#### Abstract

In our paper, we study the vulnerability in cascading failures of the real-world network (power grid) under intentional attacks. Here, we use three indexes (, , -shell) to measure the importance of nodes; that is, we define three attacks, respectively. Under these attacks, we measure the process of cascade effect in network by the number of avalanche nodes, the time steps, and the speed of the cascade propagation. Also, we define the node’s bearing capacity as a tolerant parameter to study the robustness of the network under three attacks. Taking the power grid as an example, we have obtained a good regularity of the collapse of the network when the node’s affordability is low. In terms of time and speed, under the betweenness-based attacks, the network collapses faster, but for the number of avalanche nodes, under the degree-based attack, the number of the failed nodes is highest. When the nodes’ bearing capacity becomes large, the regularity of the network’s performances is not obvious. The findings can be applied to identify the vulnerable nodes in real networks such as wireless sensor networks and improve their robustness against different attacks.

#### 1. Introduction

Nowadays, people’s daily life is increasingly dependent on electricity, but the failures and blackout happened in the electricity system has resulted in heavy losses and a huge impact on people’s lives. There are a lot of famous examples like the massive power failure on the West Coast of United States in September 2011, the breakdown of Ukraine’s electricity system under malicious attacks and the blackout in New York city in July 2019, and the massive power failure on the U.S. West Coast in 2019. Therefore, to this day, the research on the power grid is still hot. The current research on network robustness mainly includes these aspects: research based on power grid structure, analysis based on cascading effects, how to identify network attacks, and how to defend network attacks.

In terms of structural analysis, Huang [1] et al. (2013) used the theory of complex networks and obtained the distribution of risk energy along the path in the vulnerability analysis of cascading faults considering branch structures. Based on graph theory technology, Correa [2] et al. (2013) obtained the applicability conclusion of the graph theory method for the vulnerability of power grids by comparing the physical flow model and the statistical indicators of scale-free graphs. Based on the normalization effect of neighboring nodes and the weight distribution of nodes in the network, Wang [3] et al. (2014) studied the different roles of low-load and high-load nodes and the relationship between some parameters in the network and the strongest level of robustness. Finally, through numerical simulation, they obtained the parameter values corresponding to the model at the strongest level of robustness. Ouyang [4] et al. (2014) used the betweenness based-model (BBM), direct current power flow model (DCPFM), and purely topological model(PTM) to study network robustness under intentional attacks based on betweenness, degree, importance, and maximum traffic. Yang [5] et al. (2015) discussed the relationship between community structure and network robustness and proposed a three-step strategy to improve network robustness while maintaining the degree distribution and the structure of the network community.

In terms of analysis based on cascading effects, considering the traffic load, Tan [6] et al. (2015) used the Barabasi-Albert scale-free network and interdependent Erdos-Renyi random graph to research the effect of the coupling mode on the cascade effect. Through research, Erdos-Renyi random graphs are fragile and robust. However, the interdependent Barabasi-Albert scale-free network is vulnerable to intentional attacks and the random attacks. These results are similar for interdependent communication networks and power grids, for the nonvulnerability under intentional attacks and the actual interdependent system. Cai [7] et al. (2016) analyzed the complex effects of cascading faults by modeling the interdependence between power systems and dispatch data networks. Their simulation results show that under random attacks, the probability of catastrophic failure of the power grid combined with the mesh structure is higher than that with a double-star structure; while under intentional attacks, the transmission performance of the mesh network is better than that of the double-star structure. Hai-PengRen [8] et al. (2016) proposed a new load distribution for the cascade effect and a node removal rule, that is, in the opposite direction of the flow, removing the first overload node, and then the network distributes the load and continues cascading process. This method has proven to suppress large-scale cascading failures. According to the maximum flow theory, Wenli [9] et al. (2016) proposed a model of cascading failure. Their results show that the node load distribution has a great impact on the cascading dynamics and the tolerance parameter threshold. Kornbluth [10] et al. (2018) use the node’s betweenness centrality as the load to research the cascading effect of the network when the node’s load is overloaded. They study the functional relationship between the initial attack and the number of surviving nodes at the end of the cascade PF strength under different tolerance values in Erdös-Renyi graphs and random regular graphs.

In terms of how to identify network attacks, Yan [11] et al. (2017) analyzed the vulnerability of the transmission network under sequential topology attack and proposed a method based on -learning. This method can identify the critical attack sequence considering the dynamic behavior of the physical system. Wang [12] et al. (2017) developed a smart search method based on state-space pruning to identify incidents of cyber attacks. They used the stochastic chemistry method and particle swarm optimization algorithm and took the IEEE system as an example to verify the efficiency and of the method. Lei [13] et al. (2020) proposed a distributed iterative positioning algorithm based on the abandonment strategy of the sensor relative to its neighbor’s center of gravity coordinates. The algorithm uses relative distance calculations to locate the data packet loss through the neighbor’s communication link. And they accurately locate the sensor through this algorithm. Daniel [14] et al. (2020) proposed an algorithm that shows the relationship between the variance of the attacker’s signal and how far away the nodes are, which solves the problem of constructing a centralized and distributed version of Nesterov with the best fixed parameters.

In terms of how to defend network attacks, Zheng [15] et al. (2014) proposed a weighting strategy for edges, that is, designing the path length of the edge as the product of the clustering coefficients of the edge nodes and calculating the corrected neutrality center of the edge and applying it as a weight to the cascade model. It is found that the weighting scheme based on the modified betweenness centrality makes the three networks of the modular network, scale-free network, and small-world network all better than the original betweenness centrality networks that are more robust against edge attack. Liu [16] et al. (2015) found two ways to reduce the system vulnerability: (1) protect nodes with high degree and (2) increase the degree of correlation between networks. Guo [17] et al. (2017) proposed a vulnerability analysis method using the Cyber-Physical Power System (CPPS) model composed of the physical layer, network layer, and network physical interface and used this method to calculate the performance index of the model before and after the cascade failure. By comparing different attack strategies and interface strategies, they concluded that CPPS should protect high-indexed nodes and is more vulnerable to malicious attacks. Wang [18] et al. (2018) proposed a strategy to defend against cyber attacks by studying electronic computing physical systems (ECPSs). Besides, they also provided a weight adjustment strategy to work out the problem of unbalanced current caused by the split event. In the paper, their assessment of vulnerability has five aspects: robustness, economic cost, degree of damage, fragile equipment, and trigger points. Ma [19] et al. (2019) proposed a scale-free network model that can more effectively control the propagation of cascading faults. In their model, the connection load of any two nodes is defined, taking into account the degree and intermediateness of the nodes. Irshaad [20] et al. (2019) combined cognitive dynamic and state estimation systems in the smart network and proposed a new SG metric: entropy state. The manager achieves the goal of improving the entropy state by reconfiguring the weights of the sensors in the grid and dynamically optimizing the state estimation process. And CDS is the best choice for monitoring systems.

It can be seen from the above literature review that scholars understand the network structure and cascading effects and use sensors to identify attacks and defend them. In this article, we default to the identification of sensors and attach importance to defense to protect high-load nodes. However, rather than studying structural defenses, we value the impact of the network after an attack. We recorded not only the number of nodes in the network that crashed but also the speed and time of the crash. Because we believe that under the technical recognition of sensors, understanding the law of network collapse is of great practical significance for future defenses.

We break this article into three sections. In Section I, we will introduce the load distribution model of the network. In Section II, we will show three attacks. In Section III, we will list some indicators to show the extent to which the network is crashing. In Section IV, we will present the results graphically and analyze them. Finally, we will give the conclusion.

#### 2. Results and Discussion

##### 2.1. The Cascading Failure Model

###### 2.1.1. Load Distribution Model

It can be seen from multiple studies that the load of a node is often estimated by the node’s betweenness centrality [21, 22]. Therefore, in our paper, we set the betweenness centrality of the node as its load.

In reality, when a node is crashed by an attack, its load is distributed to other nodes in the network [23]. There are two distribution methods, global distribution and local distribution. Global distribution seems to be more comprehensive, but in actual research, global distribution calculation is huge, and in global distribution, the load is distributed in inverse proportion to the distance. On the contrary, distributing load to neighboring nodes is effective and reasonable. On the one hand, it can show the level after the collapse of the network. On the other hand, calculations are greatly reduced. Local distribution is not single, for example, using game theory [24]. Consequently, we adopt the local distribution method of node load distribution to its neighboring nodes after a node fails in this article, which is more suitable for research.

As shown in Figure 1, when the node crashes, it allocates its own load to its neighboring node set in a certain form. When a node is a neighboring node that exceeds its maximum load, the node fails and continues to be distributed to its neighboring nodes, which results in the cascade effect. Until the assigned nodes in the network do not exceed the maximum load, the process of cascading faults stops [25].

###### 2.1.2. Cascade-Related Indicators

To measure the cascading effect of the network, you need to define some relevant indicators.

First of all, as mentioned above, we define the initial load () of node [26] as the node’s betweenness centrality ().

Secondly, define the maximum load () that the node can withstand [27]. The definition is as follows:

In the formula, is a tunable parameter, ranging from 0 to 1, indicating the performance of the nodes [28]. The larger the value of *α*, the better the load-carrying capacity of the node.

The next is how to distribute. At time , as node failed, its neighboring node increases the load () as

where is any node of set . The load distributed from the node is added to each neighboring node. If the one of neighboring nodes exceeds its maximum load, the node fails [29].

###### 2.1.3. Simulated Attack Model

In general, our model is to achieve intentional attacks in reality by selecting high-load nodes to attack. After being attacked, the attacked node will distribute its load to neighboring nodes, that is, using the previous load distribution model. When any neighboring node’s load exceeds its capacity, it will collapse and continue to distribute its load, thus form a series of chain reactions [30, 31]. And we will simulate this process through a computer to get our final conclusion.

##### 2.2. Three Attack Strategies

We examine the survivability of the network under intentional attacks [32] in this article. Under intentional attacks, important nodes in the network will be attacked. Important nodes are often measured by the node’s betweenness centrality, degree [33], -shell [34] value, etc. Therefore, we study three attacks that sort these three metrics in descending order to attack. The three attacks are as follows: (1)Betweenness attack ( attack): based on the abovementioned distribution method, we sort all nodes in descending order of the betweenness centrality, then attack the top nodes(2)Degree-based attack ( attack): The nodes to be attacked are arranged in descending order of degrees, and the rest are the same as the betweenness-based attack(3)-shell-based attack: keep the other conditions the same and arrange the attacked nodes in descending order according to the value of -shell. For the definition of -shell, see the Figure 2 below

Attack the nodes according to these three attacks, and then through certain indicators [35], we can see the degree of network collapse. Next, we will introduce the evaluation indicators.

##### 2.3. Evaluation Indicators

Obviously, the degree of network collapse [36, 37] is bound up with the number of nodes that fail. The quantity available is an important indicator. On the other hand, due to the cascading effect, the moments when different nodes fail are not necessarily the same. Therefore, we must first define the time of the cascade. With quantity and time, we naturally think of another indicator—speed. Below, we will explain these three indicators in detail. (1)Time: As for the time, we define the time of the attack as the moment 0 (), the time of the neighboring nodes fail caused by the attacked nodes as the moment 1(), and so on to define the cascade moment. In addition, what we can get from this is that the last moment recorded is the time () used for the cascade effect(2)The number of failed nodes: Aiming to analyze the collapse of the network in the cascade effect process, we count the nodes that fail at different times ( ()). By adding these numbers, we can get the total number of nodes that fail, calculated as follows:(3)The number of noncrashed nodes: Knowing the total number of nodes () in the power grid and the number of failure nodes, we can easy to calculate the nodes that did not fail, excluding the number of nodes that have attacked (), calculated as follows:(4)Speed of cascade: Speed is the quotient of quantity () and time (). Here, the time it takes for the cascade effect to start and end. The quantity () here refers to the total number of nodes that fail. The specific formula is as follows:

All in all, it is easy to know that the total number of failure nodes shows the degree of network collapse, and time and speed show the effects of different attacks. Then, based on these indicators, from the results, we can detect the effect of the cascade effect of the network under different attack conditions.

#### 3. Result Analysis

Based on the previous model and evaluation indicators, we test it using the U.S. grid as an example. This power grid is a network with 4941 nodes and 6,594 edges. Here, we assume that the edges of the network [38] are unweighted, and the distribution of the load is undirected.

##### 3.1. Preliminary Analysis

As mentioned above, we will record the number of nodes that fail at each moment in the cascade effect. Therefore, we will initially display it in a three-dimensional graph.

Through the adjustment of *α* and the adjustment of attack modes, we can have different results. Among them, we will find some novel conclusions. Next, we will present them in turn.

As can be seen from the vertical perspective of Figure 3, under the attack, the number of nodes in the cascade effect increases with time, showing a trend of increasing first and then decreasing. From the horizontal perspective, as the number of attacked nodes increases, so does the number of collapse nodes in the cascade effect. And it can be roughly seen that with the increasing of the number of attacked nodes, the total time of the cascade effect generally decreases.

**(a)**

**(b)**

**(c)**

**(d)**

Next, we use the same distribution method to perform the same operation on nodes sorted by degree (). The result is shown in Figure 4.

**(a)**

**(b)**

**(c)**

**(d)**

It can be seen from Figure 4 that the horizontal and vertical images are roughly the same as the attacks, but in the attack, when the node performance is good, that is, when is large, attacking a few important nodes has little impact on the entire network.

At last, we use the -shell to measure the importance that is sorted by -shell, attack the node with a large value of k-shell, and use the same distribution method to record the number of failure nodes, as shown in Figure 5.

**(a)**

**(b)**

**(c)**

**(d)**

It can be seen from Figure 5 that the image in the horizontal and vertical directions is roughly the same as the two modes, but compared to the previous two attack mode, this attack mode has a large time span and shows a fault phenomenon, as shown in Figure 5(a). The first 40 attacked nodes and less than 40 show roughly the same effect on the network, but when the number of attack nodes is greater than 40, the result of the attack is significantly different. This may be related to the point ordering with the same -shell value.

##### 3.2. Advanced Analysis

When is determined, in a three-dimensional graph, we can know the time of the crash () and the number of crashed nodes at different times ( ()) and compare the network crashes that attacked different numbers of nodes. However, we do not know whether the final total number of crashed nodes () still has such regularity. Therefore, we introduce a two-dimensional graph to depict the total number of crashed nodes. In addition, we also depict time and speed accordingly.

From (a) and (b) of Figure 6, we see a strange phenomenon, and the more attacked nodes, the fewer the number of failed nodes. This is counterintuitive. However, there is a possible reason to explain this phenomenon; that is, the node that was attacked at the beginning is closely related to the nodes that are added later. The load allocated by the previous crashed node causes the subsequent node to fail. On how to answer this question, we draw a graph of the number of nodes without fail [39] (Figure 7). It turns out that for both the -shell and the attack, this explanation is feasible. As for how to explain the attack, at this time, we should consider the phenomenon that the neighboring nodes fail at the same time, and the load cannot be distributed. Whether it is caused by one or both, we can conclude that, based on the previous model, increasing the number of attack nodes does not necessarily lead to an increase in network crash, especially for the attack.

**(a)**

**(b)**

**(c)**

**(d)**

**(a)**

**(b)**

**(c)**

**(d)**

From Figures 6 and 7, we have not reached a good conclusion. However, from a time and speed perspective, we found good results. It can be seen from Figures 8 and 9 that when is small, the speed and time of collapse reflect a better law. As the number of attacked nodes increases, the time spent by cascade effect decreases, and the speed of collapse increases. In addition, among the three attacks, the attack has the shortest time and the fastest speed, followed by the attack. When is greater than or equal to 0.6, the volatility of the data is larger, and the law is not very obvious, but it can still be seen that the attack is more destructive to the power grid.

**(a)**

**(b)**

**(c)**

**(d)**

**(a)**

**(b)**

**(c)**

**(d)**

From this, we reasonably guess that the size of the alpha has an effect on the number of nodes that fail. To do this, we set as the independent variable [40], set the number of failure nodes as the dependent variable, and plot the results as follows.

It can be seen from Figure 10 that as the value of increases, the number of failure nodes decreases. But as for the attack and the attack, the reduction trend is not obvious. Nevertheless, some phenomena can be found from them. As you can see from Figure 10(a), that when attacking 50 nodes, no matter how large , the number of nodes fail by the betweenness-based attack is greater than the -shell attack. However, when the number of attacks increased, there was almost no difference in the number of failure nodes by the two modes. When the number of attacked nodes is 200, the number of failure nodes by the -shell attack is greater than that of the attack. On the other hand, the number of failure nodes in the network is closely related to the load capacity of the nodes for the attack. In this case, improving the node’s performance is very effective to ensure network security.

**(a)**

**(b)**

**(c)**

**(d)**

#### 4. Conclusions

Through the above studies, we can draw some preliminary conclusions about the cascade effect. The specific conclusions will be listed in the following points. (1)From the preliminary analysis, it can be roughly seen that at any time , as the number of attacked nodes increases, so does the number of failure nodes, and the total crash time decreases(2)However, Figures 6 and 7 show that the increase in the number of attacked nodes does not result in an increase in the total number of crashed nodes and a decrease in the number of noncrashed nodes. Based on the data of the number of crashed and noncrashed nodes, compared with the three attack methods, attack is affected more(3)Combined with the crash time and crash speed, it can be seen that the attack has the fastest crash speed and the shortest crash time. Therefore, it can be known that in the attack mode, the robustness of the network is the lowest, especially when is small(4)Improving the load-carrying capacity of a node is a good protection measure. Judging from the results, the load-carrying capacity of nodes has more influence on the degree of network collapse than the number of attack nodes, especially in attack(5)When the alpha is small, the cascading effect takes less time and is faster than the -shell under the attack. However, the number of failure nodes under the attack is less than that of -shell. Therefore, we cannot conclude that the attack is stronger. If it is assumed that there is no way to intervene before the cascade effect stops, then the -shell attack can be considered stronger(6)When is large and there are many attacked nodes, based on our model, our conclusions above may no longer be applicable

In the above conclusions, the results have revealed the topological vulnerability of cascade in the power grid systems under different attacks and could be used to design the robust topology of wireless sensor networks [41, 42]. The understanding of the process of network collapse is conducive to better erection and use of sensor detection. Under certain measures, this is a favorable measure to deal with the network cascade effect. But for other real networks [43–48], the results are maybe different. So, we will study the vulnerability in other real-world networks with considering the community structure [49] in the future.

#### Data Availability

No data were used to support this study.

#### Conflicts of Interest

S.L., Y.C., X.W., Z.T., and X.C. declare no conflicts of interest that are directly related to the submitted work.

#### Authors’ Contributions

Shudong Li and Yanshan Chen contributed equally to this work.

#### Acknowledgments

This research was funded by the Key R&D Program of Guangdong Province (No. 2019B010136003), NSFC (Nos. U1803263 and 61672020), Project of Shandong Province Higher Educational Science and Technology Program (No. J16LN61), National Key Research and Development Program of China (No. 2019QY1406), and Guangdong Province Universities and Colleges Pearl River Scholar Funded Scheme (2019).