A Dynamic-Watermarking-Based Cyberattack Detection Framework on an LFC System With Uncertain Parameters

The real-time control of modern power systems faces cyber risks owing to the deep coupling of cyber systems and physical systems. Attack detection plays an important role in cybersecurity issues. In load frequency control systems, for example, detecting whether malicious data are injected guarantees the stability of the frequency. As an effective active attack detection algorithm, the dynamic watermarking algorithm faces challenge of parameter uncertainty in real-world applications. Here, we quantitatively analyze the influence of uncertain parameters for the dynamic-watermarking-based detection algorithm. By introducing the parameter identification algorithm, we propose an active attack detection framework for LFC systems with uncertain parameters, which is constructed for an online application. The proposed framework is validated in a real-world three-region power system simulation. The results show that the introduction of the parameter identification steps ensures the validity of the detection algorithm and can effectively avoid the malfunction of the detection mechanism caused by uncertain parameters.

A Dynamic-Watermarking-Based Cyberattack Detection Framework on an LFC System With Uncertain Parameters Shuyu Jia , Student Member, IEEE, and Qinglai Guo , Senior Member, IEEE Abstract-The real-time control of modern power systems faces cyber risks owing to the deep coupling of cyber systems and physical systems.Attack detection plays an important role in cybersecurity issues.In load frequency control systems, for example, detecting whether malicious data are injected guarantees the stability of the frequency.As an effective active attack detection algorithm, the dynamic watermarking algorithm faces challenge of parameter uncertainty in real-world applications.Here, we quantitatively analyze the influence of uncertain parameters for the dynamic-watermarking-based detection algorithm.By introducing the parameter identification algorithm, we propose an active attack detection framework for LFC systems with uncertain parameters, which is constructed for an online application.The proposed framework is validated in a real-world three-region power system simulation.The results show that the introduction of the parameter identification steps ensures the validity of the detection algorithm and can effectively avoid the malfunction of the detection mechanism caused by uncertain parameters.
Index Terms-Attack detection, cyber-physical systems, dynamic watermarking, load frequency control.

