Three-stage Defensive Framework for Distributed Microgrid Control Against Cyberattacks

Xuanyi Xiao; Quan Zhou; Feng Wang; Wen Huang

网刊加载中。。。

使用Chrome浏览器效果最佳，继续浏览，你可能不会看到最佳的展示效果，

确定继续浏览么?

复制成功，请在其他浏览器进行阅读

Three-stage Defensive Framework for Distributed Microgrid Control Against Cyberattacks PDF

- ORCID：
Xuanyi Xiao
✉
- ORCID：
Quan Zhou (Senior Member, IEEE)
✉
- ORCID：
Feng Wang
✉
- ORCID：
Wen Huang (Member, IEEE)
✉

the College of Electrical and Information Engineering, Hunan University, Changsha 410082, China

Updated：2022-11-20

DOI：10.35833/MPCE.2021.000333

OUTLINE

Abstract

With the wide integration of various distributed communication and control techniques, the cyber-physical microgrids face critical challenges raised by the emerging cyberattacks. This paper proposes a three-stage defensive framework for distributed microgrids against denial of service (DoS) and false data injection (FDI) attacks, including resilient control， communication network reconfiguration, and switching of local control. The resilient control in the first stage is capable of tackling simultaneous DoS and FDI attacks when the connectivity of communication network could be maintained under cyberattacks. The communication network reconfiguration method in the second stage and the subsequent switching of local control in the third stage based on the software-defined network (SDN) layer aim to cope with the network partitions caused by cyberattacks. The proposed defensive framework could effectively mitigate the impacts of a wide range of simultaneous DoS and FDI attacks in microgrids without requiring the specific assumptions of attacks and prompt detections, which would not incorporate additional cyberattack risks. Extensive case studies using a 13-bus microgrid system are conducted to validate the effectiveness of the proposed three-stage defensive framework against the simultaneous DoS and FDI attacks.

Keywords

Microgrid; cyber-physical systems; cyberattack; distributed control; defensive framework

I. Introduction

MODERN power systems incorporate an increasing number of distributed energy resources (DERs). The utilization of DERs contributes significantly to the efficiency, reliability, resilience, and sustainability of power systems. Microgrids (MGs) provide a promising solution to accommodate and coordinate various DERs for delivering reliable power services to local customers by forming a small-scale self-controlled power system [

1].

The dispatchable DERs in MGs are commonly inverter-based and furnished with battery storages, which could respond quickly to any disturbances. Droop control is extensively adopted for inverter-based DERs to achieve power sharing, but it leads to frequency and voltage deviations. To coordinate various inverter-based DERs and realize the frequency and voltage restoration, distributed secondary control is considered as an effective strategy due to its flexibility, scalability, and robustness, where the communication network plays a vital role in achieving the desirable functionalities. Thus, MG with distributed secondary control is regarded as a cyber-physical system, which faces potential cyber threats. Typical cyberattacks mainly include denial of service (DoS) attacks and false data injection (FDI) attacks. DoS and FDI attacks could lead to frequency and voltage instability of MGs and interrupt the proportional power sharing among DERs, resulting in compromised system efficiency and potential system security issues.

DoS attacks are widespread because the malicious adversaries could initiate DoS attacks easily without requiring any knowledge of the power system. Power systems all over the world have suffered huge losses due to DoS attacks [

2]-[4]. Hence, MG control under DoS attacks has attracted the increasing attention of scholars. Stability analysis for MG under DoS attacks is presented in [5] and [6]. In [7] and [8], event-triggered controller and decentralized adaptive controller are proposed for MG under DoS attacks, respectively, where the dwell time model of DoS attacks is adopted. Reference [9] proposes a mode-dependent controller for MG under DoS attacks by considering the random DoS attacks as Markovian. Reference [10] proposes a distributed resilient control method against DoS attacks, where a new resilient sampling mechanism is designed to enhance the cyber resilience of MGs. Reference [11] proposes a distributed resilient finite-time secondary control strategy for heterogeneous battery energy storage systems under DoS attacks. Fallback control [12] and software-defined control [13] are proposed to resist DoS attacks.

FDI attacks are data deception or integrity attacks, where the attackers falsify data transmitted among DERs. There are also some research works related to distributed MG control under FDI attacks. Reference [

14] presents an analytical framework for conducting effective FDI cyberattacks targeting MGs with synchronous generators. In [15], an effective FDI detection method based on the Kullback-Liebler divergence-based criterion is proposed. Reference [16] proposes a comprehensive design of Luenberger-like observer-based and unknown input observer-based FDI attack detection strategy. Reference [17] proposes a resilient controller for DC MGs to achieve accurate current sharing and voltage restoration under discrete-time FDI and DoS attacks. In [18], an economic control method derived from the traditional droop control is proposed to resist FDI attacks. Reference [19] proposes a robust and resilient distributed optimal frequency control scheme to address the threat of cyberattacks. It is facilitated by introducing an auxiliary networked system interconnecting with the original cooperative control system. Reference [20] proposes an event-driven mitigation strategy against FDI attacks, where the false signal is replaced by a reconstructed signal. Reference [21] proposes a multilayer resilient controller to detect and mitigate man-in-the-middle FDI attacks immediately for ensuring the security of DC MGs. Reference [22] proposes a novel event-driven attack-resilient controller for N cooperative grid-forming converters, which guarantees resilient synchronization for up to

N - 1

attacked units under FDI attacks. In [23], a localized event-driven attack-resilient scheme is proposed to establish the resilience against FDI attacks and ensure the optimal operation. Reference [24] proposes a distributed adaptive control strategy for multiple energy storage systems in islanded MGs to deal with cyberattacks. Reference [25] proposes a machine-learning-based cyberattack detection model for wireless sensor networks in MGs. References [26]-[28] propose observer-based resilient distributed control for AC MGs that estimates and compensates FDI attacks. Reference [29] proposes a periodically intermittent control strategy that could achieve timely detection and isolation of FDI attacks.

