Market-Level Defense Against FDIA and a New LMP-Disguising Attack Strategy in Real-Time Market Operations


Traditional cyberattack strategies on the electricity market only consider bypassing bad data detections. However, our analysis shows that experienced market operators can detect abnormal locational marginal prices (LMPs) under the traditional attack model during real-time (RT) operations, because such attack model ignores the characteristics of the LMP itself and leads to price spikes that can be an easy-to-detect signal of abnormality. A detection approach based on the concept of critical load level (CLL) is used to help operators identify risky periods when operators would be prone to overlooking abnormal LMPs. During safe periods, the abnormal LMPs are identified according to the operator's experience, while in risky CLL intervals, a N-x cyber contingency analysis is proposed to help independent system operators (ISOs) detect abnormal LMPs. Further, this paper constructs a new type of cyberattack strategy capable of not only bypassing bad data detection in the state estimation stage but also disguising the compromised LMPs as regular LMPs to avoid market operators' alerts in a realistic scenario wherein the attacker has imperfect information on system topology. Finally, the proposed analysis method and the attack strategy are evaluated through numerical studies on the PJM 5-bus system and the IEEE 118-bus system.


Electrical and Computer Engineering

Research Center/Lab(s)

Intelligent Systems Center

Keywords and Phrases

Bad Data Detection; Critical Load Level (CLL); Electricity Market; False Data Injection Attack (FDIA); LMP-Disguising Attack

International Standard Serial Number (ISSN)

0885-8950; 1558-0679

Document Type

Article - Journal

Document Version


File Type





© 2021 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.

Publication Date

01 Mar 2021