GenAI-FDIA: Physics-Informed Generative Models for False Data Injection Attacks
Pith reviewed 2026-05-20 16:20 UTC · model grok-4.3
The pith
Physics-informed generative models synthesize fully stealthy false data injection attacks on power systems via an inference-time harmoniser.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
GenAI-FDIA benchmarks twenty generative architectures spanning Wasserstein GANs, MMD-VAEs, normalising flows, diffusion models and hybrids for physics-compliant FDIA synthesis across IEEE 14-bus DC, 30-bus DC and 14-bus AC testbeds under a 60/20/20 chronological split with data-driven BDD threshold calibration. All architectures achieve evasion rates of at least 86.6 percent on the 14-bus network, while limited topological knowledge measurably reduces stealth. Affine physics projections applied directly in normalised feature space displace attack vectors and collapse evasion to below 2 percent on the 30-bus case. An inference-time harmoniser corrects this displacement to deliver 100 percent
What carries the argument
The inference-time harmoniser, a post-generation correction step that realigns generated attack vectors with power-system physics constraints after leaving the normalised feature space, thereby eliminating projection-induced displacement.
If this is right
- Generative models from multiple families can achieve high-fidelity FDIA vectors that evade BDD on standard IEEE test networks when physics compliance is enforced.
- An attacker’s incomplete knowledge of network topology produces a statistically significant drop in evasion performance.
- The harmoniser restores full stealthiness across all physics-informed variants without requiring model retraining or architectural changes.
- A 50-epoch warm-up schedule corrects covariance collapse in hybrid architectures and improves distribution matching metrics.
Where Pith is reading between the lines
- The harmoniser technique could be tested on larger or real-grid measurement streams to check whether the same displacement correction generalises beyond the IEEE testbeds.
- Synthetic attack datasets produced this way might allow detector designers to train on a wider range of physics-consistent scenarios than hand-crafted attacks permit.
- The same post-generation alignment step may apply to other generative tasks that must obey linear or affine physical constraints after operating in scaled feature spaces.
Load-bearing premise
A data-driven bad-data-detection threshold calibrated on the chronological 60/20/20 split of simulated measurements accurately represents the stealth requirements that would hold in real power-system operations, and the identified projection displacement plus covariance collapse are the dominant failure modes rather than artifacts of the chosen testbeds or normalisation.
What would settle it
Apply the reported harmoniser to attacks generated for the 30-bus testbed and measure whether BDD evasion reaches 100 percent; if the rate remains near the sub-2 percent level seen without the harmoniser, the central fix claim does not hold.
Figures
read the original abstract
Training and evaluating false data injection attack (FDIA) detectors for power systems is constrained by data scarcity. Operational grid measurements are commercially sensitive, and hand-crafted attacks fail to capture complex distributional structures imposed by network physics. We present \textsc{GenAI-FDIA}, a framework benchmarking a pool of $P{=}20$ architectures for physics-compliant FDIA synthesis, spanning Wasserstein GANs, MMD-VAEs, normalising flows, diffusion models, and cross-family hybrids. These are evaluated across three IEEE testbeds (14-bus DC, 30-bus DC, and 14-bus AC) under a 60/20/20 chronological split using data-driven Bad Data Detection (BDD) threshold calibration. Our empirical results verify that these models generate high-fidelity attacks, with all architectures achieving evasion rates of $\epsilon_{\text{BDD}} \ge 86.6\%$ on the 14-bus network; additionally, limiting an attacker's topological knowledge induces a measurable degradation in stealthiness ($p \le 0.0022$). Crucially, we identify a previously unreported failure mode: applying affine physics projections directly in normalised feature spaces critically displaces the attack vector, collapsing BDD evasion from ${\sim}55\%$ to $<\!2\%$ on the 30-bus testbed. We resolve this via a novel inference-time harmoniser, restoring full stealthiness ($\epsilon_{\text{BDD}}{=}100\%$) across all physics-informed variants without retraining. Finally, we isolate a covariance-collapse phenomenon ($\kappa \approx {-}0.076$) within advanced hybrid architectures and rectify it through 50-epoch warm-up schedules ($\kappa \to 0.785$, $\Delta\text{MMD}={-}3.1\%$). Ultimately, \textsc{GenAI-FDIA} delivers a robust recovery blueprint applicable to any physics-constrained generative model deployed for power-system security.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The manuscript introduces GenAI-FDIA, a benchmarking framework evaluating a pool of P=20 physics-informed generative architectures (Wasserstein GANs, MMD-VAEs, normalizing flows, diffusion models, and hybrids) for synthesizing false data injection attacks on power-system measurements. Using IEEE 14-bus DC, 30-bus DC, and 14-bus AC testbeds under a 60/20/20 chronological split and data-driven BDD threshold calibration, it reports evasion rates ε_BDD ≥ 86.6% on the 14-bus network, quantifies degradation from limited topological knowledge (p ≤ 0.0022), identifies an affine-projection displacement failure mode that drops evasion below 2% on the 30-bus case, and proposes an inference-time harmoniser that restores 100% stealthiness without retraining. It further isolates covariance collapse (κ ≈ -0.076) in hybrids and corrects it via 50-epoch warm-up schedules (κ → 0.785).
