Analysis of Moving Target Defense Against False Data Injection Attacks on Power Grid
Abstract
Recent studies have considered thwarting false data injection (FDI) attacks against state estimation in power grids by proactively perturbing branch susceptances. This approach is known as moving target defense (MTD). However, despite of the deployment of MTD, it is still possible for the attacker to launch stealthy FDI attacks generated with former branch susceptances. In this paper, we prove that, an MTD has the capability to thwart all FDI attacks constructed with former branch susceptances only if (i) the number of branches in the power system is not less than twice that of the system states (i.e., , where is the number of buses); (ii) the susceptances of more than branches, which cover all buses, are perturbed. Moreover, we prove that the state variable of a bus that is only connected by a single branch (no matter it is perturbed or not) can always be modified by the attacker. Nevertheless, in order to reduce the attack opportunities of potential attackers, we first exploit the impact of the susceptance perturbation magnitude on the dimension of the stealthy attack space, in which the attack vector is constructed with former branch susceptances. Then, we propose that, by perturbing an appropriate set of branches, we can minimize the dimension of the stealthy attack space and maximize the number of covered buses. Besides, we consider the increasing operation cost caused by the activation of MTD. Finally, we conduct extensive simulations to illustrate our findings with IEEE standard test power systems.
I Introduction
Modern power grid is becoming more scalable for new devices, more efficient for productions and smarter for operations. For the purpose to realize intelligent automation at all operation levels, numerous sensors and meters are distributed in this largescale system for wide area monitoring, protection and control. However, these advanced information and communication technology (ICT) components make the power system prone to cyber attacks. It has been proved that the attacker can tamper with measurements in the field devices such as the smart meter [2] and the remote terminal unit (RTU) [3]. With increased connectivity of physical power grids to open systems such as the Internet (e.g., convergence between IT and operation technology or OT), it is imperative to enhance the security of power grids to keep intruders at bay [4, 5, 6].
Traditional supervisory control and data acquisition (SCADA) systems for power grids implement basic integrity and availability checks (e.g., bad data detection or BDD) for their data, to reject erroneous measurements due to failures or malicious attacks such as false data injection (FDI). However, research has shown that carefully designed FDI attacks can bypass the BDD and remain stealthy, when attackers utilize comprehensive knowledge of the system topology and branch susceptances of the power network to guide their actions [7]. Although stealthy, these FDI attacks [8, 9, 11, 12, 10] can be quite powerful. They may lead to large errors in the estimated system states and cause severe consequences such as prolonged interruption of power supply or equipment damage [13].
Addressing the imminent threats posed by stealthy FDI attacks, many recent research efforts have sought to characterize their properties and propose countermeasures against them [15, 16, 14]. For example, methods to secure meter measurements and critical state variables against tampering have been proposed [17] [18]. In practice, however, breach of the perimeter, including cryptographical safeguards, has been repeatedly demonstrated in the real world through persistent attempts by malicious attackers [20, 3, 19, 2]. Besides, since only partial of the measurements are trusted, this strategy may reduce the redundancy of the original monitoring system.
Observing that the construction of stealthy FDI attacks depends on the detailed knowledge of the power grid’s configuration, an alternative defense approach is to change the system parameters by design for defeating the knowledgeable attacker. Existing work has typically implemented such moving target defense (MTD) [21] by proactively perturbing the impedance of certain branches of a power network using the distributed flexible AC transmission system (DFACTS) devices, e.g., DSI and DSSC [22]. By modifying DFACTS, the changes of branch parameters are unpredictable to attackers, thus, increasing uncertainties for them to execute stealthy FDI attacks on the power system, which complies with the definition of MTD.
Prior works on MTD against stealthy FDI attacks have demonstrated success in defeating knowledgeable attackers. Morrow et al. [23] and Davis et al. [24] investigated the divergence of the system state due to bad/malicious data, by comparing expected results caused by branch impedance perturbations with actual observed responses of the system. Rahman et al. [21] presented the formal design of an MTD application, and show by simulations that arbitrary branch susceptance perturbations may not be effective in detecting FDI attacks. Tian et al. [25] proposed a notion of hidden MTD, which aims to make the defense stealthy to attackers. Liu et al. [26] extended the hidden MTD to the AC distribution system, and remarkably, considered the minimization of power losses and power flow differences before and after MTD. Lakshminarayana and Yau [27] presented analytical conditions for MTD to be truly effective, and presented an explicit costbenefit analyis of the MTD, which can be viewed as a form of insurance. Liu et al. [28] considered the utility of MTD as an optimized goal, and solved a joint optimization problem with the generation cost loss. Although the authors in [25, 27, 28] have analyzed MTD’s capability to thwart FDI attacks constructed with former branch parameters, they haven’t given insight about the effectiveness of MTD and presented limitations of MTD related to both the power network structure and perturbed branches. Besides, the impact of the perturbation magnitude on the stealthy FDI attack space after MTD is not thoroughly investigated.
In fact, for understanding the impacts of the deployment of DFACTS devices on the power system, pioneer works have devoted to studying the linear sensitivities of power system quantities such as voltage and power losses with respect to the branch impedance perturbation [31, 29, 30]. For example, Rogers and Overbye [29] analyzed the linear sensitivities with respect to branch impedance for solving the real power loss minimization and voltage control problems. They showed that, by perturbing the branch impedances of 5 branches within the range +/ 20% of their original values in the IEEE 14bus power system with DFACTS devices, the power loss is 3.35 MW compared to 3.51 MW without any perturbation. Significantly, Morrow et al. [23] investigated the impacts of the use of DFACTS on the power losses and voltages considering the defense effect of branch perturbations. They proved that if the perturbations are within 20% of the impedance in the IEEE 14bus power system, then there are nearly 10,000 perturbation cases that can restrict the power losses within 1%. That is, the operating points after branch perturbations are limited to the small neighborhood around the optimum operation points. Other power systems were also tested. The results highlight the practicality of modifying DFACTS to provide MTD in power grid.
In this paper, we focus on analyzing the completeness, deployment and the increasing operation cost of MTD in terms of thwarting FDI attacks constructed with old system information. Similar to prior studies [27, 25, 21, 28], we mainly consider FDI attacks of the form [7] with the DC power flow model. To begin with, we define a stealthy attack space as the intersection of the set of attack vectors generated with the former branch susceptances and the set of attack vectors generated with the current branch susceptances after MTD. Once an MTD is able to reduce the dimension of the stealthy attack space to 0, it is defined as a complete MTD. Based on these definitions, we analyze the conditions required for a complete MTD from the aspect of inherent power network structure and the branches that are perturbed. Besides, limitations for a power system to satisfy these conditions are also exploited. Further, for the case when the necessary conditions for a complete MTD are not met, we investigate methods to narrow down the attack opportunities of potential attackers by properly selecting a set of targetperturbation branches^{1}^{1}1The targetperturbation branch means that the susceptance of the branch will be perturbed.. Moreover, we discuss the reduction of the additional operation cost caused by the activation of MTD. It should be clarified that some results have been presented in our conference paper [1], in which we have analyzed the topology limitation for achieving a complete MTD and the impacts of the perturbation magnitude on the reduction of the stealthy attack space. While in this journal version, more issues are discussed, including the special power network structure with which we can never achieve complete MTD, the impacts of the perturbation magnitude on the change (increase, invariant and decrease) of the dimension of the stealthy attack space, the optimal deployment of DFACTS devices and the additional operation cost caused by MTD. We also present more simulations to illustrate and demonstrate our findings. In summary, the contributions are as follows:

