**2. Preliminaries**

#### **2.1 Weighted least squares state estimation**

In order for the Energy Management System (EMS) to operate properly, it is important for the SCADA to provide the latter with the required measurement data so that correct control decisions can be applied in real-time. However, as those signals are often contaminated with noise, filtering is carried out by both the state estimator and the bad data detector to obtain the most accurate states. However, since power systems comprise of an overdetermined system whereby redundant measurements are taken, the filtering process allows the discarding of those erroneous measurements that will be detrimental for state estimation.

#### **2.2 AC model**

The states of a power system refer to the bus voltages angle *θ* and bus voltage magnitudes *V*. In the case of the DC model, the states are restricted to the bus angles only and the measurements consist of the real power flows and injections. Additionally, it is assumed that prior knowledge relating to the bus magnitudes is available and those are taken to be close to unity. After choosing a reference bus and setting it to zero radians, state estimation in the linear system is simplified to only estimating the *<sup>n</sup>* bus voltage angles ½ � *<sup>θ</sup>*1, *<sup>θ</sup>*2, … , *<sup>θ</sup><sup>n</sup> <sup>T</sup>*. The DC power flow model has been a popular research tool for power engineers and smart grid cyber-security researchers as it serves as a linearization and approximation of the AC power flow model [14, 25–27]. In fact, this substitution to the AC model has been widely accepted for reasons such as guaranteed faster convergence and reduced algorithmic complexities [28].

In the AC model, the nonlinear power flow equations are fundamental for state estimation since they indicate the link between the measurements and the estimated states. In this model, the active and reactive power for the transmission line between busses *k* and *m* are given by

$$P\_{km} = V\_k^2 \mathbf{g}\_{km} - V\_k V\_m \mathbf{g}\_{km} \cos \left(\theta\_{km}\right) - V\_k V\_m b\_{km} \sin \left(\theta\_{km}\right) \tag{1}$$

$$Q\_{km} = -V\_k^2 b\_{km} + V\_k V\_m b\_{km} \cos\left(\theta\_{km}\right) - V\_k V\_m \mathbf{g}\_{km} \sin\left(\theta\_{km}\right) \tag{2}$$

Additionally, for each bus *k*, it is calculated using the following equations:

$$P\_k = V\_k \sum\_{m \in \mathcal{S}\_k} V\_m \left( -\mathcal{g}\_{km} \cos \left( \theta\_{km} \right) - b\_{km} \sin \left( \theta\_{km} \right) \right) + V\_k^2 \sum\_{m \in \mathcal{S}\_k} \mathcal{g}\_{km} \tag{3}$$

$$Q\_k = V\_k \sum\_{m \in \mathcal{S}\_k} V\_m \left( -\mathcal{g}\_{km} \sin \left( \theta\_{km} \right) - b\_{km} \cos \left( \theta\_{km} \right) \right) - V\_k^2 \sum\_{m \in \mathcal{S}\_k} b\_{km} \tag{4}$$

*Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid DOI: http://dx.doi.org/10.5772/intechopen.94093*

where *Sk* ⊂ *S* is the set of all busses that have lines connected to bus *k* and *gkm* and *bkm* are the conductance and susceptance of the line between busses *k* and *m* respectively. *θkm* denotes and the phase angle difference between bus *k* and bus *m*. In AC power flow estimation, the nonlinear relationship between the state variables and the measurements is described as follows:

$$\mathbf{z} = \mathbf{h}(\mathbf{x}) + \mathbf{e} \tag{5}$$

where


**H** in (5), also known as the Jacobian matrix, is a matrix that defines the theoretical calculations that relates the states to the measurement vector **z** and therefore serves as a mathematical description of the power system. These equations are also referred to as the power flow equations and are described as vectors inside **H**. While in the DC model, those entries consists of a set of linear functions of the state variables, those functions are nonlinear as far as the AC model is concerned. The determination of the state variables is done according to the following criteria:

$$\min J(\mathbf{x}) = \left(\mathbf{z} - \mathbf{h}(\mathbf{x})\right)' \mathbf{W} (\mathbf{z} - \mathbf{h}(\mathbf{x}))' \tag{6}$$

