Existing attack prevention strategies in smart grid including firewalls, encryption, and access controls, face the challenge of static configurations prone to exploitation. Unlike traditional mechanisms, moving-target defense (MTD), by dynamically altering system parameters, introduces a layer of unpredictability, making it a potent tool against cyber-attacks, including false data injection attacks (FDIA) and zero-day exploits. While MTD has demonstrated efficacy in dc systems by complicating attackers' efforts, its application to ac systems introduces new complexities. AC systems' nonlinearity and vulnerability to topology changes challenge traditional MTD methods, especially in ensuring convergence and adapting to dynamic topologies during emergencies. Such methods, though innovative, fall short in real-world applications where topology changes can render such methods ineffective. Recognizing these limitations, our work introduces a data-driven moving-target defense (DD-MTD) strategy that employs Kullback–Leibler divergence and the Kolmogorov–Smirnov test. Our method quantifies the impact of system perturbations to improve FDIA detection while ensuring changes adhere to operational and cost constraints, a critical factor during contingencies. Our approach, leveraging piecewise linear approximation and mixed-integer linear programming, addresses convergence and adaptability issues, offering a robust defense for ac systems. Simulations on IEEE 14 and 118-bus systems demonstrate that our DD-MTD method enhances detection rates and efficiency, outperforming existing state-of-the-art MTD strategies.

The expansion of power systems over large geographical areas renders centralized processing inefficient. Therefore, the distributed operation is increasingly adopted. This work introduces a new type of attack against distributed state estimation of power systems, which operates on inter-area boundary buses. We show that the developed attack can circumvent existing robust state estimators and the convergence-based detection approaches. Afterward, we carefully design a deep learning-based cyber-anomaly detection mechanism to detect such attacks. Simulations conducted on the IEEE 14-bus system reveal that the developed framework can obtain a very high detection accuracy. Moreover, experimental results indicate that the proposed detector surpasses current machine learning-based detection methods.