8162 IEEE TRANSACTIONS ON POWER ELECTRONICS, VOL. 34, NO.

8, AUGUST 2019

A Stealth Cyber-Attack Detection

Strategy for DC Microgrids
Subham Sahoo , Member, IEEE, Sukumar Mishra , Senior Member, IEEE,
Jimmy Chih-Hsien Peng , Member, IEEE, and Tomislav Dragičević , Senior Member, IEEE

Abstract—This paper proposes a cooperative mechanism for owing to their highly reliable operation during link failures.
detecting potentially deceptive cyber attacks that attempt to Moreover, distributed control philosophy is an economic op-
disregard average voltage regulation and current sharing in tion since it can be easily accommodated by transmitting lesser
cyber-physical dc microgrids. Considering a set of conventional
cyber attacks, the detection becomes fairly easy for distributed ob- volume of data without entailing much traffic in contrast to the
server based techniques. However, a well-planned set of balanced centralized communication [6]. In dc microgrids, cooperative
attacks, termed as the stealth attack, can bypass the conventional secondary controllers have been deliberately used for various
observer based detection theory as the control objectives are met objectives, such as average voltage regulation [7], proportional
without any physical error involved. In this paper, we discuss load sharing [8], and energy balancing [9].
the formulation and associated scope of instability from stealth
attacks to deceive distributed observers realizing the necessary To enhance the scope of reliability, system security plays an
and sufficient conditions to model such attacks. To address this increasingly important role in maintaining unbiased coordina-
issue, a novel cooperative vulnerability factor (CVF) framework tion among the sources since it directly affects the technological
for each agent is introduced, which accurately identifies the aspects based on penalties specifically allocated for poor per-
attacked agent(s) under various scenarios. To facilitate detection formance metrics [10]. Few potential ways to violate security
under worst cases, the CVFs from the secondary voltage control
sublayer is strategically cross coupled to the current sublayer, measures are cyber attacks, which typically include false data
which ultimately disorients the control objectives in the presence injection attacks (FDIAs) [11], denial of service (DoS) [12],
of stealth attacks and provides a clear norm for triggering defense replay attacks [13], etc. Such attacks are adept at disrupting
mechanisms. Finally, the performance of the proposed detection the network stability as well as control structures. Several in-
strategy is simulated in MATLAB/SIMULINK environment and stances have been reported in the past, which became a critical
experimentally validated for false data injection and stealth
attacks on sensors and communication links. concern for the control centers [14]. FDIAs alter the system
state by injecting a false data into any of the compromised sen-
Index Terms—DC microgrid, distributed control, false data sors/actuators. An example of implementation of such attacks
injection, stealth attack.
is given in [11]. To analyze the impact of such attacks, further
I. INTRODUCTION investigation is done in [15] to assess their impacts on the eco-
nomic load dispatch that is realized in a cooperative manner. In
C microgrids are an effective means of integrating renew-
D able energy sources, storage devices, and modern elec-
tronic loads, capable of operating independently of the utility
this respect, the system under attack reaches a consensus stage
that is not optimal. Broadly, detection and mitigation of conven-
tional attacks are already well classified in the literature since
grid [1], [2]. Moreover, the operating nature of these units in the such attacks disrupt the operation of observers that becomes
dc paradigm makes it a vivid option to enhance the efficiency a simple criterion for detection. However, it is reported that
[3]. For enhancing the scalability and robustness, distributed generalized FDIAs, commonly known as stealth attacks [16],
controllers are desirable in microgrids [4], [5] to avoid single can easily penetrate into networked systems without altering the
point of failure as compared to the centralized communication, system observability. These attacks can be specifically classified
as coordinated intelligent attacks [17] that involves coordinated
Manuscript received May 22, 2018; revised July 18, 2018 and August 29, attack vectors in multiple nodes to nullify system dynamics.
2018; accepted October 29, 2018. Date of publication November 7, 2018; date
of current version May 22, 2019. This work was supported by the Academic As a result, the system/agent operator would be unaware of
Research Fund Tier 1 from the Ministry of Education, Government of Singapore, any online attack vectors present in the system. Prior to this,
under Grant R-263-000-C27-133. Recommended for publication by Associate the attacker could cause an unfair increase in the magnitude
Editor L. Peng. (Corresponding author: Jimmy Chih-Hsien Peng.)
S. Sahoo and J. C. H. Peng are with the Department of Electrical and Computer of attack vectors that may cause system shutdown depending
Engineering, National University of Singapore, Singapore, 119007 (e-mail:, upon the severity of the attack. Additionally, implementation of
[email protected]; [email protected]). such attacks gets easier when the attacker has obtained a priori
S. Mishra is with the Department of Electrical Engineering, Indian Institute of
Technology Delhi, New Delhi 110016, India (e-mail:,[email protected]). knowledge about the system using adequate system monitor-
T. Dragičević is with the Aalborg University, Aalborg 9220, Denmark ing [18]. More instances of coordinated attacks on large power
(e-mail:,[email protected]). systems and their vulnerability assessment are provided in [19]
Color versions of one or more of the figures in this paper are available online
at http://ieeexplore.ieee.org. and [20]. In this regard, risk assessment along with control vul-
Digital Object Identifier 10.1109/TPEL.2018.2879886 nerabilities is crucial since the modeling of coordinated attacks

0885-8993 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications standards/publications/rights/index.html for more information.

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 SAHOO et al.: STEALTH CYBER-ATTACK DETECTION STRATEGY FOR DC MICROGRIDS 8163

