1 Introduction

Modern power grids are presently integrated with an extended digital layer comprised of sensors and smart meters that provide measurements at a fast rate and a high resolution [1]. Several smart devices are also able to transmit measurements via wireless communication channels that although flexible and efficient are generally unprotected and vulnerable to cyber-attacks [2]. Cyber-attackers compromise the integrity of sensitive elements of the network aiming to cause system malfunctions [3]. Common attack scenarios include the delaying or jamming of the acquired sensor data [4] and the corruption of the measurements by injecting false signals [5]. The reliable transmission of the data requires the use of security-enhancing techniques that increase the complexity of the infrastructure, leading to a cyber physical system modeling approach [6].

Attacks on the load frequency control loop of power networks have been studied in [7, 8], whereas in [9] the concept of positive invariance was used to quantify the attack impact on a two-area power plant. The design of stealthy adversaries was addressed in [10] and attack detectors in the form of network monitors were proposed in [11, 12]. Residual-based state estimators are by far the most common way of detecting attacks on networked systems as it is shown in [13, 14]. These detectors rely on the value of the estimation residue in order to decide whether or not the system is under attack. If the residue obtains a steady-state value larger than a critical threshold, then an alarm is activated. The motivation of this work emerges from the fact that if the attack pattern forces the state variables to oscillate, then they will never obtain a constant steady-state value and therefore the residual-based estimator will never cause the alarm to be triggered.

The use of a robust invariant set in order to develop a set-theoretic attack detector was first introduced in [15], where the load frequency control loop of a single control area was studied. The key idea was to trigger an alarm whenever the state vector exits the invariant set. It was shown that small persistent bias injected signals corrupting the frequency sensor measurements can pass undetected. Explicit boundary values of the bias injected signal that ensure a stealthy attack were derived in [16]. However, these bounds are consistently small and therefore impractical from an adversarial point of view, since realistic attack scenarios involve larger values of the attack signal.

This paper elaborates on previous results of the authors [17, 18]. In this work, the use of set-theoretic attack detectors is expanded on a networked power system and their efficiency is assessed considering both persistent and intermittent data corruption attack patterns on the frequency measurements. The simulations concern a case study of the benchmark two area power plant and they highlight the ability of the set-theoretic detector to disclose attacks during the transient response of the system, while also in the presence of disturbances; a feat that the traditional residual-based estimators are unable to demonstrate.

The paper is organized as follows. In Section 2 the mathematical model of the power network is established, while in Section 3 the design of the set-theoretic attack detector is presented. In Section 4 the switching signal driving the intermittent attack pattern is developed and Section 5 presents simulation results validating our conceptual approach. In Section 6 we provide concluding remarks, whereas an “Appendix A” explains some of the notations used throughout the paper.

2 System description

The algorithms used for the computation of a robust invariant set require a discrete-time representation of the system dynamics. The discretization process of the power network is performed in three steps. First, we extract the discrete-time equivalent models of all interconnected areas assuming that the power exchanged via the tie lines is an external signal. Then, we discretize the tie line model of each control area separately and finally, we combine the control area and tie line dynamics into a single discrete-time state space model.

2.1 Interconnected control area model

Consider the generic interconnected control area model, subject to a data corruption cyber-attack depicted in Fig. 1. According to [19, 20], a state space model that describes the evolution of the plant in the continuous-time domain is given as:

$$\begin{aligned} S^c_i: \left\{ \begin{array}{rll} \frac{{\mathrm {d}}}{{\mathrm {d}} t}{\varvec{x}}_i(t) &{} = &{} {\varvec{A}}_{c, i} {\varvec{x}}_i(t) + {\varvec{B}}_{c, i} u_{c, i}(t) + {\varvec{D}}_{c, i} \Delta P_{L, i}(t) \\ &{}&{} + {\varvec{E}}_{c, i} \Delta P_{tie, i}(t) \\ {\varvec{x}}_i(0) &{}=&{} {\varvec{x}}_{i, 0} \\ y_i(t) &{}=&{} {\varvec{C}}_i {\varvec{x}}_i(t) \\ \end{array} \right. \end{aligned}$$

where the subscript \(i \in {\mathcal {I}} = \{ 1, 2, \dots , N \}\) denotes the i-th control area of the network and \(t \in {\mathbb {R}}_+\) is the time variable. The state vector \({\varvec{x}}_i(t) \in {\mathbb {R}}^2\) encapsulates the deviation of the electrical frequency \(\Delta f_i(t)\) and the deviation of the mechanical power in the output of the turbine \(\Delta P_{G, i}(t)\), namely:

$$\begin{aligned} {\varvec{x}}_i(t) = \left[ \Delta f_i(t) \quad \Delta P_{G,i}(t) \right] ^{\mathrm {T}} \end{aligned}$$
Fig. 1
figure 1

Load frequency control loop of a generic interconnected control area subject to a data corruption cyber-attack on the frequency sensor measurements (the speed governor dynamics are omitted for brevity)

Full size image

We assume that the mechanical power provided to the rotor shaft is equal to the electrical power produced by the generator. The system output \(y_i(t) \in {\mathbb {R}}\) is identical to the first state variable \(\Delta f_i (t)\), thus \({\varvec{C}}_i = [1 \quad 0]\). The control input \(u_{c, i}(t) \in {\mathbb {R}}\) consists of two components, namely the primary frequency control action \(\Delta P_{f, i} (t)\) and the automatic generation control law \(\Delta P_{c, i} (t)\). According to Fig. 1, the input \(u_{c_, i}(t)\) is defined as:

$$\begin{aligned} u_{c, i}(t) = \Delta P_{c, i} (t) + \Delta P_{f, i} (t) \end{aligned}$$

and is subject to the saturation hard constraint:

$$\begin{aligned} | u_{c, i}(t) | \le u_{i, \max } \quad \forall t \ge 0 \end{aligned}$$

The signal \(\Delta P_{L, i}(t) \in {\mathbb {R}}\) is an unknown but bounded disturbance representing the power load deviation due to the demand of the consumers. In contrast to other works [8, 9], we allow the load to change over time according to the power demand, that is \(\Delta P_{L, i}(t) \ne 0\), and we assume that it obeys the constraint:

$$\begin{aligned} | \Delta P_{L, i}(t) | \le \Delta P_{L, i, \max } \quad \forall t \ge 0 \end{aligned}$$

  The signal \(\Delta P_{tie, i}(t) \in {\mathbb {R}}\) represents the deviation of the electrical power exchanged between the i-th control area and the network through the tie line interconnection, whenever a power load change occurs. The matrix \({\varvec{A}}_{c, i} \in {\mathbb {R}}^{2 \times 2}\) is defined as:

$$\begin{aligned} {\varvec{A}}_{c, i} = \left[\begin{array}{cc} - 1/T_{p, i}&K_{p, i}/T_{p, i} \\ 0&-1/T_{T, i} \end{array}\right] \end{aligned}$$

and the matrices \({\varvec{B}}_{c, i}, {\varvec{D}}_{c, i}, {\varvec{E}}_{c, i} \in {\mathbb {R}}^{2 \times 1}\) are defined as:

$$\begin{aligned} {\varvec{B}}_{c, i}& = \left[\begin{array}{cc} 0 \\ K_{T, i}/T_{T, i} \end{array}\right] \\ {\varvec{D}}_{c, i}& = {\varvec{E}}_{c, i} = \left[\begin{array}{cc} -K_{p, i}/T_{p, i} \\ 0 \end{array}\right] \end{aligned}$$

The load changes affecting the control areas cause the electrical frequency and the tie line power to deviate from their nominal values. The speed governor performs the primary frequency control action defined as:

$$\begin{aligned} \Delta P_{f, i} (t) = - \dfrac{1}{R_i} y_i(t) \end{aligned}$$
(1)

where \(R_i\) is the speed droop parameter. The remaining steady-state errors are eliminated by the automatic generation control unit, which is usually implemented in terms of an integral controller [21] defined as:

$$\begin{aligned} \Delta P_{c, i} (t) = K_{I, i} \int _0^t ACE_i(\tau ) {\mathrm {d}} \tau \end{aligned}$$
(2)
$$\begin{aligned} ACE_i(t) = \left( \Delta P^{ref}_{tie,i} - \Delta P_{tie, i}(t) \right) + B_i \left( \Delta f^{ref}_i - \tilde{y}_i(t) \right) \end{aligned}$$

where \(ACE_i(t)\) represents the i-th area control error, the reference signals \(\Delta P^{ref}_{tie, i} = 0\) and \(\Delta f^{ref}_i = 0\) associate with the tie line power deviation and the electrical frequency deviation respectively and \(B_i = 1/R_i\). The signal \(\tilde{y}_i(t)\) is defined as:

$$\begin{aligned} \tilde{y}_i(t) = y_i(t) - \alpha _i \sigma _i(t) \end{aligned}$$
(3)

where \(\alpha _i \in {\mathbb {R}}\) denotes the attack signal corrupting the measurement channel and \(\sigma _i:{\mathbb {R}}_+ \rightarrow \{ 0, 1 \}\) determines whether or not the i-th area is under attack. The speed governor remains unaffected since it is either mechanically or hydraulically coupled with the generator.

The equivalent discrete-time model of each interconnected control area is extracted by first computing the eigenvalues of the matrices \({\varvec{A}}_{c, i}\) and then selecting a global sampling frequency \(f_s\) at least ten times greater than the frequency of the fastest eigenvalue of the network. We apply the zero-order hold method and obtain a discrete-time state space representation as

$$\begin{aligned} S^d_i: \left\{ \begin{array}{rll} {\varvec{x}}_i[k + 1] &{} =&{} {\varvec{A}}_{d, i} {\varvec{x}}_i[k] + {\varvec{B}}_{d, i} u_{d, i}[k] + {\varvec{D}}_{d, i} \Delta P_{L, i} [k] \\ &{}&{} + {\varvec{E}}_{d, i} \Delta P_{tie, i}[k] \\ {\varvec{x}}_i[0] &{} = &{} {\varvec{x}}_{i, 0} \\ y_i[k] &{} = &{} {\varvec{C}}_i {\varvec{x}}_i[k] \end{array} \right. \end{aligned}$$

where \(k \in {\mathbb {N}}\) is the new time variable.