Significance. If the central empirical claims hold under operationally realistic BDD thresholds, the work supplies a useful public benchmark for generative FDIA synthesis and concrete, training-free fixes for physics compliance. The explicit identification of normalized-space projection displacement and the reproducible evaluation on standard IEEE testbeds are strengths that could inform detector hardening.
major comments (2)
- [Experimental methodology and BDD calibration (Section 4)] The headline evasion rates (ε_BDD ≥ 86.6% on 14-bus, restored to 100% by the harmoniser) rest on a BDD detector whose threshold is calibrated solely from the training portion of the 60/20/20 chronological split. Operational power-system BDD conventionally uses fixed χ² quantiles (degrees of freedom = measurements minus states) or adaptive thresholds that incorporate topology and load statistics absent from the testbed splits. If the learned threshold is materially looser, both the baseline figures and the harmoniser’s apparent success become artifacts of calibration rather than intrinsic attack properties.
- [Physics-projection results (Section 5.2)] The reported projection-displacement failure (evasion collapse from ~55% to <2% on the 30-bus network when affine physics projections are applied in normalized feature space) is presented as a general phenomenon. The manuscript should demonstrate that the collapse persists under alternative normalization schemes or when the projection is performed in the original measurement space before normalization, to rule out testbed-specific or preprocessing artifacts.
minor comments (2)
- [Abstract and Section 5.1] The statistical test underlying the p ≤ 0.0022 claim for topological-knowledge degradation should be stated explicitly.
- [Covariance-collapse discussion (Section 5.3)] The symbol κ (covariance-collapse metric) is introduced without a concise definition or reference; a one-sentence clarification would aid readers.
Simulated Author's Rebuttal
We thank the referee for their constructive comments, which help clarify the scope and robustness of our empirical claims. We address each major point below with proposed revisions.
read point-by-point responses
-
Referee: [Experimental methodology and BDD calibration (Section 4)] The headline evasion rates (ε_BDD ≥ 86.6% on 14-bus, restored to 100% by the harmoniser) rest on a BDD detector whose threshold is calibrated solely from the training portion of the 60/20/20 chronological split. Operational power-system BDD conventionally uses fixed χ² quantiles (degrees of freedom = measurements minus states) or adaptive thresholds that incorporate topology and load statistics absent from the testbed splits. If the learned threshold is materially looser, both the baseline figures and the harmoniser’s apparent success become artifacts of calibration rather than intrinsic attack properties.
Authors: We acknowledge the distinction between data-driven calibration and conventional fixed χ² quantiles. Our choice follows standard practice in ML-based power-system anomaly detection to match testbed-specific distributions under the chronological split. To address the concern directly, we will add experiments in the revision using fixed χ² thresholds (with degrees of freedom equal to measurements minus states) and report the resulting evasion rates. This will confirm whether the headline figures and harmoniser gains hold under operationally standard thresholds. revision: yes
-
Referee: [Physics-projection results (Section 5.2)] The reported projection-displacement failure (evasion collapse from ~55% to <2% on the 30-bus network when affine physics projections are applied in normalized feature space) is presented as a general phenomenon. The manuscript should demonstrate that the collapse persists under alternative normalization schemes or when the projection is performed in the original measurement space before normalization, to rule out testbed-specific or preprocessing artifacts.
