CN112367291A - Active defense method applied to network attack of power control system - Google Patents

Active defense method applied to network attack of power control system Download PDF

Info

Publication number
CN112367291A
CN112367291A CN202011051602.1A CN202011051602A CN112367291A CN 112367291 A CN112367291 A CN 112367291A CN 202011051602 A CN202011051602 A CN 202011051602A CN 112367291 A CN112367291 A CN 112367291A
Authority
CN
China
Prior art keywords
attack
power control
control system
network
hat
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011051602.1A
Other languages
Chinese (zh)
Other versions
CN112367291B (en
Inventor
梁剑
李宏强
田蓓
任勇
王�琦
刘增稷
蔡星浦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Electric Power Research Institute of State Grid Ningxia Electric Power Co Ltd
Original Assignee
Southeast University
Electric Power Research Institute of State Grid Ningxia Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University, Electric Power Research Institute of State Grid Ningxia Electric Power Co Ltd filed Critical Southeast University
Priority to CN202011051602.1A priority Critical patent/CN112367291B/en
Publication of CN112367291A publication Critical patent/CN112367291A/en
Application granted granted Critical
Publication of CN112367291B publication Critical patent/CN112367291B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses an active defense method applied to network attack of a power control system, which is characterized in that a virtual controller network, a virtual attack sample library and an attack sample generator are constructed through a black box method, and a virtual attack event is constructed, so that the power system is checked and repaired.