Finally, since \(u_{c, i}(t)\) implements a dynamic control law, we need to determine the equivalent discrete-time controller \(u_{d, i}[k]\). Let us set the accumulated time errors

$$\begin{aligned} z_{1, i}(t)= & {} \dfrac{1}{f^\circ } \int _0^t \left( \Delta f^{ref}_i - \tilde{y}_i(\tau ) \right) {\mathrm {d}} \tau \end{aligned}$$
(4)
$$\begin{aligned} z_{2, i}(t)= & {} \dfrac{1}{|P_{tie, i}^\circ |} \int _0^t \left( \Delta P_{tie, i}^{ref} - \Delta P_{tie, i}(\tau ) \right) {\mathrm {d}} \tau \end{aligned}$$
(5)

as the extra state variables augmenting the system due to the existence of the integrator (2). Parameters \(f^\circ\) and \(P_{tie, i}^\circ\) represent the nominal network frequency and the nominal power exchanged via the i-th tie line respectively. We remark that \(P_{tie, i}^\circ\) is considered positive when the power flow is directed from the i-th area towards the network. If we consider (1)-(5), while keeping the sampling frequency and the discretization method unaltered, then we obtain:

$$\begin{aligned} u_{d, i}[k] = \bar{K}_{I_1, i} z_{1, i}[k] + \bar{K}_{I_2, i} z_{2, i}[k] - \frac{1}{R_i} y_i[k] \end{aligned}$$

where the gains \(\bar{K}_{I_1, i}\) and \(\bar{K}_{I_2, i}\) are defined as:

$$\begin{aligned} {\left\{ \begin{array}{ll} \bar{K}_{I_1, i} = K_{I, i} B_i f^\circ \\ \bar{K}_{I_2, i} = K_{I, i} |P_{tie, i}^\circ | \end{array}\right. } \end{aligned}$$

and the variables \(z_{1, i}[k]\), \(z_{2, i}[k]\) satisfy the equations:

$$\begin{aligned}&{\left\{ \begin{array}{ll} z_{1, i}[k + 1] = z_{1, i}[k] - \frac{1}{f_s f^\circ } \tilde{y}_i[k]\\ z_{1, i}[0] = z_{2, i}[0] = 0 \ \ \ \ \ \end{array}\right. } \end{aligned}$$
(6)
$$\begin{aligned}&z_{2, i}[k + 1] = z_{2, i}[k] - \frac{1}{f_s |P_{tie, i}^\circ |} \Delta P_{tie, i}[k] \end{aligned}$$
(7)

  The model of the discrete-time closed-loop interconnected control area under attack is written as:

$$\begin{aligned} S_i^{cl}: \left\{ \begin{array}{rll} {\varvec{\xi }}_i[k + 1] &{} = &{} {\varvec{A}}_{cl, i} {\varvec{\xi }}_i[k] + \alpha _i {\varvec{B}}_{cl, i} \sigma _i[k] \\ &{}&{} + {\varvec{D}}_{cl, i} \Delta P_{L, i}[k] + {\varvec{E}}_{cl, i} \Delta P_{tie, i}[k] \\ y_i[k] &{} = &{} {\varvec{C}}_{cl, i} {\varvec{\xi }}_i[k] \end{array} \right. \end{aligned}$$
(8)

where the augmented state vector \({\varvec{\xi }}_i[k] \in {\mathbb {R}}^4\) is given as:

$$\begin{aligned} {\varvec{\xi }}_i[k] = \left[ \Delta f_i[k] \quad \Delta P_{G, i} [k] \quad z_{1, i}[k] \quad z_{2, i}[k] \right] ^ {\mathrm {T}} \end{aligned}$$

the matrix \({\varvec{A}}_{cl, i} \in {\mathbb {R}}^{4 \times 4}\) is given as:

$$\begin{aligned} {\varvec{A}}_{cl, i} = \left[\begin{array}{ccc} {\varvec{A}}_{d, i} - \left( 1/R_i \right) {\varvec{B}}_{d, i} {\varvec{C}}_i&\ {\varvec{B}}_{d, i} \bar{K}_{I_1, i}&\ {\varvec{B}}_{d, i} \bar{K}_{I_2, i} \\ - 1 / \left( f_s f^\circ \right) {\varvec{C}}_i&\ 1&\ 0 \\ {\mathbb {O}}_{1 \times 2}&\ 0&\ 1 \end{array}\right] \end{aligned}$$

the matrices \({\varvec{B}}_{cl, i}, {\varvec{D}}_{cl, i}, {\varvec{E}}_{cl, i} \in {\mathbb {R}}^{4 \times 1}\) are given as:

$$\begin{aligned} {\left\{ \begin{array}{ll} {\varvec{B}}_{cl, i} = \left[ {\mathbb {O}}_{1 \times 2} \ \ 1 / \left( f_s f^\circ \right) \ \ 0 \right] ^{\mathrm {T}} \ \ \\ {\varvec{D}}_{cl, i} = \left[ {\varvec{D}}_{d, i}^{\mathrm {T}} \ \ 0 \ \ 0 \right] ^{\mathrm {T}} \\ {\varvec{E}}_{cl, i} = \left[ {\varvec{E}}_{d, i}^{\mathrm {T}} \ \ 0 \ \ - 1 / \left( f_s |P_{tie, i}^\circ | \right) \right] ^{\mathrm {T}} \end{array}\right. } \end{aligned}$$

and \({\varvec{C}}_{cl, i} = [{\varvec{C}}_i \ \ 0 \ \ 0]\).

2.2 Tie line model

Each control area that is connected to the network is able to exchange power with it through a tie line. Whenever a load change occurs, the power flow of each tie line deviates from its nominal value \(P_{tie, i}^\circ\) according to \(\Delta P_{tie, i}(t)\). The linearized tie line dynamics associated with the i-th area are governed by the equation [19, 20]:

$$\begin{aligned} \frac{{\mathrm {d}}}{{\mathrm {d}}t} \Delta P_{tie, i}(t) = \sum _{j = 1}^N \left[ 2 \pi T_{ij} \left( \Delta f_i(t) - \Delta f_j(t) \right) \right] \end{aligned}$$
(9)

where \(T_{ij}\) denotes the synchronization coefficient between the control areas i and j and \(\Delta P_{tie, i}\) encapsulates all existing interconnections of the i-th area with the other areas of the grid.

The synchronization coefficients satisfy the condition \(T_{ij} = T_{ji}\) for all \(i, j \in {\mathcal {I}}\) and if two control areas ij are not interconnected, then by definition we have \(T_{ij} = 0\). In other words, if we consider the network in terms of a weighted graph, as depicted in Fig. 2, where the nodes \(a_i\) represent the control areas and the coefficients \(T_{ij}\) indicate the existing interconnections, then the synchronization coefficients \(T_{ij}\) are the elements of the adjacency matrix.

Fig. 2
figure 2

Graph depiction of a network

Full size image

In order to extract a discrete-time equivalent model for the tie line, we use the same global sampling frequency \(f_s\) and apply again the zero order hold method. The outcome is the difference equation:

$$\Delta P_{tie, i}[k + 1] = \Delta P_{tie, i}[k] \ + T_s \sum _{j = 1}^N \left[ 2 \pi T_{ij} \left( \Delta f_i[k] - \Delta f_j[k] \right) \right]$$
(10)

where \(T_s = 1/f_s\) is the sampling period.

2.3 Network model

If we compute the models of all interconnected control areas along with their corresponding tie lines and then express them in the discrete-time domain, we can directly compute a discrete-time representation of the entire network. In our case, the dynamic evolution of the overall networked power system in the discrete-time domain can be described in augmented form in terms of the following difference equation:

$$\begin{aligned}S_{net} : \left\{ \begin{array}{rll} {\varvec{x}}_{net}[k + 1] &{} = &{} {\varvec{A}}_{net} {\varvec{x}}_{net}[k] + {\varvec{B}}_{net}[k] + {\varvec{D}}_{net} \Delta {\varvec{P}}_{L, net}[k] \\ {\varvec{x}}_{net}[0] &{}=&{} {\varvec{x}}_{net, 0} \\ {\varvec{y}}_{net}[k] &{} = &{} {\varvec{C}}_{net} {\varvec{x}}_{net} \end{array} \right. \end{aligned}$$
(11)

where the number of the state variables per control area is \(n = 4\), the vector of the state variables for the entire network \({\varvec{x}}_{net} \in {\mathbb {R}}^{(n + 1)N}\) is defined as:

$$\begin{aligned} {\varvec{x}}_{net}[k] = \left[ {\varvec{\xi}} _1^{\mathrm {T}}[k] \ \ldots \ {\varvec{\xi}} _N^{\mathrm {T}}[k] \quad \Delta P_{tie, 1}[k] \ \ldots \ \Delta P_{tie, N}[k] \right] ^{\mathrm {T}} \end{aligned}$$

and the vector of the power load changes for the entire network \(\Delta {\varvec{P}}_{L, net} \in {\mathbb {R}}^N\) is defined as:

$$\begin{aligned} \Delta {\varvec{P}}_{L, net}[k] = \left[ \Delta P_{L, 1}[k] \quad \Delta P_{L, 2}[k] \ \ldots \ \Delta P_{L, N}[k] \right] ^{\mathrm {T}} \end{aligned}$$

