CN106375344A - Intelligent grid load integrity attack detection method for cloud storage - Google Patents

Abstract

The invention provides an intelligent grid load integrity attack detection method for cloud storage, thereby guaranteeing secure and stable operation of the power system. According to the technical scheme, a data collector encrypts grid load data collected by an intelligent instrument and then the encrypted data are stored into a cloud storage unit dynamically by a cloud; a data analyst initiates a verification attack; the cloud storage unit generates a verification evidence; and then the data analyst carries out attach verification and decides whether to carry out an analysis operation or a re collection operation on data in the cloud storage unit based on the verification result. According to the invention, the system measuring value is protected by using an encryption technology, thereby reducing the measuring value redundancy, shortening attach detection time, and preventing a false data injection attack. On the basis of the cloud storage technology, the collected massive system measuring values are stored into the cloud and thus the load integrity attack detection is suitable for large-scale data, thereby guaranteeing secure and stable operation of the power system.

Description

A kind of intelligent grid load integrity attack detection method towards cloud storage

Technical field

The present invention relates to a kind of be based on cryptographic load integrity attack detection method, belong to detection technique field.

Background technology

Under the situation that intelligent grid deeply advances, the digitized of power system, information-based and intellectuality fast development.Intelligence The application of energy transformer station, intelligent electric meter, real-time monitoring system, the mobile examination and repair system in scene, measurement and control integration system etc., makes data Scale and species rapid growth.Cloud storage technology is by functions such as cluster application, network technology or distributed file systems, Physical memory resources seamless integration in cluster is unified storage system, such that it is able to store the big number in intelligent grid According to.Load data is mainly derived from the systems such as power information acquisition system, load control system, Power Quality Detection, is load Prediction and the basis of Load Characteristic Analysis, are also basis Demand-side being carried out with load adjustment with controlling.In such as power system The fluctuation of load changes, it will change operating frequency and the electric pressure of electrical network.The complete sexual assault of load is for system mode The new attack method estimated.Attacker passes through to gather and analyze the data of intelligence instrument, injects after pre-establishing false data, Thus effectively bypassing detection and the defence of system, the result of impact system state estimation, and then so that control centre is made mistake System running state and do the decision-making making mistake, also can mislead system enter a unsafe mode of operation, lead in portion Divide load on transmission line can exceed that ability to bear.Therefore, in the environment of intelligent grid, the data leakage that analysis system exists Hole, the corresponding detection of research and prevention method, have important theory and realistic meaning.

The prevention method that many scholars attack to load data is studied, and achieves a series of achievement in research, such as By protecting one group of measuring value come security from attacks；To protect by way of for each direction of energy measuring value add-on security index Measuring value；To select a subset measuring using greedy algorithm, by increasing the quantity of the measuring value detecting, identification injection False data is attacked；Method with support vector machine svm carries out abnormality detection etc..But these methods all exist such or such Deficiency, such as cause measuring value redundancy to a certain extent；It is only applicable to traditional false data injection attacks it is difficult to adapt to big Scale data etc. is it is impossible to ensure the safety and stablization operation of power system.

Content of the invention

Present invention aims to the drawback of prior art, provide a kind of intelligent grid load towards cloud storage complete Whole sexual assault detection method, is run with the safety and stablization guaranteeing power system.

Problem of the present invention is to be solved with following technical proposals:

A kind of intelligent grid load integrity attack detection method towards cloud storage, methods described is first by data acquisition After the network load data encryption that intelligence instrument is collected by person, by cloud dynamical save to cloud storage；Then divided by data Analysis person initiates checking and attacks；And then experimental evidence is generated by cloud storage；Finally carry out attacking checking by data analysiss person, and according to Determine the data in cloud storage is analyzed with operation or Resurvey operation according to the result.

