#### Abstract

The scale of the electric cyber physical system (ECPS) is continuously extending, and the existing cascade failure models ignore both the information flow and power flow transferring characteristics and also lack effective survivability analysis. In this paper, the quantitative evaluation method for cascading failure of ECPS survivability considering optimal load allocation is proposed. Firstly, according to the system topological structure and correlation, the degree-betweenness weighted correlation matrix of ECPS is established by defining the degree function as well as the electric betweenness, and the formal representation of coupled ECPS network model is realized. Secondly, based on the structural connectivity change and risk propagation range of ECPS cascade failure, the survivability evaluation model is designed by taking into account the constraints such as node load capacity limitation, information flow optimal allocation strategy, power flow optimization equation, and system safety operation. Finally, the firefly algorithm with chaotic Lévy flight is proposed to solve the evaluation model efficiently. The case study vividly shows that the evaluation method can effectively quantify the survivability of ECPS and thus enhance the evaluation efficiency of large-scale coupled systems.

#### 1. Introduction

With the rapid development of the energy Internet and smart grid, the power system has gradually evolved into a complex multidimensional and heterogeneous electric power cyber physical fusion system with deep coupling of cyber and physical systems [1–3]. Due to the large-scale integration of uncertain renewable generations [4] and new power electronics such as VSC-HVDC [5], the uncertainty of the electric cyber physical systems has greatly increased. The interaction between the information flow and the energy flow in the coupled system is frequently increased, and thus the ECPS network security risk is also increased while improving the power grid perception, computing, communication, and control capabilities. When the cyber system is attacked, it may cause the physical system components to malfunction or refuse to function. Simultaneously, the failure of the physical system will affect the observability and controllability of the cyber system, induce the cascade failure of the dual network, expand the scope of the security incident, and significantly reduce the survivability of the coupled system [6–8]. When a node or line in electric physical system is severely attacked, the relay protection device will act to cause the power flow to shift. When the system cannot achieve a stable state through the power flow calculation, some nodes of the physical system will fail. Since the working physical node can provide energy supply for the cyber node, the cyber node coupled with the failed physical node will fail due to loss of energy supply, and the cascade failure occurs [9–11]. ECPS survivability refers to, when the coupled system is subjected to random disturbances or deliberate attacks, the ability of the system to maintain its original topological structure and operating state [12, 13]. Therefore, when the coupled system is subjected to disturbance or attack, it is important to reveal the inherent vulnerability and disturbance immunity of the system to quickly and effectively evaluate the survivability of the ECPS.

To date, scholars have carried out numerous researches related to the survivability evaluation of ECPS. Literature [14–16] constructs an ECPS network model from the perspective of a dependent network, evaluates the structural connectivity vulnerability of the coupled system, and proposes a corresponding protection strategy. In [17–19], the authors simulate the dynamic cascading failure effect of cyber physical double-layer network based on seepage theory and analyze the vulnerability of ECPS under different coupling strategies. Literature [20–22] constructs a cascade failure model for ECPS-dependent network risk propagation, evaluates the robustness of coupled systems subjected to random attacks, and compares network robustness and node thresholds under different connection strengths. Based on the power flow optimization model, the effects of different cyber network topological structure, cyber edge fault scales, and edge failure modes on power system vulnerability are studied in [23–25]. Literature [26, 27] presents an ECPS risk evaluation model based on game theory from the perspective of both offensive and defensive sides and assesses the harm of network attacks to small-scale ECPS. Literature [28] presents a new model to reformulate the microgrid formulation problem in resilient distribution networks. Literature [29] proposes a novel load restoration optimization model to coordinate topology reconfiguration and microgrid while satisfying a variety of operational constraints, which exploits benefits of operational flexibility provided by grid modernization to enable more critical load pickup. Literature [30] presents a bilevel optimization model for the risk assessment of transmission systems, and the lower level model is expected to provide a generation redispatch by minimizing the total load shedding, and the upper-level model is to maximize the severity risk by constructing a binary optimization model to identify the worst* N-k* contingency.

