Biblio

The interaction between the transmission system of doubly-fed wind farms and the power grid and the stability of the system have always been widely concerned at home and abroad. In recent years, wind farms have basically installed static var generator (SVG) to improve voltage stability. Therefore, this paper mainly studies the subsynchronous oscillation (SSO) problem in the grid-connected grid-connected doubly-fed wind farm with static var generators. Firstly based on impedance analysis, the sequence impedance model of the doubly-fed induction generator and the static var generator is established by the method. Then, based on the stability criterion of Bode plot and time domain simulation, the influence of the access of the static var generator on the SSO of the system is analyzed. Finally, the sensitivity analysis of the main parameters of the doubly-fed induction generator and the static var generator is carried out. The results show that the highest sensitivity is the proportional gain parameter of the doubly-fed induction generator current inner loop, and its value should be reduced to reduce the risk of SSO of the system.

With the objective to eliminate the input current sensor in a totem-pole boost power factor corrector (PFC) for its low-cost design, a novel discretized sampling-based robust control scheme is proposed in this work. The proposed control methodology proves to be beneficial due to its ease of implementation and its ability to support high-frequency operation, while being able to eliminate one sensor and, thus, enhancing reliability and cost-effectiveness. In addition, detailed closed-loop stability analysis is carried out for the controller in discrete domain to ascertain brisk dynamic operation when subjected to sudden load fluctuations. To establish the robustness of the proposed control scheme, a detailed sensitivity analysis of the closed-loop performance metrics with respect to undesired changes and inherent uncertainty in system parameters is presented in this article. A comparison with the state-of-the-art (SOA) methods is provided, and conclusive results in terms of better dynamic performance are also established. To verify and elaborate on the specifics of the proposed scheme, a detailed simulation study is conducted, and the results show 25% reduction in response time as compared to SOA approaches. A 500-W boost PFC prototype is developed and tested with the proposed control scheme to evaluate and benchmark the system steady-state and dynamic performance. A total harmonic distortion of 1.68% is obtained at the rated load with a resultant power factor of 0.998 (lag), which proves the effectiveness and superiority of the proposed control scheme.

JavaScript is a client-side scripting language that is widely used in web applications. It is dynamic, loosely-typed and prototype-based with first-class functions. The dynamic nature of JavaScript makes it powerful and highly flexible in almost every way. However, this flexibility may result in what is known as code smells. Code smells are characteristics in the source code of a program that usually correspond to a deeper problem. They can lead to a variety of comprehension and maintenance issues and they may impact fault- and change-proneness of the application in the future. We present TAJSlint, an automated code smell detection tool for JavaScript programs that is based on static analysis. TAJSlint includes a set of 14 code smells, 9 of which are collected from various sources and 5 new smells we propose. We conduct an empirical evaluation of TAJSlint on a number of JavaScript projects and show that TAJSlint achieves an overall precision of 98% with a small number of false positives. We also study the prevalence of code smells in these projects.

This paper investigates the impact of the delay resulting from a blockchain, a promising security measure, for a hierarchical control system of inverters connected to the grid. The blockchain communication network is designed at the secondary control layer for resilience against cyberattacks. To represent the latency in the communication channel, a model is developed based on the complexity of the blockchain framework. Taking this model into account, this work evaluates the plant’s performance subject to communication delays, introduced by the blockchain, among the hierarchical control agents. In addition, this article considers an optimal model-based control strategy that performs the system’s internal control loop. The work shows that the blockchain’s delay size influences the convergence of the power supplied by the inverter to the reference at the point of common coupling. In the results section, real-time simulations on OPAL-RT are performed to test the resilience of two parallel inverters with increasing blockchain complexity.

The load margin due to voltage instability and small-signal instability can be a valuable measure for the operator of the power system to ensure a continuous and safe supply of electricity. However, if this load margin was calculated without considering system operating requirements, then this margin may not be adequate. This article proposes an algorithm capable of providing the power system load margin considering the requirements of voltage stability, small-signal stability, and operational requirements, as limits of reactive power generation of synchronous generators in dynamic security assessment. Case studies were conducted in the 107-bus reduced order Brazilian system considering a list of contingencies and directions of load growth.

In some single-phase systems, power decoupling is necessary to balance the difference between constant power at load side and double-frequency ripple power at AC side. The application of active power decoupling methods aim to smooth this power oscillatory component, but, in general, these methods require the addition of many semiconductor devices and/or energy storage components, which is not lined up with achieving low cost, high efficiency and high power quality. This paper presents the analysis of a new single-phase rectifier based on zeta topology with power decoupling function and power factor correction using only two active switches and without extra reactive components. Its behavior is based on three stages of operation in a switching period, such that the power oscillating component is stored in one of the inherent zeta inductor. The theoretical foundation that justifies its operation is presented, as well as the simulation and experimental results to validate the applied concepts.

Steady-state response of the grid under a predefined set of credible contingencies is an important component of power system security assessment. With the growing complexity of electrical networks, fast and reliable methods and tools are required to effectively assist transmission grid operators in making decisions concerning system security procurement. In this regard, a Convolutional Neural Network (CNN) based approach to develop prediction models for static security assessment under N-1 contingency is investigated in this paper. The CNN model is trained and applied to classify the security status of a sample system according to given node voltage magnitudes, and active and reactive power injections at network buses. Considering a set of performance metrics, the superior performance of the CNN alternative is demonstrated by comparing the obtained results with a support vector machine classifier algorithm.

The continuous integration of intermittent low-carbon energy resources makes islanded microgrids vulnerable to voltage fluctuations. Besides, different dynamic response of synchronous-based and inverter-based distributed generation (DG) units can result in an instantaneous power imbalance between supply and demand during transients. As a result, the ac-bus voltage of microgrid starts oscillating which might have severe consequences such as blackouts. This paper modifies the conventional control scheme of battery energy storage systems (BESSs) to participate in improving the dynamic behavior of islanded microgrids by mitigating the voltage fluctuations. A piecewise linear-elliptic (PLE) droop is proposed and employed in BESS to achieve an enhanced voltage profile by injecting/absorbing reactive power during transients. In this way, the conventional inverter implemented in BESS turns into a smart inverter to cope with fast transients. Using the proposed approach in this paper, any linear droop curve with a specified coefficient can be replaced by a PLE droop curve. Compared with linear droop, an enhanced dynamic response is achieved by utilizing the proposed PLE droop. Case study results are presented using PSCAD/EMTDC to demonstrate the superiority of the proposed approach in improving the dynamic behavior of islanded microgrids.

Many detection approaches have been proposed to address growing threat of Distributed Denial of Service (DDoS) attacks on the Internet. The attack detection is the initial step in most of the mitigation systems. This study examined the methods used to detect DDoS attacks with the focus on learning based approaches. These approaches were compared based on their efficiency, operating load and scalability. Finally, it is discussed in details.

Traditionally, the management of power distribution networks relies on the centralized implementation of the optimal power flow and, in particular, the minimization of the generation cost and transmission losses. Nevertheless, the increasing penetration of both renewable energy sources and independent players such as ancillary service providers in modern networks have made this centralized framework inadequate. Against this background, we propose a noncooperative game-theoretic framework for optimally controlling energy storage systems (ESSs) in power distribution networks. Specifically, in this paper we address a power grid model that comprehends traditional loads, distributed generation sources and several independent energy storage providers, each owning an individual ESS. Through a rolling-horizon approach, the latter participate in the grid optimization process, aiming both at increasing the penetration of distributed generation and leveling the power injection from the transmission grid. Our framework incorporates not only economic factors but also grid stability aspects, including the power flow constraints. The paper fully describes the distribution grid model as well as the underlying market hypotheses and policies needed to force the energy storage providers to find a feasible equilibrium for the network. Numerical experiments based on the IEEE 33-bus system confirm the effectiveness and resiliency of the proposed framework.

As portals to the Internet, web browsers constitute prominent targets for attacks. Existing defenses that redefine web APIs typically capture information related to a single JavaScript function. Thus, they fail to defend against the so-called web concurrency attacks that use multiple interleaved functions to trigger a browser vulnerability. In this paper, we propose JSKernel, the first generic framework that introduces a kernel concept into JavaScript to defend against web concurrency attacks. The JavaScript kernel, inspired from operating system concepts, enforces the execution order of JavaScript events and threads to fortify security. We implement a prototype of JSKernel deployable as add-on extensions to three widely used web browsers, namely Google Chrome, Mozilla Firefox, and Microsoft Edge. These open-source extensions are available at (https://github.com/jskernel2019/jskernel) along with a usability demo at (https://jskernel2019.github.io/). Our evaluation shows the prototype to be robust to web concurrency attacks, fast, and backward compatible with legacy websites.

New research fields and applications on human computer interaction will emerge based on the recognition of emotions on faces. With such aim, our study evaluates the features extracted from faces to recognize emotions. To increase the success rate of these features, we have run several tests to demonstrate how age and gender affect the results. The artificial neural networks were trained by the apparent regions on the face such as eyes, eyebrows, nose, mouth, and jawline and then the networks are tested with different age and gender groups. According to the results, faces of older people have a lower performance rate of emotion recognition. Then, age and gender based groups are created manually, and we show that performance rates of facial emotion recognition have increased for the networks that are trained using these particular groups.

In this paper, the cybersecurity of distributed secondary voltage control of AC microgrids is addressed. A resilient approach is proposed to mitigate the negative impacts of cyberthreats on the voltage and reactive power control of Distributed Energy Resources (DERs). The proposed secondary voltage control is inspired by the resilient flocking of a mobile robot team. This approach utilizes a virtual time-varying communication graph in which the quality of the communication links is virtualized and determined based on the synchronization behavior of DERs. The utilized control protocols on DERs ensure that the connectivity of the virtual communication graph is above a specific resilience threshold. Once the resilience threshold is satisfied the Weighted Mean Subsequence Reduced (WMSR) algorithm is applied to satisfy voltage restoration in the presence of malicious adversaries. A typical microgrid test system including 6 DERs is simulated to verify the validity of proposed resilient control approach.

On-Load Tap Changing transformers are a widely used voltage regulation device. In the context of modern or smart grids, the control signals, i.e., the tap change commands are sent through SCADA channels. It is well known that the power system SCADA networks are prone to attacks involving injection of false data or commands. While false data injection is well explored in existing literature, attacks involving malicious control signals/commands are relatively unexplored. In this paper, an algorithm is developed to detect a stealthily introduced malicious tap change command through a compromised SCADA channel. This algorithm is based on the observation that a stealthily introduced false data or command masks the true estimation of only a few state variables. This leaves the rest of the state variables to show signs of a change in system state brought about by the attack. Using this observation, an index is formulated based on the ratios of injection or branch currents to voltages of the terminal nodes of the tap changers. This index shows a significant increase when there is a false tap command injection, resulting in easy classification from normal scenarios where there is no attack. The algorithm is computationally light, easy to implement and reliable when tested extensively on several tap changers placed in an IEEE 118-bus system.

This paper deals with the modeling and control of the NEREIDA wave generation power plant installed in Mutriku, Spain. This kind of Oscillating Water Column (OWC) plants usually employ a Wells turbine coupled to a Doubly Fed Induction Generator (DFIG). The stalling behavior of the Wells turbine limits the generated power. In this context, a sliding mode rotational speed control is proposed to help avoiding this phenomenon. This will regulate the speed by means of the Rotor Side Converter (RSC) of the Back-to-Back converter governing the generator. The results of the comparative study show that the proposed control provides a higher generated power compared to the uncontrolled case.

The root cause of cross-site scripting(XSS) attack is that the JavaScript engine can't distinguish between the JavaScript code in Web application and the JavaScript code injected by attackers. Moving Target Defense (MTD) is a novel technique that aim to defeat attacks by frequently changing the system configuration so that attackers can't catch the status of the system. This paper describes the design and implement of a XSS defense method based on Moving Target Defense technology. This method adds a random attribute to each unsafe element in Web application to distinguish between the JavaScript code in Web application and the JavaScript code injected by attackers and uses a security check function to verify the random attribute, if there is no random attribute or the random attribute value is not correct in a HTML (Hypertext Markup Language) element, the execution of JavaScript code will be prevented. The experiment results show that the method can effectively prevent XSS attacks and have little impact on the system performance.

This work explores attack and attacker profiles using a VoIP-based Honeypot. We implemented a low interaction honeypot environment to identify the behaviors of the attackers and the services most frequently used. We watched honeypot for 180 days and collected 242.812 events related to FTP, SIP, MSSQL, MySQL, SSH, SMB protocols. The results provide an in-depth analysis about both attacks and attackers profile, their tactics and purposes. It also allows understanding user interaction with a vulnerable honeypot environment.

Today, maintaining the security of the web application is of great importance. Sites Intermediate Script (XSS) is a security flaw that can affect web applications. This error allows an attacker to add their own malicious code to HTML pages that are displayed to the user. Upon execution of the malicious code, the behavior of the system or website can be completely changed. The XSS security vulnerability is used by attackers to steal the resources of a web browser such as cookies, identity information, etc. by adding malicious Java Script code to the victim's web applications. Attackers can use this feature to force a malicious code worker into a Web browser of a user, since Web browsers support the execution of embedded commands on web pages to enable dynamic web pages. This work has been proposed as a technique to detect and prevent manipulation that may occur in web sites, and thus to prevent the attack of Site Intermediate Script (XSS) attacks. Ayrica has developed four different languages that detect XSS explanations with Asp.NET, PHP, PHP and Ruby languages, and the differences in the detection of XSS attacks in environments provided by different programming languages.

Although connecting a microgrid to modern power systems can alleviate issues arising from a large penetration of distributed generation, it can also cause severe voltage instability problems. This paper presents an online method to analyze voltage security in a microgrid using convolutional neural networks. To transform the traditional voltage stability problem into a classification problem, three steps are considered: 1) creating data sets using offline simulation results; 2) training the model with dimensional reduction and convolutional neural networks; 3) testing the online data set and evaluating performance. A case study in the modified IEEE 14-bus system shows the accuracy of the proposed analysis method increases by 6% compared to back-propagation neural network and has better performance than decision tree and support vector machine. The proposed algorithm has great potential in future applications.

There are several works on the formalization of security protocols and proofs of their security in Isabelle/HOL; there have also been tools for automatically generating such proofs. This is attractive since a proof in Isabelle gives a higher assurance of the correctness than a pen-and-paper proof or the positive output of a verification tool. However several of these works have used a typed model, where the intruder is restricted to "well-typed" attacks. There also have been several works that show that this is actually not a restriction for a large class of protocols, but all these results so far are again pen-and-paper proofs. In this work we present a formalization of such a typing result in Isabelle/HOL. We formalize a constraint-based approach that is used in the proof argument of such typing results, and prove its soundness, completeness and termination. We then formalize and prove the typing result itself in Isabelle. Finally, to illustrate the real-world feasibility, we prove that the standard Transport Layer Security (TLS) handshake satisfies the main condition of the typing result.

With the growth of the Internet, web applications are becoming very popular in the user communities. However, the presence of security vulnerabilities in the source code of these applications is raising cyber crime rate rapidly. It is required to detect and mitigate these vulnerabilities before their exploitation in the execution environment. Recently, Open Web Application Security Project (OWASP) and Common Vulnerabilities and Exposures (CWE) reported Cross-Site Scripting (XSS) as one of the most serious vulnerabilities in the web applications. Though many vulnerability detection approaches have been proposed in the past, existing detection approaches have the limitations in terms of false positive and false negative results. This paper proposes a context-sensitive approach based on static taint analysis and pattern matching techniques to detect and mitigate the XSS vulnerabilities in the source code of web applications. The proposed approach has been implemented in a prototype tool and evaluated on a public data set of 9408 samples. Experimental results show that proposed approach based tool outperforms over existing popular open source tools in the detection of XSS vulnerabilities.

Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts. The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.