CN106991536A - The black box detection method that one point data is attacked in power system - Google Patents

The black box detection method that one point data is attacked in power system Download PDF

Info

Publication number
CN106991536A
CN106991536A CN201710226402.7A CN201710226402A CN106991536A CN 106991536 A CN106991536 A CN 106991536A CN 201710226402 A CN201710226402 A CN 201710226402A CN 106991536 A CN106991536 A CN 106991536A
Authority
CN
China
Prior art keywords
function
data
codomain
power system
definition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710226402.7A
Other languages
Chinese (zh)
Inventor
王勇
张璧鸣
刘蔚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Yunjian Information Technology Co Ltd
Original Assignee
Shanghai Yunjian Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Yunjian Information Technology Co Ltd filed Critical Shanghai Yunjian Information Technology Co Ltd
Priority to CN201710226402.7A priority Critical patent/CN106991536A/en
Publication of CN106991536A publication Critical patent/CN106991536A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/06Energy or water supply

Landscapes

  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Engineering & Computer Science (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Marketing (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Educational Administration (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Development Economics (AREA)
  • Public Health (AREA)
  • Water Supply & Treatment (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Remote Monitoring And Control Of Power-Distribution Networks (AREA)

Abstract

The invention discloses the black box detection method that one point data in power system is attacked, only behavior of the detection individual data by malicious attack.Power system is the real-time system of a height interconnection, during actual attack detecting, it is impossible to provide related internal system program, only power system as a flight data recorder, using the relation of input and output, come test system whether normal operation.The present invention is made up of electric power system data input module, data division module, automatic identification module, judge module, output module.The detection method is by defining power system inputoutput data function, orderly numbering is carried out to the electric power system data collected, set up automatic identification function, using orderly data as each automatic identification function domain of definition, automatic running function program, the position of malicious attack point can be automatically identified by only needing the change of contrast function codomain.

