Automatica 137 (2022) 110091

Contents lists available at ScienceDirect

Automatica
journal homepage: www.elsevier.com/locate/automatica

Brief paper

Adaptive distributed Kalman-like filter for power system with cyber

attacks✩
∗
Jun Yang, Wen-An Zhang , Fanghong Guo
College of Information Engineering, Zhejiang University of Technology, Hangzhou 310023, China

article info a b s t r a c t

Article history: This article investigates the distributed state estimation problem for large-scale power systems, where
Received 19 June 2020 both false data injection (FDI) and denial-of-service (DoS) attacks are considered. The DoS attacks
Received in revised form 28 August 2021 are compensated by using measurement predictor, while the FDI attacks are treated as uncertainties
Accepted 1 November 2021
in measurements. Through neighborhood coordination, a posterior residual chi-square test method is
Available online 18 December 2021
applied in each subsystem to detect the FDI attacks in local measurement and edge measurement
Keywords: separately. Finally, by introducing two adaptive factors, an adaptive distributed state estimator (ADSE)
Adaptive state estimation is proposed, which can evaluate the credibility of the tampered measurements and mitigate the impact
Distributed state estimation of FDI attacks. Simulation tests conducted on the IEEE 118-bus system verify the effectiveness of the
Attack detection attack detector and the ADSE in power system state estimation.
Large-scale power system
© 2021 Elsevier Ltd. All rights reserved.

1. Introduction The impact of DoS on state estimation in power system is

generally reduced by applying the measurement holder or pre-
The modern power system is gradually integrating with the dictor (Manandhar, Cao, Hu, & Liu, 2014). Besides, robust filter-
cyber infrastructures, making the power system more intelligent, ing (Zhao & Mili, 2018) and resilient filtering (Chen, Ding, Dong,
convenient and open (Deng, Xiao, & Lu, 2017). However, the inte- & Wei, 2019) methods can also be used to deal with this issue.
gration of cyber infrastructures also brings the network security On the other hand, since Liu raised the FDI attack in 2009 (Liu
vulnerabilities to power system which may be devastating (Deng, et al., 2009), lots of efforts have been done to explore defense
Xiao, Lu, Liang, & Vasilakos, 2017). Two common cyber attacks mechanism against FDI attack (Bi & Zhang, 2014; Chen, Li, Zhong,
are the false data injection (FDI) attack and the denial-of-service & Fei, 2019; Gu, Liu, Wang, Guan, & Xu, 2013; Kazemi, Safavi,
(DoS) attack. The DoS attack is destructive but easy to detect. Naseri, Urbas, & Setoodeh, 2020; Li et al., 2019; Li, Xiao, Lu, Deng,
However, amounts of researches have proved that a carefully de- & Bao, 2020; Liang, Zhao, Luo, Weller, & Dong, 2017; Liu, Esmal-
signed FDI attack can cause arbitrary deviation in state estimation ifalak, Ding, Emesih, & Han, 2014; Liu, Liang, Chen, Wu, & Long,
without being detected by the energy management system (Deng, 2020; Liu & Wu, 2020; Rawat & Bajracharya, 2015; Wang, Luo,
Zhang, Jiang, & Guan, 2020). These mechanisms can be roughly
Xiao, Lu, Liang, & Vasilakos, 2017; Liu, Reiter, & Ning, 2009;
divided into two categories, namely the state or meter protection
Liu, Song, & Li, 2020; Song, Shi, Lim, Zhang, & Yu, 2019). By
based attack defense mechanism and the hypothesis test based
manipulating estimated state, attackers can modify electricity
attack detection mechanism. For the first category, a cluster of
price to extract profits, or induce suppliers to make wrong control
carefully selected meter measurements are protected such that
operations, or even cause regional power outage (Deng et al.,
no attack can be injected into these measurements without being
2017; Zhang, Deng, Yau, Cheng, & Chen, 2020). Thus, secure
detected (Bi & Zhang, 2014; Deng et al., 2017; Liu, Liang, et al.,
state estimation is of vital importance to maintain the normal
2020). These methods are very effective, but they need an implicit
operation of power system.
assumption that some meter measurements should be absolutely
protected, which may be costly in some cases. For the second
✩ This work was supported by the National Natural Science Foundation of category, a class of typical methods are the residual analysis
China under Grant Nos. 62173305, 61822311, 62073292 and 61903333. The based methods (Chen, Li, et al., 2019; Gu et al., 2013; Rawat
material in this paper was not presented at any conference. This paper was & Bajracharya, 2015). For example, a cosine similarity matching
recommended for publication in revised form by Associate Editor Claudio De
approach is presented in Rawat and Bajracharya (2015), a chi-
Persis under the direction of Editor Christos G. Cassandras.
∗ Corresponding author. square detection method is proposed in Chen, Li, et al. (2019) by
E-mail addresses: jyang@zjut.edu.cn (J. Yang), wazhang@zjut.edu.cn using the statistic information of states. In addition, some novel
(W.-A. Zhang), fhguo@zjut.edu.cn (F. Guo). attack detection methods have emerged in recent years, such

https://doi.org/10.1016/j.automatica.2021.110091
0005-1098/© 2021 Elsevier Ltd. All rights reserved.
J. Yang, W.-A. Zhang and F. Guo Automatica 137 (2022) 110091

as, transforming the FDI attack detection problem into matrix 2. Preliminaries and problem formulation
separation problem (Li et al., 2019; Liang et al., 2017; Liu et al.,
2014), utilizing the unknown input observer (UIO) to observe In practice, a power system is commonly monitored by various
the unknown input and then justify whether there is FDI at- kinds of sensors (e.g., SCADA and PMU). These sensors collect
tack (Kazemi et al., 2020; Wang et al., 2020), perturbing branch measurements and send them to a control center. The control
susceptance to minimize the stealth attack space and making the center uses the system model and sensor measurements to es-
attack detection more effective (Li et al., 2020; Liu & Wu, 2020; timate the system state. Without loss of generality, the power
Zhang et al., 2020), etc. The above attack defense methods are system measurement model is denoted by z(k) = f (x(k)) + v (k),
feasible and effective under certain conditions. However, they where x(k) is the system state, z(k) is the measurement, f (·) is the
are either centralized detection and estimation methods or can nonlinear measurement function, v (k) is the measurement error
only be implemented independently in each subsystem. Since the and is assumed to follow zero mean Gaussian distribution with
power system is practically interconnected, sophisticated with
covariance S(k). By using linearization method, z(k) is linearized
large-scale, it is desirable to design a distributed state estimator
as
which can obtain accurate state estimation against cyber attacks
with less computational cost. z(k) = H(k)x(k) + v (k), (1)
Motivated by the above analysis, a distributed cyber attack
detection method and an adaptive distributed state estimator where H(k) is the Jacobian matrix. Similarly, the dynamic model
(ADSE) are designed in this article to defend against the cyber is also given in a linear form
attacks in large-scale power systems. Firstly, such a large-scale
x(k + 1) = F (k)x(k) + d(k) + w (k), (2)
power system is decomposed into several interconnected, non-
overlapping and topologically observable subsystems. The attacks where F (k) is the state dynamic matrix and d(k) is the trend be-
in local measurement and edge measurement are both detected havior of state which can be obtained online by Holt’s
by using the chi-square detection method. However, it is noted 2-parameter linear exponential smoothing method (Li & Li, 2009;
that an edge measurement is a function of states of the subsystem Nishiya, Takagi, Hasegawa, et al., 1976), w (k) is a zero mean
itself and a neighbor of it. Therefore, to detect the attacks in edge Gaussian noise with covariance R(k). For convenience, the time
measurement at each subsystem locally, the edge measurement is index k is omitted, the maximum a posteriori estimation problem
preprocessed by using the information received from its immedi- is equivalent to find x̂ to minimize the objective function J(x) =
ate neighbors. Then, an adaptive factor in matrix form (AFM) and (z −Hx)T S −1 (z −Hx)+(x−x̄)T P̄ −1 (x−x̄) (Barhumi & Moonen, 2009),
an adaptive factor in scalar form (AFS) are introduced to evaluate where x̄ = F x̂(k − 1) + d(k − 1) and P̄ = FP(k − 1)F T + R(k − 1)
the credibility of the manipulated measurements and further are the predicted state and the corresponding error covariance,
alleviating the impact of the attacks. Finally, an ADSE algorithm respectively. Then, the state estimate x̂ is derived to be x̂ =
is presented by introducing both types of adaptive factors into a
P(P̄ −1 x̄ + H T S −1 z), with covariance P ≜ (P̄ −1 + H T S −1 H)−1 .
distributed iterative Kalman-like estimator. In all, contributions
The architecture of a risky power system is shown in Fig. 1.
of this article are summarized as follows.
Under FDI attack, the attacker injects a designed attack signal a(k)
1. Through neighborhood coordination, a distributed attack
into the sensor measurement, and the manipulated measurement
detection method is designed which can detect the attacks in
is modeled by
local measurement and edge measurement separately. Compared
with Zhao and Mili (2018), a significant advantage is that this y(k) = z(k) + a(k). (3)
article considers the power system as an interconnected system,
rather than treating each subsystem as an independent system. Then, y(k) is transmitted to the control center and leads to a false
This makes the presented method more suitable for large-scale state estimate x̂a = P(P̄ −1 x̄ + H T S −1 y). If one defines e = z − H x̂
power systems. and M = H P̄H T + S, according to the matrix inverse lemma, one
2. The ADSE algorithm is designed to produce accurate state has ea ≜ y − H x̂a = e + S M−1 a. That is to say the existence of FDI
estimation under cyber attacks by introducing two adaptive fac- attack will change the posterior residual vector no matter what
tors AFM and AFS into a distributed iterative Kalman-like esti- structure the attack vector is. Therefore, it is theoretically feasible
mator. The AFM is designed to evaluate the credibility of the to detect all kinds of FDI attacks through a posterior residual
manipulated measurements and the normal measurements sepa- analysis method. Denoting the covariance corresponding to ea as
rately, and the AFS is introduced to further weaken the impact of M, the normalized residual Υ = (ea )T M −1 ea follows a chi-square
the tampered measurements on state estimation. Compared with distribution under normal condition and the existence of FDI
the adaptive factor designed in Yang, Zhang, Liu, and Yu (2019), attack may lead to a larger Υ . With a designed threshold τ , one
the presented ADSE algorithm can better deal with the state believes FDI attack occurs if Υ > τ . When DoS attack occurs, the
estimation problem against cyber attacks when the dimension of timely measurement will be unavailable for the control center.
measurement is high. In this case, the one-step prediction z̄(k) = H(k)x̄(k) is used to
3. The relationship between the threshold and the estimator replace the missing measurement y(k). One defines ϱ(k) = 0
performance is investigated through a series of simulation tests, when DoS attack occurs, otherwise ϱ(k) = 1. Then, measurement
and the method to determine the adaptive factors is studied.
under DoS attack is expressed as
Notations: α1:n denotes [α1T , α2T , . . . , αnT ]T . diag {a, b, c } repre-
sents the block diagonal matrix constructed by a, b and c. E {·} ζ (k) = ϱ(k)y(k) + (1 − ϱ(k))z̄(k). (4)
and cov{·} represent the expectation and covariance operators,
respectively. 0 and Im denote the zero matrix and m-dimensional Instead of detecting the cyber attacks in a single control center,
identity matrix, respectively. 1m represents an m-dimensional in this article, the detection task will be allocated into each sub-
vector constructed by 1. Ni is the set of communication neighbors system. As shown in Fig. 1, a large-scale power system is divided
of subsystem i, the candidate of Ni is denoted as ni . chol(·) is the into several subsystems. In subsystem i, omitting the time index
Cholesky decomposition operation. Matrix A > 0 means that A is k, one denotes the local state as xi , the local measurement as zi ,
positive definite. For vector v , |v| means to take absolute value the edge measurement as zi,j , and the edge measurement matrix
for each element of v , v > 0 means that each element of v is as Li,j , then the relationships between the parameters in the
positive. ⊙ is the Hadamard product. max{·} means to take the centralized power system and these subsystems are x = x1:n , z =
maximum value. Tr {A} denotes the trace of A. [z1T:n , . . . , ziT,j , . . .]T , F = diag {F1 , . . . , Fn }, d = d1:n , w = w1:n , H =
2
J. Yang, W.-A. Zhang and F. Guo Automatica 137 (2022) 110091