The above-mentioned intelligent grid load integrity attack detection method towards cloud storage, methods described is entered according to the following steps OK:

A. data acquisition person carries out pretreatment operation to the data that intelligence instrument gathers, and various data structures are processed into Cim/xml form, and file is carried out with piecemeal operation:

Data acquisition person, by after the data acquisition in intelligence instrument, is processed into cim/xml the data of various structures first Data file form f, and file f is divided into n sub-block, obtain sub-block m_i(1≤i≤n), then each partition be K basic block, obtains basic block m_i,j(1≤i≤n.1≤j≤k), builds a state table s-table and records all of sub-block m_i；

B. data acquisition person carries out initialization operation, the label information of generation public key and private key and each basic block:

Data acquisition person calls key schedule to generate public key pk=(e, n) and private key sk=d, and public key is open, private key Oneself preserves；And generate each basic block m_i,jThe label information t of (1≤i≤n.1≤j≤k)_i,j:

$t_{i,j}=e^{m_{i,j}h\left(m_{i,j}\right)f_i\left(j\right)}$

Two Big prime that wherein n=p × q, p and q are randomly generated, and p ≠ q, φ (n)=(p-1) (q-1), at random Number e ∈ [0, φ (n) -1], and relatively prime with φ (n), d meets ed ≡ 1 (mod φ (n)), and h () is homomorphism hash function, f () It is pseudo-random function；

Data acquisition person is associated with the label information of sub-block and sub-block on s-table, file f and contingency table s- Table uploads in cloud storage and preserves, and the s-table person that shares to data analysiss；

C. data analysiss person initiates to verify and attacks:

Data analysiss person randomly chooses a coefficient c (1≤c≤n) and is sent to cloud storage, after cloud storage receives c, Find corresponding c-th sub-block, and the label information t of the basic block comprising according to sub-block_i,jIt is calculated the label letter of sub-block Breath t_i:

$t_i=e^{\underset{i=1.j=1}{\overset{i=n,j=k}{\σ}}{m}_{i,j}h\left(m_{i,j}\right)f_i\left(j\right)f\left(i\right)};$

Data analysiss person generates random number r ∈ [1,2^k- 1] and attack checking request chal={ r, c }；

D. cloud storage generation experimental evidence r:

Cloud storage calculates:

e_r=e^rmodn

And calculate output experimental evidence:

$r={\left(e_r\right)}^{\underset{t=1,j=1}{\overset{t=c,j=k}{\σ}}{m}_{t,j}h\left(m_{t,j}\right)f_t\left(j\right)f\left(t\right)}\mathrm{mod}n$

Then by the label information t of sub-block_iWith the experimental evidence r person that is sent to data analysiss；

E. data analysiss person carries out attacking and verifies:

Data analysiss person is by experimental evidence r, the public key pk of file to be detected, sub-block m_iLabel information t_iAnd checking please Seek chal, calculate:

$t=\underset{t=1}{\overset{c}{\π}}{t}_t^r\mathrm{mod}n$

N is the parameter in public key pk, t_iIt is the label of i-th data block, with t_tIt is a meaning, representative is t-th number Label according to block；

Wherein, t, 1≤t≤c is the data block number randomly drawed, t_t ^rIt is that any one data block uses random number r to generate Label information；

Data analysiss person is the correct checking information of file generated to be detected:

R'=t^rmodn

Wherein, t^rIt is total label information of the data genaration extracting, compare whether equation r'=r sets up；

Verify correct checking information r' that the experimental evidence r data analyst that generated by cloud storage generates whether phase Deng, if r'=r illustrate cloud storage in measuring value correctly stored, data analysiss person can download safely the measurement of needs Value, then carries out system mode analysis；Otherwise the measuring value in explanation cloud storage has been tampered or has deleted, data analysiss person May require that data acquisition person's Resurvey data.

