristics, such as voltage, current, power, etc. When constructing a machine learning model, these features need to be extracted and feature engineered in conjunction with the power system’s topology, load patterns, and power flow laws. This ensures that the machine learning model captures the intrinsic laws and normal operation patterns of the power system [56]. In addition, the state variables of the power system, such as node voltages, phase angles, and line power flows, are used as input features to the machine learning model. These state variables are key indicators of power system operation, and the model can detect anomalies by learning the normal distribution and trends of these variables. Machine learning-based detection methods do not rely on mathematical models of physical systems but use historical data to train algorithms to distinguish between attack patterns and normal behavior. This approach includes supervised learning, semi-supervised learning, and unsupervised learning, which differ in data annotation and learning objectives. Compared with state estimation-based detection methods, machine learning methods rely more on data-driven model training and pattern recognition [57]. Fusion of different types of sensor data (such as PMU, and SCADA data) forms a comprehensive dataset for training and testing machine learning models. This data integration approach can improve the robustness and accuracy of the model and reflect the overall status of the power system.
Supervised learning applies to data with clear labels. For false data injection attack detection, mainstream supervised learning methods include support vector machines [58], random forests [59], and decision tree algorithms [60]. In addition to the above techniques, neural networks are widely used as a trendy tool for attack detection [61]. Support vector machines are good at processing nonlinear data, and random forests are suitable for high-dimensional data but may be biased toward the majority category. Decision trees are prone to overfitting and are sensitive to noise. Neural networks require a large amount of labeled data, and there is a risk of overfitting and poor interpretability.
Unsupervised learning is used to discover structures and patterns in data. It does not require label information and is mainly used for clustering problems. For network attacks, unsupervised learning can use the difference between abnormal data and normal data for detection. Among them, the k-means clustering algorithm is one of the most commonly used clustering algorithms [62], but the number of clusters needs to be specified in advance, which may affect the results. So hierarchical clustering was proposed. Hierarchical clustering represents the clustering structure of the dataset by constructing a clustering tree. It is divided into two methods: agglomerative and divisive. There is no need to specify the number of clusters in advance. Other unsupervised learning algorithms include ensemble learning, which uses multiple models to comprehensively judge different types of power false data injection attacks [63]. Principal component analysis (PCA) achieves dimensionality reduction by extracting the principal components of the data, which helps to process high-dimensional data sets and visualize abnormal data. However, when the data set is nonlinear and complex, the effect of PCA is limited [64]. The autoencoder can learn the complex nonlinear relationship of the input data and is sensitive to abnormal data, which is suitable for anomaly detection.
Semi-supervised learning is a method that combines supervised learning and unsupervised learning, and attempts to use unlabeled data to improve model performance [65]. Since semi-supervised learning is a machine learning method between supervised learning and unsupervised learning, many methods are derived from these two learning methods, resulting in a series of variants [66]. For example, single-class support vector machines, deep autoencoders, semi-supervised deep learning, etc. Compared with a large number of methods based on supervised learning algorithms, the application research of semi-supervised learning in power system attack detection is limited. At present, most studies use ensemble learning to combine multiple model predictions to improve anomaly detection performance [65]. For example, Zhou et al. [67] proposed a semi-supervised detection method based on the common forest algorithm. Ensemble learning is used to combine the extracted features to improve the accuracy of the semi-supervised detection method.

4.1.3. Data Driven

Compared with machine learning, data-driven detection methods focus more on directly using data for feature extraction, statistical analysis, and pattern recognition, and do not necessarily rely on complex model training processes. Methods include simple statistical analysis [68], rule-based methods [69], and time series analysis [70], etc. Data-driven methods emphasize direct analysis and utilization of the data itself and may not require a large amount of labeled data but require a deep understanding of the statistical characteristics and physical meaning of the data. Data-driven technology uses machine learning and data mining algorithms to automatically analyze large amounts of data and is widely used in multiple fields. However, in power system faults and network attack detection, these technologies often perform anomaly detection based on known patterns and may not be able to effectively identify new faults and attacks. Therefore, how to timely update and improve data models to adapt to new attacks is an important challenge. Sahu et al. [71] evaluated a data-driven hybrid information fusion algorithm for cyber-physical intrusion detection, which uses network and power sensor data to reduce false alarms. Since the hybrid information fusion algorithm involves multiple parameters and models, parameter tuning is difficult. Zhao et al. [72] studied a data-driven design of cyber-physical systems by solving constrained optimization problems for detecting new attacks. Chen et al. [73] used the Q-learning algorithm to evaluate the data-driven method based on partially observable Markov decision processes and proposes a data-driven FDI attack construction and a data-driven defense strategy.
Data collection in power systems is usually carried out in real time, and data-driven methods require processing and analyzation of these real-time data. By continuously monitoring the flow of data, detection can be performed at the moment the data is injected into the system. An important part of building a data-driven organization is the ability to process and monitor continuous data streams. Isah et al. [74] proposed a scalable and fault-tolerant data stream ingestion and integration framework for absorbing and integrating data streams. The big data of the power system is intertwined in time and space, and the characteristics of high-dimensional data are complex and changeable. To make full use of the information on high-dimensional data streams, Yan et al. [75] applied a new process monitoring method, which effectively solves the problem of extracting high-dimensional data streams including profiles and images. Silva et al. [76] implemented an embedded experimental architecture for big data analysis for smart cities, which realizes urban planning and smart city decision-making management by using big data analysis for real-time data processing. The data-driven framework proposed can dynamically learn and detect false data injection attacks by Hallaji et al. [77]. In addition to data-driven detection schemes, multi-level security measures and event-triggered response mechanisms can also be used to comprehensively improve the security of power systems [78].

4.2. Data Transmission Stage

The data transmission stage of the power system usually includes two stages: the transmission from the data acquisition device to the data processing center and the transmission from the data processing center to the user end. Both stages involve steps such as data encoding, packaging, transmission protocol selection, transmission medium selection, and transmission control. However, in the process of power system data transmission, if there is no appropriate data integrity protection mechanism, attackers can modify the timestamp or delete specific data by tampering with the data packet. Therefore, the most typical attack in the data transmission stage is the timestamp tampering attack.

Time Synchronization Monitoring

Timestamps are widely used in power systems to record and identify the time points of data generation, transmission, and processing to support various functions and operations, such as fault analysis, data synchronization, event sequencing, etc. Therefore, the accuracy of timestamps is crucial to the normal operation of power systems. Traditional detection methods for timestamp tampering attacks in power systems mainly include clock synchronization protocols, data consistency detection, and abnormal event detection. Table 3 describes in detail the advantages and disadvantages of attack detection methods based on clock synchronization monitoring.
Power grid equipment and systems need to maintain clock synchronization, and the commonly used Network Time Protocol (NTP) and Precise Time Protocol (PTP) are used. PTP is vulnerable to network attacks such as delay attacks, packet modification, transparent clock attacks, and time reference attacks. Moradi et al. [79] proposed a new PTP attack detection algorithm based on the comparison between network clock times. The algorithm can detect delay attacks on synchronization messages, as well as attacks on transparent clocks and simultaneous attacks on the network, but it relies on node status information. Moussa et al. [80] extended PTP functions and information, and uses the UPPAAL model checker for formal modeling and verification to achieve detection of PTP time synchronization attacks. Alghamdi et al. [81] proposed a new security method using a trusted supervisor node, which enables it to detect abnormal patterns pointing to attacks by collecting and analyzing the delay and misalignment outputs of monitored slaves, as well as the timestamps embedded in PTP synchronization messages, but may be limited in dealing with diversified attacks.
The existing centralized timestamp mechanism makes it difficult to provide reliable timestamps, and users can collude with timestamp servers to forge timestamps. To prevent forged timestamps, Qiu et al. [82] developed a secure time synchronization protocol using a security model to combat false timestamps and detect malicious nodes in the Internet of Things. Wu et al. [83] designed a distributed timestamp mechanism based on a continuous verifiable delay function. Digital blind signatures using multiple timestamp servers and elliptic curve cryptography prevent forgery, but the performance overhead is large and not easy to deploy on a large scale. Moussa et al. [84] introduced a new Simple Network Management Protocol data object to monitor PTP functions and detect false timestamps. Tampering is determined by monitoring the continuity of timestamps. If discontinuity, jumps, or regressions occur, tampering may be indicated. Clock synchronization mechanism monitoring does not require additional cost, but network delays may affect accuracy. If tampering is detected, further analysis is required to determine the cause of the tampering.
At present, the methods for detecting timestamp tampering attacks mainly use timestamp comparison between nodes. This method will increase the computational and communication overhead in large-scale systems. In addition to node information detection, tampering can also be detected by comparing timestamps with public time servers, but the security of the server will also affect the accuracy. He et al. [85] proposed a network time synchronization security strategy based on polarization coding for timestamp exchange, but this method only operates at the physical layer. Some technologies are based on complex cryptographic algorithms, which have high computational overhead and require complex key management. Simple algorithms are vulnerable to attacks. Hymlin et al. [86] proposed a clustering-based method. After identifying malicious nodes, the communication is changed to other groups to avoid interference by arranging new clusters that leave the malicious nodes.

4.3. Data Processing and Analysis Stage

Power system data processing and analysis includes data preprocessing and data storage management. The core of data preprocessing is data cleaning and correction. This stage faces a variety of complex attacks, including database tampering, network connection attacks, or intermediate computing node attacks, which are mainly divided into two types: data deletion and tampering. To prevent such combined attacks, researchers currently focus on solving the problem from the following five aspects:
(1)
Strengthen access control to the power system and limit the deletion and modification permissions of key data.
(2)
Implement data backup and disaster recovery mechanisms to ensure data reliability and durability.
(3)
Use secure encryption technology to protect data transmission and storage to prevent attackers from tampering with or deleting data.
(4)
Digitally sign or hash check key data to verify data integrity and authenticity.
(5)
Establish data audit and monitoring mechanisms to detect abnormal and malicious behavior promptly.