for microgrids can be easier owing to their small system size multiple sensors/communication links are studied extensively.
without significant security measures [21], [22]. Moreover, the impact of FDI and stealth attacks on sensors
In [23], Hao et al. have identified an aberrant operation of and communication links is studied for intrusion in voltage and
a microgrid when a false data is injected into the voltage con- current information separately to preserve system security and
troller of the substation. Apart from stability, it is also crucial to energy efficiency simultaneously. Since the distributed control
analyze if the proposed strategies can attain economic vulnera- philosophy in dc microgrids is based on voltage observer that
bilities in a microgrid. In fact, this attribute is well addressed in can easily translate any uncoordinated data injection into a resid-
[27] where the FDIAs are categorized by their utilization levels ual output, the authors have identified the concept of balanced
having monitored the stability of microgrids under different con- attacks as stealth attack modeling with further investigation on
ditions. On the other hand, Beg et al. in [24] have stressed on the its detection. Based on these findings, the CVFs of each agent
identification of the variation of candidate invariants to detect determined from the secondary voltage sublayer are strategi-
the presence of FDIAs. Moreover, it has been demonstrated that cally coupled into the local current sharing secondary control
stealth attacks in dc microgrids can deceive the control system loop. For this reason, any subsequent disruption/attack necessar-
without creating any negative impact/disturbance. However, it ily disorients the control operation of the agents, thereby serving
is crucial to understand that such undetectable attacks, which as an apparent detection criterion considering that the attacker
are able to penetrate while maintaining discretion, can cause may attempt to manipulate CVF locally. On the other hand, the
network instability in unforeseeable ways. agent(s) representing positive value of CVF is resolved as at-
Since distributed observer based strategy [25] is more prone to tacked which suggests that their respective measurements are
cyber attacks for a well-spanned distributed graph as the injected untrue. This can be easily extended to trigger the likely defense
false data propagates in the entire network, proper analysis has mechanisms to prevent further instability.
to be carried out toward the detection of the attacked agent in To sum up, the research contributions of this paper are as
a microgrid to establish corrective action. False data propaga- follows.
tion in dc microgrids may lead to loss of generality from an 1) To ascertain the possibility of FDI and stealth attacks in dc
economic point of view, causing current sharing errors, which microgrids, a new methodology based on a CVF is pro-
lead to circulating currents between each converter. Using dis- posed using the outputs from secondary sublayers used
tributed computation, the estimated states will converge to a for global average voltage regulation in dc microgrids.
non-zero steady value under FDIAs, which makes them sim- Generalization of distributed observers is done to detect
ple to detect. In [28], the compromised agent with false data such attacks and how it can be circumvented for a multi-
is detected using a cooperative-based trust and confidence fac- ple sensor/link based stealth attacks. For detection of the
tors to realize mitigation of the propagation of false data in the compromised/attacked agent, CVF of each agent is locally
cyber network. However, considering the worst case for such monitored for positive values across the network that rep-
attacks, the above-mentioned factors can also be manipulated resents the attacked agent(s). This technique is used as
by adding/subtracting a large constant value while the controller an apparent method of detecting attacks locally such that
is attacked, which may lead to false values corresponding to the corrective actions can take place. To the best of authors’
attacked node. Consequently, it will result in maloperation of the knowledge, CVF has never been proposed in the realm of
mitigation strategy since it operates on non-attacked agent(s). cyber-attack detection in microgrids.
In [26], Fawzi et al. have determined a theoretical limit on the 2) A new cross-coupling methodology of the CVF output
number of compromised sensors in a system beyond which it is of each agent from the secondary voltage sublayer is
impossible to characterize the detection of such attacks. Con- proposed to strategically disorient the control operation
sidering this view point, theoretical analysis for stealth attacks for the worst case of consecutive attacks when the at-
at multiple sensors/actuators in a cooperative network to create tacker can attempt to reduce CVF into a negative value
instability and the corresponding detection methodologies in dc so as to deceive the above-mentioned detection philoso-
microgrids has not gained significant attention yet. On the other phy. Hence, the cross-coupling approach ensures accurate
hand, Zhao et al. [29] have addressed this issue for an economic detection of the attacked agent(s) by prevention against
dispatch problem as it decreases the overall efficiency with an further attacks into the proposed detection metric, i.e.,
increase in the generation cost by dislocating toward a non- CVF.
optimal point. However, it does not administer a mechanism The rest of this paper is organized as follows. The system
for detection of the compromised agent during a stealth attack, architecture of dc microgrids along with cyber-layer prelimi-
which is crucial to cease its propagation into the network and naries providing an overview of the secondary control strategy
may consequently lead to instability. is illustrated in Section II. Section III depicts the problem for-
The idea behind stealth attack detection in this paper is the mulation to demonstrate the behavior of cooperative control
identification of the merits of a well-spanned network in a coop- strategy under FDI and stealth attacks. Moreover, the necessary
erative control mechanism. In particular, the difference between and sufficient conditions of modeling such attacks with multi-
the secondary output of voltage sublayer, termed as coopera- ple sensors/cyber link have been discussed in detail. Section IV
tive vulnerability factor (CVF), converges to zero if the system provides a brief overview on the calculation of the CVF for
is not under attack. Furthermore, the necessary and sufficient each agent and its significance in the detection of such attacks.
conditions for modeling of worst case stealth attack involving Simulations along with experimental validation are presented in

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 8164 IEEE TRANSACTIONS ON POWER ELECTRONICS, VOL. 34, NO. 8, AUGUST 2019

B. Cooperative Control of Sublayers in DC Microgrids

The general philosophy of secondary cooperative realm in dc
microgrids is to maintain the average voltage globally and share
the currents proportionately using local as well as neighboring
measurements such that the circulating currents can be reduced.
These objectives are implemented using the secondary control
sublayers in a cooperative manner using the following.
1) Sublayer I: Average Voltage Restoration: For global av-
erage voltage regulation in dc microgrids, an average voltage
estimate V̄dci (k) for the ith agent is obtained using a voltage ob-
server, which is updated via a dynamic consensus algorithm [30]
Fig. 1. Generic cyber-physical model of a dc microgrid. Blue arrows represent
the cyber layer and black lines represent the physical circuit. using the neighboring estimates V̄dcj (k) ∀ j Ni , where Ni de-
notes the set of neighboring agents. Mathematically, it can be
Sections V and V, respectively. Finally, Section VII concludes represented for the ith agent as
this paper.
V̄dci (k + 1) − V̄dci (k) = Vdci (k + 1 − τoi ) − Vdci (k − τoi )
II. CONVENTIONAL COOPERATIVE REALM IN DC MICROGRIDS 
+ aij (V̄dcj (k − τini − τdij ) − V̄dci (k − τini ))
A. Cyber-Physical Model j N i

The autonomous dc microgrid considered in this paper is Cooperative input

shown in Fig. 1. M dc sources connected via dc/dc convert- (3)
ers of equal power rating are interconnected through tie lines,
thereby constituting the physical layer of the microgrid. Each where Vdci (k), Ni , and τini and τoi denote the measured voltage,
dc/dc converter operates to maintain the output voltage as per set of neighboring agents, and input and output delays [31] in the
the reference values generated by the local primary and sec- ith agent, respectively. Moreover, τdij denote the communication
ondary controllers. An undirected cyber graph of the commu- delay between the ith and jth agents, ∀ j  Ni . Alternatively,
nication network is considered in this paper, which sends and (3) can be represented in the vector form as
receives information from its neighbors. Furthermore, loads are
connected at the converter output of each unit. The simulated V̄dc (k + 1) − V̄dc (k) = Vdc (k + 1 − τo ) − Vdc (k − τo )
system parameters have been provided in the appendix.
Considering each source as an agent, the communication + AV̄dc (k − τin − τd )
graph is represented as a digraph via edges and links via an − Zin V̄dc (k − τin ) (4)
adjacency matrix A = [aij ]  RM X M , which suggests the com-
munication weights to be V̄dc (k + 1) − V̄dc (k) = Vdc (k + 1 − τo ) − Vdc (k − τo )
 − L1 V̄dc (k − τin − τd )
> 0, if (xi , xj )  E
aij = (1)
0, else − L2 V̄dc (k − τin ) (5)

where E is an edge connecting two nodes, xi is the local node, such that L = L1 + L2 , where
and xj is the neighboring node. It is to be noted that the com-
munication weights depict information exchange between two ⎡ ⎤
0 l12 ... l1M
corresponding nodes only. Mathematically, itcan be denoted by ⎢ ⎥
a matrix with incoming information Zin = i  M aij . Hence, ⎢ l21 0 ... l2M ⎥
⎢ ⎥
L1 = ⎢ .. .. .. ⎥
if both matrices match each other, the Laplacian matrix L is ⎢ ..
. ⎥
balanced, where L = Zin − A and its elements are given by ⎣ . . . ⎦
⎧ lM 1 lM 2 ... 0
⎪
⎪ deg(mi ), i = j ⎡ ⎤
⎨ l11 0 ... 0
lij = −1, i = j (2) ⎢ ⎥
⎪
⎪ ⎢ 0 l22 ... 0 ⎥
⎩ ⎢ ⎥
0, otherwise L2 = ⎢ .. .. .. ⎥.
⎢ ..
. ⎥
where deg(mi ) is the degree of the ith node and L = ⎣ . . . ⎦
[lij ]  RM xM . 0 0 ... lM M
Remark 1: All the units will achieve consensus using
x(k + 1) − x(k) = −μLx(k) for a well-spanned matrix L such 2) Sublayer II: Proportionate Current Sharing: Similarly,
that lim xi (k) = c, ∀ i  M , where c is a constant, μ is a the normalized current regulation cooperative input for the ith
k →∞
positive value, and M is the number of agents in the system. agent using the neighboring output current measurements Idcj ,

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 SAHOO et al.: STEALTH CYBER-ATTACK DETECTION STRATEGY FOR DC MICROGRIDS 8165

∀ j  Ni , is given by likely potential attacks on dc microgrids, such as FDI and DoS

