CN114978586B - Power grid attack detection method and system based on attack genes and electronic equipment - Google Patents
Power grid attack detection method and system based on attack genes and electronic equipment Download PDFInfo
- Publication number
- CN114978586B CN114978586B CN202210381108.4A CN202210381108A CN114978586B CN 114978586 B CN114978586 B CN 114978586B CN 202210381108 A CN202210381108 A CN 202210381108A CN 114978586 B CN114978586 B CN 114978586B
- Authority
- CN
- China
- Prior art keywords
- attack
- power grid
- preset
- attacked
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Artificial Intelligence (AREA)
- Evolutionary Computation (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Biomedical Technology (AREA)
- Biophysics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of power grid safety, in particular to a power grid attack detection method, a system and electronic equipment based on an attack gene, wherein the method comprises the following steps: acquiring at least one piece of power grid measurement data of each first preset node in the power grid to be detected, and forming a data set; obtaining a target time domain attack gene corresponding to each piece of power grid measurement data in a data set by using a discrete wavelet transformation mode; and obtaining the probability of each first preset node being attacked according to all the target time domain attack genes and the trained graph neural network model, and determining whether the power grid to be detected is attacked according to the maximum probability. The method improves the attack detection precision and the anti-noise performance, solves the problem of manually setting the attack detection threshold, is more flexible in frequency response, and improves the attack detection efficiency.
Description
Technical Field
The invention relates to the technical field of power grid security, in particular to a power grid attack detection method, a system and electronic equipment based on an attack gene.
Background
The existing advanced information technology and the electric power system are organically combined, so that the operation of an electric power information physical system (CPS) is more intelligent, efficient and reliable, and meanwhile, a huge network security challenge is brought to the CPS. The power system state estimation is used as a high-level application of the power grid, and the running state of the power grid can be perceived through monitoring data interaction with the data acquisition system. In recent years, research shows that an attacker can initiate false data injection attacks (False data injection attacks, FDIA) through terminal equipment such as an intrusion sensor and the like to maliciously tamper with control measurement data, so that a reliable result of state estimation is affected, further, an error instruction of a control center is caused, and serious consequences such as economic loss, unsafe operation, regional power failure and the like of a power grid can be caused. Therefore, the detection of the network false data injection attack has important significance for the stable operation of the network.
The traditional false data injection detection method based on the model is limited by strong statistical knowledge assumption, complexity and hardware cost, and the detection method based on the machine learning in recent years does not depend on the model and system parameters, and has good detection precision and efficiency. The most similar existing methods to the present invention are: firstly, based on a power grid tide model, simulating enough data to be injected into an attack sample by constructing an attack vector bypassing the physical constraint of a power system, and synthesizing a complete power grid measurement data set containing FDIA; then constructing an FDIA detection model based on a deep convolutional neural network, splitting a training set and a testing set, taking the original characteristics of a data set as model input, and training an attack model; and finally, carrying out classified prediction of attack through a test set, and detecting whether the power grid FDIA exists or not. There have also been studies to design spectral filters to detect the presence or absence of FDIA using graphical signal processing. Leading to the following problems: the filter and the detection threshold of the graphic signal processing method need to be manually customized, so that universality and detection efficiency of the method are limited.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides a power grid attack detection method, a system and electronic equipment based on an attack gene.
The technical scheme of the power grid attack detection method based on the attack genes is as follows:
acquiring at least one piece of power grid measurement data of each first preset node in the power grid to be detected, and forming a data set;
obtaining a target time domain attack gene corresponding to each piece of power grid measurement data in the data set by using a discrete wavelet transformation mode;
and obtaining the probability of each first preset node being attacked according to all target time domain attack genes and the trained graph neural network model, and determining whether the power grid to be detected is attacked according to the maximum probability.
The power grid attack detection method based on the attack genes has the following beneficial effects:
the method improves the attack detection precision and the anti-noise performance, solves the problem of manually setting the attack detection threshold, is more flexible in frequency response, and improves the attack detection efficiency.
The technical scheme of the power grid attack detection system based on the attack genes is as follows:
the device comprises a first acquisition module, a second extraction module and a determination module;
the acquisition module is used for: acquiring at least one piece of power grid measurement data of each first preset node in the power grid to be detected, and forming a data set;
the second extraction module is used for: obtaining a target time domain attack gene corresponding to each piece of power grid measurement data in the data set by using a discrete wavelet transformation mode;
the determining module is used for: and obtaining the probability of each first preset node being attacked according to all target time domain attack genes and the trained graph neural network model, and determining whether the power grid to be detected is attacked according to the maximum probability.