Although the existing research works could mitigate the deterioration by DoS and FDI attacks on dynamic performance of MG, there exist the following research gaps: ① prior information or specific assumptions of DoS attacks are mandatory for mitigating the impact, which could not always hold in practice; ② detections of falsified data are essential for mitigating the impact of FDI attacks. However, when malicious attackers hold the detailed structure and parameters of MGs, the intruded stealthy FDI attacks would be much difficult to be detected [

30]; ③ redundant information exchanges are introduced, especially when using a software-defined network (SDN) layer, which would increase communication requirements and then incorporate additional cyberattack risks.

To address these issues, this paper proposes a three-stage defensive framework for distributed MG control under simultaneous DoS and FDI attacks. Compared with the existing research works, the proposed framework can mitigate the impacts of a wide range of simultaneous DoS and FDI attacks in MGs without requiring the specific assumptions of occurred attacks and prompt detections, which would not incorporate additional cyberattack risks. The contributions of this paper are summarized as follows.

1) A systematic three-stage defensive framework for distributed MG control against DoS and FDI attacks is proposed, mainly including the resilient control, communication network reconfiguration, and the switching of local control, where the three stages are activated according to the impacts of cyberattacks. The proposed framework effectively mitigates the performance deteriorations of MG caused by a wide range of simultaneous DoS and FDI attacks without requiring the specific assumptions of DoS attacks and detections of FDI attacks.

2) An H-infinity theory based resilient control strategy is proposed in the first stage, where a bilinear matrix inequality (BMI) is established to ensure the performance of resilience under simultaneous DoS and FDI attacks, and the homotopy method is adopted to solve the BMI problem. It is theoretically demonstrated that the proposed resilient control strategy is capable of mitigating the impacts of simultaneous DoS and FDI attacks when the connectivity of communication network is not interrupted.

3) Considering the potential communication network partitions caused by cyberattacks, the SDN layer based communication network reconfiguration method and the switching strategy of local control are designed in the second and third stages, respectively. Data exchanges between the control layer and the SDN layer are limited to the communication link status and control strategy switching, indicating that the communication burdens and the associated risks of cyberattacks are significantly reduced.

The rest of this paper is organized as follows. The dynamic model of distributed MG control under DoS and FDI attacks is presented in Section II. The three-stage defensive framework is presented in Section III. Simulation results using a 13-bus MG system are presented in Section IV. Section V concludes this paper.

II. Dynamic Model of Distributed MG Control

A. Graph Theory

An undirected graph, $G = (V, E, A)$ , is adopted to depict the undirected communication network in MG, where $V = {v_{1},$ $v_{2}, \dots, v_{N}}$ is the vertice set, and the subscript N is the number of DERs in the MG; $E \subseteq V \times V$ is the edge set; and A is the adjacency matrix. The elements of A, $a_{i j}$ , are presented as:

a_{i j} = \{\begin{array}{l} 1 & a_{i j} \in E \\ 0 & a_{i j} \notin E \end{array}

(1)

The vertices denote the grid-forming DERs. The edges denote that there is communication between two connected DERs. The degree matrix D is a diagonal matrix, and the diagonal elements of D, $d_{i}$ , are stated as:

d_{i} = \sum_{j = 1}^{N} a_{i j}

(2)

The Laplacian matrix L is stated as:

L = D - A

(3)

It is noted that L is positive-semidefinite and irreducible. In the distributed control framework, some DERs are selected as pinning DERs to receive the reference information and other unpinning DERs receive the information by using the communication network. Hence, the pinning matrix G is a diagonal matrix. The diagonal elements of G, $g_{i}$ , are stated as:

g_{i} = \{\begin{array}{l} 1 & D E R_{i} \in Ω^{p i n} \\ 0 & D E R_{i} \notin Ω^{p i n} \end{array}

(4)

where subscript i denotes the DER index; and $Ω^{p i n}$ is the pinning DER set.

B. Distributed MG Control

The distributed MG control is illustrated in Fig. 1, where $ω * a n d V *$ are the frequency reference and voltage reference, respectively; $u_{i}^{ω}, u_{i}^{δ}, u_{i}^{v}, a n d u_{i}^{q}$ are the control signals of frequency, active power, voltage, and reactive power, respectively; and $p_{i}$ and $q_{i}$ are the active power and reactive power of DER i, respectively.

Fig. 1 Illustrative diagram for distributed MG control.

The MG control strategy includes primary control and secondary control. The primary control is the droop control. $u_{i}^{ω}, u_{i}^{δ}, u_{i}^{v}, a n d u_{i}^{q}$ are for secondary control where information exchange supported by the communication network is necessary. Then, the space vector pulse width modulation (SVPWM) is used to control the inverter. The analysis of frequency control and voltage control are usually decoupled in MG operation [

31], [32]. In this paper, we focus on frequency control and active power control. Similar conclusions can be applied to voltage and reactive power control. The droop control of inverter-based DERs is stated as [33]:

ω_{i} = ω_{i}^{s e t} - m_{i} p_{i}

(5)

where $ω_{i}$ and $ω_{i}^{s e t}$ are the frequency and frequency setpoint of DER i, respectively; and m_i is the droop coefficient of DER i. The droop control achieves proportional active power sharing among participating DERs.

m_{1} p_{1} = m_{2} p_{2} = \dots = m_{N} p_{N}

(6)

However, the droop control results in frequency deviations after disturbances, e.g., load variations. The distributed MG control tends to achieve frequency consensus while maintaining the proportional active power sharing among participating DERs [

33].

ω_{1} = ω_{2} = \dots = ω_{N} = ω^{*}

(7)

The distributed secondary control is adopted to achieve (6) and (7). The distributed secondary control is stated as:

{\dot{ω}}_{i}^{s e t} = {\dot{ω}}_{i} + {\dot{δ}}_{i} = u_{i}^{ω} + u_{i}^{δ}

(8)

u_{i}^{ω} = - c_{i}^{ω} \sum_{j = 1}^{N} a_{i j} (ω_{i} - ω_{j}) - c_{i}^{g} g_{i} (ω_{i} - ω^{*})

(9)

u_{i}^{δ} = - c_{i}^{δ} \sum_{j = 1}^{N} a_{i j} (δ_{i} - δ_{j})

(10)

where ${\dot{ω}}_{(\cdot)}^{(\cdot)}$ , ${\dot{ω}}_{i}$ , and $\dot{δ}$ are the differential operation of frequency setpoint, frequency, and active power control signals of DER i, respectively; c $_{i}^{ω}$ and c $_{i}^{g}$ are the parameters of frequencies of DER i; $δ_{i}$ and $δ_{j}$ are the active power control signals of DERs i and j, respectively; and c $_{i}^{δ}$ is the parameter of active power control of DER i.