The above-mentioned intelligent grid load integrity attack detection method towards cloud storage, when there being data analysiss, person needs simultaneously When carrying out m integrality verification request, then using the method for batch checking:

First, data analysiss person sends m checking request { chal } to cloud storage；Secondly, cloud storage receives to be tested After card request, it is respectively each checking request and generates experimental evidence r_m, andFinally, data analysiss person generates and tests Card information r'_m, andIntegrity further according to r' and r whether equal checking data.

The present invention passes through encryption technology protection system measuring value, reduces measuring value redundancy, reduces the time of attack detecting, prevents Only false data injection attacks.The method passes through cloud storage technology, the magnanimity collecting system quantities measured value is stored to high in the clouds, makes Load integrity attack detecting is applied to large-scale data, ensures that the safety and stablization of power system are run.

Brief description

Fig. 1 is the detection model Organization Chart of the present invention；

Fig. 2 is flow chart of the present invention；

Fig. 3 is sub-block size and required time relation；

Fig. 4 is that this paper algorithm was compared with the extreme learning machine proving time.

The each label of in figure is expressed as: m_iFor sub-block, m_i,jFor basic block, pk is public key, and sk is private key, t_i,jFor m_i,j Label information, two Big prime that p and q is randomly generated, h () be homomorphism hash function, f () is pseudo-random function, c For the coefficient randomly choosing, t_iFor the label information of sub-block, r is that cloud storage generates random number, and r is experimental evidence, and chal is Checking request,It is any one data block using the correct verification letter that the label information r' that random number r generates is file to be detected Breath, t^rIt is total label information of the data genaration extracting.

Specific embodiment

The invention will be further described below in conjunction with the accompanying drawings.

1. load integrity Attack Detection Model Based design

The entity of load complete sexual assault (loadintegrityattack, lia) detection model is broadly divided into three portions Point: data acquisition person；Cloud storage；Data analysiss person.Collector, after the measuring value encryption collecting in intelligence instrument, is led to Cross cloud dynamical save to cloud storage, power system can carry out integrity by data analysiss person to the data in cloud storage and test Card.After being proved to be successful, state estimation is carried out to the data and information of correct storage, thus effectively stoping false data from being injected into In intelligence instrument.Lia detection model framework is as shown in Figure 1.

Lia detects and is broadly divided into following three step:

(1) measuring value gathering in intelligence instrument is stored cloud storage by data acquisition person, and high in the clouds is processed and amount of storage Measured value.

(2) data analysiss person can carry out load integrity verification to the measuring value in cloud storage.

(3), when being verified, data analysiss person with downloading data and can carry out system mode analysis；When checking is not passed through When, then prove that the data in cloud storage is incorrect, can search wrong data or even Resurvey.

2.lia detection algorithm design philosophy

Load integrity attack detecting algorithm (load integrity attack attack detection, lia-ad) Flow chart as shown in Figure 2.First pretreatment operation is carried out to the data of collection, various data structures are processed into cim/xml Form, and piecemeal operation is carried out to file.Secondly data acquisition person carries out initialization operation, generate public key and private key and each The label information of basic block.Then initiate checking by data analysiss person to attack, verify that the measuring value being stored in cloud storage is No complete.And then cloud storage generates experimental evidence.Final data analyst carries out attacking checking, and determines according to the result Data in cloud storage is analyzed with operation or Resurvey operation.

3.lia-ad arthmetic statement

(1) pretreatment

Data acquisition person after the data acquisition in intelligence instrument, will call key schedule to generate key parameter, public key Open, private key oneself preserves.First the data of various structures is processed into cim/xml data file form f, and f is divided into n Individual sub-block, obtains sub-block m_i(1≤i≤n).Then each partition be k basic block, obtain basic block m_i,j(1≤i≤ n.1≤j≤k).Build a state table s-table and record all of sub-block m_i, as shown in table 1.

The structure of table 1 table s-table

Wherein, fb represents sub-block, and bn represents the physics sequence number of sub-block, and sn represents the insertion sequence of sub-block.Cloud storage is deposited Storage key, label information set and s-table table.Algorithm mainly includes following process:

(2) initialize

The inputoutput data of initial phase is:

Input: { d, e, n }；

Output: { pk, sk, t_i,j, t_i}.

