Microgrids (MGs), as an example of cyber physical system (CPS), are complex systems, which have a tight interaction between physical electrical components and computing elements (cyber layer). Based on the Open systems interconnection (OSI) model, the CPS of MG involve two types of threats: Software vulnerabilities Data threats Software issues pertain to the first layer of the OSI model, which contains control algorithms. The control algorithm is a code that is frequently employed on the controller processing unit. It receives information from inputs, processes it, and then sends suitable control signals to actuators or other controllers. An attacker is able to develop specialized code and alter the functionality of controller algorithms. The intricacies of such attacks fall outside the scope of this research. Cyberattacks on the integrity and availability of transmitted data in the cyber layer are one of the most crucial issues for MGs. Despite the fact that some research has been undertaken in this field, there are still numerous unsolved problems. In recent years, researchers in the control and power electronics communities have proposed innovative detection methods and control procedures to eliminate the adverse effects of cyberattacks on MGs’ stability and performance. Several different types of cyberattacks have been taken into consideration for communication links including: False data injection (FDI); Hijacking; Denial-of-service (DoS); Replay. Numerous models or mathematical equations have been developed to illustrate the implications of these attacks. But this models seems to be suitable for client-server systems. There are several forms of data flow in MGs and industrial control systems, and the impact of cyberattacks on data relies on their type. This study investigates another possible models for IP-based communication protocols in the MGs’ communication infrastructure. Specifically, this research aims to find data cyberattack models based on well-known five-layer OSI model and hacking tools, in order to develop resilient controllers for the future. In reality, the OSI model comprises seven layers, but two layers situated between the application and network layers (namely, the session and presentation layers) are primarily significant in client-server architecture rather than in our current focus of study. Consequently, we simplify our analysis by disregarding these layers and treating the OSI model as a five-layer framework. In MGs, there is no defined research on modelling these sorts of cyberattacks. It's worth noting that in MGs, there is a lack of established research focused on modelling these types of cyberattacks. The experiment was carried out for some scenarios in OFFIS Energy Labs between 13.11.2023 and 01.12.2023. Remote access was extended until 31.01.2024 for fine-tuning the result. Additional attack scenarios on MGs were further carried out in SMGRC lab in IRAN to investigate the models proposed.