Professional Documents
Culture Documents
Resilient Consensus-Based AC Optimal Power Flow Against Data Integrity Attacks Using PLC
Resilient Consensus-Based AC Optimal Power Flow Against Data Integrity Attacks Using PLC
5, SEPTEMBER 2022
Abstract—This paper investigates the resilience of consensus- $2 billion per year, was also recently disrupted by a cyber
based AC optimal power flow (OPF) for distribution networks attack [3]. In view of such events, cyber security has become
against the data integrity attacks (DIA). The distribution network a major concern for the operation and control of modern power
is first decomposed into several autonomous microgrids to
achieve consensus-based AC OPF through the alternating direc- systems.
tion multiplier method (ADMM). Then the vulnerability of One of the most prominent types of cyber attacks is a
consensus-based AC OPF is analyzed by showing how the dis- data integrity attack (DIA), which aims to mislead the power
patch results can be easily altered by attackers through falsifying system by inserting or altering the data in the cyber layer [4].
the information (active power, reactive power, and voltage) shared Considerable research efforts have been devoted to DIAs on
between neighboring microgrids. Two different attack scenarios,
viz., economic-driven attacks and disruptive attacks, are studied the electricity market [5], state estimation [6], and energy man-
to show the malicious influence of cyber attacks on consensus- agement [7]. These works largely focus on centralized control
based AC OPF. A detection and mitigation strategy based on wherein the whole system is assumed to be monitored and
the existing power line communication (PLC) infrastructure is controlled by a central controller. Through a single DIA on
then described, where the critical information is not only shared the central controller, an attacker could potentially disrupt the
in the cyber layer, but also through the power lines. Game-
theoretic analysis is provided to demonstrate the effectiveness entire power system, and during the attack process, gain access
of the proposed mitigation strategy. Furthermore, to validate to the private information of all the involved utilities flowing
the authenticity of the information through PLC, a physical through the cyber layer [8].
encryption method based on the Lorenz system is proposed. Consensus-based control is a good solution to enhance
The effectiveness of the proposed attack-resilient mechanism is the power system resilience against DIAs by employing dis-
verified using the IEEE 123-bus test system.
tributed controllers which coordinate with neighboring devices
Index Terms—AC OPF, consensus-based optimization, data by iteratively sharing information through two-way communi-
integrity attack, distribution network, power line communication. cation links [9]. Despite this advantage, as consensus-based
applications require limited information flows, the unavail-
ability of global information makes the system vulnerable to
I. I NTRODUCTION cyber attacks. The impact of DIAs on consensus-based con-
HE INCREASING integration of sensing and commu-
T nication devices such as phasor measurement units has
largely improved the efficiency of power system operation
trol has been receiving increasing focus of late. The [10]
studied DIAs on DC optimal power flow (OPF) which can
lead to suboptimal or even infeasible solutions for microgrids.
and control [1]. At the same time, the increasing reliance In [11], the impact of DIAs on a consensus-based distributed
on communication also leaves the power system vulnerable energy management algorithm was analyzed, where attackers
to cyber attacks, potentially leading to failures and immense can mislead the system by sending manipulated information
economic losses. For example, 200 MW of generation capac- to achieve economic benefits without disrupting the system.
ity was shut down by a cyber attack in Kiev in 2016 [2]. The Reference [12] studied the influence of DIA on the cooperative
U.K. electricity market, which handles transactions of about control of virtual power plants. In [13], the attack on gener-
ation cost parameters to obtain additional economic benefits
Manuscript received 19 October 2020; revised 9 May 2021, was also investigated. These studies mainly focus on cyber
27 November 2021, and 21 February 2022; accepted 15 April 2022.
Date of publication 25 April 2022; date of current version 23 August 2022. attacks on DC OPF, while AC OPF is not considered. In
This work was supported in part by the National Research Foundation, Prime contrast to DC OPF, AC OPF considers reactive power and
Minister’s Office, Singapore, under its Campus for Research Excellence nodal voltage information in addition to active power, which
and Technological Enterprise (CREATE) Programme, and in part by the
National Science Foundation of China under Grant 72071138. Paper no. makes it more accurate but also more vulnerable to DIA in
TSG-01567-2020. (Corresponding author: Jimmy Chih-Hsien Peng.) terms of its potential impact, as we shall demonstrate in this
Yang Yang and Zhi-Sheng Ye are with the Department of Industrial Systems paper.
Engineering and Management, National University of Singapore, Singapore.
Gurupraanesh Raman and Jimmy Chih-Hsien Peng are with the Electrical To enhance the resilience of consensus-based control of
and Computer Engineering Department, National University of Singapore, power systems against DIAs, several mechanisms have been
Singapore (e-mail: j.peng@ieee.org). proposed. For instance, a neighborhood-watch mechanism is
Color versions of one or more figures in this article are available at
https://doi.org/10.1109/TSG.2022.3170009. proposed in [10] whereby each controller monitors its one-
Digital Object Identifier 10.1109/TSG.2022.3170009 hop neighbors’ behavior by analyzing the information sent
1949-3053
c 2022 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
YANG et al.: RESILIENT CONSENSUS-BASED AC OPTIMAL POWER FLOW AGAINST DIAs 3787
and received from its neighbors. In [14], the communication whose presence in the power line serves as verification of the
between smart meters is encrypted with a digital signature data accuracy.
to ensure privacy and security against possible cyber attacks. The remainder of this paper is organized as follows.