First, we prove that an MTD is complete only if (i) the number of branches is larger than or equal to twice that of the system states (i.e., , where is the number of system buses), and (ii) the susceptances of more than branches, which cover all buses, are perturbed. Besides, we prove that we can never realize a complete MTD if the power network contains a bus that is only connected by a single branch. The state variable of this bus can be injected arbitrary bias by the attacker.

Moreover, we observe that, the change of the perturbation magnitude almost does not affect the dimension of the stealthy attack space. Based on this result, we propose an algorithm to compute a feasible set of targetperturbation branches that can minimize the dimension of the stealthy attack space and maximize the number of covered buses. Besides, we discuss the increase of the operation cost after MTD considering the security constraint, which is associated with the susceptance perturbation magnitude.

Finally, we illustrate and demonstrate our results by conducting extensive simulations with the IEEE standard power systems.
The remainder of this paper is organized as follows. We introduce the system model and threat model in Section IIA. The problem statement is addressed in Section III. In Section IV, we analyze the MTD in terms of thwarting FDI attacks. We present simulation results of our findings in Section V. Section VI concludes the paper.
Ii System model and threat model
Throughout this paper, calligraphy font () indicates a set or a subspace (), math boldface font () indicates a matrix, bold lower case letter (x) indicates an vector. denotes the (column) span of a matrix. is the rank of a matrix. indicates the transpose of a matrix. All proofs in this paper are included in the Appendix. denotes the cardinality of a set.
Iia System model
To avoid intensive computation and obtain an optimal solution for large power systems, power system engineers usually utilize a linearized DC power flow model to approximate the AC power flow model [32][33]. For its computational speed and simplicity, the DC model has been widely used for decades in both industry and academia [55, 56, 57, 58]. Although it is less accurate, the DC model is more robust and often used in realtime operations such as the computation of marginal price [36]. In the DC model, the voltage magnitude is by default set as 1 p.u.. The state variables are reduced to the voltage phase angle. The measurements are reduced to active power flows. Moreover, since the phase angle difference is usually constrained to be small, the power flow equations can be reduced to
(1) 
where indicates the active power flow between bus and bus , is the equivalent susceptance on branch , and are respectively the voltage phase angle of bus and , is the active power injection of bus , is a set of neighboring buses connected to bus .
We consider a classic power transmission network consisting of a set of buses and a set of branches, where is the number of buses and is the number of branches. With the DC model, by setting an arbitrary bus as the reference/slack bus, the remaining phase angles are taken to form the system states, typically denoted as . Each branch connects two buses and . Assuming that the power system is fully measured, i.e., each bus is monitored by one meter and each branch is monitored by two meters (both in the positive and negative direction). Then, the number of meter measurements is . The DC model can be derived as
(2) 
where is termed as the measurement matrix, z denotes the measurements of active power injections and active power flows, represents the independent measurement noises, which are typically assumed to be normally distributed [i.e., ].
Construction of the measurement matrix. Let denote the branchbus incidence matrix. It is given by
(3) 
where is the element in the position of the matrix . Let denote the diagonal branch susceptance matrix. Its diagonal element is with branch . Thus, the invertible symmetric admittance matrix is and the branchbus shift factor matrix is . Considering the DC power flow equations, we have and , where f denotes the active power flows, p denotes the power injections, denotes the phase angles. Therefore, the measurement matrix can be derived as
(4) 
We can see that the measurement matrix is a function of the system topology and branch susceptances.
In cases that the power systems are partially measured (i.e., some buses and branches are not monitored by meters), the corresponding measurement matrix is formed by selecting some rows from the measurement matrix of the fully measured case. For any measurement matrix, we assume that in this paper. Note that all results in this paper are satisfied whenever the system is fully measured or partially measured.
State estimation (SE). State estimator, a fundamental tool for economically and dynamically routing power flows, is responsible to optimally estimate the state variables with noisy measurements collected by the underlying SCADA system [32]. The most common and concise mathematical description of SE is
(5) 
where is a diagonal matrix whose elements are reciprocals of the noise variances, is referred to as the “pseudoinverse” of because . is calculated by using certain statistical estimation criterions such as maximum likelihood, weighted leastsquares and etc.
Bad data detection (BDD). Normally, in order to filter out abnormal/erronuous meter measurements, the bad data detection (BDD) checker is used in SE. Let be the residues between the measurements z and their estimates . BDD compares the Euclidean norm with a predetermined threshold . If , the abnormal alarm is triggered; otherwise, the measurements z are considered normal.
In the following, we assume that the measurements are noiseless (i.e., ) to simplify the discussions. Under this assumption, the DC model can be written as . The corresponding state estimates are given by . Moreover, the threshold for the BDD is equal to 0. Nevertheless, the main results in the following derivations still keep valid with noisy measurements. In our simulations (see Section V), we will evaluate the impacts of measurement noises.
IiB Threat model
As a critical infrastructure, the security issue of power grid has attracted a lot of attention. For example, US National Electric Sector Cybersecurity Organization Resource (NESCOR) records safety incidents and negative impacts on the physical objects in power systems [34]. North American Electrical Reliability Council (NERC) reports lessons learned from failures and blackouts caused by cyber system faults [35]. These recordings show the security risks of power systems, which should be well addressed during daily maintenance and operation.
Adversarial setting. In this paper, we consider the class of stealthy FDI attacks studied in [7]. Let be the attack vector. The malicious measurements are given by . It has been proved that cannot be detected by the BDD if [7], where is an arbitrary vector. That is, , where denotes the measurement residues after the FDI attack and denotes the modified states. We can see that the measurement residues are not changed after the FDI attack. Thus, the bad data alarm is not triggered while the system states are subverted.
In other words, let be a subspace that contains all FDI attacks with the form of . Then, is given by
(6) 
We can see that is equal to the subspace , where denotes the (column) span of a matrix. Therefore, if holds, then the malicious measurements can bypass the BDD. In this paper, we assume the attacker has the following capabilities:

The attacker is able to know a measurement matrix based on his/her understanding, e.g., through topologyleaking attacks [37] or subspace attacks [38]. Since these topology attacks depend on historical measurements, the measurement matrix cannot be learned by the attacker immediately. The learning/inferring process usually takes a sufficiently long time (hours or days) due to the exfiltration of an enough amount of historical measurement data [27, 38, 39, 40, 41].

