Ordinal Optimization Based Security Dispatching in Deregulated Power Systems

Qing-Shan JIA, Member, IEEE, Min XIE, Felix F. WU, Fellow, IEEE
Abstract Due to the uncertainty in the forecasting of load patterns, security dispatching nds the generation pattern, which is the most economic and passes all N 1 contingencies test with respect to (w.r.t.) all possible load patterns. The Monte Carlo simulation based method is computationally infeasible for practical scale power systems. In practice, usually only the most possible load pattern is considered in the security dispatching. In this study, we rst show that this leads to the highly optimized tolerant property of power systems, and sometimes cascading failure. Then we develop an ordinal optimization based method to address this issue. This new method nds an economic generation pattern with quantiable secure probability w.r.t. all possible load patterns. This method is demonstrated on a modied IEEE 30-bus standard power system. We hope this study sheds some insight on the understanding of power system collapse, especially the cascading failure.

Index Terms Security dispatching, highly optimized tolerant, ordinal optimization. I. I NTRODUCTION Security dispatching in a power system aims at economically dispatching the generation and ensuring the security of the power system under this generation pattern. In a deregulated power system, the so-called Independent System Operator (ISO) [1] usually acts as the global coordinator, and is in charge of short term security of the power system. When designing an economic and secure generation pattern, the ISO solves a constrained optimization problem, which is usually known as the Optimal Power Flow (OPF) [2] calculation. The objective function to minimize is the production cost of the electricity in the entire power system. The equality constraints contain the power balance constraint (i.e., the generation should equal to load plus transmission loss) and the other equality constraints describing the Kirchhoffs current and voltage laws. The inequality constraints such as no overloads in the transmission lines (also called no N 0 overloads), and the security constraints (usually N 1 contingencies) are also considered. Since the OPF
This work was supported in part by the National Basic Research Program of China under Grants 973 (2004CB217900), NSFC Grant (Nos. 60704008 and 60736027), the National New Faculty Funding for Universities with Doctoral Program (20070003110), and by the Programme of Introducing Talents of Discipline to Universities (the National 111 International Collaboration Project, B06002). Qing-Shan JIA is with Center for Intelligent and Networked Systems (CFINS), Department of Automation, Tsinghua University, Beijing 100084, China (Email: jiaqs@tsinghua.edu.cn). Min XIE is with the Electric Power College of South China University of Technology, Wu Shan Road, Tian He District, Guangzhou, Guangdong Province 510641, China (Email: minxie@scut.edu.cn). Felix F. WU is with the Electrical and Electronic Engineering Department, the University of Hong Kong, Pok Fu Lam Road, Hong Kong, China (Email: ffwu@eee.hku.hk).

calculation of a large scale power system is usually time consuming, the security dispatching is implemented through two markets in a practical deregulated power system: the day-ahead market (DAM) and the real-time market (RTM) [3]. The DAM is operated one day before real security dispatching. The bidding curve of each power producer is estimated by the marginal cost. The load level is estimated according to historical data, and distributes to all buses with a presumed distribution, which yields an estimate of the load pattern. Then the ISO solves an OPF and gets a generation pattern, which is the most economic w.r.t. the estimated cost curve, and satises all N 1 contingencies. In RTM, the true load pattern is available, which is usually different from the estimate. And the ISO should adjust the generation pattern to meet the true load pattern. The power producers supply the adjustment cost curves, which may be quite different from the cost curves estimated according to the marginal costs. Based on the generation pattern obtained from DAM, the ISO solves an OPF to minimize the adjustment cost and meet the load demand. The resulting generation pattern is then implemented in the power system. Note that the security constraints (e.g., the N 1 contingencies) are usually checked in the DAM because there is more time to do the calculation. But in the RTM, only some and not all of the security constraints are checked in order to speed up the calculation. This works well when the estimate of the load pattern is accurate. But when the load pattern estimate is not accurate, this may make the power grid insecure even w.r.t. N 1 contingencies, and could lead to cascading failure. The fact that the security of the generation pattern obtained from RTM relies on the accurate load estimate assumption is similar to the highly optimized tolerant (HOT) [4], [5] property in some complex systems. The power system is robust to the contingencies when the load pattern is the one considered in the OPF calculation, but fragile to the contingencies when the load pattern is unexpected. In Section II, we use a numerical example on a modied IEEE 30-bus standard system to show the HOT property in security dispatching. In Section III, we formulate the security dispatching problem into a simulation-based optimization problem. The difculty to solve this problem (i.e., the uncertainty and limited computing budget) is discussed. In Section IV, we develop a method based on ordinal optimization (OO) [6] to solve this problem, which nds an economic generation pattern with quantiable secure probability w.r.t. all possible load patterns. The efciency of this method is demonstrated on a modied IEEE 30-bus system in Section V. We briey

TABLE I T HE REAL POWER Bus No. Capacity (MW)

CAPACITIES OF THE GENERATORS .

1 80

2 80

13 40

22 50

23 30

27 55

TABLE II T HE LINE CAPACITIES . From Bus To Bus Capacity (MW) From Bus To Bus Capacity (MW) From Bus To Bus Capacity (MW) From Bus To Bus Capacity (MW) From Bus To Bus Capacity (MW) From Bus To Bus Capacity (MW) 1 2 45 4 12 20 8 28 35 12 13 40 16 17 10 25 26 10 1 3 45 5 7 25 9 10 20 12 14 15 18 19 15 25 27 20 2 4 35 6 7 25 9 11 10 12 15 20 19 20 15 27 28 20 2 5 25 6 8 35 10 17 15 12 16 15 21 22 30 27 29 15 2 6 35 6 9 20 10 20 20 14 15 10 22 24 10 27 30 15 3 4 45 6 10 10 10 21 20 15 18 20 23 24 15 29 30 15 4 6 40 6 28 25 10 22 25 15 23 15 24 25 20 -

Fig. 1. The single-line diagram of the IEEE 30-bus system. The bars represent the buses. The index of the bus is shown beside the bus. The circles represent generators. The arrows represent loads. The lines represent the transmission lines.

conclude in Section VI. II. T HE HOT

PROPERTY OF SECURITY DISPATCHING

In this section, we use a numerical example on a modied IEEE 30-bus standard system (the case30 in [7]) to show the HOT property of security dispatching. The single-line diagram of the IEEE 30-bus system is shown in Fig. 1. There are 6 generators at bus 1, 2, 13, 22, 23, and 27, and there are 41 transmission lines in total. There are loads in 20 nodes, i.e., bus 2, 3, 4, 7, 8, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24, 26, 29, and 30. The generator capacities are shown in Table I. The line capacities are shown in Table II. In the following, we simulate how the ISO determines the generation pattern in security dispatching and then discuss the security of such generation pattern under N 1 contingencies. To simplify the discussion, we assume no N 1 contingencies are checked in the RTM. First, the ISO estimates the cost curves for the 6 generators based on historical data. Suppose the estimate is
2 Fi (PGi ) = ci2 PG i + ci1 PGi , i = 1, 2, 5, 8, 11, and 13, (1)

re-write the objective function and the constraints. Then the security dispatching problem is minPGi iVG Fi (PGi ) no N 0 overloads no N 1 overloads, (2)

s.t.

where ci1 and ci2 are nonnegative constant coefcients. The ISO also estimates the load patterns for each of the 20 load buses. Suppose the estimated load PLi at bus i contains truncated normal distribution, the mean values Li and standard deviations Li of which are shown in Table III. Suppose these load patterns are independent from each other. It is computationally impossible to sample all different load patterns, and use Monte Carlo simulation to accurately evaluate the security of all generation patterns and select the most economic and secure one. To save the computing budget, the ISO considers only the most possible load pattern, in which the real power load PLi take the mean values. We list this estimated load pattern in Table IV. We

where VG is the set of generator bus numbers. The generation pattern found by the OPF calculation is shown in Table V. This generation pattern ensures no N 1 overloads w.r.t. the estimated load pattern shown in Table IV. The real load patterns may be different from the estimated mean values. Suppose the security is dispatched according to the optimal generation pattern w.r.t. the estimated load pattern, and then the load pattern changes to the case shown in Table IV. Then in the RTM, the ISO should adjust the generation pattern to satisfy the true load pattern, and minimize the total cost in the same time. To simplify the discussion, suppose the incremental cost curves in the RTM are the same as the bidding curves in the DAM. Then the ISO uses the generation pattern obtained in the DAM as an initial value, and runs a power ow calculation to get the nal generation pattern which satises the true load pattern. We check the N 1 overloads and nd that among all the 41 possible N 1 contingencies, the generation pattern has N 1 overloads after 23 of them. Even worse, some N 1 contingency leads the power system to cascading failure. To show the process that the transmission lines trip off one after another due to overload, we take a sequence of power

TABLE III T HE MEAN VALUES AND STANDARD DEVIATIONS OF THE COEFFICIENTS

IN THE LOAD PATTERNS .

TABLE V
) W. R . T. T HE OPTIMAL GENERATION PATTERN (PG LOAD PATTERN .

THE ESTIMATED

Bus No.(i) Li (MW) Li (MW) Bus No.(i) Li (MW) Li (MW) Bus No.(i) Li (MW) Li (MW)

2 21.7 2.17 14 6.2 0.62 21 17.5 1.75

3 2.4 0.24 15 8.2 0.82 23 3.2 0.32

4 7.6 0.76 16 3.5 0.35 24 8.7 0.87

7 22.8 2.28 17 9.0 0.90 26 3.5 0.35

8 30.0 3.00 18 3.2 0.32 29 2.4 0.24

10 5.8 0.58 19 9.5 0.95 30 10.6 1.06

12 11.2 1.12 20 2.2 0.22 -

Bus No. (MW) PG

1 43.8

2 57.9

13 17.3

22 23.1

23 16.8

27 32.7

TABLE VI T HE RESULT OF THE N 1 CONTINGENCIES . From Bus To Bus Load(MW) # of Buses From Bus To Bus Load(MW) # of Buses From Bus To Bus Load(MW) # of Buses From Bus To Bus Load(MW) # of Buses 1 2 50.0 10 4 6 97.2 16 6 10 156.2 23 12 16 207.3 28 1 3 50.0 10 4 12 156.2 23 9 10 156.2 23 14 15 208.6 29 2 4 50.0 10 5 7 97.2 17 10 17 211.4 29 23 24 201.1 27 2 5 97.2 16 6 7 197.0 28 12 13 135.9 20 24 25 145.7 23 2 6 97.2 16 6 8 171.2 25 12 14 208.6 29 25 27 201.1 27 3 4 53.3 12 6 9 156.2 23 12 15 123.6 16 -

TABLE IV T HE ESTIMATED Bus No. Estimate(MW) True(MW) Bus No. Estimate(MW) True(MW) Bus No. Estimate(MW) True(MW) Bus No. Estimate(MW) True(MW) Bus No. Estimate(MW) True(MW) 1 0 0 7 22.8 28.8 13 0 0 19 9.5 9.1 25 0 0
AND TRUE LOAD PATTERN .

2 21.7 13.4 8 30.0 29.9 14 6.2 17.2 20 2.2 0 26 3.5 7.8

3 2.4 3.1 9 0 0 15 8.2 7.6 21 17.5 19.0 27 0 0

4 7.6 9.1 10 5.8 6.7 16 3.5 4.1 22 0 0 28 0 0

5 0 0 11 0 0 17 9.0 14.4 23 3.2 6.8 29 2.4 0

6 0 0 12 11.2 14.9 18 3.2 3.5 24 8.7 16.9 30 10.6 13.5

TABLE VII T HE CASCADING FAILURE PROCESS AFTER THE LINE BETWEEN AND 2 IS OUTAGE . Step 0 1 2 3 4 5 6 7 8

BUS

ow calculations.1 After each calculation, the overloaded transmission lines are identied. The transmission line that is overloaded the most trips off. Then we calculate the power ow again to identify overloaded transmission lines. This procedure continues, until all transmission lines trip off and the entire power system is in blackout. For all the N 1 contingencies, we show the remaining load and bus number in Table VI. From Table VI, we can see that some cascading failures cause more than 75% load shedding (e.g., the cases in contingency 1,2,3, and 6). As an example, we show the details of the cascading failure after the line between bus 1 and 2 is outage in Table VII. From this example, we can see that the security dispatching process has the HOT property. If only the most possible load pattern is considered, the resulting generation pattern is secure under the presumed load pattern. But when the load pattern is different from the estimate, the generation pattern easily fails after the N 1 contingencies. Sometimes, cascading failures are caused. III. P ROBLEM FORMULATION In practice, security dispatching is implemented through the DAM and the RTM. The DAM supplies an initial value of the generation pattern, which is further tuned in the RTM according to true load pattern. In this section, we present the
the detailed cascading process is predicted by a series of power ow calculations. In a future work, this will be replaced by the simulation result based on a detailed transient simulation program.
1 Currently,

9-1 9-2

10

11-1 11-2

12-1 12-2 Summary

Cascading Failure Process Line from bus 1 to bus 2 is outage. Line from bus 1 to bus 3 overloads and trips off. Bus 1 is isolated. Line from bus 2 to bus 6 overloads and trips off. Line from bus 2 to bus 4 overloads and trips off. Line from bus 2 to bus 5 overloads and trips off. Bus 2 is isolated. Support local load 13.4MW. Line from bus 12 to bus 13 overloads and trips off. Bus 13 is isolated. Line from bus 22 to bus 24 overloads and trips off. Line from bus 10 to bus 21 overloads and trips off. Line from bus 10 to bus 22 overloads and trips off. The system splits into two islands. Island 1 consists of bus 21 and 22. Island 2 consists of the rest 25 buses. Island 1: All lines are under capacities. The 19.0MW load at bus 21 is supported by the generator at bus 22. Island 2: The real power demand exceeds the generator capacities. After a load shedding, the real power demand is slowly below the generator capacities. But the line from bus 15 to bus 23 overloads and trips off. Another load shedding is taken. But the line from bus 27 to bus 28 still overloads and trips off. Island 2 then further splits into two islands. Island 2-1 consists of 18 buses. Island 2-2 consists of 7 buses. Island 2-1: There are no generators. This island is blackout. Island 2-2: Line from bus 25 to bus 27 overloads and trips off. Island 2-2 further splits into 2 islands. Island 2-2-1 consists of 4 buses. Island 2-2-2 consists of 3 buses. Island 2-2-1: All lines are under capacities. The remaining real power load is 12.3MW. Island 2-2-2: All lines are under capacities. The remaining real power load is 5.3MW. The total remaining real power load is 50MW. The remaining number of buses is 10.

general mathematical formulation of the security dispatching problem. Suppose there are m generators, with cost function
2 Fi (PGi ) = ci2 PG i + ci1 PGi , i = 1, 2, . . . m,

(3)

where cij are nonnegative constants. Suppose the load at bus i, PLi , contains truncated normal distribution with mean value Li and standard deviation Li . Suppose the loads at different buses are independent. We introduce function L(, ) to denote the power ow calculation of the power system under study, where the rst parameter is a generation pattern, and the second parameter is the load pattern. The function L(, ) returns the generation pattern satisfying power ow calculation. Let PML = (L1 , L2 , . . . Ln ) be the most possible load pattern. Let PIG = (PIG1 , . . . PIGm ) be the initial generation pattern, which is dened as PIG = L(PG , PML ), where PG is an arbitrary generation pattern. Let denote the set of all PIG s. By denition PIG = L (PIG , PML ). Given a PIG , when the load pattern PL is different from PML , the generation pattern changes from PIG to PG = L (PIG , PL ). The cost of a generation pattern m is FC (PIG ) = i=1 Fi (PGi ). We evaluate the security of an initial generation pattern PIG under all possible load patterns. We introduce an indicator function of security, IS , which is dened as follows. When the load pattern is PL , the generation pattern is PG = L (PIG , PL ). If PG does not cause any overloads when line l is outage under load pattern PL , we denote this as IS (PG , PL , l) = 1; otherwise, IS (PG , PL , l) = 0, where l is any transmission line in the power system. Particularly, if PG does not cause any overload when there is no line outage under load pattern PL , we denote this as IS (PG , PL , ) = 1; otherwise IS (PG , PL , ) = 0. In this way we can use IS (PG , PL , l) = 1, for all l { the set of transmission lines} to represent the constraint that requires PG does not cause any N 0 or N 1 overload under load patter PL . Note that IS (PG , PL , l) can be rewritten as IS (L (PIG , PL ) , PL , l), so IS (PG , PL , l) is a function of PIG , PL , and l. Now we can formulate the optimization problem solved in the DAM as follows: minPIG FC (PIG ) , s.t. IS (L (PIG , PL ) , PML , l) = 1, for all l {the set of transmission lines} . (4)

sometimes a single line outage even leads to cascading failure of the entire power network. One important reason is that the uncertainty of load pattern PL is not considered in the DAM (Equation (4)). As aforementioned this is reasonable under the accurate load estimate assumption, i.e., PML and PL are very close. But when this assumption is violated, there is no reason to believe that the above method gives a secure generation pattern. To overcome this problem, when evaluating the security of an initial generation pattern PIG , we should consider all possible load patterns PL s. Furthermore, we use pl to denote the outage probability of transmission line l. Particularly, we use p to denote the probability of no line outage. Then we evaluate the security of generation pattern PIG as FS (PIG ) = EPL { l pl IS (L (PIG , PL ) , PL , l)}. We propose a new optimization problem for the DAM as follows. minPIG FC (PIG ) , s.t. FS (PIG ) , (5)

where is a required security level, 0 1. The optimal is modied in the RTM, and initial generation pattern PIG the resulting generation pattern is then implemented in the power system. Comparing with the optimization problem in Equation (4), Equation (5) considers the uncertainty in PL , and ensures the security of an initial generation pattern under all possible load patterns is high enough. So, it is reasonable to expect a more secure generation pattern obtained in this way. We take a close look on the difculty to solve the security dispatching problem in Equation (5). This is a simulationbased optimization problem. To accurately evaluate the security of an initial generation pattern, we need to use Monte Carlo simulations. A lot of load patterns should be sampled. For each load pattern sample, to evaluate whether the generation pattern causes any N 1 overloads, all the N 1 contingencies should be considered. So, it is computationally infeasible to accurately evaluate the initial generation patterns to nd the most economic and secure one for the practical size of a power system. In Section IV, we apply ordinal optimization [6], [8] to overcome this difculty. IV. OO BASED METHOD Ordinal optimization (OO) [8] is a technique to deal with simulation-based optimization problems. Since it is time-consuming to accurately evaluate the solution candidate through Monte Carlo simulation, OO suggests using a crude model to roughly but fast evaluate a lot of solution candidates and then screen out a small set of good ones. Then the Monte Carlo simulation is used to more accurately evaluate these selected solution candidates, and nd the nal solution. Different from other heuristics or philosophies, OO supplies a quantiable global goodness of the delivered solution candidate(s). In the following, we rst briey review the basic ideas of OO, then discuss how to apply OO to solve the security dispatching problem. The basic ideas of OO contain two tenets: Ordinal comparison and goal softening. Ordinal comparison says that it

The constraint requires the initial generation pattern should pass all the N 0 and N 1 criteria when the load pattern is the most possible one that is estimated in the DAM. In the RTM, the optimal initial generation pattern PIG is modied according to the true load pattern PL and incremental cost curves. To simplify the discussion, we assume no N 1 contingencies are considered in the RTM. This is the mathematical formulation of the security dispatching problem implemented in practice. As shown in Section II, the resulting generation pattern in this way may not pass N 1 criteria w.r.t the true load pattern PL , and

is much easier to nd out which solution candidate is better than to nd out how much better. Goal softening says that when it is computationally infeasible to nd the optimal solution, it is usually practically satisfying to nd a good enough solution (i.e., the top-g % solution candidates, where g is determined by the user). The exponential convergence of ordinal comparison and how goal softening saves the computing budget has also been made mathematically rigorous [9][11]. Instead of nding the best solution for sure (which is computationally infeasible), OO nds some good enough solutions with high probability, say no less than 0.95. After the conventional OO have been successfully applied to many practical applications [12], it was later on extended to constrained optimization problems, i.e., constrained ordinal optimization (COO) [13], [14]. In these problems, it is time-consuming to accurately evaluate whether a solution candidate is feasible. The problem described in Equation (5) falls in this case. Since it is computationally infeasible to nd the feasible solution with the best performance, COO uses a feasibility model to screen out some, if not most, infeasible designs, and nds feasible solutions with good performances with high probability. Though we can hardly nd a perfect feasibility model, a feasibility model with high accuracy will do. In the rest of this section, we follow the idea of COO and nd one such feasibility model that separates secure and insecure generation patterns with high accuracy though imperfectly. In this way, we nd truly secure generation patterns with high probability in reasonable time. To apply OO to solve the security dispatching problem, we dene the solution space as the set of all initial generation patterns, i.e., the dened in Section III. It is relative easy to evaluate the economic performance of a solution candidate, i.e., FC (PIG ), but time-consuming to accurately evaluate the security of a solution candidate, i.e., FS (PIG ). Instead of using the detailed model which is based on Monte Carlo simulation of many randomly sampled load patterns and alternating current (AC) power ow calculation, we introduce a feasibility model. Many feasibility models can be used. In this paper, we use the one which is based on direct current (DC) power ow calculation. Since the difference in voltage at the buses and the loss in the transmission lines are omitted, DC power ow is known to be an approximation of AC power ow. Instead of solving a group of nonlinear differential equations in the AC power ow calculation, DC power ow solves a group of linear equations, which is very fast. When the resistance in the transmission line is relative small comparing with the reactance, this approximation is good. So, to evaluate the security of an initial generation pattern, we sample some load patterns. For each load pattern we use DC power ow to check the N 0 and N 1 criteria. This rough estimate will be denoted as IS (PG , PL , l) = IS (L (PIG , PL ) , PL , l), where the prime is used to distinguish from IS (PG , PL , l) and L (PIG , PL ). And the feasibility model is FS (PIG ) =
1 |PL | PL PL l

patterns randomly sampled from all possible load patterns w.r.t. the load pattern distributions. We describe the difference between the feasibility model and the detailed model in Fig. 2.

Fig. 2.

Ordinal optimization in security dispatching problem.

pl IS (L (PIG , PL ) , PL , l), (6)

where PL is a set of load patterns, which consists of load

In Fig. 2, is the set of all initial generation patterns, which is extremely large. TS contains all the initial generation patterns that are with high secure probability w.r.t. all N 0 and N 1 contingencies and under all possible load patterns, i.e., the feasible solutions to the problem described in Equation (5). We sort the initial patterns in TS according to the cost, and denote the top-g % ones as the set G. Of course, G contains the initial generation pattern that is truly secure and with the minimal cost, PIG . As aforementioned, it is computationally infeasible to accurately evaluate the security of an initial generation pattern. Instead, we have a feasibility model (Equation (6) supplies one such example) which fast but roughly estimates the security of an initial generation patterns. We denote the set of all estimated secure initial generation patterns as ES . We then sort the initial generation patterns in ES according to the cost, and denote the top-s ones as the set S . We want S to contain some truly secure initial generation patterns that are with small cost, i.e., |G S | k . Since there is uncertainty in the feasibility model Equation (6), we want Prob (|G S | k ) to be high enough, say no less than 0.9 or 0.95. Also note that when is extremely large, it is still computationally infeasible to use the feasibility model to evaluate the security of all initial generation patterns. Fortunately, the OO theory shows that a reasonably large subset (say containing 1000 solution candidates) of that is uniformly randomly sampled could serve as a good representative of as long as we are interested in the alignment probability Prob (|G S | k ) [15]. Fig. 2 illustrates the basic procedure to apply OO in

security dispatching problem. First, we randomly sample M initial generation patterns, say M = 1000. For each sample, we use the feasibility model to roughly evaluate the security. For the observed secure initial generation patterns, we calculate the cost performances and select the top-|S | designs as the selected set. We care about the probability that at least k truly secure and good enough initial generation patterns are contained in the selected set, i.e., Prob (|G S | k ). This is known as the alignment probability in OO literature. We develop a formula to calculate this probability in the rest of this section. The alignment probability is affected by the accuracy of the feasibility model, and how the selection set is composed. The accuracy of the feasibility model can be evaluated by four probabilities: Prob (FS (PIG ) | FS (PIG ) ) , Prob (FS (PIG ) < | FS (PIG ) ) , Prob (FS (PIG ) | FS (PIG ) < ) , Prob (FS (PIG ) < | FS (PIG ) < ) ,

respectively. Then Prob (|G S | 1)

|G|1

m i i pTSOI pm , TIOI i

m1 m1 = 1 ps TIOI pTIOS i=0

where a b is the number of choices of b elements from a distinguished ones. Proof: Prob (|G S | 1) = 1 Prob (|G S | = 0). Let SOIm be the set of top-m observed insecure initial generation patterns, i.e., SOIm = PIG[1] , PIG[2] , . . . PIG[m] . Prob (|G S | = 0) = Prob (there are no less than |G| truly secure initial generation patterns in SOIm ) + Prob (there are less than |G| truly secure initial generation patterns in SOIm and all initial generation patterns in S are truly insecure) . Prob (there are no less than |G| truly secure initial generation patterns in SOIm )
|G|1

and

or pTSOS , pTIOS , pTSOI , and pTIOI for short. The subscript TSOS represents truly secure when observed secure, and other subscripts represent similar meanings. By denition, we have Prob (FS (PIG ) < | FS (PIG ) ) = 1 Prob (FS (PIG ) | FS (PIG ) ) and Prob (FS (PIG ) | FS (PIG ) < ) = 1 Prob (FS (PIG ) < | FS (PIG ) < ) . These probabilities are from the statistical inference viewpoint, i.e., given the observed result FS (PIG ) (or FS (PIG ) < ) what the probability that the true event is FS (PIG ) (or FS (PIG ) < ) is. To simplify the discussion, suppose above probabilities are the same for all the initial generation patterns.2 To simplify the calculation formula of the alignment probability, we consider a specic selection rule. Use the feasibility model to evaluate all the M sampled initial generation patterns. Sort the M initial generation patterns by the cost performance FC in increasing order, and denote as PIG[1] , PIG[2] . . . PIG[M ] . Suppose there are m initial generation patterns before the rst observed secure initial generation pattern. Select the (m + 1), (m + 2), . . . (m + |S |)-th initial generation patterns to compose the selected set S , i.e., S = PIG[m+1] , PIG[m+2] , . . . PIG[m+|S |] . Suppose there are m1 observed secure initial generation patterns in S . Then we have Theorem 1: Assume pTSOS , pTIOS , pTSOI , and pTIOI are independent and identical for all initial generation patterns,
2 When more problem information is available, we can obtain different probabilities for initial generation patterns in different subset of .

1
i=0

Prob (there are exactly i truly secure initial

generation patterns in SOIm )

|G|1

1
i=0

m i mi pTSOI pTIOI , i

where the last line follows the assumption that pTSOI and pTIOI are independent and identical for all initial generation patterns, respectively. Prob (there are less than |G| truly secure initial generation patterns in SOIm and all initial generation patterns in S are truly insecure) |G|1 m m1 m1 mi = ps pi . TSOI pTIOI TIOI pTIOS i i=0 So we have Prob (|G S | 1) =
sm1 m1 1 pTIOI pTIOS i=0 |G|1

m i i pTSOI pm . TIOI i

Since the security dispatching problem (i.e., Equation (5)) is a single-object constraint optimization problem, we consider the case k = 1 in the above theorem. For k > 1, the formula can be developed similarly, but is omitted here. Theorem 1 quanties the relationship between the accuracy of the feasibility model, the size of the good enough set, the selection set, and the alignment probability. After the user species the size of the good enough set, and the required alignment probability, we can use Theorem 1 to calculate the

selection size. Then we can ensure there are at least 1 truly secure and good enough initial generation patterns contained in the selected set with the required high probability (e.g., 0.95). We only need to evaluate the security of the initial generation patterns in the selected set, in decreasing order by the cost performance. The rst truly secure initial generation pattern is the nal solution of the DAM. After adjusted according to the true load pattern in RTM, we obtain a generation pattern to implement in practice. This generation pattern is with ensured high security probability under all single line outages. Since the size of the selected set is usually small comparing with the number of the initial sampled generation patterns, above OO-based method saves the computing budget by at least one order of magnitude, and can be implemented in practice. In Section V, we use the numerical results on a modied IEEE 30-bus power system to show the advantage of the proposed method. V. N UMERICAL EXAMPLE In this section, we show the numerical results of application of OO on the security dispatching example. The modied IEEE-30 bus example in Section II is used. Without loss of generality, suppose the smallest distinguishable difference in the generation is 0.1MW. We randomly sample 1000 initial generation patterns, and sort the initial generation patterns by the cost performance FC . As aforementioned in Section IV, to fast though roughly evaluate the security of an initial generation pattern, we use only two load patterns: One is the most possible case PML , and the other is randomly sampled. The security evaluation is based on DC-power ow, instead of AC-power ow. We allow non-identical line outage probabilities. The probabilities used in the numerical example are shown in Table VIII. We use this feasibility model to estimate the security probability of the 1000 initial generation patterns and select the selected set as mentioned in Section IV. Suppose the user denes the good enough designs as top-1% truly secure initial generation patterns, dene the security level = 0.97, and wants the selected set S to contain at least 1 such good enough initial generation pattern with probability no less than 0.95. To calculate the size of the selected set, we can use Theorem 1. The value of pTSOS , pTIOS , pTSOI , and pTIOI can be estimated through comparing the true secure probability and the estimated secure probability over uniformly randomly sampled initial generation patterns. We list the estimated value based on 1000 such comparison in Table IX. Since this comparison is between the two model, which once obtained can be used for all the following DAM, it can be done off line and does not require any real time computing budget. To use Theorem 1 to do the calculation, we also need to estimate the size of the good enough initial generation patterns. Through numerical testing, we nd that there are 347 truly secure initial generation patterns among each 1000 randomly sampled ones on the average. So the size of the good enough set is |G| = 347 1% = 3, where is the oor function. Then we can use Theorem 1 to calculate the selection size such that the alignment probability is high

TABLE VIII T HE LINE OUTAGE PROBABILITIES . From Bus To Bus pl (104 ) From Bus To Bus pl (104 ) From Bus To Bus pl (104 ) From Bus To Bus pl (104 ) From Bus To Bus pl (104 ) From Bus To Bus pl (104 ) 1 2 29 4 12 14 8 28 23 12 13 18 16 17 11 25 26 29 1 3 15 5 7 10 9 10 25 12 14 29 18 19 26 25 27 19 2 4 22 6 7 26 9 11 28 12 15 28 19 20 10 27 28 18 2 5 28 6 8 19 10 17 14 12 16 18 21 22 15 27 29 27 2 6 25 6 9 22 10 20 13 14 15 28 22 24 10 27 30 21 3 4 20 6 10 26 10 21 14 15 18 17 23 24 25 29 30 14 4 6 19 6 28 27 10 22 22 15 23 14 24 25 19 -

TABLE IX T HE ACCURACY OF THE FEASIBILITY MODEL FOR

EVALUATION . SECURITY

pTSOS 0.8879

pTIOS 0.1121

pTSOI 0.0653

pTIOI 0.9347

enough. When the M initial sampled generation patterns are xed, the selected set determined in this way depends on the estimate of security probability given by the feasibility model. To take account of the evaluation uncertainty in the feasibility model of security, we do 100 replications. In each replication, we sample different load patterns in the feasibility model. The average selection size is 2. We also use the detailed model to accurately evaluate the security probability of each initial generation pattern and estimate the alignment probability through the 100 replications. The estimated alignment probability is 1. In other words, the two initial generation patterns found by the proposed method contain at least 1 top-1% truly secure initial generation patterns with probability at least 0.95. In each of the 100 replications, the 2 selected initial generation patterns are both truly secure, (FS (PIG ) 0.97) i.e., the initial generation patterns pass the N 0 and N 1 criteria under all possible load patterns with probability no less than 0.97. We take a close look at the security probability of the generation pattern obtained in above way. In one replication, the selected set consists of two initial generation patterns, as shown in Table X. Both are truly secure. So the rst one (with smaller cost) is selected as the result of the DAM. When the load pattern is available, as shown in Table IV, this initial generation pattern is adjusted to the generation pattern shown in Table XI, using AC-power ow calculation, as mentioned in Section III. We test all the N 0 and N 1 criteria. This generation pattern passes all the N 0 and N 1 criteria. No single line outage leads to cascading failure. Comparing with the example in Section

TABLE X T HE SELECTED SET IN ONE REPLICATION . Bus No. PIG[1] (MW) PIG[2] (MW) 1 48.5 42.0 2 58.1 60.8 13 11.1 10.9 22 19.5 27.5 23 12.3 14.8 27 39.7 33.2

for the helpful comments on a series of previous drafts of this paper. R EFERENCES
[1] Promoting wholesale competition through open access nondiscriminatory transmission service by public utilities, Order No. 888, Federal Energy Regulatory Commission, Washington, DC, Apr. 24, 1996. [2] A. J. Wood and B. F. Wollenberg, Power Generation, Operation, And Control, 2nd ed. New York, NY: John Wiley & Sons, Inc., 1996. [3] S. Stoft, Power System Economics: Designing Markets for Electricity. New York, NY: John Wiley and Sons, Inc., 2002. [4] J. M. Carlson and J. Doyle, Highly optimized tolerance: Robustness and design in complex systems, Physical Review Letters, vol. 84, no. 11, pp. 25292532, 2000. [5] Y.-C. Ho, Q.-C. Zhao, and D. L. Pepyne, The no free lunch theorems: Complexity and security, IEEE Trans. Automat. Contr., vol. 48, no. 5, pp. 783793, 2003. [6] Y. C. Ho, Q. C. Zhao, and Q. S. Jia, Ordinal Optimization: Soft Optimization for Hard Problems. New York, NY: Springer, 2007. [7] MATPOWER, a matlab power system simulation package, version 3.0.0, Power Systems Engineering Research Center (PSERC), School of Electrical Engineering, Cornell University, Ithaca, NY 14853, Feb. 14, 2005. [8] Y. Ho, R. Sreenivas, and P. Vakili, Ordinal optimization of DEDS, Discrete Event Dynamic Systems: Theory and Applications, vol. 2, no. 2, pp. 6188, 1992. [9] L. Y. Dai, Convergence properties of ordinal comparison in the simulation of discrete event dynamic systems, Journal of Optimization Theory and Applications, vol. 91, no. 2, pp. 363388, 1996. [10] X. L. Xie, Dynamics and convergence rate of ordinal comparison of stochastic discrete-event systems, IEEE Trans. Automat. Contr., vol. 42, no. 4, pp. 586590, 1997. [11] L. H. Lee, T. W. E. Lau, and Y. C. Ho, Explanation of goal softening in ordinal optimization, IEEE Trans. Automat. Contr., vol. 44, no. 1, pp. 9499, 1999. [12] Z. Shen, H. Bai, and Y. Zhao, Ordinal optimization references list. [Online]. Available: http://www.cns.au.tsinghua.edu.cn/uploads /Resources/Complete Ordinal Optimization Reference List v7.doc [13] X. Guan, C. Song, Y.-C. Ho, and Q. Zhao, Constrained ordinal optimization - a feasibility model based approach, Discrete Event Dynamic Systems: Theory and Applications, vol. 16, pp. 279299, 2006. [14] C. Song, X. Guan, Q. Zhao, and Q. Jia, Planning remanufacturing systems by constrained ordinal optimization method with feasibility model, in Proceedings of 44th IEEE Conference on Decision and Control and the European Control Conference 2005, Seville, Spain, Dec. 1215, 2005, pp. 46764681. [15] S. Y. Lin and Y. C. Ho, Universal alignment probability revisited, Journal of Optimization Theory and Applications, vol. 113, no. 2, pp. 399407, 2002.

TABLE XI T HE GENERATION PATTERN IMPLEMENTED IN RTM. Bus No. P (MW) 1 91.7 2 58.1 13 11.1 22 19.5 23 12.3 27 39.7

II, since the proposed method considers the uncertainty in load pattern, the resulting generation pattern is more secure. It is well-known that there is tradeoff between cost and security probability of a generation pattern. The resulting generation pattern is with cost 774.49, which is greater than the cost in Section I (with cost 755.96). But the proposed method ensures the security probability of the generation pattern, which supplies a better and quantiable way to do the tradeoff between the cost and the security probability. VI. C ONCLUSION Security dispatching problem is important in power systems. In this paper, we show the HOT property of security dispatching problem on a modied IEEE 30-bus power system. Since the uncertainty in the load pattern is not considered in the DAM, the resulting generation pattern in the RTM cannot ensure secure under all N 0 and N 1 criteria. Some single line outage may lead to cascading failure of the entire power system. Then we present a general mathematical formulation for the security dispatching problem, particularly for the DAM. It is a simulation-based optimization, which cannot be solved accurately for problems in practical size. So we apply ordinal optimization to solve the problem. Different from many other optimization techniques and heuristics, the proposed method ensures to nd a good enough truly secure initial generation pattern with the required high probability. Since we consider the uncertainty in load pattern, the resulting generation pattern is more secure. The advantage of the proposed method is also shown on the modied IEEE 30-bus power system. The load pattern only introduces part of the uncertainty in the security dispatching problem. As a further research direction, we can also consider the uncertainty in available generation capacities among all generator buses. The proposed method in this paper improves the solution technique for the DAM only. We can also consider how to improve both the DAM and the RTM together. There are many open problems in these further research directions. We hope this research shed some insight on the understanding of power system collapse, especially the cascading failure. ACKNOWLEDGEMENTS The authors would like to thank Dr. H.M. Liu and Prof. J. Zhong for the helpful discussion on security analysis in power systems, and thank Prof. Y.C. Ho and Prof. Q.C. Zhao