In [15], a distributed discord-element-based detection strategy Section II introduces the modeling of consensus-based AC
was proposed to recognize false data and identify the agents OPF for distribution networks. Then the ADMM algorithm is
under attack. While these methods can effectively detect and introduced and the designed attacking scenarios on the ADMM
mitigate DIAs, they still rely on the communication system in algorithm are proposed in Section III. Section IV introduces
the cyber layer, which leaves them vulnerable to other types of the proposed PLC-based mitigation strategy and the corre-
cyber attacks, e.g., denial-of-service (DoS) attacks. To resolve sponding attack detection method based on the Lorenz system
this, Sahoo and Peng [16] propose reverting to locally mea- is presented. The case studies based on the IEEE-123 bus
sured and estimated information to operate the system when system are given in Section V. Finally, the main conclusions
the cyber attacks are recognized, removing the dependence of the paper are summarized in Section VI.
on the communication network altogether. However, such an
approach will result in suboptimal system operation for an II. R EVIEW OF C ONSENSUS -BASED AC OPF M ODELING
extended period of time following the attack, resulting in Consider a radial distribution network composed of sev-
higher operation costs to the system. eral microgrids, each with distributed generators and loads.
In this paper, we bridge the gap in the literature with respect The individual microgrids are controlled by their own con-
to attacks on consensus-based AC OPF by demonstrating that trollers, which communicate among each other to realize the
attacks on reactive power and voltage information in the cyber consensus-based AC OPF. Define Gm := {Nm , Em } as the
layer can also disrupt its accuracy and convergence, similar to microgrid m, where Nm and Em represent the node set and
attacks on active power. The main contributions are as follows. branch set, respectively. Each node i ∈ Nm has an ancestor
First, we describe two different attack scenarios designed g g g
node Ai and multiple child nodes Ci . Let si := pi + jqi and
particularly for AC OPF, namely, economic-driven attacks si := pi +jqi be the respective complex power output of gener-
d d d
and disruptive attacks. The attacks are tailor-made for the ator and load demand on node i. Let vi := |Vi |2 be the squared
alternating direction multiplier method (ADMM), which is magnitude of voltage on node i. For each branch (i, j) ∈ Em ,
a prominent consensus-based optimization algorithm where let zij := rij + jxij be the complex impedance, Sij := Pij + jQij
neighboring microgrids exchange limited information such as be the nominal branch power flow, lij := |Iij |2 be the squared
active and reactive power, and voltage to achieve global opti- magnitude of branch current Iij .
mality. In essence, the economic-driven attack aims to increase The objective of the consensus-based AC OPF is to mini-
the active power output of certain generators to yield higher mize the overall generation cost in the distribution network:
profits for certain utilities without violating the physical con- g
straints. On the other hand, a disruptive attack aims to mislead min fi pi , (1)
the microgrids to violate the physical constraints, thereby m i∈Nm
preventing convergence of the ADMM algorithm. g
where fi (pi )
is the cost for generator on node i. The objective
Second, we propose to leverage existing power line commu- is subject to the security range of each microgrid Km , which
nication (PLC) infrastructure to detect and mitigate DIAs on is defined by the power balance constraints (2), power flow
the cyber layer by sharing essential information that is required constraints (3)-(5), voltage limits (6) and generation limits (7)
for the ADMM. Note that PLC has been widely used in power and (8), as follows:
system communication for protection and telemetering pur- g
poses [17], [18], and therefore its use in attack mitigation SAi i − Sij + lij zij + si = sdi ∀i ∈ Nm , (2)
does not require additional investment. To the best of our j∈Ci
knowledge, this is the first work that leverages physical layer vi − vj = Sij∗ zij + Sij z∗ij − lij |zij |2 ∀(i, j) ∈ Em , (3)
information to detect and mitigate attacks on the cyber layer. 2
The advantage of this approach is that we no longer rely on Sij = lij vi ∀(i, j) ∈ Em , (4)
the trustworthiness of certain cyber layer information (e.g., that lij ≤ l̄ij ∀(i, j) ∈ Em , (5)
the neighbors’ information remains accurate [10], [19]) when
V 2i ≤ vi ≤ V̄i2 ∀i ∈ Nm , (6)
a DIA has been detected. Using Stackelberg game theory, we g g g
demonstrate that the incorporation of the PLC-based detection si ≤ si ≤ s̄i ∀i ∈ Nm , (7)
g
scheme can effectively dissuade attackers by reducing their s · φ ≤ s g ∀i ∈ Nm . (8)
i i
expected payoff to zero. g g
Here, s̄i and si are respectively the maximum and minimum
Finally, we propose a DIA detection mechanism on the PLC
power output of the generator, V i and V̄i , the voltage magni-
system itself. As it is realized in the physical layer, PLC is
tude limits, taken here as 0.95 p.u. and 1.05 p.u., respectively,
significantly difficult for attackers to penetrate as compared
and l̄ij , the line current limit. φ denotes the minimum power
to the cyber layer. This makes it less susceptible to DIA
factor of generator. The notation ∗ denotes the conjugation of
and DoS attacks. Nevertheless, to ensure the veracity of the
a complex value. Since (4) is non-convex, a second-order cone
information obtained from the PLC, a physical layer DIA-
relaxation can be applied as [20]:
detection method based on the Lorenz system is proposed.
Specifically, an additional encryption signal is transmitted, 2Sij , vi − lij ≤ vi + lij ∀(i, j) ∈ Em (9)
2
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
3788 IEEE TRANSACTIONS ON SMART GRID, VOL. 13, NO. 5, SEPTEMBER 2022
neighbors.