The attacker is able to eavesdrop and tamper with the measurements by intruding into the communication network or IPaccessible field devices [42]. Practically, the attacker will have limited resources to compromise all the measurements [7]. However, we do not assume a priori what specific data can be compromised or not. Note also that although the attacker might be able to compromise the confidentiality of the raw data points, he/she will need nontrivial efforts and time to learn their higher system level relationships to guide his attack.

The attacker is unable to take over (or have full access to) the control center or the SCADA systems. Once the attacker can exploit the control center or the SCADA systems, he/she is powerful enough to thwart most defensive mechanisms.
Iii Problem Statement
Based on the system model and threat model, in this section, we first introduce the approach of MTD used in power grid. Then, we present the problems mainly investigated in this paper.
Iiia Moving target defense by perturbing branch susceptances
DFACTS. The distributed flexible AC transmission system (DFACTS) devices are first introduced by Divan and Johal [22] for controlling the power flow. These devices can alter the impedances of power lines, and thus, control power flows to eliminate transmission constraints and bottlenecks. They are small and light enough to be suspended from the power line, floating both electrically and mechanically on it. Moreover, the equipped communication system enables them to receive control commands and transmit working states to remote control stations [43]. To date, a lot of researches have devoted to analyzing the performance of DFACTS devices and investigating the use of them in different power system applications [29, 30, 44, 45, 46].
MTD. Recently, some pioneer works have exploited the adoption of DFACTS devices for thwarting FDI attacks in power grid [47, 48, 23, 24, 21, 25, 27, 49]. Morrow et al. [23] [24] were the first researchers who proposed to perturb branch impedances for probing both the malicious and bad data in the power grid. The following works [21, 25, 27] named this branch perturbation strategy as moving target defense (MTD). Here we briefly introduce this defensive mechanism based on the DC model.
With DFACTS devices, the defender is able to actively perturb a set of branch susceptances, an thus, increase system uncertainty for potential attackers. Supposing the susceptance of branch is perturbed, then we have
(7) 
where is the susceptance of branch after MTD. Actually, we cannot change as much as we can [29, 23, 25]. There are limits on the perturbed result, i.e.,
(8) 
As a result, the measurement matrix is changed. We assume that the control commands of MTD can be protected in the control center and transmitted through safeguarded communication channels. Thus, the attacker is unable to anticipate them. We use to denote the new measurement matrix after MTD. In fact, the attacker might try to learn the perturbed measurement matrix . But the learning process usually takes a sufficiently long time (hours or days) due to the exfiltration of an enough amount of historical measurement data [27, 38, 39, 40, 41]. In other words, the attacker cannot obtain the latest measurement matrix immediately. Thus, we can dynamically change the measurement matrix accordingly before it risks being exposed. The execution cycle of MTD has been discussed by authors in [25] and [27].
Since the current susceptance perturbations are not anticipated by the attacker, he/she only knows the former measurement matrix (may not be the measurement matrix just before MTD). Thus, if the attacker still constructs the attack vector as , it is possible that after MTD. In other words, the malicious measurements may not bypass the BDD with , where are the measurements after MTD. The defender’s BDD after MTD is given by
(9) 
where . Since , we can prove that . Therefore, if and only if with noiseless measurements [7]. Since , if and only if . This means that attack vector can bypass the BDD after MTD if and only if it belongs to the following stealthy attack space.
Definition III.1
Let denote the stealthy attack space. Then, , i.e.,
(10) 
We can see that the stealthy attack space is the intersection of the column space of and . Therefore, the stealthy attack space is also a subspace and its dimension is given by
(11)  
where is the dimension of a subspace, is the rank of a matrix. We can see that the dimension of the stealthy attack space is closely related to the rank of the combined matrix , i.e., . We define as the security factor of MTD and denote it as .
IiiB Problem statement
In this paper, we mainly analyze the effectiveness of MTD from two aspects: first, the capability of MTD to protect the system from any FDI attack constructed with the former measurement matrix; second, if the first capability cannot be achieved, the capability of MTD to narrow the attack opportunities of potential attackers by appropriately deploying the DFACTS devices and setting the susceptance perturbation magnitudes.
As we know, as long as the stealthy attack space is not , it is still possible for the attacker to successfully execute FDI attacks after MTD. The intuitive understanding is that, if satisfying [i.e., ], then the malicious measurements after MTD can circumvent the defender’s BDD. We take the 4bus power system (Fig. 3) as an example. Suppose that the branch susceptances known by the attacker are , , , and . If we perturb the branches and as and , the attacker still can construct an attack vector as to bypass the BDD after MTD, where is the error injected into the state variable of bus 4. Here the dimension of the stealthy attack space is 1. In other words, the MTD may not be complete to thwart all FDI attacks with the form of . We define the MTD’s completeness as follows:
Definition III.2
An MTD is said to be complete if and only if all attack vectors in except the zero vector cannot bypass the BDD after MTD. This indicates that .
Besides, once a complete MTD cannot be achieved, we need to exploit how to reduce the stealthy attack space as much as possible, thus, reducing the probability of stealthy FDI attacks after MTD. An intuitive idea is to perturb all branches in the power network. But it is an unrealistic assumption to deploy DFACTS on all branches. On the other hand, we cannot randomly choose a set of targetperturbation branches and arbitrarily perturbed them. The impacts on the stealthy attack space might be different if we perturb different branches and set different perturbation values. For example, given the 4bus power system shown in Fig. 3, Table I shows the change of the dimension of the attack space when we perturb different branches and set different perturbation values. From row 1 and row 2, we can see that the dimensions of the stealthy attack space are different when we perturb different branches. Form row 3 and row 4, we can see that the dimensions of the stealthy attack space are different when we perturb branch to different values.
Branch Perturbations  