Matrix \({\varvec{A}}_{net} \in {\mathbb {R}}^{(n + 1)N \times (n + 1)N}\) is structured as:

$$\begin{aligned} {\varvec{A}}_{net} = \left[ \begin{array}{cc} {\varvec{A}}_{net, 11} &{} {\varvec{A}}_{net, 12} \\ {\varvec{A}}_{net, 21} &{} {\varvec{A}}_{net, 22} \end{array} \right] \end{aligned}$$

where \({\varvec{A}}_{net, 11} \in {\mathbb {R}}^{nN \times nN}\) and \({\varvec{A}}_{net, 12} \in {\mathbb {R}}^{nN \times N}\) associate with the interconnected control area models (8) and are defined as:

$$\begin{aligned} {\varvec{A}}_{net, 11}& = \left[ \begin{array}{cccc} {\varvec{A}}_{cl, 1}&{\mathbb {O}}_{n \times n}&\ldots&{\mathbb {O}}_{n \times n} \\ {\mathbb {O}}_{n \times n}&{\varvec{A}}_{cl, 2}&\ldots&{\mathbb {O}}_{n \times n} \\ \vdots&\vdots&\vdots \\ {\mathbb {O}}_{n \times n}&{\mathbb {O}}_{n \times n}&\ldots&{\varvec{A}}_{cl, N} \end{array}\right] \\ {\varvec{A}}_{net, 12}&= \left[\begin{array}{cccc} {\varvec{E}}_{cl, 1}&{\mathbb {O}}_{n \times 1}&\ldots&{\mathbb {O}}_{n \times 1} \phantom {.} \\ {\mathbb {O}}_{n \times 1}&{\varvec{E}}_{cl, 2}&\ldots&{\mathbb {O}}_{n \times 1} \phantom {.} \\ \vdots&\vdots&\vdots \phantom {.} \\ {\mathbb {O}}_{n \times 1}&{\mathbb {O}}_{n \times 1}&\ldots&{\varvec{E}}_{cl, N} \phantom {.} \end{array}\right] \end{aligned}$$

whereas \({\varvec{A}}_{net, 21} \in {\mathbb {R}}^{N \times nN}\) and \({\varvec{A}}_{net, 22} \in {\mathbb {R}}^{N \times N}\) associate with the tie line models (10) are defined as:

$$\begin{aligned} {\varvec{A}}_{net, 21}&= \left[ \begin{array}{cccc} {\varvec{L}}_{11}&{\varvec{L}}_{12}&\ldots&{\varvec{L}}_{1N} \\ {\varvec{L}}_{21}&{\varvec{L}}_{22}&\ldots&{\varvec{L}}_{2N} \\ \vdots&\vdots&\vdots \\ {\varvec{L}}_{N1}&{\varvec{L}}_{N2}&\ldots&{\varvec{L}}_{NN} \end{array}\right] \\ {\varvec{A}}_{net, 22}&= {\mathbb {I}}_{N \times N} \end{aligned}$$

The elements \({\varvec{L}}_{ij} \in {\mathbb {R}}^{1 \times n}\) are vector quantities associated with the tie line synchronization coefficients and are given in terms of the following equations:

$$\begin{aligned} {\varvec{L}}_{ij} = {\left\{ \begin{array}{ll} \Big [ \sum \limits _{j = 1}^N \left( 2 \pi T_{ij} T_s \right) \quad &{} {\mathbb {O}}_{1 \times (n - 1)} \Big ], \quad \ i = j \\ \\ \Big [ -2 \pi T_{ij} T_s \quad &{} {\mathbb {O}}_{1 \times (n - 1)} \Big ], \quad \ i \ne j \end{array}\right. } \end{aligned}$$

We define \({\varvec{B}}_{net} \in {\mathbb {R}}^{(n + 1)N \times 1}\) and \({\varvec{D}}_{net} \in {\mathbb {R}}^{(n+1)N \times N}\) as:

$$\begin{aligned} \left\{ \begin{array}{l} {{\varvec{B}}_{net}[k] = \left[ \begin{array}{c} {\alpha _1 {\varvec{B}}_{cl, 1} \sigma _1[k]} \\ {\alpha _2 {\varvec{B}}_{cl, 2} \sigma _2[k]} \\ {\vdots } \\ {\alpha_N {\varvec{B}}_{cl, N} \sigma _N[k]} \\ {{\mathbb {O}}_{N\times 1}} \end{array} \right]} \\ {{\varvec{D}}_{net} = \left[\begin{array}{c} {\varvec{D}}_{net, 11} \\ {\mathbb {O}}_{N\times N} \end{array} \right]} \\ {{\varvec{D}}_{net, 11} =\left[\begin{array}{cccc} {\varvec{D}}_{cl, 1} &{} {\mathbb {O}}_{n \times 1} &{} \ldots &{} {\mathbb {O}}_{n \times 1} \\ {\mathbb{O}}_{n \times 1} &{} {\varvec{D}}_{cl, 2} &{} \ldots&{} {\mathbb {O}}_{n \times 1} \\ \vdots &{} \vdots &{}&{} \vdots \\ {\mathbb {O}}_{n \times 1} &{} {\mathbb{O}}_{n \times 1} &{} \ldots &{} {\varvec{D}}_{cl, N}\end{array} \right]}\end{array}\right. \end{aligned}$$

and the matrix \({\varvec{C}}_{net} \in {\mathbb {R}}^{2N \times (n + 1)N}\) is defined as:

$$\begin{aligned} {\varvec{C}}_{net} = \left[ \begin{array}{cccc|c} {\varvec{C}}_{cl, 1} &{} {\mathbb {O}}_{1 \times n} &{} \ldots &{} {\mathbb {O}}_{1 \times n} &{} {\mathbb {O}}_{1 \times N} \\ {\mathbb {O}}_{1 \times n} &{} {\varvec{C}}_{cl, 2} &{} \ldots &{} {\mathbb {O}}_{1 \times n} &{} {\mathbb {O}}_{1 \times N} \\ \vdots &{} \vdots &{} &{} \vdots &{} \vdots \\ {\mathbb {O}}_{1 \times n} &{} {\mathbb {O}}_{1 \times n} &{} \ldots &{} {\varvec{C}}_{cl, N} &{} {\mathbb {O}}_{1 \times N} \\ {\mathbb {O}}_{N \times n} &{} {\mathbb {O}}_{N \times n} &{} \ldots &{} {\mathbb {O}}_{N \times n} &{} {\mathbb {I}}_{N \times N} \end{array} \right] \end{aligned}$$

For the remainder of this paper we consider that the power network evolves in the discrete-time domain and its dynamic behavior is described in terms of (11).

2.4 Stability analysis

The networked system obtained through our modeling process is Lyapunov stable. Lyapunov stability in the continuous-time domain means that there exist system eigenvalues located on the imaginary axis. Accordingly, in the discrete-time domain it means that there exist system eigenvalues located on the boundary of the unit disc. In our case, it can be shown that the continuous-time system has some eigenvalues located exactly at the origin of the complex plane and that the discrete-time system has some eigenvalues with unit value.

If the network evolves in the absence of an attacker, that is \(\sigma _i = 0\) for all \(i \in {\mathcal {I}}\), then \(\tilde{y}_i = y_i\) and the system operates normally. Every power load change \(\Delta P_{L, i}\) is matched with an equal increase or decrease in the produced power \(\Delta P_{G, i}\). At steady-state, all frequency deviations \(\Delta f_i\) converge to zero along with the tie line power deviations \(\Delta P_{tie, i}\). The variables \(z_{1, i}\) and \(z_{2, i}\) converge to some constant nonzero steady-state values and the same holds for \(u_{c, i}\) and \(u_{d, i}\). This scenario is studied in many textbooks [19, 20] and no instability can occur under these circumstances.

The instability is identified both in the continuous and the discrete-time domain, when the network is affected by an attacker. Suppose that the tie line power deviations \(\Delta P_{tie, i}\) reach an equilibrium and converge to constant steady-state values, say \(\Delta P_{tie, i, ss}\). This means that at some point we obtain

$$\begin{aligned} \frac{{\mathrm {d}}}{{\mathrm {d}}t} \Delta P_{tie, i}(t) = 0 \quad\, \forall i = 1, 2, \ldots , N \end{aligned}$$
(12)

for the continuous-time domain and

$$\begin{aligned} \Delta P_{tie, i}[k + 1] = \Delta P_{tie, i}[k] \quad\, \forall i = 1, 2, \ldots , N \end{aligned}$$
(13)

for the the discrete-time domain. Expressions (12), (13) along with (9), (10) imply that if an equilibrium is to be reached, then the frequency deviations \(\Delta f_i\) of all control areas must converge to the same steady-state value, that is \(\lim _{t \rightarrow \infty }\Delta f_{i}(t) = \Delta f_{i, ss} = \Delta f_{ss}\) for all \(i = 1, 2, \ldots , N\).

Now, we identify two distinct cases. First, the case where all control areas are affected by the same attack signal and then, the case where the attack signal differs from one control area to another. The scenario where the adversary affects only some control areas and not all of them falls under the second case, where some \(\alpha _i = 0\).

Let us consider the case where all control areas are affected by the same attack signal, that is \(\alpha _i = \alpha\) for all \(i \in {\mathcal {I}}\). The frequency deviation reference signal is set as \(\Delta f_{i}^{ref} = 0\) and \(\tilde{y}_{i}(t) = y_i(t) - \alpha _i\). Therefore, (4) can be written as:

$$\begin{aligned} z_{1, i}(t) = \dfrac{1}{f^{\circ }} \int _{0}^{t}\left( \alpha _i - y_{i}(\tau ) \right) {\mathrm {d}}\tau \end{aligned}$$
(14)

and implies that this attack scenario essentially alters all the reference signals \(\Delta f_{i}^{ref}\) from zero to \(\alpha\). For the frequency deviations, we have \(\lim _{t \rightarrow \infty } \Delta f_{i}(t) = \alpha\) for all \(i = 1, 2, \ldots , N\), based either on the continuous-time equation (14) or the discrete-time equation (6). For the tie line power deviations, we have \(\lim _{t \rightarrow \infty } \Delta P_{tie, i}(t) = 0\) for all \(i = 1, 2, \ldots , N\), based either on the continuous-time equations (5), (9), (12) or the discrete-time equations (7), (10), (13). The variables \(z_{1, i}\) and \(z_{2, i}\) converge to some constant nonzero steady-state values, such that all \(u_{c, i}\) and \(u_{d, i}\) produce the required \(\Delta P_{G, i}\) to match both the load changes \(\Delta P_{L, i}\) and the nonzero steady-state frequency deviations. Since all state variables converge to constant values, the system is stable.