I. INTRODUCTION
T HE CONTROL systems in the power system realize sens- ing, communication, and computation of power systems through cyber-physical coupling [1], [2], [3].However, control systems also face the challenge of cybersecurity in availability [4], integrity [5], and confidentiality [6].Threats from cyberspace can affect or even disrupt the operation of the physical grid [7].
In industrial control systems (ICSs), the entire system has failed in some instances owing to disturbances from cyberspace in the control loop, such as the Ukraine Blackout [8] and the Stuxnet virus [9].Accidents have also occurred in a power grid in China; for example, abnormal GPS information caused the automatic generation control (AGC) system to operate abnormally.Studies have evaluated the impact of cyber disturbances in control systems, including frequency control [10], [11], voltage control [12], and control in microgrids [13].
Detection is the first defense against anomalies in the cyber layer of the control systems.Facing the challenge of a control system anomaly or attack detection, researchers have proposed some efficient detection algorithms.Inspired by traditional bad data identification methods, researchers have proposed some passive detection models.For example, historical data on frequency and tie-line flow measurements were used to predict their short-term changes using a learned statistical model, thereby identifying the presence of erroneous data [14]; a two-stage Kalman filter for AGC systems was proposed to combat cyberattacks [15].
In closed-loop control scenarios, the physical metrics are related to the accuracy of measurements, which making sensors one of the targets for attackers.Attackers can design malicious measurement data by eavesdropping, disguising, etc., so as to bypass the detection methods of traditional bad data identification mentioned above, and this type of attack is called stealth attack.Active detection aims to detect anomalous or malicious injections by active incentives [16], [17], which is called the dynamic watermarking algorithm.Mo and Sinopoli [16] proposed a detection theory using active injection excitation to simple control systems.Later, Satchidanandand and Kumar [17] proposed the concept of dynamic watermarking for the first time and introduced the detection algorithm model, applicable control system categories, and corresponding proofs.In subsequent related studies, this algorithm was applied to the AGC system [18], the grid-tied photovoltaic system [19], the autonomous vehicle [20], and microgrids [21].Oriented to the closed-loop control system on the measurement of the stealth attack, the dynamic watermarking method through the active injection, to avoid the malicious attacker through eavesdropping and other ways to get the characteristics of the system recognition, so as to achieve active protection of sensor in cyber security.
It has been proven that since private incentives are not independent of control instructions, private incentives called watermarkings cannot be decomposed by methods, such as eavesdropping [17].Also, watermarkings are actively and covertly injected into control instructions, making it difficult for attackers to evade detection mechanisms by disguising their abnormal signals.However, the dynamic watermarking  algorithm has limitations owing to the strong dependence on the system parameters.Taking the load frequency control system as an example, the arithmetic process of watermarking extraction is strongly related to the system parameters.However, the physical model parameters, such as time constant, inertia, and speed droop, may be not accurate or constant during operation.Therefore, errors may be introduced and may interfere with the detection algorithm.However, the impact of inaccurate system parameters on dynamic watermarking detection algorithms has not been considered in research.Moreover, the application of this algorithm faces the challenge of parameter uncertainty.
For the uncertainty scenario of power generation prediction in power systems, many studies on network security detection already exist, such as attack detection studies based on distributed state estimation [24]; for the uncertainty scenario of system operation parameters, the attack detection methods in existing studies [25] are passive protection based on historical data, while active detection methods, such as dynamic watermarking, are lacking in the relevant studies in the scenario of uncertainty of operation parameters.
To better apply the dynamic watermarking detection algorithm on real LFC systems, in this article, we establish an LFC system model with uncertain parameters; for such systems, a detection model based on dynamic watermarking is analyzed, and the quantitative expression for error introduced by parameter uncertainty is given.Afterward, we propose an adaptive detection model based on dynamic watermarking, as well as a parameter identification model for control systems with uncertain parameters.By introducing the indicators of detection to optimization-based identification process, we propose an online identification-detection algorithm for multiarea LFC systems.Table I shows the comparison about the proposed algorithm and existing ones on application scenarios and detection performance.
The remainder of this article is arranged as follows.Section II presents a multiarea LFC model with uncertain parameters, and the error analysis for dynamic-watermarkingbased detection method.The online identification-detection algorithm for LFC systems with uncertain parameters are proposed in Section III.Numerical examples and conclusions are given in Sections IV and V, respectively.

II. MODELS AND ERROR ANALYSIS
Here, the multiarea LFC system model with uncertain parameters is introduced, followed by the dynamic-watermarking-based detection model and error analysis.

A. Multiarea LFC Model With Uncertain Parameters
Generally, a multiregional power system can be described by the following state space equations in the vicinity of the operating state [22], [23]: where x is the state of the power system, y is the observation of the system, and u is the input of the system.A r , B r , and F r are the state matrices of the system in reality, which means that these matrices may not be accurate to the control center or may change during operation, and C is the observation matrix.
The specific parameters are defined as follows: where i is the ith control area; f , P m , P v , P tie , and ACE are the frequency deviation, deviation in generator mechanical power output, deviation in turbine valve position, and deviation in tie-line power exchange; P d is the load change, which should be known by the operators in advance; M, D, T ch , T g , and R are the inertia constant, damping constant, time constant of turbine, time constant of governor, and speed droop, respectively.
To realize the deviation-free control of frequency, we adopt the tie-line bias control (TBC) mode to construct the feedback Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
loop of the control system.When the frequency of the system is disturbed, the system identifies the disturbance area and perform on-site compensation.At this time, the area control error is where β i is the deviation coefficient of the ith control area.
Considering that measurement and control signals are discrete, the LFC system model (1) can be discretized according to the zero-order hold method.The discrete space state equation can be described as follows: The subscript d represents the discrete state space matrix, and u[k] is a vector of control signals from regional LFC control centers, which can be modeled as a PI controller, which can be written as where K P,i and K I,i are the proportional coefficient and integral coefficient of the ith area, respectively.From ( 1)-( 4), the discrete model of the multiarea LFC system with uncertain parameters is established.

