This document discusses robust false data injection attacks in electricity markets by limited adversaries. It proposes a worst-case robust attack strategy for adversaries with only partial network information, modeled as bounded uncertainties. The strategy formulates designing such attacks as a convex semi-definite programming problem to efficiently find attacks that remain undetectable under any potential network configuration within the uncertainty bounds. The strategy is analyzed theoretically and tested on the IEEE 14-bus system to evaluate its robustness against different uncertainty levels.

1. Robust False Data Injection Attacks in Electricity Markets by Limited
Adversaries
Mengheng Xue and Ali Tajer
Electrical, Computer, and Systems Engineering Department
Rensselaer Polytechnic Institute
Troy, NY 12180
Abstract—Deregulated electricity markets consist of look-ahead and
real-time markets, across which energy price is generally volatile. More-
over, dispatch and pricing decisions in the real-time market strongly
hinge on the quality of the real-time state estimation routines, which are
designed to provide real-time information about operation state of the
grid. The adversaries can leverage price volatility in conjunction with the
dependence of the real-time markets on the state estimates in order to
carry out profitable financial misconduct, e.g., via virtual bidding. When
the adversaries can access to complete network information, the attack
strategies are studied extensively in the existing literature. This paper
focuses on limited adversaries who have only partial network information,
in which the uncertainties are modeled as bounded values, and offers
realistic attack strategy approach to guarantee the worst-case performance
for attackers. Designing such attacks is investigated analytically, and
examined in the IEEE 14-bus system.
I. INTRODUCTION
Electric systems are monitored, controlled, and coordinated by sys-
tem operators (SOs). To ensure efficient operation, SOs strongly rely
on accurate information about the electricity markets for determining
the most cost-effective generating units to commit to throughout
dispatch [1, 2]. Electricity markets, on the other hand, have been
transitioning from being monopolized to deregulated consisting of
various day-ahead (DA) and real-time (RT) markets [3]. Locational
marginal prices (LMPs) are adopted by some SOs to determine
nodal prices and cope with transmission congestion [3]. In the DA
markets, LMPs are calculated based on the demand forecasts and the
optimal power flow (OPF) solution, while in the RT markets they
are calculated by solving an incremental OPF problem and using the
real-time state estimates of the system. Such dependency on state
estimates makes the RT markets vulnerable to security threats bent
on distorting state estimates of the system [4–6]. Specifically, any
distortion not properly detected by the monitoring modules, e.g., bad
data detectors (BDDs), leads to undesired changes in the LMPs. More
specifically, a compromised estimate of the system state can lead to
non-optimal dispatch, which, in turn, can cause the nodal prices at
different system buses to shift away from their optimal values. An
adversary can take advantage of such price shift to carry out financial
misconduct.
A. Existing Work
The impacts of cyber attacks on electricity markets are discussed
in [4], in which an attack strategy is proposed to carry out financial
misconduct in electricity markets by pushing certain lines flows below
their limits in [7]. The study in [8] presents an FDIA strategy that
aims to make profit on generation revenue with a single measurement
attack. The multi-step electricity price (MEP) model is introduced in
[9], against which attack strategies are presented in [10]. In order
This research was supported by the National Priorities Research Program
through the Qatar National Research Fund (a member of Qatar Foundation)
under Grant 6-149-2-058.
to incorporate inter-temporal constraints, malicious data attacks on
electricity markets by compromising ramp constraints during look-
ahead dispatch are discussed in [11]. In [12], attack strategies based
on the geometric characterization of LMPs on the state space of
grid are proposed. Game theoretic frameworks for modeling the
dynamics between the attack and defense strategies are studied in
[13]. Nonlinearity effects of power systems on FDIAs are considered
in [14].
B. Contributions
Most existing studies, irrespective of their discrepancies in settings
or objectives, conform in adopting the common assumption that the
attackers can access to complete network information, e.g., network
dynamics [7]. In reality, such network information is too extensive,
secured, and temporally volatile to be completely accessible by an
intruder. Therefore, the scenario in which adversaries with partial
network information is a more realistic. Effects of limited adversaries
with partial network information on power systems are investigated
in other contexts (c.f. [15] and [16]). However, the impacts of such
limited attackers on electricity markets are not investigated.
