Localized event-driven resilient mechanism against data integrity attacks in microgrids
Research Fellow: Subham Sahoo | Advisor: Jimmy C.-H. Peng | Project Duration: 2019
The integrity of an electric grid is vulnerable to cyber attacks given its increasing reliance on information technology (IT) and operational technology (OT). For instance, malicious attacks injecting false data into the energy management system (EMS) can interrupt the optimal dispatching of distributed renewable sources in a cooperative microgrid. Such event would lead to an increase in the total generation cost—benefiting certain parties to provide more attractive pricing than their competitors or simply to cause havoc in the trading market.
This study proposes a unified and localized attack-resilient framework to prevent the impact of data integrity attacks (DIAs) in an ac microgrid governed by distributed controllers. Two attack models have been considered, namely, fault and random attacks. Fault attacks cause an implicit change in the parameters of the cost function, which then cause improper economic dispatch. To prevent the microgrid from such attacks, a resilient control update is designed using the error in local measurements to cancel the effect of the attack. On the other hand, random attacks can be mitigated by first computing a localized estimation of the incremental cost model. An error in the cost parameters would trigger an eventindicating a DIA in the node/generator. Subsequently, the propagation of the attack element to its neighbors is prohibited, while the controller in the attack node is fed with measurements from the pre-triggered instance to ensures the optimal operation. This scheme serves two advantages: 1) the privacy of each generating unit is secured, and 2) it operates without involving neighboring measurements, and hence remain unaffected by adversarial actions, such as delays, link failure, and denial-of-service and man-in-the-middle attacks.
Figure 1. Single-line diagram of the microgrid and its respective connectivity between nodes in the cyber layer.
The basic philosophy behind the proposed scheme lies with the model-based event detection, which identifies the change of parameters in the cost function model. In essence, the updated data in case of operating events, such as a load change, is transmitted to the neighboring DGs, while events triggered as attacks are isolated from the rest of the nodes. The proposed localized event-based attack-resilient control strategy is tested on a 60 Hz microgrid shown in Figure 1. The microgrid consists of 4 distributed generators (DGs), each rated at 10 kVA. A distributed secondary controller is employed to regulate the error of the incremental cost and frequency between the local as well as the neighboring DGs. Noted that each DG has a different incremental cost value.
Consider node-1 of the cooperative microgrid is attacked by an adversary at t = 0.5 second into the simulation. It can be seen that when node-1 converges to a false incremental cost of 7.8, the remaining DGs also settles to this value based on adopted the consensus theory. To prevent this from happening, the propagation of the false value is first stopped by disabling the cyber link to the neighboring DGs. At the same time, the proposed scheme rectifies the DIAs in the controller of node-1. Upon successful mitigation, the cyber link is re-established with its neighbors as shown in Figure 2. In another example, random attacks are conducted at the DG located on node-2 at t = 2.5 and 4 second. Again, the proposed scheme will trigger an event to isolate the attacked node from its neighrbor. The unaffected DGs will proceed under normal operation and their converged solution will then be transmitted back to the attacked node and thus, ensure the accuracy of the economic dispatch within the cooperative microgrid as shown in Figure 3.
Figure 2. Performance of the microgrid (a) without detection scheme, and (b) with the proposed method when subjected to a random attack at t = 0.5 s in DG I. Note that lambda is the incremental cost value.
Figure 3. (a) Performance of the microgrid without any attack detection mechanism when subjected to two random attacks on DG II at t = 2.5 and 4 s, and (b) the proposed strategy successfully mitigates the impact of the random attacks.
In summary, the localized event-based attack-resilient mechanism is able to defend cooperative microgrids from DIAs. As these attacks are designed to increase the generation cost, they need to be mitigated promptly to prevent divergent solutions or instability in the worst case.
To deal with fault attacks, the proposed mechanism provides localized online compensation to the changes in cost parameters using a resilient control update that is based on local information. Whereas for random attacks, the localized event-based incremental cost is being used via the constantly held measurement before the attack is conducted. Furthermore, the localization of this approach makes the proposed scheme easily scalable to protect larger distribution networks from data integrity attacks.