Hash-based FDI attack-resilient distributed self-triggered secondary frequency control for islanded microgrids☆

0 Introduction

Deep integration of cyber networks and physical power grids has fueled the development of cyber-physical systems(CPSs) [1,2].AC microgrids (MGs) are typical active distribution network CPSs that inherit CPS characteristics[3,4]; however, the pervasive application of advanced information technology in MGs is a double-edged sword:on the one hand, it provides numerous benefits such as greater flexibility,reliability,and adaptability for the operation of MGs; on the other hand, it poses a higher risk to the security and resilience of MGs, especially for a more complicated external environment [5].

MGs can operate in both grid-connected and islanded modes.A hierarchical control structure is recognized as an effective scheme that comprises three control levels:primary,secondary,and tertiary[6].Among them,secondary control is more crucial for the reliable operation of MGs in the islanded mode because the priority objective of islanded MGs is maintaining operational stability.Secondary controls can be classified into centralized[7],decentralized [8], and distributed categories [9].Centralized secondary control demands a strong control center and complicated one-to-all communication network for achieving the secondary control goal; however, it suffers from a single point of failure and has very poor scalability.In contrast, decentralized secondary control achieves the control objectives locally without involving any communication;however,it cannot support the precise optimization of the global objectives.However, distributed secondary control combines the advantages of local control and neighboring communication,which is in line with the practical applications of MGs.Therefore, we pay more attention to the distributed secondary control [10].

Several distributed secondary control strategies have been investigated to achieve the secondary control of MGs in a distributed manner [11-13].However, all aforementioned distributed secondary control strategies are based on continuous-time controllers, which consume large amounts of communication and computational resources when the MGs enter steady-state operation.The overuse of communication bandwidth can result in communication congestion and increased costs,which aids in developing a method for the discrete and aperiodic communication mode [14].

Consequently, event-triggered communication protocols are introduced for addressing these issues (such as resource-wasting).Existing studies have revealed that event-triggered communication mechanisms can significantly reduce data transmission burden while maintaining preset operation performance in MGs[10,14-17].In[14],a distributed event-triggered control strategy with proper checking conditions was proposed for achieving frequency restoration and fair power-sharing simultaneously.In[17],an event-triggered control method was adopted for addressing the power-sharing problem in grid-connected AC MGs.However, each DG embedded with an eventtriggered communication mechanism requires a dedicated observer for detecting real-time triggering conditions.This can significantly increase monitoring consumption through hardware devices.In addition, Zeno behavior[18]should be explicitly excluded by ensuring that the minimum adjacent event interval is greater than zero, which cannot be easily guaranteed.

Taking the aforementioned problems into account,selftriggered control is considered a better solution.With the aid of self-triggered control,each DG automatically calculates the next triggering instant based on the current states[19-21].However,continuous listening is required because the corresponding triggering instant is calculated during runtime in[19,20].A local clock variable is introduced into the self-triggered controller for avoiding redundant surveillance and listening.

Although self-triggered controllers can significantly reduce the monitoring and communication burden, they are still disturbed by various cyberattacks and cause system-wide effects such as catastrophic cascading failure in MGs.For example, the blackout of Ukraine’s power grid in December 2015 was recognized as a milestone cyberattack on power systems [22].Specific cyberattacks include false data injection, deception, and denial-ofservice attacks [23-26].Among these threats, false data injection (FDI) attacks are considered the most devastating because it can be easily implemented by attackers and made suitable for distributed secondary control.This study focuses on FDI attacks.Recently, approaches involving FDI-attack-resilient methods have been widely investigated.In [27], the authors proposed a novel adaptive consensus controller for ensuring uniform ultimate boundedness and resisting FDI attacks.However, the FDI attack modelled in [27] is a continuous-time attack that is difficult to launch in practice because of the limited resources.Therefore, stochastic FDI attacks that obey a Bernoulli distribution were systematically modelled in[28],where an event-triggered observer-based control algorithm was designed to achieve H∞consensus and fault detection under FDI attacks.However,such an algorithm highly relies on a specific mathematical model and is not suitable for any uncertainty scenarios.The main drawbacks of the current studies are as follows:

1) The existing self-triggered controller still requires continuous listening to determine the next triggering instant.