Motivated by a more realistic scenario for limited adversaries,
in this paper we focus on the settings in which the attackers can
get access to only partial information about network dynamics.
Specifically, we assume that the attackers have uncertainties about
the parameters characterizing the network. Such uncertainties are
assumed to be confined within known hyper-spherical regions. Based
on such an uncertainty model, we propose a worst-case robust attack
strategy to provide worst-case guarantees for profitable attacks in the
RT markets. Designing such attacks can be formulated as a non-
convex and semi-infinite problem, which in general is NP-hard to
solve [17]. With the additional structure of the problem, however,
we show that this problem could be posed as an equivalent convex
semi-definite programming (SDP) problem, which can be solved
efficiently in polynomial time [18]. Finally, we provide simulations
in the IEEE 14-bus system to evaluate the robustness and efficiency
of the proposed attack strategy under different uncertainty levels.
II. SYSTEM MODEL
A. State Estimation Model
Consider a lossless power transmission system consisting of M
generators and J loads connected by K transmission lines. We denote
the power injected by generator m ∈ {1, . . . , M} by pm, the load
power withdrawn at load j ∈ {1, . . . , J} by j, and the power flow
transmitted on line l ∈ {1, . . . , L} by fl. Accordingly, we represent
the power generation vector, load vector, and line flow vector by
p = [p1, . . . , pM ]T
, = [ 1, . . . , J ]T
and f = [f1, . . . , fl]T
, re-
spectively. We define the states in monitoring and dispatch processes
as a vector of net power injections, i.e.,
x = [x1, . . . , xN ]T
= [ T
pT
]T
, (1)
1370978-1-5386-3954-2/16/$31.00 ©2016 IEEE Asilomar 2016

2. where N = J + M. Based on the DC power flow model, the
linearized line flow vector is given by
f = Hx, (2)
where H ∈ RL×N
is the distribution factor matrix [7]. The system
contains K = L + J + M sensors to measure load, generation, and
line flows, which can be represented by a linearized measurement
vector z ∈ RK×1
such that
z = Hsx + w , (3)
where we have defined Hs = [IN HT
]T
, and w ∈ RK×1
represents an additive noise column vector whose elements are
independent Gaussian random variables with zero means, i.e., w ∼
N(0, Σ), where Σ is a diagonal matrix with the kth
diagonal element
to be σ2
k. Then the weighted least square (WLS) estimator of the
linearized state estimate vector is given by
ˆx = Kz , (4)
where K = (HH
s Σ−1
Hs)−1
HH
s Σ−1
. Finally, we denote the
measurement residue used for bad data detection [19] as
r = z − Hs ˆx
(4)
=(I − HsK)z . (5)
B. Attack Model
An adversary aims to launch an FDIA by compromising a set of
measurement sensors and tampering with their recording data. Hence,
the corrupted measurement data received by the SO can be stated as
z = z + za, (6)
where za is the injected attack vector. Under such an attack, the
compromised state estimates ˆx based on the attacked measurement
data z can be expressed as
ˆx
(4)
= Kz = ˆx + Kza. (7)
Accordingly, the residue value used for bad data detection becomes
r
(5)
= r + ra , (8)
where ra = (I−Q)za, in which we have defined Q = HsK. Based
on this, if the attacker can inject attack vectors resulting in small
ra, the detector cannot distinguish between r and r. Therefore, we
define the ε-feasible attack such that the ∞-norm of ra is controlled
below the desired threshold ε, i.e.,
ra ∞ = max{r1, r2, . . . , rK } ≤ ε . (9)
Accordingly, the individual residue test corresponding to the state
parameter k ∈ {1, . . . .K} can be cast as
ek(I − Q)za 2 ≤ ε, ∀k ∈ {1, . . . , K} , (10)
where ek ∈ R1×K
is the standard unit vector with 1 in the kth
column. This constraint can be interpreted as attacker’s undetectable
condition and such condition strongly hinges on the attacker’s perfect
and instantaneous knowledge of network dynamics Q. In reality,
however, network information is too extensive to be completely
accessible by an attacker. In this paper, we assume that the attacker
has limited access to only a noisy version of Q, i.e.,
Q = ˜Q + ∆Q (11)
where ˜Q is the actual network dynamic matrix and ∆Q denotes
the attacker’s uncertainties about network dynamics and we assume
such uncertainties are bounded and confined within an origin-centered
hyper-spherical region of radius β, i.e.,
∆Q 2 ≤ β . (12)
Hence, from the attacker’s perspective, the network dynamic infor-
mation belongs to the set
A(β) = {Q | Q = ˜Q + ∆Q, ∆Q 2 ≤ β} . (13)
Due to the uncertainty associated with Q, the undetectability of
injected attack vector za also faces uncertainties. If the attacker
constructs an attack vector such that for all realizations of Q it
remains undetectable by the BDDs, it immediately ensures a worst-
case guarantee. Motivated by this, the ε-robust attack is defined as
follows.
