logoGlobal Energy Interconnection

Contents

Figure(0

    Tables(0

      Global Energy Interconnection

      Volume 8, Issue 1, Feb 2025, Pages 1-12
      Ref.

      Hash-based FDI attack-resilient distributed self-triggered secondary frequency control for islanded microgrids☆

      Xing Huanga ,Yulin Chenb,* ,Donglian Qia,b,* ,Yunfeng Yana,b ,Shaohua Yangc ,Ying Wenga ,Xianbo Wangb
      ( a College of Electrical Engineering, Zhejiang University, Hangzhou 310027, PR China , b Hainan Institute of Zhejiang University, Sanya 572000, PR China , c State Key Laboratory of Internet of Things for Smart City, University of Macau, 999078, Macao Special Administrative Region of China )

      Abstract

      Abstract Given the rapid development of advanced information systems,microgrids(MGs)suffer from more potential attacks that affect their operational performance.Conventional distributed secondary control with a small, fixed sampling time period inevitably causes the wasteful use of communication resources.This paper proposes a self-triggered secondary control scheme under perturbations from false data injection(FDI)attacks.We designed a linear clock for each DG to trigger its controller at aperiodic and intermittent instants.Subsequently,a hash-based defense mechanism(HDM)is designed for detecting and eliminating malicious data infiltrated in the MGs.With the aid of HDM,a self-triggered control scheme achieves the secondary control objectives even in the presence of FDI attacks.Rigorous theoretical analyses and simulation results indicate that the introduced secondary control scheme significantly reduces communication costs and enhances the resilience of MGs under FDI attacks.©2025 Global Energy Interconnection Group Co.Ltd.Publishing services by Elsevier B.V.on behalf of KeAi Communications Co.Ltd.This is an open access article under the CC BY-NC-ND license(http://creativecommons.org/licenses/by-nc-nd/4.0/).

      0 Introduction

      Deep integration of cyber networks and physical power grids has fueled the development of cyber-physical systems(CPSs) [1,2].AC microgrids (MGs) are typical active distribution network CPSs that inherit CPS characteristics[3,4]; however, the pervasive application of advanced information technology in MGs is a double-edged sword:on the one hand, it provides numerous benefits such as greater flexibility,reliability,and adaptability for the operation of MGs; on the other hand, it poses a higher risk to the security and resilience of MGs, especially for a more complicated external environment [5].

      MGs can operate in both grid-connected and islanded modes.A hierarchical control structure is recognized as an effective scheme that comprises three control levels:primary,secondary,and tertiary[6].Among them,secondary control is more crucial for the reliable operation of MGs in the islanded mode because the priority objective of islanded MGs is maintaining operational stability.Secondary controls can be classified into centralized[7],decentralized [8], and distributed categories [9].Centralized secondary control demands a strong control center and complicated one-to-all communication network for achieving the secondary control goal; however, it suffers from a single point of failure and has very poor scalability.In contrast, decentralized secondary control achieves the control objectives locally without involving any communication;however,it cannot support the precise optimization of the global objectives.However, distributed secondary control combines the advantages of local control and neighboring communication,which is in line with the practical applications of MGs.Therefore, we pay more attention to the distributed secondary control [10].

      Several distributed secondary control strategies have been investigated to achieve the secondary control of MGs in a distributed manner [11-13].However, all aforementioned distributed secondary control strategies are based on continuous-time controllers, which consume large amounts of communication and computational resources when the MGs enter steady-state operation.The overuse of communication bandwidth can result in communication congestion and increased costs,which aids in developing a method for the discrete and aperiodic communication mode [14].

      Consequently, event-triggered communication protocols are introduced for addressing these issues (such as resource-wasting).Existing studies have revealed that event-triggered communication mechanisms can significantly reduce data transmission burden while maintaining preset operation performance in MGs[10,14-17].In[14],a distributed event-triggered control strategy with proper checking conditions was proposed for achieving frequency restoration and fair power-sharing simultaneously.In[17],an event-triggered control method was adopted for addressing the power-sharing problem in grid-connected AC MGs.However, each DG embedded with an eventtriggered communication mechanism requires a dedicated observer for detecting real-time triggering conditions.This can significantly increase monitoring consumption through hardware devices.In addition, Zeno behavior[18]should be explicitly excluded by ensuring that the minimum adjacent event interval is greater than zero, which cannot be easily guaranteed.

      Taking the aforementioned problems into account,selftriggered control is considered a better solution.With the aid of self-triggered control,each DG automatically calculates the next triggering instant based on the current states[19-21].However,continuous listening is required because the corresponding triggering instant is calculated during runtime in[19,20].A local clock variable is introduced into the self-triggered controller for avoiding redundant surveillance and listening.

