Introduction

In the present technological society, electric power systems’ security and reliability gained a significant role in driving any country’s economy. Smart grid has more novel intelligent cyber networks, secured information protocols, smart meters, Phasor Measurement Units (PMUs) etc., that leads the electric network to a modern era power systems called as cyber-physical network. Deployment of advanced information technology and communication protocols to this system has made it more prone and vulnerable to cyber-attacks. Attackers can intrude in the middle of substation to control center and be able to launch man-in-middle attack for changing the state of system components [22]. Attacker can crack private keys and introduce malicious data into digital measuring devices. It is highly probable to create DoS (Denial-of-Service) attacks which target communication network [16]. So in this scenario, the cyber security has established its essentiality in cyber-physical power world.

Generally, in power systems’ operation and control, bus power injections, line power flows, bus voltage vectors, line currents etc., are continuously sensed by Remote Terminal Units (RTUs)/PMUs where tracked data is transmitted to the Supervisory Control and Data Acquisition (SCADA) master at control center, then the states of the system are estimated by operator. If an attacker in the middle tries to inject bad/false data into the system, classically, it can get detected by the operator with the help of \({\chi }^{2}-\) distribution hypothesis testing. But Liu et al. developed an undetectable False Data Injection Attack Vector (FDIAV) by using basics of Kirchoff’s Current Law (KCL) and Kirchoff’s Voltage Law (KVL) which is undetectable by Intrusion Detection System (IDS), but the State Estimation (SE) results in deviated estimates than actuals. Subsequently, even a trained operator can take bad decisions [13]. This in further can influence Security Constrained Economic Dispatch (SCED)/ Security Constrained Optimal Power Flow (SCOPF) and Contingency Management too, one of the important aspects in deregulated electricity market. FDIA can even lead to cascading of multiple line outages/generator outages that can create subsequent system ‘blackout’ [15].

Yuan et al. later came up with a practical FDIA, called Load Redistribution Attack (LRA). LRAs are developed in two forms, Immediate LRA and Delayed LRA. Immediate LRA maximizes economic loss and load shedding of the system immediately after the attack without any line outages, after performing SCED [23] and delayed LRA maximizes economic loss, load shedding and causes line outages in the system [24]. Delayed LRAs are more vulnerable than immediate LRAs. It is to be noted that attacker tries to get maximum economic loss with minimum number of resources. Maximum economic loss can be achieved by most damaging Load Redistribution Attack Vector (LRAV). Most damaging immediate LRAV of an immediate LRA can be obtained by solving a Bi-level Programming Problem (BPP) and however most damaging delayed LRAV is obtained by solving a Tri-level Programming Problem (TPP). In literature, BPP is solved by converting two-levels of BPP to single level Mixed Integer Linear Programming Problem (MILPP) using KKT (Karush-Kuhn-Tucker) conditions or duality, whereas TPP is solved by KKT conditions and duality [23]. A fast economic solution for LRA’s BPP is found by framing BPP as two single-level programming problems and solved within less time that resulted in approximate solutions [12]. Moreover, multiple studies have been done on local LRAs [10, 11], coordinated cyber-physical LRAs [21, 20], system’s reliability assessment after LRAs [17, 6].

Cyber-attacks directly or indirectly effect system services and make cyber-physical system vulnerable. Cyber security now finds its credit in securing the cyber network. Securing whole system is not an optimal solution as it leads to high budget allocation and it also may not be possible to protect all time, due to intelligent attacks. As per researchers, if one component in a substation/bus is compromised, the whole substation could be in their control. Defense at only one bus all time is not optimal. Defense strategies and security resources must be time changing [19]. Defense against attacks can be solved by either deterministic or probabilistic methods.

Probabilistic methods due to their advantage of randomness and uncertainties have gained their advantages in finding an optimal defense strategy. Different defense strategic methods against FDIAs have been developed by many researchers using Graphical defense method [1] and game theory methods [3,4,5, 7, 18]. Deng et al. have proposed a least budget defense strategy for protection against FDIAs in large scale power systems, in which critical meters are selected by modelling an MILPP, solved by Benders’ Decomposition [5]. Reliable strategies for defense against targeted attacks were explored by Chen et al. on developing budget allocation analysis and two allocation algorithms [3]. Esmalifalak et al. specified that how electricity energy market prices are targetable for bad data injections. Proportional times of attack and defense actions of attacker and defender are found by zero-sum game theory [7]. Chen et al. have developed Poisson distribution probability based intrusion models for attacking and applied Markov transition game theory for defense [4].

Xiang and Wang have proposed probabilistic based static zero-sum and static non-zero sum game theories [18] and, Markov zero-sum game theory [19] concepts for optimal attacker-defender strategy considering load curtailment as utility. However, researchers in literature have considered only load shedding as utility function but not economic loss which is very severe due to LRA. The main advantage of considering economic loss as utility is, it not only involves load shedding cost but also generator operational cost when an LRA is triggered. In the previous probabilistic based defense literature, critical measuring units/nodes are considered based on entropic degree of a bus [19] or the nodes and lines operating higher or near to critical operating points [18]. This article illustrates the advantage of economic loss over load shedding after the successful intrusion of an LRA and also gives a procedure to find optimal critical units of modified IEEE-14 bus system

Main contribution of this research article are briefed as follows:

  1. 1.

    Maximum economic loss by most damaging LRAV of a modified IEEE-14 bus system is found by converting BPP to single-level MILPP using Karush-Kuhn-Tucker (KKT) conditions.

  2. 2.

    Selection of critical measuring units and their number for better attack or defense is achieved by developing an algorithm and validated by applying it to three loading scenarios of a modified IEEE-14 bus system.

  3. 3.

    Probabilities of optimal attack-defense strategy are found by applying static zero-sum game theory on selected critical measurements, where economic loss is considered as utility function in game theory.

This research article is organized in a way that second section deals with introduction to FDIAs and LRAs, mathematical formulation of FDIA, LRAs’ mathematical formulation and solving BPP using single-level MILPP whereas third section presents the defense methodology to find optimal critical units and static zero-sum game theory for optimal attack-defense strategy. Fourth section demonstrates three studies namely developing worst economic loss, selection of critical units at three loadings and probabilities of optimal attack-defense strategies at three load conditions. Finally, conclusions are discussed in fifth section.

Load Redistribution Attack (LRA):

False/bad data vectors can be injected into the network measuring devices (measuring units) like RTUs/PMUs, that can observe the system all time [9]. RTUs/PMUs placed in the network can acquire (track) real-time operating data of active and reactive power measurements and communicate that data to the control center through Intelligent Electronic Devices (IEDs), Firewalls and Wide Area Networks (WANs). Then that data is communicated to Internet Cloud of Independent System Operators (ISOs)/Regional Transmission Organizations (RTOs) (Electricity Market). At the control center of ISOs/RTOs several estimation algorithms like DC state estimation, SCED, contingency analysis etc., work dependently based on communicated real-time bus active power injections and line active power flows. Classically, bad data is detected by residual detection methods, but in 2011, Liu et al. have proposed that an undetectable FDIAV can be developed by considering \(a=H*c\), where \(a\) is the attack vector,\(\ H\) refers to complete network topology and \(c\) is a random vector. But in practice, complete network topology can’t be accessible by attacker. Moreover, to create an LRAV, active power measurements must be changed. An undetectable LRAV (bypass residual detection methods) can be structured by redistributing the zero-sum load change among the attacker’s accessible measuring units of loads [23]. Hence these kind of practical FDIAs are named as Load Redistribution Attacks (LRAs) [23]. Yuan et al. have developed LRAV with some assumptions that measurement devices of load buses and lines can be attackable but not measuring units of generator or zero injection buses.

It is assumed that load can be varied by attacker only within \(\pm \tau \mathrm{\%}\) of true load demands. Line flow measurements can also be attackable as they provide assistance to inject a successful attack vector. A successful random vector injected into load and line flow measurements gets estimated to false states and false generator power dispatches on solving SE and SCED respectively. False generator dispatches obviously lead to line outages. Consequently, LRAVs results in economic loss and load shedding in case of immediate LRA whereas delayed LRAs lead to line outages too.