Definition 1: An attack vector za is called ε-robust if it satisfies
ek(I − Q)za 2 ≤ ε, ∀Q ∈ A(β), ∀k ∈ {1, . . . , K} , (14)
which is equivalent to
sup
Q∈A(β)
ek(I − Q)za 2 ≤ ε, ∀k ∈ {1, . . . , K} . (15)
C. Electricity Markets
The deregulated electricity market consists of DA and RT markets.
A DC optimal power flow (DCOPF) model is adopted by the SOs to
determine the LMPs in both markets [7].
1) Day-Ahead Market: In the DA market, the SOs perform opti-
mal dispatch calculations to minimize the aggregate cost given the
dispatchable load forecast . Accordingly, the optimal dispatch p∗
is
the solution to the following problem:
minimize
p
1M · C(p)
subject to 1M · p = 1J ·
pmin
m ≤ pm ≤ pmax
m , ∀m ∈ {1, . . . , M}
fmin
l ≤ fl ≤ fmax
l , ∀l ∈ {1, . . . , L}
, (16)
where C(p) = [C1(p1), . . . , CM (pM )]T
is the cost vector associated
with each generator m, and 1M ∈ R1×M
denotes a row vector of all
ones, pmin
m and pmax
m are lower and upper bounds on power available
from each generator m, respectively, and similarly, fmin
l and fmax
l
are lower and upper bounds on transmission flow allowable on each
line l, respectively.
2) Real-Time Market: In the RT market, due to variations in
actual load or generation, the SOs update dispatch p∗
via performing
incremental dispatch calculation to achieve real-time optimal system
operation [20]. By categorizing the positive congestion set as
Ω+ = {l ∈ {1, . . . , L} | ˆfl ≥ fmax
l } , (17)
the negative congestion set as
Ω− = {l ∈ {1, . . . , L} | ˆfl ≤ fmin
l } , (18)
and the non-congestion set as
Ω0 = {l ∈ {1, . . . , L} | fmin
l < ˆfl < fmax
l } , (19)
1371

3. the optimal dispatch can be found as the solution to the following
incremental linear programming problem [3]:
minimize
∆p
1M · C(ˆp + ∆p)
subject to 1M · ∆p = 0
∆pmin
m ≤ ∆pm ≤ ∆pmax
m , ∀m ∈ {1, . . . , M}
∆fl ≤ 0, ∀l ∈ Ω+
∆fl ≥ 0, ∀l ∈ Ω−
,
(20)
where ∆p = [∆p1, . . . , ∆pM ]T
denotes the vector of change in
power of each generator m, in which ∆pm is lower and upper
bounded by ∆pmin
m and ∆pmax
m , respectively. Similarly, ∆fl rep-
resents the change in transmission flow on each line l. Also, ˆp
denotes the vector of estimated power generation by each generator
m. Finally, following the discussions in [7], by defining λref as the
LMP of a reference bus, we denote the LMP corresponding to each
load bus j by
λj = λref + HT
j · α, ∀j ∈ {1, . . . , J} , (21)
where Hj represents the jth
column of H and we have defined α =
[α1, . . . , αL]T
, such that αl denotes the shadow price on line l, and
its value depends on the congestion condition of the corresponding
line given by 


αl ≥ 0, if l ∈ Ω+
αl ≤ 0, if l ∈ Ω−
αl = 0, if l ∈ Ω0
. (22)
Based on (21), the LMP difference between two load buses j1 and
j2 is given by
λj1 − λj2 = (Hj1 − Hj2 )T
· α . (23)
D. Profit Model
In this subsection, we assume the attacker is an independent entity
who can participate in virtual bidding in the electricity market and
has access the following categories of information:
1) Partial information about the network dynamics with bounded
uncertainties as formalized earlier.
