Distributed Resilient Voltage and Reactive Power Control for Islanded Microgrids under False Data Injection Attacks

: This paper addresses the problem of voltage and reactive power control of inverter-based distributed generations (DGs) in an islanded microgrid subject to False Data Injection (FDI) attacks. To implement average voltage restoration and reactive power sharing, a two-layer distributed secondary control framework employing a multiagent system (MAS)-based dynamic consensus protocol is proposed. While communication network facilitates distributed control scheme, it leads to vulnerability of microgrids to malicious cyber-attacks. The adverse e ﬀ ects of FDI attack on the secondary controller are analyzed, and the necessary and su ﬃ cient conditions to model stealthy attack and probing attack are discussed in detail. A trust-based resilient control strategy is developed to resist the impacts of FDI attack. Based on the forward-backward consistency criterion, the self-monitoring and neighbor-monitoring mechanisms are developed to detect the misbehaving DGs. A group decision-making mechanism is also introduced to settle conﬂicts arising from the dishonest trust index caused by colluding attacks. A novel mitigation countermeasure is designed to eliminate the adversarial e ﬀ ects of attack: the discarding information mechanism is used to prevent the propagation of false data in the cooperative network while the recovery actions are designed to correct the deviations of collective estimation error in both transient disturbance and continuous FDI attack scenarios. Through a theoretical analysis, it is proved that the proposed mitigation and recovery mechanism can maintain the correct average estimates of voltage and reactive power, which ensures the secondary control objectives of microgrids under FDI attack. Simulation results on an islanded microgrid show the e ﬀ ectiveness and resilience of the proposed control scheme.


Introduction
Due to the rapid advances and wide applications of measurements, communication and computation technology, the traditional power grid has been experiencing a revolution towards a smart grid, which can enhance reliability, safety and efficiency of power system [1]. In order to overcome the intermittent characteristics of distributed generations (DGs), as well as fully exploit the benefit of DGs, microgrids are gradually playing an important role in the smart grids [2]. A microgrid is able to operate in grid-connected or islanded mode, and transfer between these two modes seamlessly. In an islanded microgrid, the traditional droop-based primary control introduces voltage and frequency deviations from their nominal values. Due to the mismatch of line impedance, primary control is unable to achieve reactive power sharing among DGs, which impairs the dynamic performance and power supply quality of microgrids [3,4]. Figure 1 presents the cyber-physical model of an islanded AC microgrid containing several DGs. In the physical layer of the microgrid, three-phase inverter-based DG i (i = 1, . . . ,N) is connected to the microgrid through a DC/AC inverter, an LC filter and a output connector. L s i , R s i and C s i represent the inductance, resistance and capacitance of the LC filter, while L c i and R c i represent the inductance and resistance of the output connector.
Energies 2020, 13, x FOR PEER REVIEW 4 of 27 proposed distributed control scheme, and the conditions for attackers to conduct stealthy attack and probing attack are given in detail. Section 4 provides the trust-based resilient control framework to detect attack and eliminate the impacts of false data on the secondary control objectives. Simulation results and discussion are presented in Section 5. Finally, the conclusions are drawn in Section 6. Figure 1 presents the cyber-physical model of an islanded AC microgrid containing several DGs. In the physical layer of the microgrid, three-phase inverter-based (i = 1,…,N) is connected to the microgrid through a DC/AC inverter, an LC filter and a output connector. , and represent the inductance, resistance and capacitance of the LC filter, while and represent the inductance and resistance of the output connector.  As shown in Figure 1, the primary control of DG includes the droop-based power controller, PI voltage controller and PI current controller. For DG , the droop technique used in power controller mimics the droop mechanism of the traditional synchronous generator to regulate angular frequency and voltage according to active and reactive power respectively, and can be given by [8,10]:

Cyber-Physical Model of Islanded Microgrids
where and are the frequency and voltage droop coefficients. and are the fundamental components of active and reactive power, which can be obtained via two low-pass filters. * and * are the reference signals for primary control, and * is derived by the secondary control in this paper.
In the cyber layer, each DG is considered as an agent which shares information with its neighbors through a sparse communication network. The communication network is described as an undirected graph = ( , ), where = {1, … , } denotes the set of nodes corresponding to DGs, and   × is the set of edges corresponding to the communication links. Node j is a neighbor of node i if there exists an edge defined as ( , ) ∈ .
= [ ] ∈ × is defined as the adjacency matrix, where = 0 for all i, and = 1 if ( , ) ∈ , otherwise, = 0. = { |( , ) ∈ } represents the set of neighbors of node i, and the degree of node i is defined as = ∑ . The Laplacian matrix of the graph is expressed as = − , where = diag{ , , … , } is the degree matrix of the graph. A path is defined as a connected edge in a graph, and the graph is connected if there is a path between any two nodes.

Distributed Secondary Control Framework for Voltage and Reactive Power
The droop characteristic of primary control makes the voltages of DGs deviate from the rated value. Meanwhile, accurate reactive power sharing among DGs cannot be achieved due to the line impedance mismatch. The objective of the secondary control in this paper is to restore the average voltage to the rated value while maintaining reactive power sharing of among DGs. Figure 2 shows As shown in Figure 1, the primary control of DG i includes the droop-based power controller, PI voltage controller and PI current controller. For DG i , the droop technique used in power controller mimics the droop mechanism of the traditional synchronous generator to regulate angular frequency ω i and voltage V i according to active and reactive power respectively, and can be given by [8,10]: where m p i and n Q i are the frequency and voltage droop coefficients. P i and Q i are the fundamental components of active and reactive power, which can be obtained via two low-pass filters. ω * i and V * i are the reference signals for primary control, and V * i is derived by the secondary control in this paper. In the cyber layer, each DG is considered as an agent which shares information with its neighbors through a sparse communication network. The communication network is described as an undirected graph G = (V, Ξ), where V = {1, . . . , N} denotes the set of nodes corresponding to DGs, and Ξ ⊂ V × V is the set of edges corresponding to the communication links. Node j is a neighbor of node i if there exists an edge defined as (i, j) ∈ Ξ. W = w ij ∈ R N×N is defined as the adjacency matrix, where w ii = 0 for all i, and w ij = 1 if (i, j) ∈ Ξ, otherwise, w ij = 0. N i = j (i, j) ∈ Ξ represents the set of neighbors of node i, and the degree of node i is defined as d i = j N i w ij . The Laplacian matrix L of the graph G is expressed as L = D − W, where D = diag{d 1 , d 2 , . . . , d N } is the degree matrix of the graph. A path is defined as a connected edge in a graph, and the graph G is connected if there is a path between any two nodes.