B. Attack Models and Their Impacts
Generally speaking, the adversaries is aiming to disturb the system operation or destroy the physical system through cyberattacks.These attacks that occur in LFC systems can be modeled in two dimensions: 1) attack type and 2) attack target.The measurement signals from sensors may be the first targets for adversaries, making the system frequency out of control or even the generator being physically damaged.And the attack types and their impacts on LFC systems are listed as follows.
1) Noise Injection Attack: Under this attack model, the adversaries add a bounded random value to the actual signal and then the data with random noise will be send to control center, which can be modeled as where the subscript a presents attack, z a is the vector of system states under attack; k a is the control period when attack happens; and r n is the random noise injection vector.For LFC systems, this type of attack may cause drastic system fluctuations and frequent operation of the execution period; in severe cases, it may cause abnormalities in the state estimation system, which may hang the whole control system, affecting the physical indicators and economic efficiency.
2) Replay Attack: Replay attack (RA) is a common type of cyberattacks.Adversaries repeatedly send the transmission data at the attack happening time while they do not need to understand the specific meaning of the actual signals.And this type of attack can be modeled as In this attack scenario, some detection algorithms may have false alarms or be cheated because such attacks use real but not real-time data.And the LFC system will converge to a nonoptimal operation.
3) Designed Attack: Some attack detection methods are constructed based on historical data or system parameters, so adversaries may generate a type of false data based on design.This type of attack is stealthy, even synergistic.For adversaries eavesdrop the channel and record the data, then sent a set of intrusion data, which can be modeled as where f a is the attack function.
Most typical of such function is related to the upper and lower bounds of system state.Some detection algorithms use state range to identify whether the data is malicious.Adversaries may get the bound of state by historical data, and inject a false data related to bounds, making the system cycle in an unstable state.

For LFC systems, a private incentive e[k] is added to input vector u[k], which is defined as p[k] p[k] = u[k] + e[k]
( where , and σ 2 e is the variance of the private incentive, which is defined as the watermarking characteristic.The state equation of the LFC system with watermarking is While the private incentive is injected, the control center extracts and identifies the watermarking characteristics that remain in system states.Such characteristics appear as random quantities in a single-shot signal but can be identified statistically in a detection period.The detection process can be modeled as the following test for the measurement state z[k], inspired by the test process in [18]: where z(k) is the measurement state of sensors; A c and B c are the state matrices for the control center and the detector to extract watermarking characteristics; and tr() presents trace, the sum the diagonal elements of a matrix.When operating, detectors test whether the detection indicator above is out of range to check whether the sensors are honest.The schematic of dynamic watermarking algorithm is shown in Fig. 1.
However, the detection model in (7) may not work well or may even generate false alarms owing to the uncertainty of parameter; for example, state matrices like A r d may be not equal to A c .Here, the quantitative error analysis is given for such situations.First, for a simple description of parameter uncertainty in this section, the uncertain state matrix of real system A r d is described as where Â is the deviation between A r d and A c .Then, we define the detector-calculated state vector x c from ( 7) To provide a better description, we assume that B c is equal to B r d and that F c is equal to F r d .The following analysis takes the example of the uncertainty of state matrix A r d , and the detection indicator considering parameter uncertainty can be written as: where Assuming that e[k] and x[k] are independent, the equation form of the detection error DI of parameter uncertainty can be written as follows.
Theorem 1: The detection error can be calculated by the following: where the exact definition of x is in the subsequent proof process.
Proof: From ( 7) and ( 10), the Detection error can be calculated as Assuming that Â is a constant matrix and that the states are independent of each other, DI can be reduced to the form shown in (12) by the derivation procedure given in Appendix B. In (12), x is a diagonal matrix, which does not refer to the covariance matrix of x.The value of the diagonal element of the covariance matrix of x is needed later in the calculations, so x is used here to refer to the diagonal element matrix of the covariance matrix of x. which satisfies x,i is the variance of x i .The calculation of x is as follows For the state (6), do the variance calculation for both sides of the equation.We obtain Assuming that the control strategy of the system is proportional control with coefficient K, u[k] can be modeled as for e[k], x[k], and P d are independent, and the above equation can be written as When the system operating in a steady state, the variance of x[k + 1] can be considered the same as x[k], so the variance matrix of state x is calculated as where P d is defined as follows: . . .
The proof of ( 12) is completed.
In some cases, the operated will be more concerned about the range of the error than the exact formula for the error, which can assist in determining whether online detection can be initiated without parameter identification, and if this upper limit does not exceed the threshold, then the detection error will certainly not exceed the threshold, and the detection indicator will not exceed the threshold under normal operation.so here we give an upper limit on the detection error, which can provide an upper limit on the error of the detection metrics under parameter uncertainty is provided as follows, Theorem 2: The upper bound of the detection error satisfies where N A is the size of matrix A and A 2 is the L-2 norm of the matrix A.
Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
Proof: By the definition of a L-2 norm of the matrix A, we know that max diag(A) ≤ A 2 and ( 12) can be rewritten as where W i,i and λ i,i present the diagonal element of ÂT Â and x , respectively.And the above formula satisfies According to the Cauchy-Schwarz inequality and matrix transpose does not affect its L-2 norm, The above inequality (17) can further derive as The proof of ( 16) is complete.From ( 12) and ( 16), the detection error DI is related to the value of Â and x .Then, the analysis is given as follows for the error of system parameters, such as inertia or speed droop, on the detection error of the specific influence.
From the structure of B c and F c , which is similar to B and F, the third element of B c i and the first element of F c i are much bigger than other elements.The P primarily depends on the state matrix A r , and the ith element in (I − P PT ) −1 is approximately inversely proportional (1 − A r i, ).Based on the above analysis of the specific elements of the matrices in the state equation, for the ith area's state x,i , the second and fourth diagonal elements of the matrix are almost zero, and the first and third elements depends on the corresponding elements in (15).The diagonal elements in ÂT Â, which is defined as α i , satisfies The detection error DI in ( 12) is mainly related to α 1 × x,1 and α 3 × x,3 , in that the uncertainty of the system parameter, the variance of active power fluctuation P d (influences the first element), and the input variance of the system p (influences the third element) play an important role in the detection error.
Further, considering the general range of parameters, the speed droop R has the greatest influence on the detection error, followed by the inertia constant M, time constant of governor T g , and damping coefficient D of the system.When these parameters change, the watermarking-based detection may cause false alarms.
From (12), the detection error can be calculated, and if the value of DI is close to the magnitude of DI, the detection error has an impact on the actual detection, and the detection system may cause false alarms; From (16), the upper bound of detection error can be calculated.And if the error of system parameters can be estimated, the operators can compare the upper error bound and the detection threshold form this formula and determine whether we should use the adaptive detection algorithm or not.
Remark 1: The watermarking injection has negligible impact on performance of AGC system, which is discussed in Appendix A.

III. ONLINE DETECTION ALGORITHM ON LFC SYSTEMS
The controlled generator set of the LFC system may be changed owing to constraints, such as market and carbon emissions, load fluctuations, and starting/stopping of generator sets, which can make system parameters change within a day.The parameter information may be not accurate at control center in such situations, and traditional online detection algorithms can also fail owing to inaccurate parameters.
Here, we propose a detection algorithm combining the parameter identification process with dynamic watermarking detection process, and the algorithm is applicable to parametervariant LFC systems, as shown in Fig. 2. In the algorithm, the parameter identification process is accompanied by the active detection process.That is, simulation parameters for attack detection vary with the control period.

A. Adaptive Detection Model
In this section, we propose an adaptive detection method based on dynamic watermarking and parameter identification; the detection indicator model is also used for the optimization objective of parameter identification.
Here, we simplify the detection indicators of dynamic watermarking and set a threshold.If the detection indicators calculated in actual running system do not exceed this threshold, the sensors in the system have not been maliciously injected or experienced cyberattacks.The specific modeling is as follows.
The private incentives injection is the same as that introduced in (5); after receiving the measurement signals from the sensors, the control center performs the watermarking test to calculate the detection vector i for area i as follows, which is the difference between the actual system state and the state calculated by the detector where i [k] is the kth detection indicator of the ith area; z i [k] and x c i [k] are the reported state by sensors and the state calculated by the detector in (9) of the ith area, respectively; and the parameters in A c and B c are from the parameter identification modeled below.
When the parameter identification is operating, the detection indicator and the detection threshold are calculated as follows to test whether the reported state z[k] is honest: where m is the sequence of the detection process and ξ is a coefficient.When online detection starts, Th i can be an input Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.empirical parameter, T d is the time window for detection, which should satisfy the following condition: where Z c presents the Z-score for the selected confidence level, for example, the 99% confidence level corresponds to a Zscore of approximately 2.58; and E is the margin of error, and Th i is the ith area's threshold.Theorem 3: Based on above formula, the detection window must be able to satisfy a given confidence level and margin of error.
Proof: Based on the sample size formula in sampling surveys, the minimized number of samples is since the variance of detection indicator is less than the detection threshold the length of the detection window satisfies The proof is completed.
In actual detection process for LFC systems, threshold Th i is set before starting the detection process.When the detector is operating, the detection indicators calculate constantly.If they are within the thresholds, the system is operating normally; otherwise, the detector generates an alarm to report the abnormal state.

B. Parameter Identification Model
In Section II, it has been shown that the applicability of detection depends on the accuracy of the parameter.Therefore, to ensure the feasibility and accuracy of the active detection model in complex parameter uncertain scenarios, we introduce the parameter identification model.
Parameter identification for control systems can be modeled as an optimization problem, that is, using a known model architecture and optimization algorithm to obtain the parameters.Usually, the same disturbance is applied to the structure-known simulation system and the actual system to minimize the error between the two outputs, which is also called fitness [26], [27], [28].Although the particle swarm optimization (PSO) algorithm has been applied to such parameter identification scenarios, the algorithm still produces some infeasible identification results, which can have a significant impact on the algorithms for online attack detection.Therefore, here we introduce the computation of detection metrics into the objective function of parameter identification, so that the optimal objective of parameter identification is the minimum value of the detection metrics, which improves the identification accuracy.Here, the watermarking detection model in ( 19) is used for the optimization objective in parameter identification as follows: where ζ is similar to the detection indicator , which includes the measurement state of the whole system and the simulation state obtained by parameter identification.While the fitness is updated at kth step, the optimization algorithm calculates Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.

Init: Set initial values of Parameter Identifier and Th
the optimal parameters and updates them according to the simulation system.
Because it is difficult to build an optimization model from fitness to system parameters, the PSO algorithm is used in such scenarios [26].
The process of parameter identification can be modeled as follows: where F act is the real LFC system function, x act [k] is the state measured by the sensors on the kth iteration, and x pi [k] is the simulation state of control center on the kth iteration.A pi [k] is the result of the parameter identification algorithm on the kth iteration.
On the kth iteration of the parameter identification process, the optimization algorithm transfers the variables to the LFC simulation model, calculates the fitness, and gives a set of variables with the optimal fitness, with the optimal solution as the kth time result of parameter identification A pi [k].

C. Online Identification-Detection Algorithm
Based on the above description, the detection algorithm can be described as follows.
Step 0: Set the initial range of system parameters, like M and D. Set the dimension, number, initial location, and velocity of particles; the width of detection window and the eigenvalues and thresholds Th i of the detection algorithm should be set as well.The frequency disturbance happens at k = 0.
Step 1: When k ≥ 1, update the system state z[k] from the real system and calculate the parameter identification result g pso [k] by the control center.
Step 2: Calculate the control signal u[k] by the PI controller and then add the single time private incentives on it to generate the system inputs p[k].Step 4: Check whether k satisfies a detection window.If it does, then calculate the DI i [m] according to (20) and go to step 5; if not, go to step 6.
Step 5: Compare DI i [m] with the threshold Th i and give the alert message to the control center if the detection indicator is out of range.
Step 6: Set k = k + 1 and go back to step 1.
The above steps constitute the online identificationdetection algorithm.
Note that at the beginning of the operation, there may be a large error between the result of parameter identification and actual parameters.As a result, the detection index DI i [m] may exceed the threshold, but the LFC system is not under attack, which causes false alarms.In addition, the particle swarm algorithm may actually lead to some infeasible parameter identification optimization results which may also cause false alarms.To mitigate the above scenarios, the detection vector [k] calculated in step 3 is changed as follows: where η(k) is an adaptive vector that is related to the parameter identification The construction of the adaptive attack detection algorithm for an LFC system with uncertain parameters is complete.The above algorithm with adaptive detection step is shown in Algorithm 1.

IV. NUMERICAL EXAMPLES
To test the online identification-detection algorithm proposed in Section III, we employ a real three-area power grid in China as a simulation system.The total generation capacity of each of the three areas is 2450, 2590, and 611.25 MW, and the number of controlled generators of each area is 16, 20, and 8, respectively.Based on real power grid parameters, the equivalent area parameters for each area are listed in Table II.

A. Parameter Identification Results
To provide a better presentation, the identification results of the Area 1 are taken as a representative.The parameters of PSO are the same as those in [28].The frequency error curve shows the identification process in Fig. 3, where the smaller the frequency error is, the more accurate the  identification method is.The simulation frequency error curve of our proposed model and the traditional model in [28] is demonstrated in (a) and (b), respectively.Here, the disturbance is the demand active power deviation P d , which randomly changes with the simulation time.As the identification process proceeds, frequency error of both methods tends to zero, and the error of our method approaches faster and closer to zero.Then, we simulate the above process 1000 times to demonstrate the efficiency of the parameter identification algorithm.The average results of the simulation and the actual parameters are listed in Table III.The accuracy of the parameter identification algorithm is relatively high.

B. Simulation Results of the Parameter-Variant LFC System
In this section, the online identification-detection algorithm is tested.The system is simulated with active power fluctuations.The parameters of the simulation system are changed during operation.
1) Detection Results Under Normal Operation Scenario: In this section, the simulation results of algorithm above under a normal operation scenario of the tested three-area LFC system are shown.During the operation period, the active power demand P d changes over time, and system parameters like the damping coefficient D i also change sometimes.
To test the validity of the online detection algorithm with parameter identification, we perform a comparison of the detection results with and without the online parameter identification process, as shown in Fig. 4.During this control period, the damping coefficient of the system D changes from [2, 2, 1.5] T to [1.8, 2.2, 1.7] T at t = 40 min.In the subsequent numerical examples, unless otherwise stated, our detection thresholds Th are all set as [2.5, 1.0, 2.0]e −4 , and the detection window here is set to 2 min based on the detection thresholds and the derivation of the algorithm regarding the detection window setting in (21).
From the three figures in (b) of Fig. 4, we can see that the detection algorithm with online parameter identification performs well for each area's detection indicator and does not exceed its threshold.Moreover, the figures in (c) of Fig. 4 show the performance under the detection algorithm without parameter identification proposed and used in [17] and [18].From the results, the traditional dynamic watermarking detection algorithm makes false alarm when parameter changes after t = 40 min.The comparisons between (b) and (c) of Fig. 4 not only support the discussion results in Section II but also prove the validity and robustness of the proposed online detection algorithm in this article.
2) Detection Results Under Different Types of Cyberattacks: In this part, types of cyberattacks are simulated on a test system.
First, a noise injection attack on a single area is simulated in Fig. 5, which shows the simulation result when a noise injection attack occurs on area-1 between t = 30 min to t = 45 min.The parameters of the damping coefficient are changed as in the normal operation simulation.When we compare the result with the results of normal operation under the proposed detection algorithm in Fig. 4, it can be proved that when this type of attack happens, the frequency of the system fluctuates greatly, which will cause the generators in the area to move differently, coinciding with the previous analysis of the effects that this type of attack can have on the LFC system.During the attack windows, the detection indicator DI 1 of area-1 exceeds the corresponding threshold Th 1 , and that the detector gives an alarm signal to the control center, which makes it possible for operators to take emergency measures to avoid system anomalies.
In the second part of this section, a designed attack is simulated on the test system, the adversaries are here assumed  as both eavesdroppers and attackers.Based on random injections to disguise RAs constructed on historical data, the adversary plans to use this approach to cut through the attack detection system and achieve a coordinated multiarea attack.The attack is designed as follows: where f i is the ith area's frequency measurement and r[k] is a random injection by the adversary.
Assume that the adversary masks an attack on area-1 with an attack on area-2.The frequency measurement in area-2 experiences a RA after t = 20 min, and after the RA happens, a random attack happens at the frequency measurement of area-1 between t = 45 min to t = 60 min.Fig. 6 shows the simulation result of the parameter-variant test system under the above attacks.From the figure, we can see that both attacks can be well recognized by the detection algorithm almost under the time when attacks happen.However, the recognition of RA still exists a little bit of a lag.3) Detection Results Under Large Disturbance: From the analysis in Section II, we know that the state vector influences the detection indicator when parameters of the system are not accurate.Thus, a large disturbance on the test system is simulated to validate whether the proposed framework can still be applied when the state becomes larger than normal.
Figs. 7 and 8 show the performance of the detection system under a normal and attacked situation when a large disturbance of 100 MW occurs at k = 15 min on area-2, respectively.A RA occurs when k ≥ 20 min is on area-2 in Fig. 8, and the system's frequency does not converge to zero because of the RA, which is in line with the analysis of RAs in Section II, where the system can have frequency stabilization related problems due to the effect of the attack.Meanwhile, after the RA occurs, the detection metrics in area-2 exceed the threshold value of the corresponding region, and the proposed detection algorithm can still give alarm under the change of system parameters and the operation of the system with large perturbations.7 and 8, it can be validated that the detection is also suitable when a large disturbance occurs during the operation period.The algorithm can recognize an attack well and does not generate false alarms a when large disturbance occurs.

C. Robustness of Detection Algorithm
Based on the above numerical examples, we can conclude that the detection algorithm proposed in this article can be effective in detecting a wide range of cyberattacks by malicious sensors under LFC systems with uncertain parameters.In this section, we will give an example of the robustness of the algorithm to give the detection accuracy of the algorithm based on the confusion matrix.
In this matrix, as shown in Table IV, the upper left and lower right are the numerical simulation results for which the detection mechanism is effective.The lower left and upper right are undetected and false alarms, respectively, according to which the detection mechanism has 98.9% detection accuracy when the test sample is 269.It is important to note here that the three times when no alarm signals appeared resulted in a delayed alarm from the detection algorithm, rather than no detection at all.It can be argued that our proposed algorithm is effective and robust to the cyberattacks mentioned above in LFC systems with uncertain parameters.

V. CONCLUSION
In this article, we proposed an online identificationdetection algorithm for LFC systems of uncertain parameters.First, we analyzed the influence of uncertain parameters for traditional dynamic watermarking detection algorithm.Then, we proposed an adaptive detection model based on dynamic watermarking and parameter identification to realize the detection on systems with uncertain parameters.Finally, we proposed an online identification-detection algorithm for parameter-variant systems.
It was demonstrated by numerical examples that the proposed algorithms performed well in different situations, especially in a colluding mixed attack on a time-variant system.In the follow-up studies, we will further explore the detection error caused by parameter uncertainty; we will also change or optimize the model of parameter identification to improve the efficiency and robustness of parameter identification; moreover, we will explore the improvement of active detection algorithms in control system scenarios with parameter uncertainty to reduce the additional computational resources introduced due to the identification of parameters.

APPENDIX A IMPACT OF WATERMARKING ON CONTROL SYSTEM PERFORMANCE
In this section, the impact of watermarking on control system performance will be discussed in two different scenarios.

A. Scenario One: Normal Operation
For impact of watermarking in normal operation scenario, a numerical example had been given in [18], which provided a result that the private injection(also named watermarking) does not cause significant deviation of the actual input from the control policy-specified input.Here, we provide a calculation.
Generally, the frequency fluctuation range f satisfies f ∈ [−0.03, 0.03] Hz, for the PI-controller for system in Section IV modeled in (4), the original control signal u is within [−0.1, 0.1] p.u.More than 90% of control signals has an absolute value which is greater than 1e −2 , while the watermarking injections are almost less than 3e −4 , which means in a single control period, the impact of watermarking is usually less than 3%.
For the average impact, define the sum of original control signal u as 1, which of the injected control signal p is 0.99994, which means the impact of watermarking injection is negligible in the average sense.

B. Scenario Two: Large Disturbance Operation
Here, we mainly discuss whether the watermarking may affect the performance of AGC under large disturbance.Take P d = [1, 0, 0] as an example, when there are no injections, assuming that the lowest frequency point is 1, and the same point is 1.00036 when watermarking injected.At the same time, the moment when the system reaches the frequency nadir, and the moment when stability is restored, remain unchanged.
From the above calculation, it is clear that the impact of watermarking on the performance of the AGC system is almost negligible.

APPENDIX B SIMPLIFIED CALCULATION OF VARIANCE
OF DIAGONAL ELEMENTS OF MATRIX In this article, the calculation of diagonal variance was used to calculate the detection indicators like (7) and analyze an error like (13).
Assuming that there is a matrix A n×n with the element defined as a i,j and that there is a sequence vector x n×1 [k] satisfying the elements of x, which are independent of each other σ 2 x,i = lim Authorized licensed use limited to the terms of the applicable license agreement with IEEE.Restrictions apply.
The variance diagonal matrix is defined as For is a diagonal matrix, the above equation can be rewritten in rows as tr( ) A ,i × σ 2 x,i = tr A T A x .
As can be seen from the above formula, the conversion method of (12) in the text is correct.

Fig. 2 .
Fig. 2. Schematic of the online identification-detection algorithm for LFC systems.

Step 3 :
According to the result of the last operation period g pso [k−1], z[k−1], and u[k−1] (use initial value when k = 1), calculate the simulation state x sim [k] and the detection vector [k].

Fig. 3 .
Fig. 3. Simulated frequency error of different parameter identification methods.(a) Proposed model and the (b) model in [28].

Fig. 4 .
Fig. 4. Comparison of different detection algorithms when parameters of the system change at t = 40 min.(a) System frequency curve under normal operation.(b) Detection results of the proposed identification-detection algorithm.(c) Detection results of watermarking-based detection only.

Fig. 5 .
Fig. 5. Simulation results of the detection algorithm under a random attack on area-2.(a) System frequency curve during the test period.(b) Three areas' detection indicators and their thresholds.

Fig. 6 .
Fig. 6.Simulation results of the detection algorithm under a mixed cyberattack.(a) System frequency curve during the test period.(b) Three areas' detection indicators and their thresholds.

Fig. 7 .
Fig. 7. Simulation results when a large disturbance occurs without any attacks.(a) System frequency curve during the test period.(b) Three areas' detection indicators and their thresholds.

Fig. 8 .
Fig. 8. Simulation results when a large disturbance occurs under a RA.(a) System frequency curve during the test period.(b) Three areas' detection indicators and their thresholds.
k] where tr() is the trace and diag() represents taking diagonal elements to form a matrix.Then, we get tr(A) = N i=n diag(A).

TABLE III PARAMETER
IDENTIFICATION RESULTS OF 1000 TIMES