Description

Active defense method applied to network attack of power control system
Technical Field
The invention belongs to the technical field of network security, and particularly relates to an active defense method applied to network attack of a power control system.
Background
Compared with the traditional power system, a large number of sensing, communication, calculation and control devices are connected into the power system nowadays, and wide-area measurement and control can be carried out on the power system. For such metrology systems and control systems, artificial intelligence control strategies have been developed.
However, this type of control strategy is generally more vulnerable to vulnerability at classification boundaries, and this vulnerability is difficult to discover during model training.
Disclosure of Invention
The application provides an active defense method applied to power control system network attack.
Step S102: and constructing a virtual controller network F based on the deep neural network, wherein the virtual controller network F is used for simulating a control strategy of the power control system. The virtual controller network F comprises a plurality of convolution layers and pooling layers, and parameters are adjustable.
According to a historical state set X of a power control system and a historical output result set Y of a power control system controller, randomly distributing values in the historical state set X and the historical output result set Y into a training sample set (Xa, Ya) and a testing sample set (Xb, Yb) by adopting a cross method.
Optionally, the historical state set X and the historical output result set Y are acquired in a manner of: monitoring the historical state input of a measurement system of the power control system and the output result corresponding to the control strategy by adopting a monitoring or probe mode, and generating the historical state set X and the historical output result set Y.
Step S104: training the virtual controller network F by using the training sample set (Xa, Ya), detecting a training result by using the test sample set (Xb, Yb), and judging the accuracy of the training result: if the accuracy reaches a preset value, entering the next step; if the accuracy rate does not reach the preset value, the network parameters of the virtual controller network F are adjusted, and step S104 is repeated.
Step S202: setting boundary conditions and judgment conditions for generating an attack sample library, wherein the boundary conditions are used for limiting the disturbance size and enabling the disturbance to be distributed in an error range which cannot be identified by a system, and the judgment conditions are used for judging whether the disturbance can affect a control result of a power control system controller.
Step S204: and setting the disturbance r of the historical state set X as a random number, generating an optimal value of the disturbance r by adopting a Differential Evolution (DE) algorithm when the virtual controller network F is positioned in the given boundary condition, and superposing the optimal value of the disturbance r to the historical state set X to obtain an attack sample set X _ hat.
Step S206: and judging the X _ hat by using the judging condition: and if the judgment condition is met, inputting the X _ hat into the virtual controller network F to obtain Y _ hat.
Step S208: and judging the Y _ hat, and performing the next step if the boundary condition is met.
Step S302: the attack sample set X _ hat is randomly assigned as a training sample set (Xa, X _ hata) and a test sample set (Xb, X _ hatb) for training a generator model and for detecting training effects.
Step S304: and constructing a generator network model G and a discriminator network model C.
Step S306: the generator network model G is trained using the training sample set (Xa, X _ hata) and then tested using the test sample set (Xb, X _ hatb).
Step S308: and inputting the historical state set X of the power control system into the generator network model G, so as to obtain an attack sample X _ hat'.
And inputting the attack sample X _ hat 'into the virtual controller network F to obtain an output result set Y _ hat'.
Step S310: and judging the Y _ hat', and performing the next step if the boundary condition is met.
Step S312: and training the discriminator network model C by using a sample set (X,0) and the attack sample set (X _ hat,1) generated under the normal state of a measurement system of the power control system.
Step S314: inputting the attack sample X _ hat' into a trained discriminator network model C to obtain a discrimination result RC, and judging the discrimination result RC: and when the judgment result is either 'satisfying nash balance' or 'unable to detect', obtaining the generator network model G after training.
Step 402: the state of the power control system acquired by the measurement system is input into the generator network model G which is trained, so that a real-time attack sample can be generated, and the real-time attack sample is input into a controller of the power control system model, so that the simulated attack on the original control strategy can be realized, the loopholes existing in the control strategy and the system key nodes depended on by the original control strategy are excavated, and the targeted defense is performed on the loopholes and the key nodes. Moreover, the fuzzy classification boundary in the original control strategy can be found by utilizing the attack sample set, and the problem of fuzzy classification of the original control strategy can be improved by substituting the attack sample into the strategy training.