Two Big prime that wherein n=p × q, p and q are randomly generated, and p ≠ q.φ (n)=(p-1) (q-1), at random Number e ∈ [0, φ (n) -1], and relatively prime with φ (n).D meets ed ≡ 1 (mod φ (n)).Public key pk=(e, n), private key sk=d, t_i,jFor basic block m_i,jThe label of (1≤i≤n.1≤j≤k), t_iFor sub-block m_iThe label of (1≤i≤n).

Data acquisition person generates public key and private key in this stage, for data analysiss person to the number being stored in cloud storage According to being verified and deciphered.And be each basic block m_i,j(1≤i≤n.1≤j≤k) generates label information t_i,j:

$t_{i,j}=e^{m_{i,j}h\left(m_{i,j}\right)f_i\left(j\right)}---\left(1\right)$

The label information of sub-block and sub-block is associated with s-table.Wherein h () is homomorphism hash function, and f () is Pseudo-random function.

Finally, information gathering person uploads to file f and contingency table s-table in cloud storage and preserves, and s-table The person that shares to data analysiss.

(3) initiate checking to attack

The inputoutput data initiating checking phase of the attack is:

Input: { c }；

Output: { chal }.

Wherein, c (1≤c≤n) is random number, and chal is checking request.

The main purpose attacking checking is to carry out disclosure by data analysiss person to the data of storage in cloud storage to verify, from And ensure that stored measuring value is not tampered with or deletes.The process of checking is that data acquisition person randomly chooses in memory block C block is verified, proves safety and the high efficiency of this kind of method in next trifle.

One coefficient c of data analysiss person's stochastic inputs (1≤c≤n) are sent to cloud storage, after cloud storage receives c, look into Find corresponding c-th sub-block, and the label information t of the basic block comprising according to sub-block_i,jIt is calculated the label information of sub-block t_i:

$t_i=e^{\underset{i=1.j=1}{\overset{i=n,j=k}{\σ}}{m}_{i,j}h\left(m_{i,j}\right)f_i\left(j\right)f\left(i\right)}---\left(2\right)$

Data analysiss person generates random number r ∈ [1,2^k- 1] and attack checking request chal.

(4) generate experimental evidence

The inputoutput data producing the experimental evidence stage is:

Input: { pk, chal }；

Output: { r }.

Wherein, pk is public key, the attack checking request that chal sends for data analysiss person, and r is testing that cloud storage generates Card evidence.

Data analysiss person, in order to verify whether the measuring value in cloud storage is correctly stored, initiates challenge to cloud storage Require checking.After the challenge of cloud storage receives data analysiss person, generate challenge information, that is, attack experimental evidence, Ran Houfa Person carries out integrity verification to give data analysiss.

Attack checking request and include public key pk and checking request chal.After cloud storage receives attack checking request, calculate:

e_r=e^rmodn, (3)

And calculate output experimental evidence:

$r={\left(e_r\right)}^{\underset{t=1,j=1}{\overset{t=c,j=k}{\σ}}{m}_{t,j}h\left(m_{t,j}\right)f_t\left(j\right)f\left(t\right)}\mathrm{mod}n---\left(4\right)$

(5) attack checking

The inputoutput data attacking Qualify Phase is:

Input: { r, pk, chal }；

Output: { 0or1 }.

Wherein, the experimental evidence that r generates for cloud storage, pk is public key, and chal is checking request.Output result be 0 or Person 1, represents the result success, and file is not attacked；Otherwise 1 represents authentication failed, file is attacked.

After data analysiss person receives experimental evidence, proceed by load integrity verification.Proof procedure is as follows.

