A Fusion Adaptive Cubature Kalman Filter Approach for False Data Injection Attack Detection of DC Microgrids

: With the widespread application of information technology in microgrids, microgrids are evolving into a class of power cyber–physical systems (CPSs) that are deeply integrated with physical and information systems. Due to the high dependence of microgrids’ distributed cooperative control on real-time communication and system state information, they are increasingly susceptible to false data injection attacks (FDIAs). To deal with this issue, in this paper, a novel false data injection attack detection method for direct-current microgrids (DC MGs) was proposed, based on fusion adaptive cubature Kalman filter (FACKF) approach. Firstly, a DC MG model with false data injection attack is established, and the system under attack is analyzed. Subsequently, an FACKF approach is proposed to detect attacks, capable of accurately identifying the attacks on the DC MG and determining the measurement units injected with false data. Finally, simulation validations were conducted under various DC MG model conditions. The extensive simulation results demonstrate that the proposed method surpasses traditional CKF detection methods in accuracy and effectiveness across different conditions.


Introduction
With new energy technologies rapidly advancing and energy policies gradually adapting, the integration of distributed energy resources and the construction of the energy internet have become significant trends in global energy development.Direct-current microgrids (DC MGs), with their efficiency, flexibility, and reliability, play a crucial role in facilitating the access to distributed energy and accelerating the development of the energy internet [1][2][3][4][5].However, as typical examples of cyber-physical systems (CPSs), the open, distributed, and networked characteristics of nonlinear DC-MG systems require extensive data exchange and information processing in communication and collaboration processes, leading to increased security risks such as data tampering and attacks [6][7][8][9].These attacks can compromise the accurate estimation of the DC MG's state, and inaccurate state assessments can lead to incorrect monitoring decisions.Therefore, in-depth research into the secure operation of DC MGs to ensure their stability and reliability is of significant importance for promoting the development of distributed energy systems and the construction of the energy internet.
In general, a false data injection attack (FDIA) is a prevalent attack that disrupts the normal operation of a system by tampering with its data.This can cause the system to crash or malfunction.In the case of DC MGs, FDIAs can result in voltage fluctuations, load imbalances, and other issues that significantly impact the system's stability and reliability.Therefore, detecting and preventing FDIAs effectively is one of the crucial issues in the field of DC MG research [10][11][12][13][14]. Currently, FDIA detection methods are mainly classified into two categories: model-based and data-based detection methods [15][16][17].Model-based detection methods determine whether it contains false data attack injection by calculating the residual difference between the actual output of the process and the output predicted based on the mathematical model.References [18,19] have received attention for their robustness to model uncertainties and disturbances due to the unknown input observer (UIO) approach to decouple FDIA and perturbation for attack detection.In addition, reference [20] proposed a false attack detection algorithm based on the cubature Kalman filter for detecting attack injections in nonlinear systems.Reference [21] proposed a square root maximum correlation entropy volume Kalman filter with adaptive kernel width for estimating continuous discrete nonlinear dynamic systems with non-Gaussian non-zero mean noise.In references [22,23], the detection problem was treated as an augmented and generalized state space system.The cubature Kalman filter (CKF) and unscented Kalman filter (UKF) were employed to estimate the sensor states.The main drawback of detection schemes based on system models is the requirement for system parameters and models.These parameters are not constant and can be subject to slight uncertainties and fluctuations, which can impact the effectiveness of the detection.
In comparison, the advantage of data-driven detection schemes is their independence from system parameters.These schemes only require the design of a model and training the model using historical data, thereby avoiding the negative impact caused by minor fluctuations in system parameters.Reference [24] employed multilayer perceptron (MLP) neural networks for fault detection and learning vector quantization (LVQ) classification for fault diagnosis.References [25,26] used long short-term memory (LSTM) neural networks and deep convolutional neural network (DCNN) deep learning techniques to improve detection efficiency.Reference [27] proposed a data-driven state estimation method based on data fusion techniques to obtain the optimal estimate, which significantly improved detection accuracy.The drawback of these data-driven fault detection methods is the requirement for a large amount of data, and during the training process, overfitting may occur, making them unsuitable for online implementation.
Although the aforementioned literature provides some effective attack detection strategies, there are still certain limitations.The literature [18][19][20][21][22][23][24][25][26][27] primarily focuses on studying whether the system contains false data injection, rather than considering the specific unit of attack injection [28].This lack of consideration makes it difficult to achieve accurate detection of false data attacks.To address this issue, a false data injection attack detection method based on a fusion adaptive cubature Kalman filter is proposed.The method consists of multiple local units and an information fusion module, which detects attacks by evaluating the estimation results of each local unit.It not only achieves accurate detection of false data injection attacks but also identifies the specific units targeted by the attack through the magnitude of local residuals, enabling the isolation of faulty units.During the information fusion process, after detecting and isolating the corresponding measurements and estimates, the method is able to obtain the correct system estimation.The proposed method is more accurate and effective than the traditional cubature Kalman filter detection method under different working conditions.
The rest of this paper is organized as follows: Section 2 introduces the DC MG models.Section 3 discusses the FACKF algorithm in detail.Section 4 presents simulations to evaluate the proposed algorithm.Finally, Section 5 provides concluding remarks and future perspectives.

