Distributed Event-Triggered Consensus-Based Control of DC Microgrids in Presence of DoS Cyber Attacks

In this paper, the problem of distributed event-based control of large scale power systems in presence of denial-of-service (DoS) cyber attacks is addressed. Towards this end, a direct current (DC) microgrid composed of multiple interconnected distributed generation units (DGUs) is considered. Voltage stability is guaranteed by utilizing decentralized local controllers for each DGU. A distributed discrete-time event-triggered (ET) consensus-based control strategy is then designed for current sharing in the DGUs. Through this mechanism, transmissions occur while a specified event is triggered to prevent unessential utilization of communication resources. The asymptotic stability of the ET-based controller is shown formally by using Lyapunov stability via linear matrix inequality (LMI) conditions. The behavior of the DGUs subject to DoS cyber attacks are also investigated and sufficient conditions for secure current sharing are obtained. Towards this end, a switching framework is considered between the communication and attack intervals in order to derive sufficient conditions on frequency and duration of DoS cyber attacks to reach the secure current sharing. The validity and capabilities of the presented approach is confirmed through a simulation case study.


I. INTRODUCTION
A microgrid is a group of the low-voltage electrical system consisting of multiple distributed generation units (DGUs), loads, and storage devices interconnected through power lines [1]. The AC microgrid is the standard model of a microgrid used in residential, commercial, and industrial consumers and has attracted a lot of attention in the field of AC microgrids control [2], [3]. However, DC microgrid has several advantages over AC microgrid, such as improved overall efficiency, appropriate interfacing of batteries and DC power sources, and the increasing number of DC loads, which have made DC microgrid an attractive research The associate editor coordinating the review of this manuscript and approving it for publication was Bin Zhou .
topic [4]- [6]. Having the opportunity to utilize renewable energy sources by DC microgrid and the widespread usage in modern-designed vehicles such as train, aircraft, watercraft are representative examples of DC microgrid application and usage. Extensive use in industries makes DC microgrids an emerging subject that has recently achieved much research attention [7].
Current sharing and voltage regulation of DC microgrids are the main two control challenges of these systems. The optimal voltage regulation strategy results in the desired output voltage of each microgrid, while the current-sharing control strategy divides, shares, and dedicates balanced current to each DC microgrid [7]- [11]. Hierarchical control schemes have been developed in the literature to achieve both objectives [12]. Although centralized controllers satisfy the VOLUME 9, 2021 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ voltage stabilization and precise current sharing goals [12], the computational and communication burden of these architectures increase by the larger size of microgrids. Moreover, a single-point-of-failure in the central control unit may lead to malfunction of the entire system [13]. This is the main reason why decentralized and distributed regulators, such as droop controllers [12], are preferred. Being a communication-less approach, droop controllers may lead to voltage deviations from reference values. Consequently, secondary control layer with consensus algorithms have been deployed and combined with the droop controller to deal with the deviation problem [13]- [15]. Scalability criteria have become one of the most important characteristics of control-scheme designs in distributed systems. Physical wide range of distributed microgrid systems has attracted researches' interest toward scalable control strategies, particularly aiming at current (power) sharing [7], [8], [14], [16]- [18]. In a distributed control scheme, each subsystem can receive information from its neighbors, resulting in their overall performance improvement. Therefore, this approach has been developed as a viable scheme for large-scale systems as in [19], [20]. Moreover, information exchanges among subsystems are transmitted over networks, which may generate a heavy communication burden. Event-triggered control (ETC) techniques receive much attention in recent years to avoid the unnecessary utilization of communication resources (refer to for instance [21]- [27]).
In the distributed ETC of large-scale systems, each subsystem transmits its information through the network based on certain event-triggering conditions. Data transmission only takes place when event-triggering conditions are violated, and hence the communication cost is considerably reduced [28]. In [29], the DC microgrid was controlled with an ET communication-based voltage droop control strategy to ensure power sharing. The proposed DC microgrid was composed of distributed energy resources (DERs) in which the DER layer was composed of a distributed source connected to a DC/DC converter with a specific duty cycle. A distributed nonlinear ETC approach was developed in [30] for current sharing and voltage regulation in an electrical network model of a DC microgrid. This DC microgrid includes converters and local and public loads. In [31], a distributed discrete-time algorithm is developed to achieve proportional load current sharing and average bus voltage regulation in discrete-time DC microgrids. A periodic event-triggered discrete-time algorithm is proposed to reduce the communication requirement and avoid the Zeno phenomenon.
The ET-based control approaches [29], [30] do not guarantee the Zeno behavior (infinite events over a finite time interval) exclusion which is an important issue in evaluation of the controller performance. Indeed, the Zeno phenomenon describes the behavior of the ET-based controller when the system is subjected to an unbounded number of events in a finite and bounded duration of a given time interval. This can occur when the controller unsuccessfully attempts to satisfy the event-triggered condition more rapidly that would lead to sending infinite number of data in a finite interval. In other words, feasibility and practicality of the ET-based controller should be considered by showing the Zeno behavior exclusion. However, this important fact is not guaranteed in the above approaches [29], [30].
Recently, cyber security of power systems against malicious cyber attacks has attracted significant attention. Adversaries may disrupt power systems by launching malicious attacks on the physical system layer and/or the communication network layer. Several security results on cyber attacks against the power grids have been addressed in [32]- [36]. One of the most common malicious attacks is the denial of service (DoS), which can congest the communication channels by sending large quantities of unauthentic packets. This cyber-attack is regularly the main reason for a heavy transmission burden and consumes unusual amounts of network bandwidth resulting in interruptions in the network [37]. Hence, it blocks the transmission medium and interrupts regular communication for a period of time.
Analysis of the DoS cyber attacks on load frequency control (LFC) of power systems under different communication schemes have been recently addressed in [32], [37]- [39]. The analysis of DoS cyber attacks under event-triggered load frequency control of single area power system was carried out in [37]. The average dwell time design approach is utilized to establish exponential stability criteria based on the choice of appropriate rate of allowable DoS attack duration for the entire running time of system and time delay margins. A similar kind of approach was used for multi-area LFC system in [38], where the study investigated the maximum degree of tolerance of LFC system against DoS attack and the total length of DoS attacks time for assuring stability of the LFC system was obtained [37]. An event-triggered based approach for interconnected power systems that tolerates the lack of data because of the DoS attack was presented in [32]. It concentrated on developing resilient control without a priori knowledge of additional DoS attacks probability distributions. The influence of DoS attack in the form of uncertainty of event triggering condition in networked control systems was discussed in [39]. Moreover, event-triggered H ∞ control for networked control systems under denial-ofservice attacks is addressed in [40] which reduces excessive utilization of communication resources. In this paper, sufficient conditions for the stability of the system are achieved by using LMI conditions. DC microgrid systems rely on real-time operation and in presence of DoS cyber attacks may become unstable and damaged [41]. In [42], a distributed monitoring scheme for attack detection in large-scale linear systems applied to DC microgrids is presented. The recommended architecture utilizes a Luenberger observer as well as a bank of unknown-Input Observers at each subsystem to provide attack detection capabilities. In [43], the attack-resilient event-triggered control synthesis approach for a networked nonlinear DC microgrid system under DoS attacks was 54010 VOLUME 9, 2021 addressed. An event-triggered switched system model of the nonlinear DC microgrid was established and an average dwell-time method and piecewise Lyapunov functional method were employed to show the asymptotic stability of the system. However, in this work only stability of the microgrid was evaluated and the current sharing which is one of the main challenges in these systems, was not considered. Therefore, the secure current sharing problem of DGUs in a DC microgrid subject to cyber attacks is an important problem that needs to be formally investigated. In [44], the reactive power sharing problem of an AC microgrid under DoS attacks is addressed. A periodic ET update method is proposed which can avoid the Zeno phenomenon. The tolerance range of DoS frequency and duration for the DG related to the smallest event-interval time of the ET update method is found. However, the microgrid type and modeling, the ET mechanism, and the stability analysis approach in our paper are totally different from [44].
In this paper, a DC microgrid system including different types of DGUs is considered, where voltage stabilization is guaranteed by using a decentralized local controller for each DGU. A distributed discrete-time ET consensus-based controller is then designed for current sharing in DGUs. A state-dependent threshold is then designed for proper ET condition using the secondary controller. Indeed, stability of the overall microgrid is then guaranteed by using the Lyapunov stability results, and design parameters are found via solving a linear matrix inequity (LMI). The advantages of our proposed approach are in reducing the cost of the network communication and improving its security since the data transmission will be based on the ETC system conditions. Finally, the overall microgrid subject to the DoS cyber attack is considered and sufficient conditions for the secure current sharing are determined by applying a switching framework between the communication and the cyber attack intervals.
The main contributions of this paper are summarized as follows: • A discrete-time ET consensus-based control methodology for the DGU is investigated and developed in order to achieve proportional current sharing in a DC microgrid. This event-based secondary controller is designed based on a linear discrete-time consensus protocol in which each DGU transmits its information through the network channels when the event-triggering conditions are violated, and hence the communication cost is considerably reduced. The DC microgrid modeling in our paper is different from those in [29] and [30]. The microgrid system type in [44] is AC microgrid which is totally different from our proposed system. Specifically there is no need to consider the Zeno phenomena in our proposed event-triggered secondary controller since it is implemented in a discrete-time framework whereas the works in [29] and [30] proposed continuous-time event-triggered controllers without investigating the exclusion of the Zeno phenomena. The ET mechanism and the technique of avoiding Zeno phenomena in our proposed event-triggered secondary controller is different from [44].
• The vulnerabilities of our proposed discrete-time event-triggering mechanism to DoS cyber attacks in DC microgrid systems are investigated. Towards this end, a switching framework is developed and sufficient conditions on frequency and duration of DoS cyber attacks are derived in order to simultaneously guarantee secure current sharing and voltage regulation. In other words, a switching framework is considered between the communication and attack intervals in order to derive sufficient conditions on frequency and duration of DoS cyber attacks to reach the secure current sharing and the stability of the overall microgrid. In [31], a periodic event-triggered discrete-time algorithm is proposed to achieve proportional load current sharing and average bus voltage regulation in discrete-time DC microgrids. In comparison to [31], a continuous-time DC microgrid is considered in our paper and the ET condition is different. Furthermore, the overall microgrid is exposed to DoS cyber attacks. In [43], an attackresilient event-triggering mechanism was proposed for a nonlinear DC microgrid system subject to intermittent DoS attacks where the DoS frequency and DoS duration were characterized in the stability criterion. As compared to [43], the system modeling in our proposed approach is different and moreover importantly both current sharing and voltage regulation in the DC microgrid are considered. The stability analysis approach in our paper is different from [44]. Moreover, in our proposed approach the DoS attack impacts on the voltage stability is addressed which was not noticed in [44]. In other words, in our proposed approach by using Lyapunov stability approach, the linear matrix inequality conditions that ensure the voltage stability and current sharing are obtained. The remainder of the paper is organized as follows. In Section II, the description of microgrid system is presented and the problem formulation is provided in Section III. The stability analysis of the overall microgrid and the main results without and with the presence of DoS cyber attacks are analyzed in Section IV. In Section V, simulation results are provided to confirm the efficacy of the proposed method and to illustrate the efficiency of the proposed ET consensus-based method in achieving voltage regulation and current sharing of the DC microgrid in the presence of DoS cyber attack. Finally, conclusions are presented in Section VI.

II. MICROGRID SYSTEM DESCRIPTION
In this section, we describe the model of the microgrid and the control systems. A DC microgrid consists of N DGUs that are connected to each other through power lines. An undirected graph (digraph) G e = (ν, ε e , w e ) is used to illustrate the microgrid where the nodes, ν ∈ {1, . . . , N }, show the DGUs, and the edges, ε e ∈ ν × ν, represent the power lines. Moreover, the diagonal matrix w e with w e,ii = w e,i is VOLUME 9, 2021 used to show the weight matrix, where w e,i is the associated edge weight for the edge e i ∈ ε e . Note that the direction of edges specifies a reference direction for positive currents, and the edges weights are related to the corresponding line conductances, 1 R ij . The Laplacian matrix of the physical system is given by L e = q e w e q e , where q e denotes the incidence matrix of G e . The set of neighbors of the ith node is denoted by The microgrid takes advantage of a communication network such that each local controller can obtain information from its neighbors. Moreover, this paper assumes that the information network topology is the same as the physical topology.
Here, we consider a hierarchical control architecture with two objectives: keeping local stability of subsystems and achieving consensus of the second state variable among the large-scale system's subsystems. The equipped DGU with the proposed ET hierarchical control is shown in Fig. 1. A DC voltage source is used to model the renewable resource in each DGU and provides a local load through a DC-DC converter. The local DC load and the PCC are connected through an RL filter. The dynamics model of the i-th DGU is given as follows [45]: where V i (t), I i (t) and I Li (t) denote the load voltage, generated current, and local current demand, respectively, L ti , C ti , R ti , and R ij denote filter inductance, shunt capacitor, filter resistance, and line resistance, respectively. V i (t), I i (t) denote the states, V ti (t), I Li (t) denote inputs, V j (t) is the point of common coupling (PCC) voltage of the DGUi's neighbors, and 1 R ij denotes the conductance of the power line connecting DGUs i and j.
The primary decentralized controller is given to regulate each PCC's voltage and guarantee the overall microgrid's stability. Measurements of V i (t) and I i (t) are exploited as well as the local regulator of each DGU to create the command V ti (t) of the i-th DC-DC converter and guarantees a reference signal V ref,i (t) is tracked. The control loop of the converter is the local controller which is assumed in the model.
In general, not all the DGUs can provide the demanded local current loads and require power from other DGUs. Hence, the currents between DGUs should be shared proportional to their generation capacity and this is achieved by designing the secondary current sharing controller. Moreover, in order to minimize the voltages deviation at PCCs, the secondary controller's objective is to also guarantee the same average voltage value among all the PCCs.
In particular, for generation efficiency improvement, it is usually required to share the total current demand among different DGUs in proportion to their corresponding energy sources (proportional current sharing). Conventionally, each DGU broadcasts its current at every time instant which may lead to inefficient utilization of communication resources. Instead of this conventional approach, an ET-based mechanism is introduced in this paper, in which the transmission occurs only when a certain event is triggered. The architecture of the proposed distributed ET consensus-based secondary control for the microgrid is shown in Fig. 2.

III. PROBLEM FORMULATION A. DC MICROGRID MODEL
The state space representation of the i-th DGU can be written as follows: where . . , N denotes the local state, u i (t) = V ti (t) denotes the primary control input, and d i (t) = I Li (t) denotes the exogenous input. It is assumed that the current demands of the DGUs, I Li (t), are piece-wise constant current loads. The matrix A ii is the local state transition matrix, A ij describes the interconnection between DGUs i and j, and B i is the control input matrix. These matrices are defined as follows [11]:

B. HIERARCHICAL CONTROL MODEL
This section considers the hierarchical control strategy, which ensures subsystems local stability and guarantees current sharing among DGUs. This two-layered control strategy is explained in the following.

1) DECENTRALIZED PRIMARY CONTROLLER
In the first step, an augmented state variable ζ i (t) is introduced to presents the required integrator action in the primary local controller. The dynamics of ζ i (t) is given byζ , and α i (t) ∈ R denotes the secondary control input. Hence, the resulting augmented system model with an integrator is now given as follows: is the exogenous input. The matrices in (3) are now given as follows: Note that the pair (Â ii ,B i ) is controllable, and hence the system (3) is stabilizable.
In the second step, in order to guarantee the stability of the overall microgrid and to regulate the voltage at each PCC, a decentralized state feedback controller is designed as follows [11]: such that (A ii + B i K i ) is Hurwitz where the gain matrix K i can be obtained based on the dynamics of the i-th DGU and the power line parameters of the neighboring DGUs via LMI conditions [46].

2) DISTRIBUTED ET CONSENSUS-BASED SECONDARY CONTROLLER
An event-based secondary controller is now designed based on a linear discrete-time consensus protocol to achieve current sharing in a DC microgrid. Denoting τ i k h ⊂ Z + as the k-th time instant that events are triggered in the subsystem i, with h denoting as the sampling period, the latest transmitted i-th DGU current signal,Î i (τ h), τ ∈ Z + , is defined as follows: when an event occurs where I i (τ i k−1 h) is the i-th DGU current at the last event-triggered instant. For notation of simplicity, we omit the sampling time h when referring to discrete-time instants, i.e.Î i (τ ) =Î i (τ h).
The following control objective is defined for the event-based proportional current sharing of the microgrid.

Control Objective for Proportional Current Sharing:
Current sharing is obtained at steady state, if the overall load current is proportionally shared among DGUs, i.e., where I s i > 0 denotes the i-th DGU current generation capacity.
The proposed secondary ET consensus-based controller for the i-th DGU is given as follows: (7) where w i = 1 I s i and k I ,i is the local gain of the i-th DGU.
Note that at the triggering instants τ j k , the j-th DGU will communicate with its neighbors and share the value of I j (τ ). The secondary control input is then generated by using the zero-order hold as follows: Although the i-th DGU has access to its own current I i (t), the ET consensus-based controller (7) uses the last broadcast currentÎ i (τ ). This is to ensure that the average of DGUs' initial currents is preserved throughout the evolution of the system. The subsequent event instants are determined by the event-triggering mechanism, which is given as follows: where σ i > 0 is a scalar to be designed as a trade off between the network utilization and the control performance. In fact, in order to guarantee the ET-based current sharing in DGUs, the currents information should be transmitted only when condition (9) is met.
It should be noted that in the ET condition (9), the continuous states are not needed and as it was discussed earlier, the conditions are only checked in the sampling periods due to the consideration ofÎ i (τ ) =Î i (τ h). In other words, the eventtriggered-based secondary layer controller in (7) is designed in a discrete framework but the results are inserted into the main continuous system (3) in a continuous format by using the ZOH in (8).
The error between the latest broadcasted current signal and the i-th DGU current is defined as Note that at time τ i k+1 , a new event is triggered so that the error signal e i (τ ) is reset to e i (τ i k+1 ) = 0. Consequently, the following inequality can be written which holds for all τ : and it follows that: where e(τ ) = [e 1 (τ ), e 2 (τ ), . . . , e N (τ )] , α(τ ) = [α 1 (τ ), α 2 (τ ), . . . , α N (τ )] , and = diag(σ 2 1 , σ 2 2 , . . . , σ 2 N ). Remark 1: It is assumed that the transmitted data in the event-based communication network can be available for the neighbors without delay. In other words, when the data is updated based on the event-triggered condition, the updated data will be available for the neighboring DGU at the moment. Delay in the network channel is another important problem in large-scale networks which will be taken into consideration in our future works.

C. DENIAL-OF-SERVICE (DoS) ATTACK
A DoS attack is defined as a period of time at which the currents cannot be transmitted successfully through the network communication channels. Cyber attacks with unlimited energy make the overall system unstable. However, in reality the attackers need inactive sleep intervals for energy recovery. Therefore, it is assumed that the length and frequency of cyber attacks are limited. According to the above fact, the entire time is divided into communication intervals and cyber attack intervals, where in the communication intervals the event-based data transmission is performed successfully but in the cyber attack intervals the data transmission is terminated.
Defining {h z } z∈Z + , h 0 ≥ 0, as the sequence of the DoS attack, the time interval of the zth DoS attack could be expressed as H z = [h z , h z + z ), where z ≥ 0 is the length of the zth DoS attack time interval in which data transmissions are disrupted. The sets of cyber attack and successful communication time instants in a given interval [λ, τ ) are defined as follows, respectively: where τ, λ ∈ Z + and τ ≥ λ. The general format of the DoS attack is shown in Fig. 3. The sequence of time instants that the current is transferred successfully is denoted by τ i m . In practical cases, the system update rules are performed on a digital platform. Hence, it is assumed that there exists a time delay between the end of the DoS cyber attack (τ = h z + z ) and the successful transmission of the data (τ = τ i m+1 , m = 1, . . . ) as shown in Fig. 3. Therefore, the z-th time interval that the triggering condition (9) does not hold is as follows: and consequently, any time interval [λ, τ ) can be represented as follows: − h z denote the minimum possible sampling rate (lower bound on the inter-sampling rate) and the time elapsing between any two successive DoS triggering, respectively. In case of the discrete framework, the lower bound on the inter-sampling rate will be 1. It is worth noting that if z < 1 then overall microgrid stability can be lost in spite of the ET secondary control update strategy. Hence, in order to assure the stability, the frequency at which the DoS can occur must be sufficiently small as compared to the minimum sampling rate. The following assumptions are considered on the cyber attack frequency and duration [47], [48].
DoS Frequency : For all T 2 > T 1 > T 0 , there exist η D > 0 and τ D > 1 such that where N a (T 1 , T 2 ) is the total number of the DoS off/on transitions over [T 1 , T 2 ) and τ D is the parameter whose inverse provides an upper bound on the average frequency of the DoS off/on transitions, i.e., average number of the DoS off/on transitions per unit time.
DoS Duration : For all T 2 > T 1 > T 0 , T 0 > 0 and λ a > 0, the cyber attack duration over [T 1 , T 2 ) is defined as follows: where λ a is the parameter whose inverse provides an upper bound on the average duration of the DoS per unit time.

IV. STABILITY ANALYSIS AND CURRENT SHARING
In this section, it is shown that stability of the overall microgrid controlled by utilizing (7) is achieved and the event-based current sharing objective is satisfied with and without the presence of DoS cyber attacks. Using the primary controller, the following relationship holds [45]: Therefore, the following expression for the microgrid can be obtained:  (19) and (20) and knowing that the current of DGUs is I (τ ) = I L (τ ) − q e I l (τ ) and the line current is I l (τ ) = −w e q e V (τ ), one can obtain the following relationship: (21) where I L (τ ) = [I L1 (τ ), I L2 (τ ), . . . , I LN (τ )] denotes the vector of local load currents, I l (τ ) = [I l1 (τ ), I l2 (τ ), . . . , I lN (τ )] denotes the vector of line currents, Q = LWM , and M = q e w e q e . Consequently, due to the fact that the load currents I Li (τ ) and the reference voltages V ref,i are bounded, the following system is considered for stability analysis of the linear system (21), namely: where A = (I −hQ) and B = hLW .

A. WITHOUT DoS ATTACK
In the proposed distributed discrete-time ET consensus-based control methodology for the microgrid, each DGU transmits its information through the network channels based on the ET protocol (7) which guarantees the current sharing. Data transmission only takes place when the event-triggering conditions are violated, and hence the communication cost is considerably reduced. Theorem 1: Consider the system (3) subject to the ET protocol (7). It follows that under Assumption 1 all DGUs can achieve current sharing under the triggering condition (9) and the overall microgrid (22) is stable if there exist a symmetric positive-definite matrix P ∈ R N ×N , and a positive definite diagonal matrix ∈ R N ×N , such that the following LMI condition holds: Proof 1: First the stability analysis of the overall microgrid is shown. System (22) is stable if there exists a discrete-time quadratic Lyapunov function S a (τ ) = α (τ )Pα(τ ) with P > 0 such that the following inequality holds: Considering the event-triggering condition (11), the sufficient condition for satisfying (24) is obtained by the following LMI: +α (τ ) α(τ ) < 0. (25) Substituting (22) into (25), and after some algebraic manipulations, the LMI (23) is achieved.
Next, the current sharing objective is shown. The distributed controller (7) leads to current sharing at the steady state which can be expressed as follows: which is equivalent to: which can compactly be expressed for all DGUs as follows: whereĪ = [Ī 1 ,Ī 2 , . . . ,Ī N ] is the steady state solution of I (τ ). Equation (27) can be expressed as follows: According to properties of the Laplacian matrix, it is concluded from (28) that W (Ī + e(τ )) ∈ R(1), where R(1) denotes the range of 1, i.e., all elements of W (Ī + e(τ )) are identical. Therefore, it is shown that (6) is satisfied and the event-based proportional current sharing is achieved. This completes the proof of the theorem. Remark 2: It should be emphasized that the proposed event-triggered secondary controller is implemented in a discrete-time framework, and hence there is no need to consider the Zeno phenomena while the previous works in [29], [30] proposed continuous-time event-triggered controllers without investigating the existence of the Zeno phenomena. The main challenge for the continuous-time framework is that in current sharing controller the even-triggered mechanism depends only on the current of the DGU, i.e. I i while generally it should depend on both states of the DGU, i.e. I i and V i .

B. WITH DoS CYBER ATTACK
In presence of the DoS cyber attack, the event-based data transmission is disrupted which can affect the stability of the overall microgrid. Towards this end, the behavior of DGUs subject to the DoS cyber attack needs to be investigated and sufficient conditions for secure current sharing should be determined. Towards this goal, a switching framework similar to [47], [48] and [49] is considered between the communication and the cyber attack intervals in order to derive sufficient conditions for secure current sharing.
To evaluate the system behavior in presence of the DoS cyber attacks the dynamics of the overall microgrid should be obtained. In the DoS intervals H z , the error definition is as follows: whereÎ (h z ) represents the last successful broadcast current up to h z . Considering the DGU currents by I (τ ) = I L (τ ) − q e I l (τ ), the line currents as I l (τ ) = −w e q e V (τ ), and the DGUs PCC voltages as V (τ ) =V ref + α(τ ), the following equality holds: Substituting (30) into (29) the following equation can be written: Substituting (31) into (22), yields: Consequently, the following system is considered for stability analysis of the overall microgrid during the DoS intervals: Note thatÎ (h z ) remains constant in the DoS intervals.
The following theorem is now provided to show that the secure current sharing is achieved over two different time intervals, provided that the cyber attack frequency and attack duration satisfy a certain condition.
Theorem 2: Consider the system (3) in presence of the DoS cyber attack subject to the ET protocol (7). It follows that under Assumption 1 all the DGUs can achieve current sharing for all time intervals (communication and attack intervals) under the triggering condition (9) and the overall microgrid (22) is stable if there exist symmetric positive-definite matrices R ∈ R N ×N and P ∈ R N ×N , a positive definite diagonal matrix ∈ R N ×N , and constants 0 < η 1 < 1 and 0 < η 2 < 1 such that the following LMIs holds: (34) and the cyber attack duration and frequency of the DoS would satisfy: where = 1+η 2 1−η 1 and γ = max( λ max (P) λ min (R) , λ max (R) λ min (P) , 1). Proof 2: Based on the switching mode approach, two types of Lyapunov functions are considered, namely S(τ ) = S κ (τ ) where κ ∈ {a, b}. In order to address the switching framework between the communication and cyber attack intervals, it is assumed that in communication intervals there exists a discrete quadratic Lyapunov function S a (τ ) = α (τ )Pα(τ ) with P > 0 and 0 < η 1 < 1 such that the following inequality is satisfied: Considering the event-triggering condition (11), equation (36) is satisfied if there exists 0 < η 1 < 1 such that the following inequality is satisfied: Substituting (22) into (37) and after some algebraic manipulations, the LMI condition (33) is obtained.
In presence of the DoS cyber attack, a quadratic Lyapunov function is considered as S b (τ ) = α (τ )Rα(τ ) with R > 0 such that the following inequality holds: (38) where 0 < η 2 < 1. In this interval, the communication is interrupted by hackers and by substituting (32) into (38), the following inequality is obtained: (39) which is equal to the LMI condition (34).

V. SIMULATION RESULTS
In this section, simulation results are provided to show the efficiency and capabilities of our proposed distributed discrete-time ET consensus-based control for current sharing and voltage stabilization of DC microgrids. A microgrid that is composed of 5 DGUs is considered in Fig. 4. It can be noted in Fig. 4     The sampling period and the secondary discrete-time ET-based controller gains are considered as h = 0.01 and VOLUME 9, 2021   Figure 6 shows the performance of the proposed event-triggered control sharing control for voltage regulation, and current sharing, and as shown in this figure, the overall microgrid is stable via primary controllers and the current sharing is achieved by the discrete-time ET consensus-based controller. It is also seen from Figure 6 that the voltage balancing is also achieved and the average PCCs voltages are the identical at the steady state. The DGUs broadcast currents are shown in Fig. 7. The ability of the event-triggering scheme in adjusting the broadcast periods is demonstrated in this figure. It follows from this figure that the transmission currents do not update continuously and the data exchanges are reduced. The inter-event intervals of the DGU 1, where each stem shows the length of the time period between the event and the previous one are shown in Fig. 8. For example, if the value of a stem in Fig. 8 is 150, it implies that during the past 150 time steps no DGU 1 current data is sent to the network. Moreover, it can be concluded from the simulation results that the currents data   In presence of the DoS cyber attack, it is expected that η D = 0.1 and = 0.01. In the time interval including 400 samples (4 seconds), it is assumed that τ D = 20 where the sampling rate is h = 0.01. Consequently, based on the attack frequency definition (16), the total number of DoS off/on transitions over [0, 400) satisfies N a (0, 400) ≤ 0.1 + 400−0 20 = 20.1. In order to gain the maximum stability margin we assume that η 1 = 0.99 and η 2 = 0.01 by which the LMIs (33) and (34) are satisfied. In this case, in accordance with Theorem 2, the upper bound on the average duration of the DoS cyber attacks is achieved 1 λ a = 0.6. Consequently, based on (17), the attack duration is obtained as a (0, 400) ≤ (400 × 0.6) = 240 which implies that in each 400 samples, the maximum tolerable duration of cyber attacks can be 240 samples. In this simulation process, in each 400 samples, the cyber attacks frequency and duration are presumed to be 6 and 170 samples, respectively, which are smaller than the theoretical bounds. The procedure for selecting cyber attacks in the remaining intervals are the same.
According to the DoS characteristics, the grey areas in Fig. 9 depict the sequence of DoS cyber attacks which are injected in the DGUs 1 and 4, as an example. It should be noted that it is not required to have synchronized DoS attacks in different channels and they can be independent. Voltage regulation, current sharing, and average PCCs voltage of the DGUs in presence of the DoS cyber attacks are depicted in Fig. 9. In this figure, it is shown that the overall microgrid is stable and the current sharing is achieved by the proposed discrete-time ET consensus-based controller. The average PCCs voltages are identical at the steady state and the voltage balancing is also achieved. The DGUs broadcast currents in presence of the DoS cyber attacks are shown in Fig. 10. It is concluded from this figure that the event-triggering scheme works well in adjusting the broadcast periods and currents data transmission rates are reduced by 72.19%, 89.34%, 97.58%, 94.5%, and 90% for the DGUs 1 to 5, respectively.
The maximum tolerable DoS cyber attacks in the microgrid is also tested in our case study simulation results. The maximum tolerable duration of cyber attacks was achieved 240 samples in each 400 samples. This duration is increased to be higher than the allowable bound for the DGU 4 as an example. To show the effects of duration of the cyber attacks on the current sharing, 3 attacks with total duration of 270 samples are applied in the DGU 4 in every 400 samples. It can be seen that the overall microgrid is disrupted when duration of cyber attacks does not meet the requirements that are obtained in equation (17). Voltage regulation, current sharing, and average PCCs voltage of DGUs in presence of permissible DoS cyber attacks in the DGU 1 and impermissible DoS cyber attacks in the DGU 4 are depicted in Fig. 11. In this figure, it is shown that the overall microgrid is disturbed and stability of the system can be impaired. Moreover, the average PCCs voltages are not the same at steady state and the voltage balancing requirement is not achieved. The DGUs broadcast currents in presence of the DoS cyber attacks, are shown in Fig. 12. Note that the permissible DoS cyber attacks in the DGU 1 are shown in Fig. 9, and impermissible intervals of the DoS cyber attacks in the DGU 4 are shown in the grey areas in Figures 11 and 12.   Note that the voltage deviation in practical DC power distribution networks should be within 5% of the nominal VOLUME 9, 2021 value. In our proposed ET consensus-based controller for the DC microgrid without the presence of DoS cyber attacks the voltage at the PCC of each DGU remains within this admissible range. For example, the DGU 3 PCC voltage shown in green line in Fig. 6 remains within the range of 48.07±1.44V at steady state, implying that voltage deviations are less than 2.99% of the nominal value V = 48.07V. In presence of permissible DoS cyber attacks, the DGU 3 PCC voltage shown in Fig. 9 remains within the range of 48.07 ± 1.94V. This implies that voltage deviations are less than 4% of the nominal value V = 48.07V at steady state. However, in presence of impermissible DoS cyber attacks, the DGU 3 PCC voltage shown in Fig. 11 changes in the range of 48.07 ± 7.07V. This implies that voltage deviations are more than 14.7% of the nominal value V = 48.07V at steady state and stability of the microgrid has been compromised.
It should be noted that in [43] a nonlinear DC microgrid in presence of intermittent DoS attacks was considered and the DoS frequency and DoS duration were determined to guarantee stability of the system. In our proposed discrete-time event-triggering strategy, the cyber attack duration and frequency of the DoS were specified to ensure not only the stability, but also current sharing of the DC microgrid as depicted in Fig. 9.

VI. CONCLUSION
In this paper, a distributed discrete-time ET consensus-based controller for a DC microgrid that is composed of multiple DGUs is developed. The proposed ET based controller achieves current sharing and reduces the communication rate of the network objectives that would enhance the resiliency of the overall microgrid security and reduce the communication cost. The proposed event-triggered secondary controller is implemented in a discrete-time framework and hence there is no need to consider the Zeno phenomena. Stability of the overall microgrid using this hierarchical control framework is shown quantitatively through Lyapunov stability theory. In presence of the DoS cyber attacks, the overall microgrid is analyzed and sufficient conditions on frequency and duration of DoS cyber attacks are determined in order to reach the secure current sharing. In future work, the problem of secure current sharing in presence of other types of cyber attacks will be investigated.