By experimental evidence r, the public key pk of file to be detected, sub-block m_iLabel information t_iAnd checking request chal, meter Calculate:

$t=\underset{t=1}{\overset{c}{\π}}{t}_t^r\mathrm{mod}n---\left(5\right)$

Data analysiss person is the correct checking request of file generated to be detected:

R'=t^rmod n (6)

Verify correct checking information r' that the experimental evidence r data analyst that generated by cloud storage generates whether phase Deng.If:

R'=r (7)

Then return 0, that is, the measuring value in cloud storage is correctly stored, the download that data analysiss person can be safe needs Measuring value, then carry out system mode analysis.Otherwise return 1, represent the measuring value in cloud storage and be tampered or deleted Remove, data analysiss person may require that data acquisition person carries out Resurvey.

(6) batch is verified

When the person that has data analysiss needs to carry out m integrality verification request simultaneously, we are using the method for batch checking. First, send m checking request chal to cloud storage.Secondly, after cloud storage receives checking request, it is respectively each and tests Card request generates experimental evidence r_m, andFinally, data analysiss person generates checking information r'_m, and Verify the integrity of data again.

4. Correctness Analysis

This paper load complete sexual assault verification method is primarily directed to protection system measuring value and is verified.By system measurements Value dynamic memory, to cloud storage, prevents from being obtained, alter or deleting by attacker, data analysiss person is in order to correctly to system Measuring value carries out state analysiss, carries out integrity verification first, downloads related data again and carry out state analysiss after being verified. Correctness for this method enters line justification it was demonstrated that result is as follows.

Peer-to-peer (7) is verified, calculation procedure is:

$\begin{array}{c}{r}^{\′}=t^r\mathrm{mod}n=(t_1^r\·t_2^r...\·\·t_c^r)\mathrm{mod}n=\\ e^{{\mathrm{rm}}_1,1^{h(m_1,1)f_1\left(1\right)f\left(1\right)}}\·e^{{\mathrm{rm}}_1,2^{f(m_1,2)f_1\left(2\right)f\left(1\right)}}...\·\·\\ e^{{\mathrm{rm}}_1,k^{f(m_1,k)f_1\left(k\right)f\left(1\right)}}...\·\·e^{{\mathrm{rm}}_4,k^{f(m_4,k)f_4\left(k\right)f\left(4\right)}}...\·\·\\ e^{{\mathrm{rm}}_c,k^{h(m_c,k)f_c\left(k\right)f\left(c\right)}}\mathrm{mod}n=\\ \underset{t=1,j=1}{\overset{t=c,j=k}{\σ}}\left(e^{{\mathrm{rm}}_t,j^{h(m_t,j)f_t\left(j\right)f\left(t\right)}}\right)\mathrm{mod}n=\\ \left(e^r\right)\underset{t=1,j=1}{\overset{t=c,j=k}{\σ}}{m}_t,j^{h(m_t,j)f_t\left(j\right)f\left(t\right)}\mathrm{mod}n=r\end{array}$

As it appears from the above, obtaining equation r'=r it was demonstrated that context of methods is correct.If there is inequality r' ≠ r, prove The system quantities measured value being stored in cloud storage is altered or deleted by attacker, then need Resurvey data to carry out system State analysiss.

5. safety analysiss

It is usually that metric data is passed to control centre that intelligent grid information exchanges, and the metric data of mistake can disturb Control centre makes irrational state estimation.In meeting complete sexual assault, there are two major issues: 1) attacker alters Or deleting the system quantities measured value being saved in cloud storage, affecting system state estimation, thus reaching attack purpose.2) attack Person attempts by obtaining simultaneously analysis system measuring value, and then the data pre-establishing is injected into the data that intelligence instrument collects In, safely store cloud storage, do not found, impact system mode is estimated by data acquisition personnel's data analysis personnel Meter.In order to prove the safety of this paper scheme, line justification is entered in the safety with regard to above-mentioned two problems herein.