The power grid attack detection system based on the attack genes has the following beneficial effects:
the method improves the attack detection precision and the anti-noise performance, solves the problem of manually setting the attack detection threshold, is more flexible in frequency response, and improves the attack detection efficiency.
A storage medium of the present invention has instructions stored therein, which when read by a computer, cause the computer to execute a grid attack detection method based on an attack gene as set forth in any one of the above.
The electronic device of the invention is characterized by comprising a processor and the storage medium, wherein the processor executes instructions in the storage medium.
Drawings
FIG. 1 is a schematic flow chart of a power grid attack detection method based on an attack gene according to an embodiment of the invention;
fig. 2 is a schematic structural diagram of a power grid attack detection system based on an attack gene according to an embodiment of the present invention.
Detailed Description
As shown in fig. 1, an attack detection method based on an attack gene according to an embodiment of the present invention includes the following steps:
s1, acquiring at least one piece of power grid measurement data of each first preset node in a power grid to be detected, and forming a data set;
wherein, each first preset node specifically refers to: refers to each busbar in the grid to be tested.
The power grid measurement data refers to: and obtaining continuous measurement values such as line active power flow, reactive power flow, node active injection power, reactive injection power, node voltage amplitude and the like of the power grid to be detected in a fixed time interval.
S2, acquiring a target time domain attack gene corresponding to each piece of power grid measurement data in the data set by using a discrete wavelet transformation mode;
wherein, the attack gene refers to: in a sample data set containing attacks, abstract features obtained through DWT (discrete wavelet transform) time domain feature extraction and GNN (graph neural network) space feature extraction are called attack genes, and false data injection attacks in a power grid can be detected based on the attack genes.
S3, obtaining the probability of each first preset node being attacked according to all target time domain attack genes and the trained graph neural network model, and determining whether the power grid to be detected is attacked according to the maximum probability. Specifically:
obtaining the probability of each first preset node being attacked according to all the target time domain attack genes and the trained graph neural network model, selecting the maximum probability as the attacked probability of the whole power grid to be detected, judging whether the attacked probability of the whole power grid to be detected exceeds a preset threshold, if so, determining that the power grid to be detected is attacked, if not, determining that the power grid to be detected is not attacked, for example, setting the preset threshold to be 0.4, and if the attacked probability of the power grid to be detected is greater than 0.4, determining that the power grid to be detected is attacked, otherwise, determining that the power grid to be detected is not attacked.
Further, if the power grid to be detected is attacked, a prompt is sent out so that maintenance personnel can maintain the power grid.
Optionally, in the above technical solution, the obtaining process of the trained graph neural network model includes:
s01, constructing a sample data set, wherein the sample data set comprises a plurality of pieces of normal operation data and a plurality of pieces of attacked data of a plurality of second preset nodes of the power grid;
wherein, the second preset node means: the bus in the IEEE standard node model of the power system can be used as a power grid of the IEEE standard node model of the power system, other power grids with actual entities and power grids to be detected.
The specific acquisition process of the normal operation data and the attacked data comprises the following steps:
and obtaining continuous measurement values such as line active power flow, reactive power flow, node active injection power, reactive injection power, node voltage amplitude and the like of an IEEE standard node model of the power system in a fixed time interval by using matpower simulation software. The FDIA model based on optimal partial topology knowledge generates attacked data due to limited budget of the attacker. More specifically:
an optimal partial knowledge attack is a least costly attack that requires knowledge of the impedance of a particular transmission line. And (3) injecting false data into an attack model based on the power grid false data of the prior optimal knowledge to generate a table data set containing attacks, adding random Gaussian noise to the measured value, and setting the standard deviation of the noise to be 0.1-0.5. Considering that the number of attack data is far less than that of data in normal operation in actual power grid operation, the sample data set is set to contain 20000 pieces of normal operation data and 100 pieces of attacked data, namely the normal operation sample data is far greater than the attacked sample data, and the phenomenon of unbalanced data occurs. The last column of the table is an attack data tag, when the tag value of a certain row is 1, the row is data after being attacked, and when the tag value is 0, the row is not attacked.
S02, amplifying the attacked data in the sample data set to obtain an amplified sample data set;
s03, extracting a sample time domain attack gene corresponding to each piece of data from the amplified sample data set by using a discrete wavelet transform mode;
s04, training a preset graph neural network based on all sample time domain attack genes to obtain a trained graph neural network model.
Optionally, in the above technical solution, S02 specifically includes:
s020, processing all data in the sample data set by using a variable decibel She Sigao Si mixed model to obtain data with Gaussian distribution;
s021, combining a preset attack tag condition control vector and data with Gaussian distribution, and improving a preset generation countermeasure network model to obtain a grid FDIA condition generation countermeasure network model applicable to form data;
s022, generating an countermeasure network model by utilizing the FDIA condition of the power grid, and amplifying the attacked data in the sample data set to obtain an amplified sample data set.
