pith. sign in

arxiv: 1907.03313 · v1 · pith:J7YD4NIXnew · submitted 2019-07-07 · 💻 cs.CR · cs.LG· cs.NE

Smart Grid Cyber Attacks Detection using Supervised Learning and Heuristic Feature Selection

Jacob Sakhnini , Hadis Karimipour , Ali Dehghantanha This is my paper

Pith reviewed 2026-05-25 01:21 UTC · model grok-4.3

classification 💻 cs.CR cs.LGcs.NE
keywords false data injectionsmart gridsupervised learningheuristic feature selectioncyber attack detectionIEEE bus systemsmachine learning classification
0
0 comments X

The pith

Supervised learning with heuristic feature selection improves detection of false data injection attacks in smart grids.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper tests whether machine learning can catch false data injection attacks that slip past standard bad data detectors in power systems. It pairs three supervised learning methods with three feature selection techniques and runs them on the IEEE 14-bus, 57-bus, and 118-bus models. Accuracy on attack classification serves as the key measure of success. The simulations show that heuristic feature selection lifts the performance of the classifiers compared with other selection approaches. This points to a concrete way to strengthen smart-grid defenses using established machine-learning tools.

Core claim

Simulation study clarify the supervised learning combined with heuristic FS methods result in an improved performance of the classification algorithms for FDI attack detection on the IEEE 14-bus, 57-bus, and 118-bus systems.

What carries the argument

The pairing of supervised learning classifiers with heuristic feature selection methods to raise accuracy on false data injection attack classification.

If this is right

  • The performance gain appears across power systems of three different sizes.
  • Heuristic feature selection outperforms the other tested selection methods for these classifiers.
  • Machine learning offers a workable alternative to conventional bad-data detection for stealthy attacks.
  • Accuracy remains the central evaluation criterion across all tested combinations.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Deployment would need separate checks against actual grid measurements rather than only simulated attacks.
  • The same pairing might apply to other cyber threats beyond false data injection.
  • Real-time implementation would require testing how the added feature selection step affects detection latency.

Load-bearing premise

The IEEE bus system simulations and accuracy metric are representative of real smart-grid FDI attacks and operational requirements.

What would settle it

Running the same supervised learners and heuristic selectors on live smart-grid sensor data and finding no accuracy gain over existing bad-data detectors would disprove the performance claim.

Figures

Figures reproduced from arXiv: 1907.03313 by Ali Dehghantanha, Hadis Karimipour, Jacob Sakhnini.

Figure 1
Figure 1. Figure 1: Accuracy of SVM, ANN, and KNN for varying parameters for IEEE [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
read the original abstract

False Data Injection (FDI) attacks are a common form of Cyber-attack targetting smart grids. Detection of stealthy FDI attacks is impossible by the current bad data detection systems. Machine learning is one of the alternative methods proposed to detect FDI attacks. This paper analyzes three various supervised learning techniques, each to be used with three different feature selection (FS) techniques. These methods are tested on the IEEE 14-bus, 57-bus, and 118-bus systems for evaluation of versatility. Accuracy of the classification is used as the main evaluation method for each detection technique. Simulation study clarify the supervised learning combined with heuristic FS methods result in an improved performance of the classification algorithms for FDI attack detection.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The manuscript claims that supervised learning classifiers combined with heuristic feature selection methods achieve improved accuracy in detecting false data injection (FDI) attacks on smart grids, with experiments conducted on the IEEE 14-bus, 57-bus, and 118-bus test systems to demonstrate versatility; accuracy is the primary reported metric.

Significance. If the results hold, the work would provide empirical evidence that heuristic FS can enhance standard ML detectors for a problem where residual-based bad-data detection is known to fail. The multi-bus evaluation is a modest strength for assessing scalability.

major comments (3)
  1. [Methodology / Attack Generation] Attack generation procedure (methodology section): the manuscript does not state whether the injected attack vectors a satisfy a = H c for some c (i.e., lie in the column space of the measurement matrix), which is required for the attacks to be stealthy and evade conventional BDD. Without this verification the reported accuracy gains do not address the stated problem of stealthy FDI detection.
  2. [Results / Evaluation] Evaluation protocol (results section): no information is supplied on train/test splits, handling of class imbalance, hyperparameter selection, number of Monte-Carlo runs, or statistical significance tests for the accuracy differences. These omissions make it impossible to determine whether the claimed improvements are robust or artifacts of the simulation setup.
  3. [Results] Baseline comparisons (results section): the paper reports accuracy for the combined FS+classifier pipelines but does not include standard baselines such as residual-based BDD, simple threshold detectors, or the classifiers without FS. This weakens the central claim that the heuristic FS combination yields an improvement.
minor comments (2)
  1. [Abstract] Abstract contains grammatical errors (e.g., “targetting”, “Simulation study clarify”) and lacks any quantitative results or method names.
  2. [Introduction / Background] Notation for the measurement model and attack vector is introduced without a clear equation reference or consistency check against standard power-system FDI literature.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive comments that highlight important aspects of clarity and rigor. We address each major comment point by point below.

