*1.2. Stealth False Data Injection (FDI) Attack*

A stealth attack is a special type of attack that bypasses the PSSE technique test. The residual test is not able to detect a stealth attack. This attack is also known as an unobservable attack or undetectable attack. In a stealth attack, the Jacobian matrix **H** is fully known to the attacker. **H** is used for the construction of an undetectable attack. Stealth false data injection (FDI) is given as follows [17,19,22,28–30]:

$$\mathbf{z\_a} = \mathbf{z} + \mathbf{a} \tag{9}$$

where **a** represents the vector of false data that is added to the measurement vector **z**. The attacker hacks the data from the communication line and injects the attack vector **a** into it, where **a** = **Hc**.

The attack is done on the communication line by the attacker and all measurements of power are hacked. The Jacobian matrix **H** is determined with the help of those measurements of power. The whole power system topology can be understood with the help of **H**. The dependence of one power value on the other powers can be found using **H**. This leads the attacker to make an undetectable attack. In fact, it tells the attacker which specific values of power the attacker will have to change with one particular change in power. To understand the whole power network, the formation of the Jacobian matrix **H** is the most important component. The vector **c** is multiplied by matrix **H** and the resultant is added to the actual measurements when undertaking a stealth attack.

The stealth attack is executed against the PSSE in the power network and that is the attack of injecting false data into the system measurements. The state estimation technique is bypassed by the stealth attack [31]. In case of an attack, the estimated state becomes:

$$\hat{\mathbf{x}}\_{\mathbf{a}} = \left(\mathbf{H}^{\mathrm{T}}\mathbf{R}^{-1}\mathbf{H}\right)^{-1}\mathbf{H}^{\mathrm{T}}\mathbf{R}^{-1}\mathbf{z}\_{\mathbf{a}} \tag{10}$$

$$
\hat{\mathbf{x}}\_{\mathbf{a}} = \hat{\mathbf{x}} + \mathbf{c} \tag{11}
$$

The estimated state is changed in the case of a stealth attack. Now, the estimated state is equal to the original estimated state plus the addition of a constant vector **c**. It is assumed that **c***~N(*0,*σ*<sup>2</sup> *<sup>c</sup> )*, where the false state variance is represented by *σ*<sup>2</sup> *c* .

$$\mathbf{z\_{a}} = \mathbf{H}\mathbf{x} + \mathbf{e} + \mathbf{a} = \mathbf{H}\mathbf{x} + \mathbf{e} + \mathbf{H}\mathbf{c} \tag{12}$$

$$\mathbf{z\_a = Hx\_a + e} \tag{13}$$

Therefore, the attack changes the state of the power system. The technique used in the system for bad data detection is bypassed by the stealth false data injection attack in this way:

$$\mathbf{r\_a = z\_a - H\hat{x}\_a = r} \tag{14}$$

The attacked residual is represented by **ra**. In the attack, the attacked residue is the same as that of the normal residue. Therefore, the technique of bad data detection using residue is bypassed by this attack and the defender is not able to detect the stealth attack.