4.3.1. Data Integrity Verification

Massive data of the power system is stored in the big data cloud, and the cloud system is responsible for making decisions after analysis and processing. To prevent data from being maliciously deleted and tampered with, it is necessary to perform data integrity checks regularly, verify data ownership, and detect unauthorized modifications. At present, Provable Data Possession (PDP) and Proof of Retrievability (PoR) are the two main solutions to ensure the integrity and availability of cloud storage data. They help users verify whether cloud service providers store data correctly and defend against data deletion and tampering attacks, thereby establishing user trust in cloud storage. The PDP mechanism allows users to generate verification tokens when uploading files and store them in cloud services for subsequent verification of data integrity. Existing PDP mechanisms include the PDP mechanism based on the MAC authentication code [87], the PDP mechanism based on the RSA signature [88], the PDP mechanism based on the BLS signature [89], the PDP mechanism supporting dynamic operation [90], the PDP mechanism supporting multiple copies [91], and the PDP mechanism protecting privacy [92].
Unlike the PDP mechanism, the PoR mechanism is a scheme for verifying whether the data stored in cloud storage can be effectively retrieved and restored. PoR schemes usually use methods such as encryption technology, hash trees, and data block location proof to ensure data integrity and recoverability. In recent years, researchers have proposed many PoR schemes to solve the cloud integrity problem. PoR can be divided into static data and dynamic data according to the data form of cloud storage. Static data PoR mainly verifies data integrity, while dynamic data PoR also needs to ensure data availability and recoverability. Juels [93] proposed static data PoR, while dynamic data PoR is more complex and requires more advanced technology. For example, Wang et al. [94] introduced third-party auditors and operates hash trees to improve the storage model proof. Ge et al. [95] proposed a dynamic encrypted cloud data keyword search scheme (AAT) based on symmetric key verification, which can support the verifiable requirements of dynamic data updates. To improve the search capability, Liu et al. [96] applied a verifiable dynamic encryption (Verifiable Dynamic Encryption Scheme, VDERS) scheme with ranked search, which allows users to perform top-level search document collections and verify the correctness of search results safely and effectively. In addition to the need to strengthen search capabilities, data integrity verification also requires retrievability. Fu et al. [97] proposed a dynamic proof of retrievability (DIPOR) scheme, which can retrieve damaged data blocks and support dynamic data updates. Table 4 lists the advantages and disadvantages of the existing PDP and PoR mechanism detection methods.

4.3.2. Blockchain Technology

To cope with diverse cyber-attacks, researchers have proposed a multi-level detection and defense strategy that combines encryption technology, digital signatures, and blockchain. These technologies help to dynamically detect attacks while improving the security and integrity of data storage through distributed and decentralized architectures, as well as consensus algorithms and distributed ledgers. Blockchain technology, originally used for cryptocurrency, has been extended to the field of data security due to its data immutability, enhancing data credibility and security. Taking advantage of the immutability of blockchain technology, Lian et al. [98] proposed a tamper-proof detection middleware that provides efficient tamper-proof detection for relational databases. The paper’s dual blockchain-assisted secure anonymous data aggregation scheme is suitable for fog smart grids but faces the problem of high computing and storage overhead by Chen et al. [99]. To cope with some challenges in digital forensics, such as data integrity, evidence deletion or alteration. Pourvahab et al. [100] used blockchain technology to establish a chain of custody based on the Internet of Things architecture of software-defined networks and combines a linear homomorphic signature algorithm to verify users and ensure data integrity during digital forensics.
Blockchain technology has significant application potential in the field of auditing and investigation due to its data immutability, transparency, and traceability. Smart contracts allow code-based rules to be automatically executed and verified on the blockchain. Although blockchain data is public, sensitive information needs to be protected through encryption technology to prevent unauthorized access and privacy leakage. Hash functions are a key technology used to ensure data integrity and unique identification. Commonly used hashing algorithms include SHA-256 [101] and SHA-3 [102]. Asymmetric encryption (such as RSA [103]) and symmetric encryption algorithms are commonly used for digital signatures and authentication in blockchain. RSA has high security but low efficiency. Elliptic curve cryptography (ECC) [104] provided the same security level but is more efficient and suitable for resource-constrained environments. However, ECC needs to select appropriate elliptic curve parameters, and improper parameter selection may lead to reduced security. In response to this problem, researchers proposed an Edwardian Curve-based Digital Signature Algorithm (EdDSA) [105] on top of the Digital Signature Algorithm (DSA) [106] and ECC, which simplifies the selection of elliptic curve parameters while meeting its functional requirements. There are other encryption algorithms, such as DSA, ElGamal, etc., but these algorithms have higher key length requirements. Symmetric encryption algorithms use the same key to encrypt and decrypt data and are commonly used in blockchain data transmission and storage, such as Advanced Encryption Standard (AES) [107,108], but AES cannot prevent unintentional data tampering. Symmetric encryption algorithms are typically used to encrypt large amounts of data, while asymmetric encryption algorithms are used in scenarios such as key exchange and digital signatures. In practical applications, these two encryption algorithms are usually used in combination to take advantage of each other.

4.4. Control and Response Stage

The power system control and response phase involve real-time data control decisions and operational measures to adjust the system status. This phase forms two-way feedback with the data analysis and processing center. The terminal service equipment of the power system continuously exchanges data and service requests with the center. The most typical attack in this phase is a denial-of-service attack.

4.4.1. Traffic Supervision

One of the biggest characteristics of a denial-of-service attack is the sudden increase in traffic during the attack period. Attackers generate a large amount of traffic through legitimate protocols or application vulnerabilities, which may be forged source IP address traffic or initiated through a botnet [109]. Common attack methods include UDP Flood, SYN Flood, HTTP Flood, ICMP Flood, and Amplification Attack, the purpose of which is to create traffic that exceeds the system’s processing capacity, resulting in service interruption [110]. To detect a sudden increase in traffic, a simple method is to set a predefined threshold. However, fixed thresholds are difficult to adapt to changes in attack traffic, which may result in low detection rates and high false alarm rates. For example, Mousavi et al. [111] proposed a fixed threshold based on the entropy change of the target IP address to detect distributed denial-of-service (DDoS) attacks on SDN controllers involving a single victim. However, this fixed threshold setting cannot adapt to changes in the attack traffic rate. When the attack traffic rate changes, the fixed threshold may lose its effect, resulting in a low detection rate and a high false alarm rate. In addition, due to the limitation of the fixed threshold, some DDoS attacks and undetected attack traffic may exceed the threshold and thus not be detected.
Therefore, dynamic thresholds and adaptive thresholds are gradually being taken seriously. Aladaileh et al. [112] proposed a dynamic threshold algorithm based on Renyi joint entropy, which is adjusted to adapt to different DDoS attack traffic rates. David et al. [113] implemented an efficient statistical method based on traffic characteristics and a dynamic threshold detection algorithm. By analyzing changes in network behavior, when the calculated attribute is greater than the threshold within a certain time interval, the attack will be detected, but it is difficult to extract new attack features. Tsobdjou et al. [114] proposed a dynamic threshold system based on online entropy to detect DDoS flooding attacks. Although there are many studies on high-rate DoS attacks, low-rate DoS attacks are difficult to detect because their traffic is similar to normal traffic and they have a cumulative impact on legitimate traffic. Baskar et al. [115] proposed a real-time traffic monitoring algorithm using multi-threshold traffic analysis. It is used to monitor and detect low-rate DDoS attacks in real time, improving the detection rate. However, the dynamic threshold method may take time to adapt to traffic changes, and new attacks or environmental changes may cause missed attacks during learning. Table 5 introduces the advantages and disadvantages of the traffic supervision detection method.

4.4.2. Statistics

In addition to the traffic threshold method, statistical methods are also used to detect abnormal traffic. These methods use statistical metrics such as average traffic, variance, and peak. Amma et al. [116] implemented a statistical method based on class scatter ratio and feature distance graph to detect DoS attacks. This method has strong noise resistance, but there is a certain false alarm rate. A self-organizing map neural network is used for high-dimensional data visualization and is effective in many applications such as network intrusion detection. Qu et al. [117] proposed an enhanced self-organizing map (SOM) model for DoS attack detection in unbalanced data sets. This model is sufficient to meet the DoS attack detection of different data sets. Bouyeddou et al. [118] proposed a detection mechanism based on continuous sorting probability scores and exponential smoothing for efficient detection of DOS and DDOS attacks. This method is sensitive to traffic fluctuations. There are also methods such as frequency domain, time domain, and wavelet transform. These methods are mainly based on the analysis of signals and statistical feature extraction to determine whether there is an attack. Although statistical methods are highly adaptable and reduce false alarms and missed alarms, they require a large amount of historical data training and may not be accurate enough for new systems or new attacks.

4.4.3. Elastic Computing

Denial-of-service attackers use machines or botnets to coordinate attacks and increase processing demands on target systems. As a result, requests from normal users cannot be responded to promptly, resulting in traffic accumulation and delay, which brings sudden traffic pressure to the system. Elasticity calculations are a good way to solve such difficulties. Elastic computing combines big data technology to improve system flexibility and fault tolerance. Cloud computing platforms can expand computing and storage resources and alleviate system traffic congestion. Mishra et al. [119] proposed a taxonomy of load-balancing algorithms in the cloud to achieve load balancing. For example, memory load, computing load, network load, etc. Priya et al. [120] proposed multi-dimensional resource scheduling algorithms and queuing network models for cloud infrastructure load balancing. Also to solve the problem of difficult energy supply in the power system, Powroźnik et al. [121] studied the elastic energy management algorithm of smart home appliances using Internet of Things technology, and the network voltage can be adjusted using a greedy random adaptive search program. This algorithm is particularly effective in situations where excessive load or local power generation causes voltage fluctuations. Powroźnik et al. [122] applied elastic energy management algorithms to hierarchical control systems with distributed control devices for controlling household smart appliances. However, elastic computing relies on the support and guarantee of cloud service providers. If the cloud service provider is attacked, malfunctions, or suffers performance degradation, it may result in service interruption or degradation of the power system. Elastic computing introduces a certain amount of latency. Since key tasks and data need to be transmitted to remote cloud servers for processing, it may not be suitable for power system applications that require high real-time performance. Therefore, you can consider partially localizing it to reduce transmission delays and the risk of relying on cloud services, reasonably plan the system architecture, and place key tasks and data close to users or key devices.

5. Research Challenges and Future Directions

In this section, we also provide some open and valuable research problems and discuss them carefully from three perspectives: research problems, existing preliminary solutions, and future research directions.

