**4.2 Cyber-attack detection**

In this section, the dual property of the entropic state for FDI cyber-attack detection will be demonstrated. Previously, it was shown how the latter is an objective function for the normal running of CC under the absence of uncertainty whereby it is always positive. However, when the presence of uncertainties are no longer probabilistic, such as when an attack takes place, the entropic state will also enable early detection of such attacks. In all the cases, it is assumed that the attacker has knowledge of current states of the system. Although many specialized attacks such as replay attack or Distributed Denial of Service (DDoS) attack exist, four broad categories of FDI attacks will be considered as follows:


*Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid DOI: http://dx.doi.org/10.5772/intechopen.94093*

The mentioned attacks in those different situations were simulated on the IEEE 14 bus network as shown in **Figures 3**–**6**. In all of the mentioned cases, the hacker's goal is to deflect the value of two of the voltage magnitudes by �0.3 and 0.4 units respectively and one voltage angle by 0.3 radians. Since attack data is not publicly available, the parameters in the *MATPOWER* package will be used to simulate the IEEE 14 bus network.

In all four attack cases, the attack is started at **t** ¼ **500s**. The same parameters were used as in the previous simulation. Additionally, the property of *hk* will be demonstrated as a stand-alone utility in the absence of CC. While CC is originally defined for tackling control when the uncertainties are probabilistic and *hk* is

**Figure 3.** *Case 1.*

**Figure 5.** *Case 3.*

**Figure 6.** *Case 4.*

positive, the CDS has to expand its structure its to include CRC to be able to bring risk under the control in the presence of the cyber-attacks. The implementation of CRC to this architecture can be found in chapter 4 of [51]. The results pertaining to the simulation of the attacks presented earlier are shown in **Figures 3**–**6**. In all four cases, by assigning a suitable *γ*, the attack was detected. Furthermore, it can also be seen that as the hacker has less and less information on the current grid, it becomes easier to detect the deflection as the entropic state becomes more negative. The results also displays the efficiency of the generative model, whereby the attack propagates throughout the cumulative sum up to a certain point before the Kalman filter gets back on the current track. This propagation causes *hk* to become increasingly negative which consequently lends the property of detection. All the computational experiments were carried out on a system running Windows 10 with an Intel i7-8750H processor. The computational running time of the first experiment was around **40s** and the second experiment took ranged from the shortest time of **3s** for case 1 up to the longest time of **17s** for case 3 and 4. This increase in time for these two specific cases has mostly to do with the increased number of iterations required from the AC state estimator when the sensor data has lost some coherence due to the random attack vector generated as a result of lack of information.

If the CDS architecture proposed in this paper is applied in a medium or largescale power system, the computational complexity will be lesser compared to the other current detection methods, such as the ones mentioned earlier. A greater elaboration of this technique compared to the other detection methods can be found in [7]. Moreover, the application of the CDS for an application such as the SG is revolutionary as it is a dual system catering to both the control and attack detection aspects of the SG. The main parameter of interest that needs to be scaled up for a more complex grid will be the number of shunt cycles since more meters will have to be evaluated. Nevertheless, it is recommended to keep the action space small so as to make planned rewards, during planning, distinguishable from each other. Another important hyper-parameter in the system, especially for FDI attack detection, are the values in the **Q** matrix. Unlike many tracking applications such as the simulation carried out in [5], which was supported by a mathematical formulation [53], this is not the case in our system. Thus, the contents of **Q** has be defined by the designer depending on the required sensitivity of the system towards disturbances. In order to find proper values for **Q**, prior simulations can be carried out using past historical data. Usually, it is recommended to start with very small values, like the ones used in the simulations carried out in this paper, and then tuning until the desired performance is obtained. Lastly, as the SG is scaled up, that hyperparameter will have to be increased to reflect the circumstances of a bigger power system.

*Cognitive Dynamic System for AC State Estimation and Cyber-Attack Detection in Smart Grid DOI: http://dx.doi.org/10.5772/intechopen.94093*

As voltage fluctuations are common occurrence disturbances in power systems, the second simulation was designed to provide the reader a greater intuition on how the algorithm is able to distinguish between what constitutes a perturbation and the normal condition. When the states of the AC state estimator is experiencing important fluctuations, this is propagated to the generative model and therefore affects the entropic state as a result. Since *hk*∣*<sup>k</sup>* serves as an embodiment of the grid's performance, it was illustrated in the earlier simulation how those perturbation would cause a decline in the entropic state. Since the objective function of CC is to always bring *hk*∣*<sup>k</sup>* as close as possible to 1, the optimization of *hk*∣*<sup>k</sup>* allows CC to reduce fluctuations in the system and keep state estimation under control. Additionally, it was shown in **Figure 2** that when the attack occurred, this caused the estimated states to experience greater deviation. This was then propagated to the generative model and the Kalman filter as result, thereby causing a large drop in *hk*∣*<sup>k</sup>* for a number of cycles. This was then successfully detected through the use of the threshold *γ*. Consequently, those experiments showcases the importance of each of the individual roles of the different components of the CDS and how they work together for goal oriented action on the SG.