Proof. According to (6), the posterior residual νi (k) is derived

as νi (k) = yi (k) − Hi (k)x̂i (k) = Si (k)M− i (k)ν̄i (k), with covari-
1
1
ance matrix Mi (k) = Si (k)M− i (k)Si (k). Since Mi (k) is symmetric
positive definite, it complies with the Cholesky decomposition
Mi (k) = Vi (k)ViT (k), where Vi (k) = chol(Mi (k)) is an invertible
lower triangular matrix. Then, one has
γi (k) = ViT (k)Si−1 (k)νi (k) = Vi−1 (k)ν̄i (k),
{
(8)
Υi (k) = γiT (k)γi (k) = ν̄iT (k)M−i (k)ν̄i (k).
1

Therefore, E {γi (k)} = Vi−1 (k)E {ai (k)}, cov{γi (k)} = Vi−1 (k)Mi (k)
(ViT (k))−1 = Imi . It is obvious that, when ai (k) = 0, γi (k) should
obey a n-dimensional standard normal distribution. Accordingly,
Fig. 1. Architecture of power system under cyber attacks. Υi (k) obeys a mi -dimensional chi-square distribution. Thus, the ex-
istence of FDI attack will lead to a larger Υi (k). With the definition
τi = χm2 i ,p , inequality Υi (k) > τi means that the measurement
[diag {H1 , . . . , Hn }, . . . , HiT,j , . . .]T , v = [v1T:n , . . . , viT,j , . . .]T , Hi,j = is manipulated by FDI attacks with the probability of p. This
[0, Li,j , 0, Lj,i , 0]. Define z̄i (k) = Hi (k)x̄i (k), z̄i,j (k) = Li,j (k)x̄i (k) + completes the proof.
Lj,i (k)x̄j (k), i = 1, . . . , n, j ∈ Ni . Then, according to (1)–(4),
When considering the influence of FDI attack and combining
the mathematical model of subsystem i under cyber attacks is
(6), ν̄i (k) can be rewritten as ν̄i (k) = Hi (k)(xi (k) − x̄i (k)) + vi (k) +
presented as ai (k). Then, one has Mi (k) = cov{ν̄i (k)} = Hi (k)P̄i (k)HiT (k) +
xi (k + 1) = Fi (k)xi (k) + di (k) + wi (k), (5a) Ši (k), where Ši (k) = Si (k) + ∆Si (k) and ∆Si (k) = cov{ai (k)}.
It implies that the existence of FDI attack can be treated as
zi (k) = Hi (k)xi (k) + vi (k), (5b)
increment in observation uncertainty. Thus, this article considers
yi (k) = zi (k) + ai (k), (5c) to thwart the impact of FDI attack on the performance of the state
estimator by modifying the measurement error variance matrix.
ζi (k) = ϱi (k)yi (k) + (1 − ϱi (k))z̄i (k), (5d)
The modified measurement error variance matrix is considered
zi,j (k) = Li,j (k)xi (k) + Lj,i (k)xj (k) + vi,j (k), (5e) to be Ši (k) = ϕi (k)Λi (k)Si (k), where ϕi (k) is a scalar, Λi (k) =
diag {λi(1) (k), . . . , λi(mi ) (k)} and Λi (k) − Imi ≥ 0. Let us define
yi,j (k) = zi,j (k) + ai,j (k), (5f) −1/2 1/2
γ̌i (k) = ViT (k)Λi (k)Si−1 (k)νi (k), γ̃i (k) = ϕi (k)γ̌i (k), a0 =
ζi,j (k) = ϱi (k)yi,j (k) + (1 − ϱi (k))z̄i,j (k). (5g) τi − η̄i (k)Φi (k)Φi (k)η̄i (k), b0 = 2ηi (k)Φi (k)Φi (k)η̄i (k), c0 =
T T T T

Tasks of this article are summarized as follows. ηiT (k)ΦiT (k)Φi (k)ηi (k), Φi(κ,t) = Vi(t ,κ ) Si(t) νi(t) , η̄i (k) = 1mi − ηi (k),
1. For risky power system (5), how to pick out the manipulated ηi(κ ) = 1 when |γi(κ ) | > πi , else ηi(κ ) = 0, where ηi(κ ) and γi(κ ) are
measurements (including the attacks in local measurement and the κ th element of ηi (k) and γi (k), respectively, Φi(κ,t) is the κ th
edge measurement) at each subsystem in a distributed way? row and tth column element of Φi (k), Vi(t ,κ ) is the element in the
2. For power system with high-dimensional measurements, tth row and κ th column of Vi (k), Si(t) is the tth diagonal element
how to design an estimator to ease the impact of attacks on state of Si (k) and νi(t) is the tth element of νi (k). The method to design
estimation? ϕi (k) and Λi (k) is given in Theorem 2.

