Computers and Electrical Engineering 107 (2023) 108638

Contents lists available at ScienceDirect

Computers and Electrical Engineering

journal homepage: www.elsevier.com/locate/compeleceng

False data injection attack in smart grid cyber physical system:

Issues, challenges, and future direction☆
AKM Ahasan Habib a, Mohammad Kamrul Hasan a, *, Ahmed Alkhayyat b,
Shayla Islam c, *, Rohit Sharma d, *, Lulwah M. Alkwai e
a
Center for Cyber Security, Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia (UKM), Bangi, Selangor 43600,
Malaysia
b
College of Technical Engineering, The Islamic University, Najaf, Iraq
c
Institute of Computer Science and Digital Innovation, UCSI University Malaysia, Malaysia
d
Department of Electronics & Communication Engineering, SRM Institute of Science and Technology, NCR Campus, Delhi- NCR Campus, Ghaziabad,
Uttar Pradesh, India
e
College of Computer Science and Engineering, University of Ha’il, Ha’il, Saudi Arabia

A R T I C L E I N F O A B S T R A C T

Keywords: Smart grid integrates the physical power system infrastructure with internet-of-things-based
Cyber-physical system digital communication networks that work together for grid stability, sustainability, and reli­
False data injection ability. A significant number of smart devices converge in cyber-physical systems to make the
FDI attack modeling
smart grid more competitive and efficient in addressing the energy challenges and vulnerabilities
FDI attack detection
Smart grid
in power system confidentiality, integrity, and availability in smart grid cyber-physical security
systems. False data injection attacks are the most malicious threats in the smart grid paradigm
and have been widely applied recently. Last few years, several detection algorithms for identi­
fying the false data injection attack have been developed. Addressing these issues, this paper
reports a false data injection attack and threat mathematical model, impacting the on-grid system,
economy, and society. The classification of false data injection attack detection algorithms and
mathematical models are mainly presented. Finally, issues and challenges are identified from
existing research and recommended for future research direction.

1. Introduction

The modern power grid system is a complex physical power system, communication systems, sensing, and computing technologies.
The smart grid (SG) cyber-physical system manages the network’s bi-directional power flow and information. Using the Internet of
Things (IoT) based devices, the SG network manages and controls the electricity generation, service provider, transportation, markets,

List of abbreviation: AC, Alternative current; AMI, Advanced metering infrastructure; ANN, Artificial neural network; BDD, Bad data detection;
CIAA, Confidentiality integrity availability accountability; CNN, Convolutional neural network; DBN, Deep-belief network; DC, Direct current; DER,
Distributed energy resource; DOS, Denial of service; DDOS, Distributed denial of service; DT, Decision tree; EMS, Energy management system; ELM,
Extreme learning machine; ENN, Extended-nearest neighbor; FDI, False data injection; IED, Intelligent electric devices; IOT, Internet of things; IF,
Isolation forest; KF, Kalman Filter.
☆
This paper was recommended for publication by Associate Editor Chennai Guest Editor
* Corresponding authors.
E-mail addresses: mkhasan@ukm.edu.my (M.K. Hasan), shayla@ucsiuniversity.edu.my (S. Islam), rohitapece@gmail.com (R. Sharma).

https://doi.org/10.1016/j.compeleceng.2023.108638
Received 19 October 2022; Received in revised form 29 December 2022; Accepted 10 February 2023
Available online 19 February 2023
0045-7906/© 2023 Elsevier Ltd. All rights reserved.
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

distribution, operation, and consumption [1]. The vision of SG is to improve power efficiency and reliability, integrating small and
bulk renewable energy on both the consumer and generation side with customer participation. Though SG has many benefits, it faces
various problems. The SG cyber-physical system faced various security issues. The SG faces various cyber-attacks such as False Data
Injection (FDI) attacks, Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks, man-in-the-middle attacks),
packets analysis attacks, packets injection attacks, data spoofing attacks, and various malicious attacks. Over the last decade, there
have been numerous cyber-attacks on the power grid system. The major global cyber-attack is present in Fig. 1. Due to the SG system
networking vulnerability, cyber-physical systems’ sensing and control infrastructure is unprotected from new risks. Additionally,
existing risks on the vulnerability of SG cyber-physical are inherited.
Motivation and scope of the study: Bad Data Detection (BDD) is widely used to identify cyber anomalies in power grid cyber-physical
systems. However, BDD cannot prevent and detect FDI attacks. The FDI attack is a crucial cyber-attack on the power grid system. The
attackers inject false data in the measurement, control, and computation station on the SG network system shown in Fig. 2. Currently, it
is of great concern for the researcher. From Fig. 2, it is clear that an attacker can easily modify/manipulate the measured data on the
power grid system through field devices and this data to the control center and measurement system. The power system will collapse
when this data is executed. Unfortunately, this FDI attack occurred in the 2015 Ukraine power grid system, and 225,000 consumers
suffered from this cyber-attack. In a distributed power system FDI attack is very dangerous. Several literature reviews conducted on
FDI attacks on specific topics such as cyber threat, attack modeling, attack, identification, and mitigation are present in Table 1. Our
study was conducted to the best of our knowledge on the SG cyber-physical power system. We considered all parameters based on FDI
threat, attack, mitigation, impact, and challenges.
Contribution: This review is based on existing research gaps in Table 1. We analyzed notable publications based on FDI attack threat
modeling, attack constructions, detection algorithms, and impact on SG infrastructure across various domains. We systematically did
our literature review and analyses so that our finding covers the limitation of previous work on FDI attacks in SG cyber-physical
networks. The significant contribution of this paper is presented below:

(1) We present the overview of SG cyber-physical infrastructure, cyber-security goals/objectives, and requirements for an FDI
attack.
(2) We presented a summary based on relevant published work, highlighting their contribution and addressing some research gaps
in Table 1.
(3) The FDI attack threat taxonomy and modeling are proposed in our study, presented in Section 3.1.
(4) Mathematical modeling for the FDI attack is developed and presented in Section 3.2, and the impact of the FDI attack on the SG
system is shown in Section 3.3.
(5) We critically evaluate the proposed FDI attack detection methods and divide them into various categories. The mathematical
model for the FDI attack detection method is presented in Section 4.
(6) We proposed a new FDI attack detection for a hybrid SG cyber-physical system.
(7) During the critical evaluation, we found issues and challenges in FDI attack threat and attack detection methodology, and we
recommended some future work direction.

This review article is organized into 8 sections. The Background of SG cyber-physical infrastructure and security system is present
in Section 2. Section 3 presents the FDI Threat, Attack Modeling, and impact. The False Data Injection Detection Algorithm is presented
in Section 4. FDI Attack Solutions Comparative Analysis is described in Section 5. Issues and challenges are present in Section 6.
Section 7 presents the Proposed Framework and Future Recommendations. In Section 8 conclusion is presented.

Fig. 1. Global cyber-attack on power grid systems over the last decades.

2
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

Fig. 2. Taxonomical block diagram of FDI attack on SG.

