Professional Documents
Culture Documents
OLTC-Induced False Data Injection Attack On VoltVA
OLTC-Induced False Data Injection Attack On VoltVA
OLTC-Induced False Data Injection Attack On VoltVA
fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
ABSTRACT This paper presents a new class of false data injection attacks (FDIAs) on Volt/VAR
optimization (VVO), which may result in abnormal voltage conditions along the radial medium voltage
(MV) distribution feeder with an on-load tap changer (OLTC), capacitor banks (CBs), solar photovoltaic
(PV) systems and smart meters. In comparison with existing FDIAs against voltage control that do not
consider the VVO process, we propose a new attack strategy with which the adversary can maliciously
change the distribution feeder voltage profile by misleading the VVO function through stealthily injecting
false data into smart meter measurements that are used for VVO. The proposed attack strategy is formulated
as a bilevel optimization problem using mixed integer linear programming (MILP). Injected false load data
that raise or lower the tap position of the OLTC are calculated at the upper level while the VVO process is
guaranteed to correctly operate with false data at the lower level. The bilevel optimization problem is finally
reformulated to a single-level optimization problem based on Karush–Kuhn–Tucker conditions of the lower
level optimization problem. A simulation study is carried out in an IEEE 33-bus distribution system with an
OLTC, CBs, PV systems, and smart meters, and our results demonstrate the feasibility and capability of the
proposed attack approach in terms of voltage level, attack effort, and PV penetration rate.
INDEX TERMS False data injection attack (FDIA), volt/var optimization (VVO), on-load tap changer
(OLTC), smart meter, active distribution network
VOLUME , 2019 1
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
bCap
t,d Binary switch status of the capacitor for node
d at period t; “1” for ON and “0” OFF. %[DGT.C[GT
N T apOLTC
max Maximum switching operations of OLTC #FXCPEGF/GVGTKPI+PHTCUVTWEVWTG
during the prediction horizon Nt . Vpduw#Phwhu
Ordg#Gdwd
B. ATTACK FORMULATION
load,a
Pbt,d Manipulated real load consumption for node (CNUG&CVC+PLGEVKQP
d at period t. &KUVTKDWVKQP/CPCIGOGPV5[UVGO
b load,a
Q Manipulated reactive load consumption for
t,d
Yrow2YDU#Rswlpl}dwlrq
node d at period t.
load
∆Pt,d Injected false real load consumption data for
node d at period t. 2J[UKECN.C[GT
∆Qload
t,d Injected false reactive load consumption data &KUVTKDWVKQP5[UVGO
for node d at period t.
D ROWF/#FE/#SY/#Vpduw#Phwhu
δt,d Binary attack status for node d at period t;
“1” with attack and “0” without attack.
FIGURE 1. Cyber physical framework illustrating cyber attack on VVO.
τ Limit factor for the magnitude of injected
false real load consumption data.
ω Weight for attack effort. the abnormal feeder voltage profile. Fig. 1 illustrates a two-
layered framework that consists of cyber and physical layers,
R Maximum number of compromised smart
corresponding to an AMI/DMS and an electric distribution
meters.
system, respectively. As shown in this figure, in the cyber
M Sufficient large positive constant. layer the corrupted smart meter measurements due to false
data injection from the adversary are, through the AMI
I. INTRODUCTION network, fed into the VVO module in DMS, which in turn
Volt/VAR optimization (VVO) is one of the key applications enables VVO to calculate the distorted optimal solutions
in distribution management systems (DMSs) for efficiently of voltage regulators and PV systems (e.g., incorrect tap
managing and controlling active distribution networks with positions of OLTC and wrong reactive power dispatch of
distributed energy resources (DERs) (e.g., solar photovoltaic PV systems). As a result, the distorted solutions lead to an
(PV) system and energy storage system (ESS)) [1]. In ac- abnormal feeder voltage profile and provide consumers with
tive distribution networks, VVO is carried out to determine degraded voltage quality in the physical layer. This paper
optimal voltage levels along the distribution feeder under contributes to the following two aspects: (i) the proposal for
all loading conditions through the coordination of voltage a new class of false data injection attack (FDIA) strategies
regulators such as on-load tap changers (OLTCs) at substa- with which the adversary can distort the feeder voltage by
tions and capacitor banks (CBs) and the smart inverters of misleading VVO to calculate the wrong OLTC tap positions
DERs. Recently, advanced information and communication through the injection of false data into smart meter mea-
technology (ICT) such as advanced metering infrastructure surements; and (ii) impact analysis of VVO subject to the
(AMI) with smart meters provides voltage regulators with proposed attacks.
real-time loading and voltage measurements, consequently In the power system engineering field, a first class of cyber
adjusting voltage profile more quickly and accurately [2]. data attack has been known as FDIA against DC model-based
However, as the coupling between the electric distribution state estimation [4] where the adversary can maliciously
system and ICT system becomes considerably stronger, the change the estimate of the state of the transmission system
applications in DMS may become more vulnerable to poten- while avoiding bad data detection in the energy management
tial cyber attacks through the ICT system. The 2015 Ukraine system (EMS). A more detailed review of the literature
blackout [3] has been known as the first cyber attack against related to the subject of FDIA in electric power systems can
electric distribution systems wherein ICT networks and com- be categorized into the following two parts:
ponents were compromised, and it resulted in blackouts in • Cyber attack on electric transmission system: A large
three Ukrainian regions. This paper attempts to investigate body of literature has been accumulated on the sub-
the impact of cyber attacks on VVO in DMS. ject of FDIA in electric transmission system [5]–[14],
The main objective of this paper is to propose a novel ranging from attacks against AC state estimation [5],
attack strategy with which the adversary malfunctions the impact analysis of automatic generation control (AGC)
operation of VVO by injecting false data into smart meter attack [6], online static security and contingency analy-
measurements that are used for VVO, consequently yielding sis attack [7], [8], topology data attack through the ma-
2 VOLUME , 2019
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
nipulation of the status of circuit breaker and switch [9]– proposed in [27]. A considerable amount of literature
[12], load redistribution attack through the injection has been published recently on the attack model and
of malicious load data in a bilevel optimization prob- impact analysis in voltage control [28]–[34], including
lem [13] and a trilevel optimization problem [14] us- the manipulation of the OLTC tap position [28], [29],
ing mixed integer linear programming (MILP). While attack on Volt-VAR control (VVC) under different ca-
many studies have formulated new attack models and pacitor bank configurations [30], the voltage change due
conducted their impact analysis in electric transmission to the malfunction of DERs through the injection of
systems from an adversary perspective, various defend- false generation setpoint signal [31] and reactive current
ing strategies to mitigate the impact of cyber attack measurement [32], an event tree-based impact assess-
on electric power system operations, from a system ment framework [33], and a denial-of-service attack
operator perspective, have been proposed. In [15], the mitigation framework [34].
least-budget dependent method against FDI attack was Although extensive research has been carried out on the
presented where securely protected sensors were deter- subject of the FDIA problem at both the transmission and
mined by solving a mixed integer nonlinear program- distribution system levels, to the best of our knowledge, no
ming (MINLP) problem based on Bender’s decomposi- research has been conducted to present FDIA against VVO
tion. In [16], a bilevel MILP problem was formulated and investigate the impact of such an attack on the voltage
to determine the minimum number of measurements re- level along the distribution feeder. In prior work [28]–[34],
quired to be protected. A new FDIA detection approach the authors considered an attack scenario where the adversary
using load forecast data, generation schedules, and syn- can attack against voltage control algorithms without the
chrophasor data was proposed in [17]. In [18], a frame- VVO process being considered. The main contributions of
work for quantifying the impact of a cyber attack on bus this paper are suggested as follows:
and transmission line protection systems was developed
where the expected load curtailment index was proposed 1) We propose two types of FDIAs on VVO. The adversary
to assess potential system loss from the attack. More stealthily raises or lowers the tap position of OLTC
recently, FDIA detection strategies based on various by misleading the VVO process by injecting false data
machine learning methods were presented where mea- into smart meter measurements that are used for VVO,
surements can be categorized into non-attack events and consequently leading to the abnormal voltages along the
attack events by using: temporal characteristics of FDIA distribution feeder.
using conditional deep belief network (CDBN) [19], 2) We formulate the proposed attack approach in a bilevel
semisupervised online learning method [20], and non- mixed integer linear programming (MILP) optimization
nested generalized exemplars (NNGE) through pre- problem that consists of upper and lower level optimiza-
processing of the state extraction method (STEM) [21]. tion problems. The former calculates injected false data
A broader range of FDIA models and defending meth- for the OLTC tap position to stealthily increase or de-
ods in the electric transmission system are summarized crease while the adversary spends the least attack effort.
well in [22] and [23]. The latter enables VVO to operate correctly even with
• Cyber attack on electric distribution system: In compar- the injected false data. The bilevel optimization problem
ison with extensive research on the FDIA problem at the is then transformed to a single-level MILP optimization
transmission system level, studies about the FDIA prob- problem using Karush–Kuhn–Tucker (KKT) conditions
lem at the distribution system level are relatively few. of the lower level optimization problem.
In [24], a least-effort FDIA against three-phase balanced 3) We quantify the performance of the proposed attacks
distribution system state estimator was proposed where in the IEEE 33-bus distribution system in terms of: i)
the adversary can reduce his/her effort with only the the OLTC tap position; ii) voltage magnitude along the
information of local state obtained by approximating the feeder; and iii) attack effort as a function of the mag-
entire system state using a small number of power flow nitude of injected false data and a maximum number
or injection measurements. The possibility of a cyber of compromised smart meters. Furthermore, we study
threat on a distribution automation system (DAS) was the impact of the proposed attacks with varying amount
first addressed in [25] and [26], where the attack impact of PV penetration as well as with different number of
assessment model [25] that consists of a terminal device prediction horizon in the VVO on the voltage profile.
level and control center server level was developed, and The rest of this paper is organized as follows. Section II
an efficient secret key distribution protocol without re- provides an overview of the VVO model and the KKT
quiring much computation of encryption algorithm [26] conditions of the optimization problem. Section III states the
was proposed. More recently, a unified attack model and attack problem and elaborates the formulation of the pro-
security assessment framework for active distribution posed VVO attack strategies using a bilevel and single-level
systems was developed based on limited stochastic Petri MILP optimization programming. The simulation results for
net (LSPN) graph theory, and the index that quantify the proposed attack approach are provided in Section IV, and
the attack performance and the system robustness was the conclusions are given in Section V.
VOLUME , 2019 3
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
PV
II. BACKGROUND real power output Pbt,d and its coefficient cPV defined as
The main notations used throughout this paper are summa- s
rized in the nomenclature section. Bold symbols represent PV 1 − (P FdPV,min )2
cd =
vectors. Hat symbols represent estimates of true parameter (P FdPV,min )2
value. The other undefined symbols in the nomenclature
section are explained in the text. where P FdPV,min is the minimum power factor of the PV
system at node d. The range of allowable voltages for all
A. VOLT/VAR OPTIMIZATION MODEL nodes can be expressed in (13) where V min and V max are
For each node d with a scheduling period t and prediction selected to be 0.95 p.u. and 1.05 p.u. The decision variable
horizon Nt , the VVO problem is generally formulated as vectors from the VVO problem are denoted as V, Pline , Qline ,
follows: Pnode , Qnode , QCAP , QPV , TapOLTC , and bCAP .
Nd
Nt X
X In this paper, we convert the mixed-integer nonlinear pro-
min J = |Vt,d − V nom | (1) gramming (MINLP)-based VVO algorithm into a MILP op-
t=1 d=1 timization problem. To this end, the nonlinear equations for
s.t. the objective function (1) and the constraints for the number
of switching operations for the OLTC (10) are linearized as,
line line node lat
α : Pt,d+1 = Pt,d − Pt,d+1 − Pt,d+1 (2) respectively,
χ: Qline
t,d+1 = Qline
t,d − Qnode lat
t,d+1 − Qt,d+1 (3) ∆Vt,d = |Vt,d − V nom | (14)
!
line
rd Pt,d + xd Qline
t,d −
J : ∆Vt,d ≥ Vt,d − V nom
(15)
λ : Vt,d+1 = Vt,d − (4)
V0 +
J : ∆Vt,d ≥ V nom
− Vt,d (16)
θ : Vt,1 = V nom + aOLTC T apOLTC
t (5) and
node load PV
γ : Pt,d = Pbt,d − Pbt,d (6)
U− : N T apOLTC
t ≥ T apOLTC
t − T apOLTC
t−1 (17)
∇ : Qnode b load PV CAP
t,d = Qt,d − Qt,d − Qt,d (7) +
U : N T apOLTC
t ≥ T apOLTC
t−1 − T apOLTC
t (18)
CAP CAP,nom
β : QCAP
t,d = bt,d Qd (8) Nt
X
bCAP
t,d ∈ {0, 1} (9) ξ: N T apOLTC
t ≤ N T apOLTC
max . (19)
Nt t=1
X
|T apOLTC
t − T apOLTC OLTC
t−1 | ≤ N T apmax (10) Furthermore, the binary and integer decision variables
t=1 in (9) and (11) are relaxed with continuous variables as the
T apOLTC
t ∈ {−16, . . . , −1, 0, 1, . . . , 16} (11) following linear constraints:
PV b PV
κ : −c Pt,d ≤ QPV PV b PV
t,d ≤ c Pt,d (12) ζ : 0 ≤ bCAP
t,d ≤ 1 (20)
min max
Φ:V ≤ Vt,d ≤ V . (13) ρ : −16 ≤ T apOLT C
≤ 16. (21)
t
In this formulation, the objective function is to minimize the In this paper, the linear programming (LP)-based VVO prob-
total deviation of voltages from the nominal voltage for all lem through the relaxation above needs to be formulated
nodes during the prediction horizon in (1). Equations (2)–(4) in order to develop our attack strategy illustrated in the
represent the linearized distribution real power flow, reactive following section. It is noted that the proposed attack strategy
power flow, and voltage for node d at the scheduling period includes the KKT conditions of the VVO problem, however,
t, respectively [35]. Equation (5) represents the substation no KKT conditions of the MILP optimization problem exist.
voltage, which can be determined by the OLTC tap position
T apOLTC , along with the step size for changing tap positions In the LP-based VVO formulation, all variable vectors (α,
t
aOLTC . For each node d, the nodal real and reactive power χ, λ, θ, γ, ∇, β, κ, Φ, J, U, ζ, and ρ) corresponding to the
balance equations can be expressed in terms of the real and/or equality/inequality constraints are the Lagrangian multipliers
reactive power of the load, CBs, and PVs in (6) and (7). that have non-negative values. In particular, the Lagrangian
Equation (8) represents the reactive output that is supported multiplier vector associated with its inequality constraint
by the CB for node d at scheduling period t. Here, QCAP,nom consists of two types of Lagrangian multiplier subvectors,
d
is the size of the capacitors and bCAP corresponding to the upper and lower limit of inequality
t,d is a binary decision
variable that determines the switch status of the capacitors constraints, respectively (e.g., κ = [κ+ , κ− ] in (12)).
in (9). During the prediction horizon Nt , the total number
of switching operations for the OLTC is limited by its corre- B. KKT CONDITIONS
sponding switching threshold N T apOLTC max in (10) along with A general optimization problem with linear equality and
the integer position of the OLTC tap in (11). Equation (12) inequality constraints is formulated as follows:
represents the reactive power capability of the PV system at
node d, which can be described in terms of the predicted PV min J(x, a) (22)
x
4 VOLUME , 2019
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
.QCF 28 %$ 28
Prior to the proposed attack, the adversary is required to
FIGURE 2. Illustration of VVO attack manipulating smart meter data. have the following capabilities:
VOLUME , 2019 5
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
s.t. tion problem. To this end, the lower level optimization prob-
node load,a PV lem is replaced by its KKT equations, which are classified
γ : Pt,d = Pbt,d − Pbt,d (34)
into four types of conditions as follows:
load,a load load
η: Pbt,d = Pbt,d + ∆Pt,d (35)
∇ : Qnode b load,a − QPV QCAP The first-order optimality conditions
t,d = Q t,d t,d − t,d (36)
Given the Lagrangian function of the VVO problem at the
µ: Qb load,a b load
=Q load
t,d + ∆Qt,d (37)
t,d lower level, which is illustrated in subsection II-B, the first-
Eqn. (2) − (5), Eqn. (8) (38) order optimality conditions can be derived as
Eqn. (12) − (21) (39) −
1 − Jt,d +
−Jt,d =0 (43)
In the upper level (25)–(32), the adversary computes false −λt,d−1 + λt,d − Φ− +
t,d + Φ+
−
t,d
−
− θt = 0
Jt,d +
Jt,d (44)
load
load data (∆Pt,d , ∆Qload
t,d ) that are injected into smart me- λt,d rd
ters in order to maximize (attack I) or minimize (attack − nom − αt,d−1 +αt,d = 0 (45)
V
II) the OLTC tap positions and minimize the attack effort λt,d xd
− nom − χt,d−1 +χt,d = 0 (46)
simultaneously while maintaining the undetectable condition V
along with the limited attack capability. The multi objective −∇t,d −βt,d = 0 (47)
function (25) or (26) for attack I or attack II consists of −∇t,d −κ− +
t,d + κt,d = 0 (48)
two terms, corresponding to the OLTC tap position and a −
total number of injected false load data where δt,d D
equals to βt,d QCAP,nom
d − ζt,d +
+ζt,d =0 (49)
D
one when smart meter at node d is attacked, otherwise δt,d γt,d −ηt,d = 0 (50)
equals to zero. In the second term for the objective function, ∇t,d −µt,d = 0 (51)
ω represents a penalty weight for the attack effort. A larger
D −αt,d−1 −γt,d = 0 (52)
ω yields a smaller number of δt,d = 1 along with a reduced
false data magnitude, and hence, it saves the attack effort; yet, −χt,d−1 −∇t,d = 0 (53)
it prevents the adversary from manipulating the OLTC tap aOLTC θt − ρ− + − − + +
t + ρt + Ut − Ut+1 −Ut + Ut+1 = 0 (54)
position significantly. Equations (27) and (28) guarantee that −ξt − Ut− −Ut+ = 0. (55)
the injected false data are undetected by system operators.
The number of injected false data are counted in (29), which The primal feasibility conditions
is equivalent to the following constraints: The primal feasibility conditions are all equality and inequal-
load load D ity constraints for the lower level optimization problem:
∆Pt,d + τ Pt,d δt,d ≥ 0 (40)
load
∆Pt,d − load D
τ Pt,d δt,d ≤0 (41) Eqn. (34) − (39) (56)
D The complimentary conditions
δt,d ∈ {0, 1}. (42)
The complimentary conditions are expressed as the multi-
Equations (30) and (31) represent the limit for the magnitude plication of all inequality constraints and their Lagrangian
and the number of injected false data, respectively. In (32), multipliers.
the injected false reactive power data are bounded by the
−
limit in terms of the injected false real power data and Jt,d (−Vt,d + V nom − ∆Vt,d )
the following coefficient cload
d in terms of the power factor + J + (Vt,d − V nom − ∆Vt,d ) = 0 (57)
(P Fdload ) at node d t,d
− +
s κt,d −QPV PV b PV PV PV b PV
t,d − c Pt,d + κt,d Qt,d − c Pt,d = 0
load 1 − (P Fdload )2 (58)
cd = .
(P Fdload )2 −
Ut −N T apt OLTC OLTC
− T apt−1 + T apt OLTC
+
+ Ut −N T apOLTC + T apOLTC OLTC
On the other hand, the lower level (33)–(39) represents t t−1 − T apt = 0 (59)
the VVO problem that is illustrated in subsection II-A. Only N
X t
!
the difference from the previous VVO formulation is that the ξt N T apOLTC
t − N T apOLTC
max =0 (60)
VVO problem at the lower level includes the modified nodal t=1
real and reactive power balance equations (34)–(37), which Φ− +
t,d (−Vt,d + Vmin ) + Φt,d (Vt,d − Vmax ) = 0 (61)
are expressed as a function of the injected false data delivered − +
−bCAP bCAP
from the upper level.
ζt,d t,d + ζt,d t,d − 1 = 0 (62)
ρ− OLTC
− 16 + ρ+ OLTC
t,d −T apt t,d T apt − 16 = 0. (63)
C. SINGLE-LEVEL OPTIMIZATION PROBLEM FOR THE It is noted that the complimentary conditions above are
PROPOSED ATTACKS nonlinear owing to the multiplication of two continuous
In this paper, the bilevel MILP optimization-based attack decision variables. Thus, to formulate the attack method in
strategy is converted into an equivalent single-level optimiza- an MILP optimization problem, the nonlinear complimentary
6 VOLUME , 2019
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
J−
−
Jt,d − M δt,d ≤0
J−
−Vt,d + V nom + ∆Vt,d ≤ M (1 − δt,d
)
+ J + (64)
Jt,d − M δt,d ≤ 0 %$
%$ %$ %$
J+
Vt,d − V nom + ∆Vt,d ≤ M (1 − δt,d
)
−
− κ
κt,d − M δt,d ≤ 0 %$ %$
κ−
PV PV b PV
Qt,d + c Pt,d ≤ M (1 − δt,d )
%$
κ+
κ+
t,d − M δt,d ≤ 0 (65) %$
κ+
PV PV b PV
−Q t,d + c Pt,d ≤ M (1 − δt,d )
δ κ− + δ κ+ ≤ 1
%$
t,d t,d
U−
−
Ut − M δt ≤ 0
N T apOLTC + T apOLTC − T apOLTC ≤ M (1 − δ U − )
t t−1 t t
+
Ut+ − M δtU ≤ 0
FIGURE 3. Modified IEEE 33-bus system with OLTC, CBs, and PV systems.
+
N T apOLTC − T apOLTC
t−1 + T apt
OLTC
≤ M (1 − δtU )
t
(66)
single-level optimization problem:
ξ+
(
+
ξt − M δt ≤ 0 ( Nd
)
PNt +
≤ M (1 − δtξ )
X
− t=1 N T apOLTC
t + N T apOLTC max Attack I: max T apOLTC
t −ω D
δt,d (72)
(67) d=1
−
Φt,d ≤ M δt,d Φ− or
Nd
( )
Φ−
Vt,d − Vmin ≤+ M (1 − δt,d )
X
D
T apOLTC
Attack II: min +ω δt,d (73)
Φt,d t
Φ+t,d ≤ M δt,d
(68) d=1
+
−Vt,d + Vmax ≤ M (1 − δt,d )
Φ s.t.
Φ−
+
δ + δΦ ≤ 1 Eqn. (27) − (32) (74)
t,d
− ζ−
ζt,d ≤ M δt,d Eqn. (43) − (56), (64) − (71) (KKT conditions). (75)
ζ−
CAP
bt,d ≤ M (1+ − δt,d )
+ ζ IV. SIMULATION RESULTS
ζt,d ≤ M δt,d (69)
A. SIMULATION SETUP
−bCAP + 1 ≤ M (1 − δ ζ + )
t,d t,d In this section, we assess the performance of the proposed
δ ζ − + δ ζ + ≤ 1
attack approach in the modified IEEE 33-bus distribution test
t,d t,d
− system [35], which is illustrated in Fig. 3. In this test system,
ρt ≤ M δtρ
−
the base MVA is set to 100 MVA. The modified IEEE 33-bus
−
+ 16 ≤ M (1 − δtρ )
OLTC
T apt
system includes one OLTC, nine CBs, four PV systems and
ρ+ 32 smart meters. The smart meters are located from node 2
ρ+
t ≤ M δt (70)
OLTC ρ+ to node 33. An integer tap position of OLTC at the substation
−T apt + 16 ≤ M (1 − δt )
ranges from -16 to 16 with its step change aOLTC = 0.003.
δ ρ− + δ ρ+ ≤ 1.
t t The maximum number of tap changes for OLTC during the
The dual feasibility conditions predicted horizon is set to N T apOLTC
max = 3. The CBs are
All the non-negative Lagrangian multiplies belong to the dual connected to nodes 4, 7, 8, 14, 23, 24, 25, 30, and 32, and the
feasibility conditions as follows: maximum output of each CB is QCAP,nom
d = 30kVAr. The PV
systems are installed at nodes 11, 16, 17, and 31. The profiles
[α; χ; λ; θ; γ; ∇; η; µ; β; κ; Φ; J, U, ξ, ζ, ρ] ≥ 0. (71) for the predicted PV real power output and load coefficient
are shown in Fig. 4 and Fig. 5, respectively. For simplicity,
the predicted PV real power output and load coefficient are
assumed to be identical for all nodes. The scheduling period
is 1 h for VVO with a predicted horizon Nt = 1. The
Finally, using the aforementioned KKT conditions, the comparison of the attack performance for VVO with different
proposed attack strategy can be formulated as the following predicted horizons between Nt = 1 and Nt = 4 is conducted
VOLUME , 2019 7
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
-3
×10
3
1.04
PV real power output (p.u.)
2.5
1.5
1
0.98
0.5
0 0.96
1 5 10 15 20 24 1 5 10 15 20 25 30 33
Time ( hour ) Node
FIGURE 4. Profile of the predicted value with a resolution of 1 h for PV real FIGURE 6. Voltage profile for 33 nodes during 24 h without attack.
power output.
1.05
1
0.8
1
0.7
0.6
0.5
0.95
0.4 1 5 10 15 20 25 30 33
1 5 10 15 20 24 Node
Time ( hour )
FIGURE 7. Voltage profile for 33 nodes during 24 h with attack I.
FIGURE 5. Profile of the predicted value with a resolution of 1 h for load
coefficient.
1.02
conditions along the distribution feeder subject to the pro-
posed attacks I and II. We consider two types of voltages
1
belonging to different layers as shown in Fig. 1: 1) voltage
in cyber layer; and 2) voltage in physical layer. The former 0.98
represents the optimal voltage schedule that is calculated by
the VVO. The latter represents the voltage value that involves 0.96
the actual operating condition of the distribution system.
Voltage in the physical layer is computed by distribution 0.94
1 5 10 15 20 25 30 33
system power flow analysis [36]. In this paper, voltages in
Node
the cyber layer and in the physical layer are denoted by the
cyber voltage and the physical voltage, respectively. FIGURE 8. Voltage profile for 33 nodes during 24 h with attack II.
8 VOLUME , 2019
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
15
1.06
OLTC tap position
10 1.04
0 Without attack
0.98
With attack I (cyber layer)
With attack I (physical layer)
0.96 Lower limit
1 5 10 15 20 24 Upper limit
from Fig. 9 that the OLTC tap position ranges from 7 to 15 1.02
where a lower tap position is associated with a higher amount
of PV generation (2 p.m.∼4 p.m.) and a higher tap position 1
with a lower amount of PV generation (7 p.m.∼11 p.m.). As Without attack
0.98
expected, compared to the tap positions of OLTC without With attack I (cyber layer)
With attack I (physical layer)
attack, they increase or decrease owing to attacks I and II, 0.96 Lower limit
Upper limit
respectively, as shown in Fig. 9. However, it is observed from
this figure that the OLTC tap position has the maximum value 0.94
1 5 10 15 20 25 30 33
at any scheduling time during attack I. This observation may Node
be regarded as an abnormal operation of the OTLC by system FIGURE 11. Comparison of three different voltage profiles at 10 p.m.: (i)
operators. In this case, the adversary needs to wait another without attack; (ii) with attack I (cyber layer); and (iii) with attack I (physical
day when the schedule that has different OLTC tap positions layer)
with attack > the cyber voltage with attack > the cyber 1
voltage without attack. We verify from this result that the
adversary with attack I successfully increases the physical 0.98
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
1.06 0.005
FIGURE 13. Comparison of three different voltage profiles at 10 p.m.: (i) FIGURE 14. Impact of three different PV penetration rates on voltage
without attack; (ii) with attack II (cyber layer); and (iii) with attack II (physical magnitude differences between without attack and with attack I .
layer).
0.045
Figs. 12 and 13 illustrate the impact of attack II on both
attack at any node still remains within the allowable range. 0.04
We observe from Figs. 12 and 13 that the physical voltage Low PV output
violations occur at two groups of nodes at 8 a.m., {nodes 0.039 Medium PV output
High PV output
13∼18} and {nodes 29∼33}, whereas the physical voltage 0.038
1 5 10 15 20 25 30 33
violations does at 10 p.m. at only {nodes 13∼18}. This Node
observation derives from the fact that due to no available PV
FIGURE 15. Impact of three different PV penetration rates on voltage
reactive power injection at 10 p.m., the PV systems do not magnitude differences between without attack and with attack II .
contribute to increased voltages above the minimum limit,
which in turn results in raising the OLTC tap position.
a higher OLTC tap position than high PV penetration. As
C. IMPACT OF PV ON THE VVO ATTACK a result, low PV penetration provides more room for the
In this subsection, we quantify the impact of three different adversary using attack II to minimize the OLTC tap position
amounts of PV real power output on the performance of and decrease voltages eventually.
the proposed attacks, corresponding to different scheduling
time slots: (1) low PV generation at 6 p.m.; (2) medium PV D. IMPACT OF THE ATTACK EFFORT ON THE VVO
generation at 11 a.m.; and (3) high PV generation at 2 p.m. ATTACK
Figs. 14 and 15 show the comparison of voltage magnitude In this subsection, we investigate the impact of the attack
differences among different PV penetration rates when at- effort on the performance of the proposed attacks. Here,
tacks I and II occur, respectively. Here, the voltage magnitude the attack effort is defined as two attack limit factors, τ
difference is defined as the deviation of physical voltage with and R, for: (1) the magnitude of injected false load data τ ;
attack from cyber voltage without attack. We observe from and (2) the maximum number of injected false load data R,
Fig. 14 that the adversary using attack I can cause more respectively. For the simulation study, three different values
negative voltage deviation from the normal voltage level with of the attack effort are selected with τ = 0.4, 0.6 and
a higher PV penetration rate. This phenomenon is due to 0.8 and R = 5, 15 and 25. In this simulation, the impact
the fact that the voltage level at the substation is lower at a assessment of attack II subject to varying attack effort is
high PV penetration than at low PV generation, and hence, conducted. Fig. 16 shows the OLTC tap positions during
the adversary can obtain more room to maximize the OLTC 24 h after the attack with varying τ . Along with the result
tap position for increasing the voltage level at any node. from Fig. 16, it is observed that the increase of value of τ
Compared to Fig. 14, Fig. 15 demonstrates that the adversary results in a lower OLTC tap position at some scheduling time
using attack II can have a more significant impact on positive slots, which consequently lead to an increase in the physical
voltage deviation at low PV penetration than at a high PV voltage magnitude difference at any node as shown in Fig. 17.
penetration rate. It is noted that low PV penetration causes Fig. 18 shows the OLTC tap positions during 24 h after
10 VOLUME , 2019
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
16 16
τ=0.4 R=5
14 14
τ=0.6 R=15
12 12
τ=0.8 R=25
OLTC tap position
8 8
6 6
4 4
2 2
0 0
-2 -2
1 5 10 15 20 24 1 5 10 15 20 24
Time ( hour ) Time ( hour )
FIGURE 16. Tap positions of OLTC with three different attack limit factors τ . FIGURE 18. Tap positions of OLTC with three different attack efforts R.
0.045 0.04
τ=0.4 R=5
τ=0.6 R=15
0.04 0.035
τ=0.8 R=25
0.035 0.03
0.03 0.025
0.025 0.02
0.02 0.015
1 5 10 15 20 25 30 33 1 5 10 15 20 25 30 33
Node Node
FIGURE 17. Voltage profiles with three different attack limit factors τ . FIGURE 19. Voltage profiles with three different attack efforts R.
the attack with varying R. Similar to the result from Fig. 16, interval (i.e., Nt = 1) as static VVO, otherwise as look-ahead
it is observed from Fig. 18 that the OLTC tap positions at VVO with multi-step prediction intervals. In comparison
some scheduling time slots become lower with increasing with the static VVO approach, the benefit of the look-ahead
R. As shown in Fig. 19, it is also observed that the voltage VVO approach lies in that during the multi-step prediction
magnitude differences fluctuate further with a larger value of horizon, look-ahead VVO allows OLTC, CB, and PV systems
R. with inter-temporal constraint to reserve their capacities and
In addition, with different values of R, the location of operate efficiently, thus operating the VVO process more
nodes with the attacked smart meters (i.e., load measure- effectively along with the reduction of the total cost (i.e.,
ments) are summarized as follows: {node 11, node 23, nodes the deviation of optimal voltage from nominal voltage) of
28∼30} for R = 5, {node 4, node 6, node 14, node 16, VVO. To fairly compare the attack performance between
node 18, node 21, node 23, nodes 25∼32} for R = 15, and static VVO and look-ahead VVO, we assume that identical
{nodes 4∼9, nodes 14∼32 for R = 25. It is noted from this smart meters for both VVO methods are attacked.
result that, to achieve the desired attack result, in general Figs. 20 and 21 show voltage magnitude differences of
the adversary injects false data into smart meters that are static VVO (Nt = 1) and look-ahead VVO (Nt = 4) at 10
further away from the substation. For a secure VVO operation a.m. due to attack I and attack II, respectively. We observe
against false data injection attacks, this may provide some from these figures that the voltage magnitude difference in
practical guideline wherein smart meters installed around the static VVO is larger than in the look-ahead VVO. We can
end node of the distribution system need to be protected with conjecture from this observation that in view of robustness to
a higher priority. cyber attack, look-ahead VVO still outperforms static VVO.
Finally, the main observations from the simulation studies
E. IMPACT OF THE NUMBER OF PREDICTION HORIZON can be summarized as follows:
ON THE VVO ATTACK • The proposed attacks I and II are undetectable because
This subsection evaluates the impact of the proposed attacks the cyber voltages remain within the allowable range
on VVO with different number of prediction horizon Nt . after the attack.
In this paper, we define VVO with a one-step prediction • Attack I increases cyber voltage and physical voltage
VOLUME , 2019 11
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
Attack I on static VVO attack method into a single-level optimization problem using
Attack I on look-ahead VVO Karush–Kuhn–Tucker conditions of the lower level optimiza-
0
tion problem. Numerical examples simulated in the IEEE 33-
bus distribution system demonstrated that the proposed attack
-5
approach can stealthily result in an abnormal feeder voltage
profile in both the physical and the cyber layers.
-10 In the future, we will extend the proposed attack model
to a more practical attack in a realistic unbalanced three-
phase distribution system with a voltage-dependent load
-15
1 5 10 15 20 25 30 33 model. Another interesting direction for future research is to
Node
develop an effective mitigation strategy to protect distribution
FIGURE 20. Comparison of attack I performance between static VVO and systems from false data injection attacks against VVO.
look-ahead VVO at 10 a.m.
REFERENCES
0.06
[1] L. Wang, F. Bai, R. Yan, and T. K. Saha, “Real-time coordinated voltage
Attack II on static VVO control of pv inverters and energy storage for weak networks with high pv
penetration,” IEEE Trans. Smart Grid., vol. 33, no. 3, pp. 3383–3395, May
Voltage magnitude difference (p.u.)
12 VOLUME , 2019
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI
10.1109/ACCESS.2019.2904959, IEEE Access
[18] X. Liu et al., “Power system risk assessment in cyber attacks considering distribution power grids with pvs,” IEEE Trans. Smart Grid., vol. 7, no. 4,
the role of protection systems,” IEEE Trans. Smart Grid., vol. 8, no. 2, pp. pp. 1824–1835, July 2016.
572–580, Mar 2017. [29] A. Anwar, A. N. Mahmood, and M. Ahmed, “False data injection attack
[19] Y. He, G. J. Mendis, and J. Wei, “Real-time detection of false data injection targeting the ltc transformers to disrupt smart grid operation,” in ICST &
attacks in smart grid: A deep learning-based intelligent mechanism,” IEEE SecureComm, Beijing, China, Sept 2014, pp. 252 – 266.
Trans. Smart Grid., vol. 8, no. 5, pp. 2505–2516, Sept 2017. [30] A. Teixeira et al., “Security of smart distribution grids: Data integrity
[20] M. Ozay et al., “Machine learning methods for attack detection in the smart attacks on integrated volt/var control and countermeasures,” in 2014
grid,” IEEE Trans. Neural Netw. Learn. Syst., vol. 27, no. 8, pp. 1773– American Control Conference (ACC), Portland, OR, USA, June 2014, pp.
1786, Aug 2016. 4372 – 4378.
[21] U. Adhikari, T. H. Morris, and S. Pan, “Applying non-nested generalized [31] D. Shelar and S. Amin, “Security assessment of electricity distribution
exemplars classification for cyber-power event and intrusion detection,” networks under der node compromises,” IEEE Trans. Control Netw. Syst.,
IEEE Trans. Smart Grid., to be published. vol. 4, no. 1, pp. 23–36, Mar 2017.
[22] G. Liang, J. Zhao, F. Luo, S. R. Weller, and Z. Y. Dong, “A review of false [32] A. Teymouri, A. Mehrizi-Sani, and C.-C. Liu, “Cyber security risk assess-
data injection attacks against modern power systems,” IEEE Trans. Smart ment of solar pv units with reactive power capability,” in IECON 2018 -
Grid., vol. 8, no. 4, pp. 1630–1638, July 2017. 44th Annual Conference of the IEEE Industrial Electronics Society, DC,
[23] R. Deng, G. Xiao, R. Lu, H. Liang, and A. V. Vasilakos, “False data USA, Oct 2018, pp. 2872 – 2877.
injection on state estimation in power systems—-attacks, impacts, and [33] L. Langer, P. Smith, M. Hutle, and A. Schaeffer-Filho, “Analysing cyber-
defense: A survey,” IEEE Trans. Ind. Informat., vol. 13, no. 2, pp. 411– physical attacks to a smart grid: A voltage control use case,” in 2016 Power
423, April 2017. Systems Computation Conference (PSCC), Genova, Italy, June 2016, pp.
[24] R. Deng, P. Zhuang, and H. Liang, “False data injection attacks against 1–7.
state estimation in power distribution systems,” IEEE Trans. Smart Grid., [34] C. Cameron, C. Patsios, P. Taylor, and Z. Pourmirza, “Using self-
to be published. organizing architectures to mitigate the impacts of denial-of-service at-
[25] X. Ye, J. Zhao, Y. Zhang, and F. Wen, “Quantitative vulnerability assess- tacks on voltage control schemes,” IEEE Trans. Smart Grid., to be pub-
ment of cyber security for distribution automation systemss,” Energies., lished.
vol. 8, pp. 5266–5286, June 2015. [35] M. E. Baran and F. F. Wu, “Network reconfiguration in distribution
[26] I. H. Lim et al., “Security protocols against cyber attacks in the distribution systems for loss reduction and load balancing,” IEEE Trans. Power Del.,
automation system,” IEEE Trans. Power Del., vol. 25, no. 1, pp. 448–455, vol. 4, no. 2, p. 1401–1407, Apr 1989.
Jan 2010. [36] W. H. Kersting, Distribution System Modeling and Analysis. New York:
[27] R. Fu et al., “Security assessment for cyber physical distribution power CRC Press, 2017.
system under intrusion attacks,” IEEE Access., to be published.
[28] Y. Isozaki et al., “Detection of cyber attacks against voltage control in
VOLUME , 2019 13
2169-3536 (c) 2018 IEEE. Translations and content mining are permitted for academic research only. Personal use is also permitted, but republication/redistribution requires IEEE permission. See
http://www.ieee.org/publications_standards/publications/rights/index.html for more information.