Bad data injection in smart grid: attack and defense mechanisms

IEEE Communications Magazine • January 2013 270163-6804/13/$25.00 © 2013 IEEE

INTRODUCTION

The smart grid [1, 2] has been envisioned toimprove the robustness and efficiency of tradi-tional power grid networks with the aid of mod-ern communication technologies. It is enabled bythe technological advances in sensing, measure-ment, and control devices capable of two-waycommunications among system managers (e.g.,independent system operator [ISO]), electricityproduction, transmission, distribution, and con-sumption parts of power grids by exchanginginformation about the grid states to systemusers, operators, and automated devices. Stateestimation is a key function in building real-timemodels of electricity networks in energy manage-ment centers (EMC) [3]. A real-time model is aquasi-static mathematical representation of thecurrent conditions in an interconnected power

network [3]. This mathematical representation isusually obtained from measured and telemetereddata every few seconds to the energy controlcenter (ECC). Real-time models of the networkcan be used by ISO to make optimal decisionswith respect to technical constraints such astransmission line congestion, voltage, and tran-sient stability. In practice, it is not economical oreven feasible to measure all possible states in thenetwork; thus, state estimation is a useful toolfor estimating those quantities from a limited setof measurements. Two kinds of information areusually used for state estimation in power sys-tems:• Analog data of the system such as Megavar

flows on all major lines, P and Q loading ofgenerators and transformers, and voltagemagnitudes at most of the buses of the sys-tem

• The on/off status of switching devices suchas circuit breakers, disconnect switches, andtransformer taps that determine the net-work topologyDue to the importance of state estimation,

the negative effects of injecting bad measure-ment data have been studied in literature [4].Bad data may be due to unintended measure-ment abnormalities or topology errors, or injec-tion by malicious attacks. For instance, [5] is thepioneering work in studying bad data injectionattacks that cannot be detected (called stealthattacks), and it shows that an attacker can carryout such stealth attacks by corrupting the powerflow measurements at remote terminal units(RTUs), tampering with the heterogeneous com-munication network or breaking into the super-visory control and data acquisition (SCADA)system through the control center office LAN.Note that a SCADA system or wide area mea-surement system (WAMS) gathers informationof the power network (measurements values,breakers’ status, etc.) at specific times and loca-tions. Control centers use the collected informa-tion for different purposes such as running astate estimation problem. In [6], the authorsdemonstrate the feasibility of carrying out unde-

ABSTRACT

In modern smart grid networks, the tradition-al power grid is empowered by technologicaladvances in sensing, measurement, and controldevices with two-way communications betweenthe suppliers and consumers. The smart gridintegration helps the power grid networks to besmarter, but it also increases the risk of attacksbecause of the existing obsolete cyber-infra-structure. In this article, we focus on bad datainjection attacks for smart grid. The basic prob-lem formulation is presented, and the specialtype of stealth attack is discussed. Then weinvestigate the strategies of defenders andattackers, respectively. Specifically, from thedefender’s perspective, an adaptive cumulativesum test is able to determine the possible exis-tence of adversaries at the control center asquickly as possible. From the attacker’s point ofview, independent component analysis isemployed for the attackers to make inferencesthrough phasor observations without priorknowledge of the power grid topology. Theinferred structural information can then be usedto launch stealth attacks.

CYBER SECURITY FOR SMART GRIDCOMMUNICATIONS: PART 2

Yi Huang, Mohammad Esmalifalak, Huy Nguyen, Rong Zheng, and Zhu Han, University of Houston

Husheng Li, Peking University

Lingyang Song, University of Tennessee

Bad Data Injection in Smart Grid: Attack and Defense Mechanisms

HUANG LAYOUT_Layout 1 12/21/12 12:14 PM Page 27

IEEE Communications Magazine • January 201328

tectable bad data injection attacks with theobjective of manipulating pricing of the electrici-ty market.

In this article, we focus on bad data injectionattacks in smart grid. The basic problem formu-lation is first presented in detail, and a specialtype of attack, the stealth attack, is studied.Then we investigate the strategies of defendersand attackers:• Defense mechanism: The power system

needs to detect the injection of bad data asquickly as possible, which motivates theapplication of fast detection techniques [7].The goal is to determine the existence ofattacks at the control center using as fewobservations as possible without violatingconstraints such as a certain level of detec-tion accuracy and false alarm rates.