Distributed Secondary Control Framework for Voltage and Reactive Power
The droop characteristic of primary control makes the voltages of DGs deviate from the rated value. Meanwhile, accurate reactive power sharing among DGs cannot be achieved due to the line Energies 2020, 13, 3828 5 of 28 impedance mismatch. The objective of the secondary control in this paper is to restore the average voltage to the rated value while maintaining reactive power sharing of among DGs. Figure 2 shows the proposed framework for voltage and reactive power control, which involves estimation sublayer and compensation sublayer. The estimation sublayer is responsible to obtain the average information of voltage and reactive power in a distributed manner, then sends it to the compensation sublayer. The compensation sublayer calculates the reference signal V * i and sends it to the primary control to regulate average voltage and achieve reactive power sharing among DGs.
Energies 2020, 13, x FOR PEER REVIEW 5 of 27 the proposed framework for voltage and reactive power control, which involves estimation sublayer and compensation sublayer. The estimation sublayer is responsible to obtain the average information of voltage and reactive power in a distributed manner, then sends it to the compensation sublayer. The compensation sublayer calculates the reference signal * and sends it to the primary control to regulate average voltage and achieve reactive power sharing among DGs.  (1) Estimation sublayer: For global average voltage restoration and reactive power sharing, a state observer based on discrete dynamic consensus algorithm [30] is proposed to acquire the average information of voltage and reactive power.
By referring to Theorem 3.1 in [30], summing ̅ ( ) in Equation (2) over all agents, then the following equation can be obtained: In Equation (3), the summation ∑ ∑ ( ̅ ( ) − ̅ ( )) ∈ ∈ always equals to zero, because the communication topology is an undirected graph and for all and we have = , every term in the summation has its opposite counterpart. The initialization condition of Equation (2) is set as always holds true during the iteration process. Under the effects of the cooperative control input, we have lim → ̅ ( ) = lim → ( ). Therefore, ̅ ( ) converges to the average value of voltage and reactive power, which can be expressed as: (1) Estimation sublayer: For global average voltage restoration and reactive power sharing, a state observer based on discrete dynamic consensus algorithm [30] is proposed to acquire the average information of voltage and reactive power. At each iteration k, denotes the average estimates of voltage and reactive power. DG i receives the neighboring estimates x j (k) = V j (k), Q j (k) ∀j ∈ N i via the communication network, and the state observer is updated as: where x i (k) = V i (k), Q i (k) denotes the measured voltage and reactive power of DG i . ε is the step-size which should satisfy 0 < ε < (1/max i=1,...,N d i ) to ensure the convergence of algorithm. u i (k) = u i,V (k), u i,Q (k) denotes the cooperative control input.
By referring to Theorem 3.1 in [30], summing x i (k) in Equation (2) over all agents, then the following equation can be obtained: Energies 2020, 13, 3828 6 of 28 In Equation (3), the summation i∈V j∈N i x j (k) − x i (k) always equals to zero, because the communication topology is an undirected graph and for all i and j we have w ij = w ji , every term in the summation has its opposite counterpart. The initialization condition of Equation (2) is set as x i (k) always holds true during the iteration process. Under the effects of the cooperative control input, we have lim the average value of voltage and reactive power, which can be expressed as: Remark 1. The traditional control for the voltage restoration and reactive power sharing of an islanded microgrid employs a centralized structure [31], in which the measurement information of overall DGs is required to calculate the average value. Different from the traditional centralized way, the state observer with dynamic consensus algorithm enables DGs to estimate the average voltage and reactive power in a fully distributed manner. Furthermore, considering the discrete nature of communication data transmission in the secondary control level of the microgrid, the discrete time-based method is more suitable for the engineering practice.
(2) Compensation sublayer: To achieve average voltage regulation, each DG requires to measure the voltage error and compensates for the deviation caused by the primary control. Meanwhile, the average reactive power estimate serves as the reference value for each DG to realize reactive power sharing. Two compensation terms for DG i are calculated using [31]: where K AVE PVi and K AVE IVi are the proportional and integral gains of PI controller for average voltage restoration, and K AVE PQi and K AVE IQi are the proportional and integral gains of PI controller for reactive power sharing. V re f denotes the global reference voltage for all DGs. The compensation terms obtained in (5) are finally added to V re f , and the reference signal V * i sent to the primary control of DG i can be calculated as: The secondary controller typically includes the voltage limiter (see Figure 2). This limiter is responsible to carry out two tasks: it limits the voltage variations at terminal of each DG and limits the transmission line loading. According to Figure 2, the output voltage of each DG is limited to i ≤ V re f + φ to prevent voltage from exceeding the boundary. With adoption of the cooperative dynamic consensus algorithm and the PI controllers for a connected communication topology for a microgrid, the solutions in Equation (2) shall converge to: The above equation indicates that the control objectives of average voltage restoration and reactive power sharing can be achieved by the proposed control framework. However, for injecting false data into a single or multiple agents, abnormal discontinuity will be introduced in updating Equation (2), which disrupts the consensus between agents and ultimately affects the final convergence results in Energies 2020, 13, 3828 7 of 28 Equation (7). The modeling of such attack and its impacts on the proposed secondary voltage and reactive power control scheme is discussed in the following section.

Vulnerability Analysis of the Distributed Control Scheme Subject to FDI Attack
Considering that the attackers penetrate into the control system of the microgrid and inject false data into the proposed distributed cooperative controller, the adverse effects of FDI attack on the convergence is discussed in detail in this section.
In the MAS-based cooperative control framework, each DG is considered as an agent. When the attacker conduct FDI attack to some agents, these agents will become misbehaving agents [15,25,27]. The misbehaving agents will be manipulated to inject false data into the state variables V i (k) and Q i (k) in Equation (2), where DG i is an misbehaving agent and k denotes the step of the iterative process. Thus, we propose a general form of the algorithm (2) under FDI attack which can be modeled as: where DG i is the misbehaving DG, f a i,V (k) and f a i,Q (k) represent the false data injected into V i (k) and Q i (k), respectively.
It can be observed from Equation (8) that the attacker can easily ruin the convergence of the proposed cooperative controller (2). However, if the attacker breaks the convergence, the system operator or the agents can easily know the presence of attack. From the attackers' perspective, the attack activities should keep stealthy to make them less detectable by the intrusion detection mechanism of the microgrid system. To design a resilient control scheme, it is crucial to understand the adverse effects of such undetectable attacks.
Define x(k) = [x 1 (k), x 2 (k), . . . , x N (k)] T as the vector of voltage and reactive power estimates, T represent the vectors of false data injected to the cooperative controllers. The solution of Equation (8) under the attack can be expressed as [32]: where A c = I − εL is the closed-loop matrix. f a (k) = f a V (k), f a Q (k) denotes the overall attack signals at k iteration. By referring to [30], the global dynamic of Equation (9) in steady state can be given by: where 1 N = [1, 1, . . . , 1] T . In Equation (10), the first term on the right-hide side represents the desired consensus value (i.e., the average value of voltage and reactive power), and the second term reflects the cumulative effect of the attack signals on the cooperative controller. It can be seen that the attacker can disrupt the convergence of the algorithm by injecting false data to the control system. However, in order to keep the attacks undetectable to the system operator or the intrusion detection mechanism, smart attackers can adjust the cumulative effect of attack signals to manipulate the final operating state of microgrids while maintaining the convergence of Equation (10). Definition 1. Stealthy attack. The cumulative effect of attack signals on cooperative control is limited for the iteration process. If there exists a constant H such that: Then, the attack makes Equation (10) converges to an incorrect stable point, that where V a re f V re f and Q a 1 N i∈V According to Equation ( and Q i (k) converge to a stable but incorrect final point, which will affect the control objectives of the proposed secondary control scheme.

Remark 2.
The condition Equation (11) shows that, the attacker without any prior knowledge of system can still manipulate the final operating state of microgrids while maintaining the convergence of the cooperative control. When the convergence is achieved, each agent will think that the average estimates of voltage and reactive power are acquired, thus such kind of attack is stealthy.

Definition 2.
Probing attack. The cumulative effect of attack signals on cooperative control is zero for the iteration process. If the attack signals satisfy condition Equation (11) and the following equation holds, the control objectives in Equation (7) can still be achieved in steady state even under probing attack.
By summing x(k + 1) in Equation (8) over all DGs, the following equation holds: Since the initialization condition is set as x i (k + 1) will hold. Thus, the correct average estimates of voltage and reactive power can still be acquired and the steady state of the microgrid will not be affected.

Remark 3.
The condition Equation (13) indicates that the attacker can intrude the control system of the microgrid without causing any adverse effects on the objectives of the secondary control. By injecting zero-sum attack signals into a single agent or symmetric attack signals into multiple agents, probing attack can help the attacker to confirm the success of intrusion and prepare for more serious attacks in the long run process.
Definition 3. Destabilization attack. If the attack signals cannot satisfy the conditions Equations (11) and (13), the final convergence of the agents will be ruined, leading to the failure of the cooperative control.

