Spatio-Temporal Graph-Based Generation and Detection of Adversarial False Data Injection Evasion Attacks in Smart Grids

Electrical Engineering Computer Science Information Science Artificial Intelligence Engineering
smart grids false data injection attacks adversarial attacks spatio-temporal graphs graph neural networks machine learning cybersecurity

Title: Generating and Detecting Spatio-Temporal Graph-Based Adversarial False Data Injection Evasion Attacks in Smart Grids

Background

With the continuous development of modern smart grids, the grid, as a typical Cyber-Physical System (CPS), faces numerous security threats due to the extensive exchange of data between its components. Among these, False Data Injection Attacks (FDIAs) have garnered significant attention for their ability to manipulate sensor data. Attackers can use such false data to bypass traditional Bad Data Detection (BDD) systems, potentially leading to incorrect operational decisions and even system overloads. However, traditional FDIAs are relatively simple, as their obvious data anomalies can be easily detected by data-driven machine learning models.

In contrast, Adversarial False Data Injection Evasion Attacks (FDIEAs) are more complex and pose a greater threat, as attackers inject adversarial samples that mimic the patterns of normal data to bypass the existing detection systems. The challenge lies in the fact that existing advanced detection mechanisms based on Graph Neural Networks (GNNs), though capable of capturing the spatio-temporal characteristics of grid topologies, have not been thoroughly analyzed for robustness against complex FDIEAs. This research aims to illuminate the generation mechanisms of FDIEAs and design a robust detection method to safeguard against these threats.

Paper Source

This paper was co-authored by research scholars Abdulrahman Takiddin (FAMU-FSU College of Engineering), Muhammad Ismail (Tennessee Tech University), Rachad Atat (Lebanese American University), and Erchin Serpedin (Texas A&M University) and was published in IEEE Transactions on Artificial Intelligence, Vol. 5, No. 12, December 2024. The article was funded by the National Science Foundation (NSF) EPCN under grant numbers 2220346 and 2220347.

Core Research

Research Questions and Objectives

The authors posed the following research questions: 1. What is the effect of utilizing spatio-temporal features in generating adversarial samples, and how can critical attack nodes be selected? 2. How can adversaries generate surrogate spatio-temporal data for attacks when they lack knowledge of the system’s topology? 3. From a defense perspective, what are the required model characteristics to robustly detect complex FDIEAs?

To address these questions, the study first evaluated the robustness of various detection models—ranging from traditional machine learning-based detectors to graph-based and spatio-temporal-aware detectors—against different FDIEAs. It further proposed a detection method based on a Spatio-Temporal Graph Autoencoder (STGAE) to improve detection accuracy and robustness.

Study Design and Methodology

Data Preparation

  1. Standard Grid Systems Used
    This study utilized IEEE-standard 14, 39, and 118-bus systems of varying scales, including components such as generators, loads, and transmission lines. These systems are widely used in smart grid research.

  2. Generating Spatio-Temporal Data
    The spatio-temporal data generation process involved two key stages:

    • Spatial Feature Generation: The authors employed a Stochastic Geometry approach to simulate grid topologies and generate random graphs (representing node distributions and connectivity) that closely mimic real-world systems.
    • Temporal Feature Generation: Using MATLAB’s MATPOWER toolbox, time-series data, such as active and reactive power measurements, were generated through power flow analysis.
Threat Modeling

The study designed five attack scenarios considering attackers’ different levels of system knowledge (white-box, gray-box, and black-box): 1. White-Box Attacks (Full Knowledge):
Attackers are fully aware of the grid’s detection mechanism, topology, and data characteristics, enabling them to choose attack nodes more effectively. 2. Gray-Box Attacks (Partial Knowledge):
Attackers are unaware of the adopted topology or data, but they know the type of detector used. 3. Black-Box Attacks (No Knowledge):
Attackers have no knowledge of the target detector or data and rely solely on surrogate topology and simulated spatio-temporal features.

Additionally, the study proposed several static and dynamic adversarial FDIEA generation functions. For example, static methods like Fast Gradient Sign Method (FGSM) and Basic Iterative Method (BIM) were compared with dynamic attacks such as Dynamic Mean Perturbation (DMP), which relies on a sequence of benign measurements to create more covert adversarial samples.

Benchmark Detectors

For comprehensive analysis, the study evaluated multiple detectors, including: 1. Spatially Unaware Detectors: Examples include support vector machines (SVM) and convolutional neural networks (CNN).
2. Spatially Aware Detectors: These use Graph Signal Processing (GSP) or GNN models to capture the grid’s topology.
3. Spatio-Temporal-Aware Detectors: Detectors leveraging spatio-temporal CNNs and GRUs.
4. Adversarial-Specific Detectors: These detectors, such as those using adversarial training (AT) or Generative Adversarial Networks (GANs), were specifically designed to enhance robustness against adversarial samples.

Key Findings

1. Impact of White-Box Attacks

In white-box scenarios, the study found that when attackers use spatio-temporal features to generate adversarial samples (as opposed to using only temporal features), the Detection Rate (DR) dropped by an average of 5%–26%. Additionally, the selection of attack nodes significantly affected detection performance—targeting high centrality nodes based on Betweenness Centrality resulted in a further 3%–11% drop in DR.

2. Impact of Gray-Box and Black-Box Attacks

By generating surrogate topologies and spatio-temporal features, the study observed that even when attackers had no system knowledge (black-box), the adversarial data caused a 3%–13% decrease in DR across various detection models.

3. Advantage of Dynamic Attacks

Compared to static attacks (e.g., FGSM, C&W), dynamic adversarial attacks (e.g., DMP, DMA) led to an additional 5.2%–12.2% degradation in detection accuracy, demonstrating the heightened stealthiness of dynamic methods.

4. Superiority of the STGAE Model

The proposed STGAE Detector consistently outperformed all other detectors across all attack scenarios, achieving DR improvements of 5%–53%. This robust detection performance is attributed to the following features of the STGAE: - Graph Convolutions (GNN Layers): Capture spatial topology features. - Long Short-Term Memory (LSTM): Capture temporal dependencies. - Attention Mechanisms: Prioritize critical time-series data.

Moreover, the STGAE uses unsupervised learning, making it less reliant on predefined attack samples and more effective against novel adversarial techniques.

Significance and Innovations

1. Academic Contributions

This study is the first to systematically analyze the threat of complex FDIEAs on smart grid detectors and propose a robust spatio-temporal graph-based detection model. Its findings are applicable to broader CPS domains, including industrial IoT systems.

2. Practical Applications

The proposed STGAE detector can be deployed in smart grid control centers to enable real-time detection and mitigation of data attacks, safeguarding grid stability and security.

3. Methodological Innovations

This research uniquely employs stochastic geometry to generate surrogate data, providing a novel approach to simulating attack environments. Additionally, its use of attention-enhanced spatio-temporal graph networks establishes a new benchmark in detection performance.

Future Research

Future efforts could aim to further optimize the STGAE model to reduce its training complexity and validate its effectiveness in real-world deployments.