Wherein, S020 specifically includes: through the expectation maximization, k optimal Gaussian models are searched, all data in the sample data set are fitted through the k optimal Gaussian models, and the data with Gaussian distribution are obtained, which can be understood as: the variable decibel She Sigao-based hybrid model is used for searching k optimal Gaussian models through expected maximization, and fitting all data in a sample data set through the k optimal Gaussian models to obtain data with Gaussian distribution.
Wherein, S021 specifically includes:
s0210, inputting a preset attack tag condition control vector and data with Gaussian distribution into a preset generation countermeasure network model for training, and updating parameters of a generator of the preset generation countermeasure network model and parameters of a discriminator of the preset generation countermeasure network model to obtain a grid FDIA condition generation countermeasure network model applicable to form data;
wherein, the table data means that the constructed sample data set is table data;
the attack tag condition control vector refers to a vector formed by single thermal coding of all attack tag discrete columns, and the attack tag discrete columns refer to: the labels set for each piece of data of the sample dataset are discrete.
Wherein generating the countermeasure network model includes a generator and a arbiter; the network structure of the generator comprises: batch normalization processing layer, leakyReLU activating layer, pooling layer, full connection layer and Sigmoid activating function; the network structure of the arbiter comprises: batch normalization processing layer, reLU activating layer, pooling layer, full connection layer and Tanh activating function;
the loss function that generates the countermeasure network model is a cross entropy function, and the optimizer that generates the countermeasure network model is an Adam gradient optimizer.
The above process can be explained as:
firstly, encoding discrete attack data labels into a single-heat encoding form to form attack label condition control vectors as the condition input of CPFGAN; then processing the continuous power grid measurement values through a variable decibel leaf model, searching k optimal Gaussian models based on expected maximization to fit the measurement values, determining the most suitable k value through a weight threshold, and taking the processed measurement data as the input of CPFGAN; then constructing CPFGAN (composite Power grid) comprising a generator and a discriminator, wherein the network structure of the discriminator comprises a batch normalization processing layer, a LeakyReLU activation layer, a pooling layer, a full connection layer and a Sigmoid activation function, and the network structure of the generator comprises a batch normalization processing layer, a ReLU activation layer, a pooling layer, a full connection layer and a Tanh activation function; and finally, defining a cross entropy function as a loss function of the model, selecting an Adam gradient optimizer, inputting the data set and the condition vector processed in the steps into a CPFGAN model for training, updating parameters of a generator and a discriminator, setting the number of FDIA samples to be generated under the condition input of the condition control vector of the attack tag, and outputting the generated FDIA sample data set by the model.
In S03, the time domain attack gene is defined as: the characteristics of the original FDIA sample dataset are extracted by a wavelet transformation digital signal processing technology, and the characteristics hidden by the input characteristics are called time domain attack genes. The specific implementation process of S03 is as follows:
the input signal (characteristic sequence of line active power flow, reactive power flow, node active injection power, reactive injection power, node voltage amplitude, etc.) is convolved with a wavelet, which is a zero-mean function derived from a predefined mother wavelet. Typically, a wavefront ψ a,b (t) can be expanded by its parent wavefront ψ (t), as shown in the first equation:
where a and b are scaling and shifting parameters, respectively, and t is a time scale. Performing a discrete wavelet transform a=2 by discretization j And b=2 j Xk, wherein>
The wavelet may then transform the sequence of input features s (t) using the following second formula:
wherein->
Is a discrete wave, < >>
Is a complex conjugate of (a) and (b).
However, an analytical solution to the second formula is not always available, and to solve this problem, a multi-resolution decomposition position of s (t) is utilized on the number of stages M, which is defined by a third formula:
in the third formula, a M,k And
respectively horizontal approximation coefficients and accompanying scaling functions. s (t) can be decomposed into approximation coefficients A M (t) and detail coefficient D j (t). As can be seen from the second and third formulas, different wavelengths and decomposition levels result in different decomposition signal coefficients. These coefficients will further affect the time domain gene extraction capacity based on wavelet transformation, the present invention selects wavelets from the db and sym families for decomposing the input signal.
According to the third formula, a total of one input signal can be obtainedAnd calculating the corresponding signal coefficient. However, the decomposed data sequence is typically too long to be used for subsequent computation. Furthermore, it has been shown that the statistical features of these data sequences may also represent key features of the input signal. Thus, the average and standard deviation of all coefficients are used to represent the abstract features of the input signal. For each operation state of the n busbar power systems, n×f time domain attack genes are calculated, and f is the number of time domain gene features of each busbar. These time domain attack genes are stored as time domain gene tensors for respective time instances in a feature history database
Optionally, in the above technical solution, S04 specifically includes:
s040, constructing a preset graph neural network, wherein the preset graph neural network model comprises: the input layer, the space gene extraction layer, dense layer and the output layer that set gradually, wherein, the input layer is used for receiving arbitrary sample time domain attack gene, and the space gene extraction layer is used for: generating sample space attack genes according to any sample time domain attack genes; the dense layer is used for: calculating the probability of each second preset node being attacked by using the sample space attack genes, wherein the output layer is used for: outputting the maximum probability of each second preset node being attacked;
s041, setting a training termination condition, wherein the training termination condition is as follows: the loss function of the preset cross entropy loss function is smaller than a preset threshold value, or the preset maximum iteration number is reached;
s042, training a preset graph neural network based on all sample time domain attack genes, and obtaining a trained graph neural network model when the preset graph neural network meets the termination condition.
That is, the graph neural network model (Graph Neural Network, GNN) is a multi-layer model in which the tensors are input
The output tensor of the spatial gene extraction layer l is composed of the instant domain attack genes
Representing, namely, obtaining the space-time attack gene, and outputting the model by +.>
And->
Indicating the location and presence of an attack, where cl indicates the number of channels with L layer 1.ltoreq.l, ARMA-K layer +.>
As input, generate
As an l-layer output, the dense layer propagates information to the whole graph and outputs +.>
Probability of a positioning node attack is performed. Finally, the output layer passes->
Attacks are detected in the GNN and output with Y. Furthermore, reLU activation is used at the end of each ARMA-K layer to increase the nonlinear modeling capability of the model, and sigmoid functions are used to convert the output into probabilities.
Optionally, in the above technical solution, the spatial gene extraction layer is a combination of a plurality of ARMA filters. Compared with a moving average polynomial filter, the filter of the figure provides better frequency response noise robustness, and the implementation mode is as follows:
the potential building blocks of the K ARMA map filters may start with a first order recursive ARMA1 filter, as shown in the fourth equation:
wherein Y is t Is the filter output at iteration t, p and q are arbitrary coefficients, and modified laplacianStyle function->
A linear translation representing L with the same eigenvector as L, where λ is the eigenvalue of the spectrum domain frequency, the translated eigenvalue: />
Is a characteristic value with respect to L. The frequency response of the values Y and L is +.>
In addition, the frequency response obtained by aggregating K ARMA1 filters is +.>
The numerator and denominator of the ARMAK filter of (2) are a K-1 and K-permutation polynomial, respectively.
In each iteration t, each busbar i uses its input
And the outputs of its neighbors ∈>
To modify its output +.>
Wherein c in And c out Expressed as the number of input and output tensor channels. The recursion is expanded into T fixed iterations, which can be represented as a graph neural network layer, as shown in a fifth formula:
wherein->
And->
Is a trainable weight.
The attack detection method based on the attack gene can solve the following technical problems:
1) The actual power CPS attack sample data is less, the normal sample number is more, the false data injection attack detection precision is low due to sample unbalance, the attack detection model is difficult to learn and has poor generalization capability, that is, the existing method generally adopts a simulation mode to generate enough attack sample number, and the network attack sample number of a power system in the actual application is usually far less than the normal measurement sample number, so that the data sample is unbalanced, and the FDIA model detection precision is lower.
2) The single feature extraction method based on deep learning only considers the distribution correlation of data, the power system measurement data features have time domain and space correlation, the existing method only carries out feature extraction from the data driving angle, and the time domain correlation of the current state and the historical state of the power grid, the power grid topological structure and the space correlation of the intelligent ammeter data are ignored. Therefore, comprehensive consideration is required to be carried out on the time domain and the space characteristics, so that the applicability and the detection precision of the electric CPS false data injection attack are further improved;
3) The power grid with the graph topological structure is not suitable for modeling in Euclidean space, and the detection method based on graph signal processing needs to manually set a filter and a detection threshold value, so that the applicability and the efficiency of the detection method are limited.
The attack detection method based on the attack genes has the following technical effects:
1) The method comprises the steps of constructing a power grid FDIA condition generation countermeasure network model, synthesizing more attack samples through original attack sample distribution to balance CPS data sets, and improving the detection precision of FDIA and the generalization capability of a detection model;
2) The FDIAs detection method based on CPFGAN-DWT-GNN is provided, space-time attack genes are obtained through abstract extraction of time domain features and space features, effective detection of FDIAs can be realized based on the attack genes connected with a classifier, and detection accuracy is further improved;
3) An autoregressive moving average (ARMA) graph convolutional filter graph neural network space attack gene extractor is designed, and the filter of the extractor has better noise robustness and frequency response flexibility.
4) The attack time and the space characteristics are considered, the FDIA detection precision of the power grid and the generalization capability of a detection model are improved, the anti-noise performance and the frequency response flexibility are high, and the attack detection efficiency is improved.
Balancing the dataset based on Smote oversampling, adaptive synthetic sampling method (ADASYN) oversampling; FDIA detection method based on convolutional neural network, FDIA detection method based on deep belief network, FDIA detection method based on cyclic neural network, FDIA detection method based on feedforward neural network.
In the above embodiments, although steps S1, S2, etc. are numbered, only specific embodiments are given herein, and those skilled in the art may adjust the execution sequence of S1, S2, etc. according to the actual situation, which is also within the scope of the present invention, and it is understood that some embodiments may include some or all of the above embodiments.
As shown in fig. 2, an attack detection system 200 based on an attack gene according to an embodiment of the present invention includes a first acquisition module 210, a second extraction module 220, and a determination module 230;
the acquisition module 210 is configured to: acquiring at least one piece of power grid measurement data of each first preset node in the power grid to be detected, and forming a data set;
the second extraction module 220 is configured to: obtaining a target time domain attack gene corresponding to each piece of power grid measurement data in a data set by using a discrete wavelet transformation mode;
the determining module 230 is configured to: and obtaining the probability of each first preset node being attacked according to all target time domain attack genes and the trained graph neural network model, and determining whether the power grid to be detected is attacked according to the maximum probability.
Optionally, in the above technical solution, the apparatus further includes a construction module, an amplification module, an extraction module, and a training module;
the construction module is used for: constructing a sample data set, wherein the sample data set comprises a plurality of pieces of normal operation data and a plurality of pieces of attacked data of a plurality of second preset nodes of the power grid;
the amplification module is used for: amplifying the attacked data in the sample data set to obtain an amplified sample data set;
the extraction module is used for: extracting a sample time domain attack gene corresponding to each piece of data from the amplified sample data set by using a discrete wavelet transformation mode;
the training module is used for: training a preset graph neural network based on all sample time domain attack genes to obtain a trained graph neural network model.
Optionally, in the above technical solution, the amplification module is specifically configured to:
processing all data in the sample data set by using a variable decibel She Sigao S mixed model to obtain data with Gaussian distribution;
combining a preset attack tag condition control vector and data with Gaussian distribution, and improving a preset generation countermeasure network model to obtain a grid FDIA condition generation countermeasure network model applicable to form data;
and amplifying the attacked data in the sample data set by using the power grid FDIA condition generation countermeasure network model to obtain an amplified sample data set.
Optionally, in the above technical solution, the process of obtaining data with gaussian distribution by the amplification module includes:
and searching k optimal Gaussian models through expected maximization, and fitting all data in a sample data set through the k optimal Gaussian models to obtain the data with Gaussian distribution, wherein k is a positive integer.
Optionally, in the above technical solution, the process of generating the countermeasure network model by the amplification module to obtain the grid FDIA condition applicable to the table data includes:
inputting the preset attack tag condition control vector and the data with Gaussian distribution into a preset generation countermeasure network model for training, updating parameters of a generator of the preset generation countermeasure network model and parameters of a discriminator of the preset generation countermeasure network model, and obtaining the grid FDIA condition generation countermeasure network model applicable to the form data.
Optionally, in the above technical solution, the training module is specifically configured to:
constructing a preset graph neural network, wherein the preset graph neural network model comprises: the input layer, the space gene extraction layer, dense layer and the output layer that set gradually, wherein, the input layer is used for receiving arbitrary sample time domain attack gene, and the space gene extraction layer is used for: generating sample space attack genes according to any sample time domain attack genes; the dense layer is used for: calculating the probability of each second preset node being attacked by using the sample space attack genes, wherein the output layer is used for: outputting the maximum probability of each second preset node being attacked;
setting a training termination condition, wherein the training termination condition is as follows: the loss function of the preset cross entropy loss function is smaller than a preset threshold value, or the preset maximum iteration number is reached;
training the preset graph neural network based on all sample time domain attack genes, and obtaining a trained graph neural network model when the preset graph neural network meets the termination condition.
Optionally, in the above technical solution, the spatial gene extraction layer is a combination of a plurality of ARMA filters.
The steps for implementing the corresponding functions of the parameters and the unit modules in the attack-gene-based power grid attack detection system 200 according to the present invention may refer to the parameters and the steps in the embodiments of the attack-gene-based power grid attack detection method according to the present invention, and are not described herein.