2) States of optimal power generations p∗
, expected loads ∗
, and
the optimal power flows f∗
reported by the SOs in the DA
market.
The attacker in interested in maximizing its probability of making
profitable bids, which can be achieved by injecting an attack vector
za to manipulate measurements sent to the SOs, and misleading the
calculation of a set of LMPs to shift towards the desired direction.
Specifically, the attacker buys and sells equal amounts of energy P at
load locations j1 and j2 with nodal prices λDA
j1
and λDA
j2
, respectively.
After injecting the attack vector za, the attacker sells and buys the
same amounts of energy P at nodal prices λRT
j1
and λRT
j2
on load
buses j1 and j2 in the RT market, respectively. Hence, by defining
the sets
L+ = {l ∈ {1, · · · , L} : Hl,j1 > Hl,j2 } , (24)
L− = {l ∈ {1, · · · , L} : Hl,j1 < Hl,j2 } , (25)
and based on (23), the attacker’s profit can be expressed by
g(z ) = (λRT
j1
− λRT
j2
+ λDA
j2
− λDA
j1
) · P
=
l∈L+
(Hl,j1 − Hl,j2 ) · αl
Network Dynamic Uncertainty Ratio ξ
0 0.05 0.1 0.15 0.2
ProfitConfidenceδ(MWh)
0
2
4
6
8
10
12
14
16
Attack with 1 line congested
Attack with 2 lines congested
Attack with 3 lines congested
Fig. 1: Profit confidence δ versus network dynamic uncertainty ratio
ξ in IEEE 14-bus system.
+
l∈L−
(Hl,j2 − Hl,j1 ) · αl + λDA
j2
− λDA
j1
· P . (26)
As shown in [7], the following conditions suffice to ensure that profit
g(z ) is positive:
1) λDA
j2
− λDA
j1
≥ 0 ;
2) ∀l ∈ L+ we have ˆfl > fmin
l , i.e., l /∈ Ω− ; and
3) ∀l ∈ L− we have ˆfl < fmax
l , i.e., l /∈ Ω+,
(27)
where ˆfl denotes the compromised line flow estimate. The first
condition can be easily satisfied in the DA market. For the last
two conditions, from the attacker’s perspective, ˆfl on each line is
a random variable with mean
E[ ˆfl ] = f∗
l + elHKza , (28)
where f∗
l is the DA optimal power flow on each line l.
Proposition 1: Matrices H and Hs defined in (2) and (3),
respectively, are related according to
H = [0L×N IL]Hs. (29)
Based on this proposition and by recalling Q = HsK, (28) can be
expressed as
E[ ˆfl ] = f∗
l + el[0 I]HsKza
= f∗
l + el[0 I]Qza . (30)
Hence, the attacker aims to inject za to ensure the last two
profitable conditions to hold with high likelihood. Motivated by this,
we define δ-profitable attacks as follows.
Definition 2: An attack za is δ-profitable if ∀Q ∈ A(β), the
following two conditions are satisfied.
f∗
l + el[0 I]Qza ≤ fmax
l − δ, ∀ l ∈ L−
f∗
l + el[0 I]Qza ≥ fmin
l + δ, ∀ l ∈ L+
, (31)
which in turn can be equivalently cast as
sup
Q∈A(β)
{el[0 I]Qza} ≤ fmax
l − δ − f∗
l , ∀l ∈ L−
inf
Q∈A(β)
{el[0 I]Qza} ≥ fmin
l + δ − f∗
l , ∀l ∈ L+
. (32)
where δ is an introduced parameter to represent the attacker’s profit
confidence [7], and increasing δ will guarantee the last two conditions
in (27) to be satisfied with higher probability.