To sum up, the existing ECPS survivability evaluation methods are mainly based on the dependent network, the seepage theory, the power flow optimization cascade failure model, and the game theory to analyze the vulnerability and robustness of the ECPS network. These aforementioned researches exhibit significant limitations: Structural vulnerability and robustness analysis based on dependent network and seepage theory ignores the difference in properties of cyber nodes and physical nodes (power generation nodes, contact nodes, and load nodes) and also simplifies the cascade failure process into direct node dependence failure. The actual ECPS node has load capacity; the failure node load will be redistributed and will fail when the load exceeds the capacity. Therefore, this simplification will render the evaluation results. The cascading failure model based on power flow optimization focuses on physical network power flow optimization, without considering communication optimal routing and information flow optimization process, and hence it is difficult to truly reflect the survivability change of ECPS failure dynamic process. The ECPS vulnerability evaluation based on game theory is mainly applicable to small-scale case systems. Nowadays, the system of cyber physical fusion is larger and the operation constraints are numerous and complex. For this reason, it is necessary to introduce an efficient intelligent solution algorithm to improve the evaluation efficiency of large-scale ECPS.

Based on the topological structure analysis, this paper firstly formalizes the coupled ECPS by constructing the degree-betweenness ECPS correlation matrix. It also considers the multiconstraint conditions of the ECPS cascade failure load optimization allocation strategy; thereafter a survivability evaluation model for comprehensive structure and state is designed based on the optimal target of load shedding. Finally, the chaotic Lévy flight firefly algorithm is proposed to solve the model.

#### 2. Mathematical Model and Method

##### 2.1. Weighted ECPS Network Model

The ECPS network consists of three parts: the physical network, the cyber network, and the internetwork connection lines [30, 31]. Based on the graph theory, a weighted degree-betweenness matrix is used to formally characterize the coupled system in accordance with the dual-network topological structure and the network connection relationship. The simplified schematic diagram of ECPS network is shown in Figure 1.

The actual power cyber network structure is mostly a star network structure. The experimental data indicate that the node degree allocation of the star network structure is characterized by a power-law allocation without scale-free network [32], so the Barabási-Albert (BA) model with scale of M nodes without scale-free network is a cyber network. Because the dispatching center receives the collected information and issues the irreplaceability of the control command, the node with the largest degree of cyber network is selected as the scheduling center, the other two nodes are selected as the transmitting node, and the remaining M-3 nodes are randomly selected and connected with transmitted nodes. The new node is connected to node* i* with the probability of* p*(*k*_{i}) [32]:where* k*_{i} is the degree of the node* i*.

According to this rule, it stops the growth to the network size of M nodes.

The cyber system corresponding to the dispatch center and each plant station is abstracted as a cyber node, and the fiber link of the cyber transmission is an edge, ignoring the multiple edges, self-loop, and directionality of the link [33]. The cyber network can be represented as a sparse undirected topological structure of* m* cyber nodes and* n* communication links:* G*_{c}*=*(*V*_{c},* E*_{c},* μ*), node set , link set , and

*is the link weight. The edge weight is defined as the degree function that connects the two nodes to the edge:where*

*μ**k*

_{j}is the degree of the node

*j*, and

*is the weight coefficient (0 ≤*

*σ**σ*≤ 1). The weight coefficient

*determines the difference of the edges in the cyber network and also determines the weighting of the network. The larger the*

*σ**, the larger the difference between the edges. When*

*σ**=0, the weights of all edges are*

*σ**=1. There is no difference between the edges, and the cyber network belongs to the unprivileged network; the*

*μ**can be regarded as an exponential function about*

*μ**. When*

*σ**≠0 and*

*σ**changes from 0 to 1, the*

*σ**will change exponentially, and the larger the*

*μ**, the greater the difference of the edges; that is, the difference between the edges is changed by changing the coefficient*

*σ**, and the weight of the edges is realized by the change of the coefficients. According to the literature [34–36], in general, when the weight coefficient is close to 0, that is, when the edge difference is small, the network survivability is high, and the weight coefficient can be adjusted in conformity with the specific production demand in the actual cyber system. In the simulation of this paper, the weight coefficient*

*σ**is smaller.*

*σ**k*

_{i}is the degree of the node

*i*, and

*k*

_{j}is the degree of the node

*j*.

The physical system is based on the IEEE118 standard model, which abstracts power plants, substations, and loads into power generation, liaison, and load nodes [37]; the transmission lines between nodes are abstracted as edges, regardless of multiloop transmission, and different nodes are distinguished. Based on the difference in nature and the direction of transmission, the transmission edge set is directed. The physical network topological structure can be represented as a graph:* G*_{p}*=*(*V*_{p},* E*_{p},* u*), m node sets , n transmission line sets , and* u* is line weight. The electrical trend betweenness* u* can be formulated as follows:where is the maximum capacity of the power generation node, is the maximum load of the load node,* P*_{ij}(*b*) is the component of the active power flowing into the load node from the power generation node on the branch* b*, and* P*_{ij} is the power transmitted by the power generation node* i* to the load node* j*. According to this, the tidal current flows from the sending end to the receiving end area, and each power transmission branch has different tidal current allocation.