C. Distributed MG Control Under Cyberattacks

Cyberattacks mainly include DoS and FDI attacks. These two types of cyberattacks would be simultaneously mitigated by the proposed framework. Here, we focus on cyberattacks on communication links.

DoS attacks aim at jeopardizing the availability of communication resources and services by jamming communication channels or flooding packets in communication networks for affecting the timeliness of exchanged data [

1]. DoS attacks could disable the targeted communication links, resulting in temporary changes in the topology of the communication network. The frequency control and active power control under DoS attacks are stated as:

u_{i}^{ω} = - c_{i}^{ω} \sum_{j = 1}^{N} a_{i j, k} (ω_{i} - ω_{j}) - c_{i}^{g} g_{i} (ω_{i} - ω^{*})

(11)

u_{i}^{δ} = - c_{i}^{δ} \sum_{j = 1}^{N} a_{i j, k} (δ_{i} - δ_{j})

(12)

where a_ij_,_k denotes the occurance of DoS attack.

a_{i j, k} = \{\begin{array}{l} 0 & D o S a t t a c k k i s o c c u r i n g \\ 1 & D o S a t t a c k k i s n o t o c c u r i n g \end{array}

(13)

FDI attacks aim at deteriorating the system performance by injecting malicious signals in communication links. The frequency control and active power control under FDI are stated as:

u_{i}^{ω} = - c_{i}^{ω} a_{i j} [ω_{i} - (ω_{j} + ξ_{i j})] - c_{i}^{g} g_{i} (ω_{i} - ω^{*})

(14)

u_{i}^{δ} = - c_{i}^{δ} a_{i j} [δ_{i} - (δ_{j} + ζ_{i j})]

(15)

where $ξ_{i j}$ and $ζ_{i j}$ are the falsified signals on communication link ij.

Let $e_{i}^{ω} = ω_{i} - ω^{*}$ , and $e_{i}^{δ} = δ_{i} - \sum_{j = 1}^{N} δ_{j} / N$ . The dynamic equations of state errors of frequency control and active power control under simultaneous DoS and FDI attacks are stated as:

{\dot{e}}^{ω} (t) = - (C^{ω} L_{k} + C^{g} G_{k}) e^{ω} (t) + C^{ω} F_{k} ξ (t)

(16)

{\dot{e}}^{δ} (t) = - C^{δ} L_{k} e^{δ} (t) + C^{δ} F_{k} ζ (t)

(17)

where $e^{ω} (t)$ and $e^{δ} (t)$ are the error vectors of frequency and active power control, respectively; $C^{ω}$ and $C^{g}$ are the parameter matrices of frequencies; $C^{δ}$ is the parameter matrix of active power control; L_k, G_k, and F_k are Laplace matrix, pinning matrix, and incidence matrix under DoS attack k, respectively; and $ξ (t)$ and $ζ (t)$ are the falsified signal vectors of frequency and active power control, respectively.

III. Three-stage Defensive Framework

A. Driving Force

This subsection would discuss the driving force of developing a three-stage defensive framework. DoS attacks disable communication links. Proactively disabling communication links could prevent FDI attacks with large deviations from causing a sharp deterioration of the system performance. Consequently, the communication network structure may undergo a variety of changes when cyberattacks occur. Reference [

34] demonstrates that the connectivity of communication network is a necessary condition for reaching consensus in a dynamic system. Reference [35] illustrates that communication partitions would result in the interruption of proportional active power sharing in MGs. Communication partitioning also reduces the ability of MG to resist FDI attacks, because mitigating the deteriorated performance by FDI attacks relies heavily on information interaction [26]. The above discussions show that the performance of MG operation deteriorates materially if the communication network is partitioned. Hence, according to whether the cyberattacks partition the communication network, this paper proposes a three-stage defensive framework to alleviate the deterioration of system performance by cyberattacks.

The first stage is the resilient control. In this stage, cyberattacks do not partition the communication network. Although some communication links fail due to cyberattacks, the communication network is still a connected graph. Thus, it is possible to develop a resilient control using the connected communication network to resist cyberattacks, though the system may switch due to DoS attacks and false signals are used due to FDI attacks.

The second stage is the communication network reconfiguration. Since the changing communication network can be a countermeasure against cyberattacks [

36], [37], a communication network reconfiguration method is developed to restore the connectivity of communication network when the communication network is partitioned by cyberattacks. Meantime, the resilient control proposed in the first stage still works.

The third stage is the switching of local control. When the communication network is partitioned due to cyberattacks, the distributed control contracts to the local control, where the information exchange is not required between DERs. In this stage, the primary control is adopted as the local control. Although the frequency would deviate from the reference frequency when adopting primary control, the active power sharing is satisfied and all cyberattacks on communication links no longer deteriorate the system. To realize the second and third stages, an SDN layer is adopted. The defensive layers for MGs against cyberattacks are shown in Fig. 2, where PCC is short for point of common coupling and MGCC is short for MG control center.

Fig. 2 Illustrative defensive layers for MGs against cyberattacks.

B. First Stage: Resilient Control

In the first stage, a resilient control based on the H-infinity theory is proposed. The frequency signals are transmitted among participating DERs through the communication network and the MG frequency fluctuates in an allowable range.

When a DER receives frequency signals deviating dramatically from the frequency reference, the existence of FDI attacks is considered and the corresponding communication link is disabled to avoid serious performance deterioration. Thus, false signals with large deviations can be filtered out and these situations could be regarded as DoS attacks in (16) and (17). Hence, false signals in (16) and (17) satisfy $ξ$ , $ζ \in L_{2} [0, \infty)$ , where L₂ denotes the 2-norm. We firstly discuss the frequency control in (16). According to the lemma in [

38], the following lemma holds.