• Attacker strategy: The attacker can performstealth bad data injection attacks with lowdetectability. The attacker can make inferencesof the power network topology from the corre-lations in line measurements using indepen-dent component analysis. The inference resultscan then be utilized to design stealth attacks.The rest of the article is organized as follows.

We present the power system model, state esti-mation, and bad data injection. The defendermechanism and attacker strategy are discussed,respectively. Finally, conclusions are drawn.

STATE ESTIMATION ANDBAD DATA INJECTION

Power systems generally consist of three subsys-tems: generation, transmission, and distributionsystems. In power systems, transmission lines are

used to transfer generated power to consumers[8]. Theoretically, the transmitted complexpower between bus i and bus j depends on thevoltage difference between the two buses, and itis also a function of the impedance betweenthese buses. In general, transmission lines havehigh reactance over resistance ratio (i.e., X/Rratio), and thus one can approximate theimpedance of a transmission line with its reac-tance. Transmitted active power from bus i tobus j can be written as

where Vi is the voltage magnitude, qi is the volt-age phase angle in bus i, and Xij is the reactanceof the transmission line between bus i and bus j.In DC (i.e., DC here stands for linearity of equa-tions rather than direct current systems) powerflow studies, it is usually assumed that the voltagephase differences between two buses are small,and the amplitudes of voltages in buses are closeto unity (after normalization). Therefore, furthersimplification gives a linear relation betweenvoltage phase angles and lines reactance as

In power flow studies, the voltage phase angle(qi) of the reference bus is fixed and known;thus, only n – 1 angles need to be estimated. Wedefine the state vector as x = [q1, …, qn]T; thatis, the vector of n bus phase angles qi, i = 1, …,n.

The state estimation problem is to estimate nphase angles qis, by observing m real-time mea-surements, denoted by vector z at the controlcenter. These measurements could be eithertransmitted active power from bus i to j, Pij, orinjected active power to bus i, Pi. Injected activepower to bus i is the super-composition of thetransmitted power via connected lines to bus i asPi = S jPij. The observation vector z can bedescribed as z = h(x) + e, where h(x) is thenonlinear relation between measurement z andthe system state x, and e = [e1, …, em]T is theGaussian measurement noise vector with covari-ant matrix Se.

Define the Jacobian matrix H Œ Rm as

If the phase difference is small, the linearapproximation model of power measurementcan be described as

Measurement under Normal Operation: z =Hx + e.

Note that H is generally unknown to the attack-ers but known to the ISO. Given the power flowmeasurements z, the estimated state vector x̂can be computed as x̂ = (HTSe

–1H)–1HTSe–1z.

Figure 1 illustrates the IEEE four-bus testsystem with two generators: each bus has its cor-responding voltage (Vq) and phase angle (qq);the control center sends the power measurement

PV V

Xiji j

iji j= −( )sin ,θ θ

PXij

i j

ij=

−θ θ.

Hh x

x x= ∂

∂ =

( ).

0

Figure 1. An illustration of a four-bus power network, control center, a fewmain functions (AGC, OPF, EMS), and the operator. Note that G representsthe generators, the black dot represents available active power flow measure-ments, and the triangular on the bus represents the load of the region or city.

G

EMS

G43

21

OPF

AG

C

State estimator

Controlcenter

Operator

Z21Z12

Z13

Z24

Z44


IEEE Communications Magazine • January 2013 29

data (zqr), and then the state estimator infers thestates of the power system that can be used indifferent functions such as the automatic genera-tion control (AGC), optimal power flow (OPF),and energy management system (EMS). Theoperator makes the final decision for controllinggenerators and managing load (to balance thesupply and demand).

BAD DATA DETECTIONIn power system state estimation, “bad data” asthe results of large measurement bias, drifts orwrong connections needs to be detected andidentified. In bad data injection, the attackerscan inject data into the measurement vector rand the system can be described as

Measurement under non-Stealth Attack: z’ =H(x)+ b + e, a = ¡b.

Define the residue vector r as the differencebetween the measured qualities and the calculat-ed values from the estimated states, namely, r =z – Hx̂. The mean and covariance of the residualare respectively E(r) = 0, and cov(r) = ¡Se,where ¡= I – M, and M = H(HTS e

–1H)–1HT

Se–1.