1372

4. Location (Bus Number)
0 2 4 6 8 10 12 14
NodalPrice($/MWh)
34
35
36
37
38
39
40
41
42
Attack with full information (ξ = 0)
No attack (za = 0)
λRT
2
=λRT
4
λRT
4
λRT
2
virtual selling at Bus 2
virtual buying at Bus 4
(a) Attack with full information.
Location (Bus Number)
0 2 4 6 8 10 12 14
NodalPrice($/MWh)
34
35
36
37
38
39
40
41
42
Attack with uncertainty ξ = 0.05
No attack (za = 0)
λRT
4
λRT
2
λRT
2
λRT
4
virtual buying at Bus 4
virtual selling at Bus 2
(b) Attack with uncertainty ratio ξ = 0.05.
Fig. 2: Real-time LMPs at each bus under attack with full information and with certain network dynamic uncertainty ratio ξ = 0.05 (one
line congested) in the IEEE 14-bus system.
III. ROBUST ATTACK FORMULATION AND SOLUTION
Based on the notations and definitions provided in Section II, the
attacker’s strategy is to find an ε-robust attack vector za such that
its profit confidence δ is maximized:
max
za∈S
δ
s.t. ek(I − Q)za 2 ≤ ε, ∀Q ∈ A(β), ∀k ∈ {1, . . . , K}
f∗
l + el[0 I]Qza ≤ fmax
l − δ, ∀Q ∈ A(β), ∀l ∈ L−
f∗
l + el[0 I]Qza ≥ fmin
l + δ, ∀Q ∈ A(β), ∀l ∈ L+
δ > 0
,
(33)
where S represents the attack vector space. Since there exists an
infinite number of Q ∈ A(β), there is an infinite number of nonlinear
and non-convex constraints in (33). Hence, (33) is a semi-infinite non-
convex quadratic program, which is NP-hard in general and, thus
intractable. In the next section, we will show that due to the special
structure of constraints, the problem (33) can be simplified to an
equivalent convex semi-definite programming (SDP) problem and can
be solved efficiently in polynomial time.
IV. WORST-CASE ROBUST ATTACK FORMULATION AND
SOLUTION
In this section, through solving (33) we develop a robust optimal
approach for limited adversaries with bounded network dynamic
uncertainties. For this purpose, we show that (33) can be equivalently
cast as a convex SDP problem. Specifically, we show that (15) can
be converted to proper linear matrix inequality (LMI) constraints by
the following theorem.
Theorem 1: The ε-robust constraints
ek(I − Q)za 2 ≤ ε, ∀Q ∈ A(β), ∀k ∈ {1, . . . , K} : (34)
can be can be satisfied if and only if there exists a γ ≥ 0 such that
for ∀k ∈ {1, . . . , K}
T k =


ε2
zT
a (I − ˜Q)T
eT
k −βzT
a
ek(I − ˜Q)za 1 − γ 0
−βza 0 γI

 0 , (35)
i.e., T k is semi-positive definite.
Next we show that the δ-profitable constraints in (32) can be
expressed as equivalent convex quadratic constraints as formalized
in the following theorem.
Theorem 2: The δ-profitable constraints in (32) can be equivalently
stated as
β za 2 + ˜qlza ≤ −δ − f∗
l + fmax
l , ∀l ∈ L−
β za 2 − ˜qlza ≤ −δ + f∗
l − fmin
l , ∀l ∈ L+
, (36)
where we have defined
˜ql = el[0 I] ˜Q . (37)
As a result, theorems 1 and 2 conclude that problem (33) can be
equivalently cast an SDP problem as follows.
maximize
za∈S,γ≥0
δ
subject to T k 0, ∀k ∈ {1, . . . , K}
β za 2 + ˜qlza ≤ −δ − f∗
l + fmax
l , ∀l ∈ L−
β za 2 − ˜qlza ≤ −δ + f∗
l − fmin
l , ∀l ∈ L+
δ > 0
,
(38)
which can be solved efficiently.