5.1. Covert New Adversarial Attack Detection

Research question: Unknown attacks may bypass existing power system detection mechanisms and launch attacks covertly. This type of attack is the focus of power system security research.
Preliminary solution: For specific target attacks on power system components, network equipment, communication protocols, or business processes, Chen et al. [123] proposed algorithms for detecting micro-aggressive disturbances in power systems. Inspired by this study, Anthi et al. [124] explored the use of Jacobian saliency maps and adversarial training to improve the robustness of supervised models, but there are relatively few power system studies in this area. Generative Adversarial Network (GAN)-based detection methods are widely used in the field of power system security [125]. Liu et al. [126] generated simulated normal power system data through GANs and trains classifiers accordingly to distinguish real data from generated data. This technique is particularly good at identifying adversarial attacks that differ only subtly from normal behavior. However, the training and tuning process of GAN is quite complex and has a potential problem: the generated data may not match the actual attack patterns exactly [127]. At the same time, with the continuous progress of big data technology, the detection method based on multi-source data fusion has also received more and more attention [71]. Wu et al. [128] and Ganjkhani et al. [129] integrated multiple data sources of the power system, such as SCADA, PMU, and communication data, and performs comprehensive analysis, which enables comprehensive access to system status information from multiple perspectives and significantly improves the accuracy of detection [130]. However, the data fusion technique also faces some challenges, such as data inconsistency and the problem of handling high-dimensional data. In addition, the outstanding performance of migration learning in the field of large models also shows its potential in power systems [131]. Yassine et al. [132] utilized models pre-trained in other domains to assist in detecting covert attacks in power systems, an approach that is particularly effective in data-scarce situations as it avoids having to train models from scratch. However, the differences between the source and target domains may affect the effectiveness of transfer learning, which is an issue that requires special attention in practical applications [133].
Future directions: For cyber-attacks on information-physical power systems, Liu et al. [134] designed co-simulation platforms with hardware-in-the-loop, and Sahu et al. [135] proposed cyber-physical test platforms for improving the resilience of power system attacks. However, the simulation environments of these platforms have limitations, and the simulation models cannot accurately reflect all the details of real power systems. To detect covert new adversarial attacks, a cross-domain and cross-level power system detection platform will be established in the future, deeply integrating big data, artificial intelligence, and IoT technologies to enhance system security and transparency. Big data technology is utilized to process large amounts of data from sensors, combined with deep learning and pattern recognition from AI, to establish normal operating patterns of the power system and quickly identify anomalies. IoT technology realizes the interconnection of equipment and real-time monitoring of equipment status and environmental conditions to improve the reliability and anti-interference capability of the system. In addition, the integration of physical security and cyber security, and the combination of systems engineering and data science are also very necessary.

5.2. How to Further Unleash the Potential of Big Data in the Power Sector

Research question: Big data technology is crucial to the digital transformation of power systems, but big data applications in the power sector are still limited, costly, and resource intensive. How to fully tap the potential of big data in the power sector is a focus of future research.
Preliminary solution: In the power system, data integration and sharing are the core links to fully utilizing the potential of big data [136]. Currently, there is a large amount of heterogeneous data in the power system, which is dispersed in different systems and devices, making data integration and utilization complex. To overcome this challenge, it is crucial to establish a unified data platform that can centrally manage and analyze data [137], thereby improving the efficiency of data utilization. However, it involves the compatibility and conversion of multiple data formats and protocols, which makes the technical realization more complex. Moreover, centralized data management increases the risk of data leakage and attacks, requiring additional security measures.
Intelligent algorithms and model optimization are key tools for unlocking the value of power big data [138]. By developing and applying advanced intelligent algorithms and models, such as machine learning and deep learning, the efficiency and accuracy of data analysis can be significantly improved. Smart algorithms can automatically identify patterns and anomalies in the data, thereby improving the power system’s prediction and decision-making capabilities [139]. The application of intelligent algorithms in load forecasting, fault diagnosis, and grid optimization can significantly improve the reliability and economy of the system. The effectiveness of intelligent algorithms is highly dependent on the quality and quantity of data, and insufficient or poor-quality data may affect the results. Complex algorithms require the support of a large number of computational resources, which may lead to increased costs.
The combination of cloud computing and edge computing is another important strategy to enhance the utility of powerful big data [140]. Cloud computing provides powerful computing and storage capabilities, but its shortcomings in real time can be compensated by edge computing. Edge computing can process data at the source where it is generated and reduce data transmission delay. By combining cloud computing and edge computing, the overall cost can be reduced while ensuring real-time performance [141]. Combining cloud computing and edge computing requires complex architectural design and implementation programs. Edge computing may face more security threats and require additional security measures.
Data security and privacy protection are necessary guarantees for utilizing electric power big data. Encryption technology needs to be used in all aspects of data transmission, storage, and processing, and privacy protection algorithms [142], such as differential privacy [143], need to be introduced to prevent data leakage and misuse. These measures can ensure that the application of big data in the power sector can both realize its value and protect data security and user privacy [144]. High-level data security and privacy protection measures require significant financial and technological investments. They involve the comprehensive application of multiple security technologies and are difficult to implement and maintain.
Future direction: Smart grid is an inevitable trend for the future development of the power system [145], which will achieve intelligent monitoring, optimized scheduling, and self-healing capability of the power grid with the help of big data technology. To this end, we need to further improve the architecture and standards of the smart grid and promote the application and popularization of related technologies to realize the modernization and transformation of the power system.
To alleviate the pressure on the main power grid and cope with the electricity tension during peak hours, distributed energy and microgrids have become an effective strategy to cope with the volatility and decentralized nature of renewable energy [146]. Through big data technology, we can accurately predict and optimize the scheduling of distributed energy sources to improve the stability and economy of their grid-connected operation.
Another important guarantee for the digital transformation of the power system is the digitalization of the power market. Realizing the intelligence and transparency of market operations can improve the operational efficiency and transparency of the market and promote the optimal allocation of power resources [147]. Big data technology plays a key role in this process, which can enhance the flexibility and competitiveness of the market by accurately predicting market supply and demand and making dynamic adjustments.
The ultimate goal of the digital transformation of the power system is to realize the potential of smart cities and smart electricity. The construction of smart cities cannot be separated from the support of smart electricity consumption technology. Big data technology can help realize intelligent management and optimization of electricity consumption and improve the efficiency of urban energy use [148]. Smart electricity technology includes smart meters, smart homes and electric vehicle charging management, etc. Through data analysis and optimization, it can achieve reasonable distribution and saving of energy, contributing to the construction of a sustainable smart city [149].
In summary, smart grids, distributed energy, power market digitization, and smart electricity technologies together constitute the key elements of the digital transformation of the power system. These elements are interconnected, and together they drive the power system in the direction of smarter, more efficient, greener, and more sustainable development.

5.3. Power Big Data Security and Privacy Protection

Research question: The privacy and security issues of power big data have not been fully addressed, especially in the context of cyber-attack detection. How to accurately and effectively detect cyber-attacks without accessing personal consumption data is an important research topic in the field of power big data.
Preliminary solution: Data aggregation is a key technology to achieve data privacy [150]. Blockchain technology and cloud computing technologies (encryption technology, differential privacy [151], anonymization processing [152], access control technology, etc.) are used to aggregate information from multiple data sources without exposing personal sensitive information. The aggregated data is utilized to perform analyses, such as the total power consumption patterns in each area, without access to detailed personal data. This allows for effective cyber-attack detection while protecting personal privacy such as detecting possible attacks by analyzing anomalous patterns in the aggregated data [153]. For example, a sudden surge in power consumption may indicate a cyber-attack. Nevertheless, data aggregation faces challenges such as data consistency and comparability, privacy policies, and laws and regulations in practical applications. When collecting and processing big data on electricity, personal identifying information can be removed, encrypted, or anonymized to ensure that personal information in a dataset cannot be directly associated with a specific user and that even if the data is compromised [154], the identity of the user cannot be deduced from the data in reverse. Edge computing and distributed detection are also effective means of realizing the security and privacy protection of electric power big data. Decentralizing data processing and analysis tasks to edge devices (e.g., smart meters) on the grid allows for real-time analysis near the point of data generation, reducing reliance on central servers while protecting data privacy [155]. Distributed detection utilizes multiple distributed nodes for collaborative detection, where each node processes only local data, and ultimately identifies global network attacks through collaboration among nodes [156]. In addition, encryption technology allows the manipulation and computation of encrypted data without the need to decrypt the data, thus protecting data privacy. Multiple parties are allowed to collaborate on computations without disclosing their respective private data to jointly accomplish the attack detection task.
Future direction: With the development of technology, simple de-identification and anonymization techniques can no longer adequately protect data privacy. The efficiency and reliability of de-identification and anonymization techniques need to be further improved to ensure that data can better protect user privacy while maintaining high analytical value. Future research should pay more attention to the optimization of edge computing and distributed detection architectures to improve their processing power and security so that they can more effectively respond to the real-time analysis needs of large-scale data. Finally, electric power big data applications need to balance data sharing and privacy protection and explore flexible privacy protection schemes to meet data utilization needs. Research can focus on privacy protection mechanisms under multi-party participation, such as trusted computing and secure multi-party computing [157], to ensure the secure exchange and processing of data among participants.

6. Conclusions

Big data plays a vital role in the detection of false data attacks in power systems. With the high degree of automation, informatization, and interconnection of power systems, the application of big data has brought great value to power systems but also increased the risk of false data attacks. False data attacks pose a serious threat to the safe and stable operation of power systems. Therefore, it is particularly important to use big data technology to detect false data attacks. This paper discusses the impact of false data attacks on the four stages of power big data systems, including the data acquisition stage, data transmission stage, data processing and analysis stage, and control and response stage. And analyzes the important detection methods of attacks. At the same time, the limitations of existing detection models are pointed out.
However, although big data technology plays an important role in the detection of false data attacks in power systems, it still faces some challenges. First, the power system has a large amount of data and high complexity. How to effectively process and analyze this data is a challenge. Second, the means of false data attacks are diverse and hidden. How to accurately detect and identify these attack behaviors is also a problem. In addition, with the development of power systems and the continuous evolution of attack technologies, how to improve big data security mechanisms and privacy protection is also a problem that needs to be solved. In general, the power system needs to use advanced data processing technology, intelligent algorithms, sound security mechanisms, and privacy protection measures to deal with false data attacks. However, we must pay more attention to the types and categories of data in the power system, including but not limited to real-time monitoring data, historical load data, equipment status data, user usage data, etc. Each data type has its unique characteristics and importance and plays a vital role in the stable operation and safety protection of the power system. The process of extracting data from the power system and inserting it into the communication system for transmission is also critical. In the data acquisition stage, sensors, smart meters, and other monitoring devices are responsible for collecting key operating data. These data are transmitted in the network through a variety of devices (such as routers, switches, servers) and transmission media (including copper cables, optical cables, etc.). Each link may become an entry point for false data attacks, so in-depth understanding and close monitoring of these links are essential.
To ensure the reliability of data and the security of the system, we need to analyze the following aspects in detail:
(1)
The accuracy and security of data acquisition equipment and how they resist external interference and tampering.
(2)
Encryption and authentication technology during data transmission to ensure the integrity and confidentiality of data as it passes through different network nodes and media.
(3)
Algorithm robustness in the data processing and analysis phase to identify and filter out false or abnormal data.
(4)
The design of the control and response system so that quick action can be taken when an attack is detected.
In the future we will further study the application value of power big data, focus on developing more efficient data processing and analysis technologies, and develop multi-level and multi-dimensional security detection and response mechanisms for the data types and transmission characteristics unique to the power system. This may include but is not limited to real-time data verification, abnormal behavior pattern recognition, the design and optimization of rapid response and repair mechanisms, and customized security solutions for specific devices, routers, servers, and transmission media. Through these methods, we can more effectively ensure the stable operation of the power system and the reliability of data while resisting evolving security threats.