The weighted least square of measurementerror rTSe

–1r obeys the chi-square distributionwith n – m degrees of freedom [3]. The hypothe-sis pertaining to bad data detection can beexpressed as, rTSe

–1r >< c2n–m,V, where V is the

detection confidence probability.For identification, the normalized residuals of

all the measurements are used for identifyingbad data. If the measurement corresponding tothe largest normalized residual is greater than apre-specified identification threshold g, i.e,

that measurement is considered as bad data and iseliminated for another round of state estimation [3].

STEALTH BAD DATA INJECTIONUtilizing the detection scheme discussed earlier,the control center can defend against naive baddata injection attacks and identify the source oftampered data. Thus, we call this type of attacksnon-stealth attack. However, if the attacker hasknowledge of the topology H, it can inject baddata of the form Hdx to measurement r, namely,

Measurement under Stealth Attack: z’ = H(x + dx) + e. (3)

In this case, the hypothesis test would fail indetecting the attacker, and the control centerbelieves that the true state is x + dx. This iscalled stealth bad data injection [5]. One criticalassumption in the feasibility of stealth attacks isthe availability of full topology information. Wedemonstrate how such an assumption can berelaxed from the attackers’ point of view.

DEFENSE MECHANISMIn this section, we investigate one type of defensemechanism against non-stealth attacks in smartgrid. In brief, we have developed a novel defense

strategy via online statistical analysis of asequence of data while controlling the detectiondelay and error probability within desired levels[9]. Conventional state estimation methods [10,11] for bad data detection use measurements tobalance false alarm rate or missing detectionratio. In contrast, our approach aims to mini-mize the detection delay subject to the errorprobability constraint.

Let zt represent the m-dimension observationvector at time t. In the absence of an adversary,zt can be modeled as zero-mean multivariateGaussian distributions N(0, Sz) for tractability.The adversary is assumed to be inactive initially;and at randomly unknown time t, it becomesactive and injects malicious data. The binaryhypothesis can be formulated as H0: Zt ~ N(0,Sz) and H1: Zt ~ N(at, Sz), where at = [at,1, at,2,…, at,m]T Œ Rm is the vector of unknown mali-cious data injected by the attacker at time t, andSz is HSxHT+ Se. In other words, we want todetect a change in the distribution from N(0, Sz)to N(at, Sz) at unknown time t with unknown at.

Let Th denote the stopping time, the timewhen the change is detected. If Th < t, it is afalse alarm. The average run length (ARL) is Td= E[Th – t]. Based on Lorden’s formulation [7],we minimize the worst case detection delay,which can be described as Td = supt≥1 Et[Th –tÔTd ≥ t]. To compute the minimum Td, Page’sCUSUM algorithm is the best-known techniqueto tackle this type of problem [7]. However,most CUSUM-based models assume perfectknowledge of the likelihood functions. In baddata injection detection, the parameters of H1distribution cannot be completely definedbecause of the unknown attacker parametersand statistical model. Thus, we need to designmechanisms for quickest detection in the pres-ence of unknown parameters.

The adaptive CUSUM test is recursive innature. Each recursion comprises two inter-leaved steps:• A multi-thread CUSUM test• A linear unknown parameter solverThe multi-thread CUSUM test extends Page’sCUSUM algorithm. The multi-thread CUSUMtest considers and cooperates the likelihoodratio term of m measurements at time t in orderto determine the stopping time Th, which can bedescribed as Th = Inf{t ≥ 1ÔSt > h}, in whichthe detection threshold h is a function of thefalse alarm rate (FAR), the miss detection rate(MDR), and the process variance, with cumula-tive statistic at time t: St = max1≥k≥Th S Th

t=k,where Lt is the sum of likelihood ratio functionfor all measurements (zt,j, j Œ{1, 2, …, m) attime t. Mathematically, we can express Lt(Zt) as

where f1(zt,j) and f0(zt,j) correspond to the distri-bution of the jth observation at time t withattacks. At time t, the cumulative statistic St canbe solved recursively as max[0, St–1 + Lt(Zt)],where S0 = 0 when t = 0. The control centerissues an alarm when the accumulation crosses acertain threshold h.