Table 1
Summary of a recent review on FDI attack on SG system.
Refs. Year Contribution Limitation

[2] 2016 FDI attack model Attack target, detection, mitigation, impact, and challenges.
[3] 2017 FDI attack Model, attack mitigation, and partially discuss the impact. Attack targets and challenges.
[4] 2018 FDI attack strategies and impact assessment Attack Model, attack mitigation and challenges.
[5] 2018 Security problem and requirements. Attack target, mitigation, impact, and challenges
[6] 2019 Conduct various few discussions about the FDI attack model and target FDI attack mitigation, impact, challenges, and future discussion
[7] 2019 Partially discuss the FDI attack model and target FDI attack mitigation, impact, and challenges
[8] 2019 Partially discuss on FDI attack target, impact, and evaluation criteria FDI attack model, mitigation, and challenges
[9] 2020 FDI attack and partially discuss FDI attack target and impact FDI attack mitigation and challenges
[10] 2020 FDI attack detection, defense, and impact FDI attack modeling, challenges, and future direction
[11] 2021 FDI attack modeling and mitigation FDI attack thereat, impact, challenges, and future direction
[12] 2021 FDI attack challenges FDI attack thereat, attack, impact, and future direction
[13] 2022 FDI attack model, target, and impacts FDI attack detection and mitigation
[14] 2022 FDI threat modeling in a distribution system FDI attack detection and mitigation
[15] 2022 FDI attack detection Attack target, modeling, impact, and challenges
[16] 2022 Attack detection strategy and impact Attack Model and mitigation

This paper presents the SG cyber-physical system, cyber-security objectives, and requirements for an FDI attack. FDI attack threat taxonomy,
mathematical modeling for the FDI threat and attack, FDI attack impact. Mathematical modeling for FDI attack detection methods. Proposed a new
FDI attack detection for a hybrid SG cyber-physical system and address some issues, challenges, and future work.

2. Background of SG cyber-physical infrastructure and security system

2.1. SG cyber-physical infrastructure

The SG system consists of two interdependent (Physical and cyber systems) layers in Fig. 3. The physical system consists of bulk
power generation, transmission, distribution, consumer, small-scale generation, sensor and actuator, and IoT devices. In comparison,
cyber systems consist of different kinds of communication and networking (i.e., Wi-Fi, Ethernet) systems and central control centers. In
SG, using various sensors, devices, and actuators to collect the data from the physical design, the central control unit sends the
measured data and commands through IoT-based devices to execute the operation.
Supervisory control and data acquisition (SCADA): SCADA is a power system and industrial control application. In the power grid
system, SCADA is used for data acquisition to collect the power system measurement data, supervise the intelligent electric devices
(IED) with a remote-control system, and transmit control commands and an interconnected communication system between the data
acquisition and supervision process [17].
Energy Management System (EMS): The central control unit regulates the operation of the power system. The EMS is an automation
system to control, operate, monitor, optimize and coordinate the power system performance data in real-time SG infrastructure. Using
the SCADA system, EMS analyzes and monitors the SG system data. The EMS covers the following function: optimal power flow (OPF),
operation, planning, state estimation (SE), and alarm management system. The central control unit estimates the receiving mea­
surement data and detects the malicious data.
SG communication system: A suitable communication system is significant for efficient operation. There are several communication

3
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

Fig 3. Smart grid Physical and Cyber System.

system standards introduced (i.e., IEC 61,850, IEEE standard C.37.118.1, etc.), networked control system (NCS), Phasor measurement
unit (PMU), wide area monitoring systems (WAMS), advanced metering infrastructure (AMI), actuators, sensors and controllers [18,
19].
Distributed Energy Resource (DER): The DER might be modular, versatile, decentralized storage or renewable energy sources.
Compared with the traditional power grid system, the DER brings a new era to the power grid system to generate or deliver power from
many customers (vehicles to grid, home to the grid, home to home, micro-grid to small industries). Using the DER, the SG system
delivers or uses the power in isolation areas along with traditional grid systems.

Fig. 4. taxonomy of SG cyber-security objectives and requirements [17].

4
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

2.2. SG cyber-physical security system

In the SG system, security issues are emerging in both cyber-physical and cyber systems. This section will highlight the SG cyber-
security objectives/goals and cyber-security requirements in Fig. 4.
SG cyber-security objectives/goals: In the SG system, the primary concern is the quality of service from end-to-end generations to
consumers. For this reason, SG focuses on building a reliable and efficient energy market and service system. In contrast, cyber-security
threats and attacks are the main vulnerable to SG’s progress. Therefore, the SG is required to ensure the cyber-security objectives/goals
(i.e., confidentiality, integrity, availability, accountability (CIAA)) for the cyber-physical elements [1].
Confidentiality is initially a critical goal/objective for the SG security environment. AMI and smart meter implementation must
prevent unauthorised users and protect consumer information and privacy.
Integrity is another crucial objective/goal for SG security requirements. It ensures the SG security data set should not be accessed
by unauthorised people. Further, it is required to validate/identify the quality of the data set and service under the circumstance.
Availability is becoming the most curtailed requirement in the SG system day by day. It ensures reliability for the user to access the
information and allows transmitting the data over the SG system. The SG Cyber-security required smart solutions that should be
eligible to accept the threshold latency for various applications, reducing the detrimental effects on availability.
Accountability is another objective for the SG ecosystem, a consumer requirement that should be taken when they take any action.
Mainly, accountability is usable for consumers to prove the used power load data set to obtain the billing information as sufficient
evidence from the utility center.
SG cyber-security requirements: The SG cyber-security required additional security instant from CIAA. Some authentication and
identification keys are issued for the SG security purpose to protect the network system from unauthorised access. The SG cyber-
security system flows through some established authentication protocols. These authentication and encryption are mandatory cryp­
tographic evolutions that ensure data integrity and confidentiality. For this authentication, the authority provides a certificate to the
parties to access the established connections by the public key infrastructure. The SG system capability depends on the timing and
accurate manner of the service provider to avoid common and severe internal system faults. A consumer confidentially wants their
privacy in their AMI system and wants to provide security with permission [17]. Dependability is an essential requirement for SG
cyber-security. It became meaningful because of system security, reliability, safety, and availability. Also, fault detection, prevention,
removal, tolerance, and forecasting are the significant features of measuring dependability. Another important SG cyber-security
requirement is survivability, which checks the on-time malicious, intentional, or unintentional faults. Survivability ensures system
resilience to meet the system maintenance when the SG security system is compromised. It aims to provide the existing services the
malicious external fault and intentional actions.

3. FDI threat and attack modeling

3.1. False data injection threat

Liu et al. [20] were the first to introduce the FDI attack, which became one of the most devastating and stealthiest attacks on the SG
system. When the attacker attempts the FDI attack, the sensor or different IoT-based devices compromise the data sets stealthily and
introduce the data aggregation procedures. The attacker injects a vector attack Ā and presents the BDD on the data measurements
while evading operators. Finally, if the FDI attack manipulates the original measuring vector data sets, then the FDI vector data set
might be presented and begin to mislead the system. The mathematical explanation of the FDI attack threat on the system is explained
by the equations (1).

