CN106991536A - The black box detection method that one point data is attacked in power system - Google Patents
The black box detection method that one point data is attacked in power system Download PDFInfo
- Publication number
- CN106991536A CN106991536A CN201710226402.7A CN201710226402A CN106991536A CN 106991536 A CN106991536 A CN 106991536A CN 201710226402 A CN201710226402 A CN 201710226402A CN 106991536 A CN106991536 A CN 106991536A
- Authority
- CN
- China
- Prior art keywords
- function
- data
- codomain
- power system
- definition
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 10
- 238000000034 method Methods 0.000 claims description 26
- 238000012905 input function Methods 0.000 claims description 4
- 238000012360 testing method Methods 0.000 abstract description 4
- 235000000332 black box Nutrition 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000007812 deficiency Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
Landscapes
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Engineering & Computer Science (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- Entrepreneurship & Innovation (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Marketing (AREA)
- General Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Tourism & Hospitality (AREA)
- Educational Administration (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Game Theory and Decision Science (AREA)
- Development Economics (AREA)
- Public Health (AREA)
- Water Supply & Treatment (AREA)
- General Health & Medical Sciences (AREA)
- Primary Health Care (AREA)
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
The invention discloses the black box detection method that one point data in power system is attacked, only behavior of the detection individual data by malicious attack.Power system is the real-time system of a height interconnection, during actual attack detecting, it is impossible to provide related internal system program, only power system as a flight data recorder, using the relation of input and output, come test system whether normal operation.The present invention is made up of electric power system data input module, data division module, automatic identification module, judge module, output module.The detection method is by defining power system inputoutput data function, orderly numbering is carried out to the electric power system data collected, set up automatic identification function, using orderly data as each automatic identification function domain of definition, automatic running function program, the position of malicious attack point can be automatically identified by only needing the change of contrast function codomain.
Description
Technical field
The present invention relates to power system security field, the Black-box Testing that one point data is attacked in especially a kind of power system
Method.
Background technology
With the development of intelligent grid, what equipment room was communicated is continuously increased, what following power network was attacked by malicious data
Possibility can also increase.On December 23rd, 2015, Ukraine's power system is attacked, 7 110KV transformer station and 23
35KV transformer station breaks down, and current attack has triggered the great attention of China's power system.
Particular malicious Data attack causes the measured value changed not detected by the recognition methods based on state estimation
Come.Power system assumes that valid data is in normal distribution in prescribed limit, the residual error of object function and remote measurement into quadratic relationship,
When residual error exceeds specific factor standard deviation, bad data is identified as.Doctor Ning Peng proposes the evil of Power system state estimation
Meaning Data attack method, it is assumed that malicious data vector a is column vector H linear combination a=HC, such malicious data attack can
To break through the state estimation algorithm of power system in theory.
Power system is the real-time system of a height interconnection, during actual attack detecting, it is impossible to provide phase
The internal system program of pass, does not also allow intruding detection system to be installed in control system, and power system is only treated as one
Flight data recorder, using input with output relation, come test system whether normal operation.
Detecting for current power system one point data attack mainly uses the method based on state estimation, but these methods
It is verified that existing defects, by retrieving pertinent literature and patent, do not find that Black-box Testing is used for single-point attack detecting
Related invention content.
The content of the invention
It is an object of the invention to overcome the deficiencies in the prior art, a kind of simple and effective automatic knowledge is provided for power system
The method of other malicious data.
The present invention is the automatic recognition control method by malicious act in a power system, mainly by power system number
According to input module, data division module, automatic identification module, judge module, output module composition.What power system was produced one is
Column data is as input, and data are defeated by data division module, and data division module can assign each data number each
One defined location of data, ready-portioned data are regard as the respective domain of definition of each function according to the program set.From
Dynamic identification module can be according to the change of the operation result, i.e. function value of function, to determine the position of malicious attack point.Finally sentence
Whether disconnected module and feedback module return the result to input, complete the circulation of a control system, judge system by malice
Attack and the point of attack are specific wherein.
The advantage of this method is:It not only may determine that power system is subject to the attack of malicious data, and can know
Do not go out the particular location of the point of attack.Only need to carry out simple data division to the data collected from power system, it is automatic to know
Other function can precisely, quickly determine the position of Data attack.The time of automatic identification is shortened by the division of data, carried
The high efficiency differentiated;The division methods of data are simple and clear simultaneously, operation convenient to carry out;Function meter in automatic identification module
Calculate easy, be not susceptible to misjudgment, recognition correct rate is very high.Furthermore, this method can recognize linear Network Intrusion, and electric
Net information security detection field is now more using the state estimation algorithm for being applied to nonlinear algorithm, and this method compensate for traditional power network
The deficiency of information security detection field state estimation algorithm, has novelty in recognition methods.This method does not have to recognition function
Require, without self-defining, i.e., need not know power system internal structure, the data collected need to only be divided, belonged to
In black box detection.