Lemma 1: for a positive scalar $γ > 0$ , system (16) is asymptotically stable with ${‖e‖}_{2} < γ {‖ξ‖}_{2}$ , if there exists a positive definite matrix $P > 0$ satisfying the following inequality.

H (C, P) = [\begin{matrix} Ξ_{k} & P C^{ω} F_{k} & I \\ * & - γ I & 0 \\ * & * & - γ I \end{matrix}] < 0

(18)

where $H (C, P)$ is the function of matrices C and P, which is expressed by $Ξ_{k} = - (C^{ω} L_{k} + C^{g} G_{k})^{T} P - P (C^{ω} L_{k} + C^{g} G_{k})$ ; and I is the identity matrix.

According to lemma 1, the frequency of MG is stabilized and the error is within a small range when a controller satisfying the (18) is used. Inequality (18) is a BMI. In classical H-infinity applications, it can be solved by converting it to linear matrix inequality (LMI) through linear transformations and substitutions. However, inequality (18) has an intrinsic bilinear nature, which cannot be directly converted to LMI through transformations and substitutions. The homotopy method offers a viable solution to solve BMI by alternately fixing partial variables in the iterations. Based on this idea, the homotopy method could solve BMIs by reducing them to LMIs in every iteration [

39]. Here, the homotopy method is adopted to solve BMI (18). For simplicity, the subscript k does not appear in the following equations.

J (C, P, λ) = H (λ C + (1 - λ) K, P)

(19)

J (C, P, λ) = \{\begin{matrix} H (K, P) λ = 0 \\ H (C, P) λ = 1 \end{matrix}

(20)

where $λ \in [0,1]$ is the scalar; and K is a constant matrix with the same size as C and is obtained by the method proposed in [

40]. The term

λ C + (1 - λ) K

defines a homotopy interpolating in the control system.

Accordingly, the solving procedures of (18) are presented as follows.

Step 1: solve D and P using the method proposed in [

39]. Initialize a positive integer M and set a certain range of M as

[M_{m i n}, M_{m a x}]

Step 2: set $l = 0$ , $C_{l} = 0$ , and $P_{l} = P_{0}$ .

Step 3: set $l = l + 1$ , $λ = l / M$ . Solve $J (C, {\hat{P}}_{l - 1}, \hat{λ}) < 0$ . If it is not feasible, go to Step 4. If $J (C, P_{l - 1}, λ) < 0$ is feasible, let $C_{l} = C$ and solve $J ({\hat{C}}_{l - 1}, P, \hat{λ}) < 0$ . Let $P_{l} = P$ and go to Step 6.

Step 4: solve $J ({\hat{C}}_{l - 1}, P, \hat{λ}) < 0$ . If $J ({\hat{C}}_{l - 1}, P, \hat{λ}) < 0$ is not feasible, go to Step 5. If it is feasible, let $P_{l} = P$ and solve $J (C, {\hat{P}}_{l}, \hat{λ}) < 0$ . Let $C_{l} = C$ and go to Step 6.

Step 5: let $M = 2 M$ . If $M > M_{m a x}$ , the solution algorithm does not converge, otherwise, let $l = 2 (l - 1)$ , $C_{2 (l - 1)} = C_{l - 1}$ and $P_{2 (l - 1)} = P_{l - 1}$ , and go to Step 3.

Step 6: if $l < M$ , go to Step 3. If $l = M$ , C_M and P_M are the solutions of BMI (18).

Then, we discuss the active power sharing control in (17), which is different from the above frequency control. According to the lemma in [

37], the state matrix of the system in (17) is singular with

N - 1

rank. The H-infinity theory cannot be directly applied in (17), because the state matrix should be non-singular when adopting the H-infinity theory. To obtain a non-singular state matrix, (17) is transformed to a reduced model.

Lemma 2 [

39]: the following statements hold about matrix Λ.

Λ = [\begin{matrix} N - 1 & - 1 & \dots & - 1 \\ - 1 & N - 1 & \dots & - 1 \\ ⋮ & ⋮ & ⋮ \\ - 1 & - 1 & \dots & N - 1 \end{matrix}]

(21)

There exists an orthogonal matrix U that satifies:

U^{T} Λ U = [\begin{matrix} N I_{N - 1} & 0_{(N - 1) \times 1} \\ 0_{1 \times (N - 1)} & 0 \end{matrix}]

(22)

where the column vectors of U are the eigenvectors of Λ. The following statements hold about matrix Ψ which satisfies $1^{T} Ψ = 0$ and $Ψ 1 = 0$ .

U^{T} Ψ U = [\begin{matrix} * & 0_{(N - 1) \times 1} \\ 0_{1 \times (N - 1)} & 0 \end{matrix}]

(23)

Let $e = U^{T} θ$ and the system in (17) is converted as:

\{\begin{array}{l} \dot{θ} (t) = - U^{T} C^{δ} L U θ (t) + U^{T} C^{δ} F U ζ (t) \\ Z (t) = U^{T} θ (t) \end{array}

(24)

where $C^{δ} = d i a g {c^{δ}, c^{δ}, \dots, c^{δ}}$ . According to lemma 2, the following system is obtained as:

[\begin{matrix} \dot{\bar{θ}} (t) \\ \dot{\bar{θ}} (t) \end{matrix}] = - [\begin{matrix} \bar{Γ} & 0_{(N - 1) \times 1} \\ 0_{1 \times (N - 1)} & 0 \end{matrix}] [\begin{matrix} \bar{θ} (t) \\ \underset{̲}{θ} (t) \end{matrix}] + [\begin{matrix} \bar{Δ} \\ \underset{̲}{Δ} \end{matrix}] ζ (t)

(25)

Thus, the reduced system of (17) is stated as:

\dot{\bar{θ}} (t) = \bar{Γ} \bar{θ} (t) + \bar{Δ} ζ (t)

(26)

where the elements of matrices $Γ$ and $Δ$ are functions of c^δ. The H-infinity theory could be applied for the system (26). $Γ$ and $Δ$ are solved using the homotopy method as presented in the above frequency control. Then, $C^{δ}$ is obtained.