2) Continuous FDI-based attack-resilient methods are not always practical because of their limited energy.

These analyses motivated the present study to propose a hash-based FDI attack-resilient distributed self-triggered control strategy for further reducing communication costs and improving the resilience of attack-oriented MGs.The main contributions of this study are as follows:

1) We propose a linear clock-based distributed selftriggered mechanism for local active power sharing and frequency restoration, which addresses the lowcost secondary control problem.Specifically, by this self-triggered design, the control objectives can be achieved with aperiodic and intermittent control actions,highly reducing the monitoring and communication costs while excluding Zeno behavior.

2) We investigate the Bernoulli distribution-based random FDI attacks, which are more widespread and practical for the distributed self-triggered controller.By establishing the random FDI attack model, we analyze the principle of how random FDI attacks manipulate transmission data, which lays the essential foundation for the design of attack-resilient algorithms.

3) We propose a hash-based defense mechanism(HDM) to counter against random FDI attacks on the communication network of the self-triggered secondary control system.Utilizing the HDM, random FDI attacks can be distinguished and eliminated effectively, significantly enhancing the attack resilience of MGs.

The remainder of this paper is organized as follows:Preliminaries of the microgrids system model are presented in Section 1.Our main strategies related to ternary selftriggered controllers, random FDI attack model, and HDM are introduced in Section 2.Numerical simulations using the MATLAB/Simulink toolbox are performed to validate the effectiveness of the proposed control scheme in Section 3.Finally, the conclusions are presented in Section 4.

1 Control system in microgrids

In this section,we briefly introduce the hierarchical control structure and the distributed secondary control required for modelling MGs systems.

1.1 Hierarchical control structure

A three-level hierarchical control structure with different timescales is always implemented for enhancing the stability and resilience of the islanded MGs.

Primary control using a droop-control mechanism plays a prominent role in balancing loads and generations.The droop characteristics can be generalized as

where ωni and V ni refer to the primary frequency and voltage references of DG i, respectively; ωi and υi refer to the frequency and voltage amplitude, respectively; Qi and Pi represent the measured reactive power and active power at the terminal of the ith DG, respectively; and nqi and mpi represent the droop coefficients.

However, the droop controller may inevitably cause deviations in frequency and voltage.Therefore, secondary control is required for eliminating deviations caused by droop-based primary control, whereas simultaneously guaranteeing accurate active power sharing among DGs.The secondary control sets references ωni and V ni separately to regulate the frequency and voltage amplitude to the rated values.Therefore, the following secondary targets can be achieved, taking the ω-P secondary control as an example.

where i=1,2,···,n, and ωref is set to 50 Hz.

Tertiary control attaches greater importance to the economic dispatch and optimal management of MGs.Further, we did not discuss tertiary control in this study because the priority objective of the islanded MGs is for maintaining operational stability.

1.2 Distributed secondary control strategy

A distributed control structure improves the resilience of MGs because of its improved reliability, flexibility,and scalability.This structure achieves global objectives only through local control and neighboring communication, and therefore, a communication network is required for realizing distributed secondary control.

1) Preliminaries of Graph Theory: The communication network topology is mathematically represented by anundirectedgraphG= （V,E）,where V = {1,2,...,n} represents a nonempty finite set of nodes, and edges E ⊆V ×V, respectively.If DG i obtains the information from DG j,correspondingly,DG j is called the DG i’s neighbor.The neighbor set of DG i is denoted by Ni = {j|（ i,j）∈E}.The adjacency matrix associated with graph G is defined as A=[aij],where aij =1 if （i,j ）∈E,and aij =0 otherwise.Meanwhile, the degree matrix is expressed as D=diag {di }∈Rn×n with elements di =∑j∈Niaij.This topology is a connected proximity graph that depends on the states of all DGs and is determined locally for each DG in this passage.

