Contents 1. Introduction
AGC is a critical mechanism used in multi-area power systems to maintain system frequency and manage tie-line power flows. Specifically, AGC monitors the ACE, which reflects both frequency deviation (i.e., how far the system frequency is from its nominal value) and tie-line power exchange deviation between interconnected areas. By adjusting generator setpoints, the AGC ensures that each area's frequency remains close to the nominal level (e.g., 50 or 60 Hz) and that scheduled power transfers across tie-lines are upheld. The frequency and tie-line measurements obtained by the sensors are transmitted to the control center of each area via the Distributed Network Protocol (DNP3), which has vulnerabilities against cyber-attacks [1]–[2]. Attackers who use these vulnerabilities can inj ect false data into the system that will affect the operation of the AGC. Recent studies demonstrate that optimal false data injection attacks (OFDIAs) on AGC systems can bypass conventional bad data detection mechanisms, leading to significant consequences such as frequency instability or triggering protection mechanisms like load shedding relays. These attacks leverage precise manipulation of tie-line power and generator frequency measurements, highlighting vulnerabilities in existing control frameworks [3]. Although there are many studies examining the effects of cyber-attacks on the AGC system, the exploration of detection methods in the presence of high levels of RES remains limited.
