CSE 041

Intelligent ADMM–Lasso–DRL based cyberattack detection and scheduling framework for battery energy storage in smart grids

Authors

Rajesh PANDA, P. SANTHOSH - Electrical and Electronics Engineering, Sri Sivasubramaniya Nadar College of Engineering, Chennai, India
Sushree SAMIKSYA PATTANAIK - Electrical Engineering, KIIT Polytechnic, Bhubaneswar, India

Summary

The paper proposes a novel alternating direction method of multiplier (ADMM)-LASSO deep reinforcement learning based cyber security framework for the battery energy storage system (BESS) operation under intrusion attack in a cyber physical system. The proposed work categories into two stages, firstly the BESS schedules in the day-ahead market are solved by mixed integer linear programming. Secondly, ADMM is employed efficiently solve the LASSO regression that categorizes sparse event detection such as attack nodes and non-attack nodes with optimized lambda λ parameter which is the loss coefficient in the ADMM.  Tuning a parameter is very important for minimizing prediction error by choosing cross-validation (CV). The results indicate that increasing λ increase sparse but poor prediction and CV error increases in ADMM-LASSO. While, with the minimum value of λ with many coefficients and there is risk of overfitting with CV error may increase. The optimum value of λ obtained is 10 with CV error 21168.8. Experimental results for BESS demonstrate that, under normal conditions, the state of charge (soc) and ramp-up/ramp-down profiles exhibit smooth, complementary, and well-regulated patterns. However, during cyberattacks, these profiles show distorted behaviors—such as simultaneous charging and discharging, extreme ramping spikes, and unstable soc fluctuations—indicating false data injection and control manipulation. Prediction accuracy achieves 80.1% and 96.85% for bess1 and bess2 respectively using proposed approach. The proposed methodology efficacy is validated using modified IEEE 30 bus system integrated with wind generator and BESS. 

Keywords
Bess scheduling, Admm- lasso regression, Deep reinforcement learning, MILP. Cyber physical system

1. Introduction

The unit commitment with battery energy storage system (UC-BESS) is a high requirement for obtaining the stability and reliability of the grid due to the rising electric vehicles. The advantages of BESS are approximately zero carbon emissions highly providing flexibility services to the grid [1]. The security of the integrated system with BESS has been crucial from stability and economic point of view. 

The data communication centers have become a common point of vulnerability for the BESS system. The cyber attacker easily targets the BESS charging infrastructure to access unauthorized data [2]. Cyber attackers manipulate the charging- discharging profile as well as capacity of BESS. BESS may be overloaded or feel alike loaded with underload conditions. This affects severely grid stability and battery degradation. It is very important for predicting the cyber-attack points and classify the attack and non-attack points. 

Authors [3] proposed security constrained unit commitment for electric vehicle (EV) infrastructure in presence of false data injection (FDIA). Saber and Venayagamoorthy [4] proposed unit commitment model for maximizing profit of V2G under constrained parking lots. The unit commitment model was developed by EV aggregator for V2G services in [5]. 

The author in [6] proposed mixed integer linear programming unit commitment for hybrid system considering reserves. The security constrained unit commitment model is proposed for the operation of EV and wind generation with focus on the V2G control [7]. Lai and Zhang [8] performed network constrained unit commitment model for the storage system in a microgrid. They found various economic benefits and optimal locations of integrating energy storage systems. 

The author in [9] developed V2G scheduling by decomposing it into several sub-problems in a cyber physical system. Privacy of EV and energy coordinator data is preserved in a cyber physical system. From the above study, it indicates regarding the unit commitment model being used for BESS scheduling with the FDIA, but the prediction and classification of attack nodes are not being considered.

Machine learning algorithms are well trained for predicting the attacks in cyber physical system. Authors [10] addressed energy minimized time constrained task scheduling by bidirectional long short-term memory network in cyber physical system. The proposed learning evolutionary algorithm outperforms iterated learning system (ILS), Reinforcement aided ILS, Learning based Grey Wolf Optimizer, E-HEFT, and Cuckoo Search Algorithm. In [11], cyber physical robust framework is proposed for detecting FDIAs in power system networks by adaptive extended Kalman filter. 

The authors [12] forecasted market price and thermal generator power under stochasticity of uncertainties such as wind energy and contingencies. The authors [13] indicates the solving Gauss-Seidel by semi-proximal ADMM for LASSO regression for robust fused lasso regression. Yan et al., [14]-[15] presents a combination of deep convolutional neural networks and bi-directional long short-term memory to capture the temporal and spatial relationship for the intrusion detection phase. The above study reveals only the application of machine learning and deep learning methods rather they focus on the performance and computational speed of the algorithm with scalable issues. One of the most important implementation restrictions includes the heavy computational cost linked to the use of machine and deep learning algorithms. Deep neural networks, reinforcement learning techniques, and optimization methods all involve substantial computation time and memory, thereby making them unsuitable for applications in real-time power system scenarios.

