Deep Neural Networks have proven to be highly accurate at a variety of tasks in recent years. The benefits of Deep Neural Networks have also been embraced in power grids to detect False Data Injection Attacks (FDIA) while conducting critical tasks like state estimation. However, the vulnerabilities of DNNs along with the distinct infrastructure of cyber-physical-system (CPS) can favor the attackers to bypass the detection mechanism. Moreover, the divergent nature of CPS engenders limitations to the conventional defense mechanisms for False Data Injection Attacks. In this paper, we propose a DNN framework with additional layer which utilizes randomization to mitigate the adversarial effect by padding the inputs. The primary advantage of our method is when deployed to a DNN model it has trivial impact on the models performance even with larger padding sizes. We demonstrate the favorable outcome of the framework through simulation using the IEEE 14-bus, 30-bus, 118-bus and 300-bus systems. Furthermore to justify the framework we select attack techniques that generate subtle adversarial examples that can bypass the detection mechanism effortlessly.

翻译：近年来，深度神经网络已在多种任务中展现出极高的准确性。深度神经网络的优势也被引入电网，用于在状态估计等关键任务中检测假数据注入攻击。然而，DNN的脆弱性以及网络物理系统独特的基础设施结构，可能使攻击者能够绕过检测机制。此外，网络物理系统的差异性特征对传统的假数据注入攻击防御机制产生了限制。本文提出了一种带有附加层的DNN框架，该框架通过填充输入并利用随机化来减轻对抗效应。我们方法的主要优势在于，即使采用较大的填充尺寸，部署到DNN模型后对模型性能的影响也微乎其微。我们通过使用IEEE 14节点、30节点、118节点和300节点系统进行仿真，验证了该框架的有利效果。此外，为验证框架的有效性，我们选取了能够生成细微对抗样本的攻击技术，这些样本可轻松绕过检测机制。