Due to the unknown adversary statistic

max / cov( ) ,i ir r( ) ≥ γ

jm t j

t j

f z

f z=∑ 11

0log

( )

( ),,

,

An important ques-

tion naturally arises,

namely, if the topol-

ogy is not available

to the attacker, can

the attacker still suc-

cessfully launch

stealth bad data

injection? Our

answer is, somewhat

surprisingly, yes, and

we have developed

the algorithm.



model, the generalized likelihood ratio test(GLRT) can be used in Page’s CUSUM algo-rithm with unknown parameters [7]. The idea isto apply GLRT by replacing the unknownparameter with the maximum likelihood (ML)estimation. However, the recursive expressionfor the CUSUM test is no longer valid as GLRTneeds to compute every unknown element of afor each measurement at time t by estimatingfrom the observations up to the current time t.In other words, GLRT requires storing theobservations and performing ML-estimation ofthe unknown parameters at every time point.Thus, GLRT is too computationally expensive toimplement in practice for quickest detection.

To reduce computation complexity, we applythe Rao test [7], which is an asymptotically

equivalent test model of GLRT. The Rao testneeds to compute derivatives with respect to theunknown parameter evaluated at zero, and canbe implemented efficiently. Furthermore, theRao test does not involve the complex computa-tion of ML estimation.

We demonstrate the effectiveness of the pro-posed quickest detection mechanism using anIEEE four-bus topology. Figure 2 gives anexample of the onset of the attack and decisiontime. The malicious attack begins at time 6. Fordifferent FARs, the thresholds are different.The attack is detected at time 7 when FARequals 1 percent and at time 8 when FAR equals0.1 percent. The trade-off between detectionaccuracy and ARL is clearly demonstrated inFig. 3. To achieve higher detection accuracy (orequivalently, smaller FAR), higher ARL (thelarger E(Td)) is needed. Therefore, the systemneeds to spend more time on making a decision.Our defense scheme outperforms the CUSUMGLRT in achieving a shorter decision time andhigher detection accuracy. In summary, byemploying quickest detection, the defender candetect non-stealth malicious attacks as quicklyas possible.

ATTACKER STRATEGYAs discussed earlier, stealth attacks are feasiblewhen the attackers have full knowledge of thetopology. An important question naturally arises:if the topology is not available to the attacker, canthe attacker still successfully launch stealth baddata injection? Our answer is, somewhat surpris-ingly, yes, and we have developed the algorithmin [14]. The main idea is when the system param-eters (e.g., active or passive loads) vary in asmall dynamic range, the structure (topology)information is in fact embedded in the correla-tions among power flow measurements. Let z(t),x(t) be the measurements and state vectors attime t, where x(t) is unknown. At a particulartime point t, it is impossible to infer H from z(t)

Figure 2. Adaptive CUSUM test with the decision interval.

1

0

CU

SUM

sta

tist

ic S

n

2

3

4

5

6

7

8

9

10

Malicious data attack is initialized

Alarmed! Case #1

Alarmed! Case #2

h1

h2

Case #1: FAR=1%Case #2: FAR=0.1%

Observation index21 3 4 5 76 8 9 10

Figure 3. The performance analysis of the adaptive CUSUM algorithm in comparison with CUSUM GLRT.

FAR10-810-10

5

0

E(T D

)

10

15

20

25

10-6 10-4 10-2

FAR10-810-10

0.7

0

Acc

urac

y ra

te

0.65

0.75

0.85

0.8

0.95

1

0.9

10-6 10-4 10-2

CUSUM with GLRTProposed algorithm

CUSUM with GLRTProposed algorithm



alone. However, over time, with the knowledgeof the stochastic properties of the random pro-cess x(t), we may be able to infer H.

In power systems, the state variables are gen-erally a (nonlinear) function of the loads y andthe topology H: x = f(y, H). While the topologyis likely to be static over a period of time, loadscan be modeled as varying independently. If suchvariations are sufficiently small, we can approxi-mate f using x = Ay, where A is the first-ordercoefficient matrix of the Taylor expansion at y(i.e., z = HAy + e).

With HA and y, we can carry out the bad datainjection attack by modifying the measurementdata as z’ = z + HAdy, where dy can be arbitrar-ily chosen. At the ISO, we have the estimatedstate vector x̂ = (HTSe

–1H)–1HTSe–1z’. Let dx =

Ady. Since r = z’ – H^x = z + H( x̂ + dx), E(r)= 0, cov(r) = (I – M)Se. In other words, themean and variance of r is the same as the casewithout attackers. As a result, using the maxi-mum residue method earlier, the attack cannotbe detected.

To infer HA and y, we adopt the linear inde-pendent component analysis (ICA) technique.Linear ICA [12] is a recently developed methodwith the goal to find a linear representation ofthe data so that components are as statisticallyindependent as possible. It is a special case ofblind source separation formulated as follows. u= Gv, with u = [ui, i = 1, 2, …, m] is the observ-able vector containing observation from m signalmonitors, G = [gij, i = 1, 2, …, m, j = 1, 2, …, n]is the unknown mixing matrix, and v = [vi, i = 1,2, …, n] is the source vector of n independentlatent variables. Given the model and realiza-tions of u, ICA infers both the mixing matrix Gand the source vector v by adaptively calculatingthe weight vector w that maximizes a measure ofthe non-Gaussianity of the calculated wTu.Notice that [13] establishes the identifiability ofICA up to scaling and permutation.

The algorithm is summarized in Algorithm 1.In line 1, FastICA [12] is an efficient and popu-lar algorithm for ICA that iteratively finds thedirection in which the weight vector w maximizesthe non-Gaussianity of the projection wTz fordata z. G needs to satisfy wTG = I, where I is anidentity matrix. Entries in G that are too small(compared to a predefined threshold e) will beremoved. Finally, the quasi state vector y can beestimated by wTz. Line 2 verifies if z follows alinear model. If the linearity assumption holds,max (z – Gy) should be small. Line 3 generates arandom attack by a Gaussian random variable.This will be added to the inferred variable y inline 4, resulting in a stealthy attack that cannotbe detected.

We set up experiments to evaluate the pro-posed mechanism using MATPOWER [15], aMatlab simulation tool for solving power flowand optimal power flow problems. Using thedata generated by MATPOWER reflects a morerealistic simulated environment. The presentedresults are experiment results conducted on afour-bus test system, and IEEE 14-bus and 30-bus smart grid models. To see the independenceof the state vector x, we compute the eigenval-ues of the covariance and sort them in descend-ing order. As shown in Fig. 4, the state vector isclearly highly correlated. In fact, for the 14-busand 30-bus, there are only 8 and 12 main com-ponents (with eigenvalues greater than 10–4).Since ICA gives independent components, theresulting y are naturally independent. A keytake-away from this set of experiments is thatmore sophisticated detection mechanisms can bedevised if the correlation structure of the statevector can be utilized (i.e., the 2nd order statis-tics). In this case, even when an attacker knowsH, if it naively injects random data to the mea-surement as H(x +dx), as long as x +dx doesnot exhibit the same correlation structure x,sophisticated detection mechanisms may still beable to detect the bad data injection. In contrast,since we decouple the dependence among x’s byprojecting them to a low-dimension space ofindependent components, the proposed stealthattacks are harder to detect.

In the previous simulation, we demonstratethat the ICA algorithm can successfully identifythe linear structure of the power flow measure-ments. Next, the strength of the ICA-basedattack is evaluated. As a baseline, we consider anaive attack that randomly injects bad data (fol-lowing a Gaussian distribution with zero meanand the same variance, 10 dB higher than thenoise level, as the stealth attack) without knowl-edge on H. We further compare the proposedattack to the case without any bad data injection.

The null hypothesis (no attack) is accepted

Algorithm 1. Stealth false data injection.

Input: z = data matrix

1. [G and y] = FastICA(z)

2. If max(z − Gy) > Œ then exit

3. Generate dy ~ N(0, s2)

4. z¢ = z + G(y + dy)

Output: false data z¢

Figure 4. Eigenvalues of the state vector of different bus topologies.

Index50

10-14

10-16

Eige

nval

ues

10-12

10-10

10-8

10-6

10-4

10-2

100

102

104

10 15 20 25 30

4-bus14-bus30-bus



with the probability that the detection propertyfrom earlier holds. The probability is an increas-ing function of the threshold. To compute theprobability, we assume the residual error r followsGaussian distributions, respectively. From Fig. 5,we can see the proposed stealth attack has analmost identical miss detection probability as theno-attack case in the 14-bus topology. Therefore,the proposed attack is basically indistinguishableusing any type of likelihood ratio test, since theratio is always equal to one. On the other hand,the random attack has very different characteris-tics. This demonstrates that the stealthy attackcan be accomplished by learning the topologystructure of the power system using ICA.

CONCLUSIONSIn this article, we discuss the important securityproblem of bad data injection in smart grid. Thedetailed problem formulation is presented.Then, from the defenders’ point of view, westudy the quickest detection techniques to detectthe bad data injection attack as quickly as possi-ble. The result of simulations successfullydemonstrates that the defender can a detectreal-time malicious data attack within the mini-mum delay. From the attacker perspective, weinvestigate the ICA technique so that the attack-er can perform a stealthy attack without knowl-edge of the system topology. We alsodemonstrate that the proposed attack can beaccomplished by learning the topology structureof the power system and is difficult to detect.