Remark 4.
According to Equation (10), l m ij = [I − εL] m ij with [ ] ij denotes the element (i, j) of a matrix, and m represents the length of the shortest path from agent j to agent i. It can be easily seen that an attack on a compromised agent can affect the intact agents that are reachable from it. That is, an attack on a single agent can propagate in the cooperative network, which even destabilizes the entire system. However, from the attackers' perspective, the duration of FDI attack should be as short as possible to make them less detectable. Thus, the FDI attack should not span the entire time to avoid the attacker exposed to the detection mechanism.
To show the adverse effects of the abovementioned attack strategies on the proposed cooperative controller (2), a case study is presented in Figure 3. The microgrid test system consists of five DGs and three loads. The detailed control parameters and communication topology are presented in Section 5. As illustrated in Figure 3, the microgrid works in islanded mode from t = 0 s, and the proposed secondary controller is applied at t = 0.5 s. Then the average voltage of DGs can gradually restore to the rated value 380 V while maintaining the accurate reactive power sharing. From 1.5 s to 2 s, the probing attack signals 0.3 V and −0.3 V are injected into DG 1 and DG 4 according to Equation (8), such that the cumulative effect of FDI attack meets the condition Equation (13). After the attack is removed at t = 2 s, it can be seen that V(k) and Q(k) gradually converge to their respective normal values as stated in Equation (7). The control objectives can still be achieved under such type of attack. From 3 s to 3.3 s, a stealthy attack signal f a 4,Q (k) = 300 − 10 × (k − 300) kVar is injected into the average reactive power controller of DG 2 . We observe that the convergence of the control scheme are not ruined, but the final stable points of V(k) and Q(k) are affected by the attack, which leads to abnormal increase of voltage and reactive power of each DG. At t = 4.5 s, the destabilization attack is initiated with a sinusoidal attack signal injected into the average reactive power controller of DG 5 . One can observe that the compromised DG 5 can affect the other intact DGs and the false data propagates in the cooperative network which causes instability of the entire system.

Trust-Based Resilient Control Framework for Microgrids against FDI Attack
To defend against FDI attack on the cooperative control for voltage and reactive power of microgrids, a resilient control framework is developed in this section. The trust-based resilient control strategy relies on the local information to detect the misbehaving DGs, determines the malicious DGs according to the common trust value obtained by the group decision-making mechanism, and eliminates the impacts of attack on the cooperative network through the recovery actions.

Trust-Based Resilient Control Framework for Microgrids against FDI Attack
To defend against FDI attack on the cooperative control for voltage and reactive power of microgrids, a resilient control framework is developed in this section. The trust-based resilient control strategy relies on the local information to detect the misbehaving DGs, determines the malicious DGs Energies 2020, 13, 3828 10 of 28 according to the common trust value obtained by the group decision-making mechanism, and eliminates the impacts of attack on the cooperative network through the recovery actions.

Misbehaving DG Detection Phase
(1) Detection criteria: The misbehavior of DG i is defined as the abnormal update in cooperative control law (2) in the presence of FDI attack. The proposed detection method is based on the forward-backward consistency in updating Equation (2). Specifically, at iteration k, DG i relies on its own information x i (k) and its neighbors' information x j (k) to obtain the forward update value x i (k + 1). Then, the following backward update rule is used to obtain the estimate of x i (k): The backward update rule is derived from (2), and if there is no attack on DG i , we should havex i (k) = x i (k). Let θ ij (k) denotes the detection result of DG j to DG i at iteration k, and can be expressed as: where j ∈ N + i , and N + i = {i ∪ N i } is the extended set of neighbors of DG i . (2) Detection process: According to Equation (16), the detection of attack on DG i can be divided into the self-monitoring mechanism implemented by DG i itself, and the neighbor-monitoring mechanism implemented by the neighbors of DG i .
Self-monitoring mechanism: At iteration k, DG i calculates x i (k + 1) according to the forward update rule (2). At iteration k+1, the estimated valuex i (k) is obtained by the backward update rule Equation (15). By comparing whetherx i (k) and x i (k) are equal, DG i is able to detect whether it is suffering from a FDI attack.
Neighbor-monitoring mechanism: Considering two neighboring DGs i and j, DG j is responsible to monitor the misbehavior of DG i . For DG j to perform the estimation in (15), two-hop information is required, including the 1st-hop information set {x i (k + 1), x i (k), x i (k + 1), x i (k)} from DG i and the 2nd-hop information set {x s (k), s ∈ N i } from DG i 's neighbors. Then, DG j compares the estimated valuex i (k) with the actual value x i (k) to determine whether DG i is experiencing an attack.

Remark 5.
In [33,34], only 1st-hop information is used to estimate the upper and lower bounds of state variables of DGs, and the state exceeding the bounds indicates the presence of attack. However, according to the analysis in Section 3, the false state even within the given bounds could affect the final operating point of microgrids. Although the additional 2nd-hop information increases a small amount of communication burden, it greatly improves the accuracy of intrusion detection. Moreover, by introducing the self-monitoring mechanism, the agent can realize self-diagnosis of its misbehavior, which also provides redundant information for the trust evaluation process.

Trust Evaluation Phase
In multiagent network, trust index is defined as a confidence value that one agent puts on another agent [35]. Each DG maintains a trust index about its neighbors. T ij (k) represents DG j 's attitude about DG i up to iteration k, where j ∈ N + i . In particular, T ii (k) denotes the trust level of DG i to itself.
T ij (k) ∈ [0, 1], 1 indicates the full trust level while 0 indicates the full distrust level. At each iteration, the trust index T ij (k) is updated as: where α > 0 is the sensitivity factor, which determines the change rate of T ij (k). It also guarantees that if the attack is not persistent after a while, the trust value will be recovered depending on the current observations. Initially, T ij (0) is set as 1 indicating that DG j has full trust in DG i . According to the detection result (16), if θ ij (k) = 1, then T ij (k + 1) = 1 indicates that DG i is in the absence of attack; if θ ij (k) = 0, then T ij (k + 1) starts to decrease which indicates that DG i is suffering from attack.
In the traditional trust-based resilient system, if T ij (k) falls below a certain threshold T L , then DG i will be identified as malicious by its neighbors. However, this strategy is vulnerable to the colluding attack. The trust index can be manipulated by a colluder to keep the malicious DGs stay in the network or isolate the normal DGs from the network, which could cause instability of the microgrid in unforeseeable ways.

