We can pay less: coordinated false data injection attack against residential demand response in smart grids

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review


Advanced metering infrastructure, along with home automation processes, is enabling more efficient and effective demand-side management opportunities for both consumers and utility companies. However, tight cyber-physical integration also enables novel attack vectors for false data injection attacks (FDIA) as home automation/ home energy management systems reside outside the utilities' control perimeter. Authentic users themselves can manipulate these systems without causing significant security breaches compared to traditional FDIAs. This work depicts a novel FDIA that exploits one of the commonly utilised distributed device scheduling architectures. We evaluate the attack impact using a realistic dataset to demonstrate that adversaries gain significant benefits, independently from the actual algorithm used for optimisation, as long as they have control over a sufficient amount of demand. Compared to traditional FDIAs, reliable security mechanisms such as proper authentication, security protocols, security controls or, sealed/controlled devices cannot prevent this new type of FDIA. Thus, we propose a set of possible impact alleviation solutions to thwart this type of attack.

Original languageEnglish
Title of host publicationCODASPY'21 - Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy
EditorsMurtuza Jadliwala
Place of PublicationNew York NY USA
PublisherAssociation for Computing Machinery (ACM)
Number of pages12
ISBN (Electronic)9781450381437
Publication statusPublished - 2021
EventConference on Data and Application Security and Privacy 2021 - Online, United States of America
Duration: 26 Apr 202128 Apr 2021
Conference number: 11th
https://dl-acm-org.ezproxy.lib.monash.edu.au/doi/proceedings/10.1145/3422337 (Proceedings)
http://www.codaspy.org/2021/ (Website)


ConferenceConference on Data and Application Security and Privacy 2021
Abbreviated titleCODASPY 2021
CountryUnited States of America
Internet address


  • Demand response
  • false data injection attack
  • impact alleviation
  • smart grid vulnerabilities

Cite this