Fig. 5. Taxonomy of FDI attack threats.

5
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

Za = Z + A (1)
Where Z is the original data set of the SG power system, Za injected the false data set, and Ā is the inject vector attack. The false data
set can be generated from any manipulated original data from the SG system. Here, Ā can be the following:

• Deletion of the original measuring vector data sets, Z.

• Change of the original measuring vector data sets, Z.
• In addition to the fake data with the original measuring vector data sets, Z.

There are several FDI attacks thereat are introduced in the SG system. The taxonomy of FDI attacks in the SG system is present in
Fig. 5. The main four FDI threat target is the following and is broadly discussed on [14]:

• End-user Level.
• Field Devices.
• Control Center.
• Energy Pricing & Trading

3.2. False data injection attack modeling

In SG, the cyber-physical system is a highly complex connection accomplished harmoniously. These systems are executed at dis­
tance spaces, rating, and various levels, which play a vital role in the operation time. Thus, the SG operation compromised the
operation for the FDI attack.
When the FDI attack occurred, vector attack Ā was fabricated as a linear combination with Jacobia matrix H, So Ā = Hx.
Where x is the non-zero arbitrary vector n × 1, the FDI attack vector modeling is following:
⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤
a1 h11 h12 h1n
⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥
⎢ a2 ⎥ ⎢ h21 ⎥ ⎢ h22 ⎥ ⎢ h2n ⎥
⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥
⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥
⎢ . ⎥ = x ⎢ . ⎥ + x2 ⎢ . ⎥ + ……… + xn ⎢ . ⎥
⎢ ⎥ 1 ⎢ ⎥ ⎢ ⎥ ⎢ ⎥
⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥ (2)
⎢ . ⎥ ⎢ . ⎥ ⎢ . ⎥ ⎢ . ⎥
⎣ ⎦ ⎣ ⎦ ⎣ ⎦ ⎣ ⎦
am m × 1 hm1 hm2 hmn
Za = H (<ct > A < ot > +x)

The new estimated state vector attack Āa satisfies the equation

Aa = A + x (3)
The SG operators draw attention and manage the triggering alarm so that measurement values can’t excite the maximum alterable
tolerance value, x. Based on the original data set vector Z, false data set vector Za is produced on the SG power system. Then the state
estimation model (BDD generation from direct current (DC) and alternative current (AC) power system) will be following:

ra = Za − HAa
= Z + A − H(A + x)
= Z + A − HA− Hx) (4)
= Z − HA + (A − Hx)
= Z − HA = r

From Eq. (4), it is proven that ra = r if Ā = Hx meets the requirement. It is depicted that without changing any measuring data set, an
attacker can inject the false data set into the SG power system. An attacker using the same data set for FDI attacks on DC/AC power
system. Suppose the attacker changes their strategy without changing any measuring. Then the state estimation model will be
following:

ra = Za − hAa
= Z + A − hAa + hA − hA) (5)
= Z − hA + A − hAa + hA) = r
Many researchers work on FDI attacks to protect the SCADA, EMS, DER, remote terminal units (RTU) data, phasor measurement
unit (PMU) data, and communication systems to protect the SG power system. When the FDI attack is launched in the power grid
system, it has a potential impact. The state-of-art of FDI attack impact is discussed below.

3.3. False data injection attack impacts

The FDI attack has a powerful physical power system with economic values. The FDI attack can occur on the power distribution
system in SG. The attacker found the optimal energy flow route node of the grid. These nodes are connected to energy production,

6
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

distribution, or consumer side. In this distribution system, several measurement tools (i.e., smart meter, smart relay, voltage control
regulator, etc.) are used to distinguish different nodes. All nodes communicate or share information or data to execute the system. In
this power distribution operation, the attacker uses the energy deceiving attack on different nodes to spoof the report. Attackers try to
inject information into the nodes, like malicious energy information, response messages, or requests. When the attacker injects the
manipulated data or messages into the grid system, the measurement tools execute and create an imbalanced distributed power system
based on false supply or demand. For this, the cost of distributed energy would be increased. When the FDI attack occurred on the
power system, the energy market was affected, so SCADA, smart meter, and AMI calculated the energy settlement prices.

4. False data injection detection algorithm

Researchers and academicians have developed several FDI attack detection algorithms. These detection algorithm methods are
classified into two groups: model-based detection, and data-driven detection, as depicted in Fig. 6.

4.1. Model-based detection algorithms

The model-based algorithms use static system data and real-time measurement data, i.e., substations configuration or system
parameters. These measuring data could be internationally manipulated, and SG faces FDI attacks. The model-based detection algo­
rithm is divided into two groups (i.e., quasi-static or dynamic nature). Based on the SG operation condition measuring data.
The quasi-static model depends on the SG system operation point scenarios. Which could be changed in slow or smooth nature
based on the controller’s rapid assumption response on the system and provide a very short transient response. The SG system uses
various system models based on the controller’s assumption. The simple universal measurement model is:
z = h(x) + e (6)
Where the system (i.e., power flow, voltage or current angle, or magnitude) measurement response is z ∈ Rn; the state vector is x ∈
Rm; the nonlinear system define functions is h(.)∈ Rn that depend on system topology and different parameters and related from vector
z to x; the measurement error is e ∈ Rn. The measurement data and the number of states in the SG system are unequal.
The dynamic model considered and adopted the SG system dynamic changes or transients. This method depends on the current
state estimation SG system and earlier state measurement data. The measuring model is as follows:
zt = h(xt) + e
(7)
xt = f (xt − 1) + v
Where t is instant designates time; f (.) ∈ Rm is the nonlinear function which depends on the system that relates with state vector xt
to the previous xt-1; the model approximation and time discretization error is v ∈ Rm, and the variance of R ∈ Rm.
Sometimes the SG measurement data carried out erroneous data, which would be natural causes or intentional causes (i.e., FDI
attack, man-in-the-middle, etc. attack). Based on the several measurement vectors zαt = zt + αt, this attack or errors might be modeled;
zt is the original measuring vector data the manipulated or erroneous data will be αt ∈ Rn. During the residual test, the inaccurate data
might be considered by using traditional methods. The residual rt = zt − h(xt) is associated with the pre-defined threshold value τ of
the system. If rt ≥ τ, then we found the erroneous datum. Most of the time, a malicious measurement vector zαt occurs during the
residual test operation because that system can’t detect complicated cases. Using the traditional residual test to find out the FDI attack
is called a “Basic FDI attack,” and a non-traditional test system that predicts the unobservable attack is known as a “Stealth FDI attack.”
In this stealth FDI attack, attackers design the malicious measurement vector zαt = zt+αt and coordinate with the system measurement
data αt = h(ct) to inject this manipulated data set. Where we found the arbitrary nonzero vector ct ∈ Rm, this attack depends on the

Fig. 6. Taxonomy of FDI attack detection algorithms.