Malicious DGs Indentification Phase
While the abovementioned detection and trust evaluation process is effective for identifying the malicious DG under non-colluding attacks, it fails to consider the impacts of colluding attacks on the trust model. In general, colluding attacks may occur when two or more neighboring DGs are compromised. Figure 4 shows the colluding attack on the trust evaluation process. As illustrated in Figure 4, DG j monitors DG i 's behavior and updates the trust index T ij according to the information from DG i . Considering that DG j suffers from colluding attack, the attacker could tamper the trust index and distort DG j 's attitude about DG i . The colluding DG j can deliberately raise the trust index when the malicious behavior of DG i has been detected. Thus, the false information will continue to propagate in the cooperative network. Another collusion is that DG j intentionally reduce the trust index of an intact neighbor DG i . Under such circumstances, the normal DG will be isolated from the network, which might result in overloads to cause disable or damage to other DGs.
Energies 2020, 13  To defend against a colluding attack, a group decision-making mechanism is introduced to settle conflicts arising from the dishonest trust index. The general idea is that for DG monitoring DG 's misbehavior, other than only relying on its own local trust index to identify the malicious attack, DG receives the trust values from other neighbors of DG and utilizes them to form a collaborative opinion. To determine whether the targeted DG is malicious or not, at least half of its neighbors should share the same trust index. The similar group decision-making process have been used in other distributed systems, such as vehicular ad hoc networks [36] and wireless sensor networks [37]. The group decision-making process to identify the targeted DG as malicious or normal is presented as follows: Step 1: At iteration k, DG sends its own trust index ( ) to the neighboring DGs, as well as relays all its neighbors' trust index ( ) ∈ to the other neighbors.
Step 2: DG will receive two-hop neighbors' trust values about DG to form a trust index set If at least half of the DGs in the trust index set share the common trust value ( ), DG is able to determine whether DG is normal or malicious according to ( ).
Step 3: If ( ) ≤ where is the isolation threshold, sets ( ) = 0, DG will be To defend against a colluding attack, a group decision-making mechanism is introduced to settle conflicts arising from the dishonest trust index. The general idea is that for DG j monitoring DG i 's misbehavior, other than only relying on its own local trust index to identify the malicious attack, DG j receives the trust values from other neighbors of DG i and utilizes them to form a collaborative opinion. To determine whether the targeted DG is malicious or not, at least half of its neighbors should share the same trust index. The similar group decision-making process have been used in other distributed systems, such as vehicular ad hoc networks [36] and wireless sensor networks [37]. The group decision-making process to identify the targeted DG as malicious or normal is presented as follows: Step 1: At iteration k, DG i sends its own trust index T ii (k) to the neighboring DGs, as well as relays all its neighbors' trust index T ij (k) j ∈ N i to the other neighbors.
Step 2: DG j will receive two-hop neighbors' trust values about DG i to form a trust index set If at least half of the DGs in the trust index set share the common trust value T com i (k), DG j is able to determine whether DG i is normal or malicious according to T com i (k).
Step 3: If T com i (k) ≤ T L where T L is the isolation threshold, sets T ij (k) = 0, DG i will be identified as malicious and isolated from the network by DG j .
Step 4: When the attacker terminates the attack and shifts to a sleep period, T ij (k) starts to increase. If T com i (k) ≥ T H where T H is the rejoining threshold, DG i will be identified as normal by DG j and rejoin the network.

Mitigation and Recovery Phase
To mitigate the adverse effects of FDI attack on the proposed cooperative control scheme of microgrid, it is necessary not only to isolate the malicious DGs from the network, but also add recovery information to eliminate the impacts of the injected false data. According to (3) and (14), the collective estimation error at iteration k can be expressed as: since the initialization condition is chosen as should always hold true in the iteration process. The collective estimation error Dev(k) should equal to zero in the absence of FDI attack. Therefore, to maintain the correct average estimates under attack, it is crucial to protect the collective estimation error from the injected false data.
To describe the mitigation and recovery process, the neighboring DG i and DG j are still used as the example and the general idea is explained as follows: (1) Discarding information mechanism. At k 0 iteration, DG j detects DG i 's misbehavior and the common trust value T com i (k) starts to decrease. The average estimates information sent from DG i will be discarded. Correspondingly, the updating rule (2) for DG j changes to: The above discarding information mechanism can prevent the propagation of false data in the cooperative network. From k 0 iteration, DG j will update according to (19) until the following recovery action is activated.
During the iteration process, the updating rule (2) may be affected by the transient faults or unmodeled dynamics. In this case, DG i only misbehaves for a limited number of iterations. Although the common trust value T com i (k) decreases, it is still above the isolation threshold T L . At a certain iteration k 1 , the common trust value increase above T H , DG i will be identified as a normal DG and welcomed to rejoin the calculation process. DG i resends the average estimate and measurement information about k 0 iteration to is neighbors, and the recovery action can be expressed as: where v j is the recovery information added to the neighbors of DG i . From iteration k 1 + 1, all DGs are considered as normal and update according to (2). Theorem 1. In the transient disturbance scenario, with the proposed recovery action Equation (20), the average estimates can be ensured to converge to the correct average value for all normal DGs, i.e., lim Proof. At iteration k 0 , DG i is affected by transient disturbance and its broadcast information is rejected by its neighbors according to the discarding mechanism Equation (19). Since the cooperative network is under no attack until iteration k = k 0 − 1, according to (2) we have: Rearranging Equation (21) and the following equation holds: From iteration k 0 to k 1 − 1, the normal neighbors of DG i update according to Equation (19), the other normal DGs in the cooperative network update according to (2). The set of normal DGs is V norm = {V\i}. By summing x s (k) over the normal DGs, we have: Combining Equations (22) and (23), the collective estimation error from k 0 to k 1 − 1 can be obtained: The above equation shows that the collective estimation error of normal DGs from iteration k 0 + 1 to k 1 is determined by the discarding information mechanism at k 0 iteration.
At iteration k = k 1 , DG i is re-identified as normal by its neighbors and resends the correct information which should be sent at iteration k 0 . Since the set of normal DGs become V norm = {V}, with the recovery action Equation (20) at iteration k 1 , the summation of average estimates over all DGs can be expressed as: Energies 2020, 13, 3828 14 of 28 Combining Equations (24) and (25), the following equation holds: The above equation shows that from iteration k 1 + 1, the collective estimation error becomes zero due to the proposed recovery action Equation (20). Thus, all normal DGs update according to the dynamic consensus Algorithm (2), and the correct average value of voltages and reactive power can be obtained, i.e., lim

Remark 6.
When DG i is re-identified as normal, it needs to resend the average estimate x i (k 0 ) and measurement information x i (k 0 )aboutk 0 iteration. The proposed recovery action Equation (20) requires that the control unit of DG i has certain storage capacity. Since x i (k 0 ) can be calculated by the information set (2), DG i only needs to store the average estimate, measurement and its neighbors' broadcast information in the last iteration process. Although it increases the storage burden of control unit, this mechanism considerably improves the security and robustness of the microgrid system.
(3) Recovery action for continuous FDI attack.
Considering that DG j detects DG i 's misbehavior from iteration k 0 , and the common trust value T com i (k) falls below the isolation threshold T L at a certain iteration k 2 . Since then, DG i is identified as malicious by its neighbors and isolated from the network. Thus, the set of normal DGs becomes V norm = {V\i}. To eliminate the adverse effects of FDI attack on the proposed secondary control scheme, the recovery action is taken by the neighbors of DG i at iteration k 2 , and is given by: where v j is the recovery information when DG i is isolated from the cooperative network. From iteration k 2 + 1, the remaining DGs in the microgrid are considered as normal and update according to (2). As stated in Section 3, the attacker will terminate the attack activity and shift to a sleep period to avoid being exposed to the intrusion detection system. When the attack is cleared, DG i can detect its update return to normal by the self-monitoring mechanism and the trust value starts to increase. At the same time, the neighbors of DG i will receive the average estimates and measurement information to perform neighbor-monitoring mechanism. When the common trust value increase above the rejoining threshold T H at a certain iteration k 3 , DG i will be re-identified as normal and rejoin the cooperative network. The recovery action for DG i rejoining the network is expressed as: where v j is the recovery information when DG i rejoins the cooperative network.