Let us now consider the case where the attack signal differs from one control area to another. For a persistent attacker, we have \(\lim _{t \rightarrow \infty } \Delta P_{tie, i}(t) = \Delta P_{tie, i, ss} \ne 0\). This implies two things. Firstly, as \(t \rightarrow \infty\), (5) integrates a constant nonzero quantity, therefore all \(z_{2, i}\) are forced to increase linearly over time. Secondly, once \(\Delta P_{tie, i}\) reaches an equilibrium, all \(\Delta f_{i}\) must have converged to the same steady-state value, which is nonetheless different than the one that each \(\alpha _i\) dictates, that is \(\lim _{t \rightarrow \infty } \Delta f_{i}(t) = \lim _{t \rightarrow \infty } y_i(t) \ne \alpha _i\). In turn, (14), as \(t \rightarrow \infty\), integrates a constant nonzero quantity, therefore all \(z_{1, i}\) are forced to increase linearly over time as well. The same two results can be obtained from the discrete-time equations (6), (7). Although \(z_{1, i}\) and \(z_{2, i}\) tend to infinity, their opposite signs drive \(u_{c, i}\) and \(u_{d, i}\) to some constant steady-state values, causing each generator to produce the necessary power \(\Delta P_{G, i}\) that satisfies both the load changes \(\Delta P_{L, i}\) and the nonzero steady-state frequency deviations.

In conclusion, the network instability appears when the attack signal differs from one control area to another or when the attacker affects only some control areas of the network. We highlight that instead of \(z_{1, i}\) and \(z_{2, i}\) we could choose different integral variables, say:

$$\begin{aligned} w_i(t) = \int _{0}^{t}ACE_{i}(\tau ) {\mathrm {d}}\tau = |P_{tie, i}^{\circ }| z_{2, i}(t) + B_i f^{\circ } z_{1, i}(t) \end{aligned}$$

and obtain an asymptotically stable system, since the \(w_{i}\) will follow the convergence of \(u_{c, i}\) and \(u_{d, i}\). However, in this case we lose our main advantage, which is the ability to always detect an adversary, unless all of the control areas are simultaneously corrupted by the same attack signal. The unstable character of \(z_{1, i}\) and \(z_{2, i}\) ensures that the state trajectory will, sooner or later, exit any given convex and compact robust invariant set, causing the adversary to be disclosed. The trade-off for using the states \(z_{1, i}\) and \(z_{2, i}\) is the increased complexity in the calculation of the robust invariant set, due to the Lyapunov stable network dynamics.

3 Attack detector design

In order to extract the robust invariant set that will be exploited as a set-theoretic attack detector, our first priority is to determine a set of state constraints that ensures the risk-free behavior of the network. This set can be obtained by enforcing suitable bounds on each state variable based on the standard safety considerations invoked in the literature.

According to [8], large frequency deviations, that may occur during the transients, jeopardize the stability of the grid. Thus, the frequency deviation \(\Delta f_i[k]\) should always respect the inequality:

$$\begin{aligned} |\Delta f_i [k]| \le \Delta f_{i, \max } = 1.5 \ {\mathrm {Hz}} \quad\, \forall k \in {\mathbb {N}} \end{aligned}$$

  The hard constraints imposed on the control signal imply that similar bounds exist for \(\Delta P_{G, i}[k]\). The discretization does not alter the dc-gains of the system and the turbine has a unit dc-gain. Therefore, the bounds of \(\Delta P_{G, i}\), \(u_{c, i}\) and \(u_{d, i}\) are identical with each other and the mechanical power produced in the output of the turbine should always respect the inequality

$$\begin{aligned} |\Delta P_{G, i}[k]| \le \Delta P_{G, i, \max } = u_{i, \max } \quad\, \forall k \in {\mathbb {N}} \end{aligned}$$

In comparison to the bounds of \(\Delta f_i\), the constraints imposed on \(\Delta P_{G, i}\) are hard and can never be violated.

The variables \(z_{1, i}[k]\) and \(z_{2, i}[k]\) are measured in time units and, according to [19, 22], it is always necessary to limit the deviation of the synchronous clocks driven by the system frequency. Thus, the accumulated time errors should always respect the inequalities:

$$\begin{aligned} {\left\{ \begin{array}{ll} {|}z_{1, i}[k]| \le z_{1, i, \max } = 3 \ {\mathrm {s}} \quad\, \forall k \in {\mathbb {N}} \\ {|}z_{2, i}[k]| \le z_{2, i, \max } = 3 \ {\mathrm {s}} \quad \,\forall k \in {\mathbb {N}} \end{array}\right. } \end{aligned}$$

  Each tie line connects a control area to the network and is designed to transfer a nominal amount of power. After every power load change, the tie line power deviates from its nominal value. Large and persistent oscillations of \(\Delta P_{tie, i}[k]\) are generally undesirable, because they stress the tie line to its thermal limits and threaten the stability of the grid. Therefore, the tie line power deviations should always respect the inequality:

$$\begin{aligned} |\Delta P_{tie, i}[k]| \le \Delta P_{tie, i, \max } \quad\, \forall k \in {\mathbb {N}} \end{aligned}$$

  The constraints associated with \({\varvec{\xi}} _i\) can be expressed in terms of the set:

$$\begin{aligned} {\varvec{\mathcal {X}}}_i({\varvec{Q}}_i, {\varvec{q}}_i) = \{ {\varvec{\xi }}_i \in {\mathbb {R}}^n: {\varvec{Q}}_i {\varvec{\xi }}_i \le {\varvec{q}}_i \} \end{aligned}$$

where \({\varvec{Q}}_i \in {\mathbb {R}}^{2n \times n}\) and \({\varvec{q}}_i \in {\mathbb {R}}^{2n}\) are given as:

$$\begin{aligned}&{\left\{ \begin{array}{ll} {\varvec{Q}}_i = \left[\begin{array}{cc} {\mathbb {I}}_{n \times n} \\ -{\mathbb {I}}_{n \times n} \end{array}\right] \\ {\varvec{q}}_i = \left[\begin{array}{c} {\varvec{q}}_{i, \max } \\ {\varvec{q}}_{i, \max } \end{array}\right] \end{array}\right. } \\&{\varvec{q}}_{i, \max } = \left[ \Delta f_{i, \max } \quad \Delta P_{G, i, \max } \quad z_{1, i, \max } \quad z_{2, i, \max } \right] ^{\mathrm {T}} \end{aligned}$$

  The constraints associated with \(\Delta P_{tie, i}\) can be expressed in terms of the set:

$$\begin{aligned} \bar{\varvec{\mathcal {X}}}_i(\bar{\varvec{Q}}_i, \bar{\varvec{q}}_i) = \{ \Delta P_{tie, i} \in {\mathbb {R}}: \bar{\varvec{Q}}_i \Delta P_{tie, i} \le \bar{\varvec{q}}_i \} \end{aligned}$$

where \(\bar{\varvec{Q}}_i \in {\mathbb {R}}^{2 \times 1}\) and \(\bar{\varvec{q}}_i \in {\mathbb {R}}^{2 \times 1}\) are given as:

$$\begin{aligned} {\left\{ \begin{array}{ll} \bar{\varvec{Q}}_i = \left[\begin{array}{c} 1 \\ -1 \end{array}\right] \\ \bar{\varvec{q}}_i = \left[\begin{array}{c} \Delta P_{tie, i, \max } \\ \Delta P_{tie, i, \max } \end{array}\right] \end{array}\right. } \end{aligned}$$

  The constraints associated with \({\varvec{x}}_{net}\) are determined by combining the sets \({\varvec{\mathcal {X}}}_i\) and \(\bar{\varvec{\mathcal {X}}}_i\) for all \(i \in {\mathcal {I}}\) and can be expressed in terms of the set:

$$\begin{aligned} {\varvec{\mathcal {X}}}_{net} = \left\{ {\varvec{x}}_{net} \in {\mathbb {R}}^{(n + 1)N}: {\varvec{Q}}_{net} {\varvec{x}}_{net} \le {\varvec{q}}_{net} \right\} \end{aligned}$$

The matrix \({\varvec{Q}}_{net}\) is structured as

$$\begin{aligned} {\varvec{Q}}_{net} = \left[ \begin{array}{cc} {\varvec{Q}}_{net, 11} &{} {\varvec{Q}}_{net, 12} \\ {\varvec{Q}}_{net, 21} &{} {\varvec{Q}}_{net, 22} \end{array} \right] \end{aligned}$$

and the vector \({\varvec{q}}_{net}\) is structured as:

$$\begin{aligned} {\varvec{q}}_{net} = \left[ {\varvec{q}}_1^{\mathrm {T}} \ \ldots \ {\varvec{q}}_N^{\mathrm {T}} \quad \bar{{\varvec{q}}}_1^{\mathrm {T}} \ \ldots \ \bar{{\varvec{q}}}_N^{\mathrm {T}} \right] ^{\mathrm {T}} \end{aligned}$$

The blocks \({\varvec{Q}}_{net, 11} \in {\mathbb {R}}^{2nN \times nN}\) and \({\varvec{Q}}_{net, 22} \in {\mathbb {R}}^{2N \times N}\) associate with the constraints imposed on \({\varvec{\xi}} _i\) and \(\Delta P_{tie, i}\) respectively and are defined as:

$$\begin{aligned} {\varvec{Q}}_{net, 11}&= \left[\begin{array}{cccc} {\varvec{Q}}_{1}&{\mathbb {O}}_{2n \times n}&\ldots&{\mathbb {O}}_{2n \times n} \\ {\mathbb {O}}_{2n \times n}&{\varvec{Q}}_{2}&\ldots&{\mathbb {O}}_{2n \times n} \\ \vdots&\vdots&\vdots \\ {\mathbb {O}}_{2n \times n}&{\mathbb {O}}_{2n \times n}&\ldots&{\varvec{Q}}_{N} \end{array}\right] \\ {\varvec{Q}}_{net, 22}&= \left[\begin{array}{cccc} \bar{{\varvec{Q}}}_{1}&{\mathbb {O}}_{2 \times 1}&\ldots&{\mathbb {O}}_{2 \times 1} \\ {\mathbb {O}}_{2 \times 1}&\bar{{\varvec{Q}}}_{2}&\ldots&{\mathbb {O}}_{2 \times 1} \\ \vdots&\vdots&\vdots \\ {\mathbb {O}}_{2 \times 1}&{\mathbb {O}}_{2 \times 1}&\ldots&\bar{{\varvec{Q}}}_{N} \end{array}\right] \end{aligned}$$

whereas the blocks \({\varvec{Q}}_{net, 12}\) and \({\varvec{Q}}_{net, 21}\) are defined as:

$$\begin{aligned} {\left\{ \begin{array}{ll} {\varvec{Q}}_{net, 12} = {\mathbb {O}}_{2nN \times N} \\ {\varvec{Q}}_{net, 21} = {\mathbb {O}}_{2N \times nN} \end{array}\right. } \end{aligned}$$

