Trust-Based Detection and Mitigation of Cyber Attacks in Distributed Cooperative Control of Islanded AC Microgrids

Abstract

In this study, we address the challenge of detecting and mitigating cyber attacks in the distributed cooperative control of islanded AC microgrids, with a particular focus on detecting False Data Injection Attacks (FDIAs), a significant threat to the Smart Grid (SG). The SG integrates traditional power systems with communication networks, creating a complex system with numerous vulnerable links, making it a prime target for cyber attacks. These attacks can lead to the disclosure of private data, control network failures, and even blackouts. Unlike machine learning-based approaches that require extensive datasets and mathematical models dependent on accurate system modeling, our method is free from such dependencies. To enhance the microgrid’s resilience against these threats, we propose a resilient control algorithm by introducing a novel trustworthiness parameter into the traditional cooperative control algorithm. Our method evaluates the trustworthiness of distributed energy resources (DERs) based on their voltage measurements and exchanged information, using Kullback-Leibler (KL) divergence to dynamically adjust control actions. We validated our approach through simulations on both the IEEE-34 bus feeder system with eight DERs and a larger microgrid with twenty-two DERs. The results demonstrated a detection accuracy of around 100%, with millisecond range mitigation time, ensuring rapid system recovery. Additionally, our method improved system stability by up to almost 100% under attack scenarios, showcasing its effectiveness in promptly detecting attacks and maintaining system resilience. These findings highlight the potential of our approach to enhance the security and stability of microgrid systems in the face of cyber threats.

1. Introduction

AC microgrids are pivotal in transforming energy distribution by offering decentralized solutions that enhance resilience and sustainability compared to traditional centralized grids [1]. These systems enable localized power generation and distribution, integrating renewable energy sources like solar PV, wind, and small-scale hydroelectric systems. This integration reduces greenhouse gas emissions and optimizes energy efficiency by using an advanced technological model [2] and minimizing transmission losses [3]. The inherent flexibility of microgrids allows for the seamless integration of new technologies, supporting diverse energy needs while also providing ancillary services such as frequency regulation and voltage support to enhance overall system [4] and grid stability [5].

In microgrid systems, distributed energy resources (DERs) such as solar panels and wind turbines play a crucial role in maintaining grid stability. This is achieved through coordinated operation, where droop control is fundamental; generators adjust their output based on grid frequency changes to balance supply and demand dynamically [6,7]. Extending this principle, cooperative secondary control across multiple DERs allows for enhanced communication and coordination, enabling these resources to collectively respond to grid fluctuations. This approach optimizes energy distribution, reduces fluctuations, and bolsters overall grid stability by leveraging shared information among DERs [8,9]. However, the effectiveness of this coordination is heavily dependent on a robust communication network, which is vulnerable to environmental interferences, packet loss, and increasing cyber threats [10].

The communication network in microgrids and Cyber-Physical Systems (CPS) is crucial for integrating physical components like generators and sensors with computational elements such as controllers and monitoring systems [11]. This integration facilitates real-time monitoring, control, and coordination of DERs, ensuring seamless data exchange and command transmission to manage operational parameters like voltage, frequency, and power flow [12]. These capabilities are essential for maintaining system stability and responding to dynamic grid conditions [13]. To support these functions, CPS communication networks must possess high reliability, low latency, and high bandwidth capacity [14]. Moreover, they must be fortified with robust cybersecurity measures, including encryption, authentication, and intrusion detection systems, to safeguard against cyber threats [15].

Despite their advantages, microgrid and CPS communication networks are not without vulnerabilities. Cyber threats such as False Data Injection Attacks (FDIA), Denial-of-Service (DoS) attacks, Distributed Denial-of-Service (DDoS) attacks, Replay attacks, and Stealthy attacks pose significant risks [16,17]. For instance, FDIA can manipulate critical operational data, potentially compromising grid stability by feeding misleading information [18]. DoS and DDoS attacks disrupt network services, hindering real-time monitoring and control capabilities [19]. Replay attacks exploit intercepted data to deceive systems, while Stealthy attacks covertly manipulate system behavior to cause harm [20,21]. Mitigating these risks requires not only encrypted communication channels and strong authentication protocols but also effective intrusion detection systems and continuous monitoring to protect against evolving cyber threats and ensure reliable CPS operation [22].

A significant example highlighting the severity of these threats is the cyber attack targeting power plants in Ukraine in 2015 and 2016. Hackers compromised control systems using malware to manipulate SCADA systems, resulting in widespread outages that affected over 200,000 customers [23]. Similar incidents in the USA further emphasize the global vulnerabilities in energy infrastructure and underscore the critical need for enhanced cybersecurity measures to protect against evolving threats [24]. Malware such as Stuxnet and BlackEnergy, which have been used to sabotage and disrupt energy infrastructures, illustrate the potential economic and security impacts of such attacks, reinforcing the necessity of robust cybersecurity strategies [25,26].

To counter these threats, model-based studies for cyber attack detection in energy systems are increasingly relying on mathematical models and simulations. These models help predict and respond to potential threats by analyzing system behaviors, anomalies, and patterns [27]. However, accurately modeling large-scale systems like microgrids and power plants is challenging due to their dynamic operations and diverse component configurations [28]. Machine learning (ML) approaches offer promising advantages in detecting subtle deviations indicative of cyber attacks. Yet, they require extensive, representative datasets for effective training and continuous optimization to adapt to evolving threats and system configurations [29,30].

While significant progress has been made in anomaly detection, existing studies often lack effective mitigation mechanisms [31]. To address this gap, a comprehensive approach is necessary, incorporating automated response systems, enhanced security protocols, incident response plans, and continuous monitoring. These measures are essential for minimizing the impact of cyber attacks on system operations and ensuring the resilience and security of critical energy infrastructure against evolving cyber threats [32].

Our study aims to address the shortcomings and gaps in model-based cyber attack detection by introducing a resilient control algorithm. This algorithm tackles the vulnerabilities in conventional cooperative control methods by segregating sensor measurements based on trust factors, which are calculated using relative entropy. In addition to focusing on anomaly detection, we propose an effective response strategy that restores the system to normal operating conditions as quickly as possible after an attack is detected. This paper has three key contributions, as mentioned below:

• This study introduce a novel detection approach that leverages KL-divergence for trust calculation in voltage measurements, enabling precise identification of False Data Injection Attacks (FDIAs) in islanded AC microgrids. This method stands out as it does not require prior data or complex modeling, making it highly effective in real-time detection of stealthy and sophisticated cyberattacks.
• Our methodology eliminates the need for data dependency by implementing a resilient control mechanism that functions without requiring historical datasets. This data-independent approach enhances the adaptability and scalability of the control system, making it more robust and suitable for dynamic and evolving microgrid environments.
• Unlike existing methods that primarily focus on detecting cyberattacks, our approach provides a comprehensive solution that includes both detection and mitigation strategies. This dual capability ensures that once an attack is identified, the system can quickly respond and maintain stability, making our method particularly effective against stealthy attacks and ensuring continuous secure operation of the microgrid.

The study is structured as follows: Section 2 covers the “Materials and Methods”, beginning with the “Basics of Graph Theory” in Section 2.1, discussing the communication network among inverters. Section 2.2 describes the “Microgrid Model”, including its architecture and components. Section 2.3 explains “Traditional Control Using the Droop Method” for maintaining voltage stability. Section 2.4 presents the “Attack Model” for various cyber-attack scenarios. Section 2.5 introduces the “Detection Method” for identifying these attacks. Section 2.6 details the “Trust-Based Resilient Distributed Control Method”, including subsections on the “Trust of DERs in their Own Voltage Measurement” (Section 2.6.1), “Trust of DERs in Neighbor’s Voltage” (Section 2.6.2), and “Attack Mitigation by Own and Neighbor’s Trust” (Section 2.6.3). Section 3 discusses the “Results and Discussion”, highlighting the effectiveness of the proposed methods. Finally, Section 4 provides the “Conclusions”, summarizing the findings and suggesting future work.

2. Materials and Methods

2.1. Basic of Graph Theory

The graph $Gr=(V,F)$ represents the communication network among inverters, where $V=\{v_1,v_2,\dots ,v_m\}$ denotes a set of m nodes or vertices, each of which corresponds to one inverter. Each edge from $v_i$ to $v_j$ is represented as $(v_i,v_j)$, representing the information flow between inverters i and j. F is a set of edges or arcs. The collection of inverters, or its neighbors, that inverter i receives information from is indicated by the symbol $M_i$. An adjacency matrix $\mathbf{A}=\left[a_{ij}\right]$, with weights $a_{ij}>0$ if $(v_i,v_j)\in F$, otherwise $a_{ij}=0$, can be used to represent the graph. It is known that $\mathbf{D}=diag\left\{M_i\right\}$ is the diagonal in-degree matrix. Laplacian matrix of a network, $\mathbf{L}=\mathbf{D}-\mathbf{A}$, captures the dynamics of distributed systems, including the rate of convergence. An edge sequence consisting of $(v_i,v_p),(v_p,v_q),\dots ,(v_r,v_j)$ is a path from node i to node j. If there is a root node in a network and a path connecting it to every other node in the graph, the graph is said to have a spanning tree. The Laplacian matrix eigenvalue ${\mu }_1=0$ in this scenario is a simple eigenvalue. $\mathit{\psi }=d\mathbf{1}$ is the expression for the solution to $\mathbf{L}\mathit{\psi }=\mathbf{0}$, in which d is a constant. Thus, as long as there is a spanning tree in the communication graph, synchronization is guaranteed [33].

Unidirectional edges allow a leader node to establish connections with several nodes, ensuring a link to at least one root node. Pinned nodes and pinning edges, respectively, are the nodes that are attached to the leader node and their corresponding connecting edges. Every pinning edge has a gain associated with it; for example, the pinning gain from the leader to node i is denoted as $h_i$. An unpinned node has no pinning advantage. The $\mathbf{G}=diag\left\{h_i\right\}$ is the pinning gain matrix.

2.2. Microgrid Model

Figure 1 illustrates a comprehensive architecture of a Cyber-Physical System (CPS) for distributed generation (DG), segmented into three primary layers: the Physical Layer, the Resilient Control Layer, and the Cyber Layer. In the Physical Layer, individual distributed generators (DG_i) convert DC voltage ($V_i^{dc}$) to AC voltage using an inverter controlled by Pulse Width Modulation (PWM). The output passes through an LC filter, comprising inductors ($L_i^s$), capacitors ($C_i^s$), and resistors ($R_i^s$), before reaching the Point of Common Coupling (PCC). This layer also includes a Current Controller, Voltage Controller, and Local Droop Controller, which use feedback from the dq0 transformation of the output voltage ($V_i^{odq}$) and current ($I_i^{odq}$) for regulation. The Resilient Control Layer enhances system reliability by generating a trust factor from the Kullback-Leibler (KL) divergence, feeding it into conventional and resilient secondary controllers to maintain the output voltage ($V_{out}^{D{G}_{1,2,3,\dots ,N}}$). The Cyber Layer incorporates a communication network linking distributed generators (DG1, DG2, …, DGj) and monitors various parameters ($\{V,Q,\omega ,I,P\}$), addressing potential sensor and link attacks that could compromise the system.

2.3. Traditional Cooperative Control Method

The primary control is applied locally at grid-forming DERs. This technique associates the reactive power, Q, with the voltage magnitude, $v_o$ and the active power, P, with frequnecy, $\omega$. The voltage and frequency droop have the following characteristics:

$$\left\{\begin{array}{c}\omega ={\omega }_n-{\alpha }_{P}P\hfill \\ v_o=V_n-{\beta }_{Q}Q\hfill \end{array}\right.$$

(1)

where ${\omega }_n$ and $V_n$ represent the primary references for frequency and voltage control, respectively, and ${\alpha }_P$ and ${\beta }_Q$ denote the droop coefficients for active and reactive power, respectively. Typically, the droop coefficient for active power, ${\alpha }_P$, is selected proportionally to the apparent power rating of the DERs. In contrast, the reactive power droop coefficient, ${\beta }_Q$, is determined proportionally based on the maximum reactive power, which is calculated using the minimum allowable power factor and the DER’s apparent power rating [34]. The goal of distributed secondary control is to correct frequency and voltage deviations in the microgrid that arise from primary control. This method employs distributed control protocols across individual DERs, allowing them to communicate through a distributed network and exchange local information with neighboring DERs. The distributed secondary control adjusts ${\omega }_n$ and $V_n$ in Equation (1) to ensure that each DER’s operating frequency and terminal voltage align with the reference values, ${\omega }_{\mathrm{ref}}$ and $V_{\mathrm{ref}}$, respectively.

$$\begin{array}{cc}\hfill & \underset{t\to \infty }{lim}∥{\omega }_i\left(t\right)-{\omega }_{\mathrm{ref}}∥=0\hfill \\ \hfill & \underset{t\to \infty }{lim}∥v_{o,i}\left(t\right)-V_{\mathrm{ref}}∥=0\hfill \end{array}\forall i\in N$$

(2)

Additionally, the secondary control must guarantee that the distribution of active and reactive power among DERs adheres to the droop coefficients.

$$\begin{array}{cc}\hfill & {\alpha }_{Pi}{P}_i={\alpha }_{Pj}{P}_j,\hfill \\ \hfill & {\beta }_{Qi}{Q}_i={\beta }_{Qj}{Q}_j,\hfill \end{array}$$

(3)

where $P_{\max ,i}/Q_{\max ,i}$ and $P_{\max ,j}/Q_{\max ,j}$ represent the active and reactive power ratings of the i-th and j-th DERs, respectively. The secondary control for a microgrid with N DERs is framed as a synchronization problem for the following first-order multi-agent system, with the aim of fine-tuning the primary control inputs.

$$\left\{{\dot{\omega }}_{ni}=v_{\omega i},{\dot{V}}_{ni}=v_{vi},i=1,\dots ,N\right.$$

(4)

Here ${\nu }_{\omega i}$ and ${\nu }_{vi}$ represent the distributed secondary frequency and voltage control protocols. These protocols are derived from the local data of each DER and the information obtained from neighboring DERs and can be formulated as follows.

$$\begin{array}{cc}\hfill v_{\omega i}& =-c_{\omega }{\delta }_{\omega i}\hfill \\ \hfill v_{vi}& =-c_v{\delta }_{vi}\hfill \end{array}$$

(5)

where $c_{\omega }$ and $c_v$ are the control gains, while ${\delta }_{\omega i}$ and ${\delta }_{vi}$ denote the local tracking errors for frequency and voltage within the vicinity. These errors can be described as follows:

$$\begin{array}{cc}\hfill {\delta }_{\omega i}=& \sum _{j\in N_i}{a}_{ij}\left({\omega }_i-{\omega }_j\right)+g_i\left({\omega }_i-{\omega }_{ref}\right)\hfill \\ \hfill & +\sum _{j\in N_i}{a}_{ij}\left({\alpha }_{Pi}{P}_i-{\alpha }_{Pj}{P}_j\right),\hfill \\ \hfill {\delta }_{vi}=& \sum _{j\in N_i}{a}_{ij}\left(v_{oi}-v_{oj}\right)+g_i\left(v_{oi}-v_{ref}\right)\hfill \\ \hfill & +\sum _{j\in N_i}{a}_{ij}\left({\beta }_{Qi}{Q}_i-{\beta }_{Qj}{Q}_j\right),\hfill \end{array}$$

(6)

It is assumed that the pinning gain $g_i$ is nonzero for one DER. Recognizing that communication noise is an inherent aspect of Distributed Energy Resource (DER) networks, the auxiliary controls ${\nu }_{\omega i}$ and ${\nu }_{vi}$ for the i-th DER, as detailed in Equation (5), can be represented as follows:

$$\left\{\begin{array}{c}{\zeta }_{\omega i}=v_{\omega i}+{\eta }_{\omega i}\hfill \\ {\zeta }_{vi}=v_{vi}+{\eta }_{vi}\hfill \end{array}\right.$$

(7)

Here ${\eta }_{\omega i}\sim \mathcal{N}(0,{\sigma }_{\omega i})$ and ${\eta }_{vi}\sim \mathcal{N}(0,{\sigma }_{vi})$ denote the aggregate Gaussian noise affecting the incoming frequencies and voltages from neighboring Distributed Energy Resources (DERs) to the i-th DER. Typically, the noise encountered in electronic devices at the receiving end is thermal in nature and is modeled as Gaussian noise. Consequently, we assume the communication noise follows a Gaussian distribution, which is a commonly accepted assumption in the literature [34]. With the presence of such noise, the synchronization issue for microgrid frequency and voltage, as defined by Equation (2), is reformulated into a mean square synchronization problem and can be represented as follows:

$$\left\{\begin{array}{c}\underset{t\to \infty }{lim}\mathbb{E}{∥{\omega }_i\left(t\right)-{\omega }_{ref}\left(t\right)∥}^2=0\hfill \\ \underset{t\to \infty }{lim}\mathbb{E}{∥v_{oi}\left(t\right)-v_{ref}\left(t\right)∥}^2=0\hfill \end{array}\forall i\in N\right.$$

(8)

2.4. Attack Model

This section presents a model for attacks on the distributed secondary control within a microgrid.

Definition 1.

A DER that is specifically targeted by an attack is termed a compromised DER. Conversely, a DER that is not targeted or is not under immediate attack is referred to as an intact DER. In the case of a direct attack on the controller, the voltage of the DER can be described by the following model:

$$v_{oi}^{com}=v_{oi}+{\gamma }_i{v}_{oi}^{att},$$

(9)

where $v_{oi}^{att}$ denotes the input from the attacker injected into the controller of the i-th DER, and $v_{oi}^{com}$ represents the corrupted voltage of the DER, with the scalar ${\gamma }_i$ set to 1 during an attack. Similarly, for an attack targeting the communication channel between two DERs, the corrupted voltage signal received from the j-th DER can be modeled as follows:

$$v_{oj}^{com}=v_{oj}+{\gamma }_j{v}_{oj}^{att},$$

(10)

where $v_{oj}^{att}$ represents the attacker’s input injected into the communication channel between two DERs, and $v_{oj}^{com}$ denotes the corrupted voltage of DER j as received by DER i, with the scalar ${\gamma }_j$ equal to 1 during an attack.

Remark 1.

This subsection discusses the attack model affecting the DER’s voltage, which influences the auxiliary control $v_{vi}$ as described in (5). The rest of the paper will concentrate on voltage-related attacks and will detail methods for detecting and mitigating such attacks. The approach used here can be similarly applied to model, detect, and mitigate frequency-based attacks.

Remark 2.

The attack models described in Equations (9) and (10) involve the manipulation of voltages in controllers. Given the widespread use of communication and control technologies, as well as the presence of Intelligent Electronic Devices (IEDs), microgrid control systems are particularly susceptible to cyber-attacks. False Data Injection (FDI) attacks can target sensors (e.g., Phasor Measurement Units (PMUs)) or actuators (control and decision-making units). Such attacks may involve injecting fraudulent signals into DER measurement sensors or directly disrupting control units, potentially compromising the entire controller. Specifically, FDI attacks can jeopardize the voltage and frequency stability of the microgrid, delay DER control responses, or lead to DER overloads.

Current firewall and intrusion detection systems (IDSs) monitor and analyze network information flows to detect significant changes. However, no single IDS is capable of detecting all types of attacks [35]. Additionally, the performance of IDSs heavily relies on their configuration, and improper tuning can lead to undetected attacks. Moreover, IDSs do not prevent corrupted information from entering the system and cannot directly mitigate attacks. Thus, it is essential to develop a robust control protocol for microgrids that can handle attacks and ensure acceptable functionality despite their presence.

2.5. Detection Method

This subsection presents a method for detecting attacks using relative entropy in the distributed secondary control systems of microgrids. Specifically, the Kullback-Leibler (KL) divergence, a non-negative measure of relative entropy between two probability distributions, is employed to quantify the differences between them.

Definition 2

(KL Divergence: [36,37]). Let Y and W be two random sequences with probability density functions $Q_Y$ and $Q_W$, respectively. The KL divergence between $Q_Y$ and $Q_W$ in continuous time is defined as:

$$D_{KL}(Y\parallel W)=\int Q_Y\left(\theta \right)log\left({\displaystyle \frac{Q_Y\left(\theta \right)}{Q_W\left(\theta \right)}}\right)d\theta ,$$

(11)

with the following properties:

(1) 

$D_{KL}(Q_Y\parallel Q_W)\ge 0$,

(2) 

$D_{KL}(Q_Y\parallel Q_W)=0$ if and only if $Q_Y=Q_W$.

If the sequences Y and W follow Gaussian distributions, the KL divergence given in (1) can be expressed more simply using the means and covariances of the sequences, as detailed in [36].

$$\begin{array}{cc}\hfill D_{KL}(Y\parallel W)=& {\displaystyle \frac{1}{2}}\left(log{\displaystyle \frac{\left|{\Sigma }_W\right|}{\left|{\Sigma }_Y\right|}}-n+tr\left({\Sigma }_W^{-1}{\Sigma }_Y\right)\right)\hfill \\ \hfill & +{\displaystyle \frac{1}{2}}{\left({\mu }_W-{\mu }_Y\right)}^T{\Sigma }_W^{-1}\left({\mu }_W-{\mu }_Y\right),\hfill \end{array}$$

(12)

where ${\mu }_Y$ and ${\Sigma }_Y$ represent the mean and covariance of sequence Y, respectively, while ${\mu }_W$ and ${\Sigma }_W$ denote the mean and covariance of sequence W. Additionally, n indicates the dimensionality of the sequences.

To develop a detector for voltage-based attacks, we first reformulate the auxiliary control variable ${\zeta }_{vi}$ from Equation (7) by utilizing its statistical properties. We then propose an attack detection method based on the KL divergence measure for distributed secondary control in AC microgrids. This approach demonstrates that various sophisticated attacks can be identified by observing changes in the statistical properties of the auxiliary control variables. In the absence of an attack, considering the Gaussian noise present in the communication channel, the auxiliary control ${\zeta }_{vi}$ from Equation (7) can be expressed as follows:

$${\zeta }_{vi}=-c_v{\delta }_{vi}+{\eta }_{vi}$$

(13)

where ${\eta }_{vi}$ denotes the cumulative Gaussian noise impacting the incoming data from neighboring nodes, defined as:

$${\eta }_{vi}=\sum _{j\in N_i}{a}_{ij}{\eta }_{vij}\sim \mathcal{N}\left(0,{\Sigma }_{v_i}\right).$$

(14)

As a result of the noise, the statistical characteristics of the auxiliary control ${\zeta }_{vi}$ in Equation (7) are given by:

$${\zeta }_{vi}\sim \mathcal{N}\left(0,{\Sigma }_{v_i}\right)$$

(15)

which reflects the standard operation of the Distributed Secondary Voltage Control. When attacks are present, Equation (7) shows that the auxiliary control ${\zeta }_{vi}^a$ is expressed as:

$${\zeta }_{vi}^{com}=-c_v{\delta }_{vi}^{att}+{\eta }_{vi}$$

(16)

with the corrupted local neighborhood tracking error given by ${\delta }_{vi}^{com}={\delta }_{vi}+f_i^{att}$, where $f_i^{att}$ is specified as:

$$f_i^{att}=\left[\left(\sum _{j\in N_i}{a}_{ij}+g_i\right)v_i^{att}-\sum _{j\in N_i}{a}_{ij}{v}_j^{att}\right]$$

(17)

indicating the overall deviation in the local neighborhood tracking error caused by attacks on either the controller or the communication channel within the network. It is crucial to note that in the presence of attacks, the voltage of Distributed Energy Resources (DERs) becomes corrupted, leading to a distorted auxiliary control ${\zeta }_{vi}^{att}$. The total input from the attacker, $f_i^{att}$, is not directly measurable and does not need to be explicitly determined. These attacks alter the statistical characteristics of the control protocol. Therefore, based on Equation (15), the following statistical properties can be established:

$${\zeta }_{vi}^{att}\sim \mathcal{N}\left({\mu }_{f_i^{att}},{\Sigma }_{f_i}^{att}+{\Sigma }_{v_i}\right),$$

(18)

where ${\mu }_{f_i^{att}}$ and ${\Sigma }_{f_i^{att}}$ represent the mean and covariance of the total attack signal $f_i^{att}$, respectively. Given that both ${\zeta }_{vi}^{att}$ and ${\zeta }_{vi}$ are normally distributed, the KL divergence $D_{KL}({\zeta }_{vi}^{att}\parallel {\zeta }_{vi})$ between the control sequences ${\zeta }_{vi}^{att}$ and ${\zeta }_{vi}$ can be expressed as:

$$\begin{array}{cc}\hfill D_{KL}\left({\zeta }_{vi}^{att}\left|\right|{\zeta }_{vi}\right)=& {\displaystyle \frac{1}{2}}\left(log{\displaystyle \frac{\left|{\Sigma }_{{\zeta }_{vi}}\right|}{\left|{\Sigma }_{{\zeta }_{vi}^{att}}\right|}}-1+tr\left({\Sigma }_{{\zeta }_{vi}}^{-1}{\Sigma }_{{\zeta }_{vi}^{att}}\right)\right)\hfill \\ \hfill & +{\displaystyle \frac{1}{2}}{\left({\mu }_{\zeta vi}-{\mu }_{{\zeta }_{vi}^{att}}\right)}^T{\Sigma }_{{\zeta }_{vi}}^{-1}\left({\mu }_{\zeta vi}-{\mu }_{{\zeta }_{vi}^{att}}\right),\hfill \end{array}$$

(19)

where ${\mu }_{{\zeta }_{vi}}$ and ${\Sigma }_{{\zeta }_{vi}}$ represent the mean and covariance of ${\zeta }_{vi}$, while ${\mu }_{{\zeta }_{vi}^{att}}$ and ${\Sigma }_{{\zeta }_{vi}^{att}}$ denote the mean and covariance of ${\zeta }_{vi}^{att}$. We define the average KL divergence over a window T as:

$${\mathrm{\Omega }}_i={\displaystyle \frac{1}{T}}{\int }_k^{k+T-1}{D}_{KL}\left({\zeta }_{vi}^{att}\parallel {\zeta }_{vi}\right)d\tau$$

(20)

to identify changes resulting from the adversarial input. In the theorem below, we demonstrate that the influence of attacks on the secondary distributed control of the microgrid can be detected by analyzing the discrepancies between the control sequences ${\zeta }_{vi}^{att}$ and ${\zeta }_{vi}$.

Theorem 1.

Consider the distributed auxiliary control ${\zeta }_{vi}$ in Equation (16) when subjected to attacks. Then, (a) ${\mathrm{\Omega }}_i$ as defined in Equation (20) is zero in the absence of attacks on the DERs. (b) ${\mathrm{\Omega }}_i$ as defined in Equation (20) exceeds a predefined threshold ${\gamma }_i$ when the microgrid’s secondary control is under attack.

Proof. 

Without attacks, the statistical properties of the sequences ${\zeta }_{vi}^{att}$ and ${\zeta }_{vi}$ in Equations (15) and (18) are identical since ${\mu }_{f_i^{att}}$ and ${\Sigma }_{f_i^{att}}$ are zero when $f_i^{att}=0$. As a result, the KL divergence $D_{KL}({\zeta }_{vi}^{att}\parallel {\zeta }_{vi})$ in Equation (18) is zero, per Equation (15), making ${\gamma }_i$ in Equation (20) zero. This completes the proof for the no-attack scenario. To prove Part (b), by substituting Equations (15)–(18) into Equation (19), the KL divergence between ${\zeta }_{vi}^{att}$ and ${\zeta }_{vi}$ can be written as:

$$\begin{array}{cc}\hfill & D_{KL}\left({\zeta }_{vi}^{att}\left|\right|{\zeta }_{vi}\right)={\displaystyle \frac{1}{2}}(log{\displaystyle \frac{\left|{\Sigma }_{v_i}\right|}{\left|{\Sigma }_{f_i^{att}}+{\Sigma }_{v_i}\right|}}\hfill \\ \hfill & +tr\left({\Sigma }_{v_i}^{-1}{\Sigma }_{f_i^{att}}\right)+{\mu }_{f_i^{att}}^T{\Sigma }_{v_i}^{-1}{\mu }_{f_i^{att}}).\hfill \end{array}$$

(21)

Then utilizing Equation (20), we obtain:

$$\begin{array}{cc}\hfill {\mathrm{\Omega }}_i={\displaystyle \frac{1}{T}}{\int }_k^{k+T-1}\left({\displaystyle \frac{1}{2}}\right.& log{\displaystyle \frac{\left|{\Sigma }_{v_i}\right|}{\left|{\Sigma }_{f_i^{att}}+{\Sigma }_{v_i}\right|}}+tr\left({\Sigma }_{v_i}^{-1}{\Sigma }_{f_i^{att}}\right)\hfill \\ \hfill & \left.+{\mu }_{f_i^{att}}^T{\Sigma }_{v_i}^{-1}{\mu }_{f_i^{att}}\right)d\tau >{\gamma }_i\hfill \end{array}$$

(22)

where T is the size of the sliding window and ${\gamma }_i$ is the specified positive design threshold. This concludes the proof for the attack scenario.

According to Theorem 1, the impact of attacks on the distributed secondary control of microgrids can be detected using a predefined design threshold ${\gamma }_i$. The attack detection method outlined in Equation (22) employs an averaging technique over a fixed-length moving window to minimize false positives. Brief anomalies, such as disturbances or packet losses, dissipate within a few time steps and are thus not classified as attacks. □

2.6. Trust-Based Resilient Cooperative Control Method

This section introduces a robust distributed control strategy for the secondary control of microgrids, integrating the previously discussed attack detection algorithm. We start by defining trust factors for both internal and neighboring measurements, which are subsequently incorporated into the distributed secondary control protocols.

2.6.1. Trust of DERs in Their Own Voltage Measurement

To evaluate the reliability of each DER’s own voltage measurement, influenced by its proximity to the attack source within the network, a trust factor is introduced. When an adversary is present, a DER reduces its trust level in its own voltage measurement and shares its self-trust factor with its immediate neighbors, thereby hindering the spread of the attack throughout the microgrid. Based on $D_{KL}({\zeta }_{v_i}^{att}\left|\right|{\zeta }_{v_i})$ from Theorem 1, the trust factor of the i-th DER concerning its own voltage measurement is defined as follows:

$$B_i^{trust}\left(t\right)={\alpha }_1{\int }_0^t{e}^{{\alpha }_1(\theta -t)}{\phi }_i\left(\theta \right)d\theta ,$$

(23)

where $0\le B_i^{trust}\left(t\right)\le 1$ with

$${\phi }_i\left(t\right)={\displaystyle \frac{{\mathrm{\Lambda }}_1}{{\mathrm{\Lambda }}_1+D_{KL}\left({\zeta }_{vi}^{att}\parallel {\zeta }_{vi}\right)}},$$

(24)

where ${\mathrm{\Lambda }}_1$ represents the threshold to account for channel fading and other uncertainties, and $0<{\alpha }_1<1$ denotes the discount factor. Equation (23) can be implemented using the following differential equation:

$${\dot{B}}_i^{trust}\left(t\right)+{\alpha }_1{B}_i^{trust}\left(t\right)={\alpha }_1{\phi }_i\left(t\right)$$

(25)

Based on Theorem 1, in the presence of attacks, $D_{KL}({\zeta }_{v_i}^{att}\left|\right|{\zeta }_{v_i})\gg {\mathrm{\Lambda }}_1$, causing the trust of the DER, ${\phi }_i\left(t\right)$, to approach zero and, consequently, the value of $B_i^{trust}\left(t\right)$ to also approach zero. Conversely, in the absence of attacks, $D_{KL}({\zeta }_{v_i}^{att}\left|\right|{\zeta }_{v_i})$ tends to zero, making ${\phi }_i\left(t\right)$ close to one and, as a result, $B_i^{trust}\left(t\right)$ close to one. When a DER is directly attacked, its self-trust value approaches zero as indicated in Equation (20). The DER then communicates this self-trust value to its neighboring DERs. Based on the received self-trust values, neighboring DERs will disregard the information from the attacked DER, thereby mitigating the spread of the attack. It is crucial to note that the discount factor in Equation (23) assesses the relative importance of current information compared to past data. This factor ensures that if an attack is temporarily halted (e.g., during packet dropouts), the DER’s trust can recover, as it primarily relies on the most recent information.

2.6.2. Trust of DERs in Neighbor’s Voltage

To assess the trust a DER places in its neighbor’s observed voltage, we introduce the concept of external trust. When a DER’s self-trust value is low, it relies on the information from its neighbors—whether that information is intact or compromised—and updates its external trust based on the trustworthiness of each neighbor using only local data. This process enables DERs to identify and exclude information from compromised neighbors, thus refining their control protocols. In a worst-case scenario, a compromised DER may falsely report a self-trust value of 1 to mislead its neighbors. By employing external trust, a DER can detect and disregard the information from such corrupted neighbors.

Using the KL divergence between the exchanged information of the i-th DER and its neighbor, ${\mathrm{\Gamma }}_{ij}\left(t\right)$ can be defined as follows:

$${\mathrm{\Gamma }}_{ij}\left(t\right)={\beta }_2{\int }_0^t{e}^{{\beta }_2(\theta -t)}{\varphi }_{ij}\left(\theta \right)d\theta$$

(26)

where $0\le {\mathrm{\Gamma }}_{ij}\left(t\right)\le 1$ and

$${\varphi }_{ij}\left(t\right)={\displaystyle \frac{{\mathrm{\Theta }}_2}{{\mathrm{\Theta }}_2+D_{KL}\left(v_i\parallel {\overline{v}}_i\right)}}\forall j\in {\mathcal{N}}_i$$

(27)

where ${\overline{v}}_i={\displaystyle \frac{1}{|{\mathcal{N}}_i|}}{\sum }_{j\in {\mathcal{N}}_i}{v}_j$; ${\mathrm{\Theta }}_2>0$ represents the threshold to account for channel fading and other uncertainties; $0<{\beta }_2<1$ is the discount factor. When a neighboring DER is under direct attack, the KL divergence $D_{KL}(v_i\parallel {\overline{v}}_i)$ increases, causing ${\varphi }_{ij}\left(t\right)$ to approach zero. As a result, ${\mathrm{\Gamma }}_{ij}\left(t\right)$ also approaches zero. Conversely, if the incoming information from a neighboring DER is valid, $D_{KL}(v_i\parallel {\overline{v}}_i)$ remains close to zero, causing ${\varphi }_{ij}\left(t\right)$ to approach one. The implementation of Equation (26) is described by the following differential equation:

$${\dot{\mathrm{\Gamma }}}_{ij}\left(t\right)+{\beta }_2{\mathrm{\Gamma }}_{ij}\left(t\right)={\beta }_2{\varphi }_{ij}\left(t\right)$$

(28)

Now, we define the external-trust value of a DER on its neighbors as:

$$E_{ij}^{Trust}\left(t\right)=min\left(B_i^{trust}\left(t\right),{\mathrm{\Gamma }}_{ij}\left(t\right)\right),$$

(29)

with $0\le E_{ij}^{Trust}\left(t\right)\le 1$. It is important to note that the discount factor in Equations (20) and (23) determines the weight of current experiences relative to past ones. It ensures that if an attack is temporary and stops after some time, or if a short-term disturbance (such as packet dropout) occurs instead of a continuous attack, the belief will recover, as it is mainly based on the current conditions.

2.6.3. Attack Mitigation by Own and Neighbor’s Trust

This subsection introduces a robust and cyber-secure auxiliary control protocol for the secondary control of microgrids. The proposed mitigation algorithm leverages entropy-based trust metrics for both self and neighbor measurements. Specifically, the trust values derived from Equations (20) and (26) are integrated into the voltage-based auxiliary control scheme outlined in Equation (7), leading to the following resilient formulation:

$$\begin{array}{ccc}\hfill {\delta }_{vi}=& \sum _{j\in N_i}{a}_{ij}\left(v_{oi}-v_{oj}\right)+g_i\left(v_{oi}-v_{ref}\right)\hfill & \hfill +\sum _{j\in N_i}{a}_{ij}\left({\beta }_{Qi}{Q}_i-{\beta }_{Qj}{Q}_j\right),\end{array}$$

(30)

where

$${\alpha }_{ij}\left(t\right)=a_{ij}{B}_i^{trust}\left(t\right)E_{ij}^{Trust}\left(t\right)$$

(31)

The resilient auxiliary control protocol proposed in (30) addresses Problem 1 for intact DERs under attack by integrating the own and neighbor trust factors discussed earlier. Algorithm 1 outlines the full procedure for transitioning to a dynamic resilient control algorithm based on the relative entropy of two measurements under normal and attack conditions.

Algorithm 1 DER Attack Detection and Distributed Control Protocol Update

Enable ith DER attack detection module. Calculate ${\mathrm{\Omega }}_i={\displaystyle \frac{1}{T}}{\int }_k^{k+T-1}{D}_{KL}\left({\zeta }_{vi}^{att}\parallel {\zeta }_{vi}\right)d\tau$. if ${\mathrm{\Omega }}_i>{\gamma }_i$ then     kth DER is attacked.     Calculate ${\phi }_i\left(t\right)={\displaystyle \frac{{\mathrm{\Lambda }}_1}{{\mathrm{\Lambda }}_1+D_{KL}\left({\zeta }_{vi}^{att}\parallel {\zeta }_{vi}\right)}}$.     Calculate the self-belief $B_i^{trust}\left(t\right)={\alpha }_1{\int }_0^t{e}^{{\alpha }_1(\theta -t)}{\phi }_i\left(\theta \right)d\theta$.     for each neighbor j do         Calculate ${\varphi }_{ij}\left(t\right)={\displaystyle \frac{{\mathrm{\Theta }}_2}{{\mathrm{\Theta }}_2+D_{KL}\left(v_i\parallel {\overline{v}}_i\right)}}\forall j\in {\mathcal{N}}_i$.         Calculate ${\mathrm{\Gamma }}_{ij}\left(t\right)={\beta }_2{\int }_0^t{e}^{{\beta }_2(\theta -t)}{\varphi }_{ij}\left(\theta \right)d\theta$.         Calculate the external-trust $E_{ij}^{Trust}\left(t\right)=min\left(B_i^{trust}\left(t\right),{\mathrm{\Gamma }}_{ij}\left(t\right)\right)$.     end for     Calculate ${\alpha }_{ij}\left(t\right)=a_{ij}{B}_i^{trust}\left(t\right)E_{ij}^{Trust}\left(t\right)$.     Update the distributed control protocol: $${\delta }_{vi}=\sum _{j\in N_i}{\alpha }_{ij}\left(v_{oi}-v_{oj}\right)+g_i\left(v_{oi}-v_{ref}\right)+\sum _{j\in N_i}{\alpha }_{ij}\left({\beta }_{Qi}{Q}_i-{\beta }_{Qj}{Q}_j\right)$$ else     ith DER is not attacked. Set its interior belief to 1. end if Choose the next neighbor. if external-belief is calculated for all neighbors then     Calculate ${\alpha }_{ij}\left(t\right)=a_{ij}{B}_i^{trust}\left(t\right)E_{ij}^{Trust}\left(t\right)$.     Update the distributed control protocol: $${\delta }_{vi}=\sum _{j\in N_i}{\alpha }_{ij}\left(v_{oi}-v_{oj}\right)+g_i\left(v_{oi}-v_{ref}\right)+\sum _{j\in N_i}{\alpha }_{ij}\left({\beta }_{Qi}{Q}_i-{\beta }_{Qj}{Q}_j\right)+{\eta }_{v_i}$$ end if

3. Results and Discussion

Case I: IEEE-34 bus Feeder System with 8 DERs

The microgrid test system, depicted in Figure 2a, is based on the IEEE 34-bus test feeder [38] and includes eight Distributed Energy Resources (DERs) placed at various locations. The microgrid’s communication network, consisting of 8 DERs, is constructed using graph theory [33], as illustrated in Figure 2b.

The system is simulated using MATLAB/Simulink, (MATLAB R2024a, MathWorks, Natick, MA, USA) with line specifications provided in

Table 1. Specifications of Loads in the microgrid system.

Load 1		Load 2		Load 3		Load 4
$\mathit{R}$	$\mathit{X}$	$\mathit{R}$	$\mathit{X}$	$\mathit{R}$	$\mathit{X}$	$\mathit{R}$	$\mathit{X}$
1.5$\mathrm{\Omega }$	$0.9\mathrm{\Omega }$	$1.0\mathrm{\Omega }$	$0.5\mathrm{\Omega }$	$1.8\mathrm{\Omega }$	$1.2\mathrm{\Omega }$	$0.7\mathrm{\Omega }$	$0.4\mathrm{\Omega }$

and

Table 2. Specifications of DERs in the microgrid system.

DER	$1,2,6,8$	$3,4,5,7$
${\mathit{k}}_{\mathit{P}}$	$4.6\times {10}^{-5}$	$6.9\times {10}^{-5}$
${\mathit{k}}_{\mathit{Q}}$	$4.7\times {10}^{-4}$	$5.6\times {10}^{-4}$
${\mathit{R}}_{\mathit{c}}$	0.036$\mathrm{\Omega }$	0.026$\mathrm{\Omega }$
${\mathit{L}}_{\mathit{c}}$	$0.33\mathrm{mH}$	$0.39\mathrm{mH}$
${\mathit{R}}_{\mathit{f}}$	0.13$\mathrm{\Omega }$	0.09$\mathrm{\Omega }$
${\mathit{L}}_f$	$1.26\mathrm{mH}$	$1.46\mathrm{mH}$
${\mathit{C}}_{\mathit{f}}$	$61\mathsf{\mu }\mathrm{F}$	$41\mathsf{\mu }\mathrm{F}$
${\mathit{K}}_{\mathit{P}V}$	0.13	0.07
${\mathit{K}}_{\mathit{I}}$	460	420
${\mathit{K}}_{\mathit{P}\mathit{C}}$	18	13
${\mathit{K}}_{\mathit{I}\mathit{C}}$	23,000	19,000

. A balanced feeder model is used, which averages the line parameters. The communication network is implemented by defining a Laplacian matrix that represents the node and edge connections. The model is then expanded to a larger microgrid with 22 DERs and created the corresponding communication graph to form the Laplacian matrix for simulation purposes.

Table 1 and Table 2 present the load and DER specifications, respectively. The system operates at a nominal frequency of 60 Hz and a line-to-line voltage of 25 kV. The DERs are connected to the feeder through eight Y-Y transformers, each rated at 480 V/25 kV and 450 kVA, with a series impedance of $0.035+j0.15$ pu. The communication graph for the distributed secondary control system is shown in Figure 1, where only DER 1 has knowledge of the frequency and voltage reference values, with a pinning gain $g_1=1$. The control gains $c_{\omega }$ and $c_v$ in Equations (6) and (7) are set to 40. Communication noise is modeled as zero-mean Gaussian with statistical properties $N(0,0.02)$.

To demonstrate the scalability of our proposed method, the entire simulation is divided into two sections: Case I, which involves 8 DERs, and Case II, which involves the implementation of 22 DERs.

Case I.1-No Attack Scenario:

Figure 3a illustrates the islanding of the microgrid at $t=0$ s, followed by the immediate activation of local droop control to stabilize the microgrid, which results in a deviation from the nominal voltage due to the droop coefficient. While the droop control stabilizes the microgrid, it causes the output voltage to deviate from the nominal value. At $t=4$ s, cooperative control is activated to restore the output voltage to its nominal value by synchronizing all distributed generation units according to their ratings. At $t=8$ s, a load change occurs, causing a brief dip in the nominal voltage, which is quickly restored due to the cooperative control strategy. Figure 3b shows the reactive power generation of eight DERs under different control strategies in a no-attack scenario, demonstrating that the conventional cooperative controller remains stable under both normal and load change conditions.

Figure 4a illustrates the KL divergence in a no-attack scenario, showing that there are no changes in statistical properties. The divergence is very close to zero, indicating that the system is functioning normally. Similarly, Figure 4b displays the trust value under normal conditions, which is nearly one, indicating the absence of any attack on the sensor measurements.

Case I.2-Attack Scenario with Conventional Cooperative Control:

Figure 5a presents various scenarios including islanding, local droop control, and conventional cooperative control, followed by a load change scenario. At $t=10$ s, a False Data Injection attack is introduced into the voltage measurements of four Distributed Generators (DGs: DG1, DG2, DG3, and DG4). The attack employs a randomly generated signal with an amplitude of 10, zero mean, and a standard deviation of 0.8. After $t=10$ s, the voltage outputs from the attacked DGs lead to instability, deviating from the nominal voltage and resulting in continued unstable conditions. The non-attacked DG units are also impacted due to the corrupted measurements from the attacked units, which causes them to make decisions based on compromised signals. Consequently, the traditional controller fails to maintain system stability under attack conditions. Figure 5b illustrates the instability in reactive power generation after the attack at $t=10$ s. The reactive power generation fails to align with its rating, potentially exceeding its capacity and risking a complete system outage.

Figure 6a presents the KL divergence for both normal and attack scenarios. At $t=10$ s, the attack occurs, causing the KL divergence to increase due to the changing statistical properties of the Gaussian random distribution signal under attack conditions. The continuous rise in KL divergence indicates the presence of an attack and helps identify the specific DG units that are targeted. This divergence value is subsequently used to generate the Trust Factor of measurements for resilient controller applications. Figure 6b illustrates the trust value in both normal and attack scenarios. At $t=10$ s, when an attack is initiated on four DG units, the trust value drops to zero. The trust value of the non-attacked DG units continues to degrade until the end of the simulation. This also demonstrates that the non-attacked DG units are affected by the attacked units due to their interconnection and information sharing for cooperative control. The detection accuracy of the attack is influenced by the threshold value of KL-divergence, as illustrated in Figure 6a. In our study, we set the threshold close to zero, which causes a reduction in the trust value, resulting in nearly 100% detection accuracy, even when accounting for environmental and system noise during the threshold adjustment.

Case I.3: Attack Mitigation by Trust based Resilient Controller

Figure 7a illustrates a new scenario with the proposed resilient controller employed as an attack mitigation strategy. The resilient controller is activated at $t=15$ s. The figure demonstrates that while the conventional controller fails to maintain system stability, the proposed resilient controller effectively handles cyber attacks, as shown after $t=15$ s. Following the activation of the resilient controller, the system quickly returns to normal conditions. Figure 7b depicts the instability in reactive power during the attack and its return to normal conditions after the activation of the resilient controller, further confirming the robustness of the proposed resilient controller.

Figure 8a indicates that the KL divergence for attacked DG units continues to rise even after the activation of resilient control. In contrast, the KL divergence for non-attacked DG units shows minimal increase and quickly returns to normal once resilient control is activated, as the corrupted measurements are excluded from control decisions through trust factor calculation. Figure 8b further validates this by displaying the trust factor during normal, attack, and resilient control scenarios for both attacked and non-attacked DG units. The resilient controller effectively restores normal service by assigning trust factors close to zero for attacked DG units and close to one for non-attacked DG units.

Case II: Microgrid Testbed System with 22 DERs

Case II validates the effectiveness of the proposed control strategies on a microgrid test system operating at 60 Hz and 480 V, which includes 22 DERs. The single-line diagram of this microgrid is depicted in Figure 9a, and simulations are conducted using MATLAB/Simulink.

Table 3. Specifications of 22 DERs in the microgrid system.

DER 1, 2, 3, 4, 5, 11, 12, 13, 14, 15, and 21		DER 6, 7, 8, 9, 10, 16, 17, 18, 19, 20 and 22
$k_P$	$7.5\times {10}^{-5}$	$k_P$	$10.5\times {10}^{-5}$
$k_Q$	$1.0\times {10}^{-3}$	$k_Q$	$1.4\times {10}^{-3}$
$R_c$	$33\mathrm{m}\mathrm{\Omega }$	$R_c$	$27\mathrm{m}\mathrm{\Omega }$
$L_c$	$310\mathsf{\mu }\mathrm{H}$	$L_c$	$370\mathsf{\mu }\mathrm{H}$
$R_f$	$115\mathrm{m}\mathrm{\Omega }$	$R_f$	$85\mathrm{m}\mathrm{\Omega }$
$L_f$	$1240\mathsf{\mu }\mathrm{H}$	$L_f$	$1440\mathsf{\mu }\mathrm{H}$
$C_f$	$65\mathsf{\mu }\mathrm{F}$	$\overline{C_f}$	$45\mathsf{\mu }\mathrm{F}$
$K_{PV}$	0.13	$K_{PV}$	0.07
$K_{IV}$	460	$K_{IV}$	420
$K_{PC}$	18	$K_{PC}$	13
$K_{IC}$	23,000	$K_{IC}$	19,000

details the DER specifications, while

Table 4. Specifications of loads in the 22 DER microgrid system.

Line $1,3,4,6,7,9,10,12$, $13,15,16,18,19$		Line $2,5,8,11,14,17,20,21,22$
R	0.27$\mathrm{\Omega }$	R	$0.30\mathrm{\Omega }$
X	$0.15\mathrm{\Omega }$	X	$0.52\mathrm{\Omega }$
Load $1,3,5,6,9$		Load $2,4,6,8,10$
R	$1.9\mathrm{\Omega }$	R	$2.1\mathrm{\Omega }$
X	$0.9\mathrm{\Omega }$	X	$0.7\mathrm{\Omega }$

outlines the specifications of the lines and loads. The communication network graph is shown in Figure 9b, where $DER1$ is responsible for receiving the voltage reference value with a pinning gain $g_1=1$. The reference voltage, $V_{\mathrm{ref}}$, is set to 480 V, and the control gain $c_v$ is set to 45. Communication noise is modeled as zero-mean Gaussian with a variance of $N(0,0.02)$. This system serves to validate the proposed attack detection and mitigation schemes.

Case II.1-Attack Scenario with Traditional Cooperative Controller:

Figure 10a illustrates the attack scenario for a 22 DER-based microgrid test system using a similar attack vector as in case I. An FDI attack is initiated at t = 10 s, which destabilizes the system and prevents it from maintaining a predefined reference value necessary for proper operation. Figure 10b shows the abnormal behavior of reactive power output under the attack scenario, where conventional cooperative control fails to withstand the attack.

Figure 11a,b display the KL divergence and corresponding trust factor for both attacked and non-attacked scenarios. An attack is initiated at t = 10 s, resulting in a sudden change in KL divergence and trust factor, which validates our proposed attack detection methodology in the large system.

Case II.2 Attack Resilient Trust Based Cooperative Controller

Figure 12a,b demonstrate the effectiveness of our proposed attack mitigation strategy in a large system. An attack is initiated at t = 10 s, and resilient control is activated at t = 15 s. The system promptly returns to normal at t = 15 s once resilient control is implemented.

The mitigation process in our approach is ensured to be highly efficient, with an average mitigation time ranging from 10 to 50 milliseconds, allowing for rapid system recovery. As depicted in Figure 7a,b for the case with 8 DERs, and Figure 12a,b for the case with 22 DERs, the impact of the attack is immediately mitigated once the trust-based resilient controller is activated, typically within 15 s.

Figure 13a,b illustrate the KL divergence and trust factor for a large system with resilient control activation. At t = 15 s, the KL divergence stops increasing for non-attacked DG units due to the filtering of corrupted measurements through trust factor implementation. This demonstrates the effectiveness of our proposed strategy for larger systems, with scalability provisions for the addition of renewable energy-based DERs in the microgrid system.

Table 5 compares our resilient control approach for cyberattack detection and mitigation with existing methods. The comparison covers aspects such as detection accuracy, detection and mitigation time, resilience, requirements, and key advantages. Our method shows around 100% detection accuracy with very fast response times, high resilience, minimal requirements, and is particularly effective against stealthy attacks, surpassing other methods in various metrics.

Based on the simulation results obtained in this study, decision-makers in microgrid operations should prioritize the integration of AI-driven cybersecurity measures, such as those used to detect and mitigate False Data Injection (FDI) attacks, as part of their standard control systems. Additionally, regular testing and updates to these AI models are essential to maintain their effectiveness in real-world conditions. Ensuring compliance with evolving regulatory standards and fostering collaboration between operators and cybersecurity experts will also help enhance the overall security and resilience of microgrids.

In future work, it could be beneficial to further investigate the risks associated with strategic virtual bidders in day-ahead electricity markets, as explored in [39], as well as the integrated risk measurement and control methods for renewable power producers engaged in stochastic energy trading, as outlined in [40].

Table 5. Comparison of Our Resilient Control Approach with Existing Cyberattack Detection and Mitigation Methods.

Approach	Detection Accuracy	Detection Time	Mitigation Time	Resilience	Requirements	Key Advantage	References
Resilient Control via Trust Calculation of Voltage Measurements	Around 100%	Very Fast	Very Fast	Very High	Minimal: No data dependency, no complex mathematical model needed	Effective against stealthy attacks, robust and adaptive to sophisticated attacks	This work
Data-Driven Machine Learning	90∼98%	Fast	Medium	Medium	Large dataset for training, complex model tuning	Good response to common attacks	[32,35]
Observer-based Anomaly Detection	85∼95%	Medium	Slow	Medium	Complex state estimation models	Suitable for large-scale systems	[14,15,18]
Distributed Consensus Algorithm with Redundancy	88∼90%	Medium	Medium	Medium	Redundant communication and computational resources	Provides redundancy for additional safety	[8,10,11,20]
Game-Theoretic Approach	87∼95%	Fast	Medium	High	Strategic model setup and complex algorithms	Effective against strategic attacks	[41]

Table 5. Comparison of Our Resilient Control Approach with Existing Cyberattack Detection and Mitigation Methods.

Approach	Detection Accuracy	Detection Time	Mitigation Time	Resilience	Requirements	Key Advantage	References
Resilient Control via Trust Calculation of Voltage Measurements	Around 100%	Very Fast	Very Fast	Very High	Minimal: No data dependency, no complex mathematical model needed	Effective against stealthy attacks, robust and adaptive to sophisticated attacks	This work
Data-Driven Machine Learning	90∼98%	Fast	Medium	Medium	Large dataset for training, complex model tuning	Good response to common attacks	[32,35]
Observer-based Anomaly Detection	85∼95%	Medium	Slow	Medium	Complex state estimation models	Suitable for large-scale systems	[14,15,18]
Distributed Consensus Algorithm with Redundancy	88∼90%	Medium	Medium	Medium	Redundant communication and computational resources	Provides redundancy for additional safety	[8,10,11,20]
Game-Theoretic Approach	87∼95%	Fast	Medium	High	Strategic model setup and complex algorithms	Effective against strategic attacks	[41]

4. Conclusions

In conclusion, this study presents a novel trust-based detection and mitigation strategy for enhancing the cybersecurity of islanded AC microgrids. By integrating trust values derived from the KL divergence between voltage measurements and their expected values, the proposed method effectively identifies and isolates compromised DERs. The results from extensive simulations in larger systems with 22 DERs validate the robustness and scalability of the approach, demonstrating a detection accuracy of around 100% and very fast mitigation time of millisecond range. These simulations also showed an improvement of almost 100% in system stability under attack scenarios, underscoring the method’s capability to maintain system stability even during cyber attacks. The implementation of this trust-based resilient control method offers a significant improvement in safeguarding microgrids, ensuring their reliable operation in the presence of evolving cyber threats.

Future work will focus on exploring the applicability of this approach to other types of cyber-threats and integrating machine learning observer-based resilient control methods to address different types of cyber threats and enhance cybersecurity in cyber-physical systems.