2) Implementation of distributed secondary control:The aim of secondary frequency control can be transformed into consensus behavior, which indicates that the frequency asymptotically converges to 50 Hz.Each DG generates active power based on a fair utilization profile.Differentiating the secondary frequency control shown in Eq.(1), we obtain

where uωi represents an auxiliary frequency control input determined by the information of DG i and its neighbors.Accordingly, uωi is formulated as

where kω ＞0 denotes the frequency-coupling gain.The pinning gain bi =1 implies that DG i is connected to reference.According to Eqs.(4)and(5),ωni can be written as

Meanwhile, the active power of DGs is expected to be allocated according to Eq.(3).Consequently, upi is

where kp ＞0 represents the active power-coupling gain.Combining Eqs.(5) and (7), Eq.(6) becomes

The traditional distributed secondary control strategies mentioned above require each DG for continuously calculating the secondary control inputs and communicating with its neighbors, which is a wasteful use of limited resources.Further, secondary control systems are exposed to threats of operational degradation caused by hackers,which can jeopardize the performance of MGs.We devised a distributed self-triggered secondary control scheme for reducing the communication burden to address this issue.We delved into how FDI attacks affect the control system and implemented protective measures to counteract these abominable effects.

2 Resilient hash-based distributed self-triggered control schemes

In this section,we present our main strategies for establishing a distributed self-triggered secondary controller design, random FDI attack model, and hash-based FDI attack-resilient mechanism.

2.1 Distributed self-triggered controller design

We propose a linear clock-based self-triggered control protocol for achieving secondary control tasks and minimizing communication requirements.The controller design is as follows:

1) Frequency restoration: The first priority task is to maintain the stable operation of the system, and therefore,it is reasonable to use local frequency control for frequency synchronization.That is,

where kP and kI represent the proportional and integral coefficients of the controller, respectively.

2) For active po---wer sharing: A linear clock-based self-triggered control protocol was proposed for each DG to balance the active power among the DGs according to a fair utilization profile in a fully distributed manner.

We design the self-triggered system∈R3n satisfying the evolution

where mpiPi represents the active power state variable of DG i; uij represents the local active power control input determined by the relative difference between DG i and DG j, which belongs to set; and θij represents the clock variable on the specific communication link（i,j ）∈E.

The corresponding update rule is as follows:

When θij reaches 0,DG i asks for the active power state of DG j,updates the control input uij,and resets the clock variable θij concurrently.For brevity, we defineas the relative active power difference between DGs i and j.

The update protocol of control input uij is defined as

wheresatisfies.

where sign（·） represents a sign function, and γ represents a positive constant.The sensitivity parameter ε determines the final consensus region.In addition, the update law of the clock variable θij is given by

where

The equations above indicate that uij and θij are updated simultaneously because of the value of when the communication link （i,j ）∈E works normally.

Further, θij =θji and uij =-uji are guaranteed because conditionshold,combined with Eqs.(10)-(14).

Accordingly, the self-triggered time instants can be expressed as

where andrefer to the （k+1） th and kth selftriggered time instants, respectively.

2.2 Bernoulli distribution-based random FDI attack model

Considering the communication line from DG i to DG j,the FDI attack on a one-way communication link in conventional distributed secondary control can be defined as

where and Pi represent the compromised and real active power transmitted from DG i to DG j,respectively.Further, δij is injected with false data that satisfy, where represents a known positive scalar.

By this definition, attackers may hijack transmission data aggressively,causing significant disruption and instability in islanded MGs.However, it is not rational for attackers to initiate the FDI attack shown in(16)in a distributed self-triggered secondary control system because the triggering time instants of the self-triggered controller are aperiodic and irregular.Even if FDI attackers can capture transmission data by continuously monitoring communication links, they are unlikely to intercept data because of their faster transmission speed.The DGs can quickly detect the injections if attackers constantly inject false data into a controlled communication channel.Further, continuous attacks are difficult to initiate because attackers have limited energy and power.A random FDI attack can result in severe consequences (e.g., frequency instability and power outages), warranting further investigation.Therefore, we focus on the Bernoulli distributionbased random FDI attack model with the following assumptions.

Assumption 1. In this paper, FDI attacks on multi- communication links are comprehensively considered.Owing to the limited energy in actual scenarios, the appearance of FDI attacks is random.Furthermore, the injected false data is often a ‘‘mild”one to prevent being easily detected.

The independent variable Γij（t） indicates whether the communication link （i,j ）is subject to FDI attacks at time t,and it is expressed as

An FDI attack more applicable in a distributed selftriggered control structure can be mathematically constructed as

Γij was designed to fulfill a Bernoulli distribution to better model practical random FDI attacks.This was expressed as

where pij denotes the probability of Γij =1.pij is a scalar predesigned using pij ∈[0,1 ）.

Fig.1 shows a schematic of attackers that manipulates false data via communication channels in a distributed self-triggered secondary control system.Consequently,we can conclude that it is challenging to detect false injection data because of self-triggered communication, which motivated us to investigate a viable solution for the timely screening of false injection data.

2.3 Hash-based FDI attack-resilient scheme

DG i cannot be aware of the time instants when it receives the state information from DG j because of the aperiodic and intermittent communication of the selftriggered control.Further, time intervals between any two adjacent time instants are sufficiently large to perform a simple computation.These qualities prompt us to investigate an attack-resilient policy for determining whether islanded MGs suffer from FDI attacks and eliminate invasive FDI attacks.

The FDI attacks on distributed control systems are always stealthy because the system lacks a global information perspective.To achieve our goal, we designed the HDM according to the following principle considering the hash algorithm with the characteristics of security,unidirectionality, and sensitivity [29]: Each DG transmits its own active power value and its corresponding hash code generated by the hash algorithm to its neighbors.The receiver performs the hash algorithm for the received active power value after neighboring DGs receive the corresponding data packet, and then, we obtain a new hash code and compare it with the received hash code for identifying the correctness of the transmission data.When the two hash codes are unequal,it is detected as an FDI attack signal.Therefore, the key issue is properly designing the hash algorithm to meet the requirements for a one-toone correspondence between the hash code and active power value.

We first need to perform a binary switch before designing the hash algorithm.The binary number of DG j’s active power value is defined as（Pj）2 =Bpj.Therefore,the hash algorithm can be expressed as

Fig.1 Schematic of secondary control under random FDI attack.

where H（Bpj） returns Bpj shifted to the left by three bits,equivalent to multiplying by 23, which is abbreviated as Hj in the remainder of this paper.Therefore, the binary hash code of the active power sender DG j is represented by Pj →Hj.

Considering DG i as an example, DG j is called the neighbor of DG i.For the information sender DG j, the active power value and its hash code must be delivered to the neighbors of DG i at each successful triggering time instant, i.e., θij （t）=0.Furthermore, we execute the hash algorithm for one of the received data such that when the information receiver DG i receives the data packet sent from DG j.Comparing and Hj, we conclude that if =Hj, then, otherwise λij （t）=0, which indicates the successful detection of stealthy FDI attacks.HDM copes with corrupt transmission data introduced by malicious FDI attacks on communication links in islanded MGs.

Fig.2 illustrates the hash-based FDI attack-resilient distributed self-triggered control scheme.

Theorem 1.Define each DG is equipped with the active power sharing system demonstrated as Eq.(10), triggered according to(15),assuming that the communication network G is connected and undirected, and the FDI attack of (18).The active power sharing control objective (3) can be achieved asymptotically with a desired small convergence error whether the system is attacked.Specifically,

where mpP* refers to the equilibrium point of active power.By selecting ε, the magnitude of convergence area can be arbitrary small as desired.

Fig.2 Illustration of hash-based FDI attack-resilient self-triggered control.

Remark 1.Eq.(21) indicates that active power can converge to the ε- neighborhood of a consensus.However, the ‘‘disagreement”can be turned as small as desired by choosing a sufficiently small ε.If ε is selected to be zero,the proposed strategy degrades to the usual average consensus control.Eq.(21) implies that ε determines the number of triggering times.The larger the value of the selected ε,the lower is the triggering times.Therefore,there is a trade-offbetween the convergence error and triggering times.

Proof of Theorem 1. For every t ≥0 and γ ＞0,a valid candidate Lyapunov function V（t） is designed as

Therefore, the time derivative of Lyapunov function V （t ） is

Substituting Eqs.(9)-(11) into Eq.(23), we obtain

Hence,by combining Eqs.(25)and(26),Eq.(23)can be rewritten as

because of γ ＞0, where is strictly negative definite.

Note that there exists a finite-time T*such that for every（i ,j）∈E andAccording to Eqs.(10)-(14), it is easy to determine that the local control input upi is zero and the active power state variable mpiPi is constant for t ≥T*, implying the convergence of the hash-based FDI attack-resilient self-triggered control algorithm.Further,the Zeno behavior can be avoided because of Eqs.(14) and(15),where the convergence error ε is not an infinitesimal number.

Considering the Bernoulli distribution-based random FDI attack scenario modelled as Eq.(18), the malicious data injected into the communication link can be detected effectively by comparing the sent and received hash values.Therefore, the active power state variable mpiPi （t ） converges to the equilibrium point mpP* by utilizing the HDM expressed in Eq.(20),regardless of whether the system is attacked.

The proof is complete.

Two subsystems should be installed in each DG by applying the HDM: one for the hash algorithm and the other for verifying two hash codes before and after the hash algorithm.These two subsystems allow each DG to recognize random FDI attacks injected into a communication link under persistent perturbations.Therefore, HDM can withstand any type of random FDI attack (including unbounded attacks).Further, the hash algorithm contains only binary left-shift mathematical operations and verification of transmission data authenticity, involving only three-time and one-time fixed costs, respectively.Therefore, HDM does not cause an apparent time delay that influences the operation of MGs.In contrast, the performance of the hash-based FDI attack-resilient mechanism is ‘‘intelligently” ameliorated, which is a significant advantage.

For clarity,the detailed steps of the proposed HDM are summarized in Algorithm 1.

Fig.3 Communication structure of the islanded microgrid test system.

Algorithm 1 Hash-based FDI attack-resilient self-triggered control protocol

1Initialization: For DG i and j ∈Ni, set clock and variable θij （0 ）=0, detection function λij （0 ）=1,control input uij （0 ）=0 2for i = 1 to n do 3for j ∈Ni do 4 while θij （t）＞0 do 5 DG i applies the control input upi （t）=∑j∈Niuij （t ）;update θij according to ˙θij =-1;6 end while 7 if θij （t ）=0 then 8 active power information sender DG j;9 do hash transformation for Pj →Hj;10send data package （Pj,Hj） to DG i;11active power information receiver DG i;12if （Pj,Hj） information is received then 13do hash transformation for P′j →H′j;14if H′j =Hj then 15λij （t）=1;16update uij （t） and θij （t）;17else 18λij （t）=0;19refuse Pj 20waiting for next triggering 21end if 22end if 23end if 24end for 25end for

3 Case study

In this section, we validate the effectiveness of the proposed hash-based FDI attack-resilient distributed selftriggered secondary control scheme by simulating an islanded MG using the MATLAB/Simulink toolbox.The communication structure of the islanded MG test system is shown in Fig.3.This structure consists of four DGs communicating with each other via a bidirectional communication network.The parameters of the islanded MG test system are listed in Table 1.The frequency coupling gain kω in Eq.(5) and control input parameter γ in Eq.(12)are set to 40 and 0.2,respectively.Similarly,the reference frequency and convergent region of the active power are set as ωref =50 Hz and ε=0.01, respectively.

We simulated sudden load changes in the test MG and scenarios for different attacked communication links,probabilities of attacks, and attack forms to verify the effectiveness and feasibility of the proposed controller, as will be verified later.

Table 1 Parameters of the microgrids test system.

DG1 & DG2 (10.64 kW)DG3 & DG4 (8.0 kW)DGsmp9.4 × 10-5mp12.5 × 10-5 Rc0.2Rc0.2 Lc3 × 10-3Lc3 × 10-3 Line 1 & 3Line 2 LinesRline1&30.23Rline20.35 Lline1&30.318 × 10-3Lline21.847 × 10-3 LoadsPload115.6 × 103Pload215.6 × 103

The simulation process is devised as follows: 1)t= 0 s,the MG operates in an islanded mode; 2) t = 1 s, the proposed hash-based FDI attack-resilient distributed selftriggered controller is activated; 3) t = 2 s, load 1 is suddenly decreased by 3 kW; 4) t = 3.5 s, the random FDI attack is launched; and 5) t = 5 s, load 1 is suddenly increased to 3 kW.The overall simulation duration is set to 7 s.

3.1 Case A: All communication links under FDI attacks with different probabilities

Given scenarios in which all communication links are attacked with different probabilities, we demonstrate the robustness of the proposed strategy.

Case A.1 (All communication links under attacks withIn this case, we inject false data|δij|=0.1 kW on communication links between DG i and DG j with = 0.1, where i,j=1,2...n.Using δij =-δji =0.1(kW) was used for simulating an odious environment.

Fig.4.Performances under random FDI attacks with|δij|=0.1 kW and= 0.1 without the implementation of HDM.

Fig.4 shows the frequency stability and active powersharing performance of the self-triggered controllers without HDM implementation.Fig.4(a)shows the frequencies of the DGs deviating from the reference value caused by the droop-based primary control when the microgrid operates in the islanded mode.The secondary control objectives are satisfied between t ∈[2,3.5] s, which verifies the effectiveness of the proposed distributed self-triggered control scheme.However, in the presence of FDI attacks, the frequency cannot be maintained at 50 Hz.Meanwhile,the active power value of each DG diverges and exceeds a predefined threshold because of the effect of random FDI attacks launched after t=3.5 s.In other words, FDI attacks result in the vulnerability of microgrids.

Fig.5.Performances under random FDI attacks with|δij|=0.1 kW and= 0.1 with the implementation of HDM.

Fig.5 shows the performance of self-triggered controllers that adopted the proposed HDM, indicating that this mechanism further enhanced the stability of the distributed network under random FDI attacks.Comparing Fig.4.and 5 revealed that, especially in the time intervals described as t ∈[3.3,4.3] s, the HDM can maintain frequency stability and ensure accurate active power sharing in preset stable ranges regardless of the existence of random FDI attacks.The proposed hash-based FDI attackresilient law can effectively detect FDI attacks, consequently eliminating their negative effects.

Case A.2 (All communication links under attacks withIn this case,the remaining parameters are the same except for the conditions that described P {Γij =1}= 0.3 as different from Case A.1.

The frequency and active power responses without any protection are shown in Fig.6, and the simulation results after applying the HDM are shown in Fig.7.

Fig.6(a) and (b) indicate that random attacks withlead to the loss of the desired frequency and active power allocation, where the frequency deviates from 50 Hz and exhibits oscillatory behavior for the active power.Further, it is observed that the frequency in Fig.4 withhas more slight deviations from 50 Hz than that in Fig.6.Fig.4 and Fig.6 show that a higher probability of attacks can lead to more severe consequences.

Fig.6.Performances under random FDI attacks with|δij|=0.1 kW and= 0.3 without the implementation of HDM.

Fig.7.Performances under random FDI attacks with|δij|=0.1 kW and= 0.3 with the implementation of HDM.

Fig.7 shows that frequencies of the DGs units were restored to 50 Hz after applying HDM at t=3.5 s.Meanwhile,the active power output radios of the DGs units are retrieved within a specific convergence range of ε=0.01.

Fig.8(a)shows that the triggering time instants of DG i and DG j under self-triggered controllers are aperiodically and intermittently between t ∈[2.0,3.0] s.Fig.8.(b) and(c)show the triggering time instants of each pair of distinct DGs under self-triggered controllers without and with the implementation of HDM between t ∈[3.4,3.8] s, respectively.Controllers without the utilization of HDM lead to aperiodic and less triggering, especially after t=3.5 s.That is attributed to FDI attacks that make ≥ε,enlarging the time interval between triggers at a steady state.However,random false data injection results in more significant deviation and irregular triggering time instants,causing huge fluctuations and dramatic floats.Therefore,the HDM-based detection and mitigation method plays an essential role in ensuring performances of the secondary control.

3.2 Case B: Communication links under unbounded time-varying FDI attacks

In this subsection, we validate the effectiveness of the HDM under unbounded time-varying FDI attacks.Further,we consider a scenario in which attackers manipulate all communication links and replace the actual active power with unbounded time-varying additional false data represented as δij =-δji =0.5（t-3.5） kW at t=3.5 s with the probabilities of

Fig.8.Self-triggered time instants of each pair of DG under random FDI attacks with |δij|=0.1 kW and = 0.3.

Fig.9(a)illustrates that active power values are dramatically undermined for compromised DGs as malicious data is introduced at t=3.5 s.Each DG fails to operate back to the normal states simultaneously.Performances of active power under unbounded time-varying attacks are more severe than the scenario described in case A.As shown in Fig.9(b), after the designed HDM is applied,the active power between DGs is reasonably allocated based on the droop coefficients.The active power can converge into a steady-state even under the bounded time-vary FDI attacks in the islanded MG test system.The desired synchronization of the active power from DG 1 to 4 can still be achieved regardless of the FDI attack forms,ensuring the stable operation of the system.Compared to Fig.6,unbounded time-vary FDI attacks can lead to more severe effects on the active power sharing of the microgrids.We conclude that HDM will successfully prevent the detrimental impact of FDI attacks irrespective of the attack forms.

Fig.9.Active power performances under random FDI attacks with|δij|=0.5（t-3.5） kW and = 0.3.

4 Conclusion

This study stresses the issues of P -ω secondary control in islanded MGs using a self-triggered mechanism under random FDI attacks.We firstly design a linear clock-based distributed self-triggered scheme for achieving active power sharing among the DGs and local frequency restoration.The designed self-triggered mechanism can significantly reduce communication and computational burdens.The false data injected into the MGs can be easily detected and eliminated by designing the HDM.This method is flexible and can be applied to many systems,including, but not limited to, control systems with aperiodic and intermittent communications.The simulation results validate that this hash-based FDI attack-resilient method can significantly enhance the resilience of microgrids to any form of random FDI attacks.

Future work include the designs of attack-resilient algorithms under a directed topology and for continuous attacks on the controller and measurement components.In the future, we focus on various attack scenarios such as DoS, latency, and replay attacks.

CRediT authorship contribution statement

Xing Huang:Writing-review&editing,Writing-original draft, Validation, Resources, Project administration,Methodology.Yulin Chen: Writing - review & editing,Resources, Investigation, Conceptualization.Donglian Qi: Writing - review & editing, Validation, Supervision,Investigation, Formal analysis.Yunfeng Yan: Writing -review & editing, Visualization, Investigation.Shaohua Yang: Writing - review & editing.Ying Weng: Software,Resources, Methodology.Xianbo Wang: Resources.

Declaration of competing interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgments

This work was supported by Hainan Provincial Natural Science Foundation of China (No.524RC532), Research Startup Funding from Hainan Institute of Zhejiang University (No.0210-6602-A12202) and Project of Sanya Yazhou Bay Science and Technology City (No.SKJC-2022-PTDX-009/010/011).