C. Second Stage: Communication Network Reconfiguration

In the second stage, we propose a communication network reconfiguration method based on the SDN layer. The objective of the second stage is to maximize the resilient performance with fewer communication topological changes. The model is formulated as:

m i n γ

(27)

m i n \sum_{i j \in Ω_{C}} |a_{i j} - {\tilde{a}}_{i j}|

(28)

A | A^{2} | \dots | A^{N} = 1_{N} \times 1_{N}^{T}

(29)

[\begin{matrix} Ξ & P C^{ω} F & I \\ * & - γ I & 0 \\ * & * & - γ I \end{matrix}] < 0

(30)

where $ã_{i j}$ is the status of communication link ij before reconfiguration. Equation (27) is to minimize the impact of FDI attacks, $i . e .$ , to maximize the resilient performance; and (28) is to minimize the communication topology changes. In this paper, to improve the MG resilience, (27) is satisfied preferentially; (29) ensures the connectivity of communication network where the left side of the equation is the reachability matrix [

41]; and (30) guarantees the resilient performance for FDI attacks.

The realization of the second stage is as follows. First, the control layer sends statuses of communication links to the SDN layer. Then, (27)-(30) are solved in the SDN layer in MGCC, and the MGCC sends statuses of the communication links to the control layer. Last, the communication network is reconfigured by the control layer.

D. Third Stage: Switching of Local Control

In the first and second stages, the communication network maintains the connectivity originally or after manipulating, respectively. When the severe DoS attacks occur, even the communication network reconfiguration cannot guarantee the connectivity of communication network. It is divided into several sub-networks and some non-pinning DERs may not receive signals from the pinning DERs. In this situation, the objectives of (6) and (7) would deviate and the distributed control strategies would be difficult to effectively mitigate the impact of the cyberattacks [

35].

To handle this problem, the local control in the third stage is activated based on SDN layer. The local control does not need information exchange among DERs. In this paper, the primary control is adopted as the local control. The realization of the third stage is as follows. When the MGCC finds that (29) cannot be met under cyberattacks, it sends the commands of switching control modes to the control layer. Then, the controller switches the distributed control mode to the local control mode. When the third stage is activated, the communication network is not used temporarily, so the cyberattacks on communication links no longer further deteriorate the system. When cyberattacks are removed, the MGCC recognizes that the connectivity of communication network is retained and then sends the commands of switching control modes to DERs. Then, the participating DERs would respond to the switching signals of received mode and switch back from local control mode to distributed control mode. The connectivity check of communication network can be conducted periodically by the MGCC and the functionality for control mode switching can be ensured.

E. Prominent Features

The proposed defensive framework can resist a wide arrange of cyberattacks. A resilient control is proposed in the first stage which can resist simultaneous DoS and FDI attacks when the connectivity of communication network is not interrupted. According to lemma 1, the system is asymptotically stable under resilient control proposed in the first stage when cyberattacks do not occur, i.e., false signals $ξ = 0$ and $ζ = 0$ . Hence, the resilient control proposed in the first stage can work under the normal state, i.e., no cyberattacks, and does not need to be activated. To deal with DoS attacks resulting in communication partitions, the second and third stages are proposed in Sections III-C and III-D. These two stages are activated according to the extent of DoS attacks and performed by the MGCC through the SDN layer. The communication information transferred through the SDN only includes the status of the communication links and control strategy types rather than control signals, e.g., frequencies and active power sharing. So the SDN layer can be implemented by internal telephone or even manual means rather than using the control network without incorporating additional cyber risks. Hence, when the communication network is partitioned by cyberattacks, the functionalities of the second and third stages would not be affected. The following aspects further present the prominent features of the proposed defensive framework.

1) Unlike previous research works using specific expressions to model DoS attacks such as the Markov model [

9] and dwell time assumptions [7], [8], the proposed three-stage defensive framework could mitigate the deterioration of MG performance caused by the DoS attacks without any prior information and assumptions of these attacks such as duration, quantity, etc.

2) In the existing resilient control of MG for mitigating FDI attacks, false data detection methods are considered [

14]-[18]. However, the stealthiness of FDI attacks makes them difficult to be detected. This would significantly reduce the performance of resilient control based on false data detections. The proposed three-stage defensive framework mitigates the deterioration caused by the FDI attacks without detecting these attacks.

3) The communication network reconfiguration also changes the Laplacian matrix L, hence the second stage can cooperate with the first stage. When the second stage is activated, the resilient control strategy proposed in the first stage still works.

4) In the existing SDN layer based method for resilient control of MG [

13], massive signals including frequency, voltage, active, and reactive power signals are transferred between the control layer and SDN layer. This not only increases the requirement for communication but also exposes more risks of cyberattacks. In the proposed framework, the signals transferred between the control layer and the SDN layer are statuses of communication links and switching commands of control modes. This reduces communication requirements and could be implemented by internal telephone or even manual means, which are less vulnerable to cyberattacks. Such implementations are also currently and widely used by power grid companies.

5) The proposed framework is flexible and extensible. Other proactive measures can be easily incorporated into the third stage such as cutting off DERs, load shedding, and system splitting.

IV. Simulations

To validate the effectiveness of the proposed framework, a 13-bus MG system is simulated on the PSCAD/EMTDC platform. Due to the universality of stability analysis and multi-stage cooperation, the proposed framework can also be effectively used in large-scale systems. Figure 3 shows the 13-bus MG system with 5 DERs located on buses 1, 4, 7, 9, and 10, respectively.

Fig. 3 13-bus MG system.

The DER1 and DER4 are pinning DERs and other DERs are unpinning ones. Figure 4 shows the communication network of the 13-bus MG system.

Fig. 4 Communication network of 13-bus MG system.

The parameters of the system and DERs are presented in [

42]. Three scenarios including MG control performance under FDI attacks, DoS attacks, and combined cyberattacks are considered, respectively. In these three scenarios, the following events occur in the MG successively.

1) At $t = 5$ s, cyberattack 1 occurs.

2) At $t = 10$ s, a 15 kW load is added on bus 3.

3) At $t = 15$ s, cyberattack 2 occurs.

4) At $t = 20$ s, a 15 kW load is removed on bus 3.

5) At $t = 25$ s, cyberattack 1 is removed.

6) At $t = 30$ s, cyberattack 2 is removed.

It is noted that the cyberattacks 1 and 2 which are presented in detail in the following three scenarios are different.