Theorem 2.
In the continuous FDI attack scenario, when the malicious DG i is isolated, the average estimates can be ensured to converge to the correct average value for the remaining normal DGs with the proposed recovery action Equation (27) DG i is re-identified as normal and rejoins the cooperative network, the proposed recovery action Equation (28) is able to ensure all normal DGs to converge to the correct average value, i.e., lim Proof. At iteration k 2 , the set of normal DGs is V norm = {V\i}. The neighbors of DG i update according to Equation (27), the other normal DGs update according to (2). With the recovery action Equation (27), the summation of x s (k) over the normal DGs at iteration k 2 is: Combining Equations (29) and (24), the collective estimation error of the remaining normal DGs is: From iteration k 2 + 1, all the remaining normal DGs update according to (2). It is easy to find that the collective estimation error of the remaining normal DG keeps zero from iteration k 2 . Thus, the correct average estimate of voltage and reactive power can be obtained by the remaining normal DGs, i.e., lim After the attacker terminates the attack activity, DG i will be re-identified as normal and rejoins the cooperative network at iteration k 3 . The set of normal DGs becomes V norm = V. Combing Equations (24) and (29) and the recovery action Equation (20), the collective estimation error of the normal DGs can be given as: The above equation shows that from iteration k 3 + 1, the collective estimation error becomes zero due to the proposed recovery action Equation (28). Therefore, when the attacker shifts to a sleep period, the correct average estimates can be obtained for all DGs with the recovery action Equation (28), i.e., lim k→∞ x s (k) = 1 N lim k→∞ s∈V norm x i (k), V norm = V.

Remark 7.
When DG i is identified as malicious DG, the outgoing communication links of G i will be deactivated. This isolation operation may lead to the disconnection of the communication topology, which makes the remaining normal DGs unable to reach consensus. To prevent this condition, adding redundant communication links or rely nodes can improve the connectivity of the communication network. When the attacker terminates the attack activity, the deactivated links will be restored back. The connectivity of the communication network can be restored, thus all DGs can update according to the dynamic consensus protocol (2).
For the sake of clarity, the trust-based resilient control framework for voltage and reactive power of an islanded microgrid is summarized as Algorithm 1.

Algorithm 1.
Trust-based resilient control framework for voltage and reactive power control.
At iteration k 1.

2.
Trust evaluation: DG j ( j ∈ N + i ) updates the trust index T i j (k) according to (17).

3.
Group decision-making: DG j relies on the trust indexes from the other neighbors of DG i to form a collaborative opinion T com i (k).

4.
Information discarding: At a certain iteration k 0 , if the common trust value T com i (k) starts to decrease, DG j discards the information from DG i and updates according to (19). 5.
DG j compares T com i (k) with the isolation threshold T L . If T com i (k) ≥ T L , go to step 6; otherwise, go to step 7. // Transient disturbance scenario // 6.
Recovery action for disturbance: If T com i (k) increase above T H ( i.e., T com i (k) ≥ T H ), DG j asks DG i to resend information about k 0 iteration and takes recovery action according to (20), go to step 10. // Continuous FDI attack scenario // 7.
Recovery action for isolation: DG j identifies DG i as a malicious DG and sets T i j (k) = 0. DG i is isolated from the cooperative network, the adverse effect of DG i is eliminated by recovery action (27). 8.
DG i performs self-monitoring to detect whether the attack is over. If T ii (k) starts to increase, the deactivated links from is restored back. DG j can receive information from DG i to perform neighbor-monitoring. 9.
Recovery action for rejoining: If T com i (k) increases above T H , DG j re-identifies DG i as a normal DG. DG i rejoins the cooperative network, both DG j and DG i take recovery action according to (28). 10.

Simulation Results and Discussion
In this section, the effectiveness of the proposed trust-based resilient control scheme for voltage restoration and reactive power sharing of an islanded microgrid is verified. Figure 5 shows the microgrid test system.  (2).
For the sake of clarity, the trust-based resilient control framework for voltage and reactive power of an islanded microgrid is summarized as Algorithm 1.

Algorithm 1.
Trust-based resilient control framework for voltage and reactive power control.
3. Group decision-making: DG relies on the trust indexes from the other neighbors of DG to form a collaborative opinion ( ).

Information discarding:
At a certain iteration , if the common trust value ( ) starts to decrease, DG discards the information from DG and updates according to (19

Simulation Results and Discussion
In this section, the effectiveness of the proposed trust-based resilient control scheme for voltage restoration and reactive power sharing of an islanded microgrid is verified. Figure 5 shows the microgrid test system. As illustrated in Figure 5a, a 380/50 Hz islanded microgrid consisting of five DGs and three loads is built using MATLAB/Simulink toolbox. The lines parameters, loads and related control parameters of the microgrid test system are given in Table 1, in which and are respectively the proportional and integral gains of the PI voltage control loop in the primary control, while As illustrated in Figure 5a, a 380/50 Hz islanded microgrid consisting of five DGs and three loads is built using MATLAB/Simulink toolbox. The lines parameters, loads and related control parameters of the microgrid test system are given in Table 1, in which K PV and K IV are respectively the proportional and integral gains of the PI voltage control loop in the primary control, while K PC and K IC are respectively the proportional and integral gains of the PI current control loop in the primary control. The communication network in secondary control level is shown in Figure 5b. As seen, the communication topology satisfies the condition that being connected. To satisfy the Energies 2020, 13, 3828 17 of 28 real-time information transmission requirement, the sampling period is set to 10 ms. In order to test the performance of the proposed resilient control scheme, different scenarios are tested, such as transient disturbance, continuous FDI attack and colluding attacks. It should be noted that each event in the abovementioned scenarios are separated to provide clear understanding.

Transient Disturbance Scenario
In order to verify the effectiveness of the proposed resilient secondary control scheme under transient disturbance, the simulation process is designed as follows: (1) From t = 0 s, the microgrid works in islanded mode and only the primary control is activated for all five DGs. (2) At t = 0.5 s, the proposed secondary control scheme is applied. (3) At t = 0.7 s, the transient disturbance signals f a 1,V (k) = rand (−0.5, 0.5) and f a 1,Q (k) = rand (−500, 500) are injected into DG1 according to Equation (8). Then, the disturbance is cleared at t = 0.8s. (4) At t = 2 s, Load1 is reduced by the amount of 4kVar. The simulation results are shown in Figure 6. and are respectively the proportional and integral gains of the PI current control loop in the primary control. The communication network in secondary control level is shown in Figure 5b. As seen, the communication topology satisfies the condition that being connected. To satisfy the realtime information transmission requirement, the sampling period is set to 10 ms. In order to test the performance of the proposed resilient control scheme, different scenarios are tested, such as transient disturbance, continuous FDI attack and colluding attacks. It should be noted that each event in the abovementioned scenarios are separated to provide clear understanding.