Description

The black box detection method that one point data is attacked in power system
Technical field
The present invention relates to power system security field, the Black-box Testing that one point data is attacked in especially a kind of power system Method.
Background technology
With the development of intelligent grid, what equipment room was communicated is continuously increased, what following power network was attacked by malicious data Possibility can also increase.On December 23rd, 2015, Ukraine's power system is attacked, 7 110KV transformer station and 23 35KV transformer station breaks down, and current attack has triggered the great attention of China's power system.
Particular malicious Data attack causes the measured value changed not detected by the recognition methods based on state estimation Come.Power system assumes that valid data is in normal distribution in prescribed limit, the residual error of object function and remote measurement into quadratic relationship, When residual error exceeds specific factor standard deviation, bad data is identified as.Doctor Ning Peng proposes the evil of Power system state estimation Meaning Data attack method, it is assumed that malicious data vector a is column vector H linear combination a=HC, such malicious data attack can To break through the state estimation algorithm of power system in theory.
Power system is the real-time system of a height interconnection, during actual attack detecting, it is impossible to provide phase The internal system program of pass, does not also allow intruding detection system to be installed in control system, and power system is only treated as one Flight data recorder, using input with output relation, come test system whether normal operation.
Detecting for current power system one point data attack mainly uses the method based on state estimation, but these methods It is verified that existing defects, by retrieving pertinent literature and patent, do not find that Black-box Testing is used for single-point attack detecting Related invention content.
The content of the invention
It is an object of the invention to overcome the deficiencies in the prior art, a kind of simple and effective automatic knowledge is provided for power system The method of other malicious data.
The present invention is the automatic recognition control method by malicious act in a power system, mainly by power system number According to input module, data division module, automatic identification module, judge module, output module composition.What power system was produced one is Column data is as input, and data are defeated by data division module, and data division module can assign each data number each One defined location of data, ready-portioned data are regard as the respective domain of definition of each function according to the program set.From Dynamic identification module can be according to the change of the operation result, i.e. function value of function, to determine the position of malicious attack point.Finally sentence Whether disconnected module and feedback module return the result to input, complete the circulation of a control system, judge system by malice Attack and the point of attack are specific wherein.
The advantage of this method is:It not only may determine that power system is subject to the attack of malicious data, and can know Do not go out the particular location of the point of attack.Only need to carry out simple data division to the data collected from power system, it is automatic to know Other function can precisely, quickly determine the position of Data attack.The time of automatic identification is shortened by the division of data, carried The high efficiency differentiated;The division methods of data are simple and clear simultaneously, operation convenient to carry out;Function meter in automatic identification module Calculate easy, be not susceptible to misjudgment, recognition correct rate is very high.Furthermore, this method can recognize linear Network Intrusion, and electric Net information security detection field is now more using the state estimation algorithm for being applied to nonlinear algorithm, and this method compensate for traditional power network The deficiency of information security detection field state estimation algorithm, has novelty in recognition methods.This method does not have to recognition function Require, without self-defining, i.e., need not know power system internal structure, the data collected need to only be divided, belonged to In black box detection.
First, power system inputoutput data function is defined
1)Power equipment input function is defined:Assuming that input hasIt is individual, be respectively, input function is, its domain of definition is
2)Power equipment output function is defined:Assuming that output hasIt is individual, be respectively.Output function, its domain of definition is).
2nd, the automatic identifying method attacked single-point malicious data
Subscript of these numberings of all data numbers 1,2,3,4,5,6,7,8,9 ... as domain of function element is given, i.e.,Each data one functional element of correspondence collected from power system, and Automatic numbering, has a defined location to correspond therewith.
SettingIndividual function program, and each first element in domain of function is
Concrete condition is as follows:
Set functionDomain of definitionFirst element be, bit element is skipped, next bit element is chosen, skips one Bit element, i.e. functionDomain of definitionFor
Set functionDomain of definitionFirst element be, two bits element is skipped, lower two bits element is chosen, jumps Cross two bits element, i.e. functionDomain of definitionFor
Set functionDomain of definitionFirst element be, nibble element is skipped, lower nibble element is chosen, jumps Cross nibble element, i.e. functionDomain of definitionFor
Set functionDomain of definitionFirst element be, skipBit element, under selectionBit Element, is skippedBit element, i.e. functionDomain of definitionFor
When only functionCodomain when changing, it may be determined that the position of the point of attack just existsPlace;When only functionCodomain when changing, it may be determined that the position of the point of attack just existsPlace;When only functionCodomain when changing, It can determine that the position of the point of attack just existsPlace, by that analogy, when only functionCodomain when changing, it may be determined that The position of the point of attack just existsPlace.
When the codomain for having many places function changes, the position of the point of attack can also be accurately judged.Work as functionAnd letter NumberCodomain when changing, it can be determined that go out the position attacked and existPlace;Work as functionAnd functionCodomain hair During changing, it can be determined that go out the position attacked and existPlace;Work as function, function, functionCodomain change When, it can be determined that go out the position attacked and existPlace, by that analogy, works as function, function, function... function's When codomain changes, it can be determined that go out the position attacked and existPlace.Ought there is the codomain of many places function When changing, the subscript of the position of malicious attack point is equal to the subscript sum for the function that codomain is changed.
Brief description of the drawings
Fig. 1 is the system construction drawing of the inventive method;
Fig. 2 is the automatic identification flow chart of the inventive method;
Fig. 3 is the domain of function division rule of the inventive method.
Embodiment
Fig. 1 is the system construction drawing of the inventive method.Shared 5 modules composition:Electric power system data input module, number According to division module, automatic identification module, judge module, output module.Wherein data division module is by setting to the data of input Fixed rule is divided, and each function is obtained respective domain of definition.The difference set is installed in automatic identification module Function program, can carry out calculating verification, and obtain corresponding function value to ready-portioned electric power system data.Judge module The accurate location of the point of attack can be gone out according to function value situation of change automatic decision.
Fig. 2 is the automatic identification flow chart of the inventive method, is comprised the following steps:
Step 1:Power system of data acquisition, gathers such as voltage, electric current, power, load, trend electric power system data;
Step 2:Automatic identification function is set up, is hadIndividual function;
Step 3:Using the data collected as the input of function, the domain of definition of function is set up, is that each function division is different Domain of definition;
Step 4:Run automatic identification function program;
Step 5:Function operation result is recorded, function value is obtained;
Step 6:Compare the change of function value;
Step 7:If the codomain of function changes, judge module is automatically positioned the position of the point of attack, exports point of attack position, Otherwise it is transferred to step 8;
Step 8:If the codomain of function does not change, output is not attacked.
Fig. 3 is the domain of function division rule of the inventive method.DefinitionIndividual function(), theIt is individual First element of the domain of definition of function is exactlyIndividual data.FunctionChosen since the 1st data, skip 1 number According to, then 1 data is selected, selected by this regular cycles;FunctionChosen since the 2nd data, skip 2 data, then select 2 Data, are selected by this regular cycles;FunctionChosen since the 4th data, skip 4 data, then select 4 data, by this Regular cycles are selected;Function is arrived by that analogy, fromIndividual data start to choose, and skipIndividual data, then selectNumber According to by the selection of this regular cycles.