The node association matrix in the dual network is established according to the connection relationship between the cyber network and the physical network. If (*v*_{i},* v*_{j})*∈G*_{c}, the cyber network association matrix element* e*^{c}_{ij}=*μ*_{ij}; if (*v*_{i},* v*_{j})*∈G*_{p}, the physical network association matrix element* e*^{p}_{ij =}*u*_{ij}; otherwise* e*_{ij}=0. The physical node provides energy for the cyber node, and the cyber node implements sensing, computing, and communication of the physical node, that is, has both monitoring and control functions. The intrinsic self-similar coupling method has high robustness [38] and is coupled by a one-to-one connection between the physical network high-tech node and the cyber network height node. The connection edge set between* G*_{p} and* G*_{c} is* E*_{pc}(*i*,* j*) and* E*_{cp}(*i*,* j*), regardless of the internetwork information and the direction of energy flow transmission. When the cyber and the physical network node are connected, the connection edge* e*_{pc}(*i*,* j*)=*e*_{cp}(*i*,* j*)=1; otherwise the value is 0. The dual-network association matrix* E*_{cp}(*i*,* j*) is established as follows:where the number of nodes in* G*_{p} and* G*_{c} is* m*.

*E*_{c} is weighted according to the degree structure of the cyber network.* E*_{p} is based on the power flow allocation for electrical betweenness weighting, and different power branches have different power flow components. So far, the established intranetwork correlation matrices* E*_{c} and* E*_{p} are integrated into the ECPS structure and power flow allocation characteristics by degree-media weighting, and the node heterogeneity is distinguished. The internetwork correlation matrix* E*_{cp} represents the dual-network coupling relationship. The information flows in the optimal path between the dispatching center and each cyber station system. The power flow starts from the generator node and is transmitted to each load node via the contact node, and the energy and information interaction between the two networks is realized.

##### 2.2. ECPS Survivability Evaluation Model

This paper primarily discusses the change of ECPS survivability after the cyber network is subjected to attack. In fact, the cascading failure of the alternate domain resulting from the attacks on the cyber network will cause the ECPS to split into several isolated islands or isolated nodes. Thus, the number of failed nodes in the dual network increases and the structural connectivity decreases; the load removal rate increases, the risk scope is expanded, and the survivability is reduced. The survivability evaluation model is designed based on the load allocation optimization constraints of information flow and power flow in the cascade failure process.

###### 2.2.1. Load Allocation Process of Cascading Failure

Researches reveal that cyber system nodes have their own power supply, physical nodes are not the only energy source of cyber nodes, and physical nodes failure does not necessarily cause cyber nodes to fail [38]. Similarly, if the cyber node fails, the coupled physical node cannot be monitored, and the physical node does not necessarily fail. Therefore, the introduction probability is used to characterize the probability of failure between networks. It is assumed that the cascading failure process occurs sequentially in the cyber network and the physical network; that is, the physical network state remains unchanged when the cyber network is reloaded, and vice versa. Referring to Figure 2, we describe the load allocation process for ECPS cascade failure as follows:

The initial cyber network node fails: the C2 node starting from the cyber network* G*_{c} fails. Due to the load allocation of the information flow, the adjacent node C3 receives the additional load, exceeds its own capacity failure, and updates the matrices* E*_{c} and* E*_{cp} after stabilization.

Failure analysis of physical network: failure of C2 and C3 nodes of* G*_{c} will cause the physical node coupled with it to fail with probability . At this time, P2 fails, causing optimal allocation of physical network* G*_{p} power flow and updating* E*_{p} and* E*_{cp} after stabilization.

Cyber network failure analysis: in the* G*_{p}, the failed node in turn causes the* G*_{c} information flow to optimize the allocation with the probability , causing the cyber network C4 node to fail and updating the matrices* E*_{c} and* E*_{cp} after stabilization.

This reciprocates the above process until there are no more node failures in the two networks.

###### 2.2.2. Survivability Evaluation Model

*(1) ECPS Initial Load and Capacity*. The traditional load capacity model uses the number of node’s degree to define the load. It is necessary to grasp the global information, and the computational complexity is high and difficult to implement. Here, the initial load* L*_{ci}(0) of the cyber node* v*_{ci} is defined as the sum of the adjacent edge weights of the node as follows:where* ε* and

*are load-adjustable parameters that control the load strength of different functional nodes (such as communication nodes and routing nodes), neighbor nodes include cyber nodes and coupled physical nodes in the network, and*

*τ**Γ*is a set of neighbor nodes of

*v*

_{ci}.

*k*

_{i}and

*k*

_{j}can be obtained by

*E*

_{c}. The capacity

*C*

_{ci}of the cyber node

*v*

_{ci}is proportional to the initial load and is expressed aswhere

*ρ*_{c}is the margin coefficient of the cyber node.

The load of the physical network mainly considers the power supply to the area. Each of the lines has power transmission. The power exchange between any pair of power generation and load nodes is restricted by the transmission capability. According to the principle of conservation of power inflow and outflow, the initial load of any node* v*_{pi} on the network is formulated aswhere* F*(*i*) is the set of power branches connected to node* i*.

*C*_{pi} capacity is proportional to the load as follows:where* ρ*_{p} is the margin coefficient of the physical nodes. The node load considers the difference between the nodes of the physical network and considers the transmission power on the arbitrary path (the element sequence of* E*_{p}) between the power generation and the load nodes.

The constraints that the cyber node and the physical node do not exceed the capacity limit and are working properly are stated in (9).

*(2) Constraints of Dual-Network Load Allocation. *In the cyber network, the node failure will replan the route through the load (information flow) of the node, the load it carries will be distributed to the rest of the nodes in the network, and the whole network updates the load allocation [39]. After node* i *fails, the load increment of node* j* is given bywhere* L*_{ci} is the load of node* i*;* d*_{ij} is the path length between nodes* i *and* j*, which can be solved by Floyd algorithm [39] in accordance with the cyber network association matrix* E*_{c};* θ* and

*are load allocation strategy coefficients, where*

*ξ**is the range strategy coefficient, which controls the range of load allocation, and the uniformity strategy coefficient, which controls the uniformity of load allocation;*

*θ**k*

_{j}is the degree of node

*j*;

*L*

_{c}(

*d*

_{ij},

*,*

*θ**k*

_{j},

*) is the scale coefficient expressed aswhere Ω is the set of normal working nodes of the cyber network.*

*ξ*The information flow preferential allocation strategy takes into account the constraints such as the shortest path length, load allocation range, and uniformity. It is described as follows:where min* d*_{ij} is the shortest path length between node* i *and* j*; when* θ*→0, the load allocation follows the global preference allocation strategy, and

*=0 is the global uniform allocation strategy; when*

*ξ**→∞, it is the nearest neighbor optimal allocation strategy, and*

*θ**=0 is the nearest neighbor uniform allocation strategy;*

*ξ**>0 is a high-load preference allocation strategy. Considering the actual cyber network load allocation rules, this paper chooses the high-load preference allocation strategy between the global and the nearest neighbors, namely, 0<*

*ξ**<∞, 0<*

*θ**<∞. When some cyber nodes fail, the load increment of the node*

*ξ**j*is given bywhere Λ is the set of failure cyber nodes, and the load of the node

*j*after load allocation can be written as follows.When

*L*

^{’}

_{cj}

*>C*

_{cj}, that is, the node

*j*after the load allocation exceeds the capacity, the cyber node

*j*fails and causes a new load allocation.

When the cyber network node fails, the corresponding element* e*_{ij}=0 is modified by the probability* ω*, and the element

*e*

^{p}

_{ij}value in the physical network association matrix

*E*

_{p}coupled with it is modified, so that the corresponding physical node is invalid, causing the physical network load allocation. The failure of the cyber network node will invalidate the physical node coupled with it with a certain probability , causing the physical network load allocation. When the physical network transformer node is overloaded, the transmission line is overloaded or the output of the generator exceeds the capacity limit, and the dispatch center receives the information and issues control optimization instructions. The system optimizes the allocation according to the real-time network topological structure and operating state parameters, adjusts the generator, and cuts off part of the overload capacity to power flow convergence. If the power flow does not converge, indicating that the generator in the system cannot meet the load demand, then the part of the power load is removed. The objective function of load shedding optimization is given by the following.

The constraints to be met by the power flow balance equation are expressed as follows.

The safe operation and optimization constraints are given aswhere* L*_{pi_cut} is the load shedding amount of node* i*;* P*_{i}(*U*,* δ*) is the active power of node

*i*;

*Q*

_{i}(

*U*,

*) is the reactive power of node*

*δ**i*;

*P*

_{Gi,min}, , ,

*Q*

_{Gi,max}are the lower and upper limits of the active and reactive power of the generator node

*i*, respectively;

*P*

_{Di}and

*Q*

_{Di}are the active and reactive loads of the node, respectively;

*T*

_{k}and

*T*

_{k,max}are the power flow and the upper limit of the power flow of the branch k, respectively;

*U*

_{i,min}and

*U*

_{i,max}are the lower and upper voltage limits of node

*i*, respectively.

*(3) ECPS Survivability Evaluation Model. *In an effort to quantitatively evaluate the survivability of the coupled system after cascading failure, we comprehensively consider the topological structure and operating conditions to define the ECPS survivability evaluation indicators such as node survival rate of* R*_{ns} and power load survival rate of* R*_{pls}.

* R*_{ns}:* R*_{ns} is the ratio of the number of remaining working nodes of the coupled ECPS to the number of initial normal working nodes after the cascading failure is terminated. The transmission of information and electrical energy depends on a reliable connected topological structure.* R*_{ns} is used to measure the structural connectivity change of ECPS: the larger the* R*_{ns}, the better the structural connectivity and the higher the survivability as follows:where* N*^{’}_{c} is the number of remaining nodes of the cyber network,* N*^{’}_{p} is the number of remaining nodes of the physical network,* N*^{’} is the number of remaining nodes of the cyber network and the physical network,* N*_{c} is the initial number of normal nodes of the cyber network, and* N*_{p} is the initial number of physical networks. The number of normal nodes,* N*, is the number of initial normal working nodes.

* R*_{pls}:* R*_{pls} is the ratio of the residual power load of the coupled ECPS to the initial total power load after the cascading failure is terminated. When the power flow convergence fails, the safety risk is eliminated by removing the load.* R*_{pls} is used to measure the risk spread range of the ECPS: the larger the* R*_{pls}, the smaller the risk spread range and the higher the survivability as follows.

The ECPS survivability is related to the real-time topological structure and operating state. By calculating the square root, the* R*_{ns} and* R*_{pls} indicators are combined to establish an ECPS survivability evaluation model, and the comprehensive survivability value (*V*_{cs}) is calculated. The expression is mathematically expressed as follows.

###### 2.2.3. Model Simulation Process

Based on the previous analysis, and by considering the information flow and power flow optimization control of the dispatch center, the simulation process for designing the ECPS cascade failure survivability evaluation consists of the following steps.

*Step 1. *According to the topological structure and association relationship of the coupled system, establish an ECPS weighted correlation matrix, initialize node load and capacity, and all nodes in the dual network work normally.

*Step 2. *Set the cyber network node attack mode: random attack mode:* A*_{random}, deliberate attack mode:* A*_{sdr} (static degree ranking attack),* A*_{slr} (static load ranking attack), and* A*_{dlr} (dynamic load ranking attack).* A*_{random} refers to a random attack on a certain proportion of cyber network nodes;* A*_{sdr} refers to the network structure and parameters in advance and attacks the initial high-degree node of the cyber network in turn, and the attack strategy does not change in the process;* A*_{slr} refers to successively attacking the high-load nodes determined by the initial cyber network structure and parameters, and the attack process strategy does not change;* A*_{dlr} refers to attackers attacking the real-time high-load nodes updated by the load allocation in conformity with the cyber network structure and operation status after each attack. The attack mode is selected to remove the number of nodes in the cyber network with a ratio of* p*% (0 ≤* p* ≤ 30), and the analog cyber network is subjected to network attacks.

*Step 3. *The information flow is optimized and redistributed. Furthermore, the topology structure after load allocation in the cyber network is analyzed, and the remaining nodes of the statistical cyber network are collected.

*Step 4. *The physical node coupled with the failure cyber node will fail with the probability* ω* and disconnect the coupling edge, calculate the physical network flow at this time, and then upload the physical network topological structure as well as the power flow information to the dispatch center.

*Step 5. *The information received by the dispatching center will check whether the power flow exceeds the limit in accordance with the power flow status of the physical network. If a situation exceeds the limit, a control command is issued to enable the physical network to optimize the power flow allocation and go to Step 6. Otherwise, it goes to Step 7.

*Step 6. *If the optimization result converges, the physical network adjusts the generator output or activates the protection action device to cut off the capacity overload line; if the optimization result does not converge, the load optimization is performed to cut off part of the power load (see Section 2.2.4 for the optimization algorithm).

*Step 7. *The physical node fails to cause the cyber node coupled with it to fail with probability *ω*, the bearer load of the failed node is allocated according to the information flow optimization strategy, and the statistical cyber network and the remaining nodes of the physical network are collected.

*Step 8. *If the number of iterative dual-network nodes no longer changes, the single simulation ends, and the* R*_{ns},* R*_{pls}, and* V*_{cs} of the coupled network are calculated.

###### 2.2.4. Model Solving Algorithm

The load optimal allocation in the evaluation model is an optimization problem that attempts to minimize the coupled ECPS power load under the constraints of the node load capacity limit, the information flow preferential allocation strategy, the power flow optimization equation, and the system safety operation. There are numerous constraints, nonlinearity and high computational complexity. Therefore, it is easy for the bionics firefly optimization algorithm with simple structure and parameters to jump out of the local optimal solution and reduce the computational complexity [39]. However, the standard firefly algorithm has a relatively slow convergence rate in the initial stage. To solve this problem, this paper proposes a chaotic Lévy flight firefly algorithm to solve the model. Based on the standard firefly algorithm, chaotic optimization and Lévy flight search are introduced to improve the random step size as well as the efficiency of the solution.

*(1) Chaotic Lévy Flight Firefly Algorithm. *In the early stage of optimization, the firefly's position allocation is relatively scattered, the relative distance is long, the attraction is weak, and it is easy to prematurely converge when the solution domain is large. Thus, the following improvements are made:

Chaos optimization relative attraction dynamically updates the value of the attraction coefficient *γ* by chaos optimization method to improve the mutual attraction ability of long-range fireflies and improves the convergence speed of the initial stage of the algorithm as presented in where* k* is the number of iterations, is in the range of 0.01 to 100, and is chaotic control coefficient.

Lévy flight for random items: based on the idea of heuristic search, Lévy flight is used as a random step size in each local search process, and its expression is given bywhere* x*_{i},* x*_{j} are the spatial position coordinates of fireflies* i *and* j*, respectively; *β*_{ij} is the attraction function;* r*_{ij} is the Cartesian distance between fireflies* i* and* j*; and* r*_{1} is a random number uniformly distributed in the interval . ⊕ is the interpoint multiplication;* r*_{1} is the distance between fireflies;* X*_{M} is the upper and lower limit of the search space of the objective function; Lévy is the random step size satisfying the random search path of the Lévy allocation, and its random step size is expressed aswhere* s* is the Lévy random step size and is the Lévy allocation.

*(2) Algorithm Flowchart of Model Solving. *Based on the chaotic Lévy flight firefly algorithm, the model solution flow is given, as shown in Figure 3.

#### 3. Case Studies

##### 3.1. Experimental Data

The physical network in the ECPS relies on the IEEE 118-node system and its topological structure (as shown in Figures 4 and 5), and the cyber network is the 118-node BA scale-free network generated by Matlab 2016 (as shown in Figure 6). The weighted correlation matrices* E*_{c},* E*_{p},* E*_{cp} are generated in conformity with the preamble-mediated coupling method, and the ECPS network* G*=(*G*_{c},* G*_{p},* E*_{cp}) is characterized by* G*_{c}=(*V*_{c},* E*_{c},* μ*),

*G*

_{p}=(

*V*

_{p},

*E*

_{p},

*u*), and

*E*

_{cp}.

The weighted correlation matrix is input to Python 3.5, and the model parameters are set as follows: cyber network weight coefficient* σ*=0.1; load-adjustable parameter

*=0.5,*

*ε**=1; double-network margin coefficient*

*τ*

*ρ*_{c}

*=*

*ρ*_{p}=0.5; the load allocation strategy coefficient

*=1; the internetwork failure probability*

*θ*=*ξ**=0.5. Four model solving algorithms are selected [39–41]: classic firefly algorithm (FA), chaos firefly algorithm (CFA), improved chaos firefly algorithm (ICFA), and chaotic Lévy flight firefly algorithm (CLFFA). Algorithm parameter settings are shown in Table 1.*

*ω*##### 3.2. Evaluation Method Analysis

In order to verify the effectiveness and efficiency of the evaluation method, the following three aspects are analyzed: comparison and analysis of ECPS survivability evaluation methods; comparison and analysis of ECPS survivability under different attack modes; and comparison and analysis of results and efficiency with different algorithms.

*(1) Comparison and Analysis of ECPS Survivability Evaluation Methods. *In the existing researches, the node cut rate and the power load cut rate are used as evaluation indicators to study the vulnerability of ECPS. When the vulnerability evaluation value is high, the survivability of ECPS is low. Using the* A*_{sdr} deliberate attack mode, the node cut rate and the power load cut rate are used as the survivability evaluation indicators. The ECPS of the typical IEEE118-BA118 was selected as the research subject, and the evaluation results of the following three evaluation methods are compared: (a) uncorrelated network seepage model (Method 1); (b) cascade failure model based on power flow optimization (Method 2); (c) the evaluation method in this paper, as shown in Figures 7(a) and 7(b).

**(a) Chart of node cut rate comparison**

**(b) Chart of power load cut rate comparison**

From Figures 7(a) and 7(b), when the proportion of initial attack cyber nodes is low, the evaluation results of the three methods are similar. This is because the number of cyber node failures is small, the number of normal working nodes is large, the structural connectivity is good, the risk propagation range is small, and the information flow and power flow optimization are not obvious. When the ECPS structure is dissociated and the risk spread range is expanded, the evaluation results of the three methods are different. The method has the highest survivability. This is due to the structural characteristics analysis of the uncorrelated network seepage model. The node failure will cause the dependent nodes to directly depend on the failure, and the self-regulating ability of the coupled system is not considered. In fact, the cascading failure model based on the power flow optimization can consider certain power flow optimization. However, the actual information flow is not involved in the load optimization allocation feature; that is, there is no load optimization process on the cyber network side; this method introduces the load capacity factor of the dual-network node, considering the scheduling center to monitor the system topology and state changes in real time, and participating in the load allocation process of controlling traffic flow and power flow optimization enhances the ECPS ability to resist network attacks. In the actual operation process of ECPS, the system itself has the ability of sensing and regulation. There is the monitoring function of the dispatching center and the switching operation of the relay protection device. The evaluation method of this paper is closer to the actual operation. Therefore, considering the load optimization allocation can enhance reliability of the ECPS survivability evaluation results.

*(2) Comparison and Analysis of ECPS Survivability under Different Attack Modes. *The random attack and three deliberate attack modes were used to evaluate the ECPS structural connectivity and risk propagation range of the four different attack modes, as shown in Figures 8(a) and 8(b). The evaluation values of the comprehensive survivability* V*_{cs} obtained by the fusion index are shown in Table 2.

**(a) ECPS structural connectivity**

**(b) ECPS risk spread range**

It can be seen from Figures 8(a) and 8(b) that, as the proportion of attack nodes in the cyber network increases, the connectivity of the ECPS and the survivability of the power load decrease, which indicated that the cyber node failure causes the cross-domain cascade failure of the coupled ECPS, so that the system topological structure is unpacked and hence the scope of risk spread is expanded. The overall trend of the two indicators is similar, but the slopes of the decline are not the same, which indicates that the survivability of coupled ECPS from a structural connectivity or operational state indicator is not comprehensive enough. For random attacks, the threshold ratio of attack nodes whose survival rate decreases to 0 is 23.7%, and the threshold ratio of attack nodes whose power load survival rate decreases to 0 is 22.8%, which indicates that the topological structure has lower vulnerability than the running status indicator. The defender needs to improve the robustness of the coupled system structure and also optimize the load allocation strategy of both information flow and power flow to improve the power load survival rate.

It can be seen from Table 2 that the evaluation results of the table combine the structural and state indicators to dynamically quantify the comprehensive survivability values of the ECPS under the four types of network attacks. The attack thresholds that caused the system to be completely paralyzed are 26%, 23%, 19%, and 13%. It is shown that the damage degree of the four attacks on ECPS survivability is ranked as:* A*_{dlr}>*A*_{slr}>*A*_{sdr}>*A*_{random}. Compared with random attacks, deliberate attacks are more harmful. Because of the actual grid operation, random attacks can be regarded as random disturbances caused by human errors and natural factors. The purpose of the attacks is not clear and the degree of damage is small. The deliberate attack means that the attacker has mastered the topological structure and operating parameters of the network in advance and designed the attack strategy more specifically. The load ranking attack is more harmful than the degree attack as far as the comparison is concerned, which indicates that the high-load node is more important. Because the method distinguishes the difference in node properties, the high-load node combined with the structure and state is the key node; it is not an important node of high-degree for single structure, so it requires a strong protection of these high-load nodes that improve the survivability of ECPS. In comparison with static attacks, dynamic attacks are more harmful. Improving survivability requires defenders to avoid ECPS network structure and state information leakage, monitor network status in real time, and develop dynamic defense strategies. Thus far, according to the evaluation method of this paper, the dynamic value of survivability of the ECPS cascade failure process can be effectively quantified.

*(3) Comparison and Analysis of Results and Efficiency with Different Algorithms. *Using* A*_{random} mode to attack 10% of the cyber nodes, the evaluation results of the four algorithms are compared, as shown in Table 3, and the solving efficiency of the four algorithms of different ECPS scales is compared, as shown in Figure 8.

From Table 3, we can see that the four algorithms can make the objective function value converge after several iterations and can obtain the optimal solution after load allocation. The survivability evaluation result of ECPS of CFA is better than that of FA, because CFA initializes the population with chaotic map sequence. Variables can traverse all nonrepetitive states in a certain range according to the sequence law to optimize the search. The range of chaotic optimization is extended to the optimal variable interval, and the initial solution with stronger search ability and uniform distribution can be obtained, which can avoid falling into premature convergence partial optimal solution. Moreover, the number of iterations of CFA is 23 times less than that of FA, which shows that the chaotic dynamic search area significantly improves the search speed of the algorithm. ICFA adds chaotic local search operator on the basis of CFA to search the current optimal solution by random substitution of individual population and using Gauss mutation. ICFA is superior to CFA in terms of the accuracy of local search space, but has no significant improvement in the speed of optimization. The survivability evaluation results of CLFFA algorithm presented in this paper are better than those of the other three algorithms. This is mainly due to the fact that the ICFA algorithm introduces the random step size of Lévy distribution in an effort to dynamically adjust the local and global search behavior, which can balance the proportion of local and global search, and take into consideration the local and global optimal characteristics. Therefore, it obtains the optimal solution with higher global accuracy and the number of iterations. Less than the other three algorithms, the results converge quickly.

Figure 9 shows that when the size of ECPS is small and the number of nodes is less than 60, the computing time of the four algorithms is almost the same, which shows that the optimization effect of small-scale coupled system is not obvious. This is owing to the small number of small-scale ECPS, the small search area, and the relatively high attraction of fireflies to each other, which cannot consider both local and global optimization characteristics. With the enlargement of ECPS scale and the number of nodes, CLFFA enhances the attraction between fireflies by chaotic optimization dynamics, dynamically adjusts the proportion of local and global searches by the random step size of Lévy distribution, changes the local premature convergence characteristics, makes the optimization results jump out of the local optimal solution quickly, improves the speed of solution, and shows great advantages in time consumption. This means that when the proposed algorithm is applied to large-scale ECPS, the evaluation model can be solved more efficiently.

#### 4. Conclusions and Future Research

Based on the simulation results on the test cases, the conclusions can be drawn as follows.(1)The weighted correlation matrix of ECPS is established to realize the formal representation of ECPS, which distinguishes the node properties and functional differences and overcomes the shortage of the unweighted model representation method.(2)Considering the load optimal allocation, the ECPS survivability is designed. The evaluation model compensates for the limitations of the existing model ignoring the node load capacity as well as the information-energy flow optimization. The survivability of the ECPS is analyzed from the structural connectivity and the risk propagation range points of view. Survivability provides a theoretical reference for guiding ECPS against network attacks.(3)The model solving algorithm of chaotic Lévy flight firefly is proposed to make the calculation results converge quickly, and the evaluation efficiency is significantly improved when applied to large-scale systems.

This paper focuses on the impact of load optimal allocation on the survivability of the ECPS, and the differences in cyber network topological structure as well as transmission service types will also affect the evaluation results. Therefore, the follow-up research works will consider the above factors to further improve the survivability evaluation method, so that the evaluation results will be more realistic.

#### Data Availability

The data used to support the findings of this study are available from the corresponding author upon request.

#### Conflicts of Interest

The authors declare that they have no conflicts of interest.

#### Acknowledgments

The research was funded by the following projects: National Natural Science Foundation Key Project: Extraction and Characterization of Power System Operation Behavior Recognition Based on Large Data (51437003); Jilin Province Science and Technology Development Plan Project: Research on Key Technologies of Network Information Attack Identification and Defense Considering Information Physical Fusion (20180201092GX); and Jilin Province Science and Technology Development Plan Project: Jilin Electric Power Big Data Intelligent Processing Engineering Research Center (20160623004TC). Thanks are due to Pro. Yang Li from the Argonne National Laboratory in the United States for providing the algorithm improvement guide.