REFERENCES[1] X. Fang et al., “Smart Grid — The New and Improved

Power Grid: A Survey,” IEEE Commun. Surveys andTutorials, vol. 1, no. 99, Dec. 2011, pp. 1–37.

[2] E. Hossain, Z. Han, and V. Poor, Smart Grid Communi-cations and Networking, Cambridge University Press,UK, 2012.

[3] A. Monticelli, “Electric Power System State Estimation,”Proc. IEEE, vol. 88, Feb. 2000, pp. 262–82.

[4] M. Esmalifalak, Z. Han, and L. Song, “Effect of StealthyBad Data Injection On Network Congestion In MarketBased Power System,” IEEE WCNC 2012, Paris, France,Apr. 2010.

[5] Y. Liu, M. K. Reiter, and P. Ning, “False Data InjectionAttacks Against State Estimation in Electric PowerGrids,” 16th ACM Conf. Computer and Commun. Secu-rity, Gaithersburg, MD, Nov. 2009, pp. 21–30.

[6] L. Xie, Y. Mo, and B. Sinopoli, “False Data InjectionAttacks in Electricity Markets,” 1st IEEE Int’l. Conf.Smart Grid Commun., Gaithersburg, MD, Oct. 2010,pp. 226–31.

[7] H. V. Poor and Q. Hadjiliadis, Quickest Detection, Cam-bridge Univ. Press, 2008.

[8] J. Casazza and F. Delea, Understanding Electric PowerSystems, IEEE Press Understanding Science and Tech-nology Series, Wiley, 2010.

[9] Y. Huang et al., “Defending False Data Injection AttackOn Smart Grid Network Using Adaptive CUSUM Test,”45th Annual Conf. Info. Sciences and Sys., Baltimore,MD, Mar. 2011.

[10] A. Abur and A. G. Exposito, Power System State Esti-mation: Theory and Implementation, Marcel Dekker,2004.

[11] A. J. Wood and B. F. Wollenberg, Power Generation,Operation, and Control, Wiley, 1996.

[12] J. Himberg and A. Hyvarinen, “Independent Compo-nent Analysis for Binary Data: An Experimental Study,”3rd Int’l. Conf. Independent Component Analysis andBlind Signal Separation, Malm, Sweden, June 2001.

[13] P. Comon, “Independent Component Analysis, A NewConcept?,” Signal Processing, vol. 36, no. 3, Apr. 1994,pp. 287–314.

[14] M. Esmalifalak et al., “Stealth False Data Injectionusing Independent Component Analysis in Smart Grid,”2nd IEEE Conf. Smart Grid Commun., Brussels, Belgium,Oct. 2011.

[15] R. D. Zimmerman, C. E. Murillo-Snchez, and R. J.Thomas, “MATPOWER Steady-State Operations, Plan-ning and Analysis Tools for Power Systems Researchand Education,” IEEE Trans. Power Systems, vol. 26, no.1, Feb. 2011, pp. 12–19.

BIOGRAPHIESYI HUANG [S’11] ([email protected]) is from Taiwan, and iscurrently working on his Ph.D. under the supervision ofProfessor Zhu Han at the University of Houston. He receiveda B.S. in electrical engineering from the University of Ari-zona in 2007 and an M.S. in electrical engineering fromthe University of Southern California in 2008. Prior toentering the University of Houston, he worked as a gradu-ate research assistant under the supervision of Professor K.Kirk Shung for one year at the University of Southern Cali-fornia. His current research work involves the applicationof quickest detection, data mining, machine learning andsignal processing in wireless networks, cognitive radio net-work, and smart grids.

MOHAMMAD ESMALIFALAK [S’12] received his M.S. degree inpower system engineering from Shahrood University ofTechnology, Iran, in 2007. He joined the Ph.D. program atthe University of Houston (UH) in 2010. From 2010 to2012 he was a research assistant in the Electrical and Com-munications Engineering Department of UH. He iwon thebest paper award at the IEEE Wireless Communicationsand Networking Conference 2012. His main research inter-ests include the application of data mining, machine learn-ing, and signal processing in the operation and expansionof smart grids.