A. FDI Attacks

In this scenario, the ability of the proposed framework to resist FDI attacks is verified. The FDI attack 1 occurs on communication links 1-2. The FDI attack 2 occurs on communication links 4-5. Figure 5 shows the FDI attacks on 13-bus MG system.

Fig. 5 FDI attacks on 13-bus MG system. (a) FDI attack locations. (b) FDI attack signals.

False signal 1 is the sinusoidal signal and false signal 2 is the irregular slope signal. The FDI attack signals are added to the original signals. The unit of the FDI attack signals is Hz. The FDI attacks are formed as:

ξ_{1} (t) = 0.5 s i n (5 t) 5 \leq t \leq 25

(31)

ξ_{2} (t) = \{\begin{array}{l} 0.05 t - 0.55 & 15 \leq t < 21 \\ - 0.15 t + 2.65 & 21 \leq t < 25 \\ 0.06 t - 1 . & 25 \leq t \leq 30 \end{array}

(32)

Figure 6 shows the MG performance under FDI attacks. Figure 7 shows the MG performance with the proposed defensive framework under FDI attacks. In Fig. 6(a), DER frequencies oscillate at 5 s due to FDI attack 1 and deviate significantly from 50 Hz at 15 s due to FDI attack 2. In Fig. 6(b), active power sharing of DERs also oscillates at $t = 5$ s due to FDI attack 1 and diverges at $t = 15$ s due to FDI attack 2. In Fig. 7(a), DER frequencies fluctuate very little and are always maintained around 50 Hz. The oscillation and deviation of active power sharing of DERs shown in Fig. 7(b) are significantly less than those in Fig. 6(b). Because the communication network is not changed by the DoS attacks, the second and third stages are not activated. Only the proposed resilient control in the first stage is used in this scenario. By comparing Fig. 6 and Fig. 7, it can be concluded that the deterioration of MG performance by FDI attacks is significantly mitigated using the first stage of the proposed framework.

Fig. 6 MG performance under FDI attacks. (a) Frequency. (b) Active power sharing.

Fig. 7 MG performance with proposed defensive framework under FDI attacks. (a) Frequency. (b) Active power sharing.

B. DoS Attacks

In this scenario, the ability of the proposed framework to resist DoS attacks is verified. The DoS attack 1 occurs on communication links 1-5. The DoS attack 2 occurs on communication links 4-5. Figure 8 shows the DoS attacks on 13-bus MG system and Fig. 9 shows the MG performance under DoS attacks. Figure 10 shows the MG performance with the proposed framework under DoS attacks.

Fig. 8 DoS attacks on 13-bus MG system.

Fig. 9 MG performance under DoS attacks. (a) Frequency. (b) Active power sharing.

Fig. 10 MG performance with proposed framework under DoS attacks. (a) Frequency. (b) Active power sharing.

As illustrated above, DoS attacks 1 and 2 occur at $t = 5 s$ and $t = 15 s$ , respectively. Load increment and curtailment occur at $t = 10 s$ and $t = 20 s$ , respectively. In Fig. 9(a), DER frequencies are restored to 50 Hz about 5 s after the load changes. The restoration time in Fig. 10(a) is about 2 s, which is significantly shorter than that in Fig. 9(a). In Fig. 9(b), active power sharing of DERs diverges at $t = 15 s$ because DoS attacks disconnect DER5 from the communication network. The active power sharing of DERs diverges sharply at $t = 20 s$ due to load change. The active power sharing of DERs reconverges at $t = 25 s$ because DoS attack 1 is removed at that time and the communication network is reconnected. In Fig. 10(b), the active power sharing of DERs always converges.

The second stage is activated at $t = 15$ s because DoS attacks disconnect DER5 from the communications network. According to model (27)-(30), communication links 1-4 and 2-5 are connected to enhance resilient performance. In Fig. 9(a), DER frequencies are restored to 50 Hz after about 1 s when the load changes, which shows that the proposed resilient control could quickly restore the frequency with changing communication network. The proportional active power sharing of DERs is always maintained, because communication network reconfiguration in the second stage maintains its connectivity under DoS attacks while the resilient control in the first stage works during the whole process. This shows that the first stage and the second stage of the proposed framework can cooperate effectively to resist DoS attacks.

C. Combined Cyberattacks

In this scenario, the ability of the proposed framework to resist simultaneous DoS and FDI attacks and expanding attacks is verified. Cyberattack 1 includes the DoS attacks on communication links 1-5 and 4-5 and FDI attacks on communication links 3-4. The FDI attack is formed as (31).

Cyberattack 2 includes the DoS attack on communication links 1-2, 2-3, 2-4, and 2-5. Combined cyberattacks are illustrated in Fig. 11.

Fig. 11 Combined cyberattacks on 13-bus MG system.

Figure 12 shows the MG performance under combined cyberattacks and Fig. 13 shows the MG performance with the proposed framework under combined cyberattacks. FDI attack leads to significant frequency fluctuations as Fig. 12(a) shows. DoS attacks partition the communication network, which leads to the divergence of active power sharing as Fig. 12(b) shows.

Fig. 12 MG performance under combined cyberattacks. (a) Frequency. (b) Active power sharing.

Fig. 13 MG performance with proposed framework under combined cyberattacks. (a) Frequency. (b) Active power sharing.

It is observed from Fig. 13 that the proposed resilient control in the first stage effectively reduces the amplitude of frequency fluctuation and maintains the convergence of active power sharing. The communication network reconfiguration in the second stage is triggered at $t = 5 s$ and backup links 2-5 are activated. Thus, the communication network maintains the connectivity under cyberattack 1. When cyberattack 2 occurs, activating backup links can not keep the communication network connected, so local control in the third stage is triggered. Although there are small deviations of frequencies during local control durations, from $t = 15 s$ to $t = 30 s$ , the convergence of active power sharing is met. Once the cyberattacks are removed, local control is switched to distributed control and the frequencies are restored to 50 Hz swiftly.