7
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

nonlinear function h (.) in the SG system. Only measurement data zαt can be injected in the stealth attack if zt passes the traditional
residual test summarized in [8].
The attacker conducts both basic and stealth FDI attacks on the SG system. They try to manipulate the measurement data on the
system, like voltage magnetite. During the attacking time, attackers inject the passable knowledge of the SG system parameters and
structure for that FDI attack to have a massive impact on the system. Several FDI attack detection system model algorithms were
developed. These developed models are divided into estimation-based and direct-calculation/estimation-free detection methods.

4.1.1. Estimation-based FDI attack detection algorithms

The state estimation model is utilized to measure or predict the status of the power grid system with different parameters. Usually,
power system-estimated data and status are used as static estimation approaches via state estimation like Weighted Least Squares
(WLS) estimator. Steady-state modeling assumes the power system state estimation with enough redundancy. There are several
estimation-based FDI attack detection algorithm methods discussed next.

(a) Static estimation methods:

In static estimation, every measurement data estimation deals with a single step, and the information doesn’t pass the next step.
Using the WLS estimation method ŝ, the FDI attack static estimation could be defined. Using the WLS estimation, we can solve the
flowing problem:
∑
n
min
̂S J(̂s ) = wi (xi − hi (̂s ))2
i=1 (8)
T
= [x − h(̂s )] W[z − h(̂s )]

The measurement vector xi weight is wi = σ−i 2 and the diagonal matrix, W ∈ Rn × n is composed of a weight vectorwi And n is the
measurement number. Due to the iterative nature and computational limitation, the WLS estimation executes after a few minutes in the
power sector. For this, in the industries, many researchers are considering using FDI attack detection for its comprehensive utilization.
The FDI attack on the power system also occurred for economic reasons due to the dispatch of the distributed energy management
system. The WLS method detects FDI attacks on the PMU voltage and angle measurement system. Using the recursive WLS method for
state estimation does detect the FDI attack on the grid system, and the state is following:
[ ( ) ( )]
̂s k+1
t = ̂s t− 1 + Ktk xt − h ̂s kt − Htk ̂s t− 1 − ̂s kt− 1 (9)

Where K ∈ Rm × n is the gain matrix, and we can express like as:

[ ]− 1
(10)
T T
Ktk = θt− 1 Htk Htk θt− 1 Htk + W − 1

Where, θt − 1 ∈ Rm × m is the estimation error that introduces the notation t-1 and covariance of historical data with characterize.
This data set can be used for dynamic state estimation. Liu T. et al. [21] present an anomaly monitoring algorithm that can precisely
estimate the WLS and detect FDI attacks on cyber networks. Here, ψ ∈ Rn × n are the cyber anomaly and weight coefficients measure the
measurements quantification influenceψ− 1 and the problem optimization becomes:
min T
̂S J(̂s ) = [x − h(̂s )] ψ W[x − h(̂s )] (11)

From Eq. (11), the probability of a higher FDI attack can be measured based on a higher illustrated value of ψ. The Median filtering
was used to find the FDI attack. The vector state estimation ̂
S i at the node, i can direct measurement xi|i in the same node, which can
calculate the measurements xi and count the total number n of adjacent nodes xi|i1,xi|i2, xi|i3………… xi|in. The simplification of the
measurements can be calculated with ohm’s law and lines’ parameters that follow:
( )
̂s i = median xi|i1 , xi|i2 , xi|i3 ………… xi|in (12)

The main advantage of median filtering is that it requires low computation complexity in the estimation process and depends on
system parameters. The maximum likelihood method measures errors and assumes the zero mean distribution estimation. The
maximum likelihood estimation method is recognized as follows:
[ ]− 1
̂s = H T WH H T Wx (13)

Here, the measurements variances of the diagonal matrix composed are W ∈ Rn × n and the linearizeH ∈ Rm × n from of h(.) in the
equation.

(b) Detection Test Methods:

The FDI attacks are measured by using detection tests, and the estimation process is given bellows:

8
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

{
1, if xt − h(̂s t )2 > ζ1
DL2 (xt ) = (14)
0, otherwise

The residual of Euclidean distance compared with straightforward residual. Where L2 is known as a residual norm and the pre­
defined threshold state above Eq. (14). Where measurementsxt detector L2 represent the DL2 (xt ) When the FDI attack is present in the
system, the value returns on 1 and 0. The residual(L2norm) of Euclidean distance is xt − h(̂s t )2 and ζ1 is represent the threshold value. In
the grid system, the similarity of measurement data is the same between accurately collected data and state estimation or prediction
data. The detection testes matrix DL2 (xt ) is used to detect the FDI attack in the grid system.
The largest normalized residual (LNR) for detection tests is realized as follows:
{
1, if [xt − h(̂s t )]/σ w∞ ≥ ζ2
DLNR (xt ) = (15)
0, otherwise

Where the residual error conversion matrix, w = R − H[HTR− 1H]− 1HT; R is the covariance of measurement error, and H depends on
system parameters and represents the linearized system-defined matrix. Another FDI attack detection method proposed, namely the
Chi-square test (x2 − test) and realized as:
{
1, if J(̂s t ) ≥ ζ3
Dx2 (xt ) = (16)
0, otherwise

Where, J(̂s t ) represent the objective function of Eq. (16). Here, the thresholds (ζ1,ζ2,ζ3………….ζn) was designed based on FDI
attack detection. To increase the threshold, the Kullback-Leibler distance (KLD) is presented to detect the FDI attack and realized as:
⎧ ∑
⎪ P(st )
⎨ 1, if P(st ) ln ≥ ζ6
DKLD (xt ) = xt
Q(st ) (17)
⎪
⎩
0, otherwise
Where the probability distribution of the historical data state variation is P(st) and the probability distribution of the previous data
state variation is Q(st). All the tests are defended on the threshold value and fixed the enter texting systems.

(c) Dynamic estimation methods:

Nowadays, the Kalman filter (KF) is considered the main method for dynamic state estimation in power system estimation. Usually,
KF is performed in two estimation steps. Initially, it predicted the previous step’s state and corrected every predicted step using the
collected measurements step. For this, the current estimation information is correct on current estimation. The dynamic estimation can
realize as follows:
{
̂s −t = F̂s t− 1
prediction (18)
Pt = FPt− 1 FT + Q
−

⎧ ( )−
⎪ − T − T 1
⎪
⎨ Kt = Pt H HPt( H + r)
Correction ̂s t = ̂s −t + Kt xt Ĥs −t (19)
⎪
⎪
⎩ Pt = (I − Kt H)P−t

Where, ̂s t , ̂s t ∈ Rm is the estimated vector, F ∈ Rm × m is the linearize from f(.) in Eq. (2). Pt , P−t ∈ Rm×m is the covariance of the state
−

estimation. Q ∈ Rm is the noise covariance, Kt ∈ Rm × n is the Kalman gain, H ∈ Rn × mn is the linearized form of h(.) in Eq. (2). And the
measurement error covariance is r ∈ Rm × n. Using the KF, the impact of the FDI attack can easily illustrate.
Another KF-based FDI attack detection method was developed: distribution KF. From Eqs. (18) and (19), distributed KF compute
the complexity covariance among different node in distributed power system. As a result of state estimation, the distributed KF
provided and focused on the optimal estimation that realizes as:
∑n i/j
j=1 ̂s t Gij
̂s it = ∑n (20)
j=1 Gij

i i/j
Where, ̂s t is the state estimated at node i, ̂s t is the state estimation from different nodes j; Gij is the adjunct indicator of the node,
and n is the number of a different node. Extended Kalman filter (EKF) is another form of KF to detect the FDI attack on-grid system that
flows the Eqs. (18) and (19), which depend on the transition function h(.) and f(.) and the non-linear state measurements in the power
system node.
The Unknown input observation is another approach to detecting the FDI attack in the SG system, and the system can be realized as
follows:
{
̂s t = Ast + But + Ddt
(21)
xt = Cst

9
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

Where,stis the state vector, ut is the input vector, dt is the unknown input vector, and A, B, C, and D is the appropriate rank of the
defined matrix in the distributed power system.
The vector autoregression is also used to detect the FDI attack on the SG system. In this method, interdependent time series are
captured for considered the process to continue with the dynamic system that is realized as:

(22)

Here, p is the previous state time, is define the previous states’ transition matrix and vt is the uncertainties model errors.

4.1.2. Estimation-free algorithms

Besides the estimation-based algorithms, the estimation-free algorithms are developed for detecting the FDI attack on the SG
systems. These algorithms execute the operation under the system test. The log and power transformation-based joint-transformation-
based-KLD-algorithm was developed and considered for detecting the FDI attack. Another model was developed using the two ends-
measurements data on the line parameter to detect the FDI attack: transmission-line parameters-based algorithms. The load-forecast
model is another usable model for detecting the FDI attack. Here, distributed load forecasted data are considered for analysis. Using the
secondary voltage output, another algorithm was proposed. Here, the voltage controllers meet the cooperative vulnerability factor to
zero and detect the FDI attack. Several estimation-free algorithms are also introduced: Adaptive Markov Strategy, Matrix separation
algorithm, KLD-based direct measurements, and log-transformation method [8].

4.2. Data-driven detection algorithms

This detection algorithm does not consider system models and parameters for FDI attack detection. The data-driven algorithm
depends on the data utilization for detecting the FDI attack on the SG system. The data-driven algorithms are divided into three groups,
namely (1) machine learning (ML), (2) data-mining, and (3) system data-driven algorithms. In this detection process, the number of
samples s detected from the SG system are measurements z values are used for FDI attack detection.

4.2.1. Machine learning-based algorithm

ML is widely used in artificial intelligence applications to execute the system utility’s data drive, detection, and prediction. Using
ML to detect the FDI attack in the SG system is very complicated. For the detection, the ML algorithm depends on the system’s historical
data, and the detection algorithm uses the collected data from the SG system. The ML-based algorithm is divided into three groups
reviewed in this study.

(a) Supervised-learning:

In supervised learning (SL), a labeled data set is required for executing the process. Here, every input has a specific output (Si,yi). Si
∈ Rn is the ith number of measurements samples and yi ∈ { − 1, 1} is the measurements sample label. Several SL methods have been
developed to detect the FDI attack in the SG system. Linear regression (LR) is one of the simplest methods to detect an FDI attack. Using
the least squares approach for diminishing the thereat, that realized as:
∑
min
w, b (f (xi ) − (wxi + b))2 (23)
i

Where, f(xi) is the dependent scalar variable and f(xi) = wxi + b is the independent variable, w is the measurement vector weight,
and b is a bias.
A support vector machine (SVM) is one of the most usable supervised ML methods for detecting the FDI attack in the SG system. In
the SVM method, binary-based non-probabilistic linear catalogs with parallel-hyper planes boundaries that realized as:
{ T
w ф(si ) + b = +1, if yi = +1
(24)
wT ф(si ) + b = − 1, if yi = − 1

Where w is hyperplanes orthogonal normal-vector, ф (.) is the sample si maps (like as kernel function). However, the kernel
function required extensive CPU time and memory during the training process.
An artificial neural network (ANN) is used to detect the FDI attack by approximating, estimating, and classifying the unknown
variables in the grid networks. The ANN algorithm used the back-propagation training procedure, where ANN output errors are back-
ward propagation and required improvement on neuron weight for different outputs. The ANN neuron output depends on the sum of
∑
neuron weight bias, wi xi + bias and activation functions, f(x) = 1/(1 + e− x). Based on the working function, ANN has been classified;
i
as, i.e. a deep neural network, recurrent neural network, and feed-forward neural network for detecting the FDI attack in SG networks.
The convolutional neural network (CNN) is used for pattern recognition and works on one-layer general-matrix multiplication. CNN is
a good algorithm with different features for detecting FDI attacks. In [22], an auto-encoder-based deep-neural network-based

10
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

algorithm encodes and decodes the measurement samples in the grid system. This algorithm uses the back-propagation method and
takes extensive time to train the neural network. An extreme learning machine (ELM) was considered for FDI attack detection to
overcome the extensive time neural-network training issues.
The k-nearest neighbor (KNN) algorithm detects the grid system’s FDI attack. In this process, Euclidean distance is required for
straightforward measurement to determine the sample. If the new unlabeled sample ki has a minimum distance with prelabeled
samples kj then it is an FDI attack as follows:
Nij ‖ki − kj ‖2 (25)

The drawback of the KNN method is relabeled sample density and distribution process. The extended-nearest neighbor (ENN)
algorithm is developed for FDI attack detection to overcome this problem. Here, the global distribution system was counted with local
neighbor samples.
Decision tree (DT) based predictive algorithms are also used to detect the FDI attack but complex trees face difficulty detecting the
attack from training data. Thus, the random forests (RF) algorithm is developed to overcome the issues. Bayes’ theorem biased al­
gorithm, namely naïve-Bayes, is used to assume and detect the cyber-attack on the grid system. Even though this algorithm worked
based on the independence assumption, it is widely used in detecting FDI attacks. Additionally, margin classifiers and structure
learning SL-based algorithms are used in SG to detect the FDI attack. The disadvantage of the SL is required labeled data and extensive
learning.

(b) Unsupervised learning:

Unlabeled data based on another machine learning algorithm is unsupervised learning. Using confidential data, this method finds
the pattern and classification schemes. In the detection process, hidden data points are divided from regular data classes, so FDI attacks
on SG can be easily detected. There are numerous unsupervised learning algorithms used to detect the FDI attack on the SG system. K-
means clustering (KMC) is one of the most used algorithms for detecting the heavy classification of FDI attack problems. The obser­
vation of KMC is separate the samples s from k-clusters. To find the K from the y set for n samples, the following solution is realized:
∑
k ∑
arg min
y s− y2i (26)
i=1 s ∈ yi

This algorithm is straightforward but highly sensitive to noise samples. To reduce the highly sensitive, soft-clustering or fuzzy
clustering is developed, which is the extended version of KMC.
The isolation forest (IF) is another unsupervised learning algorithm to detect the FDI attack. It detects the FDI-like anomalies
thread. The deep-belief network (DBN) also detects the FDI attack based on the initial weights and learned weights from back­
propagation. The DBN reduces the time required for training networks. The probabilistic-neural network (PNN) is adapted for FDI
attack detection. It utilizes classification problems and pattern recognition. The PNN is a faster detection process than a multilayer-
perceptron network. Also, time-series prediction based on the hidden-Markov model (HMM) is used to detect FDI attacks in the SG
system.

(c) Reinforcement learning:

In these algorithms, the machine observes the previous data and seeks the experience for the following optimal action. Unlike SL,
reinforcement learning uses sample data for training learning through errors and trials. To compare with the SL and unsupervised
learning, reinforcement learning will be applied to detect the FDI attack in the SG system. Reinforcement learning is online and will
add more benefits to the SG system.

4.2.2. Data mining-based algorithms

This method is applied for pattern recognition using large data sets. Using the data mining algorithm, variable measurement data
sets are received, and draw the conclusion based on hidden patterns and attributes data from specific systems. Few data mining al­
gorithms are used in FDI attack detection in SG systems: non-nested generalized exemplars, Hoeffding adaptive trees, common path
mining, and causal events graphs. The data mining algorithm works as an unsupervised ML algorithm. These methods require his­
torical data sets and low-computational complexity for training purposes to benefit FDI attack detection in SG.

4.2.3. System data-driven algorithms

The system’s data-driven algorithms didn’t flow with the ML and data-mining methods. It depends on the SG system’s measure­
ment condition, sample, protocols, etc. The signal temporal logic works on DC grid voltage and current, requiring lower and upper
boundaries for FDI attack detections. Principal component analysis and distributed host-based collaboration have used the samples
covariance for essential FDI attack detection. Whereas, Dynamic time-warping clusters required samples irregularities time series, and
graph theory-based mathematical morphology was developed based on consensus protocol and graph theory for detecting FDI attacks
in SG [8].

11
 Table 2
Comparison and classification among FDI attack detection algorithms.

A.A. Habib et al.

Solution/ model Algorithms and Data Specific Key metrics Contributions (show actual Issues
References Generation performance)

Model-Based FDI Estimation- Quasi-static Weighted Least Squares TDR MTs 90–95% Computation limitation, it takes time for
Detection Algorithms based Median filtering TD MTs 99% executes
Maximum likelihood T MTs 99.7%
Dynamic nature Kalman filter GT MTs 100% Measurements errors depend on previous
distribution Kalman GTD MTs, different node 100% data
filter covariance
Extended Kalman filter GT Ts, Non-linear 100%
measurements,
Unknown input GTD MTs, different node 100%
observation covariance
Vector autoregression GT MTs, time series 87–99.6%
Detection Test Largest normalized T MSp 90–100% Depending on estimation data and the
residual threshold value
Chi-square test T M –
Kullback-Leibler TD M 50–100%
distance
Estimation-free Joint-transformation- TD System test data 55–100% Required system test platform and
based-KLD measured value
KLD-based direct TD System test data 50–100%
measurements
Log-transformation KLD – System test data 90–100%
Load-forecast D System test data 80–100%
Adaptive Markov TD System test data, 100%
Strategy iterations
12

Data-Driven Detection Machine Supervised Linear regression Sm M 100%

Algorithms learning learning Support vector machine DSm M, supportive vector 58–99% Take extensive time, prelabeled samples
Artificial neural GTDSm MN 75–99% density, and labeled data
network
Convolutional neural GTDSm MN 93%
network
Extreme learning T MN 75–95%
machine
K-nearest neighbor GT MTs 70–99%
Extended-nearest GT MTs 91–99%

Computers and Electrical Engineering 107 (2023) 108638

neighbor
Decision tree GD MR 37–72%
Random forests DSm MTsSp 49–71%
Naïve-Bayes GDSM MTs 65–85%
Unsupervised K-means clustering Sm M, clusters 40–98% noise samples, backpropagation
learning Fuzzy clustering Sm M, clusters 81–93%
Isolation forest GT M, number of trees 93–94%
Deep-belief network TDSm MN 93–98%
Probabilistic-neural DSm MN 96%
network
Hidden-Markov model TDSm MSm 95–99%
Reinforcement learning GSm Learning events & 99% Measurements errors
number
Data mining Non-nested generalized exemplars GDSm M, clusters 25–93% Required historical data sets
Hoeffding adaptive trees GDSm M 92–98%
Common path mining GDSm M, clusters 50–00%
Causal events graph GDSm M, learning number 100%
System data-driven DSm M, clustering 70–99% Samples irregularities

G= Generation, T=Transmission, D=Distribution, R= Real-time testing, M=Measurements, N–

–Neurons layer, Ts=Training sample, Sm=Smart meter, Sp= System parameters,.
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

5. Comparative analysis of FDI attack solutions

From the above discussion, we can conclude the FDI attack threat and detection process with the system that required the attack
adoption and sample testing platform. To detect the FDI attack in SG, the data-driven method covers nearly 50%, and model-based
methods cover more than 50% of detection algorithms in this study. These review algorithms detect the FDI attack in the genera­
tion, transmission, distribution, AMI, and smart meters. From the review, it is clear that FDI attack detection algorithms results depend
on some parameter and measurement values, so the detection result has highly fluctuated. Real-time measurements are highly required
and challenging for FDI attack detection. The detection algorithms are faced with computational complexity and evaluation metrics.
The model-Based Detection Algorithms mostly face computational complexity though they achieve a high detection rate. When it
reduces the threshold values to increase the detection performance, it faces false alarms, which is the main challenge. The Data-Driven
Detection Algorithms depend on measurement values and meet the computational complexity of the training process. Sometimes it
depends on the neurons’ number and layer so that the complexity will increase the required memory. Based on the data generation,
specific key metrics, contributions, and issues, a comparison in Table 2 is presented below.

6. Issues and challenges

Though FDI thereat, attack modeling, detection, and impact in SG system is an emerging research field, some points need more
study. Here, we discuss some issues and challenges in FDI in the SG system that will cause new researchers concern.
FDI threat in the distribution system: For the modern SG system, most of the FDI thereat are considered and concerned with the power
generation and transmission networks, but current research considered lack of study on FDI threat attack on the power distribution
system. For instance, only a few works were done based on the FDI attack’s impact on the distribution infrastructure energy storage
system. Therefore, it is crucial and necessary to work on research on the FDI threats and attacks on distribution infrastructure for a
sustainable SG system.
Lack of experimentation work in the real world: There is a lack of experimental studies conducted on the power grid system. The FDI
threats and attacks are conducted and evaluated in the laboratory and try to assume system stability such as linearity. Though several
industrial standards models are studied, maybe those are non-linear and limited to AC-based systems. As this is the industrial 4.0 era,
more realistic FDI threats and attacks would be conducted and assumed in a large-scale practical industrial system/network in the real
world.
FDI attack evaluations: Currently, researchers are working on the FDI attack in the SG system. All of the studies are successfully
conducted with numerical assessment and impact on the bench-marked SG system on laboratory testbed cases with validations on
standardized experimental results. The testbed FDI attacks performances on SG systems are based on power grid system concepts,
communication and security systems, power grid architectures, etc.
Uncertainty issues: In the SG system, the power production, transmission, and consumption raise uncertainty during the attack.
Mainly, these uncertainty issues arise in renewable energy generation and storage systems on the generation and consumer sides. Also,
electricity consumption is uncertain on the consumer side (mainly houses or markets). Researchers use AI technology to forecast and
predict real-time power consumption stability [23,24]. The successful prediction may reduce the energy losses and the risk of FDI
attack, minimizing the transmission loss and operation cost. Furthermore, non-renewable energy sources like diesel generators and
battery storage systems are also valuable for protecting against uncertainty. Additionally, it is crucial to develop an AI-based prediction
model that can detect the uncertainty factors accurately that will be using advanced predicting and forecasting methods. It is proven
that advanced forecasting methods bring benefits commercially for perfect prediction (for wind power systems, it can be 80%). A
robust energy monitoring system model is developed using the fuzzy-prediction interval model for nonlinear dynamic and uncertainty
behavior. The SG system is designed to mitigate the electricity problem and make a dynamic electricity market. The SG system is a
nonconventional power source from generation to consumer, so there is a considerable risk factor for FDI attack during the uncertain
energy demand and generation.
Management: In the SG system, energy management is a significant factor. Sometimes the energy demand uncertainty depends on
the management system. The multi-agent-based energy generation system depends on gas, heat, etc.; in the SG network, all devices are
interconnected with IoT-based devices. For this, all of the fiction is executed depending on measurement data. Apart from these, energy
forecasting depends on the energy management system where the small-scale renewable energy generation, battery storage system,
etc., make the SG system. So an attacker can easily access the energy management data set and attack the FDI. So, the SG energy
management system required more attention and significant research for standalone applications.
Data security: In the SG network, Users’ data privacy becomes more challenging for forensic study. Especially, user data information
(smart meter, sub-meter data) may leak from a person’s activity. Attackers use the forensic method to gather personal information or
smart meter data sets though the data set is only accessible to the authorized person. Attackers can use Global Positioning System (GPS)
to execute the spoofing and placing with the PMU clock wrongly. This SG network required a secured data management and
communication system through encryption and other methods. They use the data communication protocols to collect the smart meters’
data with minimum time in the SG network and ensure reliability, efficiency, and security.
Security concern: Forensic security concerns in the SG network have become challenging and significant [25]. The SG measurement
data, AMI, and smart meter data sets are stored in a computer or cloud system for a long-time. Only authorized persons can access these
data sets. The SG system is integrated with network and communication devices (SCADA, PMU, etc.), so there are many changes to face
the cyber-attack (FDI, DoS, delay attacks, etc.). A hierarchical architecture with communication standards and protocols must ensure a
secure SG network to protect the system from FDI attacks.

13
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

7. Proposed framework and future recommendations

7.1. Proposed cyber-physical framework for smart grid

Based on the above discussion, the vulnerabilities of cyber-physical systems can manipulate/inject false data to generate wrong
operation commands at control centers. Here, we present an FDI attack detection process design for hybrid SG cyber-physical systems
in Fig. 7. In this proposed design, residual is considered for generation (DC energy sources) to compare with the threshold (if residual >
threshold) to detect the attack assumption. For the AC transmission, we considered the machine-learning-based detection process.
Here, we measure the “healthy” data and compare it with newly measured data, which is “compromised.” If the measurement data is
compromised, the system adopts the necessary remedial action to prevent attacks.

7.2. Future research work

Over the world, power grid security systems make great concern in academic and industrial research to tackle the cyber security
system. The SG cyber-physical system faces different kinds of cyber-attack (FDI, DDoS, man-in-middle attack, etc.) and requires
sustainable SG infrastructure to predict and protect against the attacks. Mainly, SG communication infrastructure requires a reliable
and secure system that can protect the system from FDI threats and attacks. In the following, emerging concepts and applications will
benefit future research on FDI attacks in the SG network.
Cyber-security for Communication Systems: The SG communication infrastructure is the life-threatening target of FDI attacks. The
SCADA, WAMS, and AMI are the most vulnerable networks for FDI attacks on the SG communication system. There have been some
risks related to the inevitable cyber-attack. As the SG is the IoT-based communication system, cyber-security issues are increasing
concern with the FDI attack. Software defending networks (SDN) is becoming more widespread with emerging features. In the SG
network application, the combination of SDN can bring an efficient monitoring system. Additionally, IoT, heterogeneous cognitive
radio, is becoming the potential research scope for cyber-security, especially FDI attacks worth investigating. Also, data-driven models
would be a cognitive research scope for the SG communication arena that can be explored for FDI attacks.
Machine Learning-based Security Framework: IoT application-based SG network system is connected with wireless sensors and
countless memory beyond computational restriction. Numerous studies have shown several obstacles and limitations in IoT-based SG
networking systems to use conventional security measures. For this, prediction and protection against the FDI attack using lightweight
ML algorithms in the IoT devices. Additionally, lightweight ML algorithm schemes can prevent dynamic key management, message
authentication, and encryption against the FDI attack in end-to-end SG communication network systems.
Edge Computing: The distributed-computing environment improved the system bandwidth and communication overhead using the
edge computing network. Moreover, the data source origin conducts to accumulate the data storage and processing system.
Furthermore, industry 4.0 covers smart industries, smart cities, SG system, etc., that conveys intelligent edge computing and virtual
universal networks. In the SG network system, using edge computing devices in cyber-physical systems to access curtail components,
where attackers try to mislead the system. Therefore, install more edge computing devices in the SG system for cyber-security purposes
that detect or introduce FDI threats. Additionally, edge computing-based SG systems will be worth studying or considering for FDI
attacks.
Distributed Electricity Trading: The distribution of energy resources is the advancement of the SG distributed power system. In the SG
system, every powered device is connected with an IoT interface, so energy sharing through device-to-device will be an emerging
application in distribution electricity trading. The device-to-device distributed electricity trading system can reduce the market
pricing’s comprehensive risks and vulnerability, preventing the distribution energy management system against FDI attacks.
Blockchain Technology: Blockchain technology would be a computing ecosystem-based innovative distribution system. Which offers
a secure key technology that could simplify the enormously complex interactions between numerous cyber-physical systems in the SG
network. In Blockchain technology, FDI attack will be a new research scope requiring more study and investigation.