HUY NGUYEN [S’12] ([email protected]) received his B.S.degree in computer science from the University of Science,Ho Chi Minh City, Vietnam, in 2006, and his M.E. degree inelectrical engineering from Chonnam National University,Guangju, Korea, in 2009. In 2009 he started pursuing hisPh.D. degree in the Department of Computer Science, UHunder the guidance of Prof. Rong Zheng. His researchinterests include wireless and sensor network management,and information diffusion on social networks.

RONG ZHENG [S’03, M’04, SM’10] ([email protected]) receivedher Ph.D. degree from the Department of Computer Sci-ence, University of Illinois at Urbana-Champaign, andearned her M.E. and B.E. in electrical engineering from

Figure 5. Probability for miss detection of attacks for 14 bus case.

Threshold

Comparison of probabilities for different schemes, 14 bus

0.20.1

0.1

0

Prob

abili

ty

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1

0.3 0.4 0.5 0.6 0.7 0.8 0.9 1

No attackStealth attackRandom attack



Tsinghua University, P.R. China. She is on the faculty of theDepartment of Computer Science, UH, since 2004, current-ly as an associate professor. Her research interests includenetwork monitoring and diagnosis, cyber physical systems,and sequential learning and decision theory. She receivedthe National Science Foundation CAREER Award in 2006.She serves on the technical program committees of leadingnetworking conferences including INFOCOM, ICDCS, andICNP. She served as a guest editor for EURASIP Journal onAdvances in Signal Processing, Special Issue on WirelessLocation Estimation and Tracking, and Elsevier’s ComputerCommunications Special Issue on Cyber Physical Systems;and was Program Co-Chair of WASA’12 and CPSCom’12.

ZHU HAN [S’01, M’04, SM’09] ([email protected])received his B.S. degree in electronic engineering fromTsinghua University in 1997, and M.S. and Ph.D. degrees inelectrical engineering from the University of Maryland, Col-lege Park, in 1999 and 2003, respectively. From 2000 to2002 he was an R&D engineer at JDSU, Germantown,Maryland. From 2003 to 2006 he was a research associateat the University of Maryland. From 2006 to 2008 he wasan assistant professor at Boise State University, Idaho. Cur-rently, he is an assistant professor in the Electrical andComputer Engineering Department at UH. His researchinterests include wireless resource allocation and manage-ment, wireless communications and networking, game the-ory, wireless multimedia, security, and smart gridcommunication. He is an Associate Editor of IEEE Transac-tions on Wireless Communications since 2010. He was thewinner of the IEEE Fred W. Ellersick Prize in 2011. He wasan NSF CAREER award recipient 2010. He was the coauthorof papers that won the best paper awards at IEEE Interna-

tional Conference on Communications 2009, 7th Interna-tional Symposium on Modeling and Optimization inMobile, Ad Hoc, and Wireless Networks 2009, and IEEEWireless Communication and Networking Conference 2012.

HUSHENG LI [S’00, M’05] ([email protected]) receivedB.S. and M.S. degrees in electronic engineering fromTsinghua University, Beijing, China, in 1998 and 2000,respectively, and his Ph.D. degree in electrical engineeringfrom Princeton University, New Jersey, in 2005. From 2005to 2007 he worked as a senior engineer at Qualcomm Inc,San Diego, California. In 2007, he joined the EECS Depart-ment of the University of Tennessee, Knoxville, as an assis-tant professor. His research is mainly focused on wirelesscommunications and smart grid. He was the recipient ofthe Best Paper Award of the EURASIP Journal of WirelessCommunications and Networks, 2005 (together with hisPh.D. advisor, Prof. H. V. Poor), the best demo award ofGLOBECOM 2010, and the Best Paper Award of ICC 2011.

LINGYANG SONG [S’03, M’06, SM’12] ([email protected]) received his Ph.D. from the University of York,United Kingdom, in 2007, where he received the K. M.Stott Prize for excellent research. He worked as a postdoc-toral research fellow at the University of Oslo, Norway, andHarvard University, until rejoining Philips Research U.K. inMarch 2008. In May 2009, he joined the School of Elec-tronics Engineering and Computer Science, Peking Universi-ty, China, as a full professor. He is a co-inventor of anumber of patents (standard contributions), and author orco-author of over 100 journal and conference papers. Hereceived the best paper awards in three international con-ferences.


Bad data injection in smart grid: attack and defense mechanisms

Documents