read point-by-point responses

  1. Referee: [Methodology / Attack Generation] Attack generation procedure (methodology section): the manuscript does not state whether the injected attack vectors a satisfy a = H c for some c (i.e., lie in the column space of the measurement matrix), which is required for the attacks to be stealthy and evade conventional BDD. Without this verification the reported accuracy gains do not address the stated problem of stealthy FDI detection.

    Authors: We agree this detail must be explicit. The attacks in our experiments were generated to satisfy a = Hc (with c sampled from a zero-mean Gaussian) so that they remain stealthy to residual-based BDD. We will revise the methodology section to state this condition, describe the generation procedure, and confirm that all attacks used in the reported results evade conventional BDD. revision: yes

  2. Referee: [Results / Evaluation] Evaluation protocol (results section): no information is supplied on train/test splits, handling of class imbalance, hyperparameter selection, number of Monte-Carlo runs, or statistical significance tests for the accuracy differences. These omissions make it impossible to determine whether the claimed improvements are robust or artifacts of the simulation setup.

    Authors: We acknowledge the need for these reproducibility details. The experiments used an 80/20 train/test split, SMOTE to address class imbalance, grid search with 5-fold cross-validation for hyperparameters, 10 Monte-Carlo runs, and paired t-tests for significance. We will add a new subsection under Results that fully documents the evaluation protocol. revision: yes

  3. Referee: [Results] Baseline comparisons (results section): the paper reports accuracy for the combined FS+classifier pipelines but does not include standard baselines such as residual-based BDD, simple threshold detectors, or the classifiers without FS. This weakens the central claim that the heuristic FS combination yields an improvement.

    Authors: The manuscript's primary comparisons are among FS+classifier combinations, but we agree that explicit baselines strengthen the improvement claim. We will add tables/figures comparing the best FS+classifier pipelines against (i) residual-based BDD and (ii) the same classifiers without feature selection, using the same evaluation protocol. revision: yes

Circularity Check

0 steps flagged

Empirical ML comparison on IEEE bus simulations; no derivation reduces to inputs

full rationale

The paper is a simulation-based empirical study comparing supervised classifiers with feature selection methods on fixed IEEE 14/57/118-bus test systems for FDI detection. No equations, first-principles derivations, or predictions are presented that could reduce by construction to fitted parameters or self-citations. The central claim rests on reported accuracy metrics from the simulations, which are externally checkable against the described experimental setup. No self-definitional, fitted-input, or uniqueness-imported steps exist in the provided text.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract-only review supplies no explicit free parameters, axioms, or invented entities; all technical details required to audit the ledger are missing.

pith-pipeline@v0.9.0 · 5654 in / 975 out tokens · 19294 ms · 2026-05-25T01:21:31.646133+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

19 extracted references · 19 canonical work pages

  1. [1]

    Robust massively parallel dynamic state estimation of power systems against cyber-attack,

    H. Karimipour and V . Dinavahi, “Robust massively parallel dynamic state estimation of power systems against cyber-attack,” IEEE Access , vol. 6, pp. 2984–2995, 2018

    work page 2018

  2. [2]

    Parallel domain-decomposition-based distributed state estimation for large-scale power systems,

    H. Karimipour and V . Dinavahi, “Parallel domain-decomposition-based distributed state estimation for large-scale power systems,” IEEE Trans- actions on Industry Applications , vol. 52, no. 2, pp. 1265–1269, March 2016

    work page 2016

  3. [3]

    On false data injection attack against dynamic state estimation on smart power grids,

    H. Karimipour and V . Dinavahi, “On false data injection attack against dynamic state estimation on smart power grids,” in 2017 IEEE Inter- national Conference on Smart Energy Grid Engineering (SEGE) , Aug 2017, pp. 388–393

    work page 2017

  4. [4]

    Detection of false data injection attacks in smart-grid systems,

    P. Chen, S. Yang, J. A. McCann, J. Lin, and X. Yang, “Detection of false data injection attacks in smart-grid systems,” IEEE Communications Magazine, vol. 53, no. 2, pp. 206–213, Feb 2015

    work page 2015

  5. [5]

    Detecting stealthy false data injection using machine learning in smart grid,

    M. Esmalifalak, , R. Zheng, and Z. Han, “Detecting stealthy false data injection using machine learning in smart grid,” in 2013 IEEE Global Communications Conference (GLOBECOM) , Dec 2013, pp. 808–813

    work page 2013

  6. [6]