3. Main results Theorem 2. Considering system (5a) with measurement (5c),

if the measurement variance matrix is modified to be Ši (k) =
3.1. FDI attack detection and compensation ϕi (k)Λi (k)Si (k) when FDI attack is detected, γ̌iT (k)γ̌i (k) ≤ τi and
max |γ̃i(κ ) | ≤ πi can be ensured when Λi (k) and ϕi (k) are designed
as
Considering subsystem (5a) with local measurement (5c), the )2
1, |γi(κ ) | ≤ πi , πi
{ (
Kalman state estimation is given by
λi(κ ) (k) = ϕ =
αi , |γi(κ ) | > πi , i max |γ̌i(κ ) |
x̄i (k) = Fi (k − 1)x̂i (k − 1) + di (k − 1), (6a)
P̄i (k) = Fi (k − 1)Pi (k − 1)FiT (k − 1) + Ri (k − 1), (6b) where λi(κ ) (k) and γ̃i(κ ) are the κ th element of Λi (k) and γ̃i (k),
πi is designed online
respectively, ( as shown in Algorithm 1, αi should
ν̄i (k) = yi (k) − Hi (k)x̄i (k), (6c) 2
√ )
b0 + b20 +4a0 c0
Mi (k) = Hi (k)P̄i (k)HiT (k) + Si (k), (6d) satisfy αi ≥ 2a0
.

Ki (k) = P̄i (k)HiT (k)M− 1

i (k) , (6e)
x̂i (k) = x̄i (k) + Ki (k)ν̄i (k), (6f) Proof. Based on the above analysis, γi (k) should obey a multi-
dimensional Gaussian distribution. With a designed threshold πi ,
Pi (k) = (Imi − Ki (k)Hi (k))P̄i (k). (6g) when the value of γi(κ ) , κ = 1, . . . , mi exceeds the threshold, the
component is believed to have been tampered and needs to be
Lemma 1. For risky power system described by (5a) and (5c), the modified. This leads to the definition of λi(κ ) (k). According to (6),
normalized posterior residual Υi (k) is equal to the normalized priori the modified Mi (k) can be denoted as M̌i (k) = Hi (k)P̄i (k)HiT (k) +
residual, that is, Λi (k)Si (k). For the convenience of calculation, one approximately
1/2
takes V̌i (k) = Λi (k)Vi (k). Then, according to (8) one has γ̌i (k) =
Υi (k) = ν̄iT (k)M−
i (k)ν̄i (k).
1
(7) −1/2
V̌iT (k)Ši−1 (k)νi (k) = ViT (k)Λi (k)Si−1 (k)νi (k). Therefore, the κ th
With a given threshold τi = χ 2
m i ,p ,
the measurement is considered to element of γ̌i (k) can be given by
have been tampered by the FDI attack if Υi (k) > τi . The scalar χm2 i ,p mi
is the upper bound of the chi-square test whose degree of freedom is −1/2
∑
γ̌i(κ ) = Vi(t ,κ ) λi(t) Si(t)
−1
νi(t) . (9)
mi and the confidence level is p. t =κ

3
J. Yang, W.-A. Zhang and F. Guo Automatica 137 (2022) 110091

Algorithm 1 Online calculation of πi z̄i,j (k, h), where z̄i,j (k, h) is derived as z̄i,j (k, h) = Li,j (k)x̄i (k) +
√
τi
Lj,i (k)x̂ij (k, h − 1), with x̂ij (k, h − 1) being the state estimate at
1: Initialized by πi,0 = and q = 1
mi subsystem j when removing subsystem i from its neighbors, the
2: for k = 1 to mi do corresponding error covariance is Pji (k, h − 1). Finally, one has
3: while (q) do
4: πi = 2q1−1 πi,0
5: Calculate ηi (k), η̄i (k) and a0 ;
µ̄i (k) =ζi (k) − Hi (k)x̄i (k) = ϱi (k)ν̄i (k), (15)
6: if a0 > 0 then µ̄i,j (k, h) =ζi,j (k) − Li,j (k)x̄i (k) − Lj,i (k)x̂ij (k, h − 1)
7: break;
8: end if =ϱi (k)[Li,j (k)(xi (k) − x̄i (k)) + vi,j (k)
9: q=q+1;
10: end while + Lj,i (k)(xj (k) − x̂ij (k, h − 1)) + ai,j (k)]. (16)
11: end for
Replacing ν̄i (k) in (8) by µ̄i (k), it is obvious that, no matter
whether there is FDI attack or not, γi (k) = 0 always holds as long
as DoS attack occurs. Thus, under cyber attacks, it is still possible
−1/2
Then, one has γ̌i (k) = Φi (k)(αi ηi (k) + η̄i (k)). The proposition to detect whether the local measurement zi (k) is manipulated
γ̌iT (k)γ̌i (k) ≤ τi can be further rewritten as by FDI attack according to Lemma 1. To examine whether the
1/2 edge measurement zi,j (k) is suffered from FDI attack, one defines
a0 α i − b 0 α i − c0 ≥ 0, (10) v̄i,j (k, h − 1) = vi,j (k) + Lj,i (k)(xj (k) − x̂ij (k, h − 1)). It is obvious
To make sure that inequality (10) has a solution, it is necessary that v̄i,j (k, h − 1) follows zero mean Gaussian distribution. Then
to ensure a0 > 0. When considering the case η̄i (k) = 1mi , one has (16) can be rewritten as, µ̄i,j (k, h) = ϱi (k)[Li,j (k)(xi (k) − x̄i (k)) +
v̄i,j (k, h − 1) + ai,j (k)]. In this sense, µ̄i,j (k, h) can be regarded as
η̄iT (k)ΦiT (k)Φi (k)η̄i (k) = mi πi2 ≤ τi . the local prediction residual at subsystem i at the hth iteration
√
Then, it is derived that πi ≤ τi /mi . However, when FDI attack and v̄i,j (k, h − 1) is the measurement noise. Notice that, when
exists, a smaller πi is needed to ensure that a0 is positive. In calculating µ̄i,j (k, h), the component Lj,i (k)x̂ij (k, h) is calculated
practice, the value of πi can be decided online adaptively as at subsystem j. Therefore, subsystem j needs to send relevant
shown in Algorithm 1. Then, by solving (10) and noting that αi information to subsystem i to assist state estimation and attack
is defined to be positive, one has detection in subsystem i. The information to be sent is defined as