LRAV is a random attack vector that creates economic loss and load shedding which is undetectable prior to SE. Hence it is reliable to find the most damaging attack vector that causes maximum economic loss and load shedding subjected to attacker resource constraint as it helps to get notice that which measurement should be protected against LRAV. Let for one-time step attacker injects a successful LRAV into load and line flow measurements considered that in the next time step operator makes his/her decisions based on SCED injected LRAV. So, this consideration can be framed as a BPP, where upper level is dealt by attacker and lower level is tackled by operator. Attacker has his/her attack constraints like load variation, accessible buses and lines, available resources etc., and operator has basic SCED constraints. Attacker’s aim is to maximize total operational cost (sum of generator operational cost and load shedding cost) and operator’s goal is to minimize total operational cost. In this paper, most damaging LRAV is found by solving the bi-level optimization problem. The bi-level model to find economic loss due to most damaging LRAV is shown in Fig. 1.

Fig. 1
figure 1

Bi-level model of an immediate LRAV

Full size image

BPP is expressed mathematically in upper (1)-(7) and lower (8)-(13) levels for finding the most damaging LRAV. Attacker maximizes total operational cost (1) subjected to zero-sum load redistribution (2), change in line power flow by shift factor \((SF)\) and bus-load incidence \((KD)\) matrices (3) and, attacker’s accessible load variation tolerance (4) bounds. While (5) and (6) talk about the logical compromising of attacker with load bus and line flow measuring units and (7) deals with number of attackable resources accessible. Conversely, operator minimizes total operational cost (8) subjected to basic SCOPF constraints like power balance (9), line power flow (10), generator bounds (11), line flow limit (12) and load curtailment limits (13).

Mathematical representation of BPP in case of immediate LR attacks is given by equations (1) to (13) [23]:

Representing Attacker:

$$\mathrm{Attacker's\;Objective\;Function:}\quad \mathrm{ Maximize\;generator\;operational\;and\;load\;shedding \;costs} \rightarrow\qquad \underset{\Delta {P}_{D}}{\mathrm{Max}}\sum\limits_{i=1}^{{N}_{g}}{C}_{{g}_{i}}*{P}_{{g}_{i}}+\sum\limits_{k=1}^{{N}_{d}}{C}_{{s}_{k}}*{{L}_{s}}_{k}$$
(1)
$$\begin{array}{ll}\mathrm{Undetectable\;Load\;Attack\;Vector\rightarrow}& s.t. \sum\limits_{k=1}^{{N}_{d}}{\Delta {P}_{D}}_{k}=0\end{array}$$
(2)
$$\begin{array}{ll}\mathrm{Undetectable\;Attack\;Vector\;of\;line\;power\;flows\rightarrow}&\;{\Delta {{P}}}_{{{L}}}=-{{S}}{{F}}.{{K}}{{D}}.{\Delta {{P}}}_{{{D}}}\end{array}$$
(3)
$$\begin{array}{ll}\mathrm{Load\;Attack\;vector\;limit\rightarrow}& -\tau {{P}_{D}}_{k}\le {{\Delta P}_{D}}_{k}\le \tau {{P}_{D}}_{k}\end{array}$$
(4)
$$\begin{array}{cc}\mathrm{Compromising\;load\;attack\;measurements}\rightarrow\quad {\Delta P}_{{D}_{k}}=0\iff {\theta }_{{D}_{k}}=0 \to\quad \left\{\begin{array}{c}\begin{array}{c}\begin{array}{c}{\Delta P}_{{D}_{k}}+\tau {P}_{{D}_{k}}{\theta }_{{D}_{k}}\ge 0\\ {\Delta P}_{{D}_{k}}-\tau {P}_{{D}_{k}}{\theta }_{{D}_{k}}\le 0\end{array}\\ {\theta }_{{D+}_{k}}+{\theta }_{{D-}_{k}}-2{\theta }_{{D}_{k}}\le 0\end{array}\\ {\Delta P}_{{D}_{k}}+\left(-\tau {P}_{{D}_{k}}-\varepsilon \right){\theta }_{{D+}_{k}}\ge -\tau {P}_{{D}_{k}}\\ \begin{array}{c}{\Delta P}_{{D}_{k}}+\left(\tau {P}_{{D}_{k}}+\varepsilon \right){\theta }_{{D-}_{k}}\le \tau {P}_{{D}_{k}}\\ \begin{array}{c}{\theta }_{{D+}_{k}}+{\theta }_{{D-}_{k}}+{\theta }_{{D}_{k}}\le 2\\ \begin{array}{c}{\theta }_{{D+}_{k}}+{\theta }_{{D-}_{k}}-{\theta }_{{D}_{k}}\ge 0\\ {\theta }_{{D+}_{k}}, {\theta }_{{D-}_{k}}, {\theta }_{{D}_{k}}\in \left\{\mathrm{0,1}\right\}\end{array}\end{array}\end{array}\end{array}\right.\end{array}$$
(5)
$$\begin{array}{cc}\mathrm{Compromising\;line\;flow\;attack\;measurements}\rightarrow\quad \Delta {P}_{{L}_{l}}=0\iff {\theta }_{{L}_{l}}=0\quad \to \left\{\begin{array}{c}\begin{array}{c}\begin{array}{c}\Delta {P}_{{L}_{l}}+M{\theta }_{{L}_{l}}\ge 0\\ \Delta {P}_{{L}_{l}}-M{\theta }_{{L}_{l}}\le 0\end{array}\\ {\theta }_{{L+}_{l}}+{\theta }_{{L-}_{l}}-2{\theta }_{{L}_{l}}\le 0\end{array}\\ \Delta {P}_{{L}_{l}}+\left(-M-\varepsilon \right){\theta }_{{L+}_{l}}\ge -M\\ \begin{array}{c}\Delta {P}_{{L}_{l}}+\left(M+\varepsilon \right){\theta }_{{L-}_{l}}\le M\\ \begin{array}{c}{\theta }_{{L+}_{l}}+{\theta }_{{L-}_{l}}+{\theta }_{{L}_{l}}\le 2\\ \begin{array}{c}{\theta }_{{L+}_{l}}+{\theta }_{{L-}_{l}}-{\theta }_{{L}_{l}}\ge 0\\ {\theta }_{{L+}_{l}}, {\theta }_{{L-}_{l}}, {\theta }_{{L}_{l}}\in \{\mathrm{0,1}\}\end{array}\end{array}\end{array}\end{array}\right.\end{array}$$
(6)
$$\begin{array}{cc}\mathrm{Attack\;Resources\;Limit\rightarrow}&\;\sum\limits_{k=1}^{{N}_{d}}{\theta }_{{D}_{k}}+2\sum\limits_{l=1}^{{N}_{l}}{\theta }_{{L}_{l}}\le R\end{array}$$
(7)