DC MG Structure
Microgrids are classified into three main categories based on the distribution method: DC, AC, and AC-DC hybrid.Among them, the DC microgrid is a small power system that uses DC current for energy transmission and distribution.It mainly consists of DC sources, DC loads, DC centralized controllers, DC grids, and energy storage devices.Figure 1a shows an islanded DC microgrid comprising an energy storage system (ESS), a DC source (consisting of a generator and power electronics), and nonlinear loads.Typically, DC and AC loads are connected to the microgrid via tightly regulated converters and inverters.If the loads are connected to the microgrid using multiple power converters and inverters to maintain constant power, they are considered constant power loads (CPLs).

DC MG Model
To simplify the analysis, Figure 1b presents a simplified model of the DC MG.It is evident that the structure can be decoupled into multiple CPLs and an ESS.Assuming a coordinated variation near the operating point and letting the energy storage current serve as the control input, the nonlinear equation of state of the whole DC MG is shown below: ̇() = A() + DH(()) +   ̃  () +  s   (1) where () indicates the state quantity of the system.() = [ DH is the transfer matrix of the perturbation caused by the current fluctuation of the n-th CPL;   means the voltage of the storage power supply;  s is the coupling matrix between   and the system; ̃  () is the injected power, which can stabilize the DC MG and improve the robustness of the closed-loop system to disturbances and temporary faults;  es is the coupling matrix.In general, the DC MG model can be expressed as where  +1 represents the state vector at moment  + 1;   indicates the measurement output vector at moment  ; (  ,   ) and ℎ(  ,   ) are the nonlinear functions;   means the control input matrix;   and   are the system and measurement noise, respectively, both of which are Gaussian white noise.

DC MG Model with FDIA
FDIA is a type of cyber attack that involves injecting false data into real information.This attack typically occurs when the attacker lacks knowledge of system parameters or previous data.A sophisticated FDIA can cause system instability, posing a serious threat to network security.Therefore, real-time and accurate detection of false data is essential to maintain system stability.
The DC MG model in Equation ( 2) states that the injection of FDIA into the system will cause interference and alter the measurement information.Therefore, the DC MG measurement equation model with false data injection can be expressed by where  is the type and extent of the false data attack;  denotes the moment of system operation;  , and  are the location of the fault and the moment of the fault, respectively.

Fusion Adaptive CKF Approach
To implement an effective detection of false data injection in sensors, this section proposes a nonlinear detection method based on the FACKF algorithm.The method comprises local filters and an information fusion module.The local filters perform adaptive cubature estimation on individual parts of the overall unit, and the information fusion module combines the state estimates of all the local filters to obtain a global estimate.Attacks are detected during the information fusion process based on the residuals of the local units, and the sensors injected by the attacks are localized.The computational burden is distributed across various local filters in this structure, rather than the main filter.This approach can enhance the accuracy and reliability of the decision while also reducing the impact of noise by combining the local filters and sharing information.Figure 2 illustrates the FACKF framework.
where  +1 represents the state vector and  , indicates the measurement output vector of the i-th local sensor; (  ,   ) and ℎ  (  ,   ) are the system function and measurement function, respectively;   is the system noise at the time instant, ;  , represents the measurement noise at moment , and both are Gaussian white noise;   and  , are the corresponding covariance matrices, respectively.The implementation steps for the FACKF method are as follows: Step 1: Firstly, initialize the initial values of the parameter states and the initial covariance matrix.
Step 2: Generate 2 + 2 cubature points: where  ,,−1 is the i-th cubature point at moment k − 1 calculated for the j-th local unit,  ̂,−1 is the estimated value at moment k − 1 for the local unit,   is the matrix of cubature points, and  ,−1 is the estimated covariance at moment k − 1 for the i-th local unit.
Step 3: The local CKF is updated in time and measurements, and the estimated state of the CKF for the first local unit is ̂,,|−1 = 2+2 =0 (10) where  ,,−1 ,  ,−1 are, respectively, the cubature points of the generated state and control variables;  ̂,|−1 and  , |−1 are the a priori estimates of the state quantities and the a priori covariance matrices of the state quantities at the k-th moment in the i-th local unit, which are obtained by averaging over the individual 2 + 2 cubature points;  ̂,,|−1 is the estimate of the a priori quantities at the k-th moment of the i-th local unit.
Step 4: Construct adaptive factors and perform correction of the covariance matrix.
To improve the adaptivity and robustness of the CKF algorithm, its filtering performance is enhanced by correcting the covariance matrix online through the construction of an adaptive factor.The main steps can be expressed as = { where   represents the innovation vector, ∆ denotes the innovation vector matrix, and   is the adaptive factor.
Based on the constructed adaptive factor, the self-covariance matrix and cross-covariance matrix are dynamically adjusted through online correction.
Step 5: The estimates of all local state vectors ( ̂, ), the state error covariance ( , ), and the process noise covariance ( , ) of the local CKF are integrated into the information fusion to obtain the global estimate: where  , and  , are the overall state error covariance and process noise covariance obtained by fusing the N local unit estimates, respectively;  , is the overall estimate. Step where  , and  , are the process noise and state error covariances returned to each local estimator;  , is the state estimate returned as the current estimate of the local unit;   is the information distribution factor of the i-th local filter and ∑   −1  =1 = 1.

False Data Injection Attack Detection Based on FACKF
Traditional false data injection detection is based on a single residual size judgement, which is unable to effectively detect the unit of false data injection.When false data are injected, they will quickly spread to other locations and affect the overall system, and the estimated values of other parameters will be affected and deviate from the true values over time, resulting in the final estimation results deviating from the true values.In order to accurately detect the attack and determine the attack injection unit to achieve accurate and reliable state estimation, the state variance (  ) and local state residual ( , ) are defined: The state variance,   , determines whether a sensor experiences FDIA, while the residual,  , , identifies the specific measurement unit in which attack injection occurs in FDIA detection.In the absence of FDIA, the locally estimated states of the local adaptive CKF are close to their true values, with   and  , approaching 0. When false attack injection occurs in a measurement unit, only one local unit is correct.In this case, the state estimate,  , , is inaccurate and close to the fault estimate.Based on the maximum value of  , , it is possible to diagnose which local unit is correct, while the measurements from the excluded sensors originating from that local unit are considered incorrect.The steps of the FACKF are summarized in Algorithm 1.

Simulation Results
In order to prove the validity of the proposed FACKF method, a DC microgrid system is set up under different working conditions, and the estimation performance of a DC microgrid under normal operating conditions and the detection and robustness estimation ability of a fake data attack injection scenario are, respectively, compared and analyzed.Through this series of comparative experiments, not only can the FACKF method demonstrate high estimation accuracy under normal operating conditions, but it can also validate its excellent detection efficiency and robustness when faced with security threats.This fully proves the practical value and effectiveness of the method in ensuring the stable operation and security protection of DC microgrids.

Test Systems
Case 1: A CPL source and a DC source are set up in the DC microgrid.In the absence of network attacks, the CKF and FACKF are, respectively, used for state estimation to evaluate the estimation accuracy of the two algorithms in the presence of noise.
Case 2: On the basis of Case 1, the case of false data injection attack is considered; the traditional residual detection method and the FACKF method proposed in this paper are used to detect the false data injection attack.
Case 3: The DC grid unit is extended to 2 CPL, and the false data injection attack is set to test the validity of the detection algorithm considering multiple CPL.
Case 4: The computational efficiency of the conventional CKF and the proposed FACKF is investigated.
In order to accurately simulate the field measurements measured by the PMUs, additional noise is added to the simulated data.It is worth pointing out that all the discussed methods were executed in MATLAB R2021b on a PC with Intel Core CPU E5-11400H, 4.5 GHz, and 16 GB memory.
Furthermore, for the purpose of conducting a quantitative analysis and comparison of various methods' performance, the performance metric known as root mean square deviation (RMSD) is used to comprehensively assess the effectiveness of the CKF and FACKF.It is defined as follows: where k represents the time instant, x denotes the state variable, n represents the number of time steps, ˆk x represents the estimated value of the state variable, and k x signifies the true value.

Case 1: Comparison of Estimation Accuracy
To compare the estimated performance of the two in the absence of an attack, consider a CPL and a source.The system variables are , the system parameters are given in Table 1, and the initial conditions of the DC microgrid are chosen as follows: [ . The initial conditions of the Kalman filter are as follows: . The initial covariance is  Table 1.The parameters of DC MG system with a CPL.
In order to study the of the proposed FACKF algorithm for the attackfree injection case, we assume that all state measurements are available.Therefore, we consider four local variables (M = 4), each consisting of measurements from three sensors, as follows: The CKF and the FACKF proposed in this paper are applied to estimate the system state for comparison, respectively, and the estimation results are shown in Figure 3. From the test results, it can be seen that without FDIA, both the traditional CKF method and the FACKF method proposed in this paper can accurately track the operating state of the DC microgrid system with good dynamic performance, and the state estimation accuracy of the two methods can satisfy the system monitoring requirements.
The results of the root mean square error (RMSE), root mean square deviation (RMSD), and constant norm-2 error ( 2 n E ) calculated for both the traditional CKF method and the FACKF method are shown in Table 2. From the results in Table 2, it can be seen that the RMSEs of both the traditional CKF method and the FACKF method are smaller, which is consistent with the results presented in Figure 3; i.e., both the CKF method and the proposed method have higher tracking accuracy without spurious data injection.It can also be found that the RMSE, RMSD, and 2 n E of each state component of the pro- posed partitioned FACKF method are slightly smaller than that of the traditional CKF method, compared to the traditional CKF method, and this result indicates that the proposed FACKF method has a higher state estimation accuracy, which is attributed to its use of the distributed estimation strategy.In the case of a single attack, in order to verify the detection and localization ability of the fusion CKF method proposed in this paper for false data attacks, an attack is set up on 1 c v based on case 1.The traditional residual detection method and the partitioned fusion CKF method proposed in this paper are used to detect the system false data injection attack, respectively.
As can be seen from Figure 4, under the false attack injection, the residual difference increases significantly.Although the system can be detected by FDIA at this time, the specific location of FDIA injection cannot be determined.The results of the system using the conventional residual method are shown in Figure 5, where the residual values are the normalized data with no units.It can be seen from Figure 5 that the state variance amplitude of the proposed FACKF method increases significantly when 0.3 s ≤ t ≤ 0.5 s, and FDIA can be judged to exist in the DC microgrid.When the voltage state is attacked, it has a larger value than other local residuals, because there is no measurement information containing attacks in the second local unit.In conclusion, the FACKF method proposed in this paper can not only achieve accurate detection of false data injection, but also locate the injected specific measurement unit.

Case 3: Effectiveness of the FACKF under Multiple CPLs
To validate the effectiveness of the FACKF method under multiple CPL scenarios, the model is extended to include 2 CPLs, and false data injection is employed to detect the system.Setting  ,0 as 10 −6  6×6 ,  , as 10 −6  5×5 , and  , as 10 −6  5×5 , an attack is initiated by injecting false data into  1 , starting at 0.4.In the attack scenario, we compare the state estimation results of the proposed method in this paper and the CKF.
From Figure 6, it can be seen that under attack conditions, the system state estimation of the traditional CKF starts to deviate and gradually moves away from the true values.This is primarily due to erroneous data progressively influencing the system's state.However, the method proposed in this paper is capable of accurately detecting FDIA and identifying the affected measurement units.Upon detecting FDIA, this method isolates the injected unit and uses correct estimates from unaffected local units for overall estimation.As a result, this approach not only precisely tracks the operating state of the DC microgrid system but also demonstrates excellent dynamic performance.Table 3 shows the comparison of various estimation metrics in the case of an attack.It can be clearly seen that once a network attack occurs, the RMSE, RAMD, and 2 n E of the CKF are significantly larger than those of the FACKF, which is due to the fact that the traditional CKF design framework does not take into account the effect of attacks.Therefore, once an attack occurs, the estimation results of the CKF will be disturbed and seriously deviate from the real value or even regress.Compared with the traditional CKF, the proposed FACKF method can isolate the attack-induced bias and thus obtain better estimation performance.These results validate the effectiveness and excellent performance of the proposed FACKF method.In order to meet the requirements of various real-time applications in energy management systems (EMSs), dynamic estimation in DC microgrids needs to be not only accurate but also computationally efficient.This section aims to validate the feasibility of the proposed FACKF method for adapting to the sampling rate of 30-60 samples per second from PMUs, ensuring its suitability for real-time applications.By conducting tests on the computation time of the FACKF method and the traditional CKF method under different conditions, the computation times of both algorithms are shown in Figure 7.
The results demonstrate that although the FACKF method has a slightly longer computation time compared to the traditional CKF method, this difference is primarily due to the introduction of more complex formulas in the state estimation process of the FACKF.However, it is worth noting that the average computation time for both methods is significantly lower than the PMU sampling rate.This indicates that the FACKF method can meet the real-time requirements while maintaining accurate synchronous estimation capabilities.Furthermore, despite involving more complex computational steps, the additional computation time of the FACKF method has minimal impact on performance in practical applications, effectively meeting the real-time processing requirements of the EMS in DC microgrids.Therefore, the proposed FACKF method not only demonstrates superior estimation accuracy but also confirms its practicality and efficiency in fast, dynamic environments.It provides a reliable technical solution for energy management in DC microgrids.
Figure 1 shows a detailed and simplified diagram of the DC microgrid system structure.

Figure 1 .
Figure 1.DC MG system structure diagram.(a) Detailed system structure of DC MG.(b) Simplified system structure of DC MG.

Figure 2 .
Figure 2. The framework of the FACKF.

Figure 2
Figure 2 illustrates the three main stages of the FACKF.Firstly, M sensors are grouped into N local units, each containing M − 1 sensor values.Secondly, each local unit performs adaptive CKF estimation to obtain a local estimate,  ̂, , and performs information fusion to obtain the global estimate,  , .Finally, the global estimate is sent back to the local filters and each local filter is updated.The global state estimates,  , and  , , are determined by information fusion and sent to the local units for updating.The information distribution factor (  ) of the i-th local filter is used to weight the localization.If all local filters have the same weight, 1/N is the number of localization.The nonlinear equations in fusion adaptive CKF describe the localized sensor system. +1 = (  ,   ) +    , = ℎ  (  ,   ) +  ,(5)

I
; the standard deviation of the system and measurement noise is

Figure 3 .
Figure 3.Estimated results of the two algorithms in the no-attack case.(a) Estimation results of two methods for the state variable 1 L i .(b) Estimation results of two methods for the state variable 1 c v .

Figure 4 .
Figure 4. Traditional residual method detects the system.

Figure 6 .
Figure 6.Comparison of state estimation results for FACKF and CKF under attack.(a) Comparison of estimation results for 1 L i .(b) Comparison of estimation results for 1 c V .(c) Comparison of esti-

Figure 7 .
Figure 7.The comparison of computation times.
() = [ ,  , ]  . , and  , denote the inductor current and capacitor voltage in the n-th CPL, respectively.  () = [ ,  , ]  ;  , and  , are the inductor current and capacitor voltage in the ESS.̇() represents the integral of () with respect to the time; 6: The global estimates from Step 4 are assigned to each local unit, and the local units use them as previous information in the next step, returning state estimates, state error covariance, and process noise for the first local filter CKF.

Table 2 .
Comparison between different methods.

Table 3 .
Comparison between different methods under attack.