Transient Disturbance Scenario
In order to verify the effectiveness of the proposed resilient secondary control scheme under transient disturbance, the simulation process is designed as follows: (1) Figure 6e shows the common trust value of DG1 which obtained by the proposed group decision-making process. Figure 6f shows the deviations of the collective estimation error which is calculated according to Equation (18). As can be seen that when the broadcast information ( ) and ( ) of DG1 are affected by the transient disturbance, the common trust value of DG1 starts to decrease from t =0.7 s. Meanwhile, the neighbors of DG1 activate the discarding information mechanism, which prevents the propagation of the false data in the secondary control level. The collective estimation error of overall DGs is not equal to zero due to the presence of disturbance. When the disturbance is removed at t = 0.8 s, the common trust value of DG1 starts to increase. At t = 1.02 s the common trust value increases above the rejoining threshold = 0.9, DG1 is re-identified as the normal DG by its neighbors. The recovery action according to Equation (20) is taken by DG1 and its neighbors. Consequently, the collective estimation error becomes zero due to the recovery action, which ensures the correct estimation of average voltage and reactive power. As seen in Figure  6c,d, the proposed resilient control scheme is able to restore the average voltages to the rated value 380V while maintaining the accurately reactive power sharing under transient disturbance. Furthermore, when the load changes at t = 2 s, the common trust value of DG1 is not affected by such change. It can be concluded that our approach can successfully differentiate between the false data injection and the normal load change.
To further explain the necessity of the proposed recovery action Equation (20), a case study is also done only with the discarding information mechanism. As can be seen in Figure 7a,b, although the discarding information mechanism prevents the propagation of false data, the average estimates ( ) and ( ) cannot converge to the correct values without the recovery action Equation (20). Due to the adverse effects of false data, ( ) converges to the incorrect stable point 380.55 V while ( ) abnormally increases from 4.2 kVar to 4.39 kVar. From Figure 7f, it can be easily seen that the collective estimation error is still not equal to zero even when the disturbance is cleared and DG1 rejoins the cooperative network at t = 1.02 s. It is concluded that the control objectives of average voltage restoration and reactive power sharing cannot be achieved without the recovery action Equation (20). Under such circumstance, the false data may lead to the abnormal changes of DGs' output voltages and the circulating currents between different DGs which disrupts the stability and performance of the islanded microgrid.   Figure 6e shows the common trust value of DG1 which obtained by the proposed group decision-making process. Figure 6f shows the deviations of the collective estimation error which is calculated according to Equation (18). As can be seen that when the broadcast information V 1 (k) and Q 1 (k) of DG1 are affected by the transient disturbance, the common trust value of DG1 starts to decrease from t =0.7 s. Meanwhile, the neighbors of DG1 activate the discarding information mechanism, which prevents the propagation of the false data in the secondary control level. The collective estimation error of overall DGs is not equal to zero due to the presence of disturbance. When the disturbance is removed at t = 0.8 s, the common trust value of DG1 starts to increase. At t = 1.02 s the common trust value increases above the rejoining threshold T H = 0.9, DG1 is re-identified as the normal DG by its neighbors. The recovery action according to Equation (20) is taken by DG1 and its neighbors. Consequently, the collective estimation error becomes zero due to the recovery action, which ensures the correct estimation of average voltage and reactive power. As seen in Figure 6c,d, the proposed resilient control scheme is able to restore the average voltages to the rated value 380V while maintaining the accurately reactive power sharing under transient disturbance. Furthermore, when the load changes at t = 2 s, the common trust value of DG1 is not affected by such change. It can be concluded that our approach can successfully differentiate between the false data injection and the normal load change.
To further explain the necessity of the proposed recovery action Equation (20), a case study is also done only with the discarding information mechanism. As can be seen in Figure 7a,b, although the discarding information mechanism prevents the propagation of false data, the average estimates V(k) and Q(k) cannot converge to the correct values without the recovery action Equation (20). Due to the adverse effects of false data, V(k) converges to the incorrect stable point 380.55 V while Q(k) abnormally increases from 4.2 kVar to 4.39 kVar. From Figure 7f, it can be easily seen that the collective estimation error is still not equal to zero even when the disturbance is cleared and DG1 rejoins the cooperative network at t = 1.02 s. It is concluded that the control objectives of average voltage restoration and reactive power sharing cannot be achieved without the recovery action Equation (20). Under such circumstance, the false data may lead to the abnormal changes of DGs' output voltages and the circulating currents between different DGs which disrupts the stability and performance of the islanded microgrid.

Continuous FDI Attack Scenario
In this case study, the effectiveness of the proposed resilient control scheme under continuous FDI attack is verified. At t = 0.7 s, the attack signals f a 1,V (k) = 0.5 and f a 1,Q (k) = −200 are injected into DG1 according to Equation (8). Then, the injected false data is removed by the attacker at t = 2 s and the system returns to secure. Other simulation process is similar with the case study under transient disturbance. The simulation results are demonstrated in Figure 8.  Figure 8 shows the resilience of the proposed control scheme in the continuous FDI attack scenario. As illustrated in Figure 8e, when the attacker starts to inject false data in DG1, the common trust value of DG1 keeps decreasing. When the common trust value reaches the isolation threshold = 0.2 at t = 0.9 s, the outgoing communication links of DG1 are deactivated and the recovery action is taken by the neighbors of DG1 according to Equation (27). It can be seen from Figure 8f that, the collective estimation error of the remaining normal DGs (DG2 to DG5) becomes zero after the recovery action Equation (27). Consequently, the remaining normal DGs can still converge to the desired stable point, without considering the attacked DG1 in the operation, which is illustrated in Figure 8a,b. After the attacker terminates the attack activity at t = 2 s, the common trust value of DG1 starts to increase. When the common trust value increases above the rejoining threshold = 0.9 at t = 2.31 s, DG1 is re-identified as the normal DG and the recovery action is taken by DG1 and its neighbors according to Equation (28). At that moment, we can see from Figure 8f that the collective estimation error of all normal DGs (DG1 to DG5) becomes zero due to the effects of the recovery action Equation (28). Since all DGs are considered as normal, the correct average estimates of voltages and reactive power can be gradually obtained in a distributed manner, as shown in Figure 8a,b. Thus, the control objectives of average voltage restoration and reactive power sharing are not affected by the continuous FDI attack with our control scheme, which can be seen from Figure 8c,d.
A case study is also conducted to show the effectiveness and necessity of the proposed recovery actions Equations (27) and (28). Figure 9 shows the evolution of the variables under continuous FDI attack only with the discarding information mechanism. As shown in Figure 9a, without the recovery action Equation (27), the average estimate ( ) obtained by the remaining normal DGs converges to the incorrect stable point 380.45 V even after the compromised DG1 is isolated from t = 0.9 s. And after the false data is removed from t =2 s, the average estimate ( ) converges to 380.50 V which causes the abnormal voltages rise of all DGs, as shown in Figure 9c. The similar abnormal changes in the average estimate ( ) and DGs output reactive power also can be seen from Figure 9b,d. It can be easily seen from Figure 9f that, without the recovery action Equation (27), the collective estimation error of the remaining normal DGs is not equal to zero although DG1 is isolated from the network. When DG1 rejoins the network at t = 2.31 s, the collective estimation error is still not equal to zero without the recovery action Equation (28). It can be concluded that the correct average estimates cannot be obtained without the recovery actions Equations (27) and (28), which adversely affects the performance of the microgrid system in the continuous FDI attack scenario.  Figure 8 shows the resilience of the proposed control scheme in the continuous FDI attack scenario. As illustrated in Figure 8e, when the attacker starts to inject false data in DG1, the common trust value of DG1 keeps decreasing. When the common trust value reaches the isolation threshold T L = 0.2 at t = 0.9 s, the outgoing communication links of DG1 are deactivated and the recovery action is taken by the neighbors of DG1 according to Equation (27). It can be seen from Figure 8f that, the collective estimation error of the remaining normal DGs (DG2 to DG5) becomes zero after the recovery action Equation (27). Consequently, the remaining normal DGs can still converge to the desired stable point, without considering the attacked DG1 in the operation, which is illustrated in Figure 8a,b. After the attacker terminates the attack activity at t = 2 s, the common trust value of DG1 starts to increase. When the common trust value increases above the rejoining threshold T H = 0.9 at t = 2.31 s, DG1 is re-identified as the normal DG and the recovery action is taken by DG1 and its neighbors according to Equation (28). At that moment, we can see from Figure 8f that the collective estimation error of all normal DGs (DG1 to DG5) becomes zero due to the effects of the recovery action Equation (28). Since all DGs are considered as normal, the correct average estimates of voltages and reactive power can be gradually obtained in a distributed manner, as shown in Figure 8a,b. Thus, the control objectives of average voltage restoration and reactive power sharing are not affected by the continuous FDI attack with our control scheme, which can be seen from Figure 8c,d.
A case study is also conducted to show the effectiveness and necessity of the proposed recovery actions Equations (27) and (28). Figure 9 shows the evolution of the variables under continuous FDI attack only with the discarding information mechanism. As shown in Figure 9a, without the recovery action Equation (27), the average estimate V(k) obtained by the remaining normal DGs converges to the incorrect stable point 380.45 V even after the compromised DG1 is isolated from t = 0.9 s. And after the false data is removed from t =2 s, the average estimate V(k) converges to 380.50 V which causes the abnormal voltages rise of all DGs, as shown in Figure 9c. The similar abnormal changes in the average estimate Q(k) and DGs output reactive power also can be seen from Figure 9b,d. It can be easily seen from Figure 9f that, without the recovery action Equation (27), the collective estimation error of the remaining normal DGs is not equal to zero although DG1 is isolated from the network. When DG1 rejoins the network at t = 2.31 s, the collective estimation error is still not equal to zero without the recovery action Equation (28). It can be concluded that the correct average estimates cannot be obtained without the recovery actions Equations (27) and (28), which adversely affects the performance of the microgrid system in the continuous FDI attack scenario.

Multiple Attakers and Colluding Attack Scenario
In this case study, DG1 and DG4 are assumed to be attacked to test the robustness of the proposed control scheme in the multiple attackers scenario. At t = 0.7 s, the attack signals , ( ) = −0.3 and , ( ) = 100 are injected into DG1, while the attack signals , ( ) = 0.3 and , ( ) = −100 are injected into DG4, respectively. At t = 2.5 s, all the attack signals are cleared. It can be seen that the cumulative effect of the attack signals is zero, which satisfies the condition given by Equation (13). Thus, this case study also can verify the effectiveness of the proposed control scheme under probing attack. Furthermore, to valid the resistance of the proposed approach to colluding attack, the trust index ( ) which represents DG3's attitude about DG4 is manipulated by the colluding attacker from t = 0.8 s. The simulation results are illustrated in Figure 10.

Multiple Attakers and Colluding Attack Scenario
In this case study, DG1 and DG4 are assumed to be attacked to test the robustness of the proposed control scheme in the multiple attackers scenario. At t = 0.7 s, the attack signals f a 1,V (k) = −0.3 and f a 1,Q (k) = 100 are injected into DG1, while the attack signals f a 4,V (k) = 0.3 and f a 4,Q (k) = −100 are injected into DG4, respectively. At t = 2.5 s, all the attack signals are cleared. It can be seen that the cumulative effect of the attack signals is zero, which satisfies the condition given by Equation (13). Thus, this case study also can verify the effectiveness of the proposed control scheme under probing attack. Furthermore, to valid the resistance of the proposed approach to colluding attack, the trust index T 43 (k) which represents DG3's attitude about DG4 is manipulated by the colluding attacker from t = 0.8 s. The simulation results are illustrated in Figure 10.

Multiple Attakers and Colluding Attack Scenario
In this case study, DG1 and DG4 are assumed to be attacked to test the robustness of the proposed control scheme in the multiple attackers scenario. At t = 0.7 s, the attack signals , ( ) = −0.3 and , ( ) = 100 are injected into DG1, while the attack signals , ( ) = 0.3 and , ( ) = −100 are injected into DG4, respectively. At t = 2.5 s, all the attack signals are cleared. It can be seen that the cumulative effect of the attack signals is zero, which satisfies the condition given by Equation (13). Thus, this case study also can verify the effectiveness of the proposed control scheme under probing attack. Furthermore, to valid the resistance of the proposed approach to colluding attack, the trust index ( ) which represents DG3's attitude about DG4 is manipulated by the colluding attacker from t = 0.8 s. The simulation results are illustrated in Figure 10. As shown in Figure 10a,b, the average voltage and reactive power estimates of the remaining normal DGs (DG2, DG3 and DG5) can still converge to the desired consensus values under the effect of the recovery action Equation (27), when DG1 and DG4 are attacked from t = 0.7 s. After the attackers terminate the attack activity at t = 2 s, all DGs are considered as normal, and the recovery action Equation (28) makes the average estimates of all normal DGs converge to the correct values. Consequently, from Figure 10c,b we can see that the control objectives of average voltage restoration and reactive power sharing can be achieved with the proposed control scheme. From Figure 10e, it can be seen that both malicious DGs are detected by the trust-based detection mechanism, as the common trust values of DG1 and DG4 continue to drop from t = 0.7 s. It should be noted that although DG3's attitude toward DG4 are manipulated by the colluding attacker from t = 0.8 s, the group decision-making mechanism is able to ensure the correct common trust value of DG4. According to the common trust value, DG4 is identified as the malicious DG by its neighbor at t = 0.9 s, and the adverse impact of false data can be eliminated by the recovery action Equation (27) when DG4 is isolated from the cooperative network. After the attack is cleared at t = 2.5 s, the common trust values of DG1 and DG4 keep increasing. Then, DG1 and DG4 are identified as normal DGs when the common trust values increase above the rejoining threshold. As shown in Figure 10f, the deviation of the collective estimation error of DG2, DG3 and DG5 starts from t = 0.7 s, because the broadcast information of DG1 and DG4 is discarded by their neighbors. Later, when DG1 and DG4 are isolated from the network, the collective estimation error of DG2, DG3 and DG5 becomes zero due to the recovery action Equation (27). It also can be seen from Figure 10f that, when the attack is removed and all DGs are considered as normal, the recovery action Equation (28) can successfully correct the collective estimation error of all DGs.

Impacts of Parameter Selection on the Performance of Resilient Control Scheme
In this subsection, the impacts of the parameter selection on the performance of the proposed control scheme are investigated. It is assumed that the attack signals , ( ) = 0.5 and , ( ) = −200 are injected into DG1 according to Equation (8) from t = 0.7 s. Then, the attack is removed at t As shown in Figure 10a Figure 10e, it can be seen that both malicious DGs are detected by the trust-based detection mechanism, as the common trust values of DG1 and DG4 continue to drop from t = 0.7 s. It should be noted that although DG3's attitude toward DG4 are manipulated by the colluding attacker from t = 0.8 s, the group decision-making mechanism is able to ensure the correct common trust value of DG4. According to the common trust value, DG4 is identified as the malicious DG by its neighbor at t = 0.9 s, and the adverse impact of false data can be eliminated by the recovery action Equation (27) when DG4 is isolated from the cooperative network. After the attack is cleared at t = 2.5 s, the common trust values of DG1 and DG4 keep increasing. Then, DG1 and DG4 are identified as normal DGs when the common trust values increase above the rejoining threshold. As shown in Figure 10f, the deviation of the collective estimation error of DG2, DG3 and DG5 starts from t = 0.7 s, because the broadcast information of DG1 and DG4 is discarded by their neighbors. Later, when DG1 and DG4 are isolated from the network, the collective estimation error of DG2, DG3 and DG5 becomes zero due to the recovery action Equation (27). It also can be seen from Figure 10f that, when the attack is removed and all DGs are considered as normal, the recovery action Equation (28) can successfully correct the collective estimation error of all DGs.