Representing Operator:

$$\mathrm{Operator's\;Objective\;function:}\quad \mathrm{ Minimize\;generator\;operational\;and\;load\;shedding\; costs}\rightarrow \left\{{{P}_{g}},{{L}_{s}}\right\}=arg\left\{\underset{{P}_{g},\mathit{ }{L}_{s}}{\mathrm{Min}}\sum\limits_{i=1}^{{N}_{g}}{C}_{{g}_{i}}*{P}_{{g}_{i}}+\sum\limits_{k=1}^{{N}_{d}}{C}_{{s}_{k}}*{{L}_{s}}_{k}\right\}$$
(8)
$$\begin{array}{cc}\mathrm{Power\;balance\;constraint\rightarrow}&\;\sum\limits_{i=1}^{{N}_{g}}{P}_{{g}_{i}}=\sum\limits_{k=1}^{{N}_{d}}({{P}_{D}}_{k}-{{L}_{s}}_{k})\end{array}$$
(9)
$$\begin{array}{cc}\mathrm{Line\;power\;flow\;with\;attack\;vector\rightarrow}& {{{P}}}_{{{L}}}={{S}}{{F}}.{{K}}{{P}}.{{{P}}}_{{{g}}}-{{S}}{{F}}.{{K}}{{D}}.({{{P}}}_{{{D}}}+\Delta {{{P}}}_{{{D}}}-{{{L}}}_{{{s}}})\end{array}$$
(10)
$$\begin{array}{cc}\mathrm{Line\;power\;flow\;limits\rightarrow}& -{P}_{{L}_{l}}^{max}\le {P}_{{L}_{l}}\le {P}_{{L}_{l}}^{max}\end{array}$$
(11)
$$\begin{array}{cc}\mathrm{Power\;generation\;limits\rightarrow}& {P}_{{g}_{i}}^{min}\le {P}_{{g}_{i}}\le {P}_{{g}_{i}}^{max}\end{array}$$
(12)
$$\begin{array}{cc}\mathrm{Load\;shedding\;limits\rightarrow}& 0\le {L}_{{s}_{k}}\le {P}_{{D}_{k}}+\Delta {P}_{{D}_{k}}\end{array}$$
(13)

BPP to find most damaging LRAV can be solved by several methods where a classical method is to convert BPP to single-level MILPP using KKT conditions. When KKT conditions are applied on the objective function of lower-level in BPP, additional constraints (14)-(17) will come into existence [23].

$$\begin{array}{ll}\mathrm{Attackers\;Objective\;Function:}\quad\mathrm{ Maximize\;generator\;operational\;and\;load\;shedding\;costs\rightarrow}&\;\underset{\Delta {P}_{D}}{\mathrm{Max}}\sum\limits_{i=1}^{{N}_{g}}{{C}_{{g}_{i}}*P}_{{g}_{i}}+\sum\limits_{k=1}^{{N}_{d}}{{{C}_{{s}_{k}}*L}_{s}}_{k}\\ \qquad\mathrm{Attacker\;and\;Operator\;Constraints\rightarrow}& s.t. \left(2\right)-\left(7\right), \left(9\right)-(13)\end{array}$$
$$\begin{array}{ll}\mathrm{Optimality\;Feasibility\;Constraints\rightarrow}& \left\{\begin{array}{c}-{\vartheta }_{l}-{\underline{\mathrm{\rm A}}}_{l}+{\overline{\mathrm{\rm A}}}_{l}=0\\ {C}_{{g}_{i}}-\lambda +{\left(SF.{KP}_{i}\right)}^{T}.\vartheta -{\underline{B}}_{i}+{\overline{\mathrm{\rm B}}}_{i}=0\\ {C}_{{s}_{k}}-\lambda +{\left(SF.{KD}_{k}\right)}^{T}.\vartheta -{\underline{\Gamma }}_{k}+{\overline{\Gamma }}_{k}=0\end{array}\right.\end{array}$$
(14)
$$\begin{array}{ll}\mathrm{Non}-\mathrm{negativity\;Constraints\rightarrow}& \underline{\mathrm{A}}_{l},{\overline{\mathrm{A}}}_{l},\underline{\mathrm{B}}_{i},{\overline{\mathrm{B}}}_{i},\underline{\Gamma}_{k},{\overline{\Gamma }}_{k}\ge 0\end{array}$$
(15)
$$\begin{array}{cc}\mathrm{Linearized\;Complementary\;Slackness\;Condition\rightarrow}& \left\{\begin{array}{c}\left\{\begin{array}{c}\begin{array}{c}\begin{array}{c}{\underline{\mathrm{\rm A}}}_{l}\le M{\omega }_{\underline{A},l}\\ {{P}_{L}}_{l}+{{P}_{L}}_{l}^{max}\le M(1-{\omega }_{\underline{\mathrm{\rm A}},l})\end{array}\\ {\overline{\mathrm{\rm A}}}_{l}\le M{\omega }_{\overline{\mathrm{\rm A},}l}\end{array}\\ {{P}_{L}}_{l}^{max}-{{P}_{L}}_{l}\le M(1-{\omega }_{\overline{\mathrm{\rm A},}l})\\ {\omega }_{\underline{\mathrm{\rm A}},l}+{\omega }_{\overline{\mathrm{\rm A},}l}\le 1\\ \end{array}\right.\\ \left\{\begin{array}{c}\begin{array}{c}\begin{array}{c}{\underline{\mathrm{\rm B}}}_{i}\le M{\omega }_{\underline{\mathrm{\rm B}},i}\\ {{P}_{g}}_{i}-{{P}_{g}}_{i}^{min}\le M(1-{\omega }_{\underline{\mathrm{\rm B}},i})\end{array}\\ {\overline{\mathrm{\rm B}}}_{i}\le M{\omega }_{\overline{\mathrm{\rm B},}i}\end{array}\\ {{P}_{g}}_{i}^{max}-{{P}_{g}}_{i}\le M(1-{\omega }_{\overline{\mathrm{\rm B},}i})\\ {\omega }_{\underline{\mathrm{\rm B}},i}+{\omega }_{\overline{\mathrm{\rm B},}i}\le 1\\ \end{array}\right.\\ \left\{\begin{array}{c}\begin{array}{c}\begin{array}{c}{\underline{\Gamma }}_{k}\le M{\omega }_{\underline{\Gamma },k}\\ {{L}_{s}}_{k}\le M(1-{\omega }_{\underline{\Gamma },k})\end{array}\\ {\overline{\Gamma }}_{k}\le M{\omega }_{\overline{\Gamma ,}k}\end{array}\\ {{P}_{D}}_{k}+{\Delta {P}_{D}}_{k}-{{L}_{s}}_{k}\le M(1-{\omega }_{\overline{\Gamma ,}k})\\ {\omega }_{\underline{\Gamma },k}+{\omega }_{\overline{\Gamma ,}k}\le 1\end{array}\right.\end{array}\right.\end{array}$$
(16)
$${\omega }_{\underline{\mathrm{\rm A}},l},{\omega }_{\overline{\mathrm{\rm A},}l},{\omega }_{\underline{\mathrm{\rm B}},i},{\omega }_{\overline{\mathrm{\rm B},}i},{\omega }_{\underline{\Gamma },k},{\omega }_{\overline{\Gamma ,}k} \epsilon \{\mathrm{0,1}\}$$
(17)

(9) to (13) are primal feasibility constraints, (14) to (17) are called as KKT necessary optimality feasibility constraints, (15) and (17) are non-negativity constraints and (16) are linearized expressions of complementary slackness conditions. The conversion of BPP to single-level MILPP using KKT conditions is explained briefly in Appendix-A1.

Solving the single-level MILPP comprising of (1)-(7), (9)-(13) and (14)-(17) equations, results in the most damaging LRAV (\(\Delta {{\boldsymbol{P}}}_{{\boldsymbol{D}}}\boldsymbol{ }\ and\ \boldsymbol{ }{\Delta {\boldsymbol{P}}}_{{\boldsymbol{L}}})\), generation power dispatches (\({{\boldsymbol{P}}}_{{\boldsymbol{g}}})\), load curtailment (\({{\boldsymbol{L}}}_{{\boldsymbol{s}}}\)), line power flows (\({{\boldsymbol{P}}}_{{\boldsymbol{L}}}\)), auxiliary binary variables, Lagrange multipliers and total operating cost. Objective function of attacker and operator is total operating cost which is sum of power generation and load shedding costs. Economic loss is nothing but the extra operational cost incurred due to LRA than the operational cost without LRA.

$$\mathrm{Economic\;loss }=\mathrm{\;Total\;operational\;cost\;due\;to\;LRA }-\mathrm{\;Total\;operational\;cost\;without\;LRA}$$

The average economic loss is the ratio of sum of economic losses of all \(R\) to maximum number of resources, \({R}_{max}\), represented in equation (18)

$$\begin{array}{ll}Average\;Economic\;loss=&\frac{{Economic\;loss}_{R=1}+{Economic\;loss}_{R=2}+{Economic\;loss}_{R=3}+\ldots+{Economic\;loss}_{R=51}}{R_{max}}\end{array}$$
(18)

.

Defensive Methodology

Attacker always targets to maximize load shedding for creating lot of economic loss with the resources he/she has. Operator/Defender may be incapable to counter-attack to any intrusion. Hence it is recommended to safeguard the system by defending an attack. Cyber-defense is one of the better opportunities for cyber-security of any application in information processing. Cyber-defense must be provided with optimal less number of protection resources to safeguard the system such that the attacker cannot intrude into the system. Examples of cyber-defense can be frequent upgrading of firewalls, communication protocols and Intrusion Detection System (IDS). Optimal defense must be such that no random LRAV would be successful. Practically, it is not economic to protect every measurement device. Even if it is economic friendly, at such times, may any IDS can fail to operate or an LRAV intruded may not be detectable by existing log files. So it is better to select redundant critical measurements’ that protect the complete system. LRAV can be framed by either with critical or non-critical measurements. If critical measurements are protected, they won’t allow malicious values to enter into that measurement, this make the attackers fail to create a successful LRAV. But all critical units cannot be attacked and all critical units cannot be defended too. So, certain framework is to be followed to find optimal attack from possible attacking set and optimal defense from possible defending set. Furthermore, from each set an optimal attack-defense strategy must be found considering both attacking and defender resources. An optimal attack-defense strategy may not be a single strategy from attacker and defender sets. It can also be combination of some or all probabilities in their respective sets.

Fig. 2 shows the complete outline to find optimal attack-defense strategy against LRAs in which power systems network layer has generators, loads, their buses, lines and their measuring units. However, the measurement layer shows the enlarged view of units in network layer. Security layer has IEDs and firewalls to safeguard the system against attacks. Security layer communicates with Control Centre through Internet WAN where operator takes decisions at the control center. Decisions are sent to the cloud of ISO/RTO Market. In Fig. 2, it is also shown mixed probabilities of optimal attack-defense strategy are found by playing a static-zero-sum game of all considered strategies. Black-Hat Man’s (attacker) attacking and operators defending signals are represented by red and blue lines respectively in Fig. 2.

Fig. 2
figure 2

Layout to obtain probabilities of optimal attack-defense strategy

Full size image

In literature, critical measurements are selected based on entropic degree of the bus [19]. Entropic degree of a bus deals with the betweenness of the vertices (buses) and connectivity of vertices with edges (lines). It is obvious that a bus can be critical/weak if more power is injected or drawn through it (many lines are connected to it) and a line can be critical if more power flow happens through it. So, if more edges (lines) are connected to a vertex (bus) i.e., it has more betweenness, then that bus can be treated as critical one. The entropic degree of a bus \(i\) is given by equation (19) [2]:

$${e}_{i}=1-\sum_{j}{w}_{ij}*\mathrm{log}\left({w}_{ij}\right)*\ {\sum_{j}{\tau}_{ij}}$$
(19)

where \(j\) is set of to-buses if \(i\) is acting as from bus and \({w}_{ij}\), the normalized weight of an edge represented in terms of electric betweeness of a line, \({\tau}_{ij}\) is equation (20)

$$\begin{array}{c}{w}_{ij}=\frac{{\tau}_{ij}}{\sum_{j}{\tau}_{ij}} \;where\;{\tau}_{ij}=\max({\tau}^{p}(l),{\tau}^{n}(l))\ \forall \ l\ \epsilon \ L\\ {\tau}^{p}(l)=\sum_{g\epsilon{N_{g}}}\sum_{k\epsilon{N_{d}}}C_g^k*f_l^{gk}, if\ f_l^{gk}>0\\{\tau}^{n}(l)=\sum_{g\epsilon{N_{g}}}\sum_{k\epsilon{N_{d}}}C_g^k*f_l^{gk},if\ f_l^{gk}<0\\ and\ C_g^k=min_{l\epsilon L}\frac{P_l^{max}}{f_l^{gk}}; \; f_l^{gk}\ is\ PTDF\ martix\end{array}$$
(20)

Entropic degree can state that which bus can be weaker based on the connectivity of number of lines to that bus. Entropic degree of a bus may not change with respect to load variations as it is highly dependent on power flow capacity of a line, \(P_l^{max}\). So, critical measurement selection based on entropic degree of a bus may not be practical if load variations are considered.

Critical measuring units are also being selected based on higher operating points of the system. Basically, LRAV is successful, if \(\sum_{k=1}^{{N}_{d}}{\Delta {P}_{D}}_{k}=0\). If any \({\Delta {P}_{D}}_{k}\)’s intrusion into the system is unsuccessful means LRAV is detectable by the system operator. Also from equation (4), \(\Delta {P}_{{D}_{k}}\) is proportional to \({P}_{{D}_{k}}.\) So, buses or lines which are operating at high level may have the chance to get attacked with higher values. If those measurement units are defended, then the probability of defending the system is high. Hence those units which are operating at critical points can be considered as critical measurements. In reference [18], it is also considered that the buses operating at high loads and lines operating near to transmission line capacities are taken as critical units. But the main disadvantage of that consideration is that it would be applicable if the number of attack resources, \(R\) is constant or if the load is constant which is not practical all time. Attacker attacks some units and defender may defend the same units or the other. It is also an unknown for a defender that what value of \(R\) is attacker’s knowledge. In cyber-defense, attacker a n d defender are non-cooperative. So, a certain procedure must be framed to find the critical measurements and their number subject to considering all attack resour ce s and at an y loading conditions. In this article a procedure is developed to find the critical measurements and their number of a test system.

Procedure to Select Optimal Critical Measuring Units

In real-time market or look-a-head electrical market, load is estimated/forecasted prior, it is assumed that \({P}_{{D}_{k}}\) is already known or approximately same as actual \({P}_{{D}_{k}}\) at one time step and let us also assume that for the next time step \({P}_{{D}_{k}}\) can get varied which is also approximately known for both attacker and operator.

The flowchart to select the critical units is given in Fig. 3. where \(k=\mathrm{1,2},\ldots , {N}_{d}\), \(l=\mathrm{1,2},\ldots , {N}_{l}\) and \({R}_{max}\) be the total number of attack resources, \(({N}_{d}+2*{N}_{l})\). The developed algorithm to find critical measuring units is given in Step-1 to Step-13, as follows:

  • Step-1: Start.

  • Step-2: Initialize \(k=1, l=1, R=1\) and read \({N}_{d},\ {N}_{l}\ and\ {{\boldsymbol{P}}}_{{\boldsymbol{D}}}\).

  • Step-3: For \(k\), find the economic loss by making \({\theta }_{{D}_{k}}=[ ]\), i.e., removing \({\theta }_{{D}_{k}}\) in BPP to find most damaging LRAV for all resources \(R=\mathrm{1,2},\ldots , {R}_{max}\). Also calculate economic losses for all \(R\) w.r.t. defense against \(k\).

  • Step-4: Update k=k+1. Repeat Step-3, until \(k={N}_{d}\), else go to Step-5.

  • Step-5: For \(l\), find the economic loss for each \(l\) by making \({\theta }_{{L}_{l}}=[ ]\) i.e., removing \({\theta }_{{L}_{l}}\) in BPP of most damaging LRAV for all resources \(R=\mathrm{1,2},\ldots , {R}_{max}.\) Also calculate economic losses for all \(R\) w.r.t. the defense provided to \(l\).

  • Step-6: Update l=l+1. Repeat Step-5, until \(l={N}_{l}\), then go to Step-7.

  • Step-7: Now calculate the average economic loss by considering one defense (\(k\ or\ l)\) and all \(R\). Hence, the total number of average economic losses be \(k+l\).

  • Step-8: Sort all \(k+l\) average economic losses in ascending order.

  • Step-9: Select the top measurement from the sorted list. Apply defense for that measurement (either \(k\ or\ l\)) and then find the average economic loss w.r.t. that \(k\ or\ l\).