Author Contributions

Conceptualization, Z.C. and Y.W. (Yong Wang); methodology, Z.C.; software, J.W. and H.L.; validation, J.W., Z.C. and H.L.; formal analysis, Y.W. (Yong Wang), Y.W. (Yanfeng Wang) and X.X.; investigation, Z.C. and Y.W. (Yong Wang); resources, Y.W. (Yanfeng Wang) and J.W.; data curation, Y.W., H.L. and Y.W. (Yanfeng Wang); writing—original draft preparation, Z.C. and Y.W. (Yong Wang); writing—review and editing, Y.W. (Yong Wang), J.W. and X.X; visualization, Y.W. (Yanfeng Wang); supervision, Y.W. (Yong Wang) and X.X.; project administration Z.C., H.L. and X.X. All authors have read and agreed to the published version of the manuscript.

Funding

This work was Supported by Sichuan Science and Technology Program (2023NSFSC1987), and the Science &Technology Project of Sichuan Province Electric Power Company (52199723001S).

Data Availability Statement

No new data were created or analyzed in this study. Data sharing is not applicable to this article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

  1. Lu, Y. Cyber Physical System (CPS)-Based Industry 4.0: A Survey. J. Ind. Intg. Mgmt. 2017, 02, 1750014. [Google Scholar] [CrossRef]
  2. Meyer, E.L.; Apeh, O.O.; Overen, O.K. Electrical and Meteorological Data Acquisition System of a Commercial and Domestic Microgrid for Monitoring PV Parameters. Appl. Sci. 2020, 10, 9092. [Google Scholar] [CrossRef]
  3. Shangguan, X.-C.; Zhang, C.-K.; He, Y.; Jin, L.; Jiang, L.; Spencer, J.W.; Wu, M. Robust Load Frequency Control for Power System Considering Transmission Delay and Sampling Period. IEEE Trans. Ind. Inf. 2021, 17, 5292–5303. [Google Scholar] [CrossRef]
  4. Samy, M.M.; Almamlook, R.E.; Elkhouly, H.I.; Barakat, S. Decision-Making and Optimal Design of Green Energy System Based on Statistical Methods and Artificial Neural Network Approaches. Sustain. Cities Soc. 2022, 84, 104015. [Google Scholar] [CrossRef]
  5. Sheidaei, F.; Ahmarinejad, A. Multi-Stage Stochastic Framework for Energy Management of Virtual Power Plants Considering Electric Vehicles and Demand Response Programs. Int. J. Electr. Power Energy Syst. 2020, 120, 106047. [Google Scholar] [CrossRef]
  6. Whitehead, D.E.; Owens, K.; Gammel, D.; Smith, J. Ukraine Cyber-Induced Power Outage: Analysis and Practical Mitigation Strategies. In Proceedings of the 2017 70th Annual Conference for Protective Relay Engineers (CPRE), College Station, TX, USA, 3–6 April 2017; pp. 1–8. [Google Scholar]
  7. Mukherjee, D.; Chakraborty, S.; Ghosh, S. Deep Learning-Based Multilabel Classification for Locational Detection of False Data Injection Attack in Smart Grids. Electr. Eng. 2022, 104, 259–282. [Google Scholar] [CrossRef]
  8. Xu, L.; Guo, Q.; Sheng, Y.; Muyeen, S.M.; Sun, H. On the Resilience of Modern Power Systems: A Comprehensive Review from the Cyber-Physical Perspective. Renew. Sustain. Energy Rev. 2021, 152, 111642. [Google Scholar] [CrossRef]
  9. Ge, X.; Han, Q.-L.; Zhang, X.-M.; Ding, D.; Yang, F. Resilient and Secure Remote Monitoring for a Class of Cyber-Physical Systems against Attacks. Inf. Sci. 2020, 512, 1592–1605. [Google Scholar] [CrossRef]
  10. Mota, B.; Gomes, L.; Faria, P.; Ramos, C.; Vale, Z.; Correia, R. Production Line Optimization to Minimize Energy Cost and Participate in Demand Response Events. Energies 2021, 14, 462. [Google Scholar] [CrossRef]
  11. Ayvaz, S.; Alpay, K. Predictive Maintenance System for Production Lines in Manufacturing: A Machine Learning Approach Using IoT Data in Real-Time. Expert Syst. Appl. 2021, 173, 114598. [Google Scholar] [CrossRef]
  12. Ofori-Ntow Jnr, E.; Ziggah, Y.Y.; Relvas, S. Hybrid Ensemble Intelligent Model Based on Wavelet Transform, Swarm Intelligence and Artificial Neural Network for Electricity Demand Forecasting. Sustain. Cities Soc. 2021, 66, 102679. [Google Scholar] [CrossRef]
  13. Somu, N.; Raman M R, G.; Ramamritham, K. A Deep Learning Framework for Building Energy Consumption Forecast. Renew. Sustain. Energy Rev. 2021, 137, 110591. [Google Scholar] [CrossRef]
  14. Bhatia, K.; Mittal, R.; Varanasi, J.; Tripathi, M.M. An Ensemble Approach for Electricity Price Forecasting in Markets with Renewable Energy Resources. Util. Policy 2021, 70, 101185. [Google Scholar] [CrossRef]
  15. Zhou, F.; Jiao, R.J.; Xu, Q.; Takahashi, K. User Experience Modeling and Simulation for Product Ecosystem Design Based on Fuzzy Reasoning Petri Nets. IEEE Trans. Syst. Man Cybern. A 2012, 42, 201–212. [Google Scholar] [CrossRef]
  16. Yang, B.; Liu, Y.; Chen, W. A Twin Data-Driven Approach for User-Experience Based Design Innovation. Int. J. Inf. Manag. 2023, 68, 102595. [Google Scholar] [CrossRef]
  17. Tong, Y.; Liang, Y.; Spasic, I.; Hicks, Y.; Hu, H.; Liu, Y. A Data-Driven Approach for Integrating Hedonic Quality and Pragmatic Quality in User Experience Modeling. J. Comput. Inf. Sci. Eng. 2022, 22, 061002. [Google Scholar] [CrossRef]
  18. Bu, L.; Chen, C.-H.; Ng, K.K.H.; Zheng, P.; Dong, G.; Liu, H. A User-Centric Design Approach for Smart Product-Service Systems Using Virtual Reality: A Case Study. J. Clean. Prod. 2021, 280, 124413. [Google Scholar] [CrossRef]
  19. Liu, X.; Li, Z.; Li, Z. Optimal Protection Strategy Against False Data Injection Attacks in Power Systems. IEEE Trans. Smart Grid 2017, 8, 1802–1810. [Google Scholar] [CrossRef]
  20. Huang, R.; Li, Y. False Phasor Data Detection Under Time Synchronization Attacks: A Neural Network Approach. IEEE Trans. Smart Grid 2022, 13, 4828–4836. [Google Scholar] [CrossRef]
  21. Zhang, J.; Dong, C. Privacy-Preserving Data Aggregation Scheme against Deletion and Tampering Attacks from Aggregators. J. King Saud Univ.—Comput. Inf. Sci. 2023, 35, 100–111. [Google Scholar] [CrossRef]
  22. Chen, W.; Ding, D.; Dong, H.; Wei, G. Distributed Resilient Filtering for Power Systems Subject to Denial-of-Service Attacks. IEEE Trans. Syst. Man Cybern. Syst. 2019, 49, 1688–1697. [Google Scholar] [CrossRef]
  23. Sayghe, A.; Hu, Y.; Zografopoulos, I.; Liu, X.; Dutta, R.G.; Jin, Y.; Konstantinou, C. Survey of Machine Learning Methods for Detecting False Data Injection Attacks in Power Systems. IET Smart Grid 2020, 3, 581–595. [Google Scholar] [CrossRef]
  24. Chakrabarty, S.; Sikdar, B. Unified Detection of Attacks Involving Injection of False Control Commands and Measurements in Transmission Systems of Smart Grids. IEEE Trans. Smart Grid 2022, 13, 1598–1610. [Google Scholar] [CrossRef]
  25. Du, D.; Chen, R.; Li, X.; Wu, L.; Zhou, P.; Fei, M. Malicious Data Deception Attacks against Power Systems: A New Case and Its Detection Method. Trans. Inst. Meas. Control 2019, 41, 1590–1599. [Google Scholar] [CrossRef]
  26. Reda, H.T.; Anwar, A.; Mahmood, A. Comprehensive Survey and Taxonomies of False Data Injection Attacks in Smart Grids: Attack Models, Targets, and Impacts. Renew. Sustain. Energy Rev. 2022, 163, 112423. [Google Scholar] [CrossRef]
  27. Unsal, D.B.; Ustun, T.S.; Hussain, S.M.S.; Onen, A. Enhancing Cybersecurity in Smart Grids: False Data Injection and Its Mitigation. Energies 2021, 14, 2657. [Google Scholar] [CrossRef]
  28. Farha, F.; Ning, H.; Yang, S.; Xu, J.; Zhang, W.; Choo, K.-K.R. Timestamp Scheme to Mitigate Replay Attacks in Secure ZigBee Networks. IEEE Trans. Mob. Comput. 2020, 21, 341–351. [Google Scholar] [CrossRef]
  29. Wang, T.; Liu, W.; Cabrera, L.V.; Wang, P.; Wei, X.; Zang, T. A Novel Fault Diagnosis Method of Smart Grids Based on Memory Spiking Neural P Systems Considering Measurement Tampering Attacks. Inf. Sci. 2022, 596, 520–536. [Google Scholar] [CrossRef]
  30. Siamak, S.; Dehghani, M.; Mohammadi, M. Dynamic GPS Spoofing Attack Detection, Localization, and Measurement Correction Exploiting PMU and SCADA. IEEE Syst. J. 2021, 15, 2531–2540. [Google Scholar] [CrossRef]
  31. Pal, S.; Sikdar, B.; Chow, J. Detecting Data Integrity Attacks on SCADA Systems Using Limited PMUs. In Proceedings of the 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm), Sydney, Australia, 6–9 November 2016; pp. 545–550. [Google Scholar]
  32. Sun, C.-C.; Sebastian Cardenas, D.J.; Hahn, A.; Liu, C.-C. Intrusion Detection for Cybersecurity of Smart Meters. IEEE Trans. Smart Grid 2021, 12, 612–622. [Google Scholar] [CrossRef]
  33. Shen, Y.; Fei, M.; Du, D. Cyber Security Study for Power Systems under Denial of Service Attacks. Trans. Inst. Meas. Control. 2019, 41, 1600–1614. [Google Scholar] [CrossRef]
  34. Gupta, B.B.; Chaudhary, P.; Chang, X.; Nedjah, N. Smart Defense against Distributed Denial of Service Attack in IoT Networks Using Supervised Learning Classifiers. Comput. Electr. Eng. 2022, 98, 107726. [Google Scholar] [CrossRef]
  35. Huseinovic, A.; Mrdovic, S.; Bicakci, K.; Uludag, S. A Survey of Denial-of-Service Attacks and Solutions in the Smart Grid. IEEE Access 2020, 8, 177447–177470. [Google Scholar] [CrossRef]
  36. Li, B.; Wang, W.; Guo, J.; Ding, B. Research on Condition Operation Monitoring of Power System Based on Supervisory Control and Data Acquisition Model. Alex. Eng. J. 2024, 99, 326–334. [Google Scholar] [CrossRef]
  37. Pan, G.; Gu, W.; Lu, Y.; Qiu, H.; Lu, S.; Yao, S. Optimal Planning for Electricity-Hydrogen Integrated Energy System Considering Power to Hydrogen and Heat and Seasonal Storage. IEEE Trans. Sustain. Energy 2020, 11, 2662–2676. [Google Scholar] [CrossRef]
  38. Reda, H.T.; Anwar, A.; Mahmood, A.N.; Tari, Z. A Taxonomy of Cyber Defence Strategies Against False Data Attacks in Smart Grids. ACM Comput. Surv. 2023, 55, 1–37. [Google Scholar] [CrossRef]
  39. Jadidi, S.; Badihi, H.; Zhang, Y. Active Fault-Tolerant and Attack-Resilient Control for a Renewable Microgrid Against Power-Loss Faults and Data Integrity Attacks. IEEE Trans. Cybern. 2024, 54, 2113–2128. [Google Scholar] [CrossRef] [PubMed]
  40. Kazemi, Z.; Safavi, A.A.; Naseri, F.; Urbas, L.; Setoodeh, P. A Secure Hybrid Dynamic-State Estimation Approach for Power Systems Under False Data Injection Attacks. IEEE Trans. Ind. Inf. 2020, 16, 7275–7286. [Google Scholar] [CrossRef]
  41. Chen, J.; Liang, G.; Cai, Z.; Hu, C.; Xu, Y.; Luo, F.; Zhao, J. Impact Analysis of False Data Injection Attacks on Power System Static Security Assessment. J. Mod. Power Syst. Clean Energy 2016, 4, 496–505. [Google Scholar] [CrossRef]
  42. Hu, P.; Gao, W.; Li, Y.; Hua, F.; Qiao, L.; Zhang, G. Detection of False Data Injection Attacks in Smart Grid Based on Joint Dynamic and Static State Estimation. IEEE Access 2023, 11, 45028–45038. [Google Scholar] [CrossRef]
  43. Qu, Z.; Zhang, J.; Wang, Y.; Georgievitch, P.M.; Guo, K. False Data Injection Attack Detection and Improved WLS Power System State Estimation Based on Node Trust. J. Electr. Eng. Technol. 2022, 17, 803–817. [Google Scholar] [CrossRef]
  44. Khalid, H.M.; Flitti, F.; Mahmoud, M.S.; Hamdan, M.M.; Muyeen, S.M.; Dong, Z.Y. Wide Area Monitoring System Operations in Modern Power Grids: A Median Regression Function-Based State Estimation Approach towards Cyber Attacks. Sustain. Energy Grids Netw. 2023, 34, 101009. [Google Scholar] [CrossRef]
  45. Tang, B.; Yan, J.; Kay, S.; He, H. Detection of False Data Injection Attacks in Smart Grid under Colored Gaussian Noise. In Proceedings of the 2016 IEEE Conference on Communications and Network Security (CNS), Philadelphia, PA, USA, 17–19 October 2016; pp. 172–179. [Google Scholar]
  46. Liu, Y.; Cheng, L. Relentless False Data Injection Attacks Against Kalman-Filter-Based Detection in Smart Grid. IEEE Trans. Control Netw. Syst. 2022, 9, 1238–1250. [Google Scholar] [CrossRef]
  47. Karimipour, H.; Leung, H. Relaxation-based Anomaly Detection in Cyber-physical Systems Using Ensemble Kalman Filter. IET Cyber-Phys. Syst. 2020, 5, 49–58. [Google Scholar] [CrossRef]
  48. Foroutan, S.A.; Salmasi, F.R. Detection of False Data Injection Attacks against State Estimation in Smart Grids Based on a Mixture Gaussian Distribution Learning Method. IET Cyber-Phys. Syst. 2017, 2, 161–171. [Google Scholar] [CrossRef]
  49. Khalaf, M.; Youssef, A.; El-Saadany, E. A Particle Filter-Based Approach for the Detection of False Data Injection Attacks on Automatic Generation Control Systems. In Proceedings of the 2018 IEEE Electrical Power and Energy Conference (EPEC), Toronto, ON, Canada, 10–11 October 2018; pp. 1–6. [Google Scholar]
  50. Dayananda, P.; Srikantaswamy, M.; Nagaraju, S.; Velluri, R.; Kumar, D.M. Efficient Detection of Faults and False Data Injection Attacks in Smart Grid Using a Reconfigurable Kalman Filter. IJPEDS 2022, 13, 2086. [Google Scholar] [CrossRef]
  51. Wang, Y.; Zhang, Z.; Ma, J.; Jin, Q. KFRNN: An Effective False Data Injection Attack Detection in Smart Grid Based on Kalman Filter and Recurrent Neural Network. IEEE Internet Things J. 2022, 9, 6893–6904. [Google Scholar] [CrossRef]
  52. Luo, X.; Zhu, M.; Wang, X.; Guan, X. Detection and Isolation of False Data Injection Attack via Adaptive Kalman Filter Bank. J. Control. Decis. 2022, 11, 60–72. [Google Scholar] [CrossRef]
  53. Rashed, M.; Kamruzzaman, J.; Gondal, I.; Islam, S. False Data Detection in a Clustered Smart Grid Using Unscented Kalman Filter. IEEE Access 2022, 10, 78548–78556. [Google Scholar] [CrossRef]
  54. Živković, N.; Sarić, A.T. Detection of False Data Injection Attacks Using Unscented Kalman Filter. J. Mod. Power Syst. Clean Energy 2018, 6, 847–859. [Google Scholar] [CrossRef]
  55. Lu, J.; Wang, W.; Li, L.; Guo, Y. Unscented Kalman Filtering for Nonlinear Systems with Sensor Saturation and Randomly Occurring False Data Injection Attacks. Asian J. Control 2021, 23, 871–881. [Google Scholar] [CrossRef]
  56. Nawaz, R.; Akhtar, R.; Shahid, M.A.; Qureshi, I.M.; Mahmood, M.H. Machine Learning Based False Data Injection in Smart Grid. Int. J. Electr. Power Energy Syst. 2021, 130, 106819. [Google Scholar] [CrossRef]
  57. Ibrahim, M.S.; Dong, W.; Yang, Q. Machine Learning Driven Smart Electric Power Systems: Current Trends and New Perspectives. Appl. Energy 2020, 272, 115237. [Google Scholar] [CrossRef]
  58. Liu, J.; Xu, Z.; Fan, W.N.; Wang, Y.; Mo, W. The Combination Mode of Forest and SVM for Power Network Disaster Response Failure Identification. Comput. Electr. Eng. 2024, 117, 109255. [Google Scholar] [CrossRef]
  59. Qu, Z.; Li, H.; Wang, Y.; Zhang, J.; Abu-Siada, A.; Yao, Y. Detection of Electricity Theft Behavior Based on Improved Synthetic Minority Oversampling Technique and Random Forest Classifier. Energies 2020, 13, 2039. [Google Scholar] [CrossRef]
  60. Lu, X.; Jing, J.; Wu, Y. False Data Injection Attack Location Detection Based on Classification Method in Smart Grid. In Proceedings of the 2020 2nd International Conference on Artificial Intelligence and Advanced Manufacture (AIAM), Manchester, UK, 15–17 October 2020; pp. 133–136. [Google Scholar]
  61. Boyaci, O.; Umunnakwe, A.; Sahu, A.; Narimani, M.R.; Ismail, M.; Davis, K.R.; Serpedin, E. Graph Neural Networks Based Detection of Stealth False Data Injection Attacks in Smart Grids. IEEE Syst. J. 2022, 16, 2946–2957. [Google Scholar] [CrossRef]
  62. Miraftabzadeh, S.M.; Colombo, C.G.; Longo, M.; Foiadelli, F. K-Means and Alternative Clustering Methods in Modern Power Systems. IEEE Access 2023, 11, 119596–119633. [Google Scholar] [CrossRef]
  63. Roy, S.D.; Debbarma, S. A Novel OC-SVM Based Ensemble Learning Framework for Attack Detection in AGC Loop of Power Systems. Electr. Power Syst. Res. 2022, 202, 107625. [Google Scholar] [CrossRef]
  64. Sharma, R.; Joshi, A.M.; Sahu, C.; Nanda, S.J. Detection of False Data Injection in Smart Grid Using PCA Based Unsupervised Learning. Electr. Eng. 2023, 105, 2383–2396. [Google Scholar] [CrossRef]
  65. Ashrafuzzaman, M.; Das, S.; Chakhchoukh, Y.; Shiva, S.; Sheldon, F.T. Detecting Stealthy False Data Injection Attacks in the Smart Grid Using Ensemble-Based Machine Learning. Comput. Secur. 2020, 97, 101994. [Google Scholar] [CrossRef]
  66. Farajzadeh-Zanjani, M.; Hallaji, E.; Razavi-Far, R.; Saif, M.; Parvania, M. Adversarial Semi-Supervised Learning for Diagnosing Faults and Attacks in Power Grids. IEEE Trans. Smart Grid 2021, 12, 3468–3478. [Google Scholar] [CrossRef]
  67. Zhou, Q.; Duan, L. Semi-Supervised Recommendation Attack Detection Based on Co-Forest. Comput. Secur. 2021, 109, 102390. [Google Scholar] [CrossRef]
  68. Ahmadi, A.; Nabipour, M.; Taheri, S.; Mohammadi-Ivatloo, B.; Vahidinasab, V. A New False Data Injection Attack Detection Model for Cyberattack Resilient Energy Forecasting. IEEE Trans. Ind. Inf. 2023, 19, 371–381. [Google Scholar] [CrossRef]
  69. Umar, S.; Felemban, M. Rule-Based Detection of False Data Injections Attacks against Optimal Power Flow in Power Systems. Sensors 2021, 21, 2478. [Google Scholar] [CrossRef]
  70. Dong, F.; Chen, S.; Demachi, K.; Yoshikawa, M.; Seki, A.; Takaya, S. Attention-Based Time Series Analysis for Data-Driven Anomaly Detection in Nuclear Power Plants. Nucl. Eng. Des. 2023, 404, 112161. [Google Scholar] [CrossRef]
  71. Sahu, A.; Mao, Z.; Wlazlo, P.; Huang, H.; Davis, K.; Goulart, A.; Zonouz, S. Multi-Source Multi-Domain Data Fusion for Cyberattack Detection in Power Systems. IEEE Access 2021, 9, 119118–119138. [Google Scholar] [CrossRef]
  72. Zhao, Z.; Huang, Y.; Zhen, Z.; Li, Y. Data-Driven False Data-Injection Attack Design and Detection in Cyber-Physical Systems. IEEE Trans. Cybern. 2021, 51, 6179–6187. [Google Scholar] [CrossRef] [PubMed]
  73. Chen, Y.; Huang, S.; Liu, F.; Wang, Z.; Sun, X. Evaluation of Reinforcement Learning-Based False Data Injection Attack to Automatic Voltage Control. IEEE Trans. Smart Grid 2019, 10, 2158–2169. [Google Scholar] [CrossRef]
  74. Isah, H.; Zulkernine, F. A Scalable and Robust Framework for Data Stream Ingestion. In Proceedings of the 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA, 10–13 December 2018; pp. 2900–2905. [Google Scholar]
  75. Yan, H.; Paynabar, K.; Shi, J. Real-Time Monitoring of High-Dimensional Functional Data Streams via Spatio-Temporal Smooth Sparse Decomposition. Technometrics 2018, 60, 181–197. [Google Scholar] [CrossRef]
  76. Silva, B.; Khan, M.; Jung, C.; Seo, J.; Muhammad, D.; Han, J.; Yoon, Y.; Han, K. Urban Planning and Smart City Decision Management Empowered by Real-Time Data Processing Using Big Data Analytics. Sensors 2018, 18, 2994. [Google Scholar] [CrossRef]
  77. Hallaji, E.; Razavi-Far, R.; Wang, M.; Saif, M.; Fardanesh, B. A Stream Learning Approach for Real-Time Identification of False Data Injection Attacks in Cyber-Physical Power Systems. IEEE Trans. Inform. Forensics Secur. 2022, 17, 3934–3945. [Google Scholar] [CrossRef]
  78. Gong, S.; Lee, C. Cyber Threat Intelligence Framework for Incident Response in an Energy Cloud Platform. Electronics 2021, 10, 239. [Google Scholar] [CrossRef]
  79. Moradi, M.; Jahangir, A.H. A New Delay Attack Detection Algorithm for PTP Network in Power Substation. Int. J. Electr. Power Energy Syst. 2021, 133, 107226. [Google Scholar] [CrossRef]
  80. Moussa, B.; Kassouf, M.; Hadjidj, R.; Debbabi, M.; Assi, C. An Extension to the Precision Time Protocol (PTP) to Enable the Detection of Cyber Attacks. IEEE Trans. Ind. Inf. 2020, 16, 18–27. [Google Scholar] [CrossRef]
  81. Alghamdi, W.; Schukat, M. A Security Enhancement of the Precision Time Protocol Using a Trusted Supervisor Node. Sensors 2022, 22, 3671. [Google Scholar] [CrossRef] [PubMed]
  82. Qiu, T.; Liu, X.; Han, M.; Ning, H.; Wu, D.O. A Secure Time Synchronization Protocol Against Fake Timestamps for Large-Scale Internet of Things. IEEE Internet Things J. 2017, 4, 1879–1889. [Google Scholar] [CrossRef]
  83. Wu, Q.; Han, Z.; Mohiuddin, G.; Ren, Y. Distributed Timestamp Mechanism Based on Verifiable Delay Functions. Comput. Syst. Sci. Eng. 2023, 44, 1633–1646. [Google Scholar] [CrossRef]
  84. Moussa, B.; Robillard, C.; Zugenmaier, A.; Kassouf, M.; Debbabi, M.; Assi, C. Securing the Precision Time Protocol (PTP) Against Fake Timestamps. IEEE Commun. Lett. 2019, 23, 278–281. [Google Scholar] [CrossRef]
  85. He, T.; Zheng, Y.; Ma, Z. Study of Network Time Synchronisation Security Strategy Based on Polar Coding. Comput. Secur. 2021, 104, 102214. [Google Scholar] [CrossRef]
  86. Hymlin Rose, S.G.; Jayasree, T. Detection of Jamming Attack Using Timestamp for WSN. Ad Hoc Networks 2019, 91, 101874. [Google Scholar] [CrossRef]
  87. Wang, H.; Zhang, J. Blockchain Based Data Integrity Verification for Large-Scale IoT Data. IEEE Access 2019, 7, 164996–165006. [Google Scholar] [CrossRef]
  88. Ateniese, G.; Burns, R.; Curtmola, R.; Herring, J.; Kissner, L.; Peterson, Z.; Song, D. Provable Data Possession at Untrusted Stores. In Proceedings of the Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 28 October 2007; pp. 598–609.
  89. Shen, J.; Shen, J.; Chen, X.; Huang, X.; Susilo, W. An Efficient Public Auditing Protocol With Novel Dynamic Structure for Cloud Data. IEEE Trans. Inform. Forensics Secur. 2017, 12, 2402–2415. [Google Scholar] [CrossRef]
  90. Erway, C.C.; Küpçü, A.; Papamanthou, C.; Tamassia, R. Dynamic Provable Data Possession. ACM Trans. Inf. Syst. Secur. 2015, 17, 1–29. [Google Scholar] [CrossRef]
  91. Liu, C.; Ranjan, R.; Yang, C.; Zhang, X.; Wang, L.; Chen, J. MuR-DPA: Top-Down Levelled Multi-Replica Merkle Hash Tree Based Secure Public Auditing for Dynamic Big Data Storage on Cloud. IEEE Trans. Comput. 2015, 64, 2609–2622. [Google Scholar] [CrossRef]
  92. Jayaraman, I.; Mohammed, M. Secure Privacy Conserving Provable Data Possession (SPC-PDP) Framework. Inf. Syst. E-Bus Manag. 2020, 18, 351–377. [Google Scholar] [CrossRef]
  93. Juels, A.; Kaliski, B.S. Pors: Proofs of Retrievability for Large Files. In Proceedings of the Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 28 October 2007; pp. 584–597.
  94. Wang, Q.; Wang, C.; Ren, K.; Lou, W.; Li, J. Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing. IEEE Trans. Parallel Distrib. Syst. 2011, 22, 847–859. [Google Scholar] [CrossRef]
  95. Ge, X.; Yu, J.; Zhang, H.; Hu, C.; Li, Z.; Qin, Z.; Hao, R. Towards Achieving Keyword Search over Dynamic Encrypted Cloud Data with Symmetric-Key Based Verification. IEEE Trans. Dependable Secur. Comput. 2021, 18, 490–504. [Google Scholar] [CrossRef]
  96. Liu, Q.; Tian, Y.; Wu, J.; Peng, T.; Wang, G. Enabling Verifiable and Dynamic Ranked Search over Outsourced Data. IEEE Trans. Serv. Comput. 2022, 15, 69–82. [Google Scholar] [CrossRef]
  97. Fu, A.; Li, Y.; Yu, S.; Yu, Y.; Zhang, G. DIPOR: An IDA-Based Dynamic Proof of Retrievability Scheme for Cloud Storage Systems. J. Netw. Comput. Appl. 2018, 104, 97–106. [Google Scholar] [CrossRef]
  98. Lian, J.; Wang, S.; Xie, Y. TDRB: An Efficient Tamper-Proof Detection Middleware for Relational Database Based on Blockchain Technology. IEEE Access 2021, 9, 66707–66722. [Google Scholar] [CrossRef]
  99. Chen, S.; Yang, L.; Zhao, C.; Varadarajan, V.; Wang, K. Double-Blockchain Assisted Secure and Anonymous Data Aggregation for Fog-Enabled Smart Grid. Engineering 2022, 8, 159–169. [Google Scholar] [CrossRef]
  100. Pourvahab, M.; Ekbatanifard, G. An Efficient Forensics Architecture in Software-Defined Networking-IoT Using Blockchain Technology. IEEE Access 2019, 7, 99573–99588. [Google Scholar] [CrossRef]
  101. Martino, R.; Cilardo, A. Designing a SHA-256 Processor for Blockchain-Based IoT Applications. Internet Things 2020, 11, 100254. [Google Scholar] [CrossRef]
  102. Nunoo-Mensah, H.; Boateng, K.O.; Gadze, J.D. Tamper-aware Authentication Framework for Wireless Sensor Networks. IET Wirel. Sens. Syst. 2017, 7, 73–81. [Google Scholar] [CrossRef]
  103. Ren, Y.; Qi, J.; Liu, Y.; Wang, J.; Kim, G.-J. Integrity Verification Mechanism of Sensor Data Based on Bilinear Map Accumulator. ACM Trans. Internet Technol. 2021, 21, 1–19. [Google Scholar] [CrossRef]
  104. Bos, J.W.; Halderman, J.A.; Heninger, N.; Moore, J.; Naehrig, M.; Wustrow, E. Elliptic Curve Cryptography in Practice. In Financial Cryptography and Data Security; Christin, N., Safavi-Naini, R., Eds.; Springer: Berlin/Heidelberg, Germany, 2014; pp. 157–175. [Google Scholar]
  105. Romailler, Y.; Pelissier, S. Practical Fault Attack against the Ed25519 and EdDSA Signature Schemes. In Proceedings of the 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), Taipei, Taiwan, 25 September 2017; pp. 17–24. [Google Scholar]
  106. Li, J.; Wu, J.; Chen, L. Block-Secure: Blockchain Based Scheme for Secure P2P Cloud Storage. Inf. Sci. 2018, 465, 219–231. [Google Scholar] [CrossRef]
  107. Shi, C.; Wang, H.; Hu, Y.; Li, X. A Novel NMF-Based Authentication Scheme for Encrypted Speech in Cloud Computing. Multimed. Tools Appl. 2021, 80, 25773–25798. [Google Scholar] [CrossRef]
  108. Rijmen, V.; Daemen, J. Advanced encryption standard. Proc. Fed. Inf. Process. Stand. Publ. Natl. Inst. Stand. Technol. 2001, 19, 22. [Google Scholar]
  109. Da Silva, L.E.; Coury, D.V. Network Traffic Prediction for Detecting DDoS Attacks in IEC 61850 Communication Networks. Comput. Electr. Eng. 2020, 87, 106793. [Google Scholar] [CrossRef]
  110. Raja, D.J.S.; Sriranjani, R.; Parvathy, A.; Hemavathi, N. A Review on Distributed Denial of Service Attack in Smart Grid. In Proceedings of the 2022 7th International Conference on Communication and Electronics Systems (ICCES), Coimbatore, India, 22–24 June 2022; pp. 812–819. [Google Scholar]
  111. Mousavi, S.M.; St-Hilaire, M. Early Detection of DDoS Attacks against SDN Controllers. In Proceedings of the 2015 International Conference on Computing, Networking and Communications (ICNC), Garden Grove, CA, USA, 16–19 February 2015; pp. 77–81. [Google Scholar]
  112. Aladaileh, M.A.; Anbar, M.; Hintaw, A.J.; Hasbullah, I.H.; Bahashwan, A.A.; Al-Sarawi, S. Renyi Joint Entropy-Based Dynamic Threshold Approach to Detect DDoS Attacks against SDN Controller with Various Traffic Rates. Appl. Sci. 2022, 12, 6127. [Google Scholar] [CrossRef]