V. SIMULATIONS
In this section, we provide simulation results in the standard IEEE
14-bus system to evaluate the impact of attack vectors injected by
limited adversaries on electricity market operations. In all simulation
settings, the ε-robust threshold is set to be 0.5, and we define
ξ = β/ Q 2 to denote the attacker’s network dynamic uncertainty
ratio. All the simulations are conducted using Matlab-based software
packages including MATPOWER [21] and convex programming
solver CVX [22].
A. Varying Degree of Uncertainties
In this subsection, we aim to investigate the connection between
the attacker’s profit confidence δ and its uncertainty ratio ξ. Fig. 1
illustrates the variations of profit confidence along with the increasing
uncertainty ratio in the IEEE 14-bus system. It is observed that
with perfect information (ξ = 0), the attacker’s profit confidence is
maximized. With the expanding uncertainty ratio, its profit confidence
declines monotonically and becomes 0MWh when its uncertainty
researches a certain level. The underlying reason is that the injected
attack vector za is limited by the ε-robust constraints (15). With the
continuous increase of β (or equivalently ξ), the room for injecting
attack vector, and subsequently, the attacker’s ability to manipulate
the state estimates, shrinks rapidly, and beyond a certain uncertainty
1373

5. level, the attacker cannot inject effective attack vectors to affect LMPs
in the RT Market.
Fig. 1 also demonstrates that when more transmission lines are
congested, under the same increasing rate of the uncertainty ratio the
attacker’s profit confidence decreases faster. The underlying cause
is that the injected attack vector za is also constrained by the δ-
profitable constraints (32). With more lines congested, a stricter
requirement is enforced on the attackers to inject false data to relieve
a larger system congestion pattern, which accordingly, lowers the
attacker’s capability to make profit.
B. Locational Marginal Prices
In this case study, the objective is to evaluate the impact of attacks
under model uncertainty on the LMP shift in the RT market. In
the DA market, it is assumed that there exists one congested line
(connecting buses 2 and 4). We provide figures 2(a) and 2(b) to
show the LMP shifts in the RT market by the attacker with complete
and partial network dynamic information, i.e., ξ = 0 and ξ = 0.05,
respectively. Based on such LMP shifts, the attack strategies under
two cases are also provided in both figures. In the DA market, the
attacker chooses to buy and sell the same amount of virtual energy at
buses 2 and 4, respectively. After injecting false data za and in the
RT market, the attacker decides to sell and buy the same amount of
virtual energy at the corresponding buses, respectively. Based on (26),
the attacker’s virtual bidding profit g(z ) with partial information
(ξ = 0.05) is about 3.53/MWh and it is smaller than the profit with
full information (ξ = 0), which is approximately $7.07/MWh.
VI. CONCLUSION
In this paper, we have studied the impact of false data injection
attacks by limited adversaries with partial information about network
dynamics. Specifically, we assume that the attackers have uncertain-
ties about the parameters characterizing the network. Such uncertain-
ties are assumed to be confined within known hyper-spherical regions.
We have proposed a worst-case robust approach to develop attack
strategies that ensure worst-case guarantees for profitable attacks. We
have shown that designing such worst-case robust attack strategies
can be posed as solving a semi-definite programming problem, which
could by solved efficiently. Simulation results have been provided in
the standard IEEE 14-bus system to assess the effects of attacker’s
network dynamic uncertainty on its profit in the electricity markets.
REFERENCES
[1] S. Hunt, Making competition work in electricity. John Wiley
and Sons, 2002, vol. 146.
[2] A. J. Wood and B. F. Wollenberg, Power generation, operation,
and control. John Wiley and Sons, 2012.
[3] A. Ott, “Experience with PJM market operation, system design,
and implementation,” IEEE Transactions on Power Systems,
vol. 18, no. 2, pp. 528–534, May 2003.
[4] M. Negrete-Pincetic, F. Yoshida, and G. Gross, “Towards quan-
tifying the impacts of cyber attacks in the competitive electricity
market environment,” in Proc. IEEE PowerTech Conference,
Bucharest, Romania, Jun. 2009, pp. 1–8.
[5] F. Pasqualetti, F. Dorfler, and F. Bullo, “Cyber-physical attacks
in power networks: Models, fundamental limitations and moni-
tor design,” in Proc. IEEE Conference on Decision and Control,
Orlando, FL, Dec. 2011, pp. 2195–2201.