⎛
2
Skn , Vnk = argmin⎝(ρ/2)S − S̃kn + ξnk + (ρ/2)
S,V∈Km 2
⎞
2 g
k k
× V − V̄n + μn + fi pi ⎠,
2
i∈Nm
(12)
Fig. 1. The implementation of consensus-based AC OPF on a sample dis-
tribution system divided into two microgrids G1 and G2 by junction node 6, where ρ is the penalty parameter.
showing the information flows in the cyber layer.
Step-2: Each microgrid updates the dual variables ξnk and
μn with state variables Skn and Vnk from its neighbors.
k
Furthermore, the microgrids are connected with their neigh- ξnk = S̄kn + ξ̄nk , (13)
bors through the junction nodes, where the Kirchhoff’s law
μkn = Ṽnk + μ̃kn . (14)
must be satisfied with:
The termination criterion can be determined by the pri-
1
S̄n = Sn,m = 0 ∀n ∈ J, (10) mary and dual residuals of the k-th iteration, which are
|n |
rkn = (S̄kn , Ṽnk ) and dnk = ρ(S̃kn − S̃kn , V̄nk − V̄nk ). Given a
m∈n
1 predefined tolerance δ, the iterations can be terminated when:
Ṽn = Vn,m − Vn,m = 0 ∀n ∈ J, (11)
|n |
m∈n 2 2
max rkn , dnk ≤ δ. (15)
2 2
where | · | is the cardinality, n is the set of microgrids that
contain junction node n, and J is the set of junction nodes. For B. The Proposed Attacking Strategies
example, node 6 in Fig. 1 is the junction node of microgrids
The generic implementation of the consensus-based AC
G1 and G2 , and hence n = {G1 , G2 }. Sn,m and Vn,m denote
OPF is shown in Fig. 1. In general, the aim of the attacker is
the power flow and voltage of microgrid m on the junction
to alter the final result of the ADMM algorithm by falsifying
node n, respectively. Sn and Vn are the sets of power flows
the information shared between neighboring microgrids. As
Sn,m and voltages Vn,m , respectively. S̄n and Ṽn are the sets
can be seen from (12)-(14), the iteration process relies on cor-
of average power imbalance and voltage magnitude residue.
rectly exchanged information (Skn , Vnk ) through the cyber layer
(The superscripts ¯ and ˜ refer to the average and the residue
between neighboring microgrids, which makes it vulnerable
of a set, respectively.)
to various types of cyber attacks. For instance, the iteration
can be interrupted by DoS attacks, which totally block the
information exchange between microgrids. Alternatively, as
III. T HE P ROPOSED DIA M ECHANISMS ON we shall demonstrate, attackers may change the final results or
C ONSENSUS -BASED AC OPF even produce infeasible solutions by launching DIAs during
This section first describes the distributed AC OPF mecha- the iteration process.
nism, followed by how an adversary can alter the final results In the proposed attack mechanisms, the DIAs are perpe-
by falsifying the information exchanged between microgrids trated by falsifying the information shared between neigh-
during the solution process. boring microgrids during Step-1 of the OPF solution pro-
cess. During such an attack, the neighboring controllers
progress through the iterative solution process with the fal-
A. Solution Process for Consensus-Based AC OPF sified information, due to which the power flows and the
In consensus-based AC OPF, the solution for the OPF voltages at the junction node(s) will be altered. DIAs can be
problem is obtained in a distributed manner. For achieving specifically formulated with two distinct motives, whereby the
consensus, we adopt the ADMM algorithm because of its attacks can be classified as being either: 1) economic-driven
fast convergence capability [21]–[23]. The ADMM formula- or 2) disruptive. These are detailed below.
tion for (1)-(11) is given below, where the microgrids share 1) Economic-Driven Attack: To facilitate the analysis of
only the state variable and dual variable information for their the economic-driven attacks, we assume that all the genera-
own smaller optimization problems, to achieve the global tors inside a microgrid are operated by a single electric utility,
optimality of the whole system. which can intercept the information and falsify the dispatch
Step-1: During the k-th iteration, each microgrid result of the distributed controllers in the cyber layer. The
updates the state variables Skn and Vnk with the updated electric utilities with higher costs tend to launch the economic
dual variable ξnk and μkn from the previous iteration attack to generate more electricity and increase profits. As a
k = k − 1, which are then communicated to its result, the consumers have to afford a higher electricity cost.
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
YANG et al.: RESILIENT CONSENSUS-BASED AC OPTIMAL POWER FLOW AGAINST DIAs 3789
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
3790 IEEE TRANSACTIONS ON SMART GRID, VOL. 13, NO. 5, SEPTEMBER 2022
push the system into a chaotic state, which in turn can be used
as a detection mechanism. This is shown in Fig. 4. Further,
to reduce the attack detection time, the time domain of the
Fig. 3. Lorenz system to detect the encryption signal of 90 kHz frequency. Lorenz system can be re-scaled by a factor T. Let t = τ/T
a) Lorenz system under static state shows the existence of encryption signal; and g(t) = β cos(ω/T · τ ) = β cos(ω τ ), then:
b) Lorenz system under chaotic state shows that an attack exists.
X(t) = X(τ/T) = X † (τ ), (20)
dX(t) dX(τ/T) dX(τ/T) dX † (τ )
Assuming the data from the physical layer is authentic, the = =T =T . (21)
dt d(τ/T) dτ dτ
iteration process is restarted from 10 iterations ago. The iter-
ations continue solely based on the information from the Similar modifications are carried out for Y and Z.
physical layer, albeit at a slower speed. To further improve the Substituting (20) and (21) into (18) and omitting the super-
reliability of the proposed resilient OPF scheme, the reporting scripts † on all the variables, the following equation can be
rate for the physical layer (10 in the above discussion) can be obtained:
⎧ dX
changed randomly. ⎨ T dτ = σ (Y − X)
dτ = rref X − Y − XZ.
T dY
While the information from the physical layer is assumed (22)
⎩ dZ
to be authentic, there is nevertheless a small possibility that it T dτ = XY − bZ
also be attacked. To identify such an occurrence, we propose
Since (22) are derived from (18), the system properties and
an attack detection method based on the Lorenz system. Here,
critical values are not altered, whereas the angular speed ω is
a sinusoidal signal is transmitted along with the information
divided by the time re-scale factor T. The time re-scale factor
through the physical layer to serve as an authentication mark.
T can be chosen depending on the required detection interval.
As the attacker is not aware of the existence of the encryption
Since the consensus-based OPF depends on the Lorenz system
signal, it will be erased by DIAs. By detecting the existence
to detect attacks, it is desired that the existence of an attack
of the encryption signal, the controllers are able to verify the
be detected within one iteration, e.g., 1s. Here, the frequency
authenticity of the information from the physical layer. This
of the encryption signal g(t) is taken as 90 kHz, which con-
method has the following advantages: 1) it does not suffer from
forms to the CENELEC standard for PLC [17]. Accordingly,
latency issues, unlike standard digital encryption methods that
the relative amplitude of the encryption signal β is set as 85,
typically entail adding 64 to 128 bits to every message [25];
the parameter r of Lorenz system is set as 25, the time scaling
2) it does not introduce any communication burden to the
factor T is set as 90. The Lorenz system will reach either a
distributed controllers, given that the distributed AC OPF is
static or chaotic state within 0.5 s, as shown in Fig. 3. By
already computationally cumbersome; and 3) it can be realized
measuring the variance of the Lorenz parameter X, the exis-
at low cost with simple analog circuits based on the existing
tence of the encryption signal can be determined, from which
PLC infrastructure [26].
the existence of the attack can also be inferred.
The detection mechanism for the encryption signal g(t) =
As long as the encryption signal is detected (i.e., the Lorenz
β cos(ωt) is implemented using a modified Lorenz mathemat-
system is in the static state), the data from the physical layer
ical model [27] (see Appendix B):
⎧ can be used to locate and mitigate a DIA. However, if the
⎨ Ẋ = σ (Y − X) encryption signal is not detected, this means that the physi-
Ẏ = rref X − Y − XZ, (18) cal layer has been attacked. Under this unlikely scenario, the
⎩
Ż = XY − bZ ADMM algorithm should be stopped as the data flows in both
the cyber and physical layers are no longer reliable. In such
where
a case, the different microgrids can revert to a predetermined
σβ 2 safe state until a detailed examination of the cyber and phys-
rref = r 1 − r 2 , (19)
2w ical layers is carried out. The detailed mitigation strategy is
and σ , r and b are the parameters of Lorenz system. The shown in algorithm form in Table I.
Lorenz system presents various dynamic regimes with differ-
ent values of the parameter rref . A standard set of σ, b are V. O PTIMAL D EFENDING S TRATEGY:
set as 10, 8/3. If 0 < rref < 24.74, the Lorenz system will be A G AME T HEORY A NALYSIS
under static states, but if rref > 24.74, the Lorenz system will The previous section detailed how DIAs on consensus-based
be under chaotic state, as shown in Fig. 3. By carefully choos- AC OPF can be detected and mitigated. In this section, we
ing the value of β and r, the existence of g(t) can be used to present a Stackelberg game-theoretic analysis [28] to show
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
YANG et al.: RESILIENT CONSENSUS-BASED AC OPTIMAL POWER FLOW AGAINST DIAs 3791
TABLE I Ca
M ITIGATION S TRATEGY AGAINST C YBER L AYER DIA S = sa Ba 1 − − s d
(24)
Ba
Note that if sd > 1 − Ca /Ba , then φ a (sa , sd ) > 0. The
expected payoff is maximized only when Pr(sa = 1) = 1. If
sd < 1−Ca /Ba , then φ a (sa , sd ) > 0 and the expected payoff
is maximized only when Pr(sa = 0) = 1. Specifically, if
sd = 1−Ca /Ba , then φ a (sa , sd ) = 0 for all sa . However, due
to the item I{φ a (sa ,sd )=0} sa , the expected payoff is maximized
only when Pr(sa = 0) = 1. Hence, the unique optimal solution
of (23) is:
Ca
Pr(sa = 0) = 1, if sd ≥ 1 − B a
(25)
Pr(sa = 1) = 1, otherwise
which means if the defender launches the mitigation process
with a chance higher than 1 − Ca /Ba , the strategic attacker
tends not to launch the attack. Otherwise, its expected payoff
obja will be strictly negative.
Cost of the defender: The defender will suffer an economic
loss Ced , if it fails to detect and mitigate the DIA, which is
equivalent to the benefits Ba for the attacker. On the other
hand, the defender is assumed to have an operation cost Cpd ,
that DIAs can be prevented by launching the detection and which mainly reflects the communication burden pertaining
mitigation procedure with a high enough frequency. to monitoring possible attacks. Even though Cpd is generally
We make the assumption that both the attackers (utilities much smaller than Ced , it is still considered to make the model
themselves or external malicious actors) and the defenders (the more comprehensive. Say that the defender plays a strategy
microgrid controllers) are strategic and own a set of attack- sd with probability Pr(sd ). The defender aims to achieve the
ing strategies and defending strategies. The possible strategy minimum expected cost objd by assuming the attacker will
spaces of attackers and defenders are SA = {sa |0 ≤ sa ≤ 1} and play a certain strategy sa :
SD = {sd |0 ≤ sd ≤ 1}, respectively. The attacking strategy sa
means that the chance of launching the DIA at any operation objd = min Pr sd · φ d sa , sd
period by attackers is equal to sa . The defending strategy sd Pr(sd ) d D
s ∈S
means that the chance of launching the mitigation process in
s.t. Pr sd = 1, 0 ≤ Pr sd ≤ 1 (26)
Table I at any operation period by the defender is equal to sd .
For instance, sd = 0.5 means that the defender launches the sd ∈SD
mitigation process with a 50% chance in any given interval. where φ d (sa , sd ) is the cost function of the defender when the
Payoff of the attacker: The attacker can have a profit Ba , attacker plays a strategy sa and the defender plays a strategy sd :
if the DIA is launched and there is no mitigation procedure
applied by the defenders. Each time a DIA is launched, the φ d sa , sd = sa 1 − sd Ced + sd Cpd (27)
attacker will have to pay a cost Ca . Say that the attacker plays
a strategy sa with probability Pr(sa ). The attacker aims to Given the attacker’s strategy in (25), the defender’s cost
achieve a maximum expected payoff obja given the defender’s function φ d (sa , sd ) can be reformulated as:
strategy sd :
sd C d , Ca
if sd ≥ 1 − B
φ s , s = p d d
d a d a
(28)
obja = maxa Pr sa · φ a sa , sd − I{φ a (sa ,sd )=0} sa 1 − s Ce + sd Cpd , otherwise
Pr(s )
sa ∈SA
Note that φ d (sa , sd ) decreases with sd when sd < 1−Ca /Ba ,
s.t. Pr sa = 1, 0 ≤ Pr sa ≤ 1 (23)
and then increases with sd when sd ≥ 1 − Ca /Ba . Moreover,
sa ∈SA
φ d (sa , sd ) is minimized only when sd = 1 − Ca /Ba .
where φ a (sa , sd ) is the payoff function of the attacker when Substituting (28) into (26), the objective function of the
attacker plays a strategy sa and the defender plays a strategy sd . defender then becomes:
I{φ a (sa ,sd )=0} is the indicator function, which equals to 1 when
φ a (sa , sd ) = 0, and equals to 0 otherwise. This penalty item objd = min Pr sd 1 − sd Ced + sd Cpd
Pr(sd ) Ca
reflects the aversion of launching an attack when the payoff is sd <1− B a
zero. Moreover, as will be clear shortly, the inclusion of this
+ Pr sd sd Cpd
item ensures a unique optimal solution for the defender. The C a
sd ≥1− B
payoff function φ a (sa , sd ) is expressed as:
a
Ca
φ a sa , sd = sa 1 − sd Ba − sa Ca ≥ Cp 1 −
d
(29)
Ba
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
3792 IEEE TRANSACTIONS ON SMART GRID, VOL. 13, NO. 5, SEPTEMBER 2022
Bam,t ≤ Bmax
m,t − Bm,t ,
0
(30)
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
YANG et al.: RESILIENT CONSENSUS-BASED AC OPTIMAL POWER FLOW AGAINST DIAs 3793
Fig. 6. Variation of the primary and dual residues of the ADMM during the
iteration process. Convergence occurs when the residues become lower than
the termination criterion.
Fig. 8. Overall increase in economic benefit for G3 and G4 due to DIAs on
nodes 118 and 119. The grey boxes indicate that the selected combination of
power flow manipulations violates the security constraints.
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
3794 IEEE TRANSACTIONS ON SMART GRID, VOL. 13, NO. 5, SEPTEMBER 2022
TABLE III
F INAL R ESULT G IVEN BY ADMM A LGORITHM
U NDER D ISRUPTIVE DIA S
B. Mitigation Strategy Based on PLC C. Defending Strategy Based on Game Theory Analysis
We now demonstrate the use of the Lorenz system-based We now demonstrate how the optimal defending strategy
method to detect possible attacks on the physical layer. As can be decided during the operation day based on the result
described in Section IV, this mechanism involves the detec- of Stackelberg game theory analysis. The load curve in p.u.
tion of encryption signals in the data transmitted through PLC. during 24 hours is taken from [31]. For simplicity, the load
With the detection of the encryption signal, the information at each bus is assumed to vary at the same ratio during each
from the physical layer can be used to validate the information operation period of the day. The ADMM algorithm is exe-
from the cyber layer, once every predetermined number of cuted for each hour based on the load demand to estimate
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
YANG et al.: RESILIENT CONSENSUS-BASED AC OPTIMAL POWER FLOW AGAINST DIAs 3795
A PPENDIX A
Proof of Proposition 1: We first prove that the ADMM will
converge to the manipulated value −P̂n . Since the falsified
information −P̂n ∈ Km , the optimization problem of each
Fig. 10. Calculating the optimal defending strategy during the operation microgrid described in (12) is feasible and will converge to
day: (a) Maximum payoff for potential attackers; (b) Distribution of optimal
defending strategy sdt . The upper bound shows the case with Ca equals to a certain optimal value p . According to [21], the following
50 $/h, the lower bound shows the case with Ca equals to 125 $/h. The three inequalities hold:
values within the bar correspond to the 25% and 75% quartiles. 2 2
Lk ≤ Lk − ρ rk − dk (35)
2 2
T T
the maximum payoff Bat that can be obtained by electric pk − p ≤ −ρ yk rk + dk −rk − zk + z (36)
utilities through DIAs. As shown in Fig. 10(a), the payoff
p − pk ≤ −ρ y rk
T
is highest (120 $/h) between 7 a.m. and 8 p.m., and lowest (37)
(72 $/h) between 2 a.m. and 5 a.m. This is because the higher where yk = [ξ k ; μk ] and zk = [S̃k ; V̄ k ], and Lk is the
load demand from 7 a.m. and 8 p.m. leaves a larger space for Lyapunov function representing the distance of yk and zk to
the electric utilities to increase the output of their generators their respective optimal values y and z . Further, pk is the
through DIAs. The maximal payoff is also stable in this time objective of the AC OPF at the k-th iteration and is equal
period as it is limited by the generators’ maximum output lev-
to i f i (pg ). By accumulating the inequality (35) of each
i,k
els. Given the maximum payoff values, the optimal defending iteration, the following inequality can be obtained:
strategy sdt under different attacking costs is determined as
∞
shown in Fig. 10(b). The cost Ca for the attackers can be 2 2
ρ rk + dk ≤ L0 (38)
estimated by the defender through simulation or experiment, 2 2
k=0
and here, assumed to be distributed uniformly between 50 $/h
and 125 $/h. The optimal defending strategy sdt is the highest Since L0 is finite, it can be obtained that limk→∞
rk
22 = 0
when Ca is the lowest (50 $/h) and is lowest when Ca is the and limk→∞
dk
22 = 0. Since,
highest (125 $/h). Moreover, when the cost equals 125 $/h, it
Skn + Ŝn k
becomes higher than the maximum payoff Bat , the expected r = S̄ , Ṽ =
k k k
, Ṽ (39)
net revenue for the attackers is negative, leading to sdt = 0. 2
Overall, to cover the entire range of Ca , a simple defending
strategy sdt can be taken as 0.6 from 7 a.m. to 8 p.m., and 0.5 then limk→∞ Skn = −Ŝn and limk→∞ Pnk = −P̂n , which
from 10 p.m. to 5 a.m. Then, the attackers’ expected payoff means that the active power flow on the junction node n
will always be negative, meaning that the attackers tend not will converge to the falsified information −P̂n . We also prove
to launch DIAs. that the optimal value is varied due to the attack. Since
limk→∞
rk
22 = 0 and limk→∞
dk
22 = 0, it can be con-
cluded from (36) and (37) that p = limk→∞ i∈Gm fi (pi ).
g,k
VII. C ONCLUSION Since the imported power is reduced due to the manipulated
This paper presented two practically feasible DIAs on value P̂m , generators will generate more power to satisfy load
AC OPF. While economic-driven attacks aim to disrupt the demand and p is increased. Hence, the solution under attack
information flow to increase the power references for certain is suboptimal.
generators over others, disruptive attacks are tailored to prevent Proof of Proposition 2: The proposition can be readily
the convergence of the AC OPF by exceeding the security proved by contradiction. Assume that the ADMM algorithm
limits. Case studies were presented demonstrating that for AC will still converge such that (limk→∞ Skn , limk→∞ Vnk ) ∈ Km .
OPF, a malicious entity can disrupt the system operation by According to [21], we have limk→∞
rk
22 = 0. Hence,
attacking not only the active power flows but also the reactive limk→∞ (Skn + Ŝn ) = 0 and limk→∞ Vnk = V̂n . However, since
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
3796 IEEE TRANSACTIONS ON SMART GRID, VOL. 13, NO. 5, SEPTEMBER 2022
(−Ŝn , V̂n ) ∈
/ Km , and limk→∞ Skn and limk→∞ Vnk are not in ACKNOWLEDGMENT
Km either, which contradicts our initial assumption. Hence, This research was conducted at the Future Resilience
the final solution of ADMM is infeasible. Systems at the Singapore-ETH Centre, which was estab-
lished collaboratively between ETH Zurich and the National
A PPENDIX B Research Foundation Singapore.
The mathematical model of standard Lorenz system is:
⎧ R EFERENCES
⎨ ẋ = σ(y − x) [1] C. Liu, M. Zhou, J. Wu, C. Long, and D. Kundur, “Financially moti-
ẏ = r 1 + g(t) x − y − xz, (40) vated FDI on SCED in real-time electricity markets: Attacks and
⎩
ż = xy − bz mitigation,” IEEE Trans. Smart Grid, vol. 10, no. 2, pp. 1949–1959,
Mar. 2019.
[2] G. Raman, B. AlShebli, M. Waniek, T. Rahwan, and J. C.-H. Peng,
where σ , r and b are the parameters of Lorenz system, with “How weaponizing disinformation can bring down a city’s power grid,”
g(t) = 0. However, if g(t) = β cos(ωt), then according to [27], PLoS One, vol. 15, no. 8, 2020, Art. no. e0236517. [Online]. Available:
the three variables (x, y, z) can be decomposed into two parts: https://dx.plos.org/10.1371/journal.pone.0236517
[3] “Cyber Attack On U.K. Electricity Market Confirmed.” [Online].
a slowly varying part (X, Y, Z) and a small but fast varying Available: https://www.infosecurity-magazine.com/news/uk-power-grid-
part (x, y, z) which oscillates around the slowly varying biz-suffers-outage/ (Accessed: Sep. 30, 2020).
part. [4] A. S. Musleh, G. Chen, and Z. Y. Dong, “A survey on the detection
⎧ algorithms for false data injection attacks in smart grids,” IEEE Trans.
⎨ x = X + x, x X Smart Grid, vol. 11, no. 3, pp. 2218–2234, May 2020.
[5] S. Tan, W. Song, M. Stewart, J. Yang, and L. Tong, “Online data integrity
y = Y + y, y Y (41)
⎩ attacks against real-time electrical market in smart grid,” IEEE Trans.
z = Z + z, z Z Smart Grid, vol. 9, no. 1, pp. 313–322, Jan. 2018.
[6] Y. Liu and G.-H. Yang, “Event-triggered distributed state estimation for
The fast varying part (x, y, z) is assumed to be very small cyber-physical systems under DoS attacks,” IEEE Trans. Cybern., early
access, Sep. 10, 2020, doi: 10.1109/TCYB.2020.3015507.
compared to (X, Y, Z) and their mean value (x, y, z) [7] Y. Zhang, Y. Xiang, and L. Wang, “Power system reliability assess-
will vanish during an oscillation period. Substituting (41) ment incorporating cyber attacks against wind farm energy management
into (40), averaging over an oscillation period and neglecting systems,” IEEE Trans. Smart Grid, vol. 8, no. 5, pp. 2343–2357,
Sep. 2017.
the high-order items, the following equations can be obtained: [8] N. Rahbari-Asr, Y. Zhang, and M.-Y. Chow, “Consensus-based dis-
⎧ tributed scheduling for cooperative operation of distributed energy
⎪
⎪ Ẋ = σ (Y − X)
⎪
⎪
resources and storage devices in smart grids,” IET Gener. Transm.
⎨ Ẏ = rX − Y − XZ + rβx cos(wt) Distrib., vol. 10, no. 5, pp. 1268–1277, 2016.
Ż = XY − bZ (42) [9] H. Pourbabak, J. Luo, T. Chen, and W. Su, “A novel consensus-based
⎪
⎪ distributed algorithm for economic dispatch based on local estimation of
⎪ ẋ = σ y
⎪
⎩ power mismatch,” IEEE Trans. Smart Grid, vol. 9, no. 6, pp. 5930–5942,
ẏ = rXβ cos(wt) Nov. 2018.
[10] J. Duan, W. Zeng, and M.-Y. Chow, “Resilient distributed dc optimal
By eliminating x and y in (42), (18) can be obtained. power flow against data integrity attack,” IEEE Trans. Smart Grid, vol. 9,
no. 4, pp. 3543–3552, Jul. 2018.
[11] J. Duan and M.-Y. Chow, “A novel data integrity attack on
A PPENDIX C consensus-based distributed energy management algorithm using local
information,” IEEE Trans. Ind. Informat., vol. 15, no. 3, pp. 1544–1553,
Proof of Proposition 3: The proof is based on the definition Mar. 2019.
of the equilibrium, i.e., no player can benefit by unilaterally [12] Y. Liu, H. Xin, Z. Qu, and D. Gan, “An attack-resilient cooperative con-
trol strategy of multiple distributed generators in distribution networks,”
changing its strategy [32]–[35]. IEEE Trans. Smart Grid, vol. 7, no. 6, pp. 2923–2932, Nov. 2016.
First, we show that (S∗a , S∗d ) is an equilibrium. If the defender [13] C. Zhao, J. He, P. Cheng, and J. Chen, “Analysis of consensus-based
changes its strategy and the attacker retains its strategy S∗a , distributed economic dispatch under stealthy attacks,” IEEE Trans. Ind.
Electron., vol. 64, no. 6, pp. 5107–5117, Jun. 2017.
the expected cost of the defender will be augmented, as illus- [14] J. Ni, K. Zhang, X. Lin, and X. S. Shen, “Balancing security and effi-
trated by (29). On the other hand, if the defender retains its ciency for smart metering against misbehaving collectors,” IEEE Trans.
strategy S∗d and the attacker changes its strategy, i.e., launch- Smart Grid, vol. 10, no. 2, pp. 1225–1236, Mar. 2019.
[15] S. Sahoo, J. C.-H. Peng, A. Devakumar, S. Mishra, and T. Dragičević,
ing the attack with a probability greater than zero, then the “On detection of false data in cooperative DC Microgrids—A discor-
expected payoff of the attacker will become strictly nega- dant element approach,” IEEE Trans. Ind. Electron., vol. 67, no. 8,
tive, as illustrated by the attacker’s objective function (25). pp. 6562–6571, Aug. 2020.
[16] S. Sahoo and J. C.-H. Peng, “A Localized event-driven resilient mech-
Therefore, (S∗a , S∗d ) is an equilibrium. anism for cooperative microgrid against data integrity attacks,” IEEE
Next, we show (S∗a , S∗d ) is the unique equilibrium. Suppose Trans. Cybern., vol. 51, no. 7, pp. 3687–3698, Jul. 2020.
there exists another equilibrium (S+ a , Sd ) = (Sa , Sd ). If Sd =
+ ∗ ∗ +
[17] S. Galli, A. Scaglione, and Z. Wang, “For the grid and through the grid:
The role of power line communications in the smart grid,” Proc. IEEE,
S∗ but S+ = S∗ , the attacker will switch its strategy from
d a a
vol. 99, no. 6, pp. 998–1027, Jun. 2011.
S+a to Sa to avoid a strictly negative expected payoff. On the
∗ [18] X. He, R. Wang, J. Wu, and W. Li, “Nature of power electronics and inte-
other hand, if S+ d = Sd , the corresponding expected cost of Sd gration of power conversion with communication for talkative power,”
∗ + Nat. Commun., vol. 11, no. 1, pp. 1–12, 2020.
is greater than the cost of S∗d , as illustrated by (29). Hence, [19] S. Z. Tajalli, T. Niknam, and A. Kavousi-Fard, “Stochastic electricity
the defender can always change from S+ d to Sd for a lower social welfare enhancement based on consensus neighbor virtualization,”
∗
cost, regardless of the attacker’s strategy. Both two scenarios IEEE Trans. Ind. Electron., vol. 66, no. 12, pp. 9571–9580, Dec. 2019.
[20] M. Farivar and S. H. Low, “Branch flow model: Relaxations and
of (S+ a , Sd ) conflict with the definition of equilibrium, which
+ Convexification—Part I,” IEEE Trans. Power Syst., vol. 28, no. 3,
completes the proof. pp. 2554–2564, Aug. 2013.
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.
YANG et al.: RESILIENT CONSENSUS-BASED AC OPTIMAL POWER FLOW AGAINST DIAs 3797
[21] S. Boyd, N. Parikh, E. Chu, B. Peleato, and J. Eckstein, [28] G. Raman, J. C.-H. Peng, and T. Rahwan, “Manipulating residents’
“Distributed optimization and statistical learning via the alter- behavior to attack the urban power distribution system,” IEEE Trans.
nating direction method of multipliers,” Found. Trends Mach. Ind. Informat., vol. 15, no. 10, pp. 5575–5587, Oct. 2019.
Learn., vol. 3, no. 1, pp. 1–122, 2010. [Online]. Available: [29] “Resources PES Test Feeder.” [Online]. Available: https://site.ieee.org/
http://www.nowpublishers.com/article/Details/MAL-016 pes-testfeeders/resources/ (Accessed: Sep. 30, 2020).
[22] C. Feng, Z. Li, M. Shahidehpour, F. Wen, W. Liu, and X. Wang, [30] Transmission Code, Energy Market Authority, Singapore, Jan. 2014.
“Decentralized short-term voltage control in active power distribu- [31] Y. Yang, M. Bao, Y. Ding, H. Jia, Z. Lin, and Y. Xue, “Impact of down
tion systems,” IEEE Trans. Smart Grid, vol. 9, no. 5, pp. 4566–4576, spinning reserve on operation reliability of power systems,” J. Mod.
Sep. 2018. Power Syst. Clean Energy, vol. 8, no. 4, pp. 709–718, Jul. 2020.
[23] W. Zheng, W. Wu, B. Zhang, H. Sun, and Y. Liu, “A fully distributed [32] Y.-Q. Wang, “Commodity Taxes under fiscal competition: Stackelberg
reactive power optimization and control method for active distribu- equilibrium and optimality,” Amer. Econ. Rev., vol. 89, no. 4,
tion networks,” IEEE Trans. Smart Grid, vol. 7, no. 2, pp. 1021–1033, pp. 974–981, 1999.
Mar. 2016. [33] S. K. Das, K. Kant, and N. Zhang, Handbook on Securing
[24] A. Majumder and J. Caffery, Jr., “Power line communications,” IEEE Cyber-Physical Critical Infrastructure. Waltham, MA, USA: Elsevier,
Potentials, vol. 23, no. 4, pp. 4–8, Oct./Nov. 2004. 2012.
[25] T. Liu et al., “A dynamic secret-based encryption scheme for smart [34] N. Liu, X. Yu, C. Wang, and J. Wang, “Energy sharing man-
grid wireless communication,” IEEE Trans. Smart Grid, vol. 5, no. 3, agement for microgrids with PV prosumers: A Stackelberg game
pp. 1175–1182, May 2014. approach,” IEEE Trans. Ind. Informat., vol. 13, no. 3, pp. 1088–1098,
[26] J. N. Blakely, M. B. Eskridge, and N. J. Corron, “High-frequency chaotic Jun. 2017.
Lorenz circuit,” in Proc. IEEE SoutheastCon, 2008, pp. 69–74. [35] M. Yan, M. Shahidehpour, A. Paaso, L. Zhang, A. Alabdulwahab,
[27] C.-U. Choe, K. Höhne, H. Benner, and Y. S. Kivshar, “Chaos suppres- and A. Abusorrah, “Distribution network-constrained optimization of
sion in the parametrically driven Lorenz system,” Phys. Rev. E, Stat. peer-to-peer transactive energy trading among multi-microgrids,”
Phys. Plasmas Fluids Relat. Interdiscip. Top., vol. 72, no. 3, 2005, IEEE Trans. Smart Grid, vol. 12, no. 2, pp. 1033–1047,
Art no. 36206. Mar. 2021.
Authorized licensed use limited to: American University of Sharjah. Downloaded on October 16,2022 at 09:51:30 UTC from IEEE Xplore. Restrictions apply.