An Integrated Defense Architecture Against False Data Injection Attacks in Smart Grid Sulabh Bhattarai, Linqiang Ge, and Wei Yu Abstract—Smart Grid is a new type of power grid that will provide reliable, secure, and efﬁcient energy transmission and distribution in real time. While most existing techniques for protecting power grids were designed to ensure system reliability (e.g., against random failures), recently there is growing concern in smart grid initiatives on the protection against malicious cyber attacks. In particular, the adversary can inject false measurement reports to disrupt the smart grid operation through the com- promised meters and sensors. Hence, defending against those false data injection attack becomes a critical issue. Nevertheless, there is no existing solution that considers all aspects such as deployment cost, efﬁciency, and effectiveness. In this paper, we develop a defense system that integrates the anomaly-based intru- sion detection and watermarking-based detection. Our anomaly- based detection can detect strong and rapid attacks. To deal with slow and stealth attacks, we adopt the watermarking-based detection. In particular, we add secure watermarks to real-time meter readings and transmit the watermarked data stream to the utility. The utility can then correlate the watermarked data with the original watermarks (transmitted via a secured channel) to detect the presence of false data injected by the adversary during the data transmission path. Our experimental results show that our integrated defense strategy can accurately detect both strong and stealthy attacks. I. I NTRODUCTION The smart grid uses modern advanced communication tech- nologies to make the power grid more efﬁcient, reliable, secure and resilient in real time. In the United States and many other countries, the modernization of the electric power grid is vital to the national efforts in order to increase energy efﬁciency, transition to renewable energy sources, reduce greenhouse gas emissions, and build a sustainable economy that ensures prosperity for current and future generations [1]. On the transmission and distribution side, Supervisory Control and Data Acquisition (SCADA) Systems collect the real time information that provides wide area situational awareness of grid status. On the user side, a more precise real-time estimation of anticipated usage will be collected to enable a more optimized demand-response driven control. The operation and control of the smart grid depends on a complex network of computers, software, and communication technologies that, if compromised by an adversary, have the potential to cause great damage, including extended power outages and destruction of electrical equipments. A cyber attack has the unique attribute that it can be launched through the public network from a remote location and coordinated together to attack other locations simultaneously. Once an adversary gains access to the network, he can launch a wide range of attacks ranging from spreading malware, exploiting vulnerabilities in common protocols, gain access to control system through database on business network, eavesdrop on sensitive information, and inject false information on price and meter reading [2]. While most existing techniques for protecting power grids were designed to ensure system relia- bility (e.g., against random failures), recently there is growing concern in smart grid initiatives on the protection against malicious cyber attacks. In particular, the adversary can inject false measurement reports to disrupt the smart grid operation through the com- promised meters and sensors. False data injection attacks on power grid can result in devastating consequences. For example, a user may abuse a billing rate, send wrong meter reading to the utility, leading to a wrong state estimation of the grid, and others. Abusing billing rate and sending wrong metering data can result in power shortage for customers and loss of revenue for the utility service provider. One of the most important reasons for the 2003 Eastern blackout is that the state estimation programs for key areas were abnormal and failed to provide the system operators the correct state information [3]. Recently, Liu et al. [4] demonstrated that an adversary, armed with the knowledge of the network conﬁgurations, can inject false data into the state estimation without being detected. Hence, defending against those false data injection attack becomes a critical issue in smart grid research and development. A number of false data detection schemes have been pro- posed in the past. For example, Yilin et al. [5] proposed a false data injection attack model and analyzed the effects of such kind of attacks on a linear time-invariant Gaussian control system. Zhu et al. [6] proposed T threshold validation schemes (interleaved hop-by-hop), where the base station veriﬁes the data as genuine if T +1 nodes have endorsed it [7]. In addition, similar research carried out by [8] and [9] relies on MAC vali- dation to ﬁlter out false data. Their proposed hop-by-hop MAC validation is an effective approach for detecting compromised data close to the source. Nevertheless, it requires multiple sensors to ﬁlter out false data, which increases deployment cost. High frequency of MAC validation also increases the computation overhead for the nodes and incurs extra delay to disrupt timing constraints of data, which is critical to correct functioning of the system. Since the smart grid requires real- time data transmission and low-cost and efﬁcient false data detection mechanisms, existing solutions such as T threshold validation techniques may not be applicable. In addition, in smart grid deployment, there are a large number of legacy devices that were developed many years ago and are not capable of conducting encryption and decryption operation.