In order to prove that the system quantities measured value in cloud storage do not altered by attacker or delete, that is, prove that this paper's is complete Integrity verification scheme is correct and safe.

Under the hypothesis of big integer factorization difficulty sex chromosome mosaicism, lia-ad algorithm is safe to theorem 1.

Prove: if attacker is attacked, then have following steps:

(1) key generates.Data acquisition person generates public key and private key, and public key is open.

(2) label generates.Attacker is sub-block m_i(1≤i≤n) is sent to data acquisition person, and data acquisition person is to sub-block m_i In basic block signature, obtain label t_i, and send information to attacker.

(3) generate experimental evidence.Data analysiss person generates checking request chal and is sent to attacker, and attacker is according to checking Request chal and sub-block m_i(1≤i≤n) and its corresponding label information t_iGenerate detection information r, and be sent to data and divide Analysis person.

(4) attack checking.Data integrity evidence { the m that data analysiss person returns according to attacker_i', r', e'} calculate and test Card information, obtains

$r^{\′}={\left({e^{\′}}_{r^{\′}}\right)}^{\underset{t=1,j=1}{\overset{t=c,j=k}{\σ}}{m_i}^{\′},f\left({m_{i,j}}^{\′}\right)f_i\left(j\right)f\left(i\right)}\mathrm{mod}n$

Wherein, m_i' for attacker generate sub-block, two randoms number that r' and e' generates for attacker.

If attacker wants success attack, m must be made_i'=m_i, r'=r, e'=e, then r'=r establishment.Work as attack Person distorts or deletes a part of sub-block m_iWhen (1≤i≤n), if wanting, by integrity verification, attacker puppet must produce conjunction Suitable m_i'=m_i, r'=r, e'=e make r'=r set up, that is, attacker have the ability puppet produce two big random prime numbers p and q, satisfaction P ≠ q, and g^p=g^qModn, wherein g are set of integers z_n ^*One generation unit.So,Set up, thus p-q can To be used for carrying out decomposing large integer n.

So, under the hypothesis of big integer factorization difficulty sex chromosome mosaicism, if attacker wants by distorting or forging Data passes through integrity verification, then attacker must correctly hold whole system quantities measured values and all of label information.I.e. Prove that the system quantities measured value being stored in cloud storage cannot be attacked under the hypothesis of big integer factorization difficulty sex chromosome mosaicism Person alters or deletes.

In problem 2, attacker attempts by injecting the data analyzed in advance in intelligence instrument, that is, to be securely stored in cloud Memorizer, then attacker must possess the privilege of data acquisition person, such as private key and key.Proof procedure is as follows.

Theorem 2, under the hypothesis of big integer factorization difficulty sex chromosome mosaicism, the false data of injection is saved in cloud storage Device is difficult.

Prove: lia is a kind of new false data injection attacks, and attacker is by the information in a large amount of intelligence instruments Collect and analyze, inject the false data pre-establishing in intelligence instrument.If but attacker is thought of as work(, being necessary for falseness Data is successfully saved in cloud storage.Initialize first.Attacker by key schedule generate public private key pair (pk', Sk'), at random generate two Big prime p' and q', and p' ≠ q', calculate n'=p' × q' andGive birth at random Become random number e'(e' ∈ z_n), make gcd (e', φ (n'))=1.Then public key pk'=(n', e'), private key sk'=(p', q').

But, public key is disclosed, i.e. pk=pk', n=n', e=e', if attacker expects private key sk, must count Calculate n'=n=p × q, and decompose.So under the hypothesis of big integer factorization difficulty sex chromosome mosaicism, attacker obtains private key is Difficult, that is, the false data of injection is saved in cloud storage by attacker is difficult.

