A Stealth Cyber Attack Detection Strategy for DC Microgrids

Research Fellow: Subham Sahoo | Advisor: Jimmy C.-H. Peng | Collaborators: Sukumar Mishra, Indian Institute of Technology Delhi, India, Tomislav Dragičević, University of Aalborg, Denmark | Project Duration: 2018


Distributed control in microgrid is an effective solution to improve the robustness against single-point-of-failure as compared to the conventional centralized approach. In particular, the notion of cooperative secondary control has been recently proposed to regulate voltage and power sharing between various devices. However, a distributed controller is prone to malicious attacks in the form of false data injection attacks (FDIAs) due to the lack of global observability. Consequently, the reliability as well as the security of a microgrid could be compromised by stealthy cyber-attacks.

In this work, a cooperative vulnerability factor (CVF) is proposed to detect deceptive cyber-attacks that attempt to sabotage the voltage and current regulation in a DC microgrid. In essence, CVF is the difference between the secondary output voltage of neighboring agents. It is zero under steady-state, and should converge to zero after a network disturbance such as a change in load or control set-point. Therefore, a non-zero value indicates that an agent has been compromised/attacked. Subsequently, defensive mechanism is triggered after detecting the attacked agent(s).

The proposed method was first evaluated on a simulated DC microgrid consisting of 4 agents as shown in Figure 1. Several scenarios were tested in this research. For instance, referring to Figure 2, a stealth attack was launched at the transmitting end of the cyber link of agent III. Prior to initiating the attack, it is difficult to denote the attacked agent from the average voltage as both estimates diverge symmetrically --- the norm of these errors would mistranslate into two attacked agents, i.e., agents III and IV. This issue was resolved using the proposed approach since C3 shoots up to 0.18, indicating that only agent III was attacked. As a counter solution, the outgoing links from agent III were deactivated. This restored the average voltage estimate to the desired reference value of 315 V. In addition, the microgrid also performed adequate during load changes highlighted as A and B in Figure 2.


Figure 1. The simulated system: (a) Agent model and (b) Cyber-physical DC microgrid with four converters.

Figure 2. Waveform of (a) currents, (b) voltages, (c) CVF, and (d) average voltages. The stealth attack was at two outgoing cyber links from agent III at t = 1 s. Two load changes were also initiated during this study. They are labelled as A and B in (a).

Next, the proposed strategy was validated using an experimental setup consisting of 2 agents as shown in Figure 3. Conforming with the simulated results, injected attacks (see Figure 4) were able to be swiftly detected and mitigated to maintain stable regulation of the DC microgrid.

Figure 3. The experimental setup consisting of two converters, i.e. two agents.

Figure 4. Oscilloscope waveform of (a) FDIA, and (b) stealth attack on voltage sensor(s) with M = 2 agents.

© 2020 by Power Engineering Laboratory