βji (k, h) = Lj,i (k)x̂ij (k, h),

( )2
(17)
√
αi ≥ (b0 + b20 + 4a0 c0 )/(2a0 ) . (11)
Mij (k, h) = Lj,i (k)Pji (k , h)LTj,i (k) + Si,j (k), (18)
1/2 1/2
Define γ̃i (k) = ϕ γ̌ i (k) i (k), it is derived that |γ̃ | = ϕ
i(κ ) i |γ̌
(k) i(κ ) .
| where Mij (k, h) is the covariance of v̄i,j (k, h). Then, the covariance
1/2 πi
Then, let max{ϕ |γ̌i (k) i(κ ) |} ≤ πi leads to ϕ =i ( max |γ̌ | )2 . This of µ̄i,j (k, 1) can be derived as
i(κ )
completes the proof.
Mi,j (k) = Li,j (k)P̄i (k)LTi,j (k) + Mij (k, 0). (19)

Similar to (8), one defines γi,j (k) = , 0)) ×µ̄i,j (k, 1),
ViT,j (k)(M̌ij (k −1
Remark 3. For the sake of calculation, V̌i (k) is defined as V̌i (k) =
1/2 Υi,j (k) = µ̄Ti,j (k, 1)M− 1
(k)µ̄ i,j (k, 1), where V i ,j (k) = chol{Mi,j (k)},
Λi (k)Vi (k) rather than V̌i (k) = chol(M̌i (k)). To avoid confusion, i,j
M̌ij (k, h) = I ⊙ Mij (k, h). Then, Lemma 1 can also be used to judge
one redefines V̄i (k) = chol(M̌i (k)). Then, one has
whether the edge measurement is manipulated by FDI attack and
Υ̌i (k) − Ῡi (k) = V̌i (k)V̌iT (k) − V̄i (k)V̄iT (k) Theorem 2 will be utilized to derive the adaptive matrix Λi,j (k)
1/2 1/2
=Λi (k)Hi (k)P̄i (k)HiT (k)Λi (k) − Hi (k)P̄i (k)HiT (k). and the adaptive factor ϕi,j (k).
To design the gain matrices Ki (k, h) and Ki,j (k, h), one substi-
Combining Λi (k) ≥ Imi leads to V̌i (k)V̌iT (k) ≥ V̄i (k)V̄iT (k). Further- tutes (6), (12) and (15) into (13), then takes partial derivation of
∂ Tr {Pi (k,h)}
more, it is derived that Υ̌i (k) ≥ Ῡi (k). Therefore, when Λi (k) is Tr {Pi (k, h)} and let ∂ K (k ,h)
= 0, ∂ ∂TrK{Pi(k(k,,h)h)} = 0, one obtains
i i,j
designed such that Υ̌i (k) ≤ τi , the inequality Ῡi (k) ≤ τi always
Ki (k, h) = ψi (k, h)Ωi (k)
{
holds. Thus, it is reasonable to replace V̄i (k) with V̌i (k). , (20)
Ki,j (k, h) = ψi (k, h)Γi (k)Ωi,j (k)
3.2. State estimation under both DoS and FDI attacks
where,
Considering power system under cyber attacks that is de- M̄i (k) = Mi (k) + (Λi (k) − Imi )Si (k) (21)
scribed by (5), the state estimator is designed as
Ωi (k) = P̄i (k)HiT (k)M̄−1
i (k) (22)
x̂i (k, h) = x̄i (k) + Ki (k, h)µ̄i (k)
∑ Γi (k) = I − Ωi (k)Hi (k) (23)
+ Ki,j (k, h)µ̄i,j (k, h), (12) M̄ij (k , h) = Λi,j (k) ⊙ Mij (k , h) (24)
j∈Ni
Ωi,j (k, h) = P̄i (k)LTi,j (k)(M̄ij (k , h − 1)) −1
(25)
where h is the iteration step, x̂i (k, 0) = x̄i (k), µ̄i (k) and µ̄i,j (k, h) ∑
are the prediction residual at the hth iteration, Ki (k, h) and ψi (k, h) = [I + Γi (k) Ωi,j (k, h)Li,j (k)] . −1
(26)
Ki,j (k, h) are the gain matrices to be designed, which satisfy j∈Ni

{Ki (k, h), Ki,j (k, h)} = arg min Tr {Pi (k, h)}, (13) Then, substituting (12) and (20) into (14) leads to

Pi (k, h) = cov{xi (k) − x̂i (k, h)}. ψi (k, h)Γi (k)P̄i (k), ϱi (k) = 1
{
(14)
Pi (k, h) = . (27)
P̄i (k), ϱi (k) = 0
The prediction residual µ̄i (k) and µ̄i,j (k, h) are defined as µ̄i (k) ≜
ζi (k) − ζ̄i (k) and µ̄i,j (k, h) ≜ ζi,j (k) − ζ̄i,j (k, h), respectively. Ac- Finally, the state estimation process under cyber attacks is sum-
cording to (5) and (12), one obtains that ζ̄i (k) = z̄i (k), ζ̄i,j (k, h) = marized in Algorithm 2.
4
J. Yang, W.-A. Zhang and F. Guo Automatica 137 (2022) 110091

Algorithm 2 ADSE at subsystem i

1: The subsystem is initialized by x̂i (0) and Pi (0)
2: At each sampling time k, the state prediction x̄i (k) and covariance P̄i (k) are
calculated by (6a) and (6b). Then calculate µ̄i (k) and Mi (k) by (15) and (6d).
1
3: Calculate Υi (k) = µ̄Ti (k)M−
i
(k)µ̄i (k). If Υi (k) > τi , calculate Λi (k) and ϕi (k)
according to Theorem 2; else, Λi (k) = Imi , ϕi (k) = 1.
j
4: Calculate M̄i (k), Ωi (k) and Γi (k) by (21)-(23). Then, calculate βi (k, 0) and
j
Mi (k, 0) by (17) and (18), and send them to subsystem j ∈ Ni .
5: Calculate µ̄i,j (k, 1) and Mi,j (k) by (16) and (19).
6: Calculate Υi,j (k). If Υi,j (k) > τi,j , calculate Λi,j (k) and ϕi,j (k) according to
Theorem 2; else, Λi,j (k) = Imi,j , ϕi,j (k) = 1.
7: Iterative process: For h = 1, 2, · · ·
8: Correct the edge measurement noise covariance by (24). Then, calculate the
residual by µ̄i,j (k, h) = ζi,j (k) − Li,j (k)x̄i (k) − βji (k, h − 1).
9: Calculate Ωi,j (k, h) and ψi (k, h) by (25) and (26). Then, the gain matrices are
calculated according to (20).
10: The state estimate under cyber attacks is then calculated by (12) and the
corresponding error covariance is calculated by (27).
11: Remove subsystem j from the neighbor set of subsystem i and perform Steps
j j j j
9–10 again to get x̂i (k, h) and Pi (k, h). Then calculate βi (k, h) and Mi (k, h) by
(17) and (18) and send them to subsystem j ∈ Ni .
Fig. 2. Relationship between TARMSE and confidence level p.

4. Case study

In this section, to verify the effectiveness of the presented

ADSE algorithm, the ADSE algorithm will be applied to the IEEE
118-bus system in Rich (1993), and compared with: (1) the adap-
tive method (ADSE1) presented in Yang et al. (2019), (2) the
most commonly used compensation method which directly re-
places the tampered measurement by the measurement predic-
tion (DSEI). The installation location of PMUs please refer to Sun, Fig. 3. Relationship between confidence level p and PF.
Fu, Wang, Zhang, and Marelli (2016), and the power system is
divided into 8 subsystems as shown in Yang, Zhang, and Guo
(2020). The system states are chosen as the voltage magnitude can be seen from Figs. 2(b)–2(d), with the increase of p, the
and the phase angle at each bus. The SCADA system observes state estimation process is smoother, however, the error increases
the voltage magnitude at each bus and the active and reactive significantly when FDI attack occurs. This indicates that the in-
power flow at all the line terminals. PMUs observe the states hibition ability of the ADSE algorithm to FDI attack decreases
of the buses directly. The sampling period is 2 s. Subsystem with the increases of p. To determine an appropriate range of p,
i is described by (5), where the matrixes Hi (k) and Li,j (k) are we define a new metric, namely, performance factor (PF), that is
obtained from Rich (1993) and Sun et al. (2016), Fi (k) and di (k) are the product of the maximum value of RMSE and TARMSE, which
identified online (Li & Li, 2009). The states are disturbed by noises is shown in Fig. 3. The PF is inversely proportional to the filter
with 0.01 p.u., the measurement noises are 0.03 p.u. for SCADA performance. It can be concluded from Fig. 3 that when p takes
and 0.003 p.u. for PMUs. The FDI attack is designed in the form
value from interval [0.8,0.95], the ADSE algorithm can not only
of a = Hc where c is a predesigned vector which introduces a
effectively mitigate the impact of FDI attack, but also guarantee
0.3 p.u. bias in the voltage magnitude estimate at Buses 8, 24 and
the estimation accuracy. In particular, we take p = 0.88 in the
70. In this case, the measurements that are manipulated include
subsequent simulation tests.
the local measurements of buses i ∈ {8, 24, 70}, and the edge
measurements zi,j , j ∈ Ni .
4.2. Performance analysis
4.1. Influences of the thresholds
To demonstrate the advantages of the proposed ADSE algo-
rithm, the performance is compared with that of the ADSE1 and
The threshold τi is defined as τi = χ which is decided2
mi ,p , the DSEI estimates with cyber attacks, and the DSEI estimate
by the value of mi and the confidence level p. To facilitate the
without cyber attacks. The FDI attack occurs at t = 40 and
analysis, we study the effect of p on estimator performance in-
t = 120 in the local measurement, and it occurs at t = 60
stead of τi . In this case study, no DoS attack occurs. The FDI attack
and t = 120 in the edge measurement. The DoS attack occurs
occurs at t = 20 and t = 60 in the local measurement, and
randomly with the probability of 3%. We first consider the case
occurs at t = 30 and t = 60 in the edge measurement. ∑T The time where no DoS attack occurs. Studies in this case are used to
averaged root of mean square error TARMSE = T1 k=1 RMSE(k) exhibit the effect of FDI attack on DSEI estimator and the ef-
is used to evaluate the influence
√ of p on the estimation accuracy,
∑n ∑ML fectiveness of the proposed ADSE algorithm against FDI attack
1 1 L T L
where RMSE(k) = n i=1 ML L=1 [x̃i (k) x̃i (k),
] T is the total detection and compensation. The results are shown in Fig. 4. They
simulation step, ML is the times of Monte Carlo runs, x̃Li (k) is show that the ADSE algorithm can effectively reduce the impact
the estimation error at the Lth Monte Carlo test. The relationship of FDI attack on power system state estimation. Then considering
between TARMSE and p for the whole power system, and the the case when both DoS and FDI attack occur simultaneously.
relationship between voltage magnitude TARMSE and p for buses The test results are shown in Fig. 5. It can be seen that the
8, 24 and 70 are shown in Fig. 2. It can be seen from Figs. 2(a) DSEI method can reduce the impact of cyber attacks to a certain
that TARMSE decreases with the increase of confidence level p, extent, however, its accuracy is obviously lower than those of
however, this does not mean that the larger p, the better. As the adaptive estimators ADSE1 and ADSE. Therefore, when the
5
J. Yang, W.-A. Zhang and F. Guo Automatica 137 (2022) 110091

Chen, W., Ding, D. R., Dong, H. L., & Wei, G. L. (2019). Distributed resilient filter-
ing for power systems subject to denial-of-service atttacks. IEEE Transactions
on Systems, Man, and Cybernetics: Systems, 49(8), 1688–1697.
Chen, R., Li, X., Zhong, H. X., & Fei, M. R. (2019). A novel online detection
method of data injection attack against dynamic state estimation in smart
grid. Neurocomputing, 344, 73–81.
Deng, R. L., Xiao, G. X., & Lu, R. X. (2017). Defending against false data injection
attacks on power system state estimation. IEEE Transactions on Industrial
Informatics, 13(1), 198–207.
Deng, R. L., Xiao, G. X., Lu, R. X., Liang, H., & Vasilakos, A. V. (2017). Falseb
data injection on state estimation in power systems- Attacks, impacts, and
defense: A survey. IEEE Transactions on Industrial Informatics, 13(2), 411–423.
Gu, Y., Liu, T., Wang, D., Guan, X. H., & Xu, Z. B. (2013). Bad data detec-
tion method for smart grids based on distributed state estimation. IEEE
International Conference on Communications, 448, 3–4487.
Kazemi, Z., Safavi, A. A., Naseri, F., Urbas, L., & Setoodeh, P. (2020). A secure
hybrid dynamic state estimation approach for power systems under false
data injection attacks. IEEE Transactions on Industrial Informatics, early access.
Fig. 4. Comparison of the estimation errors of attacking target buses with and
Li, B. D., Ding, T., Huang, C., Zhao, J. B., Yang, Y. H., & Chen, Y. (2019). Detecting
without compensation where the estimation errors of the attacking target buses
false data injection attacks against power system state estimation with fast
without FDI attack compensation are shown in (a)–(c) and that of the attacking
go-decomposition approach. IEEE Transactions on Industrial Informatics, 15(5),
target buses by using the ADSE algorithm are shown in (d)–(f).
2892–2904.
Li, H., & Li, W. G. (2009). Estimation and forecasting of dynamic state estimation
in power systems. International Conference on Sustainable Power Generation
and Supply, 1–6.
Li, B. B., Xiao, G. X., Lu, R. X., Deng, R. L., & Bao, H. Y. (2020). On feasibility
and limitations of detecting false data injection attacks on power grid state
estimation using D-FACTS devices. IEEE Transactions on Industrial Informatics,
16(2), 854–864.
Liang, G. Q., Zhao, J. H., Luo, F. J., Weller, S. R., & Dong, Z. Y. (2017). A review of
false data injection attacks against modern power systems. IEEE Transactions
on Smart Grid, 8(4), 1630–1638.
Liu, L., Esmalifalak, M., Ding, Q. F., Emesih, V. A., & Han, Z. (2014). Detecting false
data injection attacks on power grid by sparse optimization. IEEE Transactions
Fig. 5. Performance comparison for state estimation under cyber attacks by
on Smart Grid, 5(2), 612–621.
using the ADSE algorithm, the ADSE1 algorithm and the DSEI algorithm, as well
Liu, C. S., Liang, H., Chen, T. W., Wu, J., & Long, C. N. (2020). Joint admittance
as the state estimation under security condition by using the DESI algorithm.
perturbation and meter protection for migigating stealthy FDI attacks against
power system state estimation. IEEE Transactions on Power Systems, 35(2),
1468–1478.
Liu, Y., Reiter, M. K., & Ning, P. (2009). False data injection attacks against state
system is suffered from cyber attacks, it is not enough to design
estimation in electric power grids. In 16th Proceedings of the ACM conference
an effective attack detection mechanism and isolate the attack. on computer and communications security (pp. 21-32).
A robust filter is also needed to effectively block the adverse Liu, X., Song, Y. F., & Li, Z. Y. (2020). Dummy data attacks in power systems.
effects of attacks. Besides, Fig. 5 also shows that compared with IEEE Transactions on Smart Grid, 11(2), 1792–1795.
the ADSE1 algorithm, the ADSE algorithm has higher convergence Liu, B., & Wu, H. Y. (2020). Optimal D-FACTS placement in moving target defense
rate and higher estimation accuracy which proves the superiority against false data injection attacks. IEEE Transactions on Smart Grid, early
access.
of the proposed ADSE algorithm.
Manandhar, K., Cao, X. J., Hu, F., & Liu, Y. (2014). Detection of faults and attacks
including false data injection attack in smart grid using Kalman filter. IEEE
5. Conclusion Transactions on Control of Network Systems, 1(4), 370–379.
Nishiya, K., Takagi, H., Hasegawa, J., et al. (1976). Dynamic state estimation
This article investigates the distributed state estimation prob- for electric power systems-introduction of a trend factor and detection of
lem for large-scale power system under both FDI and DoS attacks. innovation process. Electrical Engineering in Japan, 96(5), 497–504.
Rawat, D. B., & Bajracharya, C. (2015). Detection of false data injection attacks
Through neighborhood coordination, a distributed attack detec- in smart grid communication systems. IEEE Signal Processing Letters, 22(10),
tion method is presented. Then, an adaptive distributed estimator 1652–1656.
is designed to mitigate the impact of attacks and produce accurate Rich, C. (1993). 118 Bus power flow test case. Available: http://labs.ece.uw.edu/
state estimation. Simulations conducted on the IEEE 118-bus pstca/pf118/pg_tca118bus.htm.
system verify the effectiveness of the ADSE algorithm in attack Song, H. Y., Shi, P., Lim, C. C., Zhang, W. A., & Yu, L. (2019). Attack and estimator
design for multi-sensor systems with undetectable adversary. Automatica,
detection and its satisfactory performance in state estimation
109.
against cyber attacks for large-scale power systems. The future Sun, Y. B., Fu, M. Y., Wang, B. C., Zhang, H. S., & Marelli, D. (2016). Dynamic state
research direction may be: (1) A more powerful attack detection estimaion for power networks using distributed MAP technique. Automatica,
method can be presented to replace the posteriori residual-based 73, 23–37.
attack detection method. (2) To study the influence of continuous Wang, X. Y., Luo, X. Y., Zhang, M. Y., Jiang, Z. P., & Guan, X. P. (2020). Detection
DoS attacks on the distributed state estimator, one must consider and isolation of false data injection attacks in smart grid via unknown input
interval observer. IEEE Internet of Things Journal, early access.
which and how many subsystems are under DoS attack and what
Yang, J., Zhang, W. A., & Guo, F. H. (2020). Dynamic state estimation for power
are their topology relationships. It will be an interesting but networks by distributed unscented information filter. IEEE Transactions on
challenging problem worth studying. Smart Grid, 11(3), 2162–2171.
Yang, X. S., Zhang, W. A., Liu, A. D., & Yu, L. (2019). Linear fusion estimation for
References range-only target tracking with nonliner transformation. IEEE Transactions on
Industrial Informatics, early access.
Barhumi, I., & Moonen, M. (2009). MLSE and MAP equalization for transmission Zhang, Z. Y., Deng, R. L., Yau, D. K. Y., Cheng, P., & Chen, J. M. (2020). Analysis
over doubly selective channels. IEEE Transactions on Vehicular Technology, of moving target defense against false data injection attacks on power grid.
58(8), 4120–4128. IEEE Transactions on Informormation Forensics and Security, 15, 2320–2335.
Bi, S. Z., & Zhang, Y. J. (2014). Graphical methods for defense against false- Zhao, J. B., & Mili, L. (2018). Power system robust decentralized dynamic state
data injection attacks on power system state estimation. IEEE Transactions estimation based on multiple hypothesis testing. IEEE Transactions on Power
on Smart Grid, 5(3), 1216–1227. Systems, 33(4), 4553–4562.

6
J. Yang, W.-A. Zhang and F. Guo Automatica 137 (2022) 110091

Jun Yang received the B.Eng. degree in mechanical networked control systems, and multi-sensor information fusion estimation. Dr.
and electrical engineering from Huazhong Agricultural Zhang was awarded an Alexander von Humboldt Fellowship in 2011–2012. Since
University, Wuhan, China, in 2013. He is currently September 2016, he has been a Subject Editor for Optimal Control Applications
working toward the MD-Ph.D. degree in control theory and Methods.
and control engineering from Zhejiang University of
Technology, Hangzhou, China. His research interests
include information fusion, distributed estimation and Fanghong Guo received his B. Eng. degree in Automa-
smart grid. tion Science from Southeast University, Nanjing, China
in July 2010, M. Eng. degree in Automation Science
and Electrical Engineering from Beihang University,
Beijing, China in January 2013, and Ph.D. degree in
Sustainable Earth from Energy Research Institute @NTU,
Wen-An Zhang received the B.Eng. degree in Automa- Interdisciplinary Graduate School, Nanyang Technolog-
tion and the Ph.D. degree in Control Theory and Control ical University, Singapore in November 2016. He was
Engineering from Zhejiang University of Technology, a Research Associate and then a Research Fellow with
Hangzhou, China, in 2004 and 2010, respectively. Since the Rolls-Royce Cooperate Lab @NTU, Nanyang Techno-
2010, he has been with Zhejiang University of Tech- logical University, from May 2016 to April 2017. From
nology, where he is currently a Professor with the May 2017 to July 2018, he was a Scientist with the Experimental Power Grid
Department of Automation. From 2010 to 2011, he Centre (EPGC), Agency for Science, Technology and Research (A*STAR), Singapore.
was a Senior Research Associate with the Department He is currently with the Department of Automation, Zhejiang University of
of Manufacturing Engineering and Engineering Man- Technology, Hangzhou, China. His research interests include distributed coop-
agement, City University of Hong Kong. His research erative control, distributed optimization on microgrid systems, and smart grid.
interests include cyber–physical systems security, He served as an Associate Editor of IEEE Transactions on Industrial Electronics.