Authors: We agree that additional controls are needed to establish the failure mode as general rather than preprocessing-dependent. In the revised manuscript we will include results for (i) affine projection performed in the original measurement space before any normalization and (ii) alternative schemes such as min-max scaling and per-feature z-score. These will be reported alongside the original normalized-space results to demonstrate persistence of the displacement effect. revision: yes
Circularity Check
No circularity in empirical evaluation of generative FDIA models
full rationale
The paper reports an empirical benchmarking study of 20 generative architectures on public IEEE testbeds (14-bus DC, 30-bus DC, 14-bus AC) under a fixed 60/20/20 chronological split. All central claims—evasion rates ε_BDD ≥ 86.6%, degradation under limited topology knowledge, projection-displacement failure mode, covariance-collapse phenomenon, and the inference-time harmoniser restoring 100% stealth—are presented as measured experimental outcomes on held-out data rather than as derivations or first-principles predictions. No equation or result is shown to reduce by construction to a fitted parameter or to a self-citation whose content is itself unverified. The data-driven BDD threshold is an explicit methodological choice whose validity can be checked against external chi-squared or topology-aware detectors; it does not create a self-referential loop inside the reported metrics. The work is therefore self-contained against the stated public benchmarks.
Axiom & Free-Parameter Ledger
free parameters (2)
- 50-epoch warm-up schedule
- P=20 architecture pool
axioms (2)
- domain assumption Power-system measurements obey network physics that can be enforced via affine projections or harmonisation.
- domain assumption Data-driven BDD thresholds calibrated on chronological splits provide a valid stealth metric.
invented entities (1)
-
inference-time harmoniser
no independent evidence
Lean theorems connected to this paper
-
IndisputableMonolith/Costwashburn_uniqueness_aczel unclear?
unclearRelation between the paper passage and the cited Recognition theorem.
data-driven Bad Data Detection (BDD) threshold calibration... 60/20/20 chronological split
What do these tags mean?
- matches
- The paper's claim is directly supported by a theorem in the formal canon.
- supports
- The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
- extends
- The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
- uses
- The paper appears to rely on the theorem as machinery.
- contradicts
- The paper's claim conflicts with a theorem or certificate in the canon.
- unclear
- Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.
Reference graph
Works this paper leans on
-
[1]
Renewable power generation costs in 2023,
International Renewable Energy Agency, “Renewable power generation costs in 2023,” IRENA, Tech. Rep., 2024. [Online]. Available: https://www.irena.org/Publications/2024/Sep/ Renewable-Power-Generation-Costs-in-2023
work page 2023
-
[2]
Analysis of the cyber attack on the Ukrainian power grid,
R. M. Lee, M. J. Assante, and T. Conway, “Analysis of the cyber attack on the Ukrainian power grid,” E-ISAC and SANS ICS, Tech. Rep., Mar. 2016. [Online]. Available: https://ics.sans.org/media/ E-ISAC SANS Ukraine DUC 5.pdf
work page 2016
-
[3]
INDUSTROYER2: Industroyer reloaded,
ESET Research, “INDUSTROYER2: Industroyer reloaded,” ESET, Tech. Rep., Apr. 2022. [Online]. Available: https://www.welivesecurity. com/2022/04/12/industroyer2-industroyer-reloaded/
work page 2022
-
[4]
People’s Republic of China state-sponsored cyber actor living off the land to evade detection,
CISA, NSA, and FBI, “People’s Republic of China state-sponsored cyber actor living off the land to evade detection,” Cybersecurity and In- frastructure Security Agency, Tech. Rep., Feb. 2024. [Online]. Available: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a
work page 2024
-
[5]
False data injection attacks against state estimation in electric power grids,
Y . Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state estimation in electric power grids,”ACM Transactions on Informa- tion and System Security, vol. 14, no. 1, pp. 1–33, May 2011
work page 2011
-
[6]
Joint adversarial example and false data injection attacks for state estimation in power systems,
J. Tian, B. Wang, Z. Wang, K. Cao, J. Li, and M. Ozay, “Joint adversarial example and false data injection attacks for state estimation in power systems,”IEEE Transactions on Cybernetics, vol. 52, no. 12, pp. 13 699– 13 713, Dec. 2022
work page 2022
-
[7]
iAttackGen: Generative synthesis of false data injection attacks in cyber-physical systems,
M. H. Shahriar, A. A. Khalil, M. A. Rahman, M. H. Manshaei, and D. Chen, “iAttackGen: Generative synthesis of false data injection attacks in cyber-physical systems,” inProceedings of the IEEE In- ternational Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), 2022
work page 2022
-
[8]
Sparse adversarial learning for FDIA attack sample generation in distributed smart grids,
F. Li, W. Shen, Z. Bi, and X. Su, “Sparse adversarial learning for FDIA attack sample generation in distributed smart grids,”Computer Modeling in Engineering & Sciences, 2023
work page 2023
-
[9]
Y . H. Liu, B. Liu, X. Liu, and H. Wu, “False data injection attacks based on least squares generative adversarial networks with reconstruc- tion loss,” inProc. IEEE Power & Energy Society General Meeting (PESGM), Jul. 2024, pp. 1–5. IEEE TRANSACTIONS ON SMART GRID, VOL. 0, NO. 0, MONTH 2026 10
work page 2024
-
[10]
X. Huang, Z. Qin, M. Xie, H. Liu, and L. Meng, “Defense of massive false data injection attack via sparse attack points considering uncertain topological changes,”Journal of Modern Power Systems and Clean Energy, vol. 10, no. 6, pp. 1588–1598, Jan. 2022
work page 2022
-
[11]
A novel false data injection method targeting on time-series analysis in smart grid,
S. Hong, X. Zhang, J. Kou, and Y . Sun, “A novel false data injection method targeting on time-series analysis in smart grid,” inProc. Int. Conf. Smart Energy Grid Engineering (SEGE), Jun. 2023, pp. 50–55
work page 2023
-
[12]
K. Li, F. Li, B. Wang, and M. Shan, “False data injection attack sample generation using an adversarial attention-diffusion model in smart grids,” AIMS Energy, vol. 12, no. 6, pp. 1271–1293, Jan. 2024
work page 2024
-
[13]
Controllable blind AC FDIA via physics-informed extrapolative A V AE,
S. Zhao, W. Luo, Q. Shu, and F. Xu, “Controllable blind AC FDIA via physics-informed extrapolative A V AE,”Sensors, vol. 25, no. 3, p. 943, 2025
work page 2025
-
[14]
J. Zhang, Q. Wang, J. Hu, S. Wu, Y . Ye, and Y . Tang, “Prior-knowledge- free data tampering on power system state estimation: A physics- constrained generative adversarial framework,”IEEE Internet of Things Journal, Jan. 2025
work page 2025
-
[15]
Generating synthetic net load data with physics-informed diffusion model,
S. Zhang, Y . Cheng, and N. Yu, “Generating synthetic net load data with physics-informed diffusion model,”IEEE Transactions on Smart Grid, 2024
work page 2024
-
[16]
ADMM-based adversarial false data injection attacks against multi- label locational detection,
J. Tian, C. Shen, C. Lin, M. Zhang, X. Xia, C. Ren, and Y . Zhang, “ADMM-based adversarial false data injection attacks against multi- label locational detection,”IEEE Transactions on Dependable and Secure Computing, 2026
work page 2026
-
[17]
Spatiotemporal stealthy attacks in power systems with high-penetrated renewable energy sources,
C. Liu, Y . Li, Y . Yu, X. Wu, M. Yang, Y . Tang, and B. Long, “Spatiotemporal stealthy attacks in power systems with high-penetrated renewable energy sources,”IEEE Internet of Things Journal, 2025
work page 2025
-
[18]
A. S. Musleh, G. Chen, Z. Y . Dong, C. Wang, and S. Chen, “Spatio- temporal data-driven detection of false data injection attacks in power distribution systems,”International Journal of Electrical Power & Energy Systems, vol. 147, p. 108926, 2023
work page 2023
-
[19]
W. Xu, M. Higgins, J. Wang, I. M. Jaimoukha, and F. Teng, “Blending data and physics against false data injection attack: An event-triggered moving target defence approach,”IEEE Transactions on Smart Grid, vol. 14, no. 4, pp. 2613–2627, Jul. 2023
work page 2023
-
[20]
W. Xia, D. He, and L. Yu, “Locational detection of false data injection at- tacks in smart grids: A graph convolutional attention network approach,” IEEE Internet of Things Journal, vol. 11, no. 6, pp. 10 399–10 413, Mar. 2024
work page 2024
-
[21]
A. Baul, G. C. Sarker, P. K. Sadhu, V . P. Yanambaka, and A. Ab- delgawad, “XTM: A novel transformer and LSTM-based model for detection and localization of formally verified FDI attack in smart grid,” Electronics, vol. 12, no. 4, p. 797, 2023
work page 2023
-
[22]
Y . Liu and L. Shi, “A joint FDIA detection and localization scheme and experimental analysis based on adversarial anomaly transformer for power distribution system,”IEEE Transactions on Industrial Informatics, 2025
work page 2025
-
[23]
R. Nawaz, R. Akhtar, S. U. Khan, S. Bu, and M. Mahmood, “Generative adversarial networks-based false data injection: A concern for data integrity of power networks,”IEEE Transactions on Power Systems, 2025
work page 2025
-
[24]
ConAML: Constrained adversarial machine learning for cyber-physical systems,
J. Li, Y . Yang, K. Tomsovic, J. S. Sun, and H. Qi, “ConAML: Constrained adversarial machine learning for cyber-physical systems,” inProceedings of the ACM Asia Conference on Computer and Commu- nications Security (ASIA CCS), 2021, pp. 52–62
work page 2021
-
[25]
Techniques - enterprise — mitre att&ck®,
MITRE, “Techniques - enterprise — mitre att&ck®,” April 2026, [Online; accessed 2026-04-21]. [Online]. Available: https://attack.mitre. org/techniques/enterprise/
work page 2026
-
[26]
F. T. Liu, K. M. Ting, and Z.-H. Zhou, “Isolation forest,” inProceedings of the 8th IEEE International Conference on Data Mining (ICDM), 2008, pp. 413–422
work page 2008
-
[27]
Y . Qin, Z. Luo, Y . Che, and L. Cao, “False data injection attacks against uav battery state of health estimation with a capacity-informed latent diffusion model,”Green Energy and Intelligent Transportation, p. 100404, 2026
work page 2026
-
[28]
False data injection on state estimation in power systems—attacks, impacts, and defense: A survey,
R. Deng, G. Xiao, R. Lu, H. Liang, and A. V . Vasilakos, “False data injection on state estimation in power systems—attacks, impacts, and defense: A survey,”IEEE Transactions on Industrial Informatics, vol. 13, no. 2, pp. 411–423, 2017
work page 2017
-
[29]
Improved training of Wasserstein GANs,
I. Gulrajani, F. Ahmed, M. Arjovsky, V . Dumoulin, and A. Courville, “Improved training of Wasserstein GANs,” inAdvances in Neural Information Processing Systems, vol. 30, 2017
work page 2017
-
[30]
I. Tolstikhin, O. Bousquet, S. Gelly, and B. Sch ¨olkopf, “Wasserstein auto-encoders,” inInternational Conference on Learning Representa- tions, 2018
work page 2018
-
[31]
Isolating sources of disentanglement in variational autoencoders,
R. T. Q. Chen, X. Li, R. Grosse, and D. Duvenaud, “Isolating sources of disentanglement in variational autoencoders,” inAdvances in Neural Information Processing Systems, vol. 31, 2018
work page 2018
-
[32]
Density estimation using real-valued non-volume preserving (Real NVP) transformations,
L. Dinh, J. Sohl-Dickstein, and S. Bengio, “Density estimation using real-valued non-volume preserving (Real NVP) transformations,” in International Conference on Learning Representations, 2017
work page 2017
-
[33]
FLOWTS: Time series generation via rectified flow,
Y . Hu, X. Wang, Z. Ding, L. Wu, H. Zhang, S. Z. Li, S. Wang, J. Zhang, Z. Li, and T. Chen, “FLOWTS: Time series generation via rectified flow,” 2025, preprint. Code: https://github.com/UNITES-Lab/FlowTS
work page 2025
-
[34]
Denoising diffusion probabilistic models,
J. Ho, A. Jain, and P. Abbeel, “Denoising diffusion probabilistic models,” inAdvances in Neural Information Processing Systems, vol. 33, 2020, pp. 6840–6851
work page 2020
-
[35]
Axiomatic attribution for deep networks,
M. Sundararajan, A. Taly, and Q. Yan, “Axiomatic attribution for deep networks,” inProceedings of the 34th International Conference on Machine Learning (ICML), 2017, pp. 3319–3328
work page 2017
-
[36]
Interrater reliability: the kappa statistic,
M. L. McHugh, “Interrater reliability: the kappa statistic,”Biochemia medica, vol. 22, no. 3, pp. 276–282, 2012
work page 2012
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.