Through an analysis of existing literature, several important shortcomings with current cyberattack detection algorithms for cyber-physical energy systems may be observed. Most existing systems, especially those that utilize unit commitment or optimization models, pay significant attention to optimizing the operation and scheduling of the system during the attacks but lack effective ways of detecting and classifying the attacked nodes. False Data Injection Attacks (FDIA), for example, are assumed within the algorithms but no framework exists for detecting the specific components affected by the attack in a timely manner. Moreover, most existing machine learning or deep learning algorithms pay significant attention to improving accuracy and performance but lack considerations of scalability or interpretability. 

Another important constraint is that traditional IDSs are not designed to manage the sparseness and randomness of cyberattacks in power systems, which can result in an increased number of false positives or missing subtle cyber events like coordinated attacks or soft cyberattacks. Moreover, there is no linkage between the operation of the physical power system (e.g., SoC dynamics, ramping dynamics) and cyber layer data, resulting in a partial understanding of the scenario. Finally, there is inadequate consideration for joint optimization and detection techniques where the operation of the system and cyber aspect are managed together. 

In this paper, the cyber security framework for BESS operation under intrusion attack in a cyber physical system has been proposed. The network constrained unit commitment scheduling has been proposed and solved by MILP for BESS in the hybrid system consisting of EV, thermal generators and wind generators. Generally, cyber-attacks are sparse in nature, LASSO picks well the coefficient with sparsity. ADMM splits the complex larger problem into optimized sub-problem. 

Proposed ADMM-Lasso Regression deep reinforcement learning (DRL) identifies the intrusion detection with enforcing sparse coefficient to zero as the attack nodes while non-zero coefficient indicate the non-attack nodes. This classification enables to constricts the sub-set attack points as the vector. The accuracy of the ADMM-Lasso regression is improved by the optimizing the loss coefficient λ with minimizing the CV error. The optimal value of λ is determined by k-fold CV. 

The main contributions of the paper are as follows:

  • A novel optimization model based on ADMM-Lasso DRL for solving the dynamics of BESS system. The cyber security framework models the relationship between BESS control parameters and SoC while detecting anomalies in cyber physical system.
  • The proposed methodology exploits the sparse property of Lasso regression to identify the spike ramping up, ramping down, charging and discharging profiles. From the sparse coefficient matrix, we can conclude the attack and non-attack conditions.
  • A comparative analysis of pre-attack and post-attack scenarios for BESS and demonstrate the deviations such as charge/discharge cycles, unrealistic ramp-up/down spikes, distorted SoC caused by false data injection.
  • The proposed approach is effective for both accurate SoC estimation and real-time anomaly detection for operational monitoring and cybersecurity enhancement in smart grids.   

The structure of the paper as follows: Section 1 with introduction, followed by section 2 as mathematical modelling, section 3 as results and discussion followed by section 4 as conclusions and references.

2. Mathematical modelling

The block diagram as shown in Fig. 1 indicates the proposed cyber security framework for BESS operation. Firstly, MILP optimizes the day-ahead scheduling for BESS. Secondly, ADMM-Lasso regression DRL predicts the sparse cyber intrusion by optimizing λ through CV distinguishing attack and non-attack nodes.

Figure 1 - Block diagram for the proposed approach

2.1. Network constrained unit commitment model for cyber physical system

The objective of network constrained unit commitment model is to minimize the operational cost subject to security optimal power flow constraint (OPF), reserves and BESS constraints.

stack M i n with x below space f space left parenthesis x right parenthesis                           (1)

where, f(x) is the objective function comprises of expected active power dispatch (thermal generators and wind generators), zonal reserves and cost of BESS.

 begin mathsize 18px style f space left parenthesis x right parenthesis space equals space F subscript p left parenthesis P to the power of i t end exponent right parenthesis plus F subscript z left parenthesis r subscript z superscript i t end superscript right parenthesis plus F subscript B E S S end subscript space left parenthesis P subscript c superscript i t end superscript comma space P subscript d superscript i t end superscript right parenthesis end style                 (2)

First part of the objective function in Eq. (2) indicates the active power dispatch for the generators (thermal + wind) as given by Eq. (3)

begin mathsize 18px style F subscript p left parenthesis P to the power of i t end exponent right parenthesis equals begin inline style sum from i equals 1 to N subscript i of end style space open parentheses begin inline style sum from t equals 1 to 24 of end style left parenthesis alpha subscript i left parenthesis P to the power of i t end exponent right parenthesis ² plus beta subscript i left parenthesis P to the power of i t end exponent right parenthesis plus gamma right parenthesis close parentheses end style               (3)