 [32], jamming [33], and distributed DoS [34] attacks, have al-
I¯dci (k) = ci aij (Idcj (k − τoj − τdij )/Idc
max
j ready been well studied in the literature. These attacks can
j N i
be caused using several cyber-physical amendments, such as
− Idci (k − τoi )/Idc
max
i
) (6) jamming of cyber link, loss of measurements, data packets
flooding, compromised communication servers, sensors, etc.
where ci , Idci (k), and Idc
max
i
max
and Idcj
denote the desired coupling However, Beg et al. [32] and Danzi et al. [33] have already estab-
gain, measured output current in the ith agent, and maximum lished that such attacks disrupt the cooperative synchronization
output current allowed for the ith agent and jth agent, respec- law[30], which can be easily detected since (10) is violated.
tively. To establish these objectives for an agent operating to To provide a detailed explanation, the above-mentioned distur-
regulate output voltage, two voltage correction terms for the ith bances introduce an uncoordinated discontinuity in updating (5),
agent are calculated using which disrupts the consensus between agents, ultimately leading
ΔVi1 (k) = KPH 1 (Vdcref − V̄dci (k)) to (11).
Intuitively, the attacker conducting a stealth attack is able to
e i1 (k )
penetrate into the control system without the system operator’s

k knowledge. Such attacks can have adverse effect in the long run
+ KIH 1 (Vdcref − V̄dci (p)) (7) as the attacker has access to multiple nodes after penetrating
p=0 into the system without system operator’s knowledge and can
create unintentional generation outage, which may eventually
ΔVi2 (k) = KPH 2 (Idcref − I¯dci (k − τini )) lead to system shutdown. Under these circumstances, detection
e i2 (k ) of the attacked node(s) in a cooperative network is yet another
aspect so as to prevent the system from further instability. The

k
+ KIH 2 (Idcref − I¯dci (p − τini )) (8) modeling of such attacks and its associated agenda of instability
is discussed in detail in the following section.
p=τ ini

where KPH 1 , KIH 1 , KPH 2 , and KIH 2 are PI controller gains of H1 III. MODELING OF STEALTH ATTACKS IN
and H2 in Fig. 4, and Vdcref and Idcref denote the global reference COOPERATIVE DC MICROGRIDS
voltage and current quantities for all the agents, respectively. Considering the attacker injecting false data into multiple
The correction terms obtained in (7)–(8) are finally added to the sensors/communication links to formulate a stealth attack, an
global reference voltage Vdcref setpoint to achieve local voltage analysis of how the convergence in (10) can be guaranteed is
reference Vdci ref for the ith agent using provided in this section. Furthermore, the necessary and suffi-
Vdci ref (k) = Vdcref + ΔVi1 (k) + ΔVi2 (k). (9) cient conditions to formulate a stealth attack on multiple sensors
in a cooperative network is given in detail.
Remark 2: Generally, the line impedances between agents in For each agent, the local power balancing equation can be
a microgrid are significantly different, which usually introduces expressed in terms of
a poor current sharing profile using the primary droop concept
without using communication [8]. However, by using (8), the χi (k) = Idci (k) − Io i (k) (12)
voltage correction term ΔVi2 (k) from the secondary controller where Io i (k) denote the total output current from the ith agent.
compensates for the cable resistance as well as carries out pro- Using (12), the consensus algorithm in (3)–(6) under attacks can
portionate sharing under different load conditions. As a result, be rewritten as
the value of ΔVi2 (k) is globally asymmetric in a microgrid with ⎧ 
⎪
⎪ V̄dci (k + 1) = V̄dci (k) − j M lij V̄dcj (k − τini − τdij )
different tie-line resistances. ⎪
⎪
⎪
⎪
Remark 3: Using the cooperative-based consensus algo- ⎪
⎪ + σχi (k) + uaV i (k)
⎪
⎪
rithm for a well-connected cyber graph for a dc microgrid, the ⎨Idc (k + 1) = Idc (k) − 
⎪ ij
j M lij Idcj (k − τo − τd )
j
solutions in (3)–(6) shall converge to i i

⎪
⎪ + uaIi (k)
lim V̄dci (k) = Vdcref , lim I¯dci (k) = 0 ∀i M. (10) ⎪
⎪
⎪
k →∞ k →∞ ⎪
⎪ 
⎪
⎪χi (k + 1) = χi (k) − j M lij χj (k) − (Idci (k + 1)
It should be noted that Idcref in (8) has been kept zero for the ⎪
⎪
⎩
load currents to be shared proportionately. However for FDIAs − Idci (k))
in single sensor/communication link, (10) modifies to where uaV i (k) and uaIi (k) denote the attack vectors imposed into
lim V̄dci (k) = Vdca ref , lim I¯dci (k) = 0 ∀i  M (11) voltage and current secondary sublayers in the ith agent at the
k →∞ k →∞ kth instant, respectively. It should be noted that since χi (k) is
where Vdca ref = Vdcref . Assuming a pre-condition that the sys- not a physical measurement entity, the possibility of attack in
tem always operates at a certain global reference voltage is χi (k) will be entirely due to uaIi (k). To provide with the basic
known to each agent, (11) should be a sufficient criterion to understanding and investigating the effect of stealth attacks in
justify that the system is attacked by an external entity. Many multiple sensors/links in a cooperative network based dc micro-

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 8166 IEEE TRANSACTIONS ON POWER ELECTRONICS, VOL. 34, NO. 8, AUGUST 2019

Proof: Representing (13) in the form of xi (k + 1) =

Axi (k) + Bui (k − τini ), we have
xi (k + 1) = Axi (k) + Bui (k − τini ) (14)

k
= Ak +1 xi (0) + Ak −p ui (p − τini ). (15)
p=τ i n

As A is primarily composed of Laplacian matrices in (13),

its eigenvalues
 lie around zero and unit plane [35]. Since
lim kp=τ in Ak −p u(p − τin ) will converge to zero for a well-
k →0
connected graph, as per (10), limk →0 Ak +1 x(0) should converge
 T
to Vdcref d, where d = 1, . . . , 1, 0, . . . , 0, 0, . . . , 0  R3M X 1
with M elements equal to 1 and 2M elements equal to 0. Hence,
this proves the convergence of a stealth attacked system to the
global reference set points in (10). 
Additionally, the above-mentioned proof can be extrapolated
to justify
 
Idci (k) = Il i (k) (16)
i M i  M

under a stealth attack where Il i is the local load at the ith agent.
Due to (16), convergence of (12) is guaranteed. By the iterative
Fig. 2. Case study I: Instability caused by injecting an attack consisting of bal- rule, subtracting Idci (k + 1) from χi (k + 1), we get
anced set of zero sum errors into the voltage sensors in dc microgrid consisting  
of M = 4 agents. χi (k + 1) − Idci (k + 1)
i  M i  M
grids (rated voltage of 315 V), a case study in Fig. 2 is done by   
injecting a balanced set of zero sum errors s and −s into the volt- = χi (k) − Idci (k) − uaIi (k) (17)
age sensors in agents I and III, respectively during t = 1 s, where i  M

i  M

i  M

s is a constant attack element. After initiating the attack, it can = χi (k − 1) − Idci (k − 1)

be seen that I¯dc (k) and V̄dc (k) converge to their respective refer- i  M i  M
ences as stated in (10) with the control objectives met satisfacto- 
rily without creating instability. Upon maintaining discretion for − (uaIi (k − 1) + uaIi (k)) (18)
some time, the attacker attempts an unfair increase in the injected i  M

attack vectors by a large magnitude (highlighted as event A) at   

k 
t = 2 s, which results into a new operating reference Vdca ref in = χi (0) − Idci (0) − uaIi (p). (19)
(11). A time gap of 1 s between the stealth attack and event A is i  M i  M p=0 i  M
intentionally considered in the case study to facilitate clear un- Substituting for Idci (k + 1) from (13) in (19) and taking lim-
derstanding. It should be noted that the attacker may introduce itation on both sides considering (12) as k → ∞, ∀i  M ,
event A immediately at t = 1 s, which necessitates a faster cyber- we get
attack detection strategy. As the agents’ voltage ramp up to the
highlighted overvoltage threshold, agents I and III are automat- 
k 

ically tripped as a measure of overvoltage safety (highlighted uaIi (p) = 0. (20)

as event B). Hence, if a vigilant attacker manages to penetrate, p=0 i  M

such attacks can lead to various unintentional scenarios without A similar analysis can be carried out to determine the effect of
any trace for failure assessment. This case study necessitates the uaV (k) in the convergence of the algorithm to get
study of stealth attacks using multiple sensors/links along with
an authentic detection mechanism. As a consequence, we obtain 
k 

the necessary and sufficient conditions for the convergence of uaV i (p) = 0 (21)
p=0 i  M
system under such attacks in (13).
Problem Statement: If there exist a constant R such that using χi (k + 1) and V̄dci (k + 1) in (17).
∞ ∞ Remark 4: Following the concept of cooperative synchro-
|uaV (k)| ≤ R, |uaI (k)| ≤ R ∀ i  M. (13) nization [30], the average voltage estimate in (5) tends to achieve
k =0 k =0 consensus for all its elements for a spanning cyber graph such
Then, (13) in the presence of stealth attack shall converge as per that LV̄dc (k) = 0 during steady state to reach a steady-state
(10) with limk →∞ χi (k) = 0. value of Vdcref 1. Alternatively, a similar representation can be

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 SAHOO et al.: STEALTH CYBER-ATTACK DETECTION STRATEGY FOR DC MICROGRIDS 8167

given using ei1 (k) in (7) such that LE1 (k) = 0 reaches a steady- Using Remark 5, the control input for voltage regulation is
state solution of zero, where E1 (k) denotes the vector notation particularly used to present a strong case for a stealth attack in
of ei1 (k). Using (21) as an attack vector for the above-mentioned this paper. Hence, the control input for average voltage regula-
consensus theory, it can be concluded that the steady solution tion [36] at the ith agent is given by
is not affected for E1 (k) owing to the consensus properties of a 
Laplacian graph [30]. Hence, it can be concluded that the final ui (k) = aij (V̄dcj (k) − V̄dci (k)) + bi ei1 (k). (22)
j N i
state convergence as per (10) is not affected even under stealth u i j (k )
attacks since it gets nullified by the sum of false data injection in
For various attacks in the ith controller, the attacked control
multiple sensors/links for a cooperative network as established
input can be modeled as
in (20) and (21).
Sensor attack: ufi (k) = ui (k − τini ) + κuai (k) (23)

Cyber-link attack: ufij (k) = uij (k − τdij − τini ) + κuai (k)

IV. PROPOSED STEALTH ATTACK DETECTION STRATEGY
(24)
This section discusses the detection of the attacked nodes
where κ = 1 denote the presence of the attack vector or 0 oth-
in a cooperative network based dc microgrid. As opposed to
erwise and uai (k) denotes the attack vector in the ith agent. By
the centralized systems where the global information is present
at a single node, it is a complicated task to apprehend the at- local investigation of ufi (k) in each agent, a non-zero synchro-
tacked node in cooperative systems as intrusion in any agent nization error can be detected with the residual output, however,
affects the entire system for a strongly connected graph. To ad- it is not a sufficient criterion for detection of the attacked node(s)
dress the issue, this paper utilizes the concept of control output in a cooperative network since comparison of each residue re-
synchronization to detect the attacked node in a cooperative quires global information, which contradicts our case. To verify
network where the input signals with attack vectors are deemed this case, the effort of the controller to synchronize the output
to achieve consensus. Following the convergence of the inputs, for a given reference voltage is strategically used to indicate the
it is shown that how the difference in their respective PI con- occurrence of an attack. It can be ensured using (3) and (7) in
troller outputs achieves consensus for the same global reference sublayer I to give
voltage. ξi (k) = ufi (k) − ui (k − 1) (25)
Remark 5: Since the output current from an agent, as shown
in Fig. 1, is based on the voltage levels between two different for an attack within [k − 1, k] instant, which changes due to
points, a stealth intrusion in the agents’ current values for oper- the momentary increase/decrease in ξi (k) in (25) as an input
ation at a particular load leads to change in voltage levels across for the attacked agents and its neighbors at the instant of attack
the network thereby disproving (10). In simple terms, it can be vector injection in multiple sensors/cyber links in a microgrid.
stated that the agent can recognize such attacks as it would re- As a result, the change in the PI output in sublayer I can be
sult in the current sharing error. Such error may in turn cause written as
undesirable effects, such as overloading of individual converters δΔVi1 (k) = KPH 1 ξi (k) + KIH 1 ufi (k) (26)
or reduced energy efficiency. This has been justified by a case
study in Fig. 3 for FDI and stealth attack on current sensors in where δΔVi1 (k) = ΔVi1 (k) − ΔVi1 (k − 1). Using the change
a dc microgrid shown in Fig. 1 of M = 3 agents. In Fig. 3(a), a in outputs obtained in (26), a CVF Ci (k) is calculated using the
false data of −0.5 A is injected into the current sensor in agent PI controller outputs for each agent, which has been used in this
I at t = 1 s, which immediately results into improper sharing paper to determine the attacked nodes accurately. Mathemati-
thereby reducing energy efficiency. Similarly, in Fig. 3(b), a cally, it can be represented as
stealth attack is attempted at t = 1 s by injecting a balanced ⎡ ⎤
set of zero sum attacks of ±0.5 A into the current sensors in 
Ci (k) = hi ⎣ aij (ΔVj (k − τd ) − ΔVi (k))⎦
1 ij 1
agents I and II simultaneously, which deteriorates the current j N i
sharing profile. However, the average voltage is still maintained
in Fig. 3(b) in contrast to the case for an FDI attack. With the o i1 (k )
basic assumption that each agent operator bears knowledge that ⎡ ⎤
the system is equipped with proportionate current sharing con- 
+⎣ aij (ΔVj1 (k − τdij ) + ΔVi1 (k))⎦ (27)
troller, the sharing error shown in Fig. 3(a) and (b) should be
j N i
a sufficient criterion to identify attacks on current sensors such
that a corrective action can take place; hence, it becomes an o i2 (k )
easier task to determine such attacks in a cooperative network.
for the ith agent, where hi is a positive constant. Moreover,
However, stealth attacks on voltage sensors in case of multiple
using (7) and Remark 4, we get
sensors/communication links can be inconspicuous to identify.
In other words, the agent voltages are maneuvered in such a ΔV1 (k + 1) − ΔV1 (k) = (KIH 1 + KPH 1 )E1 (k + 1)
way that the control operation in (10) still holds true even in the
presence of such attacks. − KPH 1 E1 (k) (28)

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 8168 IEEE TRANSACTIONS ON POWER ELECTRONICS, VOL. 34, NO. 8, AUGUST 2019

Fig. 3. Performance of a dc microgrid consisting of M = 3 agents for (a) FDI attack on current sensor of agent I and (b) stealth attack on current sensors of
agent I and II: Deteriorates current sharing profile.