8. Conclusion

In the SG system, cyber-security of cyber-physical systems improvement is vital for resilience and efficient operation. The SG cyber-
physical systems face a rising cyber threat called FDI attack by injecting the false measurements vector data that can violate the grid
CIAA. An FDI attack in the SG system can also affect transmission-line outages, large-scale failure, maximizing operation costs, and
regional/national blackouts. The FDI attack has a substantial physical and economic impact. The significant cases of FDI attacks in the
SG systems are threat modeling, attack modeling, influence, and detection algorithms. The threat modeling shows how the false data is
injected into the original measured data. When the attacker occurs, FDI is the SG system that is mathematically presented; the impact
of FDI is also presented. Finally, several FDI attack detection algorithms are described in this article. The literature review presents
some associated and effective issues and challenges on FDI attacks in SG cyber-physical. Finally, advanced future research direction
was recommended for the FDI attack cyber-security framework in SG cyber-physical system.

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to
influence the work reported in this paper.

14
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

Fig. 7. Proposed framework for FDI attack detection for hybrid SG cyber-physical system.

Data availability

Data will be made available on request.

Acknowledgment

This work has been supported by the Ministry of Higher Education Malaysia, FRGS/1/2020/ICT03/UKM/02/6.

References

[1] Hasan MK, et al. Blockchain technology on smart grid, energy trading, and big data: security issues, challenges, and recommendations. Wirel Commun Mob
Comput 2022:1–26.
[2] Liang G, et al. A review of false data injection attacks against modern power systems. IEEE Trans Smart Grid 2016;8(4):1630–8.
[3] Liu X, Li Z. False data attack models, impact analyses and defense strategies in the electricity grid. Electr J 2017;30(4):35–42.
[4] Kang JW, Joo IY, Choi DH. False data injection attacks on contingency analysis: attack strategies and impact assessment. IEEE Access 2018;6:8841–51.
[5] El Mrabet Z, et al. Cyber-security in smart grid: survey and challenges. Comput Electr Eng 2018;67:469–82.
[6] Wang Q, et al. Review of the false data injection attack against the cyber-physical power system. IET Cyber-Phys Syst Theory Appl 2019;4(2):101–7.
[7] Zhang M, et al. False data injection attacks against smart gird state estimation: construction, detection and defense. Sci China Technol Sci 2019;62(12):2077–87.
[8] Musleh AS, Chen G, Dong ZY. A survey on the detection algorithms for false data injection attacks in smart grids. IEEE Trans Smart Grid 2019;11(3):2218–34.
[9] Aoufi S, Derhab A, Guerroumi M. Survey of false data injection in smart power grid: attacks, countermeasures and challenges. J Inf Secur Appl 2020;54:102518.
[10] Sayghe A, et al. Survey of machine learning methods for detecting false data injection attacks in power systems. IET Smart Grid 2020;3(5):581–95.
[11] Unsal DB, et al. Enhancing cybersecurity in smart grids: false data injection and its mitigation. Energies 2021;14(9):2657.
[12] Mohammadi F. Emerging challenges in smart grid cybersecurity enhancement: a review. Energies 2021;14(5):1380.
[13] Reda HT, Anwar A, Mahmood A. Comprehensive survey and taxonomies of false data injection attacks in smart grids: attack models, targets, and impacts.
Renew Sustain Energy Rev 2022;163:112423.
[14] Husnoo MA, et al. False data injection threats in active distribution systems: a comprehensive survey. Future Gener Comput Syst 2022;140:344–64.
[15] Gupta T, Bhatia R, Sharma R. False data injection attack detection using machine learning in smart grid: approaches, datasets, and comparative study.
Sustainable technology and advanced computing in electrical engineering. Springer; 2022. p. 1081–90.
[16] Li Y, Yan J. Cybersecurity of smart inverters in the smart grid: a survey. IEEE Trans Power Electron 2022;38:2364–83.
[17] Hasan MK, et al. Review on cyber-physical and cyber-security system in smart grid: standards, protocols, constraints, and recommendations. J Netw Comput
Appl 2022;209:103540.
[18] Hasan MK, et al. A novel artificial intelligence based timing synchronization scheme for smart grid applications. Wirel Pers Commun 2020;114(2):1067–84.
[19] Akhtaruzzaman M, et al. HSIC bottleneck based distributed deep learning model for load forecasting in smart grid with a comprehensive survey. IEEE Access
2020;8:222977–3008.
[20] Liu Y, Ning P, Reiter MK. False data injection attacks against state estimation in electric power grids. ACM Trans Inf Syst Secur (TISSEC) 2011;14(1):1–33.
[21] Liu T, et al. Abnormal traffic-indexed state estimation: a cyber–physical fusion approach for smart grid attack detection. Future Gener Comput Syst 2015;49:
94–103.
[22] Aboelwafa MM, et al. A machine-learning-based technique for false data injection attacks detection in industrial IoT. IEEE Internet Things J 2020;7(9):8462–71.
[23] Sagu A, et al. A hybrid deep learning model with self-improved optimization algorithm for detection of security attacks in IoT environment. Future Internet
2022;14(10):301.
[24] Priyadarshini I, et al. Time series analysis and anomaly detection for trustworthy smart homes. Comput Electr Eng 2022;102:108193.
[25] Priyadarshini I, et al. A novel cloud architecture for internet of space things (IoST). IEEE Access 2022;10:15118–34.

15
A.A. Habib et al. Computers and Electrical Engineering 107 (2023) 108638

A K M Ahasan Habib received B.Sc. in EEE from Daffodil International University (DIU) in 2015 and M.Sc. in Electrical Engineering from International Islamic
University Malaysia in 2018. Currently, he is a PhD student in the Universiti Kebangsaan Malaysia. His-research interests are Electric Vehicles Energy Storage and
Management Systems, Smart Grids, and Cyber Security Systems.

Dr. Mohammad Kamrul Hasan is currently working as Assistant Professor, at the Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia. He
is specialized at the area of: Industrial Communication and Networking, Cyber Physical Systems, Smartgrid and Electric Vehicles Networks, and Cyber Security Systems.

Dr. Ahmed Alkhayyat is currently a dean of international relationships and manager of the Islamic University, Najaf, Iraq. His-research interests include network
coding, cognitive radio, efficient-energy routing algorithms, efficient-energy MAC protocol in cooperative wireless networks and wireless local area networks, and cross-
layer designing for the self-organized network.

Dr. Shayla Islam has been appointed as an Associate Professor at UCSI University, Malaysia. She completed her M.Sc. and Ph.D. in Electrical and Computer Engineering
(ECE) department at International Islamic University Malaysia (IIUM) in 2012 and 2016 under Malaysian International Scholarship (MIS). Her research interests include
data communications and networking, computer architecture & cloud computing, and smart grid WAM Systems.

Dr. Rohit Sharma is currently working as an associate professor at SRM Institute of Science and Technology, Ghaziabad, India. His-research interests include data
networks, data security, smart grid, data mining, pollution trend analysis, IoT, and big data.

Dr. Lulwah M. Alkwai is with the School of Computer Science and Engineering, University of Ha’il, Ha’il, Saudi Arabia. His-research interests include data networks,
security, artificial intelligence, smart grid, IoT, and big data.

16