  113. David, J.; Thomas, C. Efficient DDoS Flood Attack Detection Using Dynamic Thresholding on Flow-Based Network Traffic. Comput. Secur. 2019, 82, 284–295. [Google Scholar] [CrossRef]
  114. Tsobdjou, L.D.; Pierre, S.; Quintero, A. An Online Entropy-Based DDoS Flooding Attack Detection System With Dynamic Threshold. IEEE Trans. Netw. Serv. Manag. 2022, 19, 1679–1689. [Google Scholar] [CrossRef]
  115. Baskar, M.; Ramkumar, J.; Karthikeyan, C.; Anbarasu, V.; Balaji, A.; Arulananth, T.S. Low Rate DDoS Mitigation Using Real-Time Multi Threshold Traffic Monitoring System. J. Ambient Intell. Humaniz. Comput. 2021, 1–9. [Google Scholar] [CrossRef]
  116. Amma, N.G.B.; Selvakumar, S.; Velusamy, R.L. A Statistical Approach for Detection of Denial of Service Attacks in Computer Networks. IEEE Trans. Netw. Serv. Manag. 2020, 17, 2511–2522. [Google Scholar] [CrossRef]
  117. Qu, X.; Yang, L.; Guo, K.; Ma, L.; Feng, T.; Ren, S.; Sun, M. Statistics-Enhanced Direct Batch Growth Self-Organizing Mapping for Efficient DoS Attack Detection. IEEE Access 2019, 7, 78434–78441. [Google Scholar] [CrossRef]
  118. Bouyeddou, B.; Kadri, B.; Harrou, F.; Sun, Y. DDOS-Attacks Detection Using an Efficient Measurement-Based Statistical Mechanism. Eng. Sci. Technol. Int. J. 2020, 23, 870–878. [Google Scholar] [CrossRef]
  119. Mishra, S.K.; Sahoo, B.; Parida, P.P. Load Balancing in Cloud Computing: A Big Picture. J. King Saud Univ.—Comput. Inf. Sci. 2020, 32, 149–158. [Google Scholar] [CrossRef]
  120. Priya, V.; Sathiya Kumar, C.; Kannan, R. Resource Scheduling Algorithm with Load Balancing for Cloud Service Provisioning. Appl. Soft Comput. 2019, 76, 416–424. [Google Scholar] [CrossRef]
  121. Powroźnik, P.; Szcześniak, P.; Piotrowski, K. Elastic Energy Management Algorithm Using IoT Technology for Devices with Smart Appliance Functionality for Applications in Smart-Grid. Energies 2021, 15, 109. [Google Scholar] [CrossRef]
  122. Powroźnik, P.; Szcześniak, P.; Turchan, K.; Krysik, M.; Koropiecki, I.; Piotrowski, K. An Elastic Energy Management Algorithm in a Hierarchical Control System with Distributed Control Devices. Energies 2022, 15, 4750. [Google Scholar] [CrossRef]
  123. Chen, Y.; Tan, Y.; Deka, D. Is Machine Learning in Power Systems Vulnerable? In Proceedings of the 2018 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), Aalborg, Denmark, 29–31 October 2018.
  124. Anthi, E.; Williams, L.; Rhode, M.; Burnap, P.; Wedgbury, A. Adversarial Attacks on Machine Learning Cybersecurity Defences in Industrial Control Systems. J. Inf. Secur. Appl. 2021, 58, 102717. [Google Scholar] [CrossRef]
  125. Adiban, M.; Safari, A.; Salvi, G. STEP-GAN: A One-Class Anomaly Detection Model with Applications to Power System Security. In Proceedings of the ICASSP 2021—2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Toronto, ON, Canada, 6 June 2021; pp. 2605–2609. [Google Scholar]
  126. Liu, Z.; Wang, Q.; Ye, Y.; Tang, Y. A GAN-Based Data Injection Attack Method on Data-Driven Strategies in Power Systems. IEEE Trans. Smart Grid 2022, 13, 3203–3213. [Google Scholar] [CrossRef]
  127. Mohammadpourfard, M.; Ghanaatpishe, F.; Mohammadi, M.; Lakshminarayana, S.; Pechenizkiy, M. Generation of False Data Injection Attacks Using Conditional Generative Adversarial Networks. In Proceedings of the 2020 IEEE PES Innovative Smart Grid Technologies Europe (ISGT-Europe), The Hague, The Netherlands, 26–28 October 2020; pp. 41–45. [Google Scholar]
  128. Wu, Y.; Wang, Q.; Guo, N.; Tian, Y.; Li, F.; Su, X. Efficient Multi-Source Self-Attention Data Fusion for FDIA Detection in Smart Grid. Symmetry 2023, 15, 1019. [Google Scholar] [CrossRef]
  129. Ganjkhani, M.; Gholami, A.; Giraldo, J.; Srivastava, A.K.; Parvania, M. Multi-Source Data Aggregation and Real-Time Anomaly Classification and Localization in Power Distribution Systems. IEEE Trans. Smart Grid 2024, 15, 2191–2202. [Google Scholar] [CrossRef]
  130. Cheng, G.; Lin, Y.; Abur, A.; Gómez-Expósito, A.; Wu, W. A Survey of Power System State Estimation Using Multiple Data Sources: PMUs, SCADA, AMI, and Beyond. IEEE Trans. Smart Grid 2024, 15, 1129–1151. [Google Scholar] [CrossRef]
  131. Mehedi, S.T.; Anwar, A.; Rahman, Z.; Ahmed, K.; Islam, R. Dependable Intrusion Detection System for IoT: A Deep Transfer Learning Based Approach. IEEE Trans. Ind. Inf. 2023, 19, 1006–1017. [Google Scholar] [CrossRef]
  132. Himeur, Y.; Elnour, M.; Fadli, F.; Meskin, N.; Petri, I.; Rezgui, Y.; Bensaali, F.; Amira, A. Next-Generation Energy Systems for Sustainable Smart Cities: Roles of Transfer Learning. Sustain. Cities Soc. 2022, 85, 104059. [Google Scholar] [CrossRef]
  133. Xu, M.; Li, X.; Wang, Y.; Luo, B.; Guo, J. Privacy-preserving Multisource Transfer Learning in Intrusion Detection System. Trans. Emerg. Telecommun. Technol. 2021, 32, e3957. [Google Scholar] [CrossRef]
  134. Liu, Z.; Wang, Q.; Tang, Y. Design of a Cosimulation Platform With Hardware-in-the-Loop for Cyber-Attacks on Cyber-Physical Power Systems. IEEE Access 2020, 8, 95997–96005. [Google Scholar] [CrossRef]
  135. Sahu, A.; Wlazlo, P.; Mao, Z.; Huang, H.; Goulart, A.; Davis, K.; Zonouz, S. Design and Evaluation of a Cyber-Physical Testbed for Improving Attack Resilience of Power Systems. IET Cyber-Phys. Syst. Theory Appl. 2021, 6, 208–227. [Google Scholar] [CrossRef]
  136. Makhdoom, I.; Zhou, I.; Abolhasan, M.; Lipman, J.; Ni, W. PrivySharing: A Blockchain-Based Framework for Privacy-Preserving and Secure Data Sharing in Smart Cities. Comput. Secur. 2020, 88, 101653. [Google Scholar] [CrossRef]
  137. Yang, Q.; Wang, H.; Wang, T.; Zhang, S.; Wu, X.; Wang, H. Blockchain-Based Decentralized Energy Management Platform for Residential Distributed Energy Resources in a Virtual Power Plant. Appl. Energy 2021, 294, 117026. [Google Scholar] [CrossRef]
  138. Li, J.; Herdem, M.S.; Nathwani, J.; Wen, J.Z. Methods and Applications for Artificial Intelligence, Big Data, Internet of Things, and Blockchain in Smart Energy Management. Energy AI 2023, 11, 100208. [Google Scholar] [CrossRef]
  139. Iqbal, R.; Doctor, F.; More, B.; Mahmud, S.; Yousuf, U. Big Data Analytics: Computational Intelligence Techniques and Application Areas. Technol. Forecast. Soc. Chang. 2020, 153, 119253. [Google Scholar] [CrossRef]
  140. AL-Jumaili, A.H.A.; Muniyandi, R.C.; Hasan, M.K.; Paw, J.K.S.; Singh, M.J. Big Data Analytics Using Cloud Computing Based Frameworks for Power Management Systems: Status, Constraints, and Future Recommendations. Sensors 2023, 23, 2952. [Google Scholar] [CrossRef] [PubMed]
  141. Wu, H.; Zhang, Z.; Guan, C.; Wolter, K.; Xu, M. Collaborate Edge and Cloud Computing With Distributed Deep Learning for Smart City Internet of Things. IEEE Internet Things J. 2020, 7, 8099–8110. [Google Scholar] [CrossRef]
  142. Zhao, S.; Li, F.; Li, H.; Lu, R.; Ren, S.; Bao, H.; Lin, J.-H.; Han, S. Smart and Practical Privacy-Preserving Data Aggregation for Fog-Based Smart Grids. IEEE Trans. Inf. Forensics Secur. 2021, 16, 521–536. [Google Scholar] [CrossRef]
  143. Zhu, T.; Ye, D.; Wang, W.; Zhou, W.; Yu, P.S. More Than Privacy: Applying Differential Privacy in Key Areas of Artificial Intelligence. IEEE Trans. Knowl. Data Eng. 2022, 34, 2824–2843. [Google Scholar] [CrossRef]
  144. Yang, P.; Xiong, N.; Ren, J. Data Security and Privacy Protection for Cloud Storage: A Survey. IEEE Access 2020, 8, 131723–131740. [Google Scholar] [CrossRef]
  145. Syed, D.; Zainab, A.; Ghrayeb, A.; Refaat, S.S.; Abu-Rub, H.; Bouhali, O. Smart Grid Big Data Analytics: Survey of Technologies, Techniques, and Applications. IEEE Access 2021, 9, 59564–59585. [Google Scholar] [CrossRef]
  146. Muhtadi, A.; Pandit, D.; Nguyen, N.; Mitra, J. Distributed Energy Resources Based Microgrid: Review of Architecture, Control, and Reliability. IEEE Trans. Ind. Appl. 2021, 57, 2223–2235. [Google Scholar] [CrossRef]
  147. Wu, Y.; Wu, Y.; Guerrero, J.M.; Vasquez, J.C. Digitalization and Decentralization Driving Transactive Energy Internet: Key Technologies and Infrastructures. Int. J. Electr. Power Energy Syst. 2021, 126, 106593. [Google Scholar] [CrossRef]
  148. Arif, A.; Alghamdi, T.A.; Khan, Z.A.; Javaid, N. Towards Efficient Energy Utilization Using Big Data Analytics in Smart Cities for Electricity Theft Detection. Big Data Res. 2022, 27, 100285. [Google Scholar] [CrossRef]
  149. Nikam, V.; Kalkhambkar, V. A Review on Control Strategies for Microgrids with Distributed Energy Resources, Energy Storage Systems, and Electric Vehicles. Int. Trans. Electr. Energy Syst. 2021, 31. [Google Scholar] [CrossRef]