1  
2  
2  
1 
Moreover, due to the physical limitation of DFACTS devices [30] and their induced operation costs [27, 25], the branch susceptance cannot be perturbed to any value. Therefore, a natural question emerges that, given a set of DFACTS devices, how do they affect the stealthy attack space and the operation cost when we deploy them on different branches and set them with different values This is a critical issue for us to carry out MTD.
Iv Analysis of MTD to thwart FDI attacks
In this section, first, we analyze the detection of FDI attacks constructed with the former measurement matrix using MTD. Second, we analyze the completeness of MTD and discuss physical limitations of the power network to achieve this property. Third, we investigate the impact of the susceptance perturbation magnitude on the dimension of the stealthy attack space. Lastly, we provide guidance on effective MTD for minimizing the dimension of the stealthy attack space, maximizing the number of covered buses, and reducing the operation cost.
Iva Detecting FDI attacks with MTD
First of all, we discuss the detection of FDI attacks constructed with the former measurement matrix.
After MTD, from the measurement matrix , we select columns which form a submatrix such that can be linearly represented by . The rest columns in form a submatrix , i.e., . Assume that the attacker constructs an attack vector as with the purpose to bypass the BDD after MTD. Actually, , where and . Then, we have the following conclusion.
Proposition IV.1
The BDD after MTD can detect the attack vector only if , where is a dimension zero vector.
Proof. Please see Appendix A.
Proposition IV.1 presents a necessary condition for the detection of FDI attacks constructed with the former measurement matrix. It also indicates the soundness of MTD. That is, if the BDD after MTD can detect the attack vector a, then at least one of the state variables in is modified. With this condition, if cannot be linearly represented by , then there might not exist such that for an arbitrarily selected . Thus, at most state variables corresponding to cannot be independently modified by the attacker. Since , if the dimension of the stealthy attack space is smaller, the more state variables cannot be independently modified by the attacker after MTD. However, note that the attackers cannot anticipate/predict the new measurement matrix , the “blind” attacker might try his/her luck to execute FDI attacks, and thus, increase the detection probability of these attacks with the BDD after MTD.
Specifically, to illustrate the effectiveness of MTD for thwarting FDI attacks, we give an illustration example (Fig. 3) about the change of the stealthy attack space with respect to the security factor . We can see that, the stealthy attack space is equal to the column space of and [] when the security factor is ; the stealthy attack space is the intersection of the column space of and [] when the security factor is between and ; the stealthy attack space is when the security factor is . Therefore, if the security factor is smaller, the “volume” of the stealthy attack space is smaller. A smaller stealthy attack space means a smaller probability of stealthy FDI attacks constructed with the former measurement matrix. In other words, after MTD, there are less successful opportunities for the attacker to execute stealthy FDI attacks with the old system information. Thus, we claim that MTD is more effective to thwart stealthy FDI attacks. For example, when , after MTD, no attack vector can bypass BDD, which means that the probability of stealthy FDI attacks constructed with the former measurement matrix is zero. We will evaluate the effectiveness of MTD with respect to the dimension of the stealthy attack space in Section VA2.
Considering the 4bus power system shown in Fig. 3, the branch susceptances known by the attacker are , , , , and . If we do not perturb any branches, then all attack vectors can bypass the BDD (i.e., , ); If we perturb the susceptance of branch to , then we can reduce the dimension of the stealthy attack space to 2 (i.e., , ), but there still exist attack vector that can bypass the BDD after MTD, e.g., , , ; If we perturb the susceptances of branches , and as , , , then any FDI attack constructed as () cannot bypass the BDD after MTD (i.e., , ). That is, this MTD is complete. We find that we can realize a complete MTD only if more than 3 branches are perturbed under this 4bus power system with 6 branches. The completeness of MTD is investigated in the next subsection.
IvB Analysis of MTD’s completeness
Here we first give a sufficient and necessary condition for achieving a complete MTD mathematically. Then, we present physical constraints for achieving this property.
IvB1 Mathematical analysis
In fact, an MTD is not complete because the BDD after MTD misses detecting some FDI attacks, i.e., . According to the Definition III.2, to achieve a complete MTD, we need to make . Since the subspace spanned by the zero vector has zero dimension, the dimension of is zero if an MTD is complete. Thus, we have the following conclusion.
Proposition IV.2
An MTD is complete if and only if the security factor .
Proof. Please see Appendix B.
Proposition IV.2 presents a sufficient and necessary condition for achieving a complete MTD mathematically. Note that if , the intersection of and is . Thus, all FDI attacks constructed as () can be detected by the BDD after MTD.
Remark IV.1
Moreover, if an MTD is complete, then we can identify the attack vector constructed with the former measurement matrix. Suppose the attack vector is . Then, the malicious measurements are , where denotes the state variables without FDI attacks. Since the combined matrix has full column rank, we can uniquely solve the variables c with the malicious measurements. Thus, we can identify the injected errors of the state variables.
IvB2 Physical limitations
Essentially, whether we can construct a complete MTD or not depends on the structure of the power network and the perturbed branches. Considering the fully measured case, the measurement matrix before and after MTD are
(12) 
The combined matrix of and can be written as . Let , we have
(13) 
where is an by zero matrix, is an by identity matrix. Therefore, we can derive that . Since is an by matrix, we have . Therefore, only if can we make . In other words, in order to make the security factor , the number of branches of the power transmission system must be larger than or equal to . We observe that this condition must be satisfied under the other measured cases (i.e., the system is not necessarily fully measured) as well.
Theorem IV.3
An MTD is complete only if the following two conditions are satisfied:

, where is the number of branches and is the number of buses in the power system;