[6] S. Cui, Z. Han, S. Kar, T. T. Kim, H. V. Poor, and A. Tajer,
“Coordinated data-injection attack and detection in the smart
grid: A detailed look at enriching detection solutions,” IEEE
Signal Processing Magazine, vol. 29, no. 5, pp. 106–115, Sep.
2012.
[7] L. Xie, Y. Mo, and B. Sinopoli, “Integrity data attacks in power
market operations,” IEEE Transactions on Smart Grid, vol. 2,
no. 4, pp. 659–666, Dec. 2011.
[8] L. Jia, R. Thomas, and L. Tong, “Malicious data attack on real-
time electricity market,” in Proc IEEE International Conference
on Acoustics, Speech and Signal Processing, Prague, May 2011,
pp. 5952–5955.
[9] X. Lei, D. x. Yu, and X. l. Bai, “Research on multistep electricity
price model with bidirectional regulation for large consumers,”
in Proc. International Conference on Electrical and Control
Engineering, Jun. 2010, pp. 4114–4117.
[10] J. Lin, W. Yu, and X. Yang, “On false data injection attack
against multistep electricity price in electricity market in smart
grid,” in Proc. IEEE Global Communications Conference, Dec.
2013, pp. 760–765.
[11] D.-H. Choi and L. Xie, “Ramp-induced data attacks on look-
ahead dispatch in real-time power markets,” IEEE Transactions
on Smart Grid, vol. 4, no. 3, pp. 1235–1243, Sep. 2013.
[12] L. Jia, R. Thomas, and L. Tong, “Impacts of malicious data
on real-time price of electricity market operations,” in Proc.
Hawaii International Conference on System Science, Maui, HI,
Jan. 2012, pp. 1907–1914.
[13] M. Esmalifalak, G. Shi, Z. Han, and L. Song, “Bad data
injection attack and defense in electricity market using game
theory study,” IEEE Transactions on Smart Grid, vol. 4, no. 1,
pp. 160–169, Mar. 2013.
[14] L. Jia, R. Thomas, and L. Tong, “On the nonlinearity effects on
malicious data attack on power system,” in Proc. IEEE Power
and Energy Society General Meeting, San Diego, CA, Jul. 2012,
pp. 1–8.
[15] A. Tajer, S. Kar, H. V. Poor, and S. Cui, “Distributed joint cyber
attack detection and state recovery in smart grids,” in Proc.
IEEE International Conference on Smart Grid Communications,
Brussels, Belgium, Oct. 2011, pp. 202–207.
[16] A. Anwar, A. N. Mahmood, and M. Pickering, “Data-driven
stealthy injection attacks on smart grid with incomplete mea-
surements,” in Proc. Pacific-Asia Workshop on Intelligence and
Security Informatics, Mar. 2016, pp. 180–192.
[17] M. R. Garey and D. S. Johnson, Computers and Intractability:
A Guide to the Theory of NP-Completeness. New York, NY:
W. H. Freeman and Co., 1979.
[18] Y. Nesterov and A. Nemirovskii, Interior-Point Polynomial
Algorithms in Convex Programming. Philadelphia, PA: Society
for Industrial and Applied Mathematics, 1994.
[19] Y. Liu, P. Ning, and M. K. Reiter, “False data injection at-
tacks against state estimation in electric power grids,” in Proc.
ACM Conference on Computer and Communications Security,
Chicago, IL, Nov. 2009, pp. 21–32.
[20] F. Li, Y. Wei, and S. Adhikari, “Improving an unjustified
common practice in ex post lmp calculation: An expanded
version,” in Proc. IEEE Power and Energy Society General
Meeting, Minneapolis, MN, July 2010, pp. 1–4.
[21] R. D. Zimmerman, C. E. Murillo-Sanchez, and R. J. Thomas,
“Matpower: Steady-state operations, planning, and analysis
tools for power systems research and education,” IEEE Trans-
actions on Power Systems, vol. 26, no. 1, pp. 12–19, Feb. 2011.
[22] M. Grant and S. Boyd, “CVX: Matlab software for disciplined
convex programming, version 2.1,” http://cvxr.com/cvx, Mar.
2014.
1374