  150. Kaur, M.; Munjal, A. Data Aggregation Algorithms for Wireless Sensor Network: A Review. Ad Hoc Netw. 2020, 100, 102083. [Google Scholar] [CrossRef]
  151. Hassan, M.U.; Rehmani, M.H.; Chen, J. Differential Privacy Techniques for Cyber Physical Systems: A Survey. IEEE Commun. Surv. Tutor. 2020, 22, 746–789. [Google Scholar] [CrossRef]
  152. Murthy, S.; Abu Bakar, A.; Abdul Rahim, F.; Ramli, R. A Comparative Study of Data Anonymization Techniques. In Proceedings of the 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS), Washington, DC, USA, 27–29 May 2019; pp. 306–309. [Google Scholar]
  153. Zhou, Y.; Chen, X.; Chen, M. Privacy-Preserving Multidimensional Data Aggregation Scheme for Smart Grid. Secur. Commun. Netw. 2020, 2020, 8845959. [Google Scholar] [CrossRef]
  154. Triantafyllou, A.; Jimenez, J.A.P.; Torres, A.D.R.; Lagkas, T.; Rantos, K.; Sarigiannidis, P. The Challenges of Privacy and Access Control as Key Perspectives for the Future Electric Smart Grid. IEEE Open J. Commun. Soc. 2020, 1, 1934–1960. [Google Scholar] [CrossRef]
  155. Jiang, C.; Fan, T.; Gao, H.; Shi, W.; Liu, L.; Cérin, C.; Wan, J. Energy Aware Edge Computing: A Survey. Comput. Commun. 2020, 151, 556–580. [Google Scholar] [CrossRef]
  156. Jithish, J.; Alangot, B.; Mahalingam, N.; Yeo, K.S. Distributed Anomaly Detection in Smart Grids: A Federated Learning-Based Approach. IEEE Access 2023, 11, 7157–7179. [Google Scholar] [CrossRef]
  157. Liu, J.; Tian, Y.; Zhou, Y.; Xiao, Y.; Ansari, N. Privacy Preserving Distributed Data Mining Based on Secure Multi-Party Computation. Comput. Commun. 2020, 153, 208–216. [Google Scholar] [CrossRef]
Information 15 00439 g001
Figure 1. False data attack scenario in the power system.
Figure 1. False data attack scenario in the power system.
Information 15 00439 g001
Information 15 00439 g002
Figure 2. Fake data injection attack characteristics.
Figure 2. Fake data injection attack characteristics.
Information 15 00439 g002
Information 15 00439 g003
Figure 3. Timestamp tampering attack characteristics.
Figure 3. Timestamp tampering attack characteristics.
Information 15 00439 g003
Information 15 00439 g004
Figure 4. Data deletion and tampering attack characteristics.
Figure 4. Data deletion and tampering attack characteristics.
Information 15 00439 g004
Information 15 00439 g005
Figure 5. Characteristics of denial-of-service attacks.
Figure 5. Characteristics of denial-of-service attacks.
Information 15 00439 g005
Table 1. Attack detection method based on static estimation.
Table 1. Attack detection method based on static estimation.
AuthorMethodAdvantagesDisadvantages
Chen et al. [41]Multi-level static estimationFast state estimationDifficulty in selecting different interface quantities between subsystems
Qu et al. [43]Trust worthiness WLS algorithmImproving the robustness of state estimationAdditional computational burden and potential false positives
Khalid et al. [44]Median Regression Function Comprehensively consider various factors that affect state estimationDifficult to respond quickly
Tang et al. [45]Generalized Likelihood Ratio Test (GLRT) DetectorCan flexibly adapt to different data distributions and model assumptionsInaccurate estimates for small samples
Table 2. Attack detection method based on dynamic estimation.
Table 2. Attack detection method based on dynamic estimation.
AuthorMethodAdvantagesDisadvantages
Dayananda et al. [50]Reconfigurable Kalman FilterFlexible and adaptable to dynamic environmentsSensitivity of threshold selection
Wang et al. [51]KFRNNAble to handle complex attack scenariosNew attack detection not applicable
Luo et al. [52]Adaptive Kalman Filter LibraryReduced latency and no prior knowledge requiredAdaptive threshold parameter adjustment is difficult
Rashed et al. [53]Cluster partition state estimation technologyDynamic and static combined state estimation method Lack of anti-attack ability
Živković et al. [54]UKF-WLSQuickly identify fake data attacksDifferences between noise impact estimates
Lu et al. [55]Improved Unscented Kalman FilterImprove state estimation accuracy and robustnessLimited forecast accuracy
Table 3. Attack detection method based on clock synchronization monitoring.
Table 3. Attack detection method based on clock synchronization monitoring.
AuthorMethodAdvantagesDisadvantages
Moradi et al. [79]Clock comparison PTP attack detectionDetects multiple types of PTP attacksAffected by third-party time sources and GPS signals
Moussa et al. [80]Extending PTP to detect time synchronization attacksEnhance the security of the PTP protocol and reduce the attack surfaceThe UPPAAL model checker has limited portability and applicability
Alghamdi et al. [81]Trusted Supervisor Node (TSN) approachTSN can detect abnormal patterns that point to attacks, improving detection accuracyInability to detect external or advanced attacks
Qiu et al. [82]Secure Time Synchronization ProtocolReduce the impact of malicious nodes on the networkProtocol compatibility issues need to be considered
Wu et al. [83]Distributed timestamp mechanismContinuously verifiable to enhance the credibility of timestampsHigh deployment complexity
Moussa et al. [84]Simple Network Management Protocol (SNMP)Easy to use and cost effectiveDifficult to apply to large-scale networks
He et al. [85]Polarization Coded Synchronization Security StrategyPolar encoding can encrypt timestampsHigh network overhead
Hymlin et al. [86]Clustering-based timestamp mechanismDynamic clustering adapts to network changesUnable to respond to new types of attacks
Table 4. Based on the existing PDP and PoR mechanism detection method.
Table 4. Based on the existing PDP and PoR mechanism detection method.
AuthorMethodAdvantagesDisadvantages
Wang et al. [87]MACReduced additional delayDifficulty in key distribution
Ateniese et al. [88]RSASimple key managementThe key length requirement is high
Shen et al. [89]BLSScalabilityUndo is not supported
Erway et al. [90]Dynamic OperationSimplify data managementData availability risks
Liu et al. [91]Multiple copiesHas a certain ability to resist attacksSynchronization delay
Jayaraman et al. [92]privacy protectionEmphasis on anonymityDifficulty balancing privacy protection and data utility
Wang et al. [94]TPA dynamic data integrity verificationImprove the efficiency of the verification processThere is a risk of third-party auditors
Ge et al. [95]Dynamic search of symmetric keysAble to meet the needs of frequent data changesIncrease system resource consumption
Liu et al. [96]VDERSMeets the need for data sorting and searchingNot applicable when dealing with large-scale datasets
Fu et al. [97]DIPORImproved data availability and integrityNot applicable when dealing with large-scale datasets
Table 5. Detection methods based on traffic supervision.
Table 5. Detection methods based on traffic supervision.
AuthorMethodAdvantagesDisadvantages
Mousavi et al. [111]Fixed ThresholdEasy to useGeneral limitations
Aladaileh et al. [112]Dynamic threshold based on the combined entropy of benevolence and righteousnessDynamic adaptabilityUnable to respond to new types of attacks
David et al. [113]Traffic characteristics + dynamic thresholdLower false positive rateThreshold adjustment strategies require careful consideration
Tsobdjou et al. [114]Dynamic Threshold of Online EntropyReduce false positives and false negativesEntropy instability
Baskar et al. [115]Multi-threshold traffic analysisHigh detection rateUnable to respond to new types of attacks
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Chang, Z.; Wu, J.; Liang, H.; Wang, Y.; Wang, Y.; Xiong, X. A Review of Power System False Data Attack Detection Technology Based on Big Data. Information 2024, 15, 439. https://doi.org/10.3390/info15080439

AMA Style

Chang Z, Wu J, Liang H, Wang Y, Wang Y, Xiong X. A Review of Power System False Data Attack Detection Technology Based on Big Data. Information. 2024; 15(8):439. https://doi.org/10.3390/info15080439

Chicago/Turabian Style

Chang, Zhengwei, Jie Wu, Huihui Liang, Yong Wang, Yanfeng Wang, and Xingzhong Xiong. 2024. "A Review of Power System False Data Attack Detection Technology Based on Big Data" Information 15, no. 8: 439. https://doi.org/10.3390/info15080439

APA Style

Chang, Z., Wu, J., Liang, H., Wang, Y., Wang, Y., & Xiong, X. (2024). A Review of Power System False Data Attack Detection Technology Based on Big Data. Information, 15(8), 439. https://doi.org/10.3390/info15080439

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop