MISGUIDE: Security-Aware Attack Analytics for Smart Grid Load Frequency Control
Article
Haque, NI, Mali, P, Haider, MZ et al. (2026). MISGUIDE: Security-Aware Attack Analytics for Smart Grid Load Frequency Control
. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 10.1109/TDSC.2026.3653015
Haque, NI, Mali, P, Haider, MZ et al. (2026). MISGUIDE: Security-Aware Attack Analytics for Smart Grid Load Frequency Control
. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 10.1109/TDSC.2026.3653015
Incorporating advanced information and communication technologies enhances smart grid (SG) operation, while increasing vulnerability to false data injection (FDI) attacks. Identifying and characterizing FDI attack vectors is crucial, as they can jeopardize SG system stability and protection. State-of-the-art (SOTA) attack analytics predominantly employ machine learning (ML) to extract attack vectors that can evade rules-based bad-data detectors. While scalable, these approaches offer no guarantees of identification or stealth and often yield simplistic attack vectors detectable by ML-based anomaly detection models (ADMs). Formal methods, in contrast, can synthesize verifiable attack vectors while ignoring ML-based ADM. Several tools in other domains attempt to identify attack vectors against ML-based ADMs; however, they apply to systems with straightforward control dynamics and cannot be directly transferred to complex, interdependent SG control systems. To address these gaps, we introduce MISGUIDE, a defense-aware attack analytics that jointly models LFC dynamics and an ML-based ADM to extract verifiable, multi-timeslot FDI attack vectors that can trip under/over-frequency relays while remaining stealthy. The ADM used in MISGUIDE can detect 100% of the attack vectors found by SOTA attack analytics. Using real-world load data, we validate the attack vectors generated by MISGUIDE through hardware-in-the-loop OPAL-RT simulations on the IEEE 39-bus system.
