Papers
Topics
Authors
Recent
Search
2000 character limit reached

Load Altering Attacks (LAAs)

Updated 7 July 2026
  • Load Altering Attacks are cyber-physical threats where adversaries manipulate actual electricity consumption via compromised smart devices.
  • They encompass static, dynamic, and switching attack classes, each impacting grid stability through different mechanisms such as frequency excursions and voltage violations.
  • Detection and mitigation strategies integrate model-based, data-driven, and hybrid approaches to enhance system resilience against these sophisticated attacks.

Load altering attacks (LAAs) are cyber-physical attacks in which an adversary changes actual electricity consumption by compromising end-user, IoT-enabled, smart-meter-associated, EV-charging, or otherwise controllable loads, rather than merely falsifying measurements inside utility control systems. In the literature, LAAs are studied as abrupt static demand steps, periodic switching attacks, feedback-driven dynamic attacks, phase-specific manipulations in distribution feeders, and, in a broader interpretation, observation perturbations that coerce DRL controllers into harmful charging or discharging actions. Their analyzed consequences include unsafe frequency excursions, inter-area oscillation growth, line overloads, activation of emergency responses, cascading failures, voltage violations, and electricity-market distortion (Maleki et al., 2024, Broda-Milian et al., 2024).

1. Conceptual scope and threat model

A central distinction in the LAA literature is between physical load manipulation and cyberattacks such as false data injection or load-redistribution attacks. The survey literature treats LAAs as attacks on the demand side: the attacker changes the physical load itself at customer premises, whereas load-redistribution attacks alter reported load measurements to mislead optimization after the system is already in steady state (Maleki et al., 2024). This distinction is operationally important because LAAs disturb the real-time generation-demand balance immediately, and their first manifestations are physical variables such as frequency, voltage, tie-line exchange, and reserve deployment.

The attack surface is correspondingly broad. Across the literature, compromised assets include WiFi-enabled air conditioners, HVAC systems, electric vehicle charging stations, smart heat pumps, smart electric water heaters, thermostatic loads, batteries, and smart meters or meter-associated load settings. Attacker assumptions range from a semi-oblivious adversary with limited knowledge of topology and parameters to worst-case formulations with an omniscient attacker, naive defender model (Lakshminarayana et al., 2022, Maleki et al., 2024). Distribution-system work also considers an adversary with access to a selected subset of smart meters, allowing phase-specific manipulation of effective load settings at selected buses and phases (Selim et al., 2023).

A broader interpretation appears in recent DRL-oriented work: the attacker does not directly switch loads, but perturbs the observations fed to a DRL controller so that the controller itself produces harmful battery charging or discharging actions. In that setting, the path is explicitly framed as observation perturbation \rightarrow wrong DRL action \rightarrow battery misoperation \rightarrow higher grid load, daily peaks, or ramping (Broda-Milian et al., 2024). This suggests that the defining feature of an LAA is not only the attack surface, but the induced alteration of net electrical demand seen by the grid.

2. Attack classes and mathematical formulations

The literature consistently distinguishes static and dynamic LAAs, and several papers also isolate switching attacks as a separate class. A common transmission-level formulation decomposes the load as

PL=PLS+PLV,P^L = P^{LS} + P^{LV},

with vulnerable load modeled as

PLV=KLω+ϵL,P^{LV} = -K^L\omega + \epsilon^L,

or equivalently

PLV=ϵLKLω,P^{LV} = \epsilon^L - K^L\omega,

where ϵL\epsilon^L is the static component and KLω-K^L\omega is a malicious frequency-responsive component (Chu et al., 2022, Jahangir et al., 2022). In this representation, a static LAA is a one-time demand step, whereas a dynamic LAA behaves like malicious load-side feedback that reacts to measured frequency.

Dynamic formulations become more explicit in rare-event and cascading-failure studies. One line of work parameterizes the attack by an initial nodal vector, an update interval II, and a frequency-to-load response coefficient CC, so that the attacker repeatedly updates each \rightarrow0 in proportion to the observed nodal frequency deviation. The paper explicitly characterizes this as a malicious “reverse governor” and shows that \rightarrow1 approaches a continuously updated dynamic attack, while large \rightarrow2 approaches a static one (Goodridge et al., 2023). Switching attacks occupy a related but distinct niche: they are on/off periodic modulations of compromised load at frequencies chosen to excite weakly damped or unstable modes (Sayed et al., 2023).

Distribution-system formulations are often phase-aware rather than frequency-centric. One paper defines the attack vector

\rightarrow3

and studies attacks that increase loading on one phase while reducing loading on the other two phases, thereby worsening phase imbalance and provoking localized undervoltage or overvoltage conditions (Selim et al., 2023). Another line of work models the attack as an additive active/reactive demand increase at one feeder bus and derives explicit post-attack voltage expressions. Under constant-power loads, the attacked voltage at bus \rightarrow4 is written as

\rightarrow5

which makes the role of shared upstream impedance transparent (Maleki et al., 2023).

Operationally oriented LFC papers sometimes use narrower, scenario-specific definitions. In one two-area LFC study, “Type 1 attack” is defined as a “very important additive load variation of short time (load altering attack)”, emphasizing abrupt malicious load change rather than a full adversary-optimization model (Fliess et al., 2021). This diversity of formulations is characteristic of the field: LAAs are unified by physical load manipulation, but the mathematical representation depends strongly on whether the focus is small-signal stability, cascading failure, feeder voltages, or networked control.

3. Transmission-level impacts on frequency control, protection, and cascades

At transmission level, the dominant immediate effect of an LAA is disruption of the active-power balance, and therefore of frequency control. Analytical work based on second-order dynamical systems shows that static LAAs act as step disturbances exciting transient frequency peaks, whereas dynamic LAAs alter the effective damping matrix and can destabilize the frequency-control loop itself (Lakshminarayana et al., 2020). This distinction underpins the repeated observation that dynamic coordination is often more dangerous than brute-force load magnitude alone.

Low-inertia operation amplifies these risks. In a WSCC 9-bus study motivated by COVID-19 low-demand conditions, the least-effort attack needed to cause a \rightarrow6 Hz frequency violation at the most vulnerable bus dropped from 6.77 MW at \rightarrow7 renewable penetration to 5.81 MW at \rightarrow8 renewable penetration, with bus 6 identified as the most vulnerable bus in every penetration scenario (Lakshminarayana et al., 2022). A plausible implication is that renewable-rich, low-inertia operating points reduce attacker effort not uniformly, but through a combination of reduced inertia, scheduling mismatch, and bus-level modal sensitivity.

Rare-event analyses sharpen the same point from a different direction. In the Kundur two-area system, failure-causing attacks are concentrated mainly at load buses 5 and 6, and the most harmful spatial patterns are not simply “large everywhere” but attacks that either increase load in both areas or decrease load in the generation-rich area while increasing it in the load-heavy area, thereby worsening inter-area imbalance (Goodridge et al., 2022). In the three-area IEEE-39 study of dynamic LAAs and cascading failures, the dangerous attacks are explicitly described as rare events because the network is \rightarrow9 secure and includes emergency responses. That study identifies two dangerous regimes: short-interval, lower-magnitude dynamic LAAs with \rightarrow0 s and \rightarrow1 GW, producing average cascades around 9,000 MW, and long-interval, very large-magnitude static-like LAAs with \rightarrow2 s and \rightarrow3 GW, producing average cascades around 4,000 MW (Goodridge et al., 2023). It also reports a concrete threshold shift: when \rightarrow4 s, about 1,550 MW of manipulated load is needed to trigger a disconnection event, whereas at \rightarrow5 s, about 300 MW is sufficient (Goodridge et al., 2023).

Load frequency control itself can become part of the vulnerability. An open-source RTDS–Containernet co-simulation study shows that a moderate DLAA with \rightarrow6 produces slowly growing oscillations under primary control only, but with LFC enabled the same attack becomes unstable at about 170 s after attack launch. For a stronger DLAA with \rightarrow7, LFC causes attack success roughly 60 s earlier than without LFC (Forystek et al., 1 Aug 2025). The same study shows that UFLS can stabilize some strong SLAA and DLAA scenarios, but communication delay and packet loss can make UFLS too late to save the system (Forystek et al., 1 Aug 2025). This is a recurring theme in LAA research: attacks and protections must be analyzed jointly with the communication substrate on which protection timing depends.

4. Distribution-system manifestations: voltage, unbalance, and topology sensitivity

In distribution systems, LAAs are studied primarily through their effect on voltage profiles rather than bulk frequency. Analytical ZIP-load work shows that the attack-induced voltage depression depends on the common-path resistance and reactance between the attacked bus and the observed bus, which explains why leaf-bus attacks are most damaging (Maleki et al., 2023). The same work shows that modeling loads as realistic ZIP rather than constant-power can materially change severity estimates. For the IEEE 33-bus feeder, the minimum number of air conditioners needed to violate the \rightarrow8 p.u. threshold at bus 18 rises from 100 under constant-power assumptions to 282 under ZIP assumptions; at bus 33, it rises from 327 to 1177 (Maleki et al., 2023). The paper explicitly interprets this as voltage-dependent attenuation: as voltage sags, realized attacked demand decreases relative to constant-power predictions.

Phase-aware smart-meter attacks add a stealth dimension. In an IEEE 123-bus RTDS–RTAC testbed, phase-wise LAAs create up to 36 voltage violations while keeping voltage unbalance below the 3% ANSI-related threshold. The most severe reported case produces 36 voltage violations with 2.999% unbalance, and several other cases produce 26 voltage violations with unbalance in the range 1.704%–2.574% (Selim et al., 2023). This directly supports the claim that feeder damage can be substantial even when conventional unbalance-based checks do not flag a clearly abnormal condition.

Topology is not merely a background parameter; it is one of the main determinants of attack impact. A distribution reconfiguration study derives closed-form attack-voltage relationships and concludes that attacks launched on the deepest nodes have the most detrimental effect on feeder voltages (Maleki et al., 2024). In the same line of work, bus 18 in the IEEE 33-bus feeder requires dramatically fewer compromised devices than buses 25 or 33 to trigger voltage violations, again linking vulnerability to electrical depth rather than only to local load magnitude (Maleki et al., 2024). This makes LAAs in radial feeders fundamentally topology-sensitive attacks.

5. Detection and localization

The detection literature is commonly organized into model-based, data-driven, and hybrid approaches (Maleki et al., 2024). Model-based methods use state-space or DAE models, observers, residual generators, or Kalman-filter variants; data-driven methods work from demand data, PMU trajectories, feeder measurements, or EV charging profiles; hybrid methods combine physical structure with learning or sparse identification (Maleki et al., 2024).

A representative physics-informed data-driven contribution is the SINDy/PINN framework for identifying compromised nodes and attack parameters from physical measurements. That work proposes a sparse-regression method based on Sparse Identification of Nonlinear Dynamics (SINDy) and a physics-informed neural network (PINN) method, both intended for edge-computing deployment over decentralized architectures. On IEEE 6-, 14-, and 39-bus systems, the paper reports that these methods outperform approaches based on the unscented Kalman filter, support vector machines, and generic neural networks, while detecting and identifying attack locations in a timely manner (Lakshminarayana et al., 2021).

PMU-based localization has also been studied as a high-resolution classification problem. A deep capsule network using generator-bus PMU frequency and phase-angle data is evaluated on IEEE 14-, 39-, and 57-bus systems against 2D-CNN, 1D-CNN, MLP, and SVM baselines. The reported clean-data localization accuracies are 98.32% single-point and 97.01% multi-point on IEEE 39-bus, and 95.50% single-point and 94.00% multi-point on IEEE 57-bus (Jahangir et al., 2022). The same paper emphasizes delay robustness: the capsule network maintains 80% accuracy until about 0.60 s of delay, whereas CNN-based methods lose 80% accuracy after only about 0.24 s of delay (Jahangir et al., 2022). This is especially relevant because attack onset is usually unknown, so online windows are not perfectly synchronized with offline training data.

The survey literature reinforces two caveats. First, model-based methods depend on reduced-order model fidelity and trustworthy dynamic measurements. Second, purely data-driven methods face representativeness, interpretability, and adversarial-ML concerns, particularly when attacks are temporally coordinated to exploit meter sampling or detector assumptions (Maleki et al., 2024). This suggests that hybrid physics-informed schemes are likely to remain important in LAA monitoring.

6. Mitigation and resilient control

Mitigation strategies span preventive hardening, reactive control, and combined cyber-physical response (Maleki et al., 2024). On the transmission side, several papers treat LAAs explicitly as disturbance-rejection problems. In a two-area LFC study, the baseline integral secondary controllers \rightarrow9 and PL=PLS+PLV,P^L = P^{LS} + P^{LV},0 are replaced with decentralized model-free intelligent proportional controllers based on the ultra-local model

PL=PLS+PLV,P^L = P^{LS} + P^{LV},1

For the paper’s Type 1 LAA, model-free control reduces PL=PLS+PLV,P^L = P^{LS} + P^{LV},2 by roughly 25.7%, PL=PLS+PLV,P^L = P^{LS} + P^{LV},3 by 25.8%, PL=PLS+PLV,P^L = P^{LS} + P^{LV},4 by 40.6%, and PL=PLS+PLV,P^L = P^{LS} + P^{LV},5 by 60.6% relative to the integrator baseline (Fliess et al., 2021). The same paper reports dramatically stronger empirical robustness under DoS packet loss, while also noting that the DoS claim rests on computer experiments rather than a formal proof (Fliess et al., 2021).

Another transmission-side line uses fast controllable resources as corrective actuators. The Cyber-Resilient Economic Dispatch (CRED) framework models the dynamic LAA term as a damping reduction and optimizes IBR droop gains after attack detection, using recursive linearization and a distributionally robust treatment of attack-parameter uncertainty (Chu et al., 2022). In one reported operating point, stabilizing a case with PL=PLS+PLV,P^L = P^{LS} + P^{LV},6 p.u. requires PL=PLS+PLV,P^L = P^{LS} + P^{LV},7 p.u., reserved wind power PL=PLS+PLV,P^L = P^{LS} + P^{LV},8 GW, and an operating-cost increase from 68.73 k£ to 80.21 k£ (Chu et al., 2022). The result is conceptually important even beyond that case: resilience is purchased through headroom, retuning, and redispatch.

EV-based wide-area control is another major mitigation direction. A robust mixed PL=PLS+PLV,P^L = P^{LS} + P^{LV},9 controller using EV active/reactive power as control input is tested against 800 MW static, switching, and dynamic attacks on the New England 39-bus system. The paper reports that the mixed controller reduces the dynamic-attack maximum frequency deviation from 1.5 Hz to 0.01 Hz, and the switching-attack sustained oscillation to about 0.006 Hz (Sayed et al., 2023). A related PLV=KLω+ϵL,P^{LV} = -K^L\omega + \epsilon^L,0-only EV controller reports that the EV-based mitigation scheme lowers the frequency deviation caused by 800 MW attacks below 0.1 Hz, including 0.01 Hz in the switching case and 0.08 Hz in the dynamic case (Sayed et al., 2023). These works treat EV fleets as fast, distributed corrective actuators rather than only as flexible demand.

Distribution mitigation is more topology-centric. In the RTDS–RTAC topology-control study, switch reconfiguration eliminates all voltage violations in five of six tested attack scenarios and reduces the strongest case from 36 to 25 violations (Selim et al., 2023). In the Stackelberg reconfiguration study, the equilibrium defense on the IEEE 33-bus system requires only 2 switching actions under accurate localization, while localization uncertainty can raise this to 4 switching actions in exchange for a lower total voltage deviation (Maleki et al., 2024). Across these papers, the common pattern is that LAAs are not mitigated by a single universal mechanism; rather, the defense lever depends on whether the dominant vulnerability is frequency damping, communication-dependent protection, or feeder voltage topology.

7. Validation paradigms, recurrent misconceptions, and open problems

LAA research has moved beyond purely offline scripting toward real-time and cyber-physical validation. Distribution-level work integrates RTDS, RTAC, a host PC, and Modbus/TCP in an IEEE 123-bus testbed with 206 smart meters and explicit register-level communication constraints (Selim et al., 2023). Transmission-level LFC work combines Python with RTDS to compare idealized state-space LFC behavior against real-time simulations with generator limits and nonlinearities (Forystek et al., 11 Apr 2025). Communication-aware studies now couple RTDS/RSCAD to Containernet via DNP3 to analyze how LFC and UFLS behave under DLAA when latency and packet loss are part of the experiment, not an afterthought (Forystek et al., 1 Aug 2025). This suggests that closed-loop cyber-physical validation is becoming a methodological requirement rather than a luxury.

Several misconceptions recur in the literature. First, LAAs are not synonymous with false-data injection or load-redistribution attacks; they change physical demand directly (Maleki et al., 2024). Second, not every large load step is equally dangerous: location, timing, update interval, vulnerability ratio, operating scenario, and inter-area imbalance all materially affect severity (Goodridge et al., 2022, Goodridge et al., 2023). Third, not all LAAs are direct device-switching attacks; some recent work studies indirect observation-driven load alteration through vulnerable DRL controllers (Broda-Milian et al., 2024). Fourth, distribution-system LAAs are not adequately characterized by transmission-style frequency metrics alone; feeder voltages, phase imbalance, and topology are often the dominant variables (Maleki et al., 2023, Selim et al., 2023).

The open problems identified across the corpus are equally consistent. Many impact studies still assume an omniscient attacker, naive defender model (Maleki et al., 2024). Several defenses remain predominantly simulation-backed: the model-free LFC defense explicitly notes that its DoS resilience currently rests on computer experiments, and the RTDS–RTAC topology-control paper states that its “game-theoretic” formulation does not provide a rigorous normal-form or Stackelberg derivation (Fliess et al., 2021, Selim et al., 2023). Other limitations recur: reduced-order dynamic models instead of full cyber-market co-simulation, single benchmark networks, closed-set localization targets, and limited treatment of simultaneous multi-vector attacks (Goodridge et al., 2023, Jahangir et al., 2022). A plausible implication is that the next stage of LAA research will need tighter integration of attack modeling, detection, control, communications, and market response, with formal guarantees where current papers rely mainly on empirical evidence.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (17)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Load Altering Attacks (LAAs).