Second part of the objective function in Eq. (2) indicates zonal reserves and is given by Eq. (4)

begin mathsize 18px style F subscript z left parenthesis r subscript z superscript i t end superscript right parenthesis equals C subscript z times r subscript z superscript i t end superscript end style                       (4)

Cz is the zonal reserve cost (in $/MWh) and r subscript z superscript i t end superscript is the reserve quantity in MWh.
Third part of the objective function in Eq. (2) indicates the BESS cost comprises of initial residual charging and discharging cost is given by Eq. (5)

begin mathsize 18px style F subscript B E S S end subscript space left parenthesis P subscript c superscript i t end superscript comma space P subscript d superscript i t end superscript space right parenthesis equals C subscript c 0 end subscript superscript T s subscript 0 minus left parenthesis C subscript c 0 end subscript superscript T s subscript 0 plus C subscript t s c end subscript superscript T P subscript c superscript i t end superscript plus C subscript t s d end subscript superscript T P subscript d superscript i t end superscript right parenthesis end style               (5)

subject to constraint.

  • Power balance equation given by Eq. (6)

begin mathsize 18px style begin inline style sum from i equals 1 space to N g of end style space space space space begin inline style sum from t equals 1 to 24 of end style space P to the power of i t end exponent plus begin inline style sum from i equals 1 space to N g of end style begin inline style space end style begin inline style space end style begin inline style space end style begin inline style space end style begin inline style sum from t equals 1 to 24 of end style begin inline style space end style begin inline style begin inline style P end style subscript d i s end subscript superscript i t end superscript end style begin inline style equals end style begin inline style sum from t equals 1 to 24 of end style begin inline style space end style begin inline style begin inline style P end style subscript d superscript t end style begin inline style plus end style begin inline style sum from i equals 1 space to N g of end style begin inline style space end style begin inline style space end style begin inline style space end style begin inline style space end style begin inline style sum from t equals 1 to 24 of end style begin inline style space end style begin inline style begin inline style P end style subscript c h end subscript superscript i t end superscript end style end style                    (6)

  • Non-linear power flow equations given by Eqs. (7) and (8)

begin mathsize 18px style vertical line P subscript f left parenthesis capital theta comma V subscript m right parenthesis vertical line minus P subscript m a x end subscript less or equal than 0 end style                 (7)
begin mathsize 18px style vertical line P subscript t left parenthesis capital theta comma V subscript m right parenthesis vertical line minus P subscript m a x end subscript less or equal than 0 end style                 (8)

  • Voltage magnitude and angle limits given by Eqs. (9) and (10)

begin mathsize 18px style v subscript m superscript i comma m i n end superscript less or equal than v subscript m superscript i less or equal than v subscript m superscript i comma m a x end superscript end style                              (9)
begin mathsize 18px style theta subscript m superscript i comma m i n end superscript less or equal than theta subscript m superscript i less or equal than theta subscript m superscript i comma m a x end superscript end style                             (10)

  • Generator active power limits and wind generation limits are given by Eqs. (11) and (12)

begin mathsize 18px style P subscript m superscript i comma m i n end superscript less or equal than P subscript m superscript i less or equal than P subscript m superscript i comma m a x end superscript end style                              (11)
begin mathsize 18px style 0 less or equal than p subscript w g end subscript superscript i less or equal than p subscript w g end subscript superscript i comma m a x end superscript end style                                    (12)

  • Load following ramping limits are given by Eqs. (13) and (14)

begin mathsize 18px style 0 less or equal than P subscript u p end subscript superscript i less or equal than P subscript u p end subscript superscript i comma m a x end superscript end style                                      (13)
begin mathsize 18px style 0 less or equal than p subscript d n end subscript superscript i less or equal than p subscript d n end subscript superscript i comma m a x end superscript end style                                         (14)

  • Load following ramp reserves are given by Eqs. (15 and 16)

begin mathsize 18px style P subscript m superscript i t end superscript minus P subscript m superscript i left parenthesis t minus 1 right parenthesis end superscript less or equal than P subscript u p comma m a x end subscript superscript i left parenthesis t minus 1 right parenthesis end superscript end style                                   (15)
begin mathsize 18px style P subscript m superscript i left parenthesis t minus 1 right parenthesis end superscript minus P subscript m superscript i t end superscript less or equal than P subscript d n comma m a x end subscript superscript i left parenthesis t minus 1 right parenthesis end superscript end style                                 (16)