The invention provides a method for actively defending against a network attack sample aiming at a control strategy based on artificial intelligence in a power system. Meanwhile, the method further avoids methods such as a DoS method, a man-in-the-middle method, false data injection and the like, a firewall, a key, authentication and the like need to be cracked, detailed control strategy information needs to be acquired when specific data is modified, and many defects are avoided.
Meanwhile, the method is a black box method, 1, only historical data need to be monitored, and detailed control strategies or controller structures do not need to be acquired; 2. the generated attack sample has small disturbance and few tampered nodes, and the hidden attack effect is better for finding out; 3. the method is easier to deploy in the power system, a real network attack scene is simulated, the attack sample library generated by the method can be used for training the original control strategy, the loopholes existing in the original strategy are made up, and the system stability is improved.
Drawings
FIG. 1 is a flowchart illustrating an active defense method according to an embodiment;
FIG. 2 is a block diagram of a sample generator G according to the first embodiment;
FIG. 3 is a schematic diagram of an embodiment of a power system;
FIG. 4 is a sample perturbation of an attack generated by an embodiment;
FIG. 5 illustrates an embodiment of an output error of a control strategy caused by an attack.
In the figure: in FIG. 3, the icons are numbers representing bus serial numbers, solid black arrows representing loads, and G a generator and an ideal power source; the amplitude in fig. 4 indicates the intensity of the point data disturbance.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. The components of embodiments of the present application, generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations, and some of the steps may be varied in order.
The technical scheme of the invention is explained in detail in the following with the accompanying drawings:
the active defense method related to the embodiment comprises the following steps:
step S102: and constructing a virtual controller network F based on the deep neural network, wherein the virtual controller network F is used for simulating a control strategy of the power control system. The virtual controller network F comprises a plurality of convolution layers and pooling layers, and parameters are adjustable.
According to a historical state set X of a power control system and a historical output result set Y of a power control system controller, randomly distributing values in the historical state set X and the historical output result set Y into a training sample set (Xa, Ya) and a testing sample set (Xb, Yb) by adopting a cross method.
The historical state set X and the historical output result set Y are acquired in the following mode: monitoring the historical state input of a measurement system of the power control system and the output result corresponding to the control strategy by adopting a monitoring or probe mode, and generating the historical state set X and the historical output result set Y.
Step S104: training the virtual controller network F by using the training sample set (Xa, Ya), detecting a training result by using the test sample set (Xb, Yb), and judging the accuracy of the training result: if the accuracy reaches a preset value, entering the next step; if the accuracy rate does not reach the preset value, the network parameters of the virtual controller network F are adjusted, and step S104 is repeated.
By using the steps S102 and S104, the constructed virtual controller network F is fitted to the original controller of the power control system as much as possible.
Step S202: setting boundary conditions and judgment conditions for generating an attack sample library, wherein the boundary conditions are used for limiting the disturbance size and enabling the disturbance to be distributed in an error range which cannot be identified by a system, and the judgment conditions are used for judging whether the disturbance can affect a control result of a power control system controller.
The boundary conditions comprise the number of the attack nodes, the maximum tampering amplitude, the maximum tampering data number and the minimum attack result error; the discrimination conditions include minimum signal-to-noise ratio, normalized cross-correlation, and minimum result error.
The attack nodes comprise nodes with measurement equipment deployed in buses, power supplies, loads, transformers and the like in the power system, and the serial number is a unique identifier of the node in the measurement system.
Step S204: and setting the disturbance r of the historical state set X as a random number, generating an optimal value of the disturbance r by adopting a Differential Evolution (DE) algorithm when the virtual controller network F is positioned in the given boundary condition, and superposing the optimal value of the disturbance r to the historical state set X to obtain an attack sample set X _ hat.
Step S206: and judging the X _ hat by using the judging condition: if the judgment condition is met, inputting the X _ hat into the virtual controller network F to obtain Y _ hat; if the determination condition is not satisfied, the process returns to step S204 to reset the value of the disturbance r.
Step S208: and judging the Y _ hat: if the boundary condition is met, entering the next step; if the boundary condition is not satisfied, the process returns to step S204 to reset the value of the disturbance r.
Step S302: randomly distributing the attack sample set X _ hat into a training sample set (Xa, X _ hata) and a test sample set (Xb, X _ hatb) by adopting a cross method, wherein the training sample set (Xa, X _ hata) is used for training a generator model, and the test sample set (Xb, X _ hatb) is used for detecting the training effect.
Step S304: and constructing a generator network model G and a discriminator network model C, and initializing a discrimination result RC =0 of the discriminator network model C.
The generator network model G adopts a structure that an encoder and a decoder are connected in series and is used for generating attack samples according to the state input of a normal measurement system; the discriminator network model C is composed of a plurality of convolution layers which are connected in series and used for discriminating whether the input data set is an attack sample or not.
Step S306: the generator network model G is trained using the training sample set (Xa, X _ hata) and then tested using the test sample set (Xb, X _ hatb). Judging the accuracy of the test result: if the accuracy reaches a preset value, entering the next step; if the accuracy rate does not reach the preset value, the network parameters of the generator network model G are adjusted, and the step S306 is repeated.
Step S308: and inputting the historical state set X of the power control system into the generator network model G, so as to obtain an attack sample X _ hat'.
And inputting the attack sample X _ hat 'into the virtual controller network F to obtain an output result set Y _ hat'.
Step S310: judging the Y _ hat': if the boundary condition is met, entering the next step; if the boundary condition is not satisfied, the network parameters of the generator network model G are adjusted, and the step S306 is repeated.
Step S312: and training the discriminator network model C by using a sample set (X,0) and the attack sample set (X _ hat,1) generated in the normal state of a measurement system of the power control system, wherein 0 is used for representing that the sample is normal measurement data, and 1 is used for representing that the sample is an attack sample.
Step S314: inputting the attack sample X _ hat' into a trained discriminator network model C to obtain a discrimination result RC, and judging the discrimination result RC: when the judgment result is either 'satisfying nash equilibrium' or 'unable to detect', obtaining a generator network model G after training; when the judgment result fails to reach 'satisfying nash balance' or 'unable to detect', judging the detection rate of the discriminator network model C, when the detection rate is smaller than a preset minimum value, continuing to train the discriminator network model C by using (X _ hat ', 1), then returning to the step S314, and inputting the attack sample X _ hat' into the discriminator network model C which is trained again to obtain a judgment result RC; and when the detection rate is not less than the preset minimum value, adjusting the network parameters of the generator network model G, and repeating the step S306.
Step 402: the state of the power control system acquired by the measurement system is input into the generator network model G which is trained, so that a real-time attack sample can be generated, and the real-time attack sample is input into a controller of the power control system model, so that the simulated attack on the original control strategy can be realized, the loopholes existing in the control strategy and the system key nodes depended on by the original control strategy are excavated, and the targeted defense is performed on the loopholes and the key nodes. Moreover, the fuzzy classification boundary in the original control strategy can be found by utilizing the attack sample set, and the problem of fuzzy classification of the original control strategy can be improved by substituting the attack sample into the strategy training.
Fig. 2 shows a structure of a sample generator G according to the first embodiment.
The sample generator G is generated by training a power control system historical state set X and a historical output result set Y of a power control system controller. After the training of the sample generator G is completed, the attack sample can be quickly generated according to the real-time state X of the system, and then the sample is judged.
FIG. 3 is a schematic diagram of an embodiment of a power system.
The power system of the embodiment comprises 39 buses, 19 loads, 9 generators and 1 ideal voltage source. Each bus is respectively provided with 1 measuring unit for monitoring data of active power, reactive power, voltage, current and the like of the bus circuit. The fault and occurrence position are randomly set in the power system, 1500 sets of system state samples are generated, and the control strategy output result corresponding to each sample is calculated.
FIG. 4 illustrates an example perturbation of an attack generated by an embodiment.
The test data set includes 150 sets of samples, each sample including 40 features. By adopting the attack sample generator, the large disturbance is generated only on some key characteristics, and the disturbance on most characteristics is small. Minor disturbances can be removed through a filter, and then only the disturbances of key features are reserved. The normalized cross-correlation between the attack samples and the original samples is calculated, and the results of the 150 test samples are all between (0.95,1), so that the attack samples can be considered to be very similar to the original samples, namely the attack cannot be identified by the original system state estimation module.
FIG. 5 illustrates an embodiment of an output error of a control strategy caused by an attack.
And respectively counting the deviation distance, the normal output result and the deviation proportion, and sequencing according to the deviation distance. The result shows that, when 150 groups of samples of the test data set are attacked, the output result of the original controller is interfered according with the expected requirement, and the disturbance caused by the attack on part of the samples is large. Therefore, the effectiveness of the attack method generated by the attack sample generator of the invention is proved.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (5)

1. An active defense method applied to power control system network attack is characterized by comprising the following steps:
step S102: constructing a virtual controller network F based on the deep neural network, wherein the virtual controller network F is used for simulating a control strategy of the power control system;
according to a historical state set X of a power control system and a historical output result set Y of a power control system controller, randomly distributing values in the historical state set X and the historical output result set Y into a training sample set (Xa, Ya) and a testing sample set (Xb, Yb) by adopting a cross method;
step S104: training the virtual controller network F by using the training sample set (Xa, Ya), detecting a training result by using the test sample set (Xb, Yb), and judging the accuracy of the training result: if the accuracy reaches a preset value, entering the next step;
step S202: setting boundary conditions and discrimination conditions for generating an attack sample library;
step S204: setting disturbance r of the historical state set X as a random number, adopting a Differential Evolution (DE) algorithm, generating an optimal value of the disturbance r when the virtual controller network F is positioned in the given boundary condition, and superposing the optimal value of the disturbance r to the historical state set X to obtain an attack sample set X _ hat;
step S206: and judging the X _ hat by using the judging condition: if the judgment condition is met, inputting the X _ hat into the virtual controller network F to obtain Y _ hat;
step S208: judging the Y _ hat, and performing the next step if boundary conditions are met;
step S302: randomly allocating the attack sample set X _ hat to a training sample set (Xa, X _ hata) and a testing sample set (Xb, X _ hatb);
step S304: constructing a generator network model G and a discriminator network model C;
step S306: training the generator network model G by adopting the training sample set (Xa, X _ hata), and then testing the generator network model G by adopting the testing sample set (Xb, X _ hatb);
step S308: inputting the historical state set X of the power control system into the generator network model G, so as to obtain an attack sample X _ hat';
inputting the attack sample X _ hat 'into the virtual controller network F to obtain an output result set Y _ hat';
step S310: judging the Y _ hat', and performing the next step if boundary conditions are met;
step S312: and training the discriminator network model C by using a sample set (X,0) and the attack sample set (X _ hat,1) generated under the normal state of a measurement system of the power control system.
Step S314: inputting the attack sample X _ hat' into a trained discriminator network model C to obtain a discrimination result RC, and judging the discrimination result RC: when the judgment result is either 'satisfying nash equilibrium' or 'unable to detect', obtaining a generator network model G after training;
step 402: the state of the power control system acquired by the measurement system is input into the generator network model G which is trained, so that a real-time attack sample can be generated, and the real-time attack sample is input into a controller of the power control system model, so that the simulated attack on the original control strategy can be realized, the loopholes existing in the control strategy and the system key nodes depended on by the original control strategy are excavated, and the targeted defense is performed on the loopholes and the key nodes.
2. The active defense method applied to power control system network attacks according to claim 1, characterized in that;
the virtual controller network F comprises a plurality of convolution layers and pooling layers, and parameters are adjustable;
the historical state set X and the historical output result set Y are acquired in the following mode: monitoring the historical state input of a measurement system of the power control system and the output result corresponding to a control strategy by adopting a monitoring or probe mode, and generating a historical state set X and a historical output result set Y;
in step S104, if the accuracy fails to reach the preset value, the network parameters of the virtual controller network F are adjusted, and step S104 is repeated.
3. The active defense method applied to power control system network attack according to claim 2,
the boundary condition is used for limiting the disturbance size to enable the disturbance to be distributed in an error range which cannot be identified by a system, and the judging condition is used for judging whether the disturbance can affect a control result of a power control system controller.
4. The active defense method applied to power control system network attack according to claim 2 or 3,
in step S302, the training sample set (Xa, X _ hata) is used for training the generator model, and the test sample set (Xb, X _ hatb) is used for detecting the training effect.
5. The active defense method applied to power control system network attack according to claim 4,
in step S304, the generator network model G adopts a structure in which an encoder and a decoder are connected in series, and is configured to generate an attack sample according to the normal measurement system state input; the discriminator network model C is composed of a plurality of convolution layers which are connected in series and used for discriminating whether the input data set is an attack sample or not.
CN202011051602.1A 2020-09-29 2020-09-29 Active defense method applied to network attack of power control system Active CN112367291B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011051602.1A CN112367291B (en) 2020-09-29 2020-09-29 Active defense method applied to network attack of power control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011051602.1A CN112367291B (en) 2020-09-29 2020-09-29 Active defense method applied to network attack of power control system

Publications (2)

Publication Number Publication Date
CN112367291A true CN112367291A (en) 2021-02-12
CN112367291B CN112367291B (en) 2022-07-29

Family

ID=74506478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011051602.1A Active CN112367291B (en) 2020-09-29 2020-09-29 Active defense method applied to network attack of power control system

Country Status (1)

Country Link
CN (1) CN112367291B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101709115B1 (en) * 2015-10-16 2017-03-08 한국전자통신연구원 Apparatus and method for providing cyber training
CN108322349A (en) * 2018-02-11 2018-07-24 浙江工业大学 The deep learning antagonism attack defense method of network is generated based on confrontation type
US20180219880A1 (en) * 2017-01-27 2018-08-02 Rapid7, Inc. Reactive virtual security appliances
US10346612B1 (en) * 2017-06-19 2019-07-09 Architecture Technology Corporation Computer network defense training on operational networks using software agents
CN110826059A (en) * 2019-09-19 2020-02-21 浙江工业大学 Method and device for defending black box attack facing malicious software image format detection model
CN111275115A (en) * 2020-01-20 2020-06-12 星汉智能科技股份有限公司 Method for generating counterattack sample based on generation counternetwork

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101709115B1 (en) * 2015-10-16 2017-03-08 한국전자통신연구원 Apparatus and method for providing cyber training
US20180219880A1 (en) * 2017-01-27 2018-08-02 Rapid7, Inc. Reactive virtual security appliances
US10346612B1 (en) * 2017-06-19 2019-07-09 Architecture Technology Corporation Computer network defense training on operational networks using software agents
CN108322349A (en) * 2018-02-11 2018-07-24 浙江工业大学 The deep learning antagonism attack defense method of network is generated based on confrontation type
CN110826059A (en) * 2019-09-19 2020-02-21 浙江工业大学 Method and device for defending black box attack facing malicious software image format detection model
CN111275115A (en) * 2020-01-20 2020-06-12 星汉智能科技股份有限公司 Method for generating counterattack sample based on generation counternetwork

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
H. ASAI等: "Management Information Base for Virtual Machines Controlled by a Hypervisor draft-ietf-opsawg-vmm-mib-04", 《IETF 》 *
蔡星浦等: "基于多阶段博弈的电力CPS虚假数据注入攻击防御方法", 《电力建设》 *

Also Published As

Publication number Publication date
CN112367291B (en) 2022-07-29

Similar Documents

Publication Publication Date Title
US9177139B2 (en) Control system cyber security
CN106443310B (en) A kind of transformer fault detection method based on SOM neural network
Tang et al. Detection of false data injection attacks in smart grid under colored Gaussian noise
CN106713354A (en) Method for evaluating vulnerability node of electric cyber-physical system based on undetectable information attack pre-warning technology
Valdes et al. Anomaly detection in electrical substation circuits via unsupervised machine learning
CN110889111A (en) Power grid virtual data injection attack detection method based on deep belief network
CN104125112B (en) Physical-information fuzzy inference based smart power grid attack detection method
CN108152676B (en) Power distribution network fault positioning method and system based on intelligent agent
CN117097569B (en) Network security situation diagnosis method and system based on multi-node relevance
Kamal et al. Cyberattacks against event-based analysis in micro-PMUs: Attack models and counter measures
CN107612927B (en) Safety detection method for power dispatching automation system
Li et al. Deep learning based covert attack identification for industrial control systems
CN112367291B (en) Active defense method applied to network attack of power control system
Wang et al. Detection and location of bias load injection attack in smart grid via robust adaptive observer
Ghazi et al. Intrusion detection in cyber-physical systems based on Petri net
CN106789275B (en) Power transmission network security test system and method for electric power system
Al-Eryani et al. An investigation on detecting bad data injection attack in smart grid
Cui et al. Authenticating source information of distribution synchrophasors at intra-state locations for cyber-physical resilient power networks
Weber et al. Diagnosability evaluation for a system-level diagnosis algorithm for wireless sensor networks
Culler et al. PAVED: Perturbation analysis for verification of energy data
Walsh et al. The structure of vulnerable nodes in behavioral network models of complex engineered systems
CN106226719A (en) A kind of fault electric arc detecting system based on secure cloud network
CN116886355B (en) DDOS and false data injection collaborative attack optimization method of power system
CN111726323A (en) PMU (phasor measurement unit) deployment-based error data injection attack defense method in smart power grid
Athalye et al. Model-based cps attack detection techniques: Strengths and limitations

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant