Cyber-physical system (CPS) like smart grids deeply integrated with communication networks are often subjected to sophisticated cyber-attacks, such as false data injection attack (FDIA) with a strong capability of strategic reconnaissance required to learn the environment, where the static characteristics of the system enable an easier profiling of the critical infrastructure resources by the adversary. In this paper, we propose a cyber-physical moving target defense (CPMTD) technique that focuses on both attack prevention and detection to mitigate such static vulnerabilities and provide a combination of defense strategies for power system. For attack prevention, we design the Cyber-MTD strategy to mislead and disrupt attack preparation by randomizing the data acquisition with controlled change across multiple system dimensions based on the network programmability of protocol oblivious forwarding (POF). For attack detection, we design the Physical-MTD strategy to improve the detection probability of FDIA by periodically changing the measurement matrix of state estimation based on the D-FACTS devices’ capability of perturbing the transmission line susceptance. Simulations on IEEE 14 bus and 57 bus systems demonstrate the effectiveness of CPMTD against FDIA with small overhead. The probability of cyber-attacks in two cases can be reduced by more than 90%; FDIA introduces little operation cost as most of them are detected. Network throughput barely changes and network latency increases by less than 9%.

与通信网络深度融合的智能电网等信息物理系统（CPS）经常受到复杂的网络攻击，例如具有强大战略侦察能力的虚假数据注入攻击（FDIA）需要学习环境，其中静态特征该系统使对手能够更轻松地分析关键基础设施资源。在本文中，我们提出了一种网络物理移动目标防御 (CPMTD) 技术，该技术侧重于攻击预防和检测，以减轻此类静态漏洞并为电力系统提供防御策略的组合。为了防止攻击，我们设计了 Cyber​​-MTD 策略，通过基于协议不经意转发 (POF) 的网络可编程性，通过跨多个系统维度的受控更改随机化数据获取来误导和破坏攻击准备。对于攻击检测，我们设计了 Physical-MTD 策略，通过基于 D-FACTS 设备扰动传输线电纳的能力周期性地改变状态估计的测量矩阵来提高 FDIA 的检测概率。在 IEEE 14 总线和 57 总线系统上的模拟证明了 CPMTD 以小开销对抗 FDIA 的有效性。两种情况下的网络攻击概率可降低90%以上；FDIA 引入的运营成本很少，因为它们中的大部分都被检测到了。网络吞吐量几乎没有变化，网络延迟增加不到 9%。