  • Step-10: Check if the absolute of average economic loss is approximately equal to zero. If yes go to Step-12, else go to Step-11.

  • Step-11: Add next top measurement to the existing top measurement and apply defense for all of them. Then find the average economic loss. Go to Step-10.

  • Step-12: Print the number of critical measurements and their respective \(k\ or\ l\).

  • Step-13: Stop.

Fig. 3
figure 3

Flowchart for Selection of Critical Units

Full size image

This algorithm assumes defense as the driving parameter. But, it should be mentioned that if a unit is defended and if it results in less economic loss comparatively than other units then that unit is more capable of attacking. Means a unit which is highly attackable is the unit that is highly defendable. If the average economic loss of all attack resources (while defending each unit separately), are sorted in ascending order then that top unit in the list is highly capable to attack and highly capable to defend too.

As mentioned earlier, it is assumed that the load demand, \({P}_{{D}_{k}}\) is considered as known for both attacker and defender. In this procedure, it is assumed that the cost of attacking or defending a load bus meter or line meter is unity i.e., equal significance is given to all meters and the degree of difficulty of attacking or defending every unit is not considered.

Budget allocation for optimal protection problem can be solved by probabilistic or deterministic ways. To allocate budget, participation probability of specific attack and specific defense must be known. In addition to, attackers may not have access to all units and defenders also can’t provide protection to all critical units. Attacker may have his/her own strategy and defender can have his/her strategy. But an optimal protection strategy is that for every attack strategy there should be a defense strategy which creates a direct/indirect interaction between them. These interactions can be framed as a game having two players, attacker and defender. Game-theoretic approach can give better solution for optimal protection against LRAV. Game-theoretic study for optimal protection involves terminology like Players, Action space, Action Strategies and Utility function which are explained as follows:

  • Players: The players to find optimal attack-defense strategy’s probabilities are attacker,\(\ A\) and defender, \(D\).

  • Action space: Attacker may not have access to all critical units and defender also can’t afford to protect all critical units. Each player in the game have their own set of accessibilities and limitations.

    • Let \({c}_{m}\) be the number of critical units. Suppose that attacker has access to \({n}_{A}\) measuring units among \({c}_{m}\) and defender is able to protect \({n}_{D}\) units among \({c}_{m}\).

    • Then the maximum number of possible strategies (each strategy has different combination of resources) for attacker and defender be \({N}_{{S}_{A}}=\left(\genfrac{}{}{0pt}{}{{c}_{m}}{{n}_{A}}\right)\) and \({N}_{{S}_{D}}=\left(\genfrac{}{}{0pt}{}{{c}_{m}}{{n}_{D}}\right)\) respectively.

    • Hence the attacker’s \((A)\) action space and defender’s \((D)\) action space are \({A\_A}_{space}\) and \({D\_A}_{space}\). Let \({A}_{{s}_{a}}\) be the \({a}^{th}\) attack strategy and \({D}_{{s}_{d}}\) be the \({d}^{th}\) defense strategy where \(a=\mathrm{1,2},\ldots ,{N}_{{S}_{A}}\) and \(d=\mathrm{1,2},\ldots ,{N}_{{S}_{D}}.\)

  • Action Strategies: Attacker’s action space,\({A\_A}_{space}=\{{A}_{{s}_{1}},{A}_{{s}_{2}},\ldots ,{A}_{{s}_{a}},\ldots , {A}_{{s}_{{N}_{{S}_{A}}}}\}\) and \({D\_A}_{space}=\{{D}_{{s}_{1}},{D}_{{s}_{2}},\ldots ,{D}_{{s}_{d}},\ldots , {D}_{{s}_{{N}_{{S}_{D}}}}\}\) is defender's action space.

  • Type of game: Attacker may not know the plan of defender’s strategy and defender may not have any knowledge about attacker’s plan. Players in this game are non-cooperative as one player can’t know others’ strategies. It is also to be mentioned that for every attack strategy there would be a defense strategy or both can be applied simultaneously as there is no possibility of knowing others knowledge. Hence this game can be framed as a static game. This game can also be treated as a zero-sum static game because the cost of attacker’s resources on attacking and the cost of defending resources for defense are considered as unity. Defender’s utility is negation of attacker’s utility.

  • Utility Function: Utility function for obtaining optimal attack-defense strategy is generally the objective function of single-level MILPP. In this article, the utility is considered as economic loss. Utility function of attacker,\(\ {U}_{A}\) is to maximize the minimum utility (economic loss) and utility function of defender,\({U}_{D}\) is to minimize the maximum utility.

    • Utility function of attacker is economic loss. Prior to find economic loss, total operational cost with LRAV must be known. Utility function of attacker is given by equation (21) as follows:

      $${U}_{A}={f(A,D)}_{with\ LRA}-{f(A,D)}_{without\ LRA}$$
      (21)

    • Similarly, the utility function of defender is negation of economic loss as the game is a static zero-sum game (Cost for attacking and defending resources is treated as unity):

      $${U}_{D}={f\left(A,D\right)}_{without\ LRA}-{f\left(A,D\right)}_{with\ LRA}$$
      (22)

    • Hence the objective of attacker is to maximize the minimum of \({U}_{A}\) and the objective of defender is minimize the maximum of \({U}_{D}\). Hence the optimal objective function is as follows:

      $$U={max}_{A}{min}_{D}\left({U}_{A}\right)={min}_{D}{max}_{A}\left({U}_{D}\right)$$
      (23)

      To obtain an optimal attack-defense strategy, equation (23) is to be satisfied and such equilibrium point must be found such that attacker and defender can’t move away from that equilibrium. Such equilibrium point in game theory is called Nash equilibrium.

  • Nash equilibrium: To get an optimal attack and defense set among sets (action space) of \({A\_A}_{space}\) and \({D\_A}_{space}\), a static zero sum game is played for an equilibrium, also called Nash equilibrium. Nash equilibrium is a state where the players moving from that state may not have increase in incentives (profits).

Nash equilibrium results in either pure attack-defense strategy or mixed attack-defense strategies. A pure strategy has only one optimal attack strategy with 100% probability and also one optimal defense strategy with 100% probability. However, a mixed optimal strategy has multiple attack strategies with different probabilities and multiple defense strategies with different probabilities where the sum of attack strategic probabilities is one and sum of defense strategic probabilities is one. Let the probability of an attack strategy is \({P}_{{A\_S}_{a}}\) and the probability of a defense strategy is \({P}_{{D\_S}_{d}}\).

Case Studies

This article mainly demonstrates with three analyses where first one is to find maximum economic loss by most damaging LRAV of modified IEEE-14 bus test system. Second study shows a procedure to obtain critical units and validated by applying on three loading scenarios. Third aspect of this study finds the probabilities of optimal attack-defense strategy. First subsection of this section deals with the solution of single-level MILPP using CPLEX interfaced with MATLAB software to fin d the most damaging LRAV of a modified IEEE-14 bus test system [8]. It is considered that attacker has knowledge of actual load changes and let the number of attack resources be \(R=51\). However, second subsection in this section depicts the inability of entropic de gree and high operating points for finding critical measurements at load changing times. Thereafter, selection of critical units is provided in three loading conditions namely standard, high and low respectively. Further, discussions are carried out to find probabilities of optimal attack-defense strategies in all three scenarios by playing a static zero-sum game using Gambit software [14].

Data of IEEE-14 bus test system is obtained from MATPOWER software [25]. The test system, modified IEEE-14 bus test system has 20 lines and 14 buses among which 11 are load buses, 1 is zero injection bus and 5 are generator buses as shown in Fig. 4. In Fig. 4, it is also shown that each generator bus has one measuring unit (green color), one measuring unit for a zero-injection bus (orange color), every load bus has one unit (yellow color), and each line has two units (orange color) which make a total of (5+1+11+2*20) = 57 units.