  • State of charge at time t by Eq. (17)

begin mathsize 18px style S O C to the power of i t end exponent equals S O C to the power of i left parenthesis t minus 1 right parenthesis end exponent plus open parentheses P subscript c superscript i t end superscript eta subscript c minus fraction numerator P subscript d superscript i t end superscript over denominator eta subscript d end fraction close parentheses italic increment subscript t end style                 (17)

  • Charge and discharge limits by Eq. (18) and (19)

begin mathsize 18px style 0 less or equal than P subscript c superscript i t end superscript less or equal than P subscript c m a x end subscript superscript i t end superscript times I subscript c h end subscript end style               (18)
begin mathsize 18px style 0 less or equal than P subscript d superscript i t end superscript less or equal than P subscript d m a x end subscript superscript i t end superscript times I subscript d i s end subscript end style               (19)

  • Charging and discharging integrity given by Eq. (20)

begin mathsize 18px style I subscript c h end subscript plus I subscript d i s end subscript equals 1 end style                 (20)

  • State of charge limits given by Eq. (21)

begin mathsize 18px style S O C subscript m i n end subscript superscript i t end superscript less or equal than S O C to the power of i t end exponent less or equal than S O C subscript m a x end subscript superscript i t end superscript end style                           (21)

2.2. Admm-lasso regression for cyberattack in cyber physical system

ADMM is used to solve iteratively high dimensional optimization problems to solve convex problems. ADMM decomposes the cyber-attack of BESS into sub problems by enforcing the constraints. Least Absolute Shrinkage and Selection Operator (LASSO) is widely used for creating sparse models with less features, improving accuracy and presents overfitting. It adds L1 regularization to the LASSO to obtain sparsity and enforce low coefficient weights to zero. Mathematically, LASSO is given by Eq. (22) [16]

begin mathsize 18px style M i n 1 half open double vertical bar open parentheses A x minus b close parentheses close double vertical bar subscript 2 superscript 2 space plus space lambda open double vertical bar z close double vertical bar subscript 1 end style                     (22)

subject to

begin mathsize 18px style x minus z equals 0 end style                 (23)

Figure 2 - Flow chart of the proposed approach

The augmented Lagrangian with penalty parameter begin mathsize 18px style open parentheses 1 over tau close parentheses greater or equal than 0 end style given by Eq. (24) for Eq. (22)

begin mathsize 18px style script capital l subscript 1 divided by tau end subscript left parenthesis x comma z comma y right parenthesis space equals space begin inline style 1 half end style open double vertical bar A x minus b close double vertical bar subscript 2 superscript 2 space plus space lambda open double vertical bar z close double vertical bar subscript 1 plus space 1 over tau open parentheses y comma x minus z close parentheses space plus space begin inline style fraction numerator 1 over denominator 2 tau end fraction end style open double vertical bar x minus z close double vertical bar subscript 2 superscript 2 end style               (24)

The flowchart as shown in Fig. 2 presents the methodology of the prediction of soc and cyber-attack analysis using ADMM-Lasso regression DRL. Firstly, the network AC constrained unit commitment has been performed to obtain BESS scheduling.

The soc parameters are used to store as parameter b in the Lasso optimization problem begin mathsize 18px style 1 half open double vertical bar open parentheses A x minus b close parentheses close double vertical bar subscript 2 superscript 2 space plus space lambda open double vertical bar z close double vertical bar subscript 1 end style.

This problem is solved by ADMM by alternating soft threshold and ordinary least square (OLS) to obtain sparsity.

Regularization parameters iteratively optimize λ. The algorithm then produces a sparse coefficient vector z that predicts soc (ỹ). The predicted soc is compared to the actual soc. The results are analyzed with and without cyber-attack. The cyber-attack manipulates coefficients that distort soc on BESS.

Pseudo code for ADMM-lasso regression in cyber physical system
Inputs:

ADesign matrix (features for BESS SoC model) 
bObserved SoC vector
λL1 regularization parameter
ρADMM penalty parameter
max_iterMaximum ADMM iteration
tol_abs, tol_revStopping tolerances
Initialize: 
= zeros(p)p is the number of features
= zeros(p)Auxiliary variable
= zeros(p)Scaled dual variable
Precompute: 
 = AT A + ρ * I
 fact = factorize (M)

#1

z-update (quadratic solve)
for k = 1 … max_iter :
AT b + ρ * (x – y)
= solve (fact, q)
 
 
 

#2

x-update ()
= z+ y
= soft_threshold (u, λ/ρ) 

 

 

#3

dual update
y = y + (z - x)

 