      Although self-triggered controllers can significantly reduce the monitoring and communication burden, they are still disturbed by various cyberattacks and cause system-wide effects such as catastrophic cascading failure in MGs.For example, the blackout of Ukraine’s power grid in December 2015 was recognized as a milestone cyberattack on power systems [22].Specific cyberattacks include false data injection, deception, and denial-ofservice attacks [23-26].Among these threats, false data injection (FDI) attacks are considered the most devastating because it can be easily implemented by attackers and made suitable for distributed secondary control.This study focuses on FDI attacks.Recently, approaches involving FDI-attack-resilient methods have been widely investigated.In [27], the authors proposed a novel adaptive consensus controller for ensuring uniform ultimate boundedness and resisting FDI attacks.However, the FDI attack modelled in [27] is a continuous-time attack that is difficult to launch in practice because of the limited resources.Therefore, stochastic FDI attacks that obey a Bernoulli distribution were systematically modelled in[28],where an event-triggered observer-based control algorithm was designed to achieve Hconsensus and fault detection under FDI attacks.However,such an algorithm highly relies on a specific mathematical model and is not suitable for any uncertainty scenarios.The main drawbacks of the current studies are as follows:

      1) The existing self-triggered controller still requires continuous listening to determine the next triggering instant.

      2) Continuous FDI-based attack-resilient methods are not always practical because of their limited energy.

      These analyses motivated the present study to propose a hash-based FDI attack-resilient distributed self-triggered control strategy for further reducing communication costs and improving the resilience of attack-oriented MGs.The main contributions of this study are as follows:

      1) We propose a linear clock-based distributed selftriggered mechanism for local active power sharing and frequency restoration, which addresses the lowcost secondary control problem.Specifically, by this self-triggered design, the control objectives can be achieved with aperiodic and intermittent control actions,highly reducing the monitoring and communication costs while excluding Zeno behavior.

      2) We investigate the Bernoulli distribution-based random FDI attacks, which are more widespread and practical for the distributed self-triggered controller.By establishing the random FDI attack model, we analyze the principle of how random FDI attacks manipulate transmission data, which lays the essential foundation for the design of attack-resilient algorithms.

      3) We propose a hash-based defense mechanism(HDM) to counter against random FDI attacks on the communication network of the self-triggered secondary control system.Utilizing the HDM, random FDI attacks can be distinguished and eliminated effectively, significantly enhancing the attack resilience of MGs.

      The remainder of this paper is organized as follows:Preliminaries of the microgrids system model are presented in Section 1.Our main strategies related to ternary selftriggered controllers, random FDI attack model, and HDM are introduced in Section 2.Numerical simulations using the MATLAB/Simulink toolbox are performed to validate the effectiveness of the proposed control scheme in Section 3.Finally, the conclusions are presented in Section 4.

      1 Control system in microgrids

      In this section,we briefly introduce the hierarchical control structure and the distributed secondary control required for modelling MGs systems.

      1.1 Hierarchical control structure

      A three-level hierarchical control structure with different timescales is always implemented for enhancing the stability and resilience of the islanded MGs.

      Primary control using a droop-control mechanism plays a prominent role in balancing loads and generations.The droop characteristics can be generalized as

      where ωni and V ni refer to the primary frequency and voltage references of DG i, respectively; ωi and υi refer to the frequency and voltage amplitude, respectively; Qi and Pi represent the measured reactive power and active power at the terminal of the ith DG, respectively; and nqi and mpi represent the droop coefficients.

      However, the droop controller may inevitably cause deviations in frequency and voltage.Therefore, secondary control is required for eliminating deviations caused by droop-based primary control, whereas simultaneously guaranteeing accurate active power sharing among DGs.The secondary control sets references ωni and V ni separately to regulate the frequency and voltage amplitude to the rated values.Therefore, the following secondary targets can be achieved, taking the ω-P secondary control as an example.

      where i=1,2,···,n, and ωref is set to 50 Hz.

      Tertiary control attaches greater importance to the economic dispatch and optimal management of MGs.Further, we did not discuss tertiary control in this study because the priority objective of the islanded MGs is for maintaining operational stability.

      1.2 Distributed secondary control strategy

      A distributed control structure improves the resilience of MGs because of its improved reliability, flexibility,and scalability.This structure achieves global objectives only through local control and neighboring communication, and therefore, a communication network is required for realizing distributed secondary control.

      1) Preliminaries of Graph Theory: The communication network topology is mathematically represented by anundirectedgraphG= (V,E),where V = {1,2,...,n} represents a nonempty finite set of nodes, and edges E ⊆V ×V, respectively.If DG i obtains the information from DG j,correspondingly,DG j is called the DG i’s neighbor.The neighbor set of DG i is denoted by Ni = {j|( i,j)∈E}.The adjacency matrix associated with graph G is defined as A=[aij],where aij =1 if (i,j )∈E,and aij =0 otherwise.Meanwhile, the degree matrix is expressed as D=diag {di }∈Rn×n with elements di =∑j∈Niaij.This topology is a connected proximity graph that depends on the states of all DGs and is determined locally for each DG in this passage.