Claims (4)

1. the black box detection method that one point data is attacked in power system, it is characterised in that methods described is walked comprising following three Suddenly:1) power system of data acquisition method;2) method that data are divided;3) automatic identifying method.
2. power system of data acquisition method according to claim 1, it is characterised in that:1)Power equipment input function is determined Justice:Assuming that input hasIt is individual, be respectively, input function is, its domain of definition For;2)Power equipment output function is defined:Assuming that output hasIt is individual, be respectively; Output function, its domain of definition is).
3. the method that data according to claim 2 are divided, it is characterised in that:Set functionDomain of definitionFirst Individual element is, bit element is skipped, next bit element is chosen, bit element, i.e. function is skippedDomain of definitionFor;Set functionDomain of definitionFirst element be, two bits element is skipped, under selection Two bits element, skips two bits element, i.e. functionDomain of definitionFor;Set function's Domain of definitionFirst element be, nibble element is skipped, lower nibble element is chosen, skips nibble element, i.e. function's Domain of definitionFor;Set functionDomain of definitionFirst element be, jump CrossBit element, under selectionBit element, is skippedBit element, i.e. functionDomain of definitionFor
4. Automatic implementation according to claim 3, it is characterised in that:When only functionCodomain change When, it may be determined that the position of the point of attack just existsPlace;When only functionCodomain when changing, it may be determined that the point of attack Position just existsPlace;When only functionCodomain when changing, it may be determined that the position of the point of attack just existsPlace, with such Push away, when only functionCodomain when changing, it may be determined that the position of the point of attack just existsPlace;When there is many places function Codomain when changing, can also accurately judge the position of the point of attack;Work as functionAnd functionCodomain change When, it can be determined that go out the position attacked and existPlace;Work as functionAnd functionCodomain when changing, it can be determined that go out The position attacked existsPlace;Work as function, function, functionCodomain when changing, it can be determined that go out to be attacked The position hit existsPlace, by that analogy, works as function, function, function... functionCodomain when changing, can be with Judge that the position attacked existsPlace;I.e. when the codomain for having many places function changes, malicious attack The subscript of the position of point is equal to the subscript sum for the function that codomain is changed.
CN201710226402.7A 2017-04-09 2017-04-09 The black box detection method that one point data is attacked in power system Pending CN106991536A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710226402.7A CN106991536A (en) 2017-04-09 2017-04-09 The black box detection method that one point data is attacked in power system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710226402.7A CN106991536A (en) 2017-04-09 2017-04-09 The black box detection method that one point data is attacked in power system

Publications (1)

Publication Number Publication Date
CN106991536A true CN106991536A (en) 2017-07-28

Family

ID=59416034

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710226402.7A Pending CN106991536A (en) 2017-04-09 2017-04-09 The black box detection method that one point data is attacked in power system

Country Status (1)

Country Link
CN (1) CN106991536A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080104576A1 (en) * 2006-10-23 2008-05-01 Rauli Kaksonen Method and arrangement for locating input domain boundaries
CN105930723A (en) * 2016-04-20 2016-09-07 福州大学 Intrusion detection method based on feature selection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080104576A1 (en) * 2006-10-23 2008-05-01 Rauli Kaksonen Method and arrangement for locating input domain boundaries
CN105930723A (en) * 2016-04-20 2016-09-07 福州大学 Intrusion detection method based on feature selection

Similar Documents

Publication Publication Date Title
Wang et al. Dynamic data injection attack detection of cyber physical power systems with uncertainties
Mohanty et al. A superimposed current based unit protection scheme for DC microgrid
Du et al. A review on cybersecurity analysis, attack detection, and attack defense methods in cyber-physical power systems
CN108053128B (en) Electric network transient stability rapid evaluation method based on ELM and TF
Shah et al. Fault discrimination scheme for power transformer using random forest technique
Mohammadpourfard et al. A statistical unsupervised method against false data injection attacks: A visualization-based approach
CN102331543B (en) Support vector machine based fault electric arc detection method
Jiang et al. Defense mechanisms against data injection attacks in smart grid networks
CN106505557B (en) Remote measurement error identification method and device
Guo et al. Online data validation for distribution operations against cybertampering
Anwar et al. Ensuring data integrity of OPF module and energy database by detecting changes in power flow patterns in smart grids
CN107016236A (en) Power network false data detection method for injection attack based on non-linear measurement equation
CN109298225B (en) Automatic identification model system and method for abnormal state of voltage measurement data
Zhang et al. A new identification approach of power system vulnerable lines based on weighed H-index
CN103389427B (en) GIS equipment operational condition online test method and system
CN117310353B (en) Method and system for testing through-flow pressurization faults of primary and secondary circuits of transformer substation
Xie Analysis of fault of insulation aging of oiled paper of a large‐scale power transformer and the prediction of its service life
Chromik et al. Context-aware local Intrusion Detection in SCADA systems: a testbed and two showcases
CN103324858A (en) Three-phase load flow state estimation method of power distribution network
CN106126875A (en) A kind of Transformer condition evaluation theoretical based on Situation Awareness
CN103400308A (en) Online detection method and online detection system for running state of GIS (gas insulated switchgear) equipment
CN108548987A (en) Active power distribution network Fault Locating Method based on current phase variation
CN102636706A (en) Method for identifying branches with parameter errors in power grid
CN116886355B (en) DDOS and false data injection collaborative attack optimization method of power system
CN103364669B (en) GIS equipment operational condition online test method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170728