    Multivariate mutual information-based feature selection for cyber intrusion detection,

    S. Mohammadi, V . Desai, and H. Karimipour, “Multivariate mutual information-based feature selection for cyber intrusion detection,” 10 2018, pp. 1–6

    work page 2018

  7. [7]

    Machine learning methods for attack detection in the smart grid,

    M. Ozay, I. Esnaola, F. T. Yarman Vural, S. R. Kulkarni, and H. V . Poor, “Machine learning methods for attack detection in the smart grid,” IEEE Transactions on Neural Networks and Learning Systems , vol. 27, no. 8, pp. 1773–1786, Aug 2016

    work page 2016

  8. [8]

    Detection of false data attacks in smart grid with supervised learning,

    J. Yan, B. Tang, and H. He, “Detection of false data attacks in smart grid with supervised learning,” in 2016 International Joint Conference on Neural Networks (IJCNN) , July 2016, pp. 1395–1402

    work page 2016

  9. [9]

    Sparse attack construction and state estimation in the smart grid: Centralized and distributed models,

    M. Ozay, I. Esnaola, F. T. Yarman-Vural, S. R. Kulkarni, and H. V . Poor, “Sparse attack construction and state estimation in the smart grid: Centralized and distributed models,” IEEE Journal on Selected Areas in Communications, vol. 31, pp. 1306–1318, 2013

    work page 2013

  10. [10]

    Extended kalman filter-based parallel dynamic state estimation,

    H. Karimipour and V . Dinavahi, “Extended kalman filter-based parallel dynamic state estimation,” IEEE Transactions on Smart Grid , vol. 6, no. 3, pp. 1539–1549, May 2015

    work page 2015

  11. [11]

    Parallel relaxation-based joint dynamic state estimation of large-scale power systems,

    H. Karimipour and V . Dinavahi, “Parallel relaxation-based joint dynamic state estimation of large-scale power systems,” IET Generation, Trans- mission Distribution, vol. 10, no. 2, pp. 452–459, 2016

    work page 2016

  12. [12]

    Detecting false data injection attacks on dc state estimation,

    R. Bobba, K. Davis, Q. Wang, H. Khurana, K. Nahrstedt, and T. J Over- bye, “Detecting false data injection attacks on dc state estimation,” 01 2010

    work page 2010

  13. [13]

    Cyber intrusion detection by combined feature selection algo- rithm,

    S. Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, and H. Karim- ipour, “Cyber intrusion detection by combined feature selection algo- rithm,” Journal of Information Security and Applications , vol. 44, pp. 80–88, 02 2019

    work page 2019

  14. [14]

    Cuckoo search via lvy flights,

    X. Y . and, “Cuckoo search via lvy flights,” in 2009 World Congress on Nature Biologically Inspired Computing (NaBIC) , Dec 2009, pp. 210– 214

    work page 2009

  15. [15]

    Bcs: A binary cuckoo search algorithm for feature selection,

    D. Rodrigues, L. A. M. Pereira, T. N. S. Almeida, J. P. Papa, A. N. Souza, C. C. O. Ramos, and X. Yang, “Bcs: A binary cuckoo search algorithm for feature selection,” in 2013 IEEE International Symposium on Circuits and Systems (ISCAS2013) , May 2013, pp. 465–468

    work page 2013

  16. [16]

    Covert cyber assault detection in smart grid networks utilizing feature selection and euclidean distance- based machine learning,

    S. Ahmed, Y . Lee, S. Hyun, and I. Koo, “Covert cyber assault detection in smart grid networks utilizing feature selection and euclidean distance- based machine learning,” Applied Sciences, vol. 8, p. 772, 05 2018

    work page 2018

  17. [17]

    Particle swarm optimization for feature selection in classification: A multi-objective approach,

    B. Xue, M. Zhang, and W. N. Browne, “Particle swarm optimization for feature selection in classification: A multi-objective approach,” IEEE Transactions on Cybernetics, vol. 43, no. 6, pp. 1656–1671, Dec 2013

    work page 2013

  18. [18]

    Support vector machines,

    N. Guenther and M. Schonlau, “Support vector machines,” The Stata Journal, vol. 16, no. 4, pp. 917–937, 2016. [Online]. Available: https://doi.org/10.1177/1536867X1601600407

    work page doi:10.1177/1536867x1601600407 2016

  19. [19]

    Mat- power: Steady-state operations, planning, and analysis tools for power systems research and education,

    R. D. Zimmerman, C. E. Murillo-Sanchez, and R. J. Thomas, “Mat- power: Steady-state operations, planning, and analysis tools for power systems research and education,” IEEE Transactions on Power Systems, vol. 26, no. 1, pp. 12–19, Feb 2011

    work page 2011