Fig. 4
figure 4

Line Diagram of modified IEEE-14 bus test system

Full size image

Most Damaging Successful LRAV:

For each load bus, there exist each measurement device and for each line, two measuring units are on either sides. Hence the maximum number of attackable resources be (11+ (2*20)) = 51. In this article, the cost of load shedding is considered as \({c}_{s}=100\$/MWh\) and attacker’s load redistribution limit, \(\tau =\pm 50\%\). Single-level MILPP parameters of modified IEEE-14 bus test system to obtain maximum economic loss by most damaging LRAV are shown in Table 1 [23].

Table 1 Single-level MILPP parameters
Full size table

Most damaging LRAV at standard loading conditions in case of \(R=0\) results in \(\Delta {P}_{{D}_{k}}=0,\ \forall \ \ k\) and \({\Delta P}_{{L}_{l}}=0,\ \forall \ \ l\). But if \(R=51\), i.e., the attacker has access to all attackable resources then the most damaging LRAV is shown in Table 2.

Table 2 Most damaging LRAV of a modified IEEE-14 bus system at \(R=51\)
Full size table

Power generation dispatches, bus wise load shedding, total load shed, power generation cost, load curtailment cost and finally economic loss if \(R=0, R=20, R=35\) and \(R=51\) are given in Table 3. It can be clearly observed that as if \(R\) is increased then economic loss is also increased which is given in Table 3.

Table 3 Power Dispatches, Load Shed, Total Operational Cost and Economic Loss due to LRAV of \(R=0, R=20, R=35\) and \(R=51\)
Full size table

Economic loss is the extra cost that should be incurred when an undetectable most damaging LRAV is intruded, which is nothing but economic loss = total cost at \(R\ge 0\) – total cost at \(R=0\), where total operational cost is power generation and load shedding cost. Maximum economic loss of a modified IEEE-14 bus system at \(R=51\) is 3733$/MWh.

Fig. 5 shows a graph which is plotted considering load curtailment cost, power generation cost, total operating cost and economic loss versus attack resources, \(R=\{\mathrm{0,1},\ldots ,51\}\). As power generation and load shedding costs are considered as objective function given in equation (1), at some resources of \(R=34, R=35\) and \(R=39\), power generation cost is dominating than load shedding cost whereas at remaining attack resources, load shedding cost is dominating than power generation cost. This issue exists if the objective function of BPP is total operating cost and doesn’t exist if the objective is only load shedding. So, in this aspect the driving parameter can be economic loss but not load shedding.

Fig. 5
figure 5

Operational Costs and Economic Loss due to LRAV versus Attack Resources,\(\ R\) of modified IEEE-14 bus system

Full size image

Selection of Critical Measuring Units of a Modified IEEE-14 Bus System

For an optimal attack or optimal defense, it is better to know the critical (weak) units of the test system. Researchers, basically selected the critical units based on entropic degree or higher operating nodes and critical lines but those methods are deficient for any number of attack resources or at load varying conditions [18, 19].

Selection of critical units can be done based on entropic degree. Based on equations (19) and (20), the bus entropic degrees of a modified IEEE-14 bus test system are given in Table 4.

Table 4 Bus entropic degrees of modified IEEE-14 bus test system
Full size table

From Table 4, entropic degree of bus-2 is high, which shows that the connectivity of bus-2 to various edges (lines) is high. But in case of most damaging LRAV, bus-3 is given more importance than bus-2. Even, if bus-2 is defended then average economic loss w.r.t. all resources resulted is 611.16MW and if bus-3 is defended, then average economic loss w.r.t. all \(R\) is 127.66MW. From this it can be depicted that entropic degree may not be able to provide the best critical measurements all time. The other disadvantage is entropic degree of a bus is dependent on power flow capacities and independent on load variations.

From literature, the buses and lines operating at higher points are considered as critical measuring units. But if the load changes, the number of critical units can also change [18].

In this section, a developed procedure to select the number of critical units is applied on the modified IEEE-14 bus test system and compared with other two methods. Consider the three loading scenarios, one is standard test system loading and the other two are high loading and low loading conditions.

Scenario-1: Standard Loading Condition of Modified IEEE-14 Bus Test System

The standard load data of IEEE-14 bus test system obtained from MATPOWER is given in Table 5 and let the maximum power flow capacities be 160MW for line-1 and 60MW for remaining 19 lines [23].

Table 5 Standard load data of modified IEEE-14 bus test system
Full size table

The maximum number of attack resources of the 14 bus test system is \({R}_{max}=11+2*20\Rightarrow {R}_{max}=51\) and the maximum number of defendable resources be \(11+20=31\) as safeguarding one measuring unit of a line is sufficient. Here \(k=\{\mathrm{1,2},\ldots ,11\}\), \(l=\{\mathrm{1,2},\ldots .,20\}\) and \(R=\{\mathrm{1,2},\ldots ,51\}\).

Based on procedure presented in third section, if one unit is defended considering all 50 (one used for defense) possibilities of attack resources, then the average economic losses of 31 units is given in Table 6.

Table 6 Average economic losses unsorted and sorted in ascending order while defending each measuring unit at standard loading conditions
Full size table

After sorting is done, based on Fig. 2. Select the top measuring units which can have more capacity to attack or to defend. As mentioned in third section the unit which gives less average economic loss when defended is obviously the most vulnerable unit.

Now consider the top unit in the sorted order given in Table 6, \({P}_{{L}_{6}}\), and when it is defended it results in average economic loss w.r.t. all \(R\)(s), 127.6562MW. By considering only \({P}_{{L}_{6}}\), average economic loss is not zero and then consider the next one from top i.e., \({P}_{{D}_{2}}\). If \({P}_{{L}_{6}}\) and \({P}_{{D}_{2}}\) are both safeguarded, then the average economic loss is 70.7955MW which is even not less than or equal to zero. Repeat the process again and select \({P}_{{L}_{3}}\) in the next step where the economic loss of defending \({P}_{{L}_{6}},{P}_{{D}_{2}}\) and \({P}_{{L}_{3}}\) is even 70.7955MW. So safeguarding \({P}_{{L}_{3}}\) has not provided any advantage than \({P}_{{L}_{6}}\) and \({P}_{{D}_{2}}\). However in case of attacking, \({P}_{{L}_{3}}\) plays a crucial role from \(R=\{7, 8, \ldots ,36\}\) whereas from \(R=\{37, 38, \ldots ,51\}\), the attacking impact of \({P}_{{L}_{3}}\) is less comparatively. So from attacker’s view, \({P}_{{L}_{3}}\) can be treated as a critical unit. Now defending the next unit \({P}_{{L}_{2}}\) in addition to existing set (\({P}_{{L}_{6}},{P}_{{D}_{2}}\) and \({P}_{{L}_{3}}\)), then the absolute of average economic loss is 2.2367E-7 \(\cong\) 0. Hence in case of standard loading conditions of modified IEEE-14 bus test system, the optimal number of critical measurements be 4 (\({P}_{{L}_{6}},{P}_{{D}_{2}},{P}_{{L}_{3}}\) and \({P}_{{L}_{2}}\)). If for a known standard load, if these four measurements are completely attacked or completely defended, the economic loss resulted would be maximum and minimum respectively for any value of \(R\), where \(R=\{\mathrm{1,2},\ldots ,51\}\). Fig. 6 also shows the diagrammatical representation of critical measuring units of modified IEEE-14 bus test system at standard loading conditions. Measuring unit of \({L}_{6}\) is marked with a blue colored star mark, which shows, that measuring unit is a critical unit. Four stars are represented with numbers marked as 1,2,3,4. From Fig. 6, star with 1 shows, that respective unit is top in sorted list (average economic loss w.r.t. all \(R\)(s) while defending critical unit of \({L}_{6}\) is minimum).

Fig. 6
figure 6

Critical measuring units of modified IEEE-14 bus test system at standard loading conditions

Full size image

Scenario-2: High Loading Condition of Modified IEEE-14 Bus Test System

Consider the load just higher than the standard loading of modified IEEE-14 bus test system where load at bus-13 is increased to 63.8MW and load at bus-14 is increased to 54.9MW as mentioned in Table 7 and let the maximum power flow capacities be 160MW for line-1, 70MW for line-2 and 60MW for remaining 18 lines [18].

Table 7 High loading condition of modified IEEE-14 bus test system
Full size table

Based on procedure presented in third section, if defense is provided to each unit individually for all attack resources, at one go, then the sorted average economic losses of 31 units is given in Table 8.

Table 8 Sorted average economic losses when defending each measuring unit at high loading conditions
Full size table

Based on the procedure developed, select the top unit in the sorted list and go on until economic loss is less than or equal to zero.

  • Defending \({P}_{{D}_{2}}\), then \(|average\ economic\ loss|\) is 1192.8$/MWh,

  • Defending \({P}_{{D}_{2}}\) and \({P}_{{L}_{6}}\), then \(|average\ economic\ loss|\) is 1162.0$/MWh,

  • Defending \({P}_{{D}_{2}}\), \({P}_{{L}_{6}}\) and \({P}_{{L}_{3}}\), then \(|average\ economic\ loss|\) is 1162.0$/MWh,

  • Defending \({P}_{{D}_{2}}\), \({P}_{{L}_{6}}\), \({P}_{{L}_{3}}\) and \({P}_{{L}_{13}}\), then \(|average\ economic\ loss|\) is 197.9386$/MWh,

  • Defending \({P}_{{D}_{2}}\), \({P}_{{L}_{6}}\), \({P}_{{L}_{3}}\), \({P}_{{L}_{13}}\) and \({P}_{{D}_{3}}\), then \(|average\ economic\ loss|\) is 41.9726$/MWh,

  • Defending \({P}_{{D}_{2}}\), \({P}_{{L}_{6}}\), \({P}_{{L}_{3}}\), \({P}_{{L}_{13}}\), \({P}_{{D}_{3}}\) and \({P}_{{D}_{1}}\), then \(|average\ economic\ loss|\) is 7.6831E-7$/MWh \(\cong\) 0$/MWh.

Then the maximum number of critical units be 6 (\({P}_{{D}_{2}}\), \({P}_{{L}_{6}}\), \({P}_{{L}_{3}}\), \({P}_{{L}_{13}}\), \({P}_{{D}_{3}}\) and \({P}_{{D}_{1}}\)) in case of high loading. In reference [18], the loads and lines operating at higher values are considered as critical units. There it is considered that, measuring units on bus-13 and bus-14 are critical measurements. But the average economic loss when defending units on bus-13 and bus-14 are 1439MW and 1574.8MW respectively which are not optimal to select them as critical measurements. Critical measuring units of the test system at high loading conditions are marked in Fig. 7.

Fig. 7
figure 7

Critical measuring units of modified IEEE-14 bus test system at high loading conditions

Full size image

Scenario-3: Low Loading Condition of Modified IEEE-14 Bus Test System

Let us consider the load which is just lower than the standard load of IEEE-14 bus test system where load at bus-3 is reduced from 94.2MW to 64.2MW, given in Table 9. Let the maximum power flow capacities be 160MW for line-1 and 60MW for remaining 19 lines.

Table 9 Low loading demand of modified IEEE-14 bus test system
Full size table

Based on procedure presented in third section , if defense is provided to each unit individually, considering all attack resources at one go, then the sorted average economic losses of 31 units is given in Table 10.

Table 10 Sorted average economic losses when defending each measuring unit at low loading conditions
Full size table

Based on the procedure developed, select the top measurement in the sorted list.

  • Defending \({P}_{{L}_{2}}\), then \(|average\ economic\ loss|\) is 19.2699$/MWh,

  • Defending \({P}_{{L}_{2}}\) and \({P}_{{L}_{5}}\), then \(|average\ economic\ loss|\) is 19.2944$/MWh,

  • Defending \({P}_{{L}_{2}}\), \({P}_{{L}_{5}}\) and \({P}_{{L}_{1}}\), then \(|average\ economic\ loss|\) is 19.2904$/MWh,

  • Defending \({P}_{{L}_{2}}\), \({P}_{{L}_{5}}\), \({P}_{{L}_{1}}\) and \({P}_{{L}_{4}}\), then \(|average\ economic\ loss|\) is 9.9780$/MWh,

  • Defending \({P}_{{L}_{2}}\), \({P}_{{L}_{5}}\), \({P}_{{L}_{1}}\), \({P}_{{L}_{4}}\) and \({P}_{{L}_{6}}\), then \(|average\ economic\ loss|\) is 2.9425E-11$/MWh \(\cong\) 0$/MWh.

Defending \({P}_{{L}_{2}}\) or \({P}_{{L}_{5}}\) or \({P}_{{L}_{1}}\), the |average economic loss| is 19.3$/MWh. So selecting one measurement among them is sufficient. Then the maximum number of critical measurements be 3 (\({P}_{{L}_{2}}\), \({P}_{{L}_{4}}\) and \({P}_{{L}_{6}}\)) in case of low loading condition. Fig. 8 highlights the critical units if the test system operates in Scenario-3 i.e., low loading conditions.

Fig. 8
figure 8

Critical units of modified IEEE-14 bus system at low loading conditions

Full size image

From Figs. 6, 7 and 8, it can be inferred that critical units vary with all number of attack resources considered and load variations happened.

As the load demand in three scenarios is considered varying, simulation time for one set of attack-resources provided with one-set of defense resources in three scenarios is 2.20s, 2.37s and 1.04s. However, execution time of multiple sets of attack resources with one set of defense resources is 83.13s (1.39 m), 195.91s (3.27 m) and 53.45s (0.89 m). Time taken to compute the solution of BPP with all attack resources and all defense resources in three load changing conditions is 1115.42s (18.59m), 5030.47s (83.84m) and 574.9s (9.5817m). Computational time (in seconds and minutes) in all three scenarios is given in Table 11.

Table 11 Computational time in three loading scenarios
Full size table

Optimal Attack-Defense Strategy by Static-Zero Sum Game Theory:

Providing defense is protecting redundant critical measurement devices in the system such that any random LRAV could become unsuccessful i.e. the attacker can’t intrude into the system. Perhaps, malicious data which can even enter into the system by means of non-critical units can’t built successful LRAV and won’t impact the system’s vulnerability. Attacker won’t have access to all resources and the defender too can’t protect all, then where critical units of the network must be considered. As it can be depicted from section of "Selection of Critical Units", the critical units cannot be selected based on entropic degree of a bus or lines/loads operating at critical points. In this section, an optimal attack-defense strategy by using static zero-sum game theory is found at all the three loading scenarios considering optimal critical units.

Optimal Attack-Defense Strategy in Scenario-1- Standard Loading Condition

The optimal number of critical units is 4 (\({P}_{{L}_{6}},{P}_{{D}_{2}},{P}_{{L}_{3}}\) and \({P}_{{L}_{2}}\)) in case of standard loading conditions of modified IEEE-14 bus test system. Let attacker has access to 2 critical measurements among total four and defender can protect only one among four, then \({N}_{{S}_{A}}=\left(\genfrac{}{}{0pt}{}{4}{2}\right)\to {N}_{{S}_{A}}=6\) and \({N}_{{S}_{D}}=\left(\genfrac{}{}{0pt}{}{4}{1}\right)\to {N}_{{S}_{D}}=4\). Except defended critical units and non-attacked critical units, all non-critical units are attackable i.e., among 11 load and 40-line flow measurements, if one critical measurement is non-attacked and one is defended then the remaining 49 measurements are all attackable.

The critical units at standard loading conditions are \({P}_{{L}_{6}},{P}_{{D}_{2}},{P}_{{L}_{3}}\) and \({P}_{{L}_{2}}\). Then the attacker’s action space,\(\ {A\_A}_{space}\) has 6 attack strategies and defenders’ action space,\(\ {D\_A}_{space}\) has 4 defense strategies as shown in Table 12. The utilities are found by solving single-level MILPP using CPLEX interfaced with MATLAB and are all tabulated in Table 12. The average economic loss is considered as utility.

Table 12 Average economic loss in possible attack and defense strategies at standard loading conditions
Full size table

In this article, utility is economic loss. Economic loss is advantageous for attackers and loss for defenders/operators. Utility for attacker is economic loss \(f\left(A,V\right)\) (objective of most damaging LRAV) and utility for defender is \(-f(A,V)\). From these discussions, it can be depicted that attacker’s loss is defender’s gain and vice versa. Hence attacker’s utility is 70.7955$/MWh and defender’s utility is -70.7955$/MWh as shown in Table 13. As per the utilities of all 2*(6*4) = 48 possible attacker and defender strategies (shown in Table 13), a static zero-sum game is solved by using Gambit software. Gambit software’s introduction and its application to attack-defense strategic game is given in Appendix-A2.

Table 13 Utility table of static zero-sum game at standard load demand at standard loading conditions
Full size table

On applying zero-sum game theory on all 24*2 strategies in Table 13, an optimal Nash equilibrium point is found using simplicial subdivision method in Gambit software.

The probabilities of optimal attack-defense strategy are given in Table 14. The sum of probabilities of attack and defense strategies is 1 and 1 respectively, also shown in Table 14. From Table 14, optimal attack-defense strategy’s probabilities are not pure but mixed. At the point of Nash equilibrium, probability of \({A}_{{s}_{3}}\) is 0.1382 (13.82%), probability of \({A}_{{s}_{4}}\) is 0.8618 (86.18%) and the attack probabilities of remaining four strategies is 0. However, at Nash equilibrium, probability of \({D}_{{s}_{2}}\) is 0.1382 (13.82%), probability of \({D}_{{s}_{4}}\) is 0.8618 (86.18%) and the defense probabilities of remaining two strategies is 0.

Table 14 Optimal attack and defense probabilities at Nash equilibrium on standard loading conditions
Full size table

Optimal Attack-Defense Strategy in Scenario-2-High Load Condition

The optimal number of critical units in scenario-2 is 6 (\({P}_{{D}_{2}}\), \({P}_{{L}_{6}}\), \({P}_{{L}_{3}}\), \({P}_{{L}_{13}}\), \({P}_{{D}_{3}}\) and \({P}_{{D}_{2}}\)). Let attacker has access to 5 critical units among six and defender can protect one among six, then \({N}_{{S}_{A}}=\left(\genfrac{}{}{0pt}{}{6}{5}\right)\to {N}_{{S}_{A}}=6\) and \({N}_{{S}_{D}}=\left(\genfrac{}{}{0pt}{}{6}{1}\right)\to {N}_{{S}_{D}}=6\). Attacker’s action space,\({A\_A}_{space}\) has 6 attack strategies and defenders’ action space,\({D\_A}_{space}\) has 6 defense strategies as shown in Table 15.

Table 15 Average economic loss in possible attack-defense strategies at high loading conditions
Full size table

On applying zero-sum game theory on all 36 strategies in Table 15, the Nash equilibrium is found using simplicial subdivision method in Gambit software as shown in Table 16.

Table 16 Optimal attack and defense probabilities at Nash equilibrium on high loading conditions
Full size table

From Table 16, at the point of Nash equilibrium, probability of \({A}_{{s}_{4}}\) is 0.0427 (4.27%), probability of \({A}_{{s}_{5}}\) is 0.8957 (89.57%), probability of \({A}_{{s}_{6}}\) is 0.0616 (6.16%) and attack probabilities of remaining three strategies is 0. However, at Nash equilibrium, probability of \({D}_{{s}_{1}}\) is 0.0619 (6.19%), probability of \({D}_{{s}_{2}}\) is 0.3812 (38.12%), probability of \({D}_{{s}_{4}}\) is 0.5570 (55.70%) and defense probabilities of remaining three strategies is 0.

Optimal Attack-Defense Strategy in Scenario-3-Low Load Condition

The optimal number of critical units in scenario-3 is 3 (\({P}_{{L}_{2}}\), \({P}_{{L}_{4}}\) and \({P}_{{L}_{6}}\)). Let attacker has access to 2 critical units among total three and defender can protect one among three, then \({N}_{{S}_{A}}=\left(\genfrac{}{}{0pt}{}{3}{2}\right)\to {N}_{{S}_{A}}=3\) and \({N}_{{S}_{D}}=\left(\genfrac{}{}{0pt}{}{3}{1}\right)\to {N}_{{S}_{D}}=3\). Attacker’s action space,\({A\_A}_{space}\) has 3 attack strategies and defenders’ action space,\({D\_A}_{space}\) has 3 defense strategies as shown in Table 17.

Table 17 Average Economic loss regarding possible strategies at low loading
Full size table

On applying zero-sum game theory on all 9*2 strategies in Table 17, the Nash equilibrium is found using simplicial subdivision method in Gambit software and the optimal attack-defense probabilities at Nash equilibrium are given in Table 18.

Table 18 Optimal Attack and Defense Probabilities at Nash Equilibrium on low loading conditions
Full size table

From Table 18, at the point of Nash equilibrium, probability of \({A}_{{s}_{1}}\) is 0.7318 (73.18%), probability of \({A}_{{s}_{2}}\) is 0.2682 (26.82%) and attack probability of remaining one strategy is 0. However, at Nash equilibrium, probability of \({D}_{{s}_{1}}\) is 0.8707 (87.07%), probability of \({D}_{{s}_{2}}\) is 0.1293 (12.93%) and defense probability of remaining one strategy is 0.

From the above analysis, if all the critical units are used for attacking and defending, economic loss will be maximum and minimum (zero) respectively. But due to budget issues on both attacker and defender side, only some critical units can be attacked and some can be defended. So, an optimal attack-defense strategy can be obtained with suitable critical units, found using static zero sum game theory. Hence from these discussions, it can be depicted that for such percentage of attacking probability, the defense budget can be shared proportionally based on the defense probabilities. If the defense probability for a strategy is maximum, the budget allocated for upgrading of those units’ firewalls in that defense strategy will be high.

Conclusions

Cyber defense is a key aspect that require upgrading or updating of power system to safeguard against bad/false data intrusions. Researchers have modelled many intelligent undetectable attacks like FDIAVs. However, in practical, LRAV can directly target bus active power injections and line active power flows. In this article, three aspects are mainly dealt. The first aspect is obtaining maximum economic loss due to the most damaging LRAV of modified IEEE-14 bus test system where loss is found by converting BPP to single-level MILPP and then computed in MATLAB integrated with MATPOWER and CPLEX. Table 3 and Fig. 5 shows the proportionality of economic loss with respect to attack resources. For attack resources \(R=0\) to \(R=51\), the economic loss is increased from 0$/MWh to 3733$/MWh and load shedding is increased from 0MW to 61.1759MW which are shown in Table 3. So, it is a mandate to suppress these undesirables.

Cyber defense is superior to counter attacking in the present scenario, so that attacker can’t intrude into the system completely and inject successful vectors. Before finding an optimal defense strategy, it is mandate to find optimal attack strategy and critical units. From selection of critical measuring units section, it is clear that optimal critical units may not be satisfactory by entropic degree method or by highly operating points. Hence the second aspect in this article is development of a procedure to find critical units, even if load varies or number of attack resources is unaware. Fig. 2 shows the developed procedure which is validated on the test system at standard, high and low loading conditions subjected to all possible attack resources. Figs. 6, 7 and 8 show the details of critical units at standard, high and low loading conditions.

The third aspect discusses the probabilities of optimal attack-defense strategies at three loading conditions. Optimal probabilities are acquired by playing a static-zero sum game. Economic loss is considered as utility rather than load shedding as economic loss has both power generation and load shedding costs [18, 19]. Optimal attack-defense probabilities at Nash equilibrium in all three loadings are given in Table 14, Table 16 and Table 18 respectively. Hence this work provides some knowledge, that which measuring unit has to be treated as critical and among the selected critical devices, which device has to be defended/protected against LRA.