  We may also define the admissible states \({\varvec{\xi}} _i\) that result in a control law \(u_{d, i}[k]\) respecting the hard input constraints in terms of the set:

$$\begin{aligned} {\varvec{\mathcal {U}}}_i({\varvec{P}}_i, {\varvec{p}}_i) = \left\{ {\varvec{\xi }}_i \in {\mathbb {R}}^n : {\varvec{P}}_i {\varvec{\xi }}_i \le {\varvec{p}}_i\right\} \end{aligned}$$

where \({\varvec{P}}_i \in {\mathbb {R}}^{2 \times n}\) and \({\varvec{p}}_i \in {\mathbb {R}}^2\) are given as:

$$\begin{aligned} {\left\{ \begin{array}{ll} {\varvec{P}}_i = \left[\begin{array}{ccc} - \left( 1/R_i \right) {\varvec{C}}_i &{} \ \phantom {-} \bar{K}_{I_1, i} &{} \ \phantom {-} \bar{K}_{I_2, i} \\ \phantom {-}\left( 1/R_i \right) {\varvec{C}}_i &{} \ - \bar{K}_{I_1, i} &{} \ - \bar{K}_{I_2, i} \end{array}\right] \\ {\varvec{p}}_i = \left[\begin{array}{c} u_{i, \max } \\ u_{i, \max } \end{array}\right] \end{array}\right. } \end{aligned}$$

  The set of the admissible values of \({\varvec{x}}_{net}\) is determined by combining the sets \({\varvec{\mathcal {U}}}_i\) for all \(i \in {\mathcal {I}}\) and can be expressed as:

$$\begin{aligned} {\varvec{\mathcal {U}}}_{net} = \left\{ {\varvec{x}}_{net} \in {\mathbb {R}}^{(n + 1)N}: {\varvec{P}}_{net} {\varvec{x}}_{net} \le {\varvec{p}}_{net} \right\} \end{aligned}$$

The matrix \({\varvec{P}}_{net}\) is structured as:

$$\begin{aligned} {\varvec{P}}_{net} = \left[ \begin{array}{cc} {\varvec{P}}_{net, 1}&\ \ {\varvec{P}}_{net, 2} \end{array} \right] \end{aligned}$$

and the vector \({\varvec{p}}_{net}\) is structured as:

$$\begin{aligned} {\varvec{p}}_{net} = \left[ {\varvec{p}}_1^{\mathrm {T}} \quad {\varvec{p}}_2^{\mathrm {T}} \ \ldots \ {\varvec{p}}_N^{\mathrm {T}} \right] ^{\mathrm {T}} \end{aligned}$$

The blocks \({\varvec{P}}_{net, 1} \in {\mathbb {R}}^{2N \times nN}\) and \({\varvec{P}}_{net, 2}\) are defined as:

$$\begin{aligned} {\left\{ \begin{array}{ll} {\varvec{P}}_{net, 1} = \left[\begin{array}{cccc} {\varvec{P}}_{1} &{} {\mathbb {O}}_{2 \times n} &{} \ldots &{} {\mathbb {O}}_{2 \times n} \\ {\mathbb {O}}_{2 \times n} &{} {\varvec{P}}_{2} &{} \ldots &{} {\mathbb {O}}_{2 \times n} \\ \vdots &{} \vdots &{} &{} \vdots \\ {\mathbb {O}}_{2 \times n} &{} {\mathbb {O}}_{2 \times n} &{} \ldots &{} {\varvec{P}}_{N} \end{array}\right] \\ {\varvec{P}}_{net, 2} = {\mathbb {O}}_{2N \times N} \end{array}\right. } \end{aligned}$$

  Finally, we can define the set of the admissible network disturbances \(\Delta {\varvec{P}}_{L, net}\) as:

$$\begin{aligned} {\varvec{\mathcal {W}}}_{net} = \left\{ \Delta {\varvec{P}}_{L, net} \in {\mathbb {R}}^N : {\varvec{Q}}_{net, 22} \Delta {\varvec{P}}_{L, net} \le {\varvec{r}}_{net} \right\} \end{aligned}$$

where the vector \({\varvec{r}}_{net} \in {\mathbb {R}}^{2N}\) is structured as:

$$\begin{aligned} {\left\{ \begin{array}{ll} {\varvec{r}}_{net} = \left[ {\varvec{r}}_1^{\mathrm {T}} \quad {\varvec{r}}_2^{\mathrm {T}} \ \ldots \ {\varvec{r}}_N^{\mathrm {T}} \right] ^{\mathrm {T}} \\ {\varvec{r}}_i = \left[\begin{array}{c} \Delta P_{L, i, \max } \\ \Delta P_{L, i, \max } \end{array}\right] \end{array}\right. } \end{aligned}$$

  A set is robust invariant when all initial conditions belonging to this set generate state trajectories remaining inside the same set for all future time instances and for all bounded disturbance sequences. A formal definition of robust invariance can be found in [23, 24]. If we consider \(\Delta P_{tie, i}\) as an additional disturbance on the model of each control area (8), then we could try to assign robust invariant sets to each control area individually. However, this concept is invalid since (7), (8) imply that a constant \(\Delta P_{tie, i}\) will drive \(z_{2, i}\) towards infinity, hence the existence of a robust invariant set is immediately denied. In reality, \(\Delta P_{tie, i}\) will decay, but the robust approach must consider all potential disturbance sequences. Consequently, the robust invariant set has to be extracted in a centralized manner considering the network dynamics in (11). We remark that since the robust invariant set will be used in order to detect an adversary, it has to be determined considering the dynamics (11) in the absence of an attacker, that is when \(\sigma _{i}[k] = 0\), for all \(k \in {\mathbb {N}}\), \(i \in {\mathcal {I}}\).

According to [15, 16], the input hard constraints do not allow the controllers to perform unsaturated for all states \({\varvec{x}}_{net} \in {\varvec{\mathcal {X}}}_{net}\). To solve this problem, we can define the set \({\varvec{\mathcal {A}}}_{net} = {\varvec{\mathcal {X}}}_{net} \cap {\varvec{\mathcal {U}}}_{net}\) and then try to determine the maximal subset of \({\varvec{\mathcal {A}}}_{net}\) that is robust positively invariant with respect to the network dynamics in (11). This new set, denoted with \({\varvec{\mathcal {A}}}_{net, \infty }\), is defined as:

$$\begin{aligned} {\varvec{\mathcal {A}}}_{net, \infty }= & {} \left\{ \right. {\varvec{x}}_{net, 0} \in {\varvec{\mathcal {A}}}_{net} : {\varvec{A}}_{net} {\varvec{x}}_{net}[k] + {\varvec{D}}_{net} \Delta {\varvec{P}}_{L, net}[k] \\\in & {} \left. {\varvec{\mathcal {A}}}_{net, \infty }, \ \forall \Delta {\varvec{P}}_{L, net}[k] \in {\varvec{\mathcal {W}}}_{net}, \ \forall k \in {\mathbb {N}} \right\} \end{aligned}$$

  An efficient algorithm for the computation of maximal robust invariant subsets was proposed in [25]. However, this algorithm ensures finite time determination of these sets only for systems described by asymptotically stable dynamics. Due to the abundance of the integral control actions, the dynamics of the network are Lyapunov stable. This fact implies that there exist eigenvalues of the matrix \({\varvec{A}}_{net}\) located exactly on the boundary of the unit disc. In this article, we apply the methods of [25, 26] and we compute an approximation of \({\varvec{\mathcal {A}}}_{net, \infty }\), based on the structure of the network.

The key idea, is to separate the network dynamics into an asymptotically stable compartment and a Lyapunov stable one. This is always possible through a suitable similarity transformation of the state space coordinates. If we solve the eigensystem \({\varvec{A}}_{net} {\varvec{V}} = {\varvec{V F}},\) then we can compute a diagonal matrix \({\varvec{F}}\) containing the eigenvalues of \({\varvec{A}}_{net}\) and an invertible matrix \({\varvec{V}}\) containing the eigenvectors of the system. For complex eigenvalues, it is trivial to render the matrix \({\varvec{F}}\) in its equivalent block-diagonal real form and compute the matrix \({\varvec{V}}\) accordingly. Using the change of variables \({\varvec{\psi }}[k] = {\varvec{V}}^{-1} {\varvec{x}}_{net}[k]\) the network dynamics of (11) can be written as:

$$\begin{aligned} S_{net}^{({\varvec{\psi }})} : {\varvec{\psi }}[k + 1] = {\varvec{F \psi }}[k] + {\varvec{H}} \Delta {\varvec{P}}_{L, net}[k] \quad\, {\varvec{\psi }}[0] = {\varvec{\psi }}_0 \end{aligned}$$

where the matrices \({\varvec{F}}\) and \({\varvec{H}}\) are given as:

$$\begin{aligned} {\varvec{F}} = \left[\begin{array}{cc} {\varvec{F}}_{S}&{\mathbb {O}}_{s_1 \times s_2} \\ {\mathbb {O}}_{s_2 \times s_1}&{\varvec{F}}_{L} \end{array}\right]\\ {\varvec{H}} = {\varvec{V}}^{-1} {\varvec{D}}_{net} = \left[\begin{array}{c} {\varvec{H}}_{S} \\ {\varvec{H}}_{L} \end{array}\right] \end{aligned}$$

for some partitioning indices \(s_1, s_2 \in {\mathbb {N}}^*\) such that \(s_1 + s_2 = (n + 1)N\). The matrices \({\varvec{F}}_{S} \in {\mathbb {R}}^{s_1 \times s_1}\) and \({\varvec{F}}_{L} \in {\mathbb {R}}^{s_2 \times s_2}\) associate with the asymptotically stable and the Lyapunov stable dynamics respectively, \({\varvec{H}}_{S} \in {\mathbb {R}}^{s_1 \times N}\), \({\varvec{H}}_{L} \in {\mathbb {R}}^{s_2 \times N}\) and the state vector \({\varvec{\psi }}\) can be split into two compartments as:

$$\begin{aligned} {\varvec{\psi }}[k] = \left[ {\varvec{\psi }}_{S}^{\mathrm {T}} \quad {\varvec{\psi }}_{L}^{\mathrm {T}} \right] ^{\mathrm {T}} \end{aligned}$$

where \({\varvec{\psi }}_{S} \in {\mathbb {R}}^{s_1}\) and \({\varvec{\psi }}_{L} \in {\mathbb {R}}^{s_2}\). We remark that each vector evolves independently from the other, due to the form of the matrix \({\varvec{F}}\).