V. Conclusion

The three-stage defensive framework for distributed MG control under simultaneous DoS and FDI attacks is proposed in this paper. The first stage is resilient control. The second stage is the communication network reconfiguration. The third stage is to switch to local control. Each stage is triggered according to the extent of cyberattacks. Extensive case studies are conducted to validate the effectiveness of the proposed framework against a wide range of DoS attacks, FDI attacks, simultaneous DoS and FDI attacks without relying on timely detections of FDI attacks, specific assumptions of DoS attacks, and incorporating additional cyberattack risks.

The proposed framework is flexible and extensible. The future work will focus on incorporating other proactive measures into the defensive framework to further improve the MG performance in terms of cyber resiliency such as cutting off DERs, load shedding, and system splitting.

References

K. Ahmed, M. Seyedmahmoudian, S. Mekhilef et al., “A review on primary and secondary controls of inverter-interfaced microgrid,” Journal of Modern Power Systems and Clean Energy, vol. 9, no. 5, pp. 969-985, Sept. 2021. [Baidu Scholar]

Y. Liu, R. Fan, and V. Terzija, “Power system restoration: a literature review from 2006 to 2016,” Journal of Modern Power Systems and Clean Energy, vol. 4, no. 3, pp. 332-341, Jul. 2016. [Baidu Scholar]

E. Bompard, T. Huang, Y. Wu et al., “Classification and trend analysis of threats origins to the security of power systems,” International Journal of Electrical Power & Energy Systems, vol. 50, no. 1, pp. 50-64, Sept. 2013. [Baidu Scholar]

M. Ni, M. Li, J. Li et al., “Concept and research framework for coordinated situation awareness and active defense of cyber-physical power systems against cyber-attacks,” Journal of Modern Power Systems and Clean Energy, vol. 9, no. 3, pp. 477-484, May 2021. [Baidu Scholar]

J. Liu, X. Lu, and J. Wang, “Resilience analysis of DC microgrids under denial of service threats,” IEEE Transactions on Power Systems, vol. 34, no. 4, pp. 3199-3208, Jul. 2019. [Baidu Scholar]

J. Liu, Y. Du, S. Yim et al., “Steady-state analysis of microgrid distributed control under denial of service attacks,” IEEE Journal of Emerging and Selected Topics in Power Electronics, vol. 9, no. 5, pp. 5311-5325, Oct. 2021. [Baidu Scholar]

S. Hu, P. Yuan, D. Yue et al., “Attack-resilient event-triggered controller design of DC microgrids under DoS attacks,” IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 67, no. 2, pp. 699-710, Feb. 2020. [Baidu Scholar]

C. Deng, C. Wen, Y. Zou et al., “A hierarchical security control framework of nonlinear CPSs against DoS attacks with application to power sharing of AC microgrids,” IEEE Transactions on Cybernetics, doi: 10.1109/TCYB.2020.3029045 [Baidu Scholar]

S. Liu, Z. Hu, X. Wang et al., “Stochastic stability analysis and control of secondary frequency regulation for islanded microgrids under random denial of service attacks,” IEEE Transactions on Industrial Informatics, vol. 15, no. 7, pp. 4066-4075, Jul. 2019. [Baidu Scholar]

Z. Lian, F. Guo, C. Wen et al., “Distributed resilient optimal current sharing control for an islanded DC microgrid under DoS attacks,” IEEE Transactions on Smart Grid, vol. 12, no. 5, pp. 4494-4505, Sept. 2021. [Baidu Scholar]

L. Ding, Q. Han, B. Ning et al., “Distributed resilient finite-time secondary control for heterogeneous battery energy storage systems under denial-of-service attacks,” IEEE Transactions on Industrial Informatics, vol. 16, no. 7, pp. 4909-4919, Jul. 2020. [Baidu Scholar]

M. Chlela, D. Mascarella, G. Joós et al., “Fallback control for isochronous energy storage systems in autonomous microgrids under denial-of-service cyber-attacks,” IEEE Transactions on Smart Grid, vol. 9, no. 5, pp. 4702-4711, Sept. 2018. [Baidu Scholar]

P. Danzi, M. Angjelichinoski, Č. Stefanović et al., “Software-defined microgrid control for resilience against denial-of-service attacks,” IEEE Transactions on Smart Grid, vol. 10, no. 5, pp. 5258-5268, Sept. 2019. [Baidu Scholar]

A. S. Mohamed, M. F. M. Arani, A. A. Jahromi et al., “False data injection attacks against synchronization systems in microgrids,” IEEE Transactions on Smart Grid, vol. 12, no. 5, pp. 4471-4483, Sept. 2021. [Baidu Scholar]

B. P. Poudel, A. Mustafa, A. Bidram et al., “Detection and mitigation of cyber-threats in the DC microgrid distributed control system,” International Journal of Electrical Power & Energy Systems, vol. 120, p. 105968, Sept. 2020. [Baidu Scholar]

T. Sen, P. Xie, J. M. Guerrero et al., “Cyberattack detection for converter-based distributed DC microgrids: observer-based approaches,” IEEE Industrial Electronics Magazine, doi: 10.1109/MIE.2021.3059996 [Baidu Scholar]

X. Liu, C. Wen, Q. Xu et al., “Resilient control and analysis for DC microgrid system under DoS and Impulsive FDI Attacks,” IEEE Transactions on Smart Grid, vol. 12, no. 5, pp. 3742-3754, Sept. 2021. [Baidu Scholar]

W. Zhang, T. Qian, X. Chen et al., “Resilient economic control for distributed microgrids under false data injection attacks,” IEEE Transactions on Smart Grid, vol. 12, no. 5, pp. 4435-4446, Sept. 2021. [Baidu Scholar]

Y. Liu, Y. Li, Y. Wang et al., “Robust and resilient distributed optimal frequency control for microgrids against cyber attacks,” IEEE Transactions on Industrial Informatics, vol. 18, no. 1, pp. 375-386, Jan. 2022. [Baidu Scholar]

J. Zhang, S. Sahoo, J. Peng et al., “Mitigating concurrent false data injection attacks in cooperative dc microgrids,” IEEE Transactions on Power Electronics, vol. 36, no. 8, pp. 9637-9647, Aug. 2021. [Baidu Scholar]

S. Sahoo, T. Dragičević, and F. Blaabjerg, “Multilayer resilience paradigm against cyber attacks in DC microgrids,” IEEE Transactions on Power Electronics, vol. 36, no. 3, pp. 2522-2532, Mar. 2021. [Baidu Scholar]

S. Sahoo, Y. Yang, and F. Blaabjerg, “Resilient synchronization strategy for AC microgrids under cyber attacks,” IEEE Transactions on Power Electronics, vol. 36, no. 1, pp. 73-77, Jan. 2021. [Baidu Scholar]

S. Sahoo and J. Peng, “A localized event-driven resilient mechanism for cooperative microgrid against data integrity attacks,” IEEE Transactions on Cybernetics, vol. 51, no. 7, pp. 3687-3698, Jul. 2021. [Baidu Scholar]

C. Deng, Y. Wang, C. Wen et al., “Distributed resilient control for energy storage systems in cyber-physical microgrids,” IEEE Transactions on Industrial Informatics, vol. 17, no. 2, pp. 1331-1341, Feb. 2021. [Baidu Scholar]

A. Kavousi-Fard, W. Su, and T. Jin, “A machine-learning-based cyber attack detection model for wireless sensor networks in microgrids,” IEEE Transactions on Industrial Informatics, vol. 17, no. 1, pp. 650-658, Jan. 2021. [Baidu Scholar]

M. Shi, X. Chen, M. Shahidehpour et al., “Observer-based resilient integrated distributed control against cyberattacks on sensors and actuators in islanded AC microgrids,” IEEE Transactions on Smart Grid, vol. 12, no. 3, pp. 1953-1963, May 2021. [Baidu Scholar]

J. Zhou, Y. Xu, L. Yang et al., “Attack-resilient distributed control for islanded single-/three-phase microgrids based on distributed adaptive observers,” Journal of Modern Power Systems and Clean Energy, vol. 10, no. 1, pp. 109-119, Jan. 2022. [Baidu Scholar]

M. R. Khalghani, J. Solanki, S. K. Solanki et al., “Resilient frequency control design for microgrids under false data injection,” IEEE Transactions on Industrial Informatics, vol. 68, no. 3, pp. 2151-2162, Mar. 2021. [Baidu Scholar]

Q. Zhou, M. Shahidehpour, A. Alabdulwahab et al., “A cyber-attack resilient distributed control strategy in islanded microgrids,” IEEE Transactions on Smart Grid, vol. 11, no. 5, pp. 3690-3701, Sept. 2020. [Baidu Scholar]

S. Sahoo, S. Mishra, J. C. Peng et al., “A stealth cyber-attack detection strategy for DC microgrids,” IEEE Transactions on Power Electronics, vol. 34, no. 8, pp. 8162-8174, Aug. 2019. [Baidu Scholar]

K. de Brabandere, B. Bolsens, J. van den Keybus et al., “A voltage and frequency droop control method for parallel inverters,” IEEE Transactions on Power Electronics, vol. 22, no. 4, pp. 1107-1115, Jul. 2007. [Baidu Scholar]

W. Huang, Z. Shuai, X. Shen et al., “Dynamical reconfigurable masterslave control architecture (DRMSCA) for voltage regulation in islanded microgrids,” IEEE Transactions on Power Electronics, vol. 37, no. 1, pp. 249-263, Jan. 2022. [Baidu Scholar]

J. M. Guerrero, J. C. Vasquez, J. Matas et al., “Hierarchical control of droop-controlled AC and DC microgrids – a general approach toward standardization,” IEEE Transactions on Industrial Electronics, vol. 58, no. 1, pp. 158-172, Jan. 2011. [Baidu Scholar]

R. Olfati-Saber and R. M. Murray, “Consensus problems in networks of agents with switching topology and time-delays,” IEEE Transactions on Automation Control, vol. 49, no. 9, pp. 1520-1533, Sept. 2004. [Baidu Scholar]

C. X. Rosero, M. Velasco, P. Martí et al., “Analysis of consensus-based islanded microgrids subject to unexpected electrical and communication partitions,” IEEE Transactions on Smart Grid, vol. 10, no. 5, pp. 5125-5135, Sept. 2019. [Baidu Scholar]

T. Tao, S. Roy, and S. Baldi, “Stable adaptation in multi-area load frequency control under dynamically-changing topologies,” IEEE Transactions on Power Systems, vol. 36, no. 4, pp. 2946-2956, Jul. 2021. [Baidu Scholar]

A. Patel, S. Roy, and S. Baldi, “Wide-area damping control resilience towards cyber-attacks: a dynamic loop approach,” IEEE Transactions on Smart Grid, vol. 12, no. 4, pp. 3438-3447, Jul. 2021. [Baidu Scholar]

P. Lin and Y. Jia, “Average consensus in networks of multi-agents with both switching topology and coupling time-delay,” Physica A: Statistical Mechanics and Its Applications, vol. 387, no. 1, pp. 303-313, Jan. 2008. [Baidu Scholar]

G. Zhai, M. Ikeda, and Y. Fujisaki, “Decentralized [Baidu Scholar]

controller design: a matrix inequality approach using a homotopy method,” Automatica, vol. 37, no. 4, pp. 565-572, Apr. 2001. [Baidu Scholar]

T. Iwasaki and R. E. Skelton, “All controllers for the general [Baidu Scholar]

control problem: LMI existence conditions and state space formulas,” Automatica, vol. 30, no. 8, pp. 1307-1317, Aug. 1994. [Baidu Scholar]

Y. Yu, C. Wang, and C. Zhong, “A reachability matrix based power flow tracing method for transmission loss allocation,” in Proceedings of 7th Asia Modelling Symposium, Hong Kong, China, Sept. 2013, pp. 258-263. [Baidu Scholar]

Z. Li and M. Shahidehpour, “Small-signal modeling and stability analysis of hybrid AC/DC microgrids,” IEEE Transactions on Smart Grid, vol. 10, no. 2, pp. 2080-2095, Mar. 2019. [Baidu Scholar]

Address:No.19 Chengxin Avenue, Jiangning District, Nanjing 211106, China

E-mail: mpce@alljournals.cn

Tel:86-25-81093060

Fax:86-25-81093040

Home

Introduction

Editorial Board

For Author

Call For Papers

APC

Sponsor & Publisher