The perturbed branches must cover all buses;
Proof. Please see Appendix C.
Theorem IV.3 provides a necessary condition for realizing a complete MTD. That is, the completeness of MTD can be achieved only if the system topology and the perturbed branches meet certain requirements. Besides, we can derive another two points from the second condition. First, to cover all buses, at least branches should be perturbed. Second, once a bus is not covered by the perturbed branches, the state variable of this bus can be modified stealthily if the attacker happens to attack it only. That is, let be an attack vector. Then, if () for any , then the malicious measurements can bypass the BDD after MTD, where is a nonempty set of buses that are covered by the perturbed branches. Thus, () can be any values. This indicates that the attacker can arbitrarily modify the state variables of buses that are not covered by the perturbed branches. Therefore, for a complete MTD, we need to ensure that: (i) the power transmission system has more than branches; (ii) more than branches are perturbed; (iii) the perturbed branches cover all buses. For example, the 4bus power system shown in Fig. 3 can support the realization of a complete MTD, because it has 6 branches (), while the 4bus power system with 5 branches shown in Fig. 3 cannot. If any one of the above three conditions is not satisfied, we cannot make an MTD complete.
Considering the first condition, if the power system has less than branches, then the dimension of the stealthy attack space satisfies
(14) 
That is, the smallest dimension of the stealthy attack space after MTD is larger than or equal to .
Remark IV.2
According to the aforementioned analysis, we find that is difficult to realize a complete MTD. For a complete MTD, the power transmission system must have at least branches (i.e., ), and more than branches, which cover all buses, should be perturbed. These conditions may not be held in practice. Particularly, we examine the number of branches in the IEEE test power systems provided in MATPOWER [50]; only three of all 41 cases have more than branches, namely case6ww (11 branches), case89pegase (210 branches) and case145 (453 branches). What’s more, we discover that we can never make an MTD complete if the the power transmission system has a bus that is only connected by a single branch.
Theorem IV.4
It is impossible to make an MTD complete if the power transmission system contains a bus that is only connected by a single branch.
Proof. Please see Appendix D.
This special case of the power network structure limits the realization of a complete MTD. Besides, we find that the state variable of the bus that is only connected by a single branch can be arbitrarily modified by the attacker. Let be the bus that is only connected by a single branch. Then, for any , there exists such that , where and are respective the th column of the matrix and . Therefore, if the attack vector is , then always holds, which can definitely bypass the BDD after MTD. We present a simple example to illustrate that. In the 4bus power system shown in Fig. 4, the state variable of bus 3 can be arbitrarily modified because it is only connected by branch . Therefore, as long as the system contains a bus that is only connected by a single branch, we can never realize a complete MTD.
IvB3 Discussion
Nevertheless, it might not be necessary to achieve a complete MTD in some power systems. We take the 3bus power system shown in Fig. 4 as an example. Even though we cannot realize a complete MTD because it only has 3 branches, which is less than , we can protect all state variables from being arbitrarily modified by the attacker when we perturb the branches and . Suppose the perturbations are and , and the attack vector is , where . If this attack can bypass the BDD after MTD, and must satisfy
(15) 
Therefore, the attacker must know the susceptance perturbations and to construct a coordinated attack vector a. We can see that is almost impossible for the attacker to construct such an attack vector. Definitely, a complete MTD can thwart any attack vector when is very different from the measurement matrix after MTD. But it might not be a necessary condition for some power systems.
IvC Impact of the susceptance perturbation magnitude on the dimension of the stealthy attack space
A practical and effective way to enhance the security of the power system is to reduce the stealthy attack space and cover as many buses as possible with MTD, thus reducing the attack opportunities of potential attackers. We start by investigating the impact of the susceptance perturbation magnitude on the dimension of the stealthy attack space when one more branch susceptance is perturbed. Since the security factor [i.e., ] determines , we focus on the change of in the following. As , based on the sparse property of , we first present three cases about the change of when one more branch is perturbed. Second, we investigate the impact of the susceptance perturbation magnitude on the value of with these three cases.
Before go deeper into the analysis, we prove that has a sparse structure.
Proposition IV.5
Suppose is a set of perturbed branches. is a sparse matrix with nonzero elements in the th and th columns, with .
Proof. Please see Appendix E.
Based on the sparse structure of the matrix , we can draw a conclusion about the changing range of when one more branch is perturbed. Let and be the combined matrices before and after the perturbation of a new branch, respectively. We denote as the change of the security factor . Then, we obtain the following result.
Proposition IV.6
When perturbing one more branch, changes 1, 0 or 1.
Proof. Please see Appendix F.
That is, there are three possible changes of the security factor when one more branch is perturbed: increasing 1, remaining the same or decreasing 1 (i.e., or ). Thus, a natural question emerges that, whether the value of will change with the susceptance perturbation magnitude. Let be the new branch whose susceptance is perturbed to be with and . We define as the perturbation ratio. Suppose is an index set of columns in that form a submatrix such that . The rest columns in form a submatrix , i.e., . We define as a security set. Overall, there are three cases should be considered for the impacts on when perturbing one more branch:

Case 1: Neither bus nor are contained in the security set. That is, and ;

Case 2: Either bus or is contained in the security set. That is, and , or and ;

Case 3: Both bus and are contained in the security set. That is, and .
For each case, we analyze the change of by varying the perturbation ratio . Since there are limits on the susceptance perturbation [29], we assume . We find that the magnitude of the susceptance perturbation almost does not affect the change of the security factor. Especially, if the security factor increases 1 (i.e., ), this result remains the same regardless of the perturbation magnitude. We present the details of the analysis in the following.
Proposition IV.7
Under Case 1, if and , then remains the same regardless of the change of .
Proof. Please see Appendix G.
Proposition IV.7 implies that, under Case 1, the perturbation magnitude does not affect the change of . Therefore, if we find that the dimension of the stealthy attack space decreses 1 when we perturb a branch to a certain value, then this result will not change if we perturb the branch to the other values. That is, we can determine the value of by only testing one perturbation ratio under Case 1. Considering the other two cases, we obtain the following result.
Proposition IV.8
Under Case 2 and Case 3, only if there exists a value (, ) and , we obtain .
Proof. Please see Appendix H.
Proposition IV.8 implies that, under Case 2 and Case 3, only if there exists an unique perturbation ratio and the targetperturbation branch is perturbed to that value, the dimension of the stealthy attack space increases 1. Based on this result, if when we perturb a targetperturbation branch to a certain value, then this result almost remains the same regardless of the perturbation magnitude. Further, we obtain a result about the increase of the security factor.
Theorem IV.9
Under all cases, for any () if and only if there exists () such that .
Proof. Please see Appendix I.
Theorem IV.9 implies that if the security factor increases 1 when we perturb one more branch, then this result will not be changed with the variation of the susceptance perturbation magnitude. In other words, once we find that the dimension of the stealthy attack space decreases 1 in a trial, then this result will not change in the other trials. Therefore, we can determine the security factor using only one tested perturbation ratio when .
In summary, the susceptance perturbation magnitude almost does not affect the change of the dimension of the stealthy attack space when one more branch is perturbed. Thus, we can determine the dimension of the stealthy attack space after we have perturbed the branches to certain ratios, without worrying about the impact of the perturbation magnitude, especially the case when . Note that this is very useful for the selection of the targetperturbation branches. We present details about this issue in the next subsection.
IvD Guidance on the construction of an effective MTD
In this section, we first consider the optimal selection of the set of targetperturbation branches. Then, we discuss the increasing generation cost caused by MTD.
IvD1 Targetperturbation branch selection
Here we propose an algorithm for maximizing the security factor (i.e., minimizing the dimension of the stealthy attack space ) and covering the largest number of buses, with a given number of DFACTS devices. We briefly introduce the algorithm in the following.
For the sake of power transfer quantity and quality, the branch parameters of some branches cannot be perturbed. Therefore, the set of candidate branches input to Algorithm 1 may not be the set of all branches in the power network. Thus, we only need to seek for an optimal deployment strategy in the set of branches that can be perturbed. With the loop (form line 2 to line 12) in Algorithm 1, we traverse all perturbable branches until we obtain the maximum . This process computes a set of targetperturbation branches that can minimize the stealthy attack space. In the loop, we determine whether the branch should be selected or not from line 8 to line 11. Once , the branch is selected as a targetperturbation branch; otherwise, it is not. When the iterations in Algorithm 1 have finished, we determine whether we should go into Algorithm 2 with the condition given in line 13. That is, if is maximized and all the DFACTS devices have been used, then the algorithm is closed and the output is the set of targetperturbation branches. If is maximized but there still exist unused DFACTS devices, the algorithm enters Algorithm 2 for maximizing the covered buses.
Algorithm 2 starts with the rest candidate branches except those have been selected for maximizing . It incrementally searches for branches that cover new buses. The targetperturbation branch is selected according to the following process. First of all, we select the branches that cover two new buses (line 7 to line 10). Then, if there still exist unused DFACTS devices, we select the branches that cover one new bus (line 16 and line 17). At last, if there still exist unused DFACTS devices, we select the branches from the rest candidate branches (line 19 to line 21).
The computation time requirement for the rank operation of is , where is the number of measurements and is the number of buses in the power network. The runtime for Algorithm 2 is , where is the number of branches in the power network. Considering the worst case that the rank operation would be executed times in the loop, the time complexity for Algorithm 1 is . Note that Algorithm 2 is not executed if the condition given in line 13 of Algorithm 1 is not satisfied. In fact, the above algorithm only outputs an alternative set of targetperturbation branches. There may be a lot of candidates that are also satisfied (see Section VC1). Therefore, we can dynamically change the perturbed branches and maintain the effectiveness of MTD. On the other hand, we can realize MTD on the basis of already deployed DFACTS devices for saving the additional infrastructure cost.
IvD2 Reducing the operation cost
After determining the set of branches that should be perturbed, a following problem that we should consider is to reduce the operation cost by appropriately setting their perturbation magnitudes. Optimal power flow (OPF) seeks to optimize the operation of an electric power system subject to the physical constraints imposed by electrical laws and engineering limits [51]. It outputs the minimum generation cost for the given loads by adjusting the power flows. This generation cost can represent the operation cost caused by the system changes of MTD. Here, OPF is stated as follows:
(16)  
where is the cost function, is the set of generators, is the real output power, is the load, is the branch active power flow, is the susceptance perturbation ratio. In the above optimization problem, the decision variable is the output generation level of each generator, and the cost function is a quadratic function. The first constraint is about the nodal power balance constraint, i.e., the power injections must be equal to the power consumptions. The second and third constraints are about the limits about the output generation and branch active power flow, respectively. The fourth constraint is newly added here for the limits of the susceptance perturbation. We can see that the matrix contained in the first constraint contains the branch perturbation parameters. Therefore, this optimization problem is correlated with the branch perturbation magnitude. Since the objective function is convex and the constraints are differentiable, the OPF problem is a typically convex optimization problem [32] [52], which can be solved by the nonlinear programming solver fmincon in MATLAB.
V Simulation Results
In this section, we evaluate our findings about MTD using an illustrative IEEE 14bus power system (Fig. 5) and the IEEE 30bus, 57bus, 118bus and 145bus power systems. All simulations are based on the fully measured power system and carried out in MATLAB. We assume that all meters are subject to the same noise distribution, namely the Normal distribution , if the measurement noises are considered. The threshold (see Section IIA) is set as [32], where is the freedom degree of the Chisquare distribution and is the false alarm rate (which is 0.05). In practice, each branch susceptance must be within given limits, namely [25]. The authors in [23] have proved that if the perturbations are within 20% of the impedance, then there are sufficiently large number of perturbation cases that can restrict power losses within 1%. Thus, it is feasible to perturb the branch susceptances within 20% maximum change. In this paper, for the perturbation ratio , it is constrained to be within .
Va Effectiveness of MTD
VA1 The dimension of the stealthy attack space vs. branch perturbations
Taking the IEEE 14bus power system (Fig. 5) as an example, we analyze the dimension change of the stealthy attack space () when we increase the number of perturbed branches. We successively perturb the set of branches as , , , . Fig. 8 shows the simulation results. We can see that the dimension of the stealthy attack space decreases when more branches are perturbed. But cannot reach 0, because the 14bus power system only has 20 branches, which is less than . Even though we perturb all branches, the dimension of the stealthy attack space is 6, which is the smallest stealthy attack space we can achieve in this 14bus power system. Consistent with the equation (14), the smallest dimension of the stealthy attack space is equal to .
Moreover, we perturb all branches in the IEEE 30bus, 57bus, 118bus and 145bus power systems. Table II shows the smallest dimension of the stealthy attack space we obtain. We also give the number of branches for each power system in this table. We can see that all the smallest dimensions of the stealthy attack space are not zero, which indicates that none of the power systems support constructing complete MTD. Even though the IEEE 145bus power system has 453 branches, which is larger than , the dimension of the stealthy attack space is 10 after perturbing all its branches. In our opinion, one reason for this result is that the IEEE 145bus power system contains 7 buses that are only connected by a single branch. The simulation result indicates that is difficult to meet the conditions required for achieving a complete MTD in practice.
IEEE test system  30bus  57bus  118bus  145bus 

branches  41  80  186  453 
18  31  40  10 
VA2 MTD’s effectiveness for thwarting FDI attacks
Next, we exploit MTD’s effectiveness for thwarting FDI attacks with respect to the dimension of the stealthy attack space. The attack vector is constructed with the form of , where is a measurement matrix before MTD. We sample the value of the element in c from a uniform distribution , where is the maximum magnitude of the injected bias into the state variable. Here is 0.1. The modified state variables are uniformly selected from the bus set, i.e., the nonzero elements in c are uniformly selected. We assume that all branches in the power system can be perturbed, and the measurements are noiseless. The perturbation ratio is randomly chosen within . For each setting, we repeat random attacks for 1000 times based on Monte Carlo simulations, and estimate the detection probability of the FDI attack constructed with as
(17) 
where # of detected trials means the number of FDI attack vectors detected by the BDD after MTD. For consistency, we use the metric to measure the change of the dimension of the stealthy attack space. Note that for a fixed dimension of the stealthy attack space, there are several branchperturbation schemes for realizing MTD.
We use the IEEE 14bus, 30bus and 57bus power systems with default settings and data in MATPOWER. Fig. 8 shows the simulation results. We can see that if the dimension of the stealthy attack space is smaller, the detection probability of FDI attacks is larger. For example, in the 14bus power system, the detection probability of FDI is more than 90% when is reduced to 0.6. Moreover, we find that if the system size is larger, the curve is more smooth and the detection probability of FDI attacks is larger given the same . The simulation results highlight that the smaller the dimension of the stealthy attack space is, the better performance the MTD achieves in terms of thwarting FDI attacks.
Besides, we consider the case when the attacker has limited resources to modify state variables. We take the IEEE 14bus power system as an example. First, we assume that the attacker can only modify 3 state variables, that is, there are only 3 nonzero elements in c. We analyze the change of the detection probability of FDI attacks with respect to the dimension of the stealthy attack space. For each setting, we repeat random attacks for 1000 times based on Monte Carlo simulations. That is, for each time, the attacked state variables and the attack vector are randomly generated. Fig. 8 shows the simulation result. We can see that the detection probability increases with . Again, it proves that a smaller stealthy attacks space is more effective to thwart FDI attacks. Second, we assume that the dimension of the stealthy attack space is fixed as 10, while the number of modified state variables is varied. Note that there are several combinations for a specific number of state variables. For each setting, we repeat the simulation for 1000 times and uniformly select a set of state variables for each time. The simulation result is plotted in Fig. 11. We can see that the detection probability of FDI attacks increases with the number of modified state variables. This indicates that the attacker is more ambitious, the MTD is more effective.
Moreover, we investigate the impact of FDI attacks constructed with the former measurement matrix on the buses that are not covered by the perturbed branches. We select , , and as the targetperturbation branches. They are perturbed to the same ratio during simulations. The perturbation ratios are set within spaced by 0.02. The attack vector is constructed by considering two cases: for and for all , where is a set of buses that are covered by the perturbed branches. We denote these two cases as “” and “,” respectively. The measurement noise is fixed as . For each setting, we repeat the simulation for 1000 times. For each time, we uniformly selected the nonzero elements in c. The simulation results are given in Fig. 11. We can see that, for case , the detection probability of the FDI attack is more than 84% when the measurements are noiseless. We believe that this large detection probabilities is because holds for most cases. When the measurements are noisy in case , the detection probability of FDI attacks is disturbed by the noise. But it is still more than 60% and increases with the perturbation ratio. For case , we can see that, whether the measurements are noisy or not, the detection probability of FDI attacks is almost negligible. This indicates that the buses that are not covered by the perturbed branches are vulnerable to FDI attacks. Therefore, to improve the effectiveness of MTD, the perturbed branches should cover as many buses as possible.
VA3 Impact of the bus that is only connected by a single branch
Next, we consider the attack on the bus that is only connected by a single branch. Here we validate our finding using the IEEE 14bus power system. We find that bus 8 is only connected by branch . First, we only inject errors into the state variable of bus 8. We test this attack for 10 trials. For each trial, we select 1000 sets of perturbed branches except for branch randomly. The noise variance is fixed as 0.01. Fig. 11 shows the simulation results. We can see that the attacks on bus 8 can always bypass the BDD after MTD when the measurements are noiseless. And for the noisy case, the detection probability of this attack is almost negligible (around 0.05). By contrast, we conduct another 13 trials but focus on attacking different buses. For the th trial, we only modify the state variable of bus . In these trials, we perturb all branch susceptances. Fig. 12 shows the simulation results. We can see that, no matter the measurements are noiseless or noisy, we have a negligible detection probability of the FDI attack when the state variable of bus 8 is modified. But it can be detected when we attack the other buses. The above results highlight the weakness of the bus that is only connected by a single branch and prove that we can never achieve a complete MTD when the power network contains such a bus.
Next, we consider the induced generation cost when attacking the bus that is only connected by a single branch. Considering the IEEE 30bus power system, there are 3 buses that are only connected by a single branch. And one of them is a load bus (bus 26). In the following, we exploit the increasing generation cost when the attacker compromises this load bus. The objective function is linear with the value of generation, i.e., [see the OPF problem (16)]. The parameters about the generators are shown in Table III. And all active power flows are limited to 500 MW. In this case, we perturb all branches with the perturbation ratios sampled within . The default setting and load data provided in MATPOWER are used. First, we use fmincon in MATLAB to compute an optimal generation dispatch result. Then, the measurements associated with bus 26 are corrupted. It results in deceiving the amount of the load on bus 26 transmitted to the control center for solving the OPF problem. The simulation results are shown in Table IV. is the original load at bus 26. We can see the generation cost increases with the corrupted load. Actually, the load attack may also lead the system to a nonoptimal generation dispatch, and the worst, may cause load shedding [53].
Generation bus  1  2  13  22  23  27 

100  100  100  100  100  100  
($/MWh)  20  30  20  20  30  20 
Communicated load  1.2  1.4  1.6  1.8  2.0  

Generation cost ()  3.784  3.798  3.812  3.826  3.840  3.854 
Increasing rate  0.37%  0.74%  1.11%  1.48%  1.85% 
VB Impact of the susceptance perturbation magnitude on the dimension of the stealthy attack space
To demonstrate the results given in Section IVC, we analyze the dimension change of the stealthy attack space by varying the perturbation ratio. We give six examples for the three cases stated in Section IVC with the IEEE 14bus power system. For each example, we randomly choose 10000 perturbation ratios within . At the beginning, we choose an initial set of perturbed branches. Then, we perturb one more branch . Let and denote the dimension of the stealthy attack space before and after this perturbation, respectively. During simulations, we count the number of exceptions when is changed. The simulation results are shown in Table V. We can see that if the dimension of the stealthy attack space is reduced by 1, then this result always holds for all perturbation ratios in these three cases. If the dimension of the stealthy attack space remains the same after the perturbation of branch , we do not find exceptions in the first (case 1) and third (case 2) example, i.e., this result always holds regardless of the perturbation ratio. But in the fifth (case 3) example, we find the dimension of the stealthy attack space increases 1 when we set the perturbation ratio to be 0.88. In other words, does not always hold in case 3. Moreover, we find that this exception happens when the perturbation ratio of branch is the same with that of branch . Therefore, in order to avoid the change of stealthy attack space’s dimension with the perturbation magnitude, we should not perturb the branches to the same ratio.
Cases  Initial set  # Exceptions  

Case 1  {}  0  0  
{}  1  0  
Case 2  {}  0  0  
{}  1  0  
Case 3  {}  0  1  
{}  1  0 
VC Guidance on constructing an effective MTD
VC1 Targetperturbation branch selection
Evaluation of our algorithm. First, with the IEEE 14bus power system, we evaluate the selection of the set of targetperturbation branches with Algorithm 1 and Algorithm 2. A total number of 10 DFACTS devices are given for constructing/realizing MTD. We assume that all branches in this power system can be perturbed. With the aim to minimize the dimension of the stealthy attack space and maximize the number of covered buses, we adopt Algorithm 1 and 2 in Section IVD1. From Algorithm 1, we obtain a set of targetperturbation branches as . From Algorithm 2, we obtain a set of targetperturbation branches as . We get the final set of the targetperturbation branches by combining these two sets. With this MTD, the dimension of the stealthy attack space is 6 and the number of covered buses is 13. The targetperturbation branches deployed with DFACTS devices are shown in Fig. 13. For comparison, if we optionally perturb the set of branches (Fig. 13), the dimension of stealthy attack space is 8 and the number of the covered buses is 8. This indicates that the output from our algorithm is better than the optional selections.
In fact, if we start Algorithm 1 from different branches, we can obtain different sets of targetperturbation branches. We take the IEEE 14bus power system as an example. Suppose that there are 9 DFACTS devices for constructing MTD, and all branches in this 14bus power system can be perturbed. We start Algorithm 1 from branch and , respectively. Correspondingly, we obtain the sets of targetperturbation branches as and , respectively. We can see that the sets of targetperturbation branches are different when we start Algorithm 1 from branch and . But we find that the values of and the number of covered buses are the same, i.e., and the number of covered buses is 13. This indicates that, even though the sets of targetperturbation branches output from our algorithm are different with different start points, they result in the same dimension of stealthy attack space and the same number of covered buses. Thus, we can dynamically change the perturbed branches and maintain the effectiveness of MTD. On the other hand, we can select the branches that are already deployed with DFACTS devices for realizing MTD, which can help reducing the infrastructure cost.
Computation time of the algorithm. Moreover, we evaluate the computation time of the algorithm for the selection of targetperturbation branches. Note that Algorithm 2 is not executed if the condition given in line 13 of Algorithm 1 is not satisfied. We run the algorithm in a core i7 laptop, which has a 2.4GHz CPU and 8.0G memory. We assume that all branches can be perturbed in the adopted power systems. First, we use the IEEE 14bus power system as an example. We vary the number of perturbed branches from 1 to 20. The computation time of our algorithm is shown in Fig. 16. We can see that the computation time is less than 10ms when the number of DFACTS devices is less than 8, while it is more than 30ms when the number of DFACTS devices is larger than 8. It seems that the computation time increases 3 times when the number of DFACTS devices increases from 8 to 9. This is because only Algorithm 1 is executed when the number of DFACTS devices is less than 8, i.e., the condition in line 13 of Algorithm 1 is not satisfied. While both Algorithm 1 and Algorithm 2 are executed when the number of DFACTS devices is larger than 8. This indicates that sometimes it takes longer for executing Algorithm 2.
Second, we change the size of the power system while fix the number of DFACTS devices as 10. Here we adopt the IEEE 14bus, 30bus, 57bus, 118bus and 145bus power systems. The computation time of our algorithm is given in Fig. 16. We can see that the computation time increases from around 30ms (14bus) to more than 300ms (145bus), which indicates that the computation time of our algorithm increases with the system size. Moreover, we find that the computation time with the 14bus power system is a little larger than that with the 30bus power system. In our opinion, the reason is that, given 10 DFACTS devices, both Algorithm 1 and Algorithm 2 are executed with the 14bus power system, while only the Algorithm 1 is executed with the 30bus, 57bus, 118bus and 145bus power systems. Overall, we can efficiently compute the result (within 350ms in all given power systems).
VC2 Reducing the operation cost
Furthermore, we evaluate the impact of the perturbed branch and the susceptance perturbation magnitude on the increasing of the operation cost. For the OPF problem, we use the objective function as , which is a linear generation cost model. With the IEEE 14bus power system, the generators are installed at bus 1, 2, 3, 6 and 8, and their parameters are shown in Table VI. The active power flow limits of branch 1 is 160 MW and the other active power flows are limited to 60 MW. We assume that the optimal results are obtained at the beginning. Then, we analyze the increase of the generation cost when we perturb branch and to different ratios, respectively. The simulation results are plotted in Fig. 16. We can see that the increasing of the generation cost under these two cases are different. When the branch susceptance is decreased, the increasing of generation cost by perturbing is slightly lower than that of by perturbing . But the generation cost increases as the perturbation ratio decreases in both cases. When the branch susceptance is increased, the generation cost of perturbing almost remains invariant, while it increases with the perturbation ratio by perturbing . The simulation result indicates that, by appropriately selecting the perturbed branch and the perturbation magnitude, we can reduce the increasing operation cost of MTD.
Generation bus  1  2  3  6  8 

300  50  30  50  20  
($/MWh)  20  30  40  50  35 
Vi Conclusion
In this paper, with the DC power flow model, we analyzed the completeness, deployment and the increasing operation cost of MTD in terms of thwarting stealthy FDI attacks constructed with old system information. To begin with, we proved that an MTD is complete to defeat all FDI attacks constructed with former branch parameters only if the number of branches is larger than or equal to twice that of the system states (i.e., , where is the number of system buses), and the susceptances of more than branches, which cover all buses, are perturbed. Besides, we prove that we can never realize a complete MTD if the power transmission system has a bus that is only connected by a single branch. Further, we prove that the susceptance perturbation magnitude almost does not affect the dimension of the stealthy attack space after MTD. Based on this result, we presented guidance on effective MTD for minimizing the dimension of the stealthy stealthy attack space, maximizing the number of covered buese and reducing the operation cost. Finally, we illustrated and demonstrated our findings with the IEEE standard test power systems.
Appendix A
Proof of Proposition IV.1. Since can be linearly represented by , we have for any . Suppose . Then, we have (i.e., ), which means that we cannot detect this FDI attack. Therefore, we must have for detecting the attack vector a.
Appendix B
Proof of Proposition IV.2. (Sufficiency) Since , we have . It follows that . Therefore, the MTD is complete.
(Necessity) Since the MTD is complete, we have . It follows that