The storage medium of the invention stores instructions, which when read by a computer, cause the computer to execute the power grid attack detection method based on the attack genes.
An electronic device of the present invention includes a processor and the above-described storage medium, and the processor executes instructions in the storage medium. Wherein, the electronic equipment can be selected from computers, mobile phones and the like.
Those skilled in the art will appreciate that the present invention may be implemented as a system, method, or computer program product.
Accordingly, the present disclosure may be embodied in the following forms, namely: either entirely hardware, entirely software (including firmware, resident software, micro-code, etc.), or entirely software, or a combination of hardware and software, referred to herein generally as a "circuit," module "or" system. Furthermore, in some embodiments, the invention may also be embodied in the form of a computer program product in one or more computer-readable media, which contain computer-readable program code.
Any combination of one or more computer readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples (a non-exhaustive list) of the computer-readable storage medium include an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination thereof. In this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
While embodiments of the present invention have been shown and described above, it will be understood that the above embodiments are illustrative and not to be construed as limiting the invention, and that variations, modifications, alternatives and variations may be made to the above embodiments by one of ordinary skill in the art within the scope of the invention.
Claims (10)
1. The power grid attack detection method based on the attack genes is characterized by comprising the following steps of:
acquiring at least one piece of power grid measurement data of each first preset node in the power grid to be detected, and forming a data set;
obtaining a target time domain attack gene corresponding to each piece of power grid measurement data in the data set by using a discrete wavelet transformation mode;
extracting hidden characteristics of input characteristics by a wavelet transformation digital signal processing technology from characteristics of an original FDIA sample data set, wherein the hidden characteristics are called time domain attack genes;
obtaining the probability of each first preset node being attacked according to all target time domain attack genes and the trained graph neural network model, and determining whether the power grid to be detected is attacked according to the maximum probability, wherein the method specifically comprises the following steps of:
obtaining the probability of each first preset node being attacked according to all the target time domain attack genes and the trained graph neural network model, selecting the maximum probability as the attacked probability of the whole power grid to be detected, judging whether the attacked probability of the whole power grid to be detected exceeds a preset threshold, if so, determining that the power grid to be detected is attacked, and if not, determining that the power grid to be detected is not attacked.
2. The method for detecting the power grid attack based on the attack gene according to claim 1, wherein the obtaining process of the trained graph neural network model comprises the following steps:
constructing a sample data set, wherein the sample data set comprises a plurality of pieces of normal operation data and a plurality of pieces of attacked data of a plurality of second preset nodes of the power grid;
amplifying the attacked data in the sample data set to obtain an amplified sample data set;
extracting a sample time domain attack gene corresponding to each piece of data from the amplified sample data set by using a discrete wavelet transformation mode;
training a preset graph neural network based on all sample time domain attack genes to obtain the trained graph neural network model.
3. The method for detecting the power grid attack based on the attack gene according to claim 2, wherein the amplifying the attacked data in the sample data set to obtain an amplified sample data set includes:
processing all data in the sample data set by using a variable decibel She Sigao S mixed model to obtain data with Gaussian distribution;
combining a preset attack tag condition control vector and the data with Gaussian distribution, and improving a preset generation countermeasure network model to obtain a grid FDIA condition generation countermeasure network model applicable to form data;
and generating an countermeasure network model by utilizing the power grid FDIA condition, and amplifying the attacked data in the sample data set to obtain the amplified sample data set.
4. The method for detecting power grid attack based on attack genes according to claim 3, wherein the processing all data in the sample data set by using a variant db She Sigao s hybrid model to obtain data with gaussian distribution comprises:
and searching k optimal Gaussian models through expected maximization, and fitting all data in a sample data set through the k optimal Gaussian models to obtain the data with Gaussian distribution, wherein k is a positive integer.
5. The method for detecting power grid attack based on attack gene according to claim 4, wherein the step of combining the preset attack tag condition control vector and the data with gaussian distribution to improve a preset generation countermeasure network model to obtain a power grid FDIA condition generation countermeasure network model applicable to form data comprises the steps of:
inputting the preset attack tag condition control vector and the data with Gaussian distribution into the preset generation countermeasure network model for training, and updating parameters of a generator of the preset generation countermeasure network model and parameters of a discriminator of the preset generation countermeasure network model to obtain a grid FDIA condition generation countermeasure network model applicable to form data.