Fig. 4. Proposed controller for the ith agent to detect an attack on sensors and communication links in dc microgrids.

where ΔV1 (k) denotes the vector notation of ΔV1i (k) in (7). multiple voltage sensors on agents II and III in a dc microgrid of
Since sublayer I operates as a secondary controller to achieve different line resistances. It can be seen that the voltage correc-
asymptotic convergence, KIH 1 < < KPH 1 such that the time tion terms from the average voltage sublayer in Fig. 5(a) change
constant of the secondary layer PI controller (KPH 1/KIH 1 ) is at symmetrically as compared to the current sharing sublayer in
least 20 times higher than the outer voltage controller in Fig. 4 Fig. 5(b) following a stealth attack at t = 1 s. This attribute can
to provide smooth response [37], (28) can be rewritten using be explained using Remark 2. Considering the system operating
Remark 1 as at a steady state, a step change of balanced zero sum attack
uai (k) is injected into two agents during the (k − 1)th instant,
ΔV1 (k + 1) − ΔV1 (k) = E1 (k + 1) − E1 (k) and (26) can be represented as
1
=− LE1 (k) = 0. (29) 
k
KPH 1 ΔVi1 (k) = KPH 1 uai (k) + KIH 1 (ui (p − τin
i
))
Using (29) and Remark 4, it can be concluded that cooperative p=τ iin
synchronization law [30] holds true in the absence of attacks.

k
However in the presence of attacks, (29) synchronizes to a non- + KIH 1 (uai (p)) . (30)
zero value that varies on the magnitude of injected attack vec- p=(k −1)
tor. The above-mentioned action can be justified by observing
each secondary sublayer output in Fig. 5 for a stealth attack on Γ i (p)

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 SAHOO et al.: STEALTH CYBER-ATTACK DETECTION STRATEGY FOR DC MICROGRIDS 8169

Fig. 5. Case study II: Performance of (a) average voltage regulation and (b) current sharing for a strong case of stealth attack on voltage sensors of agents II and III.

Eliminating the first two terms in the right-hand side of (30)

using Remark 4 and substituting (30) in (27), it can be concluded
that oi1 (k) and oi2 (k) will always lead to positive/negative values
due to Γi (k) for a balanced sum zero attack only on the attacked
nodes. As a result, Ci (k) of the attacked nodes will always
reflect a positive value. This provides a sufficient criterion for the
detection of the attacked nodes in case of multiple sensor/link
based stealth attack in dc microgrids. Concluding the above-
mentioned discussion, the CVF algorithm for each agent will
result into Fig. 6. Variation of C 1 for different values of the design parameter h 1 .

0, if κ = 0 sensors. As the ramping up/down of Ci (k) is already established
Ci (k) = (31)
> 0, else. above, the steady-state error eiss (k) for the ramp input Ci (k) =
k
p=0 hi p in the error term ē2 (k) in (32) when introduced into
i
However, under worst cases, Ci (k) can also be manipulated the PI controller in sublayer II with the unity feedback output
by the attacker using subtraction to make it negative, which yi (k) can be calculated using
displeases our attack detection criteria. To handle these discrep-
ancies, Ci (k) is tactically added to ei2 (k) in (8), which can now eiss (k + 1) − eiss (k) = [yi (k + 1) − yi (k)]
be rewritten as − [Ci (k + 1) − Ci (k)] (33)
ΔVi2 (k) = KPH 2 (Idcref + Ci (k) − I¯dci (k − τini )) eiss (k + 1) − eiss (k) = KPH 2 eiss (k + 1) − KPH 2 eiss (k)
ē i2 (k )
+ KIH 2 eiss (k + 1)

k
+ KIH 2 (Idcref + Ci (k) − I¯dci (p − τini )) (32) − [Ci (k + 1) − Ci (k)] (34)
p=τ ini
eiss (k + 1) − eiss (k) = KPH 2 eiss (k + 1) − KPH 2 eiss (k)
such that the control operation will be disoriented locally,
+ KIH 2 eiss (k + 1) − hi
thereby allowing the agents to reliably detect the attacks. Since
(35)
Idcref = 0, the cross coupling of the CVF suggested in (32)
will supplement to accurate detection and facilitates protection eiss (k + 1)[1 − KPH 2 − KIH 2 ] = eiss (k)[1 − KPH 2 ] − hi . (36)
against attacks on CVF since Ci (k) now forms the forward path
between both secondary control sublayers. By doing so, further Since the above-mentioned analysis is based on steady-state
attacks on Ci (k) will disorient the objectives laid down for the conditions, eiss (k + 1)  eiss (k). Using this approximation in
outer voltage controller in sublayer I since it disregards (10). (36), we get
The CVF output Ci (k) when cross coupled into sublayer II hi
introduces a ramp signal into its input. The ramp up/down of eiss (k) = . (37)
KIH 2
Ci (k) can be explained using the addition of the term Γi (k) in
(30), which ramps up/down indefinitely for k → ∞ unless the Hence, (37) implies that for higher values of hi with constant
positive/negative attack vector is removed from the ith agent. KiH 2 , the system may quickly lead into an unstable zone ow-
Hence, the ramp up/down of Ci (k) in the positive region qual- ing to high steady-state error considering bounded stability,
ifies as a sufficient criterion for the corresponding node to be whereas for lower values of hi , it is difficult to determine the
declared as attacked in the cooperative realm for dc microgrids. attacked node under worst scenarios of a stealth attack due
Moreover, in Fig. 6, it can be seen that the slope of C1 (k) to slow ramping. Since the main focus of this paper is to de-
increases with increase in h1 for a particular stealth attack in two tect the attacked unit accurately alongside prevention of further

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 8170 IEEE TRANSACTIONS ON POWER ELECTRONICS, VOL. 34, NO. 8, AUGUST 2019

Fig. 7. Considered system: (a) Agent model and (b) cyber-physical dc micro-
grid with four sources.

coordinated attacks, it is a seemingly fair approach to include

the cross-coupling strategy such that the defense mechanism can
take place immediately without disrupting stability for lower
values of hi .

V. SIMULATION RESULTS
The proposed attack detection strategy is tested on a cyber-
physical dc microgrid as shown in Fig. 7(b) with Vdcref = 315 V
consisting of four agents of equal capacities interconnected
to each other via resistive lines. It should be noted that each
agent consists of a battery accompanied via dc/dc bidirectional
converters, respectively, as shown in Fig. 7(a). To test the perfor-
mance of the proposed attack detection strategy for a coopera-
tive dc microgrid, it has been tested against several disturbances,
such as FDIA, stealth attack in multiple sensors, which usually
goes undetected by distributed observers, and communication
links, to detect the affected node such that necessary action can
be taken to maintain security. The system and control parameters
are provided in the Appendix. It should be noted that each event
in the above-mentioned scenarios are separated by a certain time Fig. 8. Proposed detection strategy for case study I in Fig. 2. (a) Without
gap to provide clear understanding. input, output, and communication delay. (b) With delay (maximum value in the
network): τ in Δt = 1 ms, τ o Δt = 3.5 ms, and τ d Δt = 45 ms. (c) With delay
(maximum value in the network): τ in Δt = 1 ms, τ o Δt = 3.5 ms, and τ d Δt =
A. Behavior of Proposed Stealth Detection Strategy 80 ms, where Δt is the sampling time.
for Case Study I
For case study I in Fig. 2, the behavior of the proposed strategy It is worth notifying that the results in Fig. 8(b) and (c) have
without considering input, output, and communication delay is been investigated for maximum value of delay in the network
shown in Fig. 8(a). As the stealth attack is initiated at t = 1 s to test the robustness of the proposed strategy. Since the CVF
in agents I and III, the values of C1 and C3 rise up into the values of the affected agent go instantly into the positive region
positive region suggesting those agents to be the attacked units. in Fig. 8(a)–(c), it can be concluded that the proposed strategy
Further, the performance of the proposed strategy in response entails faster detection of stealth attacks even under delays.
to case study I is tested with input, output (within the agent),
and communication (between two agents) delays in Fig. 8(b)
B. Scenario I
and (c). It should be noted that input and output delays are con-
stant whereas communication delays are time varying [31]. As In scenario I, the voltage sensor in agent I is attacked with
the distributed control law for dc microgrids provides rugged ua1 = −7 V at t = 1 s. As a result, due to the presence of a
response to delays due to the dynamic averaging concept within distributed voltage observer designed for each agent in (5), the
an upper bound on the communication delay for a given well- average voltage estimate in Fig. 9 immediately dips to 313 V
spanned network [36], the philosophy of the proposed detection for each agent. Assuming that the reference voltage of operation
strategy under delays will be unaltered if the cooperative syn- is known to every agent, the error in average voltage estimate
chronization law in Remark 4 holds true for the underlying should serve as a sufficient criterion to detect the presence of
control layer. As compared to Fig. 8(a), it can be seen that the FDIA in the system. However, the identification of the attacked
CVF of the attacked agents initially rise with different peak agent still remains a question. This paper has dealt with this issue
magnitudes under delays of τin Δt = 1 ms, τo Δt = 3.5 ms, by observing Ci (k) in (27), which always converges to zero in
τd Δt = 45 ms, and 80 ms (Δt is the sampling time) in Fig. 8(b) the absence of attacks. In this case, it can be seen that the average
and (c), respectively, which can be attributed to varying delay in voltage estimates do achieve consensus however, they synchro-
achieving consensus due to delayed measurements and inputs. nize to a different value Vdca ref . When the PI output of the voltage

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 SAHOO et al.: STEALTH CYBER-ATTACK DETECTION STRATEGY FOR DC MICROGRIDS 8171

Fig. 9. Scenario I. (a) Currents. (b) Voltages. (c) CVF. (d) Average voltages. FDIA on voltage sensor at t = 1 s in agent I. The average voltage dips on initiating
FDIA. The CVF of agent I instantly shoots into the positive region to detect the affected agent.

sublayer change symmetrically as shown in Fig. 5(a), o1 (k) in D. Scenario III

(27) becomes comparatively apparent for the attacked node(s). In scenario III, a balanced attack of ± 10 V in sensors of
Consequently, C1 , as shown in Fig. 9, rises up to 0.05 as per agents I and IV at t = 1 s is practiced in Fig. 11 to test the
the proposed strategy, which suggests that either sensors/links in fidelity of the proposed approach. As C1 and C4 shoot up in the
agent I are maltreated with an attack. Prior to the detection of the positive region, agents I and IV are plugged out of the system at
attacked node, a corrective measure is taken at t = 1.5 s where t = 1.5 s. Based on [28, Assumption 2], the network connectivity
the outgoing links from agent I are deactivated. With link deac- is affected due to plugging out of M /2 agents, which leads to
tivation, it can be seen that the average voltage estimate restores change in system dynamics. On clearing out the attack at t =
back to 315 V. Another advantage with the proposed strategy 3 s indicated by C1 and C4 dropping to zero, the converters are
is that it acts as a worthy index to denote if the injected false plugged back in around t = 3.2 s resulting into restoration of
data is still active with the agent. When the injected false data is the average voltage estimates to 315 V.
removed by the attacker at t = 2 s, C1 immediately tends to zero.
Since the system is secure, the deactivated link is restored back. VI. EXPERIMENTAL RESULTS
The proposed strategy has been experimentally validated in
C. Scenario II a dc microgrid comprising two agents, as shown in Fig. 12.
Two lead–acid battery banks, where each bank consist of three
In scenario II, the outgoing cyber links from agent III are
batteries in series for an overall input voltage of 36 V, are con-
attacked with a set of attack vectors of ±3 V at t = 1 s such
nected to the loads via dc/dc boost converters of equal capacities
that the cumulative effect seen in a cooperative network is zero.
and tie lines operate to achieve average voltage regulation and
Prior to initiating the attack, it is difficult to denote the attacked
share the load current proportionately among themselves. The
node from the average voltage estimate as both estimates diverge
analog measurements received from Hall effect transducers, LA
symmetrically. Considering this problem using a distributed ob-
25-P and LV 20-P, from each agent are acquired via two local
server based approach, norm of these errors would mistranslate
controllers equipped with Xilinx board as highlighted in Fig. 12.
into two attacked nodes, i.e., agents III and IV. This issue is well
Agent I is controlled using a National Instruments sbRIO 9683
addressed using the proposed approach since C3 , as shown in
chassis (Target I) with embedded data acquisition card sbRIO
Fig. 10, shoots up to 0.18 thereby suggesting that agent III is
9606. On the other hand, source II is controlled using an NI
attacked. As a protective measure of security, the outgoing links
PXIe-8840 (Target II) with data acquired using NI PXIe 7853R
from agent III are deactivated that brings the average voltage es-
series boxes and the control algorithms are implemented in
timate into synchronism by tracking the desired reference value
LabVIEW that provides a GUI to produce respective gating
of 315 V. For load changes highlighted as A and B, the system
signals for both the converters. The sensor attacks on the
performs satisfactorily. To test the robustness of the proposed
voltage sensors were modeled using (23). The experimental
approach under worst case scenarios, another consecutive at-
testbed parameters have been provided in the Appendix.
tack at t = 2 s is preempted by the attacker to manipulate C3 by
reducing it to a negative value. However, due to cross coupling
A. Scenario I
of Ci (k) into sublayer II in (32), it prevents further exploitation
as it cannot disorient the nested control output for a particular In Fig. 13(a), when a false data of ua,1
1 = 3 V is injected
operating point. into the voltage sensor in agent I during event A, it leads to

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 8172 IEEE TRANSACTIONS ON POWER ELECTRONICS, VOL. 34, NO. 8, AUGUST 2019

Fig. 10. Scenario II. (a) Currents. (b) Voltages. (c) CVF. (d) Average voltages. Stealth attack on two outgoing cyber links at t = 1 s from agent III. The average
voltage estimates diverge symmetrically on initiating the attack. The proposed strategy accurately detects the attacked agent.

Fig. 11. Scenario III. (a) Currents. (b) Voltages. (c) CVF. Stealth attack on voltage sensors of agents I and IV at t = 1 s. Upon initiating the attack, the average
voltages and current sharing remain intact. The proposed strategy identifies the attacked agents instantly with the CVF for agents I and IV in the positive region.

from agent I is deactivated, which halts the propagation of false

data during event B, agent II voltage returns back to 48.1 V.
However, the injected false data is still effective that is evident
from C1 in Fig. 13(a). Under the worst case, the attacker may try
to manipulate C1 into the negative region such that the disabled
link is restored. In event C, another attack vector ua,21 = −1.2 V
is injected into C1 , which does not affect its detection philosophy
as it is strategically oriented into the control system of each agent
using the cross-coupling methodology.

B. Scenario II
Fig. 12. Experimental setup of a dc microgrid comprising two agents.
Similarly in Fig. 13(b), a stealth attack is modeled by inject-
ing a balanced set of zero sum vectors ufi = ±3 V into voltage
an increase in the voltage observer output. Consequently, the sensors of both the agents prior to event A. Following the tran-
voltage of agent II also increases from 48.1 to 51.6 V. This sient, both the voltages return back to their respective set points
results into increase of C1 from 0 to 0.2 V, which ensures the before attacks. However, C1 and C2 increase from 0 to 0.2 V,
attack vector in agent I. After a certain instant, when the link which suggests that both agents are attacked. To prevent further

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 SAHOO et al.: STEALTH CYBER-ATTACK DETECTION STRATEGY FOR DC MICROGRIDS 8173

(a) (b)

Fig. 13. Experimental validation of (a) FDIA and (b) stealth attack on voltage sensor(s) in a dc microgrid with M = 2 agents. The experimental results validate
the proposed findings.

damage, a corrective action by disabling the cyber links during REFERENCES

event B in Fig. 13(b) results into local operation for each agent. [1] R. H. Lasseter, “Smart distribution: Coupled microgrids,” in Proc. IEEE,
vol. 99, no. 6, pp. 1074–1082, Jun. 2011.
VII. CONCLUSION [2] T. Dragicevic, X. Lu, J. C. Vasquez, and J. M. Guerrero, “DC microgrids—
Part I: A review of control strategies and stabilization techniques,” IEEE
This paper proposes a general cyber-attack detection frame- Trans. Power Electron., vol. 31, no. 7, pp. 4876–4891, Jul. 2016.
[3] L. Meng, T. Dragicevic, J. M. Guerrero, and J. C. Vasquez, “Dynamic
work for cyber-physical dc microgrids. The vulnerability of consensus algorithm based distributed global efficiency optimization of
the conventional cooperative techniques in dc microgrids under a droop controlled DC microgrid,” Proc. IEEE Int. Energy Conf., 2014,
false data injection is investigated in detail. In addition to that, pp. 1276–1283.
[4] M. Yazdanian and A. Mehrizi-Sani, “Distributed control techniques in
the modeling of stealth attacks, which manage to deceive dis- microgrids,” IEEE Trans. Smart Grid, vol. 5, no. 6, pp. 2901–2909, Nov.
tributed observers, is carried out using necessary and sufficient 2014.
conditions. To address this issue, a CVF algorithm is presented [5] S. Sahoo and S. Mishra, “An adaptive event-triggered communica-
tion based distributed secondary control for DC microgrids,” IEEE
that operates on the PI output of the voltage observer to track Trans. Smart Grid, vol. 9, no. 6, pp. 6674–6683, Nov. 2018, doi:
changes for each agent so as to provide an accurate identifica- 10.1109/TSG.2017.2717936.
tion strategy of the attacked agent(s). To add fidelity, it is cross [6] T. Dragicevic, X. Lu, J. C. Vasquez, and J. M. Guerrero, “DC microgrids—
Part II: A review of power architectures, applications, and standardization
coupled with the secondary current sublayer such that it oper- issues,” IEEE Trans. Power Electron., vol. 31, no. 5, pp. 3528–3549, May
ates under worst scenarios of attacks. Its robustness is evaluated 2016.
using both simulation and experimental results for both false [7] V. Nasirian, S. Moayedi, A Davoudi, and F. L. Lewis, “Distributed coop-
erative control of DC microgrids,” IEEE Trans. Power Electron., vol. 30,
data injection and stealth attacks on multiple sensors/links. no. 4, pp. 2288–2303, Apr. 2015.
[8] S. Anand, B. G. Fernandes, and J. M. Guerrero, “Distributed control to
APPENDIX ensure proportional load sharing and improve voltage regulation in low-
voltage DC microgrids,” IEEE Trans. Power Electron., vol. 28, no. 4,
A. Simulation Parameters pp. 1900–1913, Apr. 2013.
[9] T. Morstyn, H. Branislav, and G. V. Agelidis, “Cooperative multi-agent
The considered system consists of four sources rated equally control of heterogeneous storage devices distributed in a dc micro-
for 3 kW. It is to be noted that the line parameter Rij is connected grid,” IEEE Trans. Power Syst., vol. 31, no. 4, pp. 2974–2986, Jul.
2016.
from the ith agent to the jth agent. Moreover, the controller gains [10] C. K. Veitch, J. M. Henry, B. T. Richardson, and D. H. Hart, “Microgrid
are consistent for each agent. cyber security reference architecture,” SANDIA Nat. Lab., Albuquerque,
Plant: R12 = 1.3 Ω, R13 = 1.8 Ω, R23 = 1.2 Ω, R43 = 1.5 Ω NM, USA, Tech. Rep. SAND2013-5472, 2013.
[11] Y. Liu, P. Ning, and M. K. Reiter, “False data injection attacks against state
Converter: Li = 3 mH, Cdci = 250 μF, imax b 1 = ib 2 = 9.5 A
max
estimation in electric power grids,” ACM Trans. Inf. Syst. Secur., vol. 14,
Controller: Vdcref = 315 V, Idcref = 0, KP = 3, KIH 1 = 0.01,
H1 no. 1, 2011, Art. no. 13.
[12] G. Liang, J. Zhao, F. Luo, S. R. Weller, and Z. Y. Dhong, “A review of
KPH 2 = 4.5, KIH 1 = 0.32, GV P = 2.8, GV I = 12.8, GC P = false data injection attacks against modern power systems,” IEEE Trans.
0.56, GC I = 21.8, h =1, c = 0.4 Smart Grid, vol. 8, no. 4, pp. 1630–1638, Jul. 2017.
[13] F. Pasqualetti, F. Dorfler, and F. Bullo, “Attack detection and identification
in cyber-physical systems,” IEEE Trans. Autom. Control, vol. 58, no. 11,
B. Experimental Testbed Parameters pp. 2715–2729, Nov. 2013.
[14] Y. Yan, Y. Qian, H. Sharif, and D. Tipper, “A survey on cyber security
The considered system consists of two sources with the con- for smart grid communications,” IEEE Comm. Surv. Tut., vol. 14, no. 4,
verters rated equally for 350 W. It should be noted that the pp. 998–1010, Oct.–Dec. 2010.
controller gains are consistent for each agent. [15] P. Li, Y. Liu, H. Xin, and X. Jiang, “A robust distributed economic
dispatch strategy of virtual power plant under cyber-attacks,” IEEE
Plant: r1 = 0.25 Ω, r2 = 0.325 Ω, x2 = 30 μH, Li = 3 mH, Trans. Ind. Inform., vol. 14, no. 10, pp. 4343–4352, Oct. 2018, doi:
Cdci = 100 μF 10.1109/TII.2017.2788868.
Controller: Vdcref = 48 V, Idcref = 0, KPH 1 = 240.6, KIH 1 = [16] J. Zhao, L. Mili, and M. Wang, “A generalized false data injection attacks
against power system nonlinear state estimator and countermeasures,”
1.6, KPH 2 = 4.5, KIH 1 = 0.08, GV P = 0.07, GV I = 4, GC P = IEEE Trans. Power Sys., vol. 33, no. 5, pp. 4868–4877, Sep. 2018, doi:
0.02, GC I = 19.4, h = 1, c = 0.4. 10.1109/TPWRS.2018.2794468.

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.
 8174 IEEE TRANSACTIONS ON POWER ELECTRONICS, VOL. 34, NO. 8, AUGUST 2019

[17] S. Sridhar, M. Govindarasu, and C. C. Liu, “Risk analysis of coordinated Sukumar Mishra (M’97–SM’04) received the M.Sc.
cyber attacks on power grid,” in Control Optim. Methods Electric Smart and Ph.D. degrees in electrical engineering from the
Grids. New York, NY, USA: Springer, 2012, pp. 275–294. Regional Engineering College, Rourkela, India, in
[18] J. Salmeron, K. Wood, and R. Baldick, “Analysis of electric grid security 1992 and 2000, respectively.
under terrorist threat,” IEEE Trans Power Syst., vol. 19, no. 2, pp. 905–912, He is currently a Professor with the Indian Insti-
May 2004. tute of Technology (IIT) Delhi, New Delhi, India, and
[19] Z. Li, M. Shahidehpour, A. Alabdulwahab, and A. Abusorrah, “Bilevel has been part of the IIT Delhi for the past 15 years.
model for analyzing coordinated cyber-physical attacks on power sys- He authored or coauthored more than 200 research
tems,” IEEE Trans. Smart Grid, vol. 7, no. 5, pp. 2260–2272, Sep. 2016. articles (including papers in international journals,
[20] Y. Chakhchoukh and H. Ishii, “Coordinated cyber-attacks on the measure- conferences, and book chapters). His research exper-
ment function in hybrid state estimation,” IEEE Trans. Power Sys., vol. 30, tise lies in the field of power systems, power quality
no. 5, pp. 2487–2497, Sep. 2018. studies, renewable energy, and smart grids.
[21] S. D. Manshadi and M. E. Khodayar, “Resilient operation of multiple en- Prof. Mishra is currently an Editor for the IEEE TRANSACTIONS ON SMART
ergy carrier microgrids,” IEEE Trans. Smart Grid, vol. 6, no. 5, pp. 2283– GRID and an Associate Editor for the IET Generation, Transmission & Distribu-
2292, Sep. 2015. tion journal. He is the Vice-Chair of Intelligent System Subcommittee of Power
[22] M. M. Rana, L. Li, and S. W. Su, “Cyber attack protection and control of and Energy Society of the IEEE. Apart from all research and academic collabo-
microgrids,” IEEE/CAA J. Automatica Sinica, vol. 5, no. 2, pp. 602–609, rations, he is very actively involved in industrial collaborations. He is currently
Mar. 2018. the acting INAE Chair Professor and has previously delegated as the NTPC and
[23] J. Hao et al., “An adaptive Markov strategy for defending smart grid false Power Grid Chair Professor. He is also the Independent Director of the Cross
data injection from malicious attackers,” IEEE Trans. Smart Grid, vol. 9, Border Power Transmission Company Ltd. and the River Engineering Pvt. Ltd.
no. 4, pp. 2398–2408, Jul. 2018. He has won many accolades throughout his academic tenure of 25 years. He
[24] O. Beg, T. Johnson, and A. Davoudi, “Detection of false-data injection was the recipient of the INSA Medal for Young Scientist (2002), the INAE
attacks in cyber-physical dc microgrids,” IEEE Trans. Ind. Inform., vol. 13, Young Engineer Award (2009), the INAE Silver Jubilee Young Engineer Award
no. 5, pp. 2693–2703, Oct. 2017. (2012), and the Samanta Chandra Shekhar Award (2016). He has been granted
[25] D. Ding et al., “Observer-based event-triggering consensus control for fellowship from many prestigious technical societies such as IET (U.K.), NASI
multiagent systems with lossy sensors and cyber-attacks,” IEEE Trans. (India), INAE (India), IETE (India), and IE (India), and is also recognized as
Cybern., vol. 47, no. 8, pp. 1936-1947, Aug. 2017. the INAE Industry Academic Distinguish Professor.
[26] H. Fawzi, P. Tabuada, and S. Diggavi, “Secure estimation and control for
cyber-physical systems under adversarial attacks,” IEEE Trans. Autom.
Control, vol. 59, no. 6, pp. 1454–1467, Jun. 2014.
[27] H. Zhang, W. Meng, J. Qi, X. Wang, and W. X. Zheng, “Distributed
load sharing under false data injection attack in inverter-based microgrid,”
IEEE Trans. Ind. Electron., vol. 66, no. 2, pp. 1543–1551, Feb. 2019, doi: Jimmy Chih-Hsien Peng (S’04–M’12) received the
10.1109/TIE.2018.2793241. B.E. and Ph.D. degrees in electrical and computer
[28] S. Abhinav, H. Modares, F. L. Lewis, F. Ferrese, and A. Davoudi, “Syn- engineering from the University of Auckland, Auck-
chrony in networked microgrids under attacks,” IEEE Trans. Smart Grid, land, New Zealand, in 2008 and 2012, respectively.
vol. 9, no. 6, pp. 6731–6741, Nov. 2018, doi: 10.1109/TSG.2017.2721382. He is currently an Assistant Professor in electrical
[29] C. Zhao, J. He, P. Cheng, and J. Chen, “Analysis of consensus-based and computer engineering with the National Univer-
distributed economic dispatch under stealthy attacks,” IEEE Trans. Ind. sity of Singapore, Singapore. Previously, he was an
Electron., vol. 64, no. 6, pp. 5107–5117, Jun. 2017. Assistant Professor with the Masdar Institute (now
[30] M. Zhu and S. Martinez, “Discrete-time dynamic average consensus,” part of the Khalifa University), Abu Dhabi, United
Automatica, vol. 46, no. 2, pp. 322–329, 2010. Arab Emirates. In 2013, he was appointed a Visiting
[31] X. Xu, L. Liu, and G. Feng, “Consensus of discrete-time linear multia- Scientist with the Research Laboratory of Electron-
gent systems with communication, input and output delays,” IEEE Trans. ics, Massachusetts Institute of Technology, Cambridge, MA, USA, where he
Autom. Control, vol. 63, no. 2, pp. 492–497, Feb. 2018. became a Visiting Assistant Professor in 2014. His research interests include
[32] O. Beg, L. V. Nguyen, T. Johnson, and A. Davoudi, “Signal temporal power system stability, cyber security, microgrids, and high-performance com-
logic-based attack detection in DC microgrids,” IEEE Trans. Smart Grid, puting.
2018, to be published, doi: 10.1109/TSG.2018.2832544. Prof. Peng is currently the Secretary of the IEEE Power and Energy Society
[33] P. Danzi, C. Stefanovic, L. Meng, J. M. Guerrero, and P. Popovski, “On Working Group on High-Performance Computing for Power Grid Analysis and
the impact of wireless jamming on the distributed secondary microgrid Operation. He is also a Committee Member for Singapore Standard SS 535.
control,” in Proc. IEEE Globecom Workshops, Washington, DC, 2016,
pp. 1–6.
[34] X. Zhong, L. Yu, R. Brooks, and G. K. Venayagamoorthy, “Cyber se-
curity in smart DC microgrid operations,” in Proc. IEEE Int. Conf. DC
Microgrids, 2015, pp. 1–6.
[35] R. A. Brualdi, and J. R. Herbert, Combinatorial Matrix Theory, vol. 39.
Cambridge, U.K.: Cambridge Univ. Press, 1991. Tomislav Dragičević (S’09–M’13–SM’17) received
[36] S. Sahoo and S. Mishra, “A distributed finite-time secondary average the M.Sc. and Industrial Ph.D. degrees in electrical
voltage regulation and current sharing controller for DC microgrids,” IEEE engineering from the Faculty of Electrical Engineer-
Trans. Smart Grid, to be published, doi: 10.1109/TSG.2017.2737938. ing, University of Zagreb, Zagreb, Croatia, in 2009
[37] S. Mishra, S. Sahoo, and A. Dugar, “Hybrid MVMO based controller for and 2013, respectively.
energy management in a grid connected DC microgrid,” in Proc. IEEE From 2013 until 2016, he was a Postdoctoral Re-
Power, Commun. Inf. Technol. Conf., 2015, pp. 114–119. search Associate with Aalborg University, Aalborg,
Denmark, where he has been an Associate Professor
Subham Sahoo (S’16–M’18) received the B.Tech. from March 2016. He made a Guest Professor Stay
degree in electrical and electronics engineering from with Nottingham University, Nottingham, U.K., dur-
the Veer Surendra Sai University of Technology, ing Spring/Summer of 2018. His principal field of
Burla, India, in 2014, and the Ph.D. degree in electri- interest is overall system design of autonomous and grid connected dc and ac
cal engineering from the Indian Institute of Technol- microgrids, and application of advanced modeling and control concepts to power
ogy, Delhi, New Delhi, India, in 2018. electronic systems. He has authored and coauthored more than 140 technical
He was a Visiting Student with the Department papers (more than 55 of them have been published in international journals,
of Electrical and Electronics Engineering, Cardiff mostly the IEEE transactions) in his domain of interest and 8 book chapters and
University, Cardiff, U.K., in 2017. He is currently a book in the field.
a Research Fellow with the Department of Electrical Dr. Dragičević was an Associate Editor for the IEEE TRANSACTIONS ON
and Computer Engineering, National University of INDUSTRIAL ELECTRONICS and for the Journal of Power Electronics. He was
Singapore, Singapore. His current research interests include microgrids, cyber- the recipient of the Končar prize for the best industrial Ph.D. thesis in Croatia
security, coordinated control, and stability of cyber-physical systems. and the Robert Mayer Energy Conservation Award.

Authorized licensed use limited to: Malaviya National Institute of Technology Jaipur. Downloaded on October 20,2024 at 12:50:07 UTC from IEEE Xplore. Restrictions apply.