Impacts of Parameter Selection on the Performance of Resilient Control Scheme
In this subsection, the impacts of the parameter selection on the performance of the proposed control scheme are investigated. It is assumed that the attack signals f a 1,V (k) = 0.5 and f a 1,Q (k) = −200 are injected into DG1 according to Equation (8) from t = 0.7 s. Then, the attack is removed at t = 2.5 s.  Figure 11 shows the impacts of sensitivity factor on the common trust value of DG1. Figures  12 and 13 show the evolutions of DG1's common trust value and the collective estimation error under different isolation threshold and rejoining threshold .   Figure 11 shows the impacts of sensitivity factor on the common trust value of DG1. Figures  12 and 13 show the evolutions of DG1's common trust value and the collective estimation error under different isolation threshold and rejoining threshold .    Figure 11 shows the impacts of sensitivity factor on the common trust value of DG1. Figures  12 and 13 show the evolutions of DG1's common trust value and the collective estimation error under different isolation threshold and rejoining threshold .   As can be seen from Figure 11, with the increase of sensitivity factor α, the decline rate of common trust value will increase. Since the attacked DG will be isolated from the network when the common trust value drops below the isolation threshold, a smaller sensitivity factor can improve the tolerance of the proposed control scheme to the transient disturbance before a DG is identified as malicious. However, if the sensitivity factor is too small, the neighbors will spend more time to determine the malicious DG, which reduces the quickness of the detection process. Figures 12 and 13 show the evolutions of the collective estimation error under different isolation threshold T L and rejoining threshold T H where the sensitivity factor α is chosen as 0.08. From Figure 12, we can see that the deviation of the collective estimation error of DG2 to DG5 starts from t = 0.7 s due to the discarding information mechanism. When the common trust value drops below the isolation threshold T L , the collective estimation error will be corrected by the recovery action Equation (27). It can be seen that the isolation threshold only affects the duration of the deviation, while the magnitudes of deviation are the same. From Figure 13, we can see that after the attack is cleared at t = 2.5 s, the deviation of the collective estimation error of all normal DGs will be corrected by the recovery action Equation (28) when the common trust value increases above the rejoining threshold T H . Although a smaller T H can reduce the duration of deviation of collective estimation error, it also increases the risk that an attacked DG will be misidentified as a normal one. It can be concluded that the smaller isolation threshold T L and rejoining threshold T H represent a more tolerant attitude to FDI attack, but it also increase the duration of the collective estimation error and the missed detection rate of the proposed control scheme.

Scalability Test of the Resilient Control Scheme
This study case investigates the scalability of the proposed resilient control scheme with a modified test microgrid system which is similar with the model in [9]. Figure 14 shows the electrical network and communication topology of the islanded microgrid system. The microgrid is composed of 10 DGs, and the related specifications of the model are listed in Table A1 in the Appendix A. As can be seen from Figure 11, with the increase of sensitivity factor , the decline rate of common trust value will increase. Since the attacked DG will be isolated from the network when the common trust value drops below the isolation threshold, a smaller sensitivity factor can improve the tolerance of the proposed control scheme to the transient disturbance before a DG is identified as malicious. However, if the sensitivity factor is too small, the neighbors will spend more time to determine the malicious DG, which reduces the quickness of the detection process. Figures 12 and 13 show the evolutions of the collective estimation error under different isolation threshold and rejoining threshold where the sensitivity factor is chosen as 0.08. From Figure 12, we can see that the deviation of the collective estimation error of DG2 to DG5 starts from t = 0.7 s due to the discarding information mechanism. When the common trust value drops below the isolation threshold , the collective estimation error will be corrected by the recovery action Equation (27). It can be seen that the isolation threshold only affects the duration of the deviation, while the magnitudes of deviation are the same. From Figure 13, we can see that after the attack is cleared at t = 2.5 s, the deviation of the collective estimation error of all normal DGs will be corrected by the recovery action Equation (28) when the common trust value increases above the rejoining threshold . Although a smaller can reduce the duration of deviation of collective estimation error, it also increases the risk that an attacked DG will be misidentified as a normal one. It can be concluded that the smaller isolation threshold and rejoining threshold represent a more tolerant attitude to FDI attack, but it also increase the duration of the collective estimation error and the missed detection rate of the proposed control scheme.

Scalability Test of the Resilient Control Scheme
This study case investigates the scalability of the proposed resilient control scheme with a modified test microgrid system which is similar with the model in [9]. Figure 14 shows the electrical network and communication topology of the islanded microgrid system. The microgrid is composed of 10 DGs, and the related specifications of the model are listed in Table A1   As illustrated in Figure 14, DG1 and DG3 are photovoltaics (PVs), while DG6 and DG8 are wind turbines (WTs). PVs and WTs are not equipped with any storage device and operate in grid-feeding mode. This is standard practice and means that PVs and WTs are uncontrollable units, and they produce fixed amount of active power and no reactive power to the microgrid system, that is = = = = 0 [3,9]. Hence, the network possesses a total of six controllable DGs, e.g., micro gas turbine, and they are controlled by the proposed resilient control scheme. From t = 0 s, the microgrid works in islanded mode. At t = 1 s the secondary controller is applied and DG2 is under transient As illustrated in Figure 14, DG1 and DG3 are photovoltaics (PVs), while DG6 and DG8 are wind turbines (WTs). PVs and WTs are not equipped with any storage device and operate in grid-feeding mode. This is standard practice and means that PVs and WTs are uncontrollable units, and they produce fixed amount of active power and no reactive power to the microgrid system, that is Q 1 = Q 3 = Q 6 = Q 8 = 0 [3,9]. Hence, the network possesses a total of six controllable DGs, e.g., micro gas turbine, and they are controlled by the proposed resilient control scheme. From t = 0 s, the microgrid works in islanded mode. At t = 1 s the secondary controller is applied and DG2 is under transient disturbance from 1.2s to 1.35s. The attack signals f a 7,V (k) = 0.7 and f a 7,Q (k) = −150 are injected into DG7 from t = 2.5 s and removed at t = 3.5 s. The simulation results are demonstrated in Figure 15.
Energies 2020, 13, x FOR PEER REVIEW 24 of 27 disturbance from 1.2s to 1.35s. The attack signals , ( ) = 0.7 and , ( ) = −150 are injected into DG7 from t = 2.5 s and removed at t = 3.5 s. The simulation results are demonstrated in Figure 15. As can be seen in Figure 15, the proposed trust-based control scheme is able to eliminate the collective estimation errors caused by the transient disturbance or the FDI attack, which makes the average voltage and reactive power estimates converge to the correct consensus values. Thus, the objective of voltage restoration and reactive power sharing can still be achieved in both disturbance and attack scenarios, which verifies the scalability and resilience of the proposed control scheme.

Conclusions
In this work, a trust-based control scheme is developed in order to improve the resilience of the voltage and reactive power control of an islanded AC microgrid subject to FDI attack. The adverse impacts of FDI attack are described in detail according to the cumulative effects of injected signals, and the proposed resilient control scheme is tested in various attack scenarios.
The validation of the proposed method is carried out through simulations using MATLAB/Simulink toolbox. In both transient disturbance and continuous attack scenarios, the results have proved that the forward-backward criterion is able to detect the misbehaving DGs, and using the discarding information mechanism with the proposed recovery actions can prevent the propagation of false data as well as eliminate the collective estimation errors in the secondary controller of islanded microgrids. The proposed method is compared with the scheme only using the discarding information mechanism to prove that the recovery actions are necessary to maintain the correct average estimates of voltage and reactive power. The capability to resist colluding attack and the scalability advantage of the proposed methods are also verified by case studies. As can be seen in Figure 15, the proposed trust-based control scheme is able to eliminate the collective estimation errors caused by the transient disturbance or the FDI attack, which makes the average voltage and reactive power estimates converge to the correct consensus values. Thus, the objective of voltage restoration and reactive power sharing can still be achieved in both disturbance and attack scenarios, which verifies the scalability and resilience of the proposed control scheme.

Conclusions
In this work, a trust-based control scheme is developed in order to improve the resilience of the voltage and reactive power control of an islanded AC microgrid subject to FDI attack. The adverse impacts of FDI attack are described in detail according to the cumulative effects of injected signals, and the proposed resilient control scheme is tested in various attack scenarios.
The validation of the proposed method is carried out through simulations using MATLAB/Simulink toolbox. In both transient disturbance and continuous attack scenarios, the results have proved that the forward-backward criterion is able to detect the misbehaving DGs, and using the discarding information mechanism with the proposed recovery actions can prevent the propagation of false data as well as eliminate the collective estimation errors in the secondary controller of islanded microgrids. The proposed method is compared with the scheme only using the discarding information mechanism to prove that the recovery actions are necessary to maintain the correct average estimates of voltage and