#4

Stopping Criteria

 

r_norm = norm(z - x)

 

s_norm = norm(-ρ•(x-xold))

 

eps_pri = sqrt (p)•tot_abs + tot_rel•max (norm(z),x)
eps_dual = sqrt (p)•tot_abs + tot_rel•max (norm(ρ•y))

 

If r_norm ≤ eps_pri and s_norm ≤ eps_dual:

 

break

 

x_old = x

 

#   After convergence

 

z_sparse = x          # sparse coefficient vector

 

= A@ z_sparse   # predicted SoC

3. Results and Discussions

The proposed methodology has been validated with modified IEEE 30 bus system comprises of 6 thermal generators, 1 wind generator and 2 BESS to show the effectiveness of the approach.

The network constrained unit commitment schedule for the BESS is solved by MILP problem by modifying MATPOWER [17] in Matlab 2019b and GAMS [18]. The fixed load is assumed to be the point of cyber-attack in the cyber physical system The load profile has been considered for winter weekday from IEEE reliability test system [19].

Fig. 3 shows the variation of SOC for BESS1 and BESS2 before and after attack. BESS1 maintains a relatively constant SoC between 50–100 MWh, with small fluctuations throughout the day. BESS2 shows a constant increase in SoC, peaking around 200 MWh during 10–15 hrs, and then gradually decreases towards zero at the end of 24 hr.

BESS1 (gray line) experiences an abnormal rise in SoC, reaching a very high level during 14–16 hrs, followed by a sharp drop to zero by the end of the day. This behavior is unrealistic and indicates manipulation caused by the attack.

BESS2 (yellow line) shows a distorted profile compared to its normal pattern, with SoC peaking at just above 100 MWh around 14 hrs, then declining rapidly.

 

Figure 3 - SOC of BESS1 and BESS2 before and after cyber attack

Figure 4 shows the effect of the regularization parameter (λ) on a cross-validation error in a regression model. The figure indicates the smaller of λ with CV error is very high (in order of 3.4 x104). The low value of regularization indicates the model is highly flexible and likely overfits leading to poor generalization.

The moderate value of λ (0.1~1) indicate the regularization begins to control overfitting and generalization. The high value of λ (>1 and <10) provides strong generalization reduces the model complexity and high accuracy due to reduction of CV error and reached optimized value at λ=10.

Figure 4 - Effect of regularization parameter (λ) on the 5-fold CV error in a regression model

Fig. 5 indicates the prediction of SOC (in MWh) before and after attack for BESS1. The top figure indicates the ADMM able to predict stable operation. After the cyber-attack, the coefficients are manipulated, so the curve rises above 300 MWh and then collapses. This indicates cyber-attack altered the optimization updates, ADMM emphasizes only the wrong coefficients. The bottom graph indicates the attacker’s coefficient distribution with abnormal high weightage while few coefficients are zero under normal conditions.

Fig. 5 shows the predicted curve almost overlaps perfectly with the original curve that indicates ADMM-Lasso algorithm successfully identifies the key features needed to reconstruct the original data as without attack. From the ADMM optimization algorithm, residual normalization is 20.34 and number of non-zeros obtained after rescaled is 19.

The alternating feature of the ADMM that were able to converge a sparse solution by capturing without overfitting. The bottom graph indicates the largest significant non-zeros around indices 5-7. While smaller indices contribute marginally to the sparsity.


Figure 5
(a) SOC predictions obtained using ADMM–LASSO and OLS-refit models for BESS1 
(b) sparse coefficient pattern obtained from ADMM–LASSO for BESS1

Fig. 6 illustrates the SOC prediction for BESS2 before and after a false data injection attack analyzed under the ADMM-Lasso cyber resilient estimation framework. The top figure denotes the actual SoC data with the predicted SoC obtained by ADMM-Lasso regression model.

The blue curve indicates the real SoC values recorded from the V2G system, and the red curve is the output of ADMM-Lasso model which predicts SoC based on the sparse regression model. 

The least square component of ADMM minimizes the errors and soft threshold operation of Lasso enforce sparsity on z ensuring the relevant features contribute to SoC. The bottom figure represents the rescaled sparse coefficients obtained from the Lasso regression. Each bar in the bottom figure is the one coefficient to the SoC model. 

The ADMM coefficients decrease in magnitude as few dominant components have large influence and rest contribute minimally. During the soft thresholding step, ADMM updates iteratively and penalizes through L1 regularization.

Figure 6 
(a) SOC predictions obtained using ADMM–LASSO and OLS-refit models for BESS2 
(b) sparse coefficient pattern obtained from ADMM–LASSO for BESS2

Fig. 7 illustrates the charging power profiles of BESS1 across 24-hour duration before and after cyber-attack. The blue curve corresponds to normal operation derived from MILP based optimal scheduling while orange curve depicts the intrusion affected scheduling curve. Under normal operation, BESS1 follows smooth and optimized operation in response to grid condition and renewable availability while during attack, an abrupt power surge is seen during 16th hour and reached 70MW deviates significantly from the operational limits.

Figure 7 - Charging power for BESS1 before and after cyber attack

Fig. 8 illustrates the discharging power profiles of BESS1 across 24-hour duration before and after cyber-attack. During discharging before attack mainly 6-8 hour, 12-15 hour and 17-19 hour, there is moderate discharge of 25 MW consistently supported to grid during high demand periods. 

After the attack, a drastic deviation occurs after 16 hour, with discharging power beyond 60 MW followed by unstable decline. This change observed is unrealistic as BESS cannot observe rapid power output without violating its rated limits. The spike indicates malicious or false data injection to destabilize grid operation.

Figure 8 - Discharging power profile for BESS1 before and after cyber attack in the day-ahead market

Fig. 9 shows the charging power for BESS2 before and after cyber-attack over the 24 hour time horizon in the day-ahead market. Before attack, the charging starts around hour 3 increases steadily and maintains a constant rate 27 MW from hour 5 to hour 11. It then gradually decreases from hour 12-14 and stops showing a well-optimized schedule.

This pattern aligns with the grid load balance equation during which BESS2 charges during off-peak hours while renewable energy is high and low electricity prices. After the attack, the charging starts at hour 4 but fails to fully charge and remains lower at hour 12 showing intermittent drops ending at hour 18. This shows the false data injection leads to underutilization of stored energy and poor grid support.

Figure 9 - Charging power profile for BESS2 before and after cyber-attack in the day-ahead market

Fig. 10 indicates the discharging profile for BESS2 before and after cyber-attack over the 24-hour time horizon in the day-ahead market. 

Before the attack, it is observed that the discharging starts at hour 13 and increases gradually reaching at hour 19 by 28 MW maintaining steady output. The pattern shows smooth and continuous discharge aligning with the unit commitment scheduling strategies. This ensures coordinated control between the grid operator and BESS2. After the attack, discharging begins at hour 18, and remains limited to 16 MW. 

Discharge schedule was shifted and truncated indicated that the battery was not utilized effectively and violated optimal dispatch constraints.  Sparse coefficients become irregular reflecting abnormal discharging intervals caused by manipulated data. The residual errors in ADMM iterations also increased sharply.

Figure 10 - Discharging power profile for BESS2 before and after cyber attack in the day-ahead market

Fig. 11 indicates a comparison of ramp-up power for BESS1 before and after cyberattack in the day-ahead market. The ramp-up values remain low and stable in the day-ahead market indicate controlled power adjustment ensuring smooth participation in the grid regulation before cyber-attack. A sudden spike in ramp up power is observed at hour 17 exceeding 100 MW followed by sudden drop. It implies sudden large and abrupt change is impractical that highlight malicious data or control signal manipulation.

The cyberattack causes unstable ramp-up power which could lead to high voltage/frequency variations and battery stress. From the Fig., the coefficients are sparse from ADMM-lasso represents normal ramp-up variations and balanced power. 

The coefficient distribution becomes distorted due to injected false data causing exaggerated ramp-up predictions. The abnormal spike indicates the sparsity and coefficient are distorted. ADMM-lasso can be used to detect the ramp-up dynamics effectively but also to detect.

Figure 11 - Comparison of ramp-up power for BESS1 before and after cyber attack in the day-ahead market

Fig. 12 represents the comparison of ramp-up power for BESS2 before and after cyber-attack in the day-ahead market. The ramp-up occurs between 10-15 hours with moderate peak around 10 MW before the attack. 

The peaks appear around 12 hours and 18 hours with one spike reaching around 15 MW with irregular ramping events and disrupting the usual power disruptions. The uncontrolled ramping will lead to instability in frequency and voltage regulation. The batteries will be stressed due to sudden load changes, and the efficiency will be decreased. 

The ADMM effectively converges the soft threshold and least squares before the attack. After the attack, the coefficients appear at 12 hours, and 18 hours correspond to sudden spike in ramp-up power.

Figure 12 - Comparison of ramp-up power for BESS2 before and after cyber-attack in the day-ahead market

Fig. 13 represents the comparison of ramp-down power for BESS1 before and after cyber-attack in the day-ahead market. It is seen from Fig. 13 that before attack the ramp-down power remains low during almost below 15 MW. 