**W** in (6), is a diagonal matrix that contains the measurement weights. These are based on the reciprocals of the measurement error variance *σ*:

$$\mathbf{W} = \mathbf{R\_z^{-1}} = \begin{bmatrix} \sigma\_1^{-2} & \dots & \dots & \dots \\ \dots & \sigma\_2^{-2} & \dots & \dots \\ \vdots & \vdots & \ddots & \vdots \\ \dots & \dots & \dots & \sigma\_m^{-2} \end{bmatrix} \tag{7}$$

where **Rz** is the covariance matrix of the measurement. The performance index *J* (**X**) is then differentiated to obtain the first order optimal conditions which can be solved using iterative methods, such as Honest Gauss Newton method, Dishonest Gauss Newton method and Fast Decoupled State Estimator [23]. The first order optimality condition of (6) to be solved is then expressed as:

$$\frac{\partial \mathbf{J}(\mathbf{x})}{\partial \mathbf{x}}|\_{\mathbf{x}=\hat{\mathbf{x}}} = -2\mathbf{F}\_h^T(\hat{\mathbf{x}})\mathbf{W}(\mathbf{z}-\mathbf{h}(\hat{\mathbf{x}}))' = \mathbf{0} \tag{8}$$

where **F***<sup>h</sup>* is the Jacobian matrix derived from **h x**ð Þ and the **x**^ is the estimated state vector. In the case of the CDS, the state estimation process is modified slightly in order to remain compatible with the planning stages in the executive, which will be discussed later. Therefore, for the first *ts* cycles, state estimation proceeds similar to the iterative procedures mentioned previously. As from *ts*, the preceding calculated state of the AC state estimator, **x***<sup>k</sup>*�1, is used as the initial guess for the current cycle with any of those iterative techniques. Moreover, the number of iterations is also limited to *Ns* iterations to save on computational resources.

#### **2.3 Bad data detection**

During the state estimation process, faulty measurements have to be detected and identified to be removed as they lead to erroneous calculated states. However, the statistical properties of these errors simplify their detection and identification. In order to determine those errors, the estimated measurements, **z**^, are first calculated from (5) using the following equation for the AC case:

$$
\hat{\mathbf{z}} = \mathbf{h}(\hat{\mathbf{x}}) \tag{9}
$$

The individual estimated measurement error is then obtained using:

$$
\hat{\mathbf{e}}\_j = \left(\mathbf{z}\_j - \hat{\mathbf{z}}\_j\right) \tag{10}
$$

As these errors follow a zero mean Gaussian distribution [16], techniques such as the Chi-Squares test and normalized residual have been the most common ones applied for their detection [27]. When Chi-squares test is applied, it is assumed that the state variables are mutually independent from each other and the errors follow a normal distribution. The test involves a number of iterative steps that depend on the number of degrees of freedom of the system, sum of squares ^*f* and a critical value corresponding to *α* satisfying the inequality:

$$
\hat{f} \prec \chi^2\_{(k,a)} \tag{11}
$$

where *k* is the appropriate number of degrees of freedom and *α* is a specified probability. Thus, ^*f* will be large when a large number of bad measurements are present. However, since *k* is large in power systems, this method allows for the removal of those measurements that are responsible for the largest standardized residuals.

#### **2.4 False data injection attacks**

FDI attacks (also known as Bad Injection attacks) is a special category of attacks targeting the SG, whereby bad measurements are injected such that they are able to bypass the bad data detection methods discussed previously. While FDI attacks can also target other cyber-physical systems, various forms of these attacks and consequences have been investigated in [11, 12, 15, 16, 28–38]. In this paper, FDI attacks will be simulated using assumptions from [26], whereby it is assumed that the system parameters and topology (system Jacobian) is known to the attackers, and [18], where a mathematical formulation for simulating the FDI attack in the AC model is provided. Additionally, FDI attacks satisfying the first assumption regarding prior knowledge of the system have been proven to result in more disastrous consequences. Moreover, in [17], the authors demonstrate how an attacker, using

*Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid DOI: http://dx.doi.org/10.5772/intechopen.94093*

that knowledge of the system matrix **H***<sup>m</sup>*�*n*, can inject an attack vector **a***<sup>m</sup>*�<sup>1</sup> to the measurement vector **z***<sup>m</sup>*�<sup>1</sup> that remains undetected from the detection techniques mentioned previously. Consequently, with the insertion of **a***<sup>m</sup>*�1, the new corrupted measurement signals **z**<sup>0</sup> *<sup>m</sup>*�<sup>1</sup> takes the following form:

$$\mathbf{z}'\_{m \times 1} = \mathbf{z}\_{m \times 1} + \mathbf{a}\_{m \times 1} \tag{12}$$

Hence, this will result in the calculation of an incorrect system state vector **x**<sup>0</sup> *m*�1 instead of the original state **x***<sup>m</sup>*�1. The difference between those states is denoted as **c** and is calculated as follows:

$$\mathbf{x}' = \mathbf{x} + \mathbf{c} \tag{13}$$

For the AC model, it is shown in [18] that the attack vector will remain undetected when it satisfies the condition:

$$\mathbf{a} = \mathbf{h}(\mathbf{x}\_d) - \mathbf{h}(\mathbf{x}) \tag{14}$$

It is then proven as follows:

$$\begin{aligned} \mathbf{r}\_{\text{attack}} &= \mathbf{z'} - \mathbf{h}(\mathbf{x'}) \\ &= \mathbf{z} - \mathbf{h}(\mathbf{x'}) + \mathbf{h}(\mathbf{x}) - \mathbf{h}(\mathbf{x}) \\ &= \mathbf{z} + \mathbf{a} - \mathbf{h}(\mathbf{x'}) + \mathbf{h}(\mathbf{x}) - \mathbf{h}(\mathbf{x}) \\ &= \mathbf{r} + \mathbf{a} - \mathbf{h}(\mathbf{x'}) + \mathbf{h}(\mathbf{x}) \end{aligned} \tag{15}$$
 
$$\mathbf{r}\_{\text{attack}} = \mathbf{r}\_{normal} \ (\text{since, } \mathbf{a} = \mathbf{h}(\mathbf{x}\_{\text{i}}) - \mathbf{h}(\mathbf{x})) $$

Consequently, in the case of nonlinear state estimation, it is more complicated to implement the FDI attack. Compared to the attack in the DC case [17], where the attacker only required knowledge of the Jacobian matrix, in the AC model, the latter is now additionally required to have some prior knowledge of the current states of the system. While it is more complicated to meet those conditions, it is still shown in [18] that such an attack is possible and the consequences can be disastrous. In both the DC and AC model, the calculation of wrong state variables, caused by this attack, can start a domino effect of incorrect control decisions leading to dire consequences. As this type of attack targets state estimation in the SG predominantly, the vector **a** can be inserted physically by tampering with the meters or wirelessly by injecting the offsets when the readings are transmitted to the SCADA. Hence, the substation state estimator (SSE), which is also an important component of the SG, will also be the target of such attacks as it plays an essential role in state estimation at the substations.

### **3. Architectural structure of CDS for smart grid**

From a neuroscience perspective, the CDS is the entity that matches Fuster's paradigm [9] the closest as far as cognition is concerned. Basically, the CDS is made up of four components namely; environment, perceptor, executive and feedback channel. Moreover they are arranged in a very particular way. The feedback channel links the perceptor and executive, which are situated on two opposite sides. The environment finally closes the global feedback channel whereby the entire CDS is contained within it. Since the focus of this chapter is the nonlinear state estimation

and FDI attack in the SG, the AC state estimator will be considered as the environment with which the CDS interacts since it is the recipient of the measurements in the network. By acting as the supervisor of the network, the CDS empowers the state estimator, through CC, with the cognitive ability to learn during every PAC which measurements to prioritize for optimal state estimation and which to ones to discard. **Figure 1** shows the complex diagram whereby the CDS and AC state estimator are brought together for meeting the goals mentioned previously. In the next subsections, it will be elaborated how the arrangement and the role of each constituent plays a major role for goal-oriented action on the SG.
