The increasing deployment of Internet-of-Things (IoT)-enabled measurement devices in modern power systems has expanded the cyberattack surface of the grid. As a result, this critical infrastructure is increasingly exposed to cyberattacks, including false data injection attacks (FDIAs) that compromise measurement integrity and threaten reliable system operation. Existing FDIA detection methods primarily exploit spatial correlations and network topology using graph-based learning; however, these approaches often rely on high-dimensional representations and shallow classifiers, limiting their ability to capture local structural dependencies and global contextual relationships. Moreover, naively incorporating Transformer architectures can result in overly deep models that struggle to model localized grid dynamics. This paper proposes a joint FDIA detection and localization framework that integrates auto-regressive moving average (ARMA) graph convolutional filters with an Encoder-Only Transformer architecture. The ARMA-based graph filters provide robust, topology-aware feature extraction and adaptability to abrupt spectral changes, while the Transformer encoder leverages self-attention to capture long-range dependencies among grid elements without sacrificing essential local context. The proposed method is evaluated using real-world load data from the New York Independent System Operator (NYISO) applied to the IEEE 14- and 300-bus systems. Numerical results demonstrate that the proposed model effectively exploits both the state and topology of the power grid, achieving high accuracy in detecting FDIA events and localizing compromised nodes.

翻译：随着物联网（IoT）测量设备在现代电力系统中的日益广泛部署，电网的网络攻击面也随之扩大。因此，这一关键基础设施正越来越多地暴露于网络攻击之下，其中包括损害测量完整性并威胁系统可靠运行的虚假数据注入攻击。现有的FDIA检测方法主要利用基于图学习的空间相关性和网络拓扑；然而，这些方法通常依赖于高维表示和浅层分类器，限制了其捕捉局部结构依赖性和全局上下文关系的能力。此外，简单地引入Transformer架构可能导致模型过深，难以有效建模局部电网动态。本文提出了一种联合FDIA检测与定位框架，该框架将自回归移动平均图卷积滤波器与仅编码器Transformer架构相结合。基于ARMA的图滤波器提供了鲁棒的、拓扑感知的特征提取能力，并能适应突发的频谱变化，而Transformer编码器则利用自注意力机制来捕捉电网元件间的长程依赖关系，同时不牺牲必要的局部上下文。所提方法使用来自纽约独立系统运营商的实际负荷数据，在IEEE 14节点和300节点系统上进行了评估。数值结果表明，所提模型能有效利用电网的状态和拓扑信息，在检测FDIA事件和定位受攻击节点方面实现了高精度。