The network model (11) obtained through the discretization process in the previous section has two special characteristics. Firstly, the Lyapunov stable eigenvalues have all unit values, therefore \({\varvec{F}}_{L} = {\mathbb {I}}_{s_2 \times s_2}\) and secondly the matrix \({\varvec{D}}_{net}\) is sparse, so that even after the change of variables, the matrix \({\varvec{H}}_{L}\) satisfies the condition \({\varvec{H}}_{L} = {\mathbb {O}}_{s_2 \times N}\). We remark that if the matrix \({\varvec{H}}_{L}\) contained any nonzero elements, then a robust invariant set would not exist.

As the interconnection of two polyhedra, set \({\varvec{\mathcal {A}}}_{net}\) will have the generic polyhedral representation

$$\begin{aligned} {\varvec{\mathcal {A}}}_{net} = \left\{ {\varvec{x}}_{net} \in {\mathbb {R}}^{(n + 1)N} : {\varvec{G x}}_{net} \le {\varvec{g}} \right\} \end{aligned}$$

The change of variables \({\varvec{\psi }}[k] = {\varvec{V}}^{-1} {\varvec{x}}_{net}[k]\) gives the representation of \({\varvec{\mathcal {A}}}_{net}\) in the \({\varvec{\psi }}\)-domain as:

$$\begin{aligned} {\varvec{\mathcal {A}}}^{({\varvec{\psi }})}_{net} = \left\{ {\varvec{\psi }} \in {\mathbb {R}}^{s_1 + s_2} : \bar{{\varvec{G}}} {\varvec{\psi }} \le \bar{{\varvec{g}}} \right\} \quad \bar{{\varvec{G}}} = {\varvec{GV}} \quad \bar{{\varvec{g}}} = {\varvec{g}} \end{aligned}$$

and its maximal robust invariant subset is defined as:

$$\begin{aligned} {\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}= & {} \left\{ {\varvec{\psi }}_0 \in {\varvec{\mathcal {A}}}_{net}^{({\varvec{\psi }})} \right. : {\varvec{F}} {\varvec{\psi }}[k] + {\varvec{H}} \Delta {\varvec{P}}_{L, net}[k] \\\in & {} \left. {\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}, \ \forall \Delta {\varvec{P}}_{L, net}[k] \in {\varvec{\mathcal {W}}}_{net}, \ \forall k \in {\mathbb {N}} \right\} \end{aligned}$$

  According to [25], a finite time determined approximation of \({\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi}} )}\) is the set \(\hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi}} )}\) defined as:

$$\begin{aligned} \hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}= & {} \left\{ {\varvec{\psi }}_0 \in {\varvec{\mathcal {A}}}_{net}^{({\varvec{\psi }})} \right. : \hat{{\varvec{C}}}_S {\varvec{\psi }}_S[k] + \hat{{\varvec{C}}}_L {\varvec{\psi }}_L[k] \\\in & {} \left. {\varvec{\mathcal {L}}}^{\prime } \times {\varvec{\mathcal {A}}}_{net}^{({\varvec{\psi }})}, \ \forall \Delta {\varvec{P}}_{L, net}[k] \in {\varvec{\mathcal {W}}}_{net}, \ \forall k \in {\mathbb {N}} \right\} \end{aligned}$$

where the matrices \(\hat{{\varvec{C}}}_S\) and \(\hat{{\varvec{C}}}_L\) are given as:

$$\begin{aligned} {\left\{ \begin{array}{ll} \hat{{\varvec{C}}}_S = \left[\begin{array}{c} {\mathbb {O}}_{s_2 \times s_1} \\ {\varvec{C}}_S \end{array}\right]\\ \hat{{\varvec{C}}}_L = \left[\begin{array}{c} {\mathbb {I}}_{s_2 \times s_2} \\ {\varvec{C}}_L \end{array}\right] \end{array}\right. } \end{aligned}$$

the matrices \({\varvec{C}}_S \in {\mathbb {R}}^{(s_1 + s_2) \times s_1}\), \({\varvec{C}}_L \in {\mathbb {R}}^{(s_1 + s_2) \times s_2}\) satisfy the equation \([{\varvec{C}}_S \quad {\varvec{C}}_L] = {\mathbb {I}}_{(s_1 + s_2) \times (s_1 + s_2)}\), the set \({\varvec{{\mathcal {L}}}}^{\prime }\) is defined as:

$$\begin{aligned} {\varvec{{\mathcal {L}}}}^{\prime } = \left\{ {\varvec{\psi }}_L \in {\mathbb {R}}^{s_2}: {\varvec{C}}_L {\varvec{F}}_L^k {\varvec{\psi }}_L \in {\varvec{\mathcal {Y}}}^{\prime }, \ \forall k \in {\mathbb {N}} \right\} \end{aligned}$$
(15)

and the set \({\varvec{\mathcal {Y}}}^{\prime } \subset {\mathbb {R}}^{s_1 + s_2}\) is determined via the following standardized procedure [25]. Consider the recursion:

$$\begin{aligned} {\left\{ \begin{array}{ll} \phi _0^i = \bar{g}^i \\ \phi _{k+1}^i = \phi _k^i - h_{\varvec{\mathcal {W}}_{net}}(({\varvec{C}}_S {\varvec{F}}_S^k {\varvec{H}}_S)^{\mathrm {T}} \bar{\varvec{G}}_{i}) \end{array}\right. } \end{aligned}$$

The parameters \(\phi _k^i\) and \(\bar{g}^i\) denote the i-th element of the vectors \({\varvec{\phi }}_k\) and \(\bar{\varvec{g}}\) respectively, \(\bar{{\varvec{G}}}_{i}\) stands for the i-th row of the matrix \(\bar{{\varvec{G}}}\), while the mapping:

$$\begin{aligned} h_{\varvec{\mathcal {W}}_{net}}(\eta ) = \sup _{{\varvec{x}} \in {\varvec{\mathcal {W}}}_{net}} ({\varvec{\eta }}^{\mathrm {T}} {\varvec{x}}) \end{aligned}$$

represents the support function of the set \({\varvec{\mathcal {W}}}_{net}\). If we specify a scalar \(0< \beta < 1\), then there exists a \(k^*\) such that \(\beta {\varvec{\phi }}_{k^*} - {\varvec{\theta }}_{k^*} \ge 0\), where the i-th element of the vector \({\varvec{\theta }}_{k^*}\) is defined as:

$$\begin{aligned} {\varvec{\theta }}_{k^*}^i = \lambda \zeta _i(1 - \mu )^{-1}\mu ^{k^*} \end{aligned}$$

The parameter \(\mu \in {\mathbb {R}}^*_+\) is the spectral radius of the matrix \({\varvec{F}}_S\), the scalar \(\lambda \in {\mathbb {R}}^*_+\) is selected such that \({\varvec{\mathcal {W}}}_{net} \subset \lambda {\varvec{\mathcal {B}}}_2(N)\), with \({\varvec{\mathcal {B}}}_2(N)\) representing the 2-norm unit ball in \({\mathbb {R}}^N\) and the constants \(\zeta _i \in {\mathbb {R}}^*_+\) can always be determined such that \(\Vert ({\varvec{C}}_S {\varvec{F}}_S^{k^*} {\varvec{H}}_S)^{\mathrm {T}} \bar{{\varvec{G}}}_{i}\Vert _2 \le \zeta _i \mu ^{k^*}\) for all i. Let \({\varvec{\phi}} ^{\prime }\) satisfy:

$$\begin{aligned} (1 - \beta ){\varvec{\phi }}_{k^*}< {\varvec{\phi }}^{\prime } < {\varvec{\phi }}_{k^*} - {\varvec{\theta }}_{k^*} \end{aligned}$$

Then, the set \({\varvec{\mathcal {Y}}}^{\prime }\) is defined as:

$$\begin{aligned} {\varvec{\mathcal {Y}}}^{\prime } = \left\{ {\varvec{\psi }} \in {\mathbb {R}}^{s_1 + s_2}: \bar{{\varvec{G}}} {\varvec{\psi }} \le {\varvec{\phi }}^{\prime } \right\} \end{aligned}$$

and since \({\varvec{F}}_{L} = {\mathbb {I}}_{s_2 \times s_2}\) the set \({\varvec{\mathcal {L}}}^{\prime }\) of (15) is defined as:

$$\begin{aligned} {\varvec{\mathcal {L}}}^{\prime } = \left\{ {\varvec{\psi }}_L \in {\mathbb {R}}^{s_{2}}: \bar{{\varvec{G}}} \varvec{C}_L {\varvec{\psi }}_L \le {\varvec{\phi }}^\prime \right\} \end{aligned}$$