      2) Implementation of distributed secondary control:The aim of secondary frequency control can be transformed into consensus behavior, which indicates that the frequency asymptotically converges to 50 Hz.Each DG generates active power based on a fair utilization profile.Differentiating the secondary frequency control shown in Eq.(1), we obtain

      where uωi represents an auxiliary frequency control input determined by the information of DG i and its neighbors.Accordingly, uωi is formulated as

      where kω >0 denotes the frequency-coupling gain.The pinning gain bi =1 implies that DG i is connected to reference.According to Eqs.(4)and(5),ωni can be written as

      Meanwhile, the active power of DGs is expected to be allocated according to Eq.(3).Consequently, upi is

      where kp >0 represents the active power-coupling gain.Combining Eqs.(5) and (7), Eq.(6) becomes

      The traditional distributed secondary control strategies mentioned above require each DG for continuously calculating the secondary control inputs and communicating with its neighbors, which is a wasteful use of limited resources.Further, secondary control systems are exposed to threats of operational degradation caused by hackers,which can jeopardize the performance of MGs.We devised a distributed self-triggered secondary control scheme for reducing the communication burden to address this issue.We delved into how FDI attacks affect the control system and implemented protective measures to counteract these abominable effects.

      2 Resilient hash-based distributed self-triggered control schemes

      In this section,we present our main strategies for establishing a distributed self-triggered secondary controller design, random FDI attack model, and hash-based FDI attack-resilient mechanism.

      2.1 Distributed self-triggered controller design

      We propose a linear clock-based self-triggered control protocol for achieving secondary control tasks and minimizing communication requirements.The controller design is as follows:

      1) Frequency restoration: The first priority task is to maintain the stable operation of the system, and therefore,it is reasonable to use local frequency control for frequency synchronization.That is,

      where kP and kI represent the proportional and integral coefficients of the controller, respectively.

      2) For active po---wer sharing: A linear clock-based self-triggered control protocol was proposed for each DG to balance the active power among the DGs according to a fair utilization profile in a fully distributed manner.

      We design the self-triggered system∈R3n satisfying the evolution

      where mpiPi represents the active power state variable of DG i; uij represents the local active power control input determined by the relative difference between DG i and DG j, which belongs to set; and θij represents the clock variable on the specific communication link(i,j )∈E.

      The corresponding update rule is as follows:

      When θij reaches 0,DG i asks for the active power state of DG j,updates the control input uij,and resets the clock variable θij concurrently.For brevity, we defineas the relative active power difference between DGs i and j.

      The update protocol of control input uij is defined as

      wheresatisfies.

      where sign(·) represents a sign function, and γ represents a positive constant.The sensitivity parameter ε determines the final consensus region.In addition, the update law of the clock variable θij is given by

      where

      The equations above indicate that uij and θij are updated simultaneously because of the value of when the communication link (i,j )∈E works normally.

      Further, θijji and uij =-uji are guaranteed because conditionshold,combined with Eqs.(10)-(14).

      Accordingly, the self-triggered time instants can be expressed as

      where andrefer to the (k+1) th and kth selftriggered time instants, respectively.

      2.2 Bernoulli distribution-based random FDI attack model

      Considering the communication line from DG i to DG j,the FDI attack on a one-way communication link in conventional distributed secondary control can be defined as

      where and Pi represent the compromised and real active power transmitted from DG i to DG j,respectively.Further, δij is injected with false data that satisfy, where represents a known positive scalar.

      By this definition, attackers may hijack transmission data aggressively,causing significant disruption and instability in islanded MGs.However, it is not rational for attackers to initiate the FDI attack shown in(16)in a distributed self-triggered secondary control system because the triggering time instants of the self-triggered controller are aperiodic and irregular.Even if FDI attackers can capture transmission data by continuously monitoring communication links, they are unlikely to intercept data because of their faster transmission speed.The DGs can quickly detect the injections if attackers constantly inject false data into a controlled communication channel.Further, continuous attacks are difficult to initiate because attackers have limited energy and power.A random FDI attack can result in severe consequences (e.g., frequency instability and power outages), warranting further investigation.Therefore, we focus on the Bernoulli distributionbased random FDI attack model with the following assumptions.

      Assumption 1. In this paper, FDI attacks on multi- communication links are comprehensively considered.Owing to the limited energy in actual scenarios, the appearance of FDI attacks is random.Furthermore, the injected false data is often a ‘‘mild”one to prevent being easily detected.

      The independent variable Γij(t) indicates whether the communication link (i,j )is subject to FDI attacks at time t,and it is expressed as

      An FDI attack more applicable in a distributed selftriggered control structure can be mathematically constructed as

      Γij was designed to fulfill a Bernoulli distribution to better model practical random FDI attacks.This was expressed as

      where pij denotes the probability of Γij =1.pij is a scalar predesigned using pij[0,1 ).

      Fig.1 shows a schematic of attackers that manipulates false data via communication channels in a distributed self-triggered secondary control system.Consequently,we can conclude that it is challenging to detect false injection data because of self-triggered communication, which motivated us to investigate a viable solution for the timely screening of false injection data.

      2.3 Hash-based FDI attack-resilient scheme

      DG i cannot be aware of the time instants when it receives the state information from DG j because of the aperiodic and intermittent communication of the selftriggered control.Further, time intervals between any two adjacent time instants are sufficiently large to perform a simple computation.These qualities prompt us to investigate an attack-resilient policy for determining whether islanded MGs suffer from FDI attacks and eliminate invasive FDI attacks.

      The FDI attacks on distributed control systems are always stealthy because the system lacks a global information perspective.To achieve our goal, we designed the HDM according to the following principle considering the hash algorithm with the characteristics of security,unidirectionality, and sensitivity [29]: Each DG transmits its own active power value and its corresponding hash code generated by the hash algorithm to its neighbors.The receiver performs the hash algorithm for the received active power value after neighboring DGs receive the corresponding data packet, and then, we obtain a new hash code and compare it with the received hash code for identifying the correctness of the transmission data.When the two hash codes are unequal,it is detected as an FDI attack signal.Therefore, the key issue is properly designing the hash algorithm to meet the requirements for a one-toone correspondence between the hash code and active power value.

      We first need to perform a binary switch before designing the hash algorithm.The binary number of DG j’s active power value is defined as(Pj2 =Bpj.Therefore,the hash algorithm can be expressed as

      Fig.1 Schematic of secondary control under random FDI attack.

      where H(Bpj) returns Bpj shifted to the left by three bits,equivalent to multiplying by 23, which is abbreviated as Hj in the remainder of this paper.Therefore, the binary hash code of the active power sender DG j is represented by Pj →Hj.

      Considering DG i as an example, DG j is called the neighbor of DG i.For the information sender DG j, the active power value and its hash code must be delivered to the neighbors of DG i at each successful triggering time instant, i.e., θij (t)=0.Furthermore, we execute the hash algorithm for one of the received data such that when the information receiver DG i receives the data packet sent from DG j.Comparing and Hj, we conclude that if =Hj, then, otherwise λij (t)=0, which indicates the successful detection of stealthy FDI attacks.HDM copes with corrupt transmission data introduced by malicious FDI attacks on communication links in islanded MGs.

      Fig.2 illustrates the hash-based FDI attack-resilient distributed self-triggered control scheme.

      Theorem 1.Define each DG is equipped with the active power sharing system demonstrated as Eq.(10), triggered according to(15),assuming that the communication network G is connected and undirected, and the FDI attack of (18).The active power sharing control objective (3) can be achieved asymptotically with a desired small convergence error whether the system is attacked.Specifically,

      where mpP* refers to the equilibrium point of active power.By selecting ε, the magnitude of convergence area can be arbitrary small as desired.

      Fig.2 Illustration of hash-based FDI attack-resilient self-triggered control.

      Remark 1.Eq.(21) indicates that active power can converge to the ε- neighborhood of a consensus.However, the ‘‘disagreement”can be turned as small as desired by choosing a sufficiently small ε.If ε is selected to be zero,the proposed strategy degrades to the usual average consensus control.Eq.(21) implies that ε determines the number of triggering times.The larger the value of the selected ε,the lower is the triggering times.Therefore,there is a trade-offbetween the convergence error and triggering times.

      Proof of Theorem 1. For every t ≥0 and γ >0,a valid candidate Lyapunov function V(t) is designed as

      Therefore, the time derivative of Lyapunov function V (t ) is

      Substituting Eqs.(9)-(11) into Eq.(23), we obtain

      Hence,by combining Eqs.(25)and(26),Eq.(23)can be rewritten as

      because of γ >0, where is strictly negative definite.

      Note that there exists a finite-time T*such that for every(i ,j)∈E andAccording to Eqs.(10)-(14), it is easy to determine that the local control input upi is zero and the active power state variable mpiPi is constant for t ≥T*, implying the convergence of the hash-based FDI attack-resilient self-triggered control algorithm.Further,the Zeno behavior can be avoided because of Eqs.(14) and(15),where the convergence error ε is not an infinitesimal number.

      Considering the Bernoulli distribution-based random FDI attack scenario modelled as Eq.(18), the malicious data injected into the communication link can be detected effectively by comparing the sent and received hash values.Therefore, the active power state variable mpiPi (t ) converges to the equilibrium point mpP* by utilizing the HDM expressed in Eq.(20),regardless of whether the system is attacked.

      The proof is complete.

      Two subsystems should be installed in each DG by applying the HDM: one for the hash algorithm and the other for verifying two hash codes before and after the hash algorithm.These two subsystems allow each DG to recognize random FDI attacks injected into a communication link under persistent perturbations.Therefore, HDM can withstand any type of random FDI attack (including unbounded attacks).Further, the hash algorithm contains only binary left-shift mathematical operations and verification of transmission data authenticity, involving only three-time and one-time fixed costs, respectively.Therefore, HDM does not cause an apparent time delay that influences the operation of MGs.In contrast, the performance of the hash-based FDI attack-resilient mechanism is ‘‘intelligently” ameliorated, which is a significant advantage.

      For clarity,the detailed steps of the proposed HDM are summarized in Algorithm 1.

      Fig.3 Communication structure of the islanded microgrid test system.

      Algorithm 1 Hash-based FDI attack-resilient self-triggered control protocol

      1Initialization: For DG i and j ∈Ni, set clock and variable θij (0 )=0, detection function λij (0 )=1,control input uij (0 )=0 2for i = 1 to n do 3for j ∈Ni do 4 while θij (t)>0 do 5 DG i applies the control input upi (t)=∑j∈Niuij (t );update θij according to ˙θij =-1;6 end while 7 if θij (t )=0 then 8 active power information sender DG j;9 do hash transformation for Pj →Hj;10send data package (Pj,Hj) to DG i;11active power information receiver DG i;12if (Pj,Hj) information is received then 13do hash transformation for P′j →H′j;14if H′j =Hj then 15λij (t)=1;16update uij (t) and θij (t);17else 18λij (t)=0;19refuse Pj 20waiting for next triggering 21end if 22end if 23end if 24end for 25end for

      3 Case study

      In this section, we validate the effectiveness of the proposed hash-based FDI attack-resilient distributed selftriggered secondary control scheme by simulating an islanded MG using the MATLAB/Simulink toolbox.The communication structure of the islanded MG test system is shown in Fig.3.This structure consists of four DGs communicating with each other via a bidirectional communication network.The parameters of the islanded MG test system are listed in Table 1.The frequency coupling gain kω in Eq.(5) and control input parameter γ in Eq.(12)are set to 40 and 0.2,respectively.Similarly,the reference frequency and convergent region of the active power are set as ωref =50 Hz and ε=0.01, respectively.

      We simulated sudden load changes in the test MG and scenarios for different attacked communication links,probabilities of attacks, and attack forms to verify the effectiveness and feasibility of the proposed controller, as will be verified later.

      Table 1 Parameters of the microgrids test system.

      DG1 & DG2 (10.64 kW)DG3 & DG4 (8.0 kW)DGsmp9.4 × 10-5mp12.5 × 10-5 Rc0.2Rc0.2 Lc3 × 10-3Lc3 × 10-3 Line 1 & 3Line 2 LinesRline1&30.23Rline20.35 Lline1&30.318 × 10-3Lline21.847 × 10-3 LoadsPload115.6 × 103Pload215.6 × 103

      The simulation process is devised as follows: 1)t= 0 s,the MG operates in an islanded mode; 2) t = 1 s, the proposed hash-based FDI attack-resilient distributed selftriggered controller is activated; 3) t = 2 s, load 1 is suddenly decreased by 3 kW; 4) t = 3.5 s, the random FDI attack is launched; and 5) t = 5 s, load 1 is suddenly increased to 3 kW.The overall simulation duration is set to 7 s.

      3.1 Case A: All communication links under FDI attacks with different probabilities

      Given scenarios in which all communication links are attacked with different probabilities, we demonstrate the robustness of the proposed strategy.

      Case A.1 (All communication links under attacks withIn this case, we inject false data|δij|=0.1 kW on communication links between DG i and DG j with = 0.1, where i,j=1,2...n.Using δij =-δji =0.1(kW) was used for simulating an odious environment.

      Fig.4.Performances under random FDI attacks with|δij|=0.1 kW and= 0.1 without the implementation of HDM.

      Fig.4 shows the frequency stability and active powersharing performance of the self-triggered controllers without HDM implementation.Fig.4(a)shows the frequencies of the DGs deviating from the reference value caused by the droop-based primary control when the microgrid operates in the islanded mode.The secondary control objectives are satisfied between t ∈[2,3.5] s, which verifies the effectiveness of the proposed distributed self-triggered control scheme.However, in the presence of FDI attacks, the frequency cannot be maintained at 50 Hz.Meanwhile,the active power value of each DG diverges and exceeds a predefined threshold because of the effect of random FDI attacks launched after t=3.5 s.In other words, FDI attacks result in the vulnerability of microgrids.

      Fig.5.Performances under random FDI attacks with|δij|=0.1 kW and= 0.1 with the implementation of HDM.

      Fig.5 shows the performance of self-triggered controllers that adopted the proposed HDM, indicating that this mechanism further enhanced the stability of the distributed network under random FDI attacks.Comparing Fig.4.and 5 revealed that, especially in the time intervals described as t ∈[3.3,4.3] s, the HDM can maintain frequency stability and ensure accurate active power sharing in preset stable ranges regardless of the existence of random FDI attacks.The proposed hash-based FDI attackresilient law can effectively detect FDI attacks, consequently eliminating their negative effects.

      Case A.2 (All communication links under attacks withIn this case,the remaining parameters are the same except for the conditions that described P {Γij =1}= 0.3 as different from Case A.1.

      The frequency and active power responses without any protection are shown in Fig.6, and the simulation results after applying the HDM are shown in Fig.7.

      Fig.6(a) and (b) indicate that random attacks withlead to the loss of the desired frequency and active power allocation, where the frequency deviates from 50 Hz and exhibits oscillatory behavior for the active power.Further, it is observed that the frequency in Fig.4 withhas more slight deviations from 50 Hz than that in Fig.6.Fig.4 and Fig.6 show that a higher probability of attacks can lead to more severe consequences.

      Fig.6.Performances under random FDI attacks with|δij|=0.1 kW and= 0.3 without the implementation of HDM.

      Fig.7.Performances under random FDI attacks with|δij|=0.1 kW and= 0.3 with the implementation of HDM.

      Fig.7 shows that frequencies of the DGs units were restored to 50 Hz after applying HDM at t=3.5 s.Meanwhile,the active power output radios of the DGs units are retrieved within a specific convergence range of ε=0.01.

      Fig.8(a)shows that the triggering time instants of DG i and DG j under self-triggered controllers are aperiodically and intermittently between t ∈[2.0,3.0] s.Fig.8.(b) and(c)show the triggering time instants of each pair of distinct DGs under self-triggered controllers without and with the implementation of HDM between t ∈[3.4,3.8] s, respectively.Controllers without the utilization of HDM lead to aperiodic and less triggering, especially after t=3.5 s.That is attributed to FDI attacks that make ≥ε,enlarging the time interval between triggers at a steady state.However,random false data injection results in more significant deviation and irregular triggering time instants,causing huge fluctuations and dramatic floats.Therefore,the HDM-based detection and mitigation method plays an essential role in ensuring performances of the secondary control.

      3.2 Case B: Communication links under unbounded time-varying FDI attacks

      In this subsection, we validate the effectiveness of the HDM under unbounded time-varying FDI attacks.Further,we consider a scenario in which attackers manipulate all communication links and replace the actual active power with unbounded time-varying additional false data represented as δij =-δji =0.5(t-3.5) kW at t=3.5 s with the probabilities of

      Fig.8.Self-triggered time instants of each pair of DG under random FDI attacks with |δij|=0.1 kW and = 0.3.

      Fig.9(a)illustrates that active power values are dramatically undermined for compromised DGs as malicious data is introduced at t=3.5 s.Each DG fails to operate back to the normal states simultaneously.Performances of active power under unbounded time-varying attacks are more severe than the scenario described in case A.As shown in Fig.9(b), after the designed HDM is applied,the active power between DGs is reasonably allocated based on the droop coefficients.The active power can converge into a steady-state even under the bounded time-vary FDI attacks in the islanded MG test system.The desired synchronization of the active power from DG 1 to 4 can still be achieved regardless of the FDI attack forms,ensuring the stable operation of the system.Compared to Fig.6,unbounded time-vary FDI attacks can lead to more severe effects on the active power sharing of the microgrids.We conclude that HDM will successfully prevent the detrimental impact of FDI attacks irrespective of the attack forms.

      Fig.9.Active power performances under random FDI attacks with|δij|=0.5(t-3.5) kW and = 0.3.

      4 Conclusion

      This study stresses the issues of P -ω secondary control in islanded MGs using a self-triggered mechanism under random FDI attacks.We firstly design a linear clock-based distributed self-triggered scheme for achieving active power sharing among the DGs and local frequency restoration.The designed self-triggered mechanism can significantly reduce communication and computational burdens.The false data injected into the MGs can be easily detected and eliminated by designing the HDM.This method is flexible and can be applied to many systems,including, but not limited to, control systems with aperiodic and intermittent communications.The simulation results validate that this hash-based FDI attack-resilient method can significantly enhance the resilience of microgrids to any form of random FDI attacks.

      Future work include the designs of attack-resilient algorithms under a directed topology and for continuous attacks on the controller and measurement components.In the future, we focus on various attack scenarios such as DoS, latency, and replay attacks.

      CRediT authorship contribution statement

      Xing Huang:Writing-review&editing,Writing-original draft, Validation, Resources, Project administration,Methodology.Yulin Chen: Writing - review & editing,Resources, Investigation, Conceptualization.Donglian Qi: Writing - review & editing, Validation, Supervision,Investigation, Formal analysis.Yunfeng Yan: Writing -review & editing, Visualization, Investigation.Shaohua Yang: Writing - review & editing.Ying Weng: Software,Resources, Methodology.Xianbo Wang: Resources.

      Declaration of competing interest

      The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

      Acknowledgments

      This work was supported by Hainan Provincial Natural Science Foundation of China (No.524RC532), Research Startup Funding from Hainan Institute of Zhejiang University (No.0210-6602-A12202) and Project of Sanya Yazhou Bay Science and Technology City (No.SKJC-2022-PTDX-009/010/011).

      References

      1. [1]

        J.Li, C.W.Sun, Q.Y.Su, Analysis of cascading failures of power cyber-physical systems considering false data injection attacks,Global Energy Interconnect.4 (2) (2021) 204-213. [百度学术]

      2. [2]

        G.Magdy, A.Bakeer, M.Alhasheem, Superconducting energy storage technology-based synthetic inertia system control to enhance frequency dynamic performance in microgrids with high renewable penetration,Prot.Control Mod.Power Syst.6(1)(2021)36. [百度学术]

      3. [3]

        M.Y.Zhang, Y.Han, Y.X.Liu, et al., Multi-timescale modeling and dynamic stability analysis for sustainable microgrids:State-ofthe-art and perspectives, Prot.Control Mod.Power Syst.9 (3)(2024) 1-35. [百度学术]

      4. [4]

        T.K.Roy, S.K.Ghosh, S.Saha, Robust backstepping global integral terminal sliding mode controller to enhance dynamic stability of hybrid AC/DC microgrids, Prot.Control Mod.Power Syst.8 (1) (2023) 1-13. [百度学术]

      5. [5]

        C.Y.Chen, X.Zhang, M.J.Cui, et al., Stability assessment of secondary frequency control system with dynamic false data injection attacks, IEEE Trans.Ind.Inf.18 (5) (2022) 3224-3234. [百度学术]

      6. [6]

        X.Huang, D.L.Qi, Y.L.Chen, et al., Distributed Self-Triggered Privacy-Preserving Secondary Control of VSG-Based AC Microgrids, IEEE Trans.Smart Grid (2024), https://doi.org/10.1109/TSG.2024.3467392. [百度学术]

      7. [7]

        T.Heins, M.Josˇevski, S.Karthik Gurumurthy, et al., Centralized model predictive control for transient frequency control in islanded inverter-based microgrids, IEEE Trans.Power Syst.38 (3) (2023)2641-2652. [百度学术]

      8. [8]

        J.Y.Liu, H.H.Song, C.Y.Chen, et al., Decentralized secondary frequency control of autonomous microgrids via adaptive robustgain performance, IEEE Trans.Smart Grid 15 (1) (2024) 67-76. [百度学术]

      9. [9]

        J.Choi, S.I.Habibi, A.Bidram, Distributed finite-time eventtriggered frequency and voltage control of AC microgrids, IEEE Trans.Power Syst.37 (3) (2022) 1979-1994. [百度学术]

      10. [10]

        Y.L.Chen, D.L.Qi, H.N.Dong, et al., A FDI attack-resilient distributed secondary control strategy for islanded microgrids,IEEE Trans.Smart Grid 12 (3) (2021) 1929-1938. [百度学术]

      11. [11]

        S.H.Huang, L.Y.Xiong, Y.Zhou, et al., Distributed predefinedtime secondary frequency and average voltage control for islanded AC microgrids, IEEE Trans.Power Syst.38(5) (2023) 4191-4205. [百度学术]

      12. [12]

        Y.Shi, Y.Cheng, B.Xie, et al., An adaptive control strategy for microgrid secondary frequency based on parameter identification,Global Energy Interconnect.6 (5) (2023) 592-600. [百度学术]

      13. [13]

        L.Xu, Q.L.Guo, H.T.Zeng, et al., Communication topology optimization for time-delay cyber-physical microgrids under distributed control, IEEE Trans.Smart Grid PP(99) (2024) 1. [百度学术]

      14. [14]

        Y.L.Chen, C.Y.Li, D.L.Qi, et al., Distributed event-triggered secondary control for islanded microgrids with proper trigger condition checking period, IEEE Trans.Smart Grid 13 (2) (2022)837-848. [百度学术]

      15. [15]

        S.X.Weng, D.Yue, C.X.Dou, et al., Distributed event-triggered cooperative control for frequency and voltage stability and power sharing in isolated inverter-based microgrid, IEEE Trans.Cybern.49 (4) (2019) 1427-1439. [百度学术]

      16. [16]

        Z.W.Li, Z.P.Cheng, J.K.Si, et al., Distributed event-triggered secondary control for average bus voltage regulation and proportional load sharing of DC microgrid, J.Mod Power Syst.Clean Energy 10 (3) (2022) 678-688. [百度学术]

      17. [17]

        X.J.Zhang, Y.P.Zhang, R.R.Li, Distributed event-triggered control for power sharing in grid-connected AC microgrid, IEEE Trans.Power Syst.39 (1) (2024) 770-778. [百度学术]

      18. [18]

        H.Yu, X.Chen, T.W.Chen, et al., Event-triggered bipartite consensus for multiagent systems: a zeno-free analysis, IEEE Trans.Autom.Control 65 (11) (2020) 4866-4873. [百度学术]

      19. [19]

        A.Anta, P.Tabuada, To sample or not to sample: Self-triggered control for nonlinear systems,IEEE Trans.Autom.Control 55(9)(2010) 2030-2042. [百度学术]

      20. [20]

        Y.L.Chen, K.W.Lao, D.L.Qi, et al., Distributed self-triggered control for frequency restoration and active power sharing in islanded microgrids, IEEE Trans.Ind.Inf.19 (10) (2023) 10635-10646. [百度学术]

      21. [21]

        G.Xu, L.Ma, Resilient self-triggered control for voltage restoration and reactive power sharing in islanded microgrids under denial-of-service attacks, Appl.Sci.10 (11) (2020) 3780. [百度学术]

      22. [22]

        L.Xu, Q.L.Guo, Y.J.Sheng, et al., On the resilience of modern power systems: a comprehensive review from the cyber-physical perspective, Renew.Sustain.Energy Rev.152 (2021) 111642. [百度学术]

      23. [23]

        S.H.Yang, K.W.Lao, Y.L.Chen, et al., Resilient distributed control against false data injection attacks for demand response,IEEE Trans.Power Syst.39 (2) (2024) 2837-2853. [百度学术]

      24. [24]

        Y.S.Li, R.F.Ren, B.N.Huang, et al., Distributed hybridtriggering-based secure dispatch approach for smart grid against DoS attacks, IEEE Trans.Syst.Man Cybern.: Syst.53 (6) (2023)3574-3587. [百度学术]

      25. [25]

        B.J.Yan, Z.Z.Jiang,P.C.Yao,et al., Game theory based optimal defensive resources allocation with incomplete information in cyber-physical power systems against false data injection attacks,Prot.Control Mod.Power Syst.9 (2) (2024) 115-127. [百度学术]

      26. [26]

        S.H.Yang, K.W.Lao, H.X.Hui, et al., Secure distributed control for demand response in power systems against deception cyberattacks with arbitrary patterns, IEEE Trans.Power Syst.PP (99)(2024) 1-12. [百度学术]

      27. [27]

        M.Meng, G.X.Xiao, B.B.Li, Adaptive consensus for heterogeneous multi-agent systems under sensor and actuator attacks, Automatica 122 (2020) 109242. [百度学术]

      28. [28]

        X.G.Guo, D.Y.Zhang, J.L.Wang, et al., Event-triggered observer-based - consensus control and fault detection of multiagent systems under stochastic false data injection attacks,IEEE Trans.Network Sci.Eng.9 (2) (2022) 481-494. [百度学术]

      29. [29]

        B.Demir, L.Bruzzone, Hashing-based scalable remote sensing image search and retrieval in large archives, IEEE Trans.Geosci.Remote Sens.54 (2) (2016) 892-904. [百度学术]

      Fund Information

      Author

      • Xing Huang

        Xing Huang received her BS degree in electrical engineering from China University of Mining and Technology, Xuzhou, China, 2022.She is working towards the Ph.D.degree in electrical engineering with the School of Electrical Engineering, Zhejiang University, Hangzhou,China.Her research interests include distributed control strategy and cyber-physical security with applications in smart grid.

      • Yulin Chen

        Yulin Chen received his BS in mathematics and applied mathematics and the MS degree in electrical engineering from Northeast Electric Power University, Jilin, China, in 2014 and 2017, respectively, and Ph.D.degree in electrical engineering from Zhejiang University,Hangzhou, China, in 2021.He has authored or coauthored more than 30 journal papers published in IEEE Trans.Smart Grid,IEEE Trans.Indus.Informat., IEEE Trans.SMC.Systems,CSEE Journal of Power, and Energy Systems,etc.His current research interests include distributed control of renewable energy and cyber-physical security with applications in smart grid.

      • Donglian Qi

        Donglian Qi received her Ph.D.degree in control theory and control engineering from the School of Electrical Engineering, Zhejiang University, China, in 2002.She is currently a Full Professor and a PhD Advisor with Zhejiang University.Her research interests include intelligent information processing, chaos systems, and nonlinear theory and application.

      • Yunfeng Yan

        Yunfeng Yan received her Ph.D.degree in electrical engineering from Zhejiang University,Hangzhou, China, in 2019.She is currently an Associate Research Fellow with Zhejiang University.Her research interests include computer vision and machine learning systems, and distributed estimation and control of networked systems.

      • Shaohua Yang

        Shaohua Yang received his Ph.D.degree in Electrical and Computer Engineering from University of Macau, Macao, China.He is currently a Postdoctoral Fellow with the State Key Laboratory of Internet of Things for Smart City, University of Macau.His research interests include cyber-physical power systems,control of flexible resources,and power quality,with a special focus on security.

      • Ying Weng

        Ying Weng received her BS degree from China University of Mining and Technology, Beijing,Beijing, 2023.She is pursuing her MS degree at Zhejiang University, Hangzhou, China.Her research interests include state estimation, false data injection attack detection.

      • Xianbo Wang

        Xianbo Wang received the PhD degree in electromechanical engineering, University of Macau, Macao, SAR, China, in 2018.He is currently an Associate Research Fellow with the Hainan Institute of Zhejiang University,Sanya,China.His research interests include renewable energy conversion, operational condition monitoring of offshore wind turbines, fault diagnosis of rotating machinery, and structural design and fault-tolerant control of high-efficiency and high-speed in-wheel motors.

      Publish Info

      Received:

      Accepted:

      Pubulished:2025-02-25

      Reference: Xing Huang,Yulin Chen,Donglian Qi,et al.(2025) Hash-based FDI attack-resilient distributed self-triggered secondary frequency control for islanded microgrids☆.Global Energy Interconnection,8(1):1-12.

      (Editor Yu Zhang)
      Share to WeChat friends or circle of friends

      Use the WeChat “Scan” function to share this article with
      your WeChat friends or circle of friends