6. The method for detecting power grid attack based on attack genes according to any one of claims 2 to 5, wherein training the preset graph neural network based on all sample time domain attack genes to obtain the trained graph neural network model comprises:
constructing the preset graph neural network, wherein the preset graph neural network model comprises: the input layer, the space gene extraction layer, dense layer and the output layer that set gradually, wherein, the input layer is used for receiving arbitrary sample time domain attack gene, the space gene extraction layer is used for: generating a sample space attack gene according to any sample time domain attack gene; the dense layer is used for: calculating the probability of each second preset node being attacked by using the sample space attack genes, wherein an output layer is used for: outputting the maximum probability of each second preset node being attacked;
setting a training termination condition, wherein the termination condition is as follows: the loss function of the preset cross entropy loss function is smaller than a preset threshold value, or the preset maximum iteration number is reached;
training a preset graph neural network based on all sample time domain attack genes, and obtaining the trained graph neural network model when the preset graph neural network meets the termination condition.
7. The method for detecting grid attack according to claim 6, wherein the spatial gene extraction layer is a combination of a plurality of ARMA filters.
8. The power grid attack detection system based on the attack genes is characterized by comprising a first acquisition module, a second extraction module and a determination module;
the acquisition module is used for: acquiring at least one piece of power grid measurement data of each first preset node in the power grid to be detected, and forming a data set;
the second extraction module is used for: obtaining a target time domain attack gene corresponding to each piece of power grid measurement data in the data set by using a discrete wavelet transformation mode;
extracting hidden characteristics of input characteristics by a wavelet transformation digital signal processing technology from characteristics of an original FDIA sample data set, wherein the hidden characteristics are called time domain attack genes;
the determining module is used for: obtaining the probability of each first preset node being attacked according to all target time domain attack genes and the trained graph neural network model, and determining whether the power grid to be detected is attacked according to the maximum probability, wherein the method specifically comprises the following steps:
obtaining the probability of each first preset node being attacked according to all the target time domain attack genes and the trained graph neural network model, selecting the maximum probability as the attacked probability of the whole power grid to be detected, judging whether the attacked probability of the whole power grid to be detected exceeds a preset threshold, if so, determining that the power grid to be detected is attacked, and if not, determining that the power grid to be detected is not attacked.
9. A storage medium having instructions stored therein, which when read by a computer, cause the computer to perform a method of attack detection according to any of claims 1 to 7 on an attack gene-based power grid.
10. An electronic device comprising a processor and the storage medium of claim 9, the processor executing instructions in the storage medium.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210381108.4A CN114978586B (en) | 2022-04-12 | 2022-04-12 | Power grid attack detection method and system based on attack genes and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210381108.4A CN114978586B (en) | 2022-04-12 | 2022-04-12 | Power grid attack detection method and system based on attack genes and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114978586A CN114978586A (en) | 2022-08-30 |
| CN114978586B true CN114978586B (en) | 2023-07-04 |
Family
ID=82977203
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210381108.4A Active CN114978586B (en) | 2022-04-12 | 2022-04-12 | Power grid attack detection method and system based on attack genes and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114978586B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP4229611A4 (en) * | 2020-10-16 | 2024-04-10 | Visa Int Service Ass | System, method, and computer program product for user network activity anomaly detection |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112200694A (en) * | 2020-10-09 | 2021-01-08 | 华中科技大学 | Dominant instability mode identification model construction and application method based on graph neural network |
| CN112260989A (en) * | 2020-09-16 | 2021-01-22 | 湖南大学 | Power system and network malicious data attack detection method, system and storage medium |
| CN113256096A (en) * | 2021-05-18 | 2021-08-13 | 西华大学 | Power grid fault diagnosis method considering false data injection attack |
| CN113824707A (en) * | 2021-09-13 | 2021-12-21 | 厦门吉快科技有限公司 | Website performance dial testing measurement method and device based on knowledge graph |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109165504B (en) * | 2018-08-27 | 2021-05-07 | 广西大学 | Power system false data attack identification method based on anti-generation network |
| EP4290412A3 (en) * | 2018-09-05 | 2024-01-03 | Sartorius Stedim Data Analytics AB | Computer-implemented method, computer program product and system for data analysis |
