**1. Introduction**

With the growing penetration of line-commutated converter-based high-voltage direct-current (LCC-HVDC) lines, power systems with multi-infeed HVDCs, where several HVDC lines feed into nearby AC systems, are becoming more common [1,2]. Due to the complicated interactions among HVDCs and AC systems, such systems are facing challenges in secure and stable operation, especially when the short-circuit capacity of the receiving-end AC system is low relative to the rated power of the HVDCs [3–5]. An AC system fault that occurs at the receiving-end system can cause not only commutation failure of the directly-connected HVDC but also concurrent commutation failures or even blockings of adjacent HVDCs, giving rise to risks of instability and large-scale blackouts [6–8]. Therefore, it is critical to conduct on-line pre-decisions before such credible contingencies occur so that effective emergency controls can be implemented in time to prevent such cascading failures.

There are two steps involved in the on-line pre-decision-making [9–11]. One is the security assessment, which estimates the system security and stability under anticipated contingencies at the current operation point. The other is emergency control strategy decision-making, which generates emergency control strategies based on the security assessment result. Therefore, a control strategy table composed of emergency control strategies and corresponding contingencies will be generated in the pre-decision-making. Once a contingency occurs, emergency controls can be implemented in time by searching the control strategy table. In the on-line pre-decision-making, the control strategy table is updated within a fixed period to adapt to the changing operating conditions.

Up to now, many security assessment methods have been proposed for AC/DC systems. The time-domain simulation method is widely used for its good model extensibility and can be classified into two categories: One is based on mature transient stability (TS) simulators with the built-in models and solvers, like Power System Simulator/Engineering (PSS/E) [12], Bonneville Power Administration (BPA) [13], and Transient Security Assessment Tool (TSAT) [14], and the other is based on customized models and solving algorithms, like the voltage source equivalent-based method [15], multi-decomposition method [16], and optimal subinterval selection method [17]. However, in these methods, HVDC converters are expressed by steady-state models, and the fault propagation phenomena between AC and DC subsystems, such as commutation failures and blocking events caused by AC system faults, may not be reflected accurately. Similarly, in transient energy-based methods [18,19] and their derived methods, which combine them with time-domain simulation methods [20,21], the transient energy function cannot incorporate HVDC converter-involved dynamics, and there is a probability that the commutation failures or blocking event-related issues cannot be identified. However, considering the credible impact of interactions between AC and DC subsystems on the secure and stable operation, accurately detecting the fault propagation phenomena is crucial in the above methods [22,23]. Recently, data-driven artificial intelligence (AI) methods have been proposed as fast tools, e.g., the generative adversarial network (GAN) [24], convolutional neural network (CNN) [25], and deep belief network (DBN) [26]. Most of these methods are at their early stages and their practicality needs to be improved [26]. Therefore, improving the accuracy of the time-domain simulation method or transient energy-based methods is necessary. In fact, to describe the detailed dynamics of HVDCs accurately, electromagnetic transient (EMT) simulation is a suitable tool, but it cannot be used directly in the on-line security assessment due to its low computational e fficiency [27]. Therefore, a method that can take advantage of the modeling accuracy of EMT and the computational efficiency of existing security assessment methods should be explored. EMT-TS hybrid simulation, in which the HVDC-related subsystems are modeled in EMT and the rest in TS, provides an idea for solving the problem.

In emergency control, load shedding (LS) is a common measure and its optimization method is continuously improved to achieve cost-e ffective control for issues like frequency instability [28] and voltage collapse [29]. Subsequently, considering that large disturbances can a ffect the power angle, voltage, and frequency simultaneously, the authors of [30] constructed an LS optimization model considering multiple security constraints, including transient voltage deviation security, transient frequency deviation security, and transient angle stability, which can remedy the limitation of single security constraint-based methods. In addition to LS, other control resources, such as HVDCs [31,32] and pumped storages [33], can also be used for emergency control. However, their control amount is usually determined separately [31–33]. The authors of [34,35] comprehensively coordinate HVDCs, pumped storages, and interruptible loads in the emergency control strategy to handle frequency stability issues in the East China power grid. Nevertheless, similar to [28], only frequency instability is considered in the proposed scheme. The authors of [36] developed a multi-resource coordinated control strategy for an actual power grid to cope with the impact the DC blockings have on weak AC channels, but it was obtained based on the characteristics of the grid without mathematical analysis, which may be not suitable for other grids.

According to the above analysis, for power systems with multi-infeed HVDCs: (1) A security assessment method that can well reflect the fault propagation phenomena between AC and DC subsystems, and generate reliable results within an acceptable time should be studied; and (2) the emergency control strategy that can comprehensively coordinate multiple control resources while satisfying multiple critical security constraints is needed.

In this paper, an on-line pre-decision-making scheme, including security assessment and emergency control strategy decision-making, is proposed for power systems with multi-infeed HVDCs. The contributions are as follows:


This paper is structured as follows: Section 2 introduces the procedure of the on-line pre-decisionmaking scheme. Section 3 describes the implementation of the security assessment based on EMT-TS hybrid simulation. Section 4 presents the optimization model and solution method of the emergency control decision-making problem. Two actual provincial systems in China are used to verify the proposed method in Section 5. Section 6 concludes the paper.

#### **2. Procedure of the On-Line Pre-Decision-Making Scheme**

In the on-line decision-making scheme, the control strategy table is updated at fixed intervals. During each interval, the operating condition of the system is assumed as being unchanged [11], and the anticipated contingencies include merely the fault and protection action information. According to the severity and probability, the contingencies can be divided into three levels [37]: (1) Single component fault; (2) single severe fault; and (3) multiple severe faults. Especially, in the third level, operation failure of the protection and reclosing failure caused by a permanent fault may induce HVDC blocking events and result in instability of the receiving-end system [38], which should be paid more attention to.

When updating the control strategy table, security assessment is conducted for the anticipated contingency set based on the current operating condition, and the emergency control strategy will be developed if system security and stability issues arise. Therefore, the procedure can be divided into three stages, as shown in Figure 1.


**Figure 1.** Procedure of the on-line pre-decision-making scheme.

#### **3. Security Assessment Based on EMT-TS Hybrid Simulation**

Security assessment refers to the analysis required to determine whether a power system can meet specified security criteria in both transient and steady-state time frames under credible contingencies [41]. Therefore, assessment methods and security indices are two of the parts involved in the security assessment. Considering that commutation failures and blocking events caused by AC system faults are typical fault propagation phenomena between AC and DC subsystems, the analysis of commutation failures and blocking events simulation is firstly analyzed in the following subsections. Then, the principle of EMT-TS hybrid simulation modeling and the security assessment index system are introduced.

#### *3.1. Analysis of Commutation Failures and Blocking Events Simulation*

The essence of the commutation failure is that the thyristor cannot establish a forward voltage blocking capability due to the insufficient negative voltage time, which can be represented by the extinction angle [42]. Therefore, a commutation failure can be considered to occur when the extinction angle is less than the inherent limit of the thyristor. As stated in [38], a commutation failure, which occurs again after an interval of 200 ms, is called a continuous commutation failure in engineering and may cause an HVDC blocking event. Therefore, in the study, a continuous commutation failure with an interval of 200 ms is taken as the condition of HVDC blocking.

However, in the simulation analysis, different criteria are developed to determine the occurrence of commutation failures and blocking events due to different modeling methods of HVDC converters. Table 1 compares the typical criteria of commutation failures and blocking events in the pure TS simulation and EMT-TS hybrid simulation. In the pure TS simulation, the models of the HVDC converter, such as the CDC4 model in PSS/E, are represented by steady-state equations. That is, the HVDC converter is modeled without thyristor valves, so commutation failures and blocking events can only be identified according to the AC voltages at commutation buses [43]. The AC voltage criteria are usually obtained under the assumption of an infinite AC system and the effect of voltage waveform

distortion on commutation failures is ignored, so the accuracy is poor [42]. In the EMT-TS hybrid simulation, HVDC converters are modeled by thyristor valves, which are consistent with the actual condition, so commutation failures and blocking events can be identified accurately through detection of the extinction angle and the interval between two commutation failures.

**Table 1.** Typical criteria of commutation failures and blocking events in two simulation methods.


Therefore, the EMT-TS hybrid simulation can achieve more accurate results in the commutation failures and blocking events simulation. It is more suitable for the security assessment of receiving-end systems to identify HVDC-related security and stability issues, which is validated in Section 5.

#### *3.2. Principle of EMT-TS Hybrid Simulation Modeling*

To build the hybrid simulation platform, two mature business software, PSS/E [45] and EMTDC/ PSCAD [46], are integrated based on the interface software E-Tran Plus [47]. To construct the hybrid simulation model, several issues should be addressed:


**Figure 2.** Topology of the power system.

#### 3.2.1. Identify the Interface Location

When HVDC was first simulated in an EMT-TS hybrid simulation, the interface was located at the terminal buses of converters [48,49]. Subsequently, considering that TS simulation based on the

fundamental frequency positive-sequence phasor model cannot e ffectively represent the waveform distortion or phase imbalance at converter terminals, an extension of the internal network into the AC system was suggested [50]. However, the specific methods for identifying the interface location were not mentioned. In PSS/E, phase imbalance caused by asymmetrical faults can be described by appending negative-sequence and zero-sequence parameters to the positive-sequence system, so the interface location mainly depends on the description of harmonic distortion, which is related to the frequency [51].

Based on the above analysis, a frequency-domain characteristics analysis method is used here to identify the location of the interface. The range of the internal network is expanded continuously and the impedance-frequency characteristics at the buses of interest are analyzed in the hybrid simulation, until the di fferences among the impedance-frequency characteristics under di fferent locations reduce to a certain range. That is, expanding the scope of the internal network has almost no e ffect on the impedance-frequency characteristics anymore. Then, the interface location is finally identified based on the smaller internal network of the last two-scope internal networks.

In the security assessment of power systems with multi-infeed HVDCs, HVDC dynamics are essential and should be described accurately. Therefore, the commutation buses at the rectifier side and inverter side can be taken as the buses of interest.

#### 3.2.2. Equivalent Models of the External and Internal Networks

In the study, the construction of equivalent models is implemented in E-Tran Plus. In order to consider the asymmetrical faults, a multi-port three-phase equivalent circuit with voltage sources, PI sections and transformers, is constructed in EMTDC/PSCAD to represent the external network. PI sections represent the impedance between buses of the same voltage level, whereas transformers represent the impedance between buses of di fferent voltage levels. As for the equivalent model of the internal network, the generator model is used in PSS/E. When performing the power flow calculation to ge<sup>t</sup> the updated data, which will be transferred to EMTDC/PSCAD, the generator model will act as a current injection and a change in the system admittance matrix in PSS/E. The equivalent models of both networks can be found in the implementation of the hybrid simulation shown in Figure 3.

**Figure 3.** Implementation of the hybrid simulation.

#### 3.2.3. Interaction Protocol and Data

A parallel interaction protocol is adopted to exchange the updated data, indicating both simulators run simultaneously during the simulation process. Before the simulation, initialization will be executed, in which the equivalent voltage sources in EMTDC/PSCAD and the equivalent generators (or current sources and admittance matrix) in PSS/E are initialized based on the power flow results of the pure TS simulation in PSS/E. During the simulation, the voltage magnitude, phase angle, and frequency information from PSS/E will be sent to EMTDC/PSCAD to update the equivalent voltage sources. At the same time, a discrete Fourier transform (DFT) will be used to extract PQ values from EMTDC/PSCAD to update the equivalent generators. All the data are exchanged at the time step of the TS simulation.

#### *3.3. Security Assessment Index System*

During the security assessment, the EMT-TS hybrid simulation model is updated with the real-time operating data obtained by the intelligent measurement system and run under the pre-defined contingency. Then, the results are evaluated based on a security assessment index system to identify the security and stability issues. Once any security index in the simulation results exceeds the preset range, the current operating condition, contingency, and power shortage in the receiving-end system will be sent to the decision-making model to obtain the optimal emergency control strategies.

The security assessment index system is composed of static security indices and dynamic security indices. The steady-state frequency deviation, voltage deviation, and power flow of the lines belong to static indices while the maximum/minimum value of the transient voltage and frequency, as well as the maximum transient relative power angle, belong to dynamic indices. Referring to [52], the preset ranges of the security assessment index system are shown in Table 2. In static indices, the threshold values of the steady-state frequency deviation Δ*f* and steady-state voltage deviation Δ *V* are 0.05 Hz and 0.1 p.u., respectively; and the power flow of lines should be less than the transmission power limit *p*max, which is 1 p.u. in the study. As for dynamic indices, the security threshold of equipment, as well as coordination among di fferent controls, needs to be considered. To ensure the safety of power system equipment, the maximum value of the transient voltage should be less than 1.3 p.u.; to avoid triggering low-voltage LS, high-frequency generator tripping, and low-frequency LS, the minimum value of the transient voltage should be higher than 0.85 p.u. and the threshold values of the maximum/minimum transient frequency are 51.5 and 49.25 Hz, respectively. At the same time, the power angle di fference Δδ of any two units should be less than 360◦ to avoid the out-of-step of the first and second pendulums.


**Table 2.** Preset ranges of the security assessment index system.

#### **4. Emergency Control Strategy Decision-Making Based on BAS**

When a security or stability issue is identified by security assessment, the emergency control strategy will be generated by solving the decision-making model with BAS. In the following subsections, the mathematical decision-making model and the decision-making procedure of the emergency control strategy are described.

## *4.1. Mathematical Decision-Making Model*

The emergency control strategy decision-making problem can be formulated as a constrained optimization problem. The objective includes minimizing control costs and deviations of the frequency and voltage, and adjustment amount constraints, steady-state constraints, and transient-state constraints are considered.