Figure 13 - Comparison of ramp-down power for BESS1 before and after cyber attack in the day-ahead market

The power ramp-down steadily represents stable operational response to grid regulation. ADMM-lasso with sparse coefficients is few and structured reflecting normal ramp-down events at regular intervals.  After attack, the sharp abnormal spikes occur at hour 16 reaching nearly 70 MW and observed at 1,8- and 20-hours showing loss of temporal consistency. 

The irregular ramping shows the coefficient of ADMM-lasso has been manipulated. The coefficient vector becomes dense and irregular as ADMM fits unexpected power spikes at hour 16. Sparsity constraint λ is violated due to cyber-attack and the data is tempered.

Fig. 14 shows the comparison of ramp-down power for BESS2 before and after cyber-attack in the day-ahead market. The ramp-down events are smooth, well-structured and distributed across the day within 10-15 MW. The pattern reflects the stable power regulation before cyber-attack.

A sudden spike occurs at time interval 16 hour, followed by ramp variations at 1–3 hour, 8 hour and 20 hour after cyber-attack. The spikes exceed the normal limits and power withdrawal commands. The irregular fluctuations confirm the system was tempered by cyber intrusion.

Figure 14 - Comparison of ramp-down power for BESS2 before and after cyber-attack in the day-ahead market

Table 1 indicates the operational cost ($) before and after cyber-attack. This shows the cost increased by 53% after cyber-attack. 

Operational cost before attack ($)

Operational cost after attack ($)

86892.4

187791

Table 1 - System operational cost ($) before and after cyber attack

Table 2 presents a comparative evaluation of FDI detection performance for bess integrated systems. The proposed admm-lasso based approach outperforms conventional machine-learning [3] and density-based methods [20], achieving an accuracy of 80.1% for BESS-1 and a significantly higher accuracy of 96.85% for BESS-2. The improvement highlights the effectiveness of sparse regression in isolating attack-affected nodes and reducing false alarms in cyber-physical energy systems.

FDI detection methods

Accuracy (%)

Xgboost [3]

78

Density-based scanning [20]

75.2

Proposed approach

80.1 (bess1)
96.85 (bess2)

Table 2 - Comparative analysis and prediction accuracy for bess1 and bess2 using admm-lasso

4. Conclusions

The work investigated cyber-physical resilience for BESS system and renewable energy integration under cyber-attack using ADMM-Lasso DRL framework. Comparative analyses of BESS before and after cyberattacks revealed that the charging/discharging and ramp-up/ramp-down power profiles are highly sensitive to malicious data manipulation. 

Under normal operation, both systems exhibited smooth, well-regulated energy exchange patterns, while after attack, abnormal spikes, overlaps, and distorted SoC trajectories emerged—indicating compromised control signals and false data injection. The coefficient λ represent the loss coefficient and is tuned by cross validation to minimize the prediction error. 

The results indicate that increasing λ enhance sparsity identifying fewer active nodes but reduces prediction accuracy and CV error increases. While smaller value of λ activates many coefficients increased overfitting. 

The results demonstrated that optimal value of λ is 10 with CV error of 21168.8 that balances the accuracy and sparsity. The proposed approach achieves a comparatively better prediction accuracy for bess1 and bess2 with 80.1% and 96.85% respectively in compared with the conventional methods [3], [20].  Therefore, the proposed work optimized day-ahead scheduling and enhanced grid resilience by detecting cyber intrusion and thereby improving BESS security.

References

  1. Y. Li, X. Wei, Y. Li, Z. Dong and Mohammad Shahidehpour, “Detection of false data injection attacks in smart grid: a secure federated deep learning approach”, IEEE Trans. Smart Grid, Vol. 13, No. 6, pp. 4862-4872, (2022) [online].
  2. M. Rahmani, S. H. Hosseinian and  Mehrdad Abedi, “Stochastic two-stage reliability-based security constrained unit commitment in smart grid environment”, Sustainable Energy Grids Networks, Vol. 22, No. 100348, pp. 1-20, (2020) [online].
  3. R. Sharikabadi, A. Abdollahi, M. Rashidinejad and Mehdi Shafiee, “Security constrained unit commitment in smart energy systems: a flexibility-driven approach considering false data injection attacks in electric vehicle parking lots”, Int.  J.  Electr. Power Energy Syst., Vol.  161, No. 110180, pp. 1-19, (2024) [online].
  4. A. Y. Saber and Ganesh Kumar Venayagamoorthy, “V2g scheduling - a modern approach to unit commitment with vehicle-to-grid using particle swarm optimization”, IFAC Proceedings Volumes, Vol. 42, No. 9, pp. 261-266, (2009) [online].
  5. E. L. Karfopoulos, K. A. Panourgias and Nikos D. Hatziargyriou, “Distributed coordination of electric vehicles providing v2g regulation services”, IEEE Trans. Power. Syst., Vol. 31, No. 4, pp. 2834-2846, (2016) [online]. 
  6. R. Panda and Prashant Kumar Tiwari, “Risk assessment by security-constrained unit commitment for hybrid wind-thermal by pair copula approach in reserve power market: a stochastic approach”, IET Gener. Transm. Distrib., Vol. 14, No. 26, pp. 6639-6649, (2021) [online].
  7. C. Shao, X. Wang, X. Wang, C. Du, C. Dang and Shenquan Liu, “Cooperative Dispatch of Wind Generation and Electric Vehicles with Battery Storage Capacity Constraints in SCUC”, IEEE Trans. Smart Grid, Vol. 5, No. 5, pp. 2219-2226, (2014) [online].
  8. K. Lai and Lin Zhang, “Sizing and siting of energy storage systems in a military-based vehicle-to-grid microgrid”, IEEE Trans. Ind. Appl., Vol. 57, No. 3, pp. 1909-1919, (2021) [online]. 
  9. Y. Shang, H. Yu, S. Niu, Z. Shao and Linni Jian, “Cyber-physical co-modeling and optimal energy dispatching within internet of smart charging points for vehicle-to-grid operation”, Appl. Energy, Vol. 303, pp. 117595-117608, (2021) [online]. 
  10. Z. Cao, H. Zhou and ChengRan Lin, “Learning-aided evolutionary algorithm for solving energy-minimized deadline-constrained task scheduling problem in human-cyber-physical systems”, IEEE Trans. Autom. Sci. Eng., Vol. 22, pp. 22729-22741, (2025) [online].
  11. W. Jiang, K. Lan, Y. Li, Y. Li, R. Wang, Z. Bao, J. Qiu and Wengen Gao, “Enhancing smart grid security: a robust framework for detecting false data injection attacks”, J. Control Autom. Electr. Syst., Vol. 36, pp. 1107–1122, (2025) [online].
  12. R. Panda and P. K. Tiwari, “Cross-entropy based risk assessment and forecasting of secured hybrid system using bi-lstm based am deep learning model”, IEEE Trans. Ind. Appl., Vol. 61, No. 3, pp. 4661-4674, (2025) [online]. 
  13. Z. F. Jin, Y. Fan, Y. Shang and Weiwei Ding, “A dual symmetric gauss-seidel technique-based proximal admm for robust fused lasso estimation”, Numerical Algorithms, Vol. 98, pp. 1337–1360, (2025) [online].
  14. Z. Yan, P. K. Shukla, P. K. Shukla, K. Thakur, A. Sinha and Saifullah Khalid, “Intrusion detection and mitigation method for the industrial internet of things using bidirectional convolutional long short-term memory and deep recurrent convolutional q-networks”, Int. J. Comput. Intell. Syst., Vol. 18, No. 154, pp. 1-38, (2025) [online].
  15. S. S. Pattanaik, A. Sahoo and Rajesh Panda, “A comparative analysis of knn and light gbm algorithms for wind energy forecasting”, 1st International Conference on Circuits, Power and Intelligent Systems (CCPIS), Bhubaneswar, India, pp. 1-4, (2023) [online].
  16. X. Wu, D. Guo, R. Liang and Z. Zhang, “Parallel ADMM Algorithm with Gaussian Back Substitution for High-Dimensional Quantile Regression and Classification”, Stat. Comput., Vol. 35, No. 139, pp. 1-26, (2025) [online].
  17. C. E. Murillo-Sanchez, R. D. Zimmerman, C. L. Anderson and Robert J. Thomas, “Secure planning and operations of systems with stochastic sources, energy storage and active demand”, IEEE Trans. Smart Grid, Vol. 4, No. 4, pp. 2220-2229, (2013) [online].
  18. General Algebraic Modelling System (GAMS), [online]
  19. P. M. Subcommittee, “IEEE Reliability Test System”, IEEE Trans. Power Appar. Syst., Vol. PAS-98, No. 6, pp. 2047-2054, (1979) [online].
  20. R. Yadav and Ashok Kumar Pradhan, “Wavelet probability distribution mapping for detection and correction of dynamic data injection attacks in WAMS”, Int. J. Electr. Power Energy Syst., Vol. 134, pp. 107447-107462, (2022) [online].

Suggested content

Intelligent ADMM–Lasso–DRL based cyberattack detection and scheduling framework for battery energy storage in smart grids

R. PANDA, S. SAMIKSHYA PATTANAIK, P. SANTHOSH

Top of page