First, power system inputoutput data function is defined
1)Power equipment input function is defined:Assuming that input hasIt is individual, be respectively, input function is, its domain of definition is。
2)Power equipment output function is defined:Assuming that output hasIt is individual, be respectively.Output function, its domain of definition is().
2nd, the automatic identifying method attacked single-point malicious data
Subscript of these numberings of all data numbers 1,2,3,4,5,6,7,8,9 ... as domain of function element is given, i.e.,Each data one functional element of correspondence collected from power system, and
Automatic numbering, has a defined location to correspond therewith.
SettingIndividual function program, and each first element in domain of function is。
Concrete condition is as follows:
Set functionDomain of definitionFirst element be, bit element is skipped, next bit element is chosen, skips one
Bit element, i.e. functionDomain of definitionFor。
Set functionDomain of definitionFirst element be, two bits element is skipped, lower two bits element is chosen, jumps
Cross two bits element, i.e. functionDomain of definitionFor。
Set functionDomain of definitionFirst element be, nibble element is skipped, lower nibble element is chosen, jumps
Cross nibble element, i.e. functionDomain of definitionFor。
Set functionDomain of definitionFirst element be, skipBit element, under selectionBit
Element, is skippedBit element, i.e. functionDomain of definitionFor。
When only functionCodomain when changing, it may be determined that the position of the point of attack just existsPlace;When only functionCodomain when changing, it may be determined that the position of the point of attack just existsPlace;When only functionCodomain when changing,
It can determine that the position of the point of attack just existsPlace, by that analogy, when only functionCodomain when changing, it may be determined that
The position of the point of attack just existsPlace.
When the codomain for having many places function changes, the position of the point of attack can also be accurately judged.Work as functionAnd letter
NumberCodomain when changing, it can be determined that go out the position attacked and existPlace;Work as functionAnd functionCodomain hair
During changing, it can be determined that go out the position attacked and existPlace;Work as function, function, functionCodomain change
When, it can be determined that go out the position attacked and existPlace, by that analogy, works as function, function, function... function's
When codomain changes, it can be determined that go out the position attacked and existPlace.Ought there is the codomain of many places function
When changing, the subscript of the position of malicious attack point is equal to the subscript sum for the function that codomain is changed.
Brief description of the drawings
Fig. 1 is the system construction drawing of the inventive method;
Fig. 2 is the automatic identification flow chart of the inventive method;
Fig. 3 is the domain of function division rule of the inventive method.
Embodiment
Fig. 1 is the system construction drawing of the inventive method.Shared 5 modules composition:Electric power system data input module, number
According to division module, automatic identification module, judge module, output module.Wherein data division module is by setting to the data of input
Fixed rule is divided, and each function is obtained respective domain of definition.The difference set is installed in automatic identification module
Function program, can carry out calculating verification, and obtain corresponding function value to ready-portioned electric power system data.Judge module
The accurate location of the point of attack can be gone out according to function value situation of change automatic decision.
Fig. 2 is the automatic identification flow chart of the inventive method, is comprised the following steps:
Step 1:Power system of data acquisition, gathers such as voltage, electric current, power, load, trend electric power system data;
Step 2:Automatic identification function is set up, is hadIndividual function;
Step 3:Using the data collected as the input of function, the domain of definition of function is set up, is that each function division is different
Domain of definition;
Step 4:Run automatic identification function program;
Step 5:Function operation result is recorded, function value is obtained;
Step 6:Compare the change of function value;
Step 7:If the codomain of function changes, judge module is automatically positioned the position of the point of attack, exports point of attack position,
Otherwise it is transferred to step 8;
Step 8:If the codomain of function does not change, output is not attacked.
Fig. 3 is the domain of function division rule of the inventive method.DefinitionIndividual function(), theIt is individual
First element of the domain of definition of function is exactlyIndividual data.FunctionChosen since the 1st data, skip 1 number
According to, then 1 data is selected, selected by this regular cycles;FunctionChosen since the 2nd data, skip 2 data, then select 2
Data, are selected by this regular cycles;FunctionChosen since the 4th data, skip 4 data, then select 4 data, by this
Regular cycles are selected;Function is arrived by that analogy, fromIndividual data start to choose, and skipIndividual data, then selectNumber
According to by the selection of this regular cycles.
Claims (4)
1. the black box detection method that one point data is attacked in power system, it is characterised in that methods described is walked comprising following three
Suddenly:1) power system of data acquisition method;2) method that data are divided;3) automatic identifying method.
2. power system of data acquisition method according to claim 1, it is characterised in that:1)Power equipment input function is determined
Justice:Assuming that input hasIt is individual, be respectively, input function is, its domain of definition
For;2)Power equipment output function is defined:Assuming that output hasIt is individual, be respectively;
Output function, its domain of definition is().
3. the method that data according to claim 2 are divided, it is characterised in that:Set functionDomain of definitionFirst
Individual element is, bit element is skipped, next bit element is chosen, bit element, i.e. function is skippedDomain of definitionFor;Set functionDomain of definitionFirst element be, two bits element is skipped, under selection
Two bits element, skips two bits element, i.e. functionDomain of definitionFor;Set function's
Domain of definitionFirst element be, nibble element is skipped, lower nibble element is chosen, skips nibble element, i.e. function's
Domain of definitionFor;Set functionDomain of definitionFirst element be, jump
CrossBit element, under selectionBit element, is skippedBit element, i.e. functionDomain of definitionFor。
4. Automatic implementation according to claim 3, it is characterised in that:When only functionCodomain change
When, it may be determined that the position of the point of attack just existsPlace;When only functionCodomain when changing, it may be determined that the point of attack
Position just existsPlace;When only functionCodomain when changing, it may be determined that the position of the point of attack just existsPlace, with such
Push away, when only functionCodomain when changing, it may be determined that the position of the point of attack just existsPlace;When there is many places function
Codomain when changing, can also accurately judge the position of the point of attack;Work as functionAnd functionCodomain change
When, it can be determined that go out the position attacked and existPlace;Work as functionAnd functionCodomain when changing, it can be determined that go out
The position attacked existsPlace;Work as function, function, functionCodomain when changing, it can be determined that go out to be attacked
The position hit existsPlace, by that analogy, works as function, function, function... functionCodomain when changing, can be with
Judge that the position attacked existsPlace;I.e. when the codomain for having many places function changes, malicious attack
The subscript of the position of point is equal to the subscript sum for the function that codomain is changed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710226402.7A CN106991536A (en) | 2017-04-09 | 2017-04-09 | The black box detection method that one point data is attacked in power system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710226402.7A CN106991536A (en) | 2017-04-09 | 2017-04-09 | The black box detection method that one point data is attacked in power system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106991536A true CN106991536A (en) | 2017-07-28 |
Family
ID=59416034
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710226402.7A Pending CN106991536A (en) | 2017-04-09 | 2017-04-09 | The black box detection method that one point data is attacked in power system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106991536A (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080104576A1 (en) * | 2006-10-23 | 2008-05-01 | Rauli Kaksonen | Method and arrangement for locating input domain boundaries |
CN105930723A (en) * | 2016-04-20 | 2016-09-07 | 福州大学 | Intrusion detection method based on feature selection |
-
2017
- 2017-04-09 CN CN201710226402.7A patent/CN106991536A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080104576A1 (en) * | 2006-10-23 | 2008-05-01 | Rauli Kaksonen | Method and arrangement for locating input domain boundaries |
CN105930723A (en) * | 2016-04-20 | 2016-09-07 | 福州大学 | Intrusion detection method based on feature selection |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang et al. | Dynamic data injection attack detection of cyber physical power systems with uncertainties | |
Mohanty et al. | A superimposed current based unit protection scheme for DC microgrid | |
Du et al. | A review on cybersecurity analysis, attack detection, and attack defense methods in cyber-physical power systems | |
CN108053128B (en) | Electric network transient stability rapid evaluation method based on ELM and TF | |
Shah et al. | Fault discrimination scheme for power transformer using random forest technique | |
Mohammadpourfard et al. | A statistical unsupervised method against false data injection attacks: A visualization-based approach | |
CN102331543B (en) | Support vector machine based fault electric arc detection method | |
Jiang et al. | Defense mechanisms against data injection attacks in smart grid networks | |
CN106505557B (en) | Remote measurement error identification method and device | |
Guo et al. | Online data validation for distribution operations against cybertampering | |
Anwar et al. | Ensuring data integrity of OPF module and energy database by detecting changes in power flow patterns in smart grids | |
CN107016236A (en) | Power network false data detection method for injection attack based on non-linear measurement equation | |
CN109298225B (en) | Automatic identification model system and method for abnormal state of voltage measurement data | |
Zhang et al. | A new identification approach of power system vulnerable lines based on weighed H-index | |
CN103389427B (en) | GIS equipment operational condition online test method and system | |
CN117310353B (en) | Method and system for testing through-flow pressurization faults of primary and secondary circuits of transformer substation | |
Xie | Analysis of fault of insulation aging of oiled paper of a large‐scale power transformer and the prediction of its service life | |
Chromik et al. | Context-aware local Intrusion Detection in SCADA systems: a testbed and two showcases | |
CN103324858A (en) | Three-phase load flow state estimation method of power distribution network | |
CN106126875A (en) | A kind of Transformer condition evaluation theoretical based on Situation Awareness | |
CN103400308A (en) | Online detection method and online detection system for running state of GIS (gas insulated switchgear) equipment | |
CN108548987A (en) | Active power distribution network Fault Locating Method based on current phase variation | |
CN102636706A (en) | Method for identifying branches with parameter errors in power grid | |
CN116886355B (en) | DDOS and false data injection collaborative attack optimization method of power system | |
CN103364669B (en) | GIS equipment operational condition online test method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170728 |