Considering the polyhedral nature of the sets \({\varvec{\mathcal {L}}}^{\prime }\) and \({\varvec{\mathcal {A}}}^{({\varvec{\psi }})}_{net}\), their Cartesian product can be computed as:

$$\begin{aligned} {\varvec{\mathcal {L}}}^{\prime } \times {\varvec{\mathcal {A}}}_{net}^{({\varvec{\psi }})}&= \bigg \{ \phantom {.} \left[\begin{array}{c} {\varvec{\psi }}_L \\ {\varvec{\psi }} \end{array}\right] \in {\mathbb {R}}^{s_1 + 2 s_2} : \\&\quad \phantom {.} \left[\begin{array}{cc} \bar{\varvec{G}}{\varvec{C}}_L&{\mathbb {O}}_{l \times (s_1 + s_2)} \\ {\mathbb {O}}_{l \times s_2}&\bar{\varvec{G}} \end{array}\right] \left[\begin{array}{c} {\varvec{\psi }}_L \\ {\varvec{\psi }} \end{array}\right] \le \left[\begin{array}{c} {\varvec{\phi }}^{\prime } \\ \bar{\varvec{g}} \end{array}\right] \phantom {.} \bigg \} \end{aligned}$$

and l denotes the number of rows of the matrices \(\bar{\varvec{G}}\varvec{C}_L\) and \(\bar{\varvec{G}}\). The attack detection mechanism can now be formally introduced in terms of the alarm signal

$$\begin{aligned} \rho ({\varvec{\psi }}) = {\left\{ \begin{array}{ll} 0 \quad {\varvec{\psi }} \in \hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})} \\ 1 \quad {\text {otherwise}} \end{array}\right. } \end{aligned}$$

and it is triggered whenever the vector \({\varvec{\psi }}\) exits the robust invariant set \(\hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi}} )}\). We assume that the vector \({\varvec{x}}_{net}[k]\) is available to the control center at any given time instant k in order to allow the real-time computation of the vector \({\varvec{\psi }}[k]\).

4 Switching signal design

The authors in [15, 16] studied bias injection cyber-attacks on the frequency sensor measurements, when the attack signal \(\alpha _i\) was set to a constant value and affected the system indefinitely. It was shown that in the case of a single-area power plant the structural properties of the integral controllers force the frequency deviation to regulate wherever the attack signal dictates. However, the only way for an adversary to regulate the frequency in a networked system is to incorporate a coordinated attack on all interconnected areas using the same attack signal \(\alpha _i\) for all \(i \in {\mathcal {I}}\).

A more realistic scenario would be to consider that an attack occurs not on every frequency sensor of the grid at the same time, but only to those sensors that are successfully compromised by the adversary. In this case, only a few of the Lyapunov stable dynamics of the integral controllers will be affected by the attack signal and therefore input to state instability is unavoidable. Specifically, the state variables \(z_{1, i}\), \(z_{2, i}\) are forced to diverge linearly towards infinity for as long as the attacker remains active and the set-induced anomaly detector will ultimately trigger an alarm.

Since persistent attacks on individual control areas seem inevitably detectable in terms of our set-theoretic approach, the only alternative for the adversary is to prolong their disclosure. The attacker can attempt to remain undetected for a longer period by means of a hysteresis-based switching pattern [27]

$$\begin{aligned} \sigma _i[k] = {\left\{ \begin{array}{ll} 0 \quad \quad |\tilde{y}_{i}[k]| > \bar{\alpha }_{i, \max } &{} {\text {and}} \quad \sigma _i[k - 1] = 1 \\ 1 \quad \quad |y_{i}[k]| < \bar{\alpha }_{i, \min } &{} {\text {and}} \quad \sigma _i[k - 1] = 0 \\ \sigma _i[k - 1] \quad {\text {otherwise}} \end{array}\right. } \end{aligned}$$

where \(\bar{\alpha }_{i, \max } = \alpha _{i, \max } - \delta\) and \(\bar{\alpha }_{i, \min } = \alpha _{i, \min } + \delta\) are the hysteresis bounds and \(\delta \in {\mathbb {R}}_+^*\) is the tolerance factor ensuring that a switching can occur only inside the frequency zone \(y_i \in \left[ \Delta f_{i, \min }^\alpha , \Delta f_{i, \max }^\alpha \right] = \left[ \alpha _{i, \min }, \alpha _{i, \max } \right]\).

The only attack resources required in our scenarios are the knowledge of the frequency measurements \(y_i\) and the ability to corrupt them. However, the bounds that we used to limit the load changes, the state variables and the control inputs of the system can be easily obtained, since some of them are standard in the literature. We remark that knowledge alone of these bounds is not enough to defeat our detection mechanism. The attacker can remain potentially undetected only if he additionally has full knowledge of the state vector \({\varvec{\xi}} _{net}\) and of the robust invariant set \(\hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}\). However, to determine this set, the attacker must also know the exact model of the network, namely the matrices \({\varvec{A}}_{net}\), \({\varvec{B}}_{net}\), \({\varvec{C}}_{net}\) and \({\varvec{D}}_{net}\), along with the design-dependent set \({\varvec{\mathcal {L}}}'\). Only then the adversary can reproduce the set \(\hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}\) and use it to develop elaborate state-dependent switching patterns that will prevent an alarm activation.

5 Simulation studies

In this section, we study the load frequency control loop of the benchmark two-area power plant considering two distinct attack scenarios. Initially, we address the case where an adversary compromises the frequency sensor measurements of the first control area and corrupts the data transmitted to the automatic generation control unit with an intermittent bias injected attack signal \(\alpha _1\). The simulations indicate that intermittent attack patterns driven by the switching logic developed in the previous section are harder to detect and they cause the state variables to oscillate. In the sequel, we address the cases of detectable and undetectable coordinated cyber attacks occurring simultaneously on both control areas, using two persistent bias injected attack signals \(\alpha _1\), \(\alpha _2\). The simulations highlight that if the attack signals have the same value, then the adversary is able to regulate the frequency deviation of the network to any safety-critical steady-state value. Both scenarios demonstrate the ability of a set-theoretic attack detector to disclose either a persistent or an intermittent adversary, even in the presence of unknown disturbances.

The parameters of the two-area power network that were used in the simulations are provided in the Tables 1 and 2 [19]. For completeness, we also provide the formulas associated with the gains \(K_{p, i}\) and the constants \(T_{p, i}\) as:

$$\begin{aligned} {\left\{ \begin{array}{ll} K_{p, i} = \frac{1}{D_i} \\ T_{p, i} = \frac{2 H_i P_{B, i}}{f^\circ D_i} \end{array}\right. } \end{aligned}$$
Table 1 Parameter values for control area 1
Full size table
Table 2 Parameter values for control area 2
Full size table

where \(f^{\circ } = 50\,{\mathrm {Hz}}\) is the nominal network frequency. We assume that the simulations start at \(k = 0\), that the initial condition is \({\varvec{x}}_{net}[0] = 0\) and that the duration is the time interval \(t \in [0, 35]\). For a global sampling frequency \(f_s = 100\,{\mathrm {Hz}}\), we have \(k \in [0, 3.5 \times 10^3]\). Furthermore, since our main objective is to assess the efficiency of the set-theoretic attack detector in the presence of disturbances, we assume that the two-area network is subject to the following power load changes:

$$\begin{aligned} { \begin{array}{ll} \Delta P_{L, 1}(t) = 20\,{\mathrm {MW}} \quad\,\,\,\, t \ge 0 \ {\mathrm {s}} \\ \Delta P_{L, 2}(t) = {\left\{ \begin{array}{ll} \phantom {-}0 \ {\mathrm {MW}}\quad\,\,\,\, 0 \le t < 10 \ {\mathrm {s}} \\ -5 \ {\mathrm {MW}}\quad\,\,\,\, t \ge 10 \ {\mathrm {s}} \end{array}\right. } \end{array} } \end{aligned}$$

The tie line is assumed to be lossless, the nominal exchanged power is \(P_{tie, 1}^\circ = - P_{tie, 2}^\circ = 1000 \ {\mathrm {MW}}\) and the synchronization coefficients are assigned the values \(T_{12} = T_{21} = 175 \ {\mathrm {MW/rad}}\).

The bounds of the load changes \(\Delta P_{L, i, \max }\) were selected as small percentages of the power base \(P_{B, i}^\circ\) of each control area [19, 20]. The bounds of the state variables \(\Delta f_{i, \max } = 1.5 \ {\mathrm {Hz}}\), \(\Delta P_{G, i, \max } = u_{i, \max }\) and \(z_{1, i, \max } = z_{2, i, \max } = 3 \ {\mathrm {s}}\) are standardized, holding for all \(i = 1, 2\). In particular, the bounds \(\Delta f_{i, \max }\) are mentioned in [8], whereas the bounds \(z_{1, i, \max }\) and \(z_{2, i, \max }\) are derived from [22]. The bounds of the tie line power deviations \(\Delta P_{tie, i, \max }\) were selected through extensive simulations. Specifically, we observed that even when the maximum admissible power load changes \(\Delta P_{L, i, \max }\) occurred, the graphs of \(\Delta P_{tie, i}\) never exceeded the values \(\Delta P_{tie, i, \max } = 0.5 | P_{tie, i}^\circ |\). The bounds of the control signals \(u_{i, \max }\) were selected in the following manner. First of all, they have to be at least equal to the maximum admissible load changes, in order to be able to service them. Furthermore, they have to amend for potential overshoots during the transient response, so they need to be further increased. The final tuning was performed again through simulations, since the bounds of the control inputs determine to a great extent whether or not a nonempty robust invariant set for the networked system actually exists. Ultimately, they had to be pushed to their current values to ensure the existence of the robust invariant set \(\hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}\).

Regarding the design of the attack detector, the partitioning indices of the matrix \({\varvec{F}} \in {\mathbb {R}}^{10 \times 10}\) are \(s_1 = 7\) and \(s_2 = 3\), the set \({\varvec{\mathcal {Y}}}^{\prime }\) was determined using \(\beta = 0.2\) and \(k^{*} = 60\), the radius \(\lambda\) was selected as:

$$\begin{aligned} \lambda = 1.1 \sqrt{ \sum _{i = 1}^2 (\Delta P_{L, i, \max }^2) } \end{aligned}$$

and each element of the vector \({\varvec{\phi }}^\prime\) was taken as the mean of its boundary values. For the operations involving polyhedral constraints and optimization problems we used the MPT Toolbox 3.0 [28].

The conventions used for the depiction of the state trajectories obey the following rules. The state variables of area 1 are printed in red while an attacker is active (i.e. \(\sigma _1[k] = 1\)) and in blue while an attacker is inactive (i.e. \(\sigma _1[k] = 0\)). The state variables of area 2 are always printed in green color and whether the attacker is active (i.e. \(\sigma _2[k] = 1\)) or not (i.e. \(\sigma _2[k] = 0\)) is determined in the legend of each figure.

5.1 Individual area attack scenario

For this scenario we consider two separate cases. The first case is presented in Fig. 3 and involves the attack signals \(\alpha _1 = 4.5 \ {\mathrm {Hz}}\) and \(\alpha _2 = 0\), whereas the second case is presented in Fig. 4 and involves the attack signals \(\alpha _1 = 2 \ {\mathrm {Hz}}\) and \(\alpha _2 = 0\). In both cases, we study intermittent attack patterns and the switching bounds of \(\sigma _1[k]\) are given as \(\alpha _{1, \min } = 0.01 \ {\mathrm {Hz}}\), \(\alpha _{1, \max } = 0.1 \ {\mathrm {Hz}}\) and the tolerance \(\delta = 10^{-3}\). We remark that the value of \(\alpha _{1, \min }\) is meaningful only if it is larger than the frequency measurement error (\(\sim 10^{-3}\)) [19].

Both cases share several common characteristics. First, the input saturation constraints are never activated, since \(\Delta P_{G, i}[k] < \Delta P_{G, i, \max } = u_{i, \max }\) for all time instances. This fact is important since it ensures that if an alarm is activated, then this activation did not occur simply because the control input triggered the saturation constraints but rather because the state vector exited the robust invariant set. In addition, the intermittent attack pattern causes the state variables \(\Delta f_i\) to oscillate. Although these discrepancies are not significant, they inflict large persistent and non-decaying oscillations on \(\Delta P_{tie, i}\), which stress the tie line and may cause the coupled generators to desynchronize. Finally, we highlight that the attacker is only activated during brief intervals. In fact, during an approximately \(5 \ {\mathrm {s}}\) oscillation, the switching logic causes the attacker to remain active only for approximately \(0.5 \ {\mathrm {s}}\).

Fig. 3
figure 3

State trajectories for \(\alpha _1 = 4.5 \ {\mathrm {Hz}}\) and \(\alpha _2 = 0\)

Full size image

From Fig. 3, we observe that for \(\alpha _1 = 4.5 \ {\mathrm {Hz}}\) the set-theoretic attack detector is regularly triggered. In this case, the detection mechanism successfully discloses the adversary on a very early stage. In contrast, Fig. 4 reveals that if the adversary decreases the value of the attack signal to \(\alpha _1 = 2 \ {\mathrm {Hz}}\), then the attack passes undetected for a longer period. Naturally, the state variables \(z_{1, i}\) and \(z_{2, i}\) slowly increase, starting from a larger value after every activation of the attacker. However, until the alarm is triggered, the stability of the network is already jeopardized due to the tie line power oscillations. This situation is also visible in the first scenario on Fig. 3, where after \(t = 20 \ {\mathrm {s}}\) the divergence of the \(z_{1, i}\) and \(z_{2, i}\) causes the alarm signal to remain constantly active. We remark that a traditional residual-based attack detector would never be able to disclose this adversary, since the intermittent nature of the attack does not allow the residual quantity to obtain a steady-state constant value over time.

5.2 Multiple area attack scenario

For this scenario we consider two separate cases. The first case is presented in Fig. 5 and involves the attack signals \(\alpha _1 = \alpha _2 = 2 \ {\mathrm {Hz}}\), whereas the second case is presented in Fig. 6 and involves the attack signals \(\alpha _1 = \alpha _2 = 1 \ {\mathrm {Hz}}\). In both cases, we assume that the attack is persistent, in the sense that the switching signals \(\sigma _1[k] = \sigma _2[k] = 1\) for all \(k \ge 0\).

Fig. 4
figure 4

State trajectories for \(\alpha _1 = 2 \ {\mathrm {Hz}}\) and \(\alpha _2 = 0\)

Full size image

According to the Figs. 5, 6, the adversary is always able to drive the frequency deviation wherever the attack signals dictate. We highlight that the input saturation constraints are never triggered and that after the steady-state is reached, the produced powers \(\Delta P_{G,i}\) satisfy both the power load demands and the increase in the network frequency. Although the persistent nature of the attack does not cause any power oscillations on the tie line, the steady-state errors in the frequency deviation are critical for the stability of the grid and may lead the power relays to trip the generators off, thus causing a blackout. Furthermore, we observe that the adversary can remain undetectable as long as the attack signals retain relatively small values. In particular, for \(\alpha _1 = \alpha _2 = 2 \ {\mathrm {Hz}}\) the adversary is ultimately disclosed but for \(\alpha _1 = \alpha _2 = 1 \ {\mathrm {Hz}}\) the attack is stealthy.

During the stability analysis, we established that the only way to create potentially undetectable attacks is to obtain stable responses of the state variables \(z_{1, i}\) and \(z_{2, i}\). Since we have explained that the only way to achieve this is to use the same attack signal on all control areas, we can now proceed to the attack detection issue. Clearly, an attack that drives the state vector to an equilibrium that belongs to the set \(\hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}\) remains undetectable when \(\Delta P_{L, i} = 0\) for all \(i \in {\mathcal {I}}\). However, even when the power network is affected by nonzero disturbances there is no guarantee that an alarm will be triggered. The robustness property of the set \(\hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}\) ensures that if the system evolves in the absence of an attacker, then the state vector will remain exclusively inside \(\hat{\varvec{\mathcal {A}}}_{net, \infty }^{({\varvec{\psi }})}\) for any disturbance sequences \(\Delta P_{L, i}\) that respect the bounds \(\Delta P_{L, i, \max }\). However, when the system is affected both by an attacker and a disturbance, it is mostly dependent on the disturbance whether an alarm will be activated or not. Since the usual disturbances \(\Delta P_{L, i}\) have the form of step load changes, it may take a significantly more elaborate disturbance sequence to trigger an alarm.

Fig. 5
figure 5

State trajectories for \(\alpha _1 = \alpha _2 = 2 \ {\mathrm {Hz}}\)

Full size image

Consequently, when the adversary uses the same attack signal on all control areas, the key factor that determines whether a detection will occur or not is the magnitude of the attack signal \(\alpha _i\). The larger it is, the greater the chance the state vector will exit the set \(\hat{{\varvec{\mathcal {A}}}}_{net, \infty }^{({\varvec{\psi}} )}\) becomes. There is no obvious improvement of the detector from a set-theoretic point of view. We have already calculated the maximal robust invariant set with respect to the networked system dynamics in the absence of an attacker, that is when \(\sigma _i = 0\) for all \(i \in {\mathcal {I}}\). Clearly, this is the best approach, in order to ensure that any nonzero attack signal can potentially trigger an alarm.

In contrast to the previous scenario, which involved an attack only on the first control area, this case demonstrates that a set-theoretic anomaly detector may be unable to disclose an adversary as long as the attack occurs simultaneously on every control area and the attack signals have small values. However, compromising every frequency sensor in large power grids consists a highly unrealistic attack scenario. It is more reasonable to consider that only a few areas can be compromised at the same time, but in this case the set-theoretic detector will always be able to disclose a data corruption attack, due to the convex and compact nature of the robust invariant set and due to the linear divergence of the integrator variables \(z_{1, i}\) and \(z_{2, i}\).

We remark that a traditional residual-based attack detector may or may not be able to disclose a coordinated attack, depending on the value of the critical threshold imposed on the residue. If we take into account the unknown power load changes, then the critical threshold has to be more conservative than usual and an attack may pass undetected.

Fig. 6
figure 6

State trajectories for \(\alpha _1 = \alpha _2 = 1 \ {\mathrm {Hz}}\)

Full size image

Based on [13], the critical threshold can be selected as follows. Since the load changes \(\Delta P_{L, i}\) are part of the normal operation of the network, they do not pose a threat to the safety of the system. In addition, all \(\Delta P_{L, i}\) are bounded signals. Hence, we can calculate the maximum admissible deviation of the estimation residue from zero, say \(\delta _{r, \max }\), by considering the behavior of the system when the maximum allowed step load changes \(\Delta P_{L, i, \max }\) occur in the absence of an attacker. Now, we can obtain an estimation of the critical threshold as \(\delta _{r, \max }\). We stress that, in our case, we neglect the measurement and process noise of the system during the modeling process. Therefore, the threshold \(\delta _{r, \max }\) should suffice, since false alarms due to the noise are not about to occur.

Let us now consider the case, when \(\Delta P_{L, i} = 0\) and \(\alpha _i = \alpha\) for all \(i \in {\mathcal {I}}\). In this case, the estimation residue will ultimately converge to a nonzero constant steady-state value. However, if the attack signals are relatively small, then the steady-sate value of the residue will probably remain below the critical threshold. In other words, the attack signals will be treated by the detector as admissible load changes and the alarm will not be activated. As a matter of fact, a coordinated attack on all control areas with the same attack signal is equally difficult to detect either by a residual-based estimator or by a set-theoretic anomaly detector.

6 Conclusion

This article concerns a security enhancing method for the detection of data corruption attacks on cyber physical power systems. We present the design process of a centralized set-theoretic attack detector using a robust invariant set and apply this concept on the load frequency control loop of a networked power system. The adversarial scenarios studied in this work involve the corruption of the frequency sensor measurements using intermittent and persistent attack patters. Simulation studies on a benchmark two-area power plant demonstrate the ability of a set-theoretic attack detector to disclose an adversary even in the presence of external unknown disturbances.