In order to verify designed lia-ad algorithm feasibility, effectiveness, carry out related experiment.Using matlab 2010b environment generation ieee118 node standard testing sample, hardware configuration is cpu intel core 2duo 3.4ghz, 1.5g ram.The part such as simulation physical node, sensor, controller and control centre in computer cluster.In physical node Network bottom layer is provided with model and calculates center, and the metric data by matpower tool kit generation standard nodes, wherein raw Become ieee118-bus node system metric data 900, false metric data 900.Real-time using optimal electrical power routing algorithm Simulating grid state complies with electrical network rule, and the heart sets up state estimation mechanism in the controlling, really reflects electric power comprehensively System mode.

6. experiment and interpretation of result

This paper experimental situation is the hadoop cloud platform building 4 nodes in laboratory, and the machine of each node is configured to Intel (r) core (tm) i5-24004-core cpu@2.60ghz, 4gbram, the network bandwidth is 100mbit/s, hadoop version This is 0.20.2.

First, we are processed as cim/xml file format to 900 metric data generating, and the document after parsing is added It is saved in hbase after close, and load integrity verification is carried out to it.

(1) test 1 safety experiment

Store after three system quantities measured values (a, b, c) are carried out by piecemeal and sign, a is deleted with 10% data, b is changed 10% data, does not do any operation to c.Finally, integrity detection is carried out to three system quantities measured values.Testing result such as table 2 Shown.

Table 2 testing result

Obtained by experiment, after file is tampered or deletes, all cannot pass through the integrity detection of lia-ad algorithm, only File either with or without modification can pass through integrity verification.Prove that this paper scheme is safe.

(2) experiment 2 time overhead experiment

For same system measuring value, select different file sub-block sizes, seek the time overhead in integrity detection. Assume there are 900 metric data in a file, after it is carried out with cim/xml data file parsing, about 10mb, when there being falseness During Data attack, seek expense average time of lia-ad algorithm.Sub-block size selects 2 successively, 4,8,16,32,64,128kb, often Secondary choose 460 pieces, record each time and communication overhead.Experimental result is as shown in Figure 3.

Test result indicate that, in lia-ad algorithm, the size of file sub-block is not almost had with the expense of checking and detection-phase Have an impact, the time that calculates is basicly stable, verify that the complete sexual stage averagely needs 1.61s, checking information generation phase averagely needs 0.64s, detection request stage averagely needs 0.14s, and the calculating time totally needs 2.39s.

(3) comparative experimentss of experiment 3 and additive method

Activation primitive detection institute by the proving time of lia-ad algorithm and neuron in several basic extreme learning machines Take time and contrasted, comparing result is as shown in Figure 4.As can be seen from Figure 4 during average training needed for different activation primitives Between, average detected time and total time be different.And the total time needed for lia-ad algorithm of this paper is minimum.

Extreme learning machine is by the basic skills of load complete sexual assault checking, by god in extreme learning machine grader Through first activation primitive, data is dropped to after 5 dimensions, then carry out 100 tests, obtain the average detected time.Due to limit study After machine needs first training sample data, then carry out load integrity attack detecting, and proposed lia-ad algorithm be After data encryption, directly carry out load complete sexual assault checking, greatly save attack checking required time.

Claims (3)

1. a kind of intelligent grid load integrity attack detection method towards cloud storage, is characterized in that, methods described first by After the network load data encryption that intelligence instrument is collected by data acquisition person, by cloud dynamical save to cloud storage；Then Initiate checking by data analysiss person to attack；And then experimental evidence is generated by cloud storage；Finally attacked by data analysiss person Checking, and determine the data in cloud storage is analyzed with operation or Resurvey operation according to the result.

2. a kind of intelligent grid load integrity attack detection method towards cloud storage according to claim 1, it is special Levying is, methods described sequentially includes the following steps:

A. data acquisition person carries out pretreatment operation to the data that intelligence instrument gathers, and various data structures are processed into cim/ Xml form, and file is carried out with piecemeal operation:

Data acquisition person, by after the data acquisition in intelligence instrument, is processed into cim/xml data the data of various structures first Document format f, and f is divided into n sub-block, obtain sub-block m_i(1≤i≤n), then that each partition is basic for k Block, obtains basic block m_i,j(1≤i≤n.1≤j≤k), builds a state table s-table and records all of sub-block m_i；

B. data acquisition person carries out initialization operation, the label information of generation public key and private key and each basic block:

Data acquisition person calls key schedule to generate public key pk=(e, n) and private key sk=d, and public key is open, private key oneself Preserve；And generate each basic block m_i,jThe label information t of (1≤i≤n.1≤j≤k)_i,j:

$t_{i,j}=e^{m_{i,j}h\left(m_{i,j}\right)f_i\left(j\right)}$

Two Big prime that wherein n=p × q, p and q are randomly generated, and p ≠ q, φ (n)=(p-1) (q-1), random number e ∈ [0, φ (n) -1], and relatively prime with φ (n), d meets ed ≡ 1 (mod φ (n)), and h () is homomorphism hash function, and f () is pseudo- Random function；

Data acquisition person is associated with the label information of sub-block and sub-block on s-table, in file f and contingency table s-table Pass in cloud storage and preserve, and the s-table person that shares to data analysiss；

C. data analysiss person initiates to verify and attacks:

Data analysiss person randomly chooses a coefficient c (1≤c≤n) and is sent to cloud storage, after cloud storage receives c, searches To corresponding c-th sub-block, and the label information t of the basic block being comprised according to sub-block_i,jIt is calculated the label information of sub-block t_i:

$t_i=e^{\underset{i=1.j=1}{\overset{i=n,j=k}{\σ}}{m}_{i,j}h\left(m_{i,j}\right)f_i\left(j\right)f\left(i\right)};$

Data analysiss person generates random number r ∈ [1,2^k- 1] and attack checking request chal={ r, c }；

D. cloud storage generation experimental evidence r:

Cloud storage calculates:

e_r=e^rmod n

And calculate output experimental evidence:

$r={\left(e_r\right)}^{\underset{t=1,j=1}{\overset{t=c,j=k}{\σ}}{m}_{t,j}h\left(m_{t,j}\right)f_t\left(j\right)f\left(t\right)}\mathrm{mod}n$

Then by the label information t of sub-block_iWith the experimental evidence r person that is sent to data analysiss；

E. data analysiss person carries out attacking and verifies:

Data analysiss person is by experimental evidence r, the public key pk of file to be detected, sub-block m_iLabel information t_iAnd checking request Chal, calculates:

$t=\underset{t=1}{\overset{c}{\π}}{t}_t^r\mathrm{mod}n$

N is the parameter in public key pk, t_iIt is the label of i-th data block, with t_tIt is a meaning, representative is t-th data block Label；

Wherein, t, 1≤t≤c is the data block number randomly drawed, t_t ^rIt is that any one data block uses the mark that random number r generates Label information；

Data analysiss person is the correct checking information of file generated to be detected:

R'=t^rmod n

Wherein, t^rIt is total label information of the data genaration extracting；Whether relatively equation r'=r sets up；

Verify whether correct checking information r' that the experimental evidence r data analyst being generated by cloud storage generates is equal, If r'=r illustrates that the measuring value in cloud storage is correctly stored, data analysiss person can download safely the measuring value of needs, so After carry out system mode analysis；Otherwise the measuring value in explanation cloud storage has been tampered or has deleted, and data analysiss person is permissible Require data acquisition person's Resurvey data.

3. a kind of intelligent grid load integrity attack detection method towards cloud storage according to claim 2, it is special Levying is, when the person that has data analysiss needs to carry out m integrality verification request simultaneously, then using the method for batch checking:

First, data analysiss person sends m checking request { chal } to cloud storage；Secondly, cloud storage receives checking and asks After asking, it is respectively each checking request and generates experimental evidence r_m, andFinally, data analysiss person generates checking letter Breath r'_m, andIntegrity further according to r' and r whether equal checking data.