| US11606389B2 (en) * | 2019-08-29 | 2023-03-14 | Nec Corporation | Anomaly detection with graph adversarial training in computer systems |
| CN111353153B (en) * | 2020-03-04 | 2022-11-01 | 南京邮电大学 | GEP-CNN-based power grid malicious data injection detection method |
| CN111885000B (en) * | 2020-06-22 | 2022-06-21 | 网宿科技股份有限公司 | Network attack detection method, system and device based on graph neural network |
| CN112565187B (en) * | 2020-11-03 | 2023-05-09 | 特变电工新疆新能源股份有限公司 | Power grid attack detection method, system, equipment and medium based on logistic regression |
| CN112465006B (en) * | 2020-11-24 | 2022-08-05 | 中国人民解放军海军航空大学 | Target tracking method and device for graph neural network |
| CN112699936B (en) * | 2020-12-29 | 2022-06-28 | 东北电力大学 | Electric power CPS generalized false data injection attack identification method |
| CN112686775A (en) * | 2021-01-04 | 2021-04-20 | 中国电力科学研究院有限公司 | Power network attack detection method and system based on isolated forest algorithm |
| CN113055358B (en) * | 2021-02-24 | 2022-08-12 | 东北电力大学 | Power CPS risk propagation range prediction method and system based on cooperative attack genes |
| CN113904786B (en) * | 2021-06-29 | 2023-05-30 | 重庆大学 | False data injection attack identification method based on line topology analysis and tide characteristics |
| CN113572771B (en) * | 2021-07-26 | 2023-04-07 | 深圳供电局有限公司 | Power grid CPS network attack identification method and system |
| CN113553584A (en) * | 2021-07-30 | 2021-10-26 | 国家工业信息安全发展研究中心 | Method, system and storage medium for detecting unknown threats of industrial internet security |
| CN114091816A (en) * | 2021-10-15 | 2022-02-25 | 浙江大学 | Power distribution network state estimation method based on gated graph neural network of data fusion |
-
2022
- 2022-04-12 CN CN202210381108.4A patent/CN114978586B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112260989A (en) * | 2020-09-16 | 2021-01-22 | 湖南大学 | Power system and network malicious data attack detection method, system and storage medium |
| CN112200694A (en) * | 2020-10-09 | 2021-01-08 | 华中科技大学 | Dominant instability mode identification model construction and application method based on graph neural network |
| CN113256096A (en) * | 2021-05-18 | 2021-08-13 | 西华大学 | Power grid fault diagnosis method considering false data injection attack |
| CN113824707A (en) * | 2021-09-13 | 2021-12-21 | 厦门吉快科技有限公司 | Website performance dial testing measurement method and device based on knowledge graph |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114978586A (en) | 2022-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109635928B (en) | Voltage sag reason identification method based on deep learning model fusion | |
| CN109413028B (en) | SQL injection detection method based on convolutional neural network algorithm | |
| Gao et al. | Power quality disturbance classification under noisy conditions using adaptive wavelet threshold and DBN-ELM hybrid model | |
| CN113904786B (en) | False data injection attack identification method based on line topology analysis and tide characteristics | |
| CN114978586B (en) | Power grid attack detection method and system based on attack genes and electronic equipment | |
| CN116401532B (en) | Method and system for recognizing frequency instability of power system after disturbance | |
| CN113765880A (en) | Power system network attack detection method based on space-time correlation | |
| CN116756594A (en) | Method, system, equipment and medium for detecting abnormal points of power grid data | |
| CN110766215B (en) | Wind power climbing event prediction method based on feature adaptive selection and WDNN | |
| CN115481657A (en) | Wind generating set communication slip ring fault diagnosis method based on electric signals | |
| CN116863959B (en) | Dolphin sound generating method based on generating countermeasure network | |
| CN113886821A (en) | Malicious process identification method and device based on twin network, electronic equipment and storage medium | |
| CN116545764B (en) | Abnormal data detection method, system and equipment of industrial Internet | |
| Huang et al. | SOPA‐GA‐CNN: Synchronous optimisation of parameters and architectures by genetic algorithms with convolutional neural network blocks for securing Industrial Internet‐of‐Things | |
| CN115936926A (en) | SMOTE-GBDT-based unbalanced electricity stealing data classification method and device, computer equipment and storage medium | |
| CN116400168A (en) | Power grid fault diagnosis method and system based on depth feature clustering | |
| CN116226770A (en) | Time sequence data anomaly detection method and device | |
| CN115664814A (en) | Network intrusion detection method and device, electronic equipment and storage medium | |
| CN116975742A (en) | Partial discharge pattern recognition method, apparatus, device, and storage medium | |
| CN114511194A (en) | Operation risk prediction method and system of power Internet of things and electronic equipment | |
| Stefanoiu | A genetic matching pursuit algorithm | |
| CN113740671A (en) | Fault arc identification method based on VMD and ELM | |
| CN117390508B (en) | Hydroelectric generating set signal state identification method based on time-shifting multi-scale cosine similarity entropy | |
| CN115865458B (en) | Network attack behavior detection method, system and terminal based on LSTM and GAT algorithm | |
| CN115345202B (en) | Method and system for detecting interaction data abnormality of third party load aggregation platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |