CN108599378A - A method of detection false data injection attack - Google Patents
A method of detection false data injection attack Download PDFInfo
- Publication number
- CN108599378A CN108599378A CN201810516749.XA CN201810516749A CN108599378A CN 108599378 A CN108599378 A CN 108599378A CN 201810516749 A CN201810516749 A CN 201810516749A CN 108599378 A CN108599378 A CN 108599378A
- Authority
- CN
- China
- Prior art keywords
- monitoring
- probability distribution
- false data
- absolute distance
- injection attack
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002347 injection Methods 0.000 title claims abstract description 33
- 239000007924 injection Substances 0.000 title claims abstract description 33
- 238000000034 method Methods 0.000 title claims abstract description 17
- 238000001514 detection method Methods 0.000 title claims abstract description 13
- 238000012544 monitoring process Methods 0.000 claims abstract description 25
- 238000005259 measurement Methods 0.000 claims abstract description 9
- 230000005540 biological transmission Effects 0.000 description 3
- 230000005611 electricity Effects 0.000 description 3
- 239000013307 optical fiber Substances 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004870 electrical engineering Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H02J13/0006—
-
- H02J13/0096—
Landscapes
- Remote Monitoring And Control Of Power-Distribution Networks (AREA)
Abstract
A method of detection false data injection attack existing in the prior art is difficult to detect false data injection attack for solving.The technical scheme adopted by the invention to solve the technical problem is that:A method of detection false data injection attack includes the following steps:(1) historical probabilities distribution is exported according to the historical data of measurement variation amount;(2) the monitoring probability distribution of measurement variation amount of the export in monitoring time section;(3) the absolute distance model between the historical data probability distribution and the monitoring probability distribution is set up;(4) the monitoring distance model according to step (3) monitors absolute distance in real time, if absolute distance becomes larger, illustrates have false data injection to be attacked.Advantageous effect is effectively can respectively to detect false data injection attack.
Description
Technical field
The present invention relates to electrical engineering technical field, specifically a kind of side of detection false data injection attack
Method.
Background technology
Accurate estimation POWER SYSTEM STATE is most important to power grid reliability service.Power scheduling control centre passes through long-range distant
Survey the monitoring that terminal completes the acquisition and production equipment of Field Production Data.The information of acquisition includes:On transmission line of electricity it is active,
Node voltage phase angle on idle and busbar and amplitude.Whether electric system is pacified by direct current or AC system state estimation
Full stable operation judges.Also including some since the precision of measuring apparatus is not enough drawn in the information that long-haul telemetry terminal is collected
Play random error.Weighted least-squares state estimate can identify these random errors.Instrument or telecommunications devious
Large error caused by failure can be found out by residual analysis method.
In recent years, safety of a kind of novel optical fiber attack method being referred to as false data injection attack to electric system
Operation threatens.It is attacked in face of optical fiber, the purposes of traditional weighted least-squares state estimate is smaller and smaller, because, it is empty
Optical fiber attack as false data injection attack can avoid the detection of traditional weighted least-squares state estimate.
It is difficult to detect false data injection attack so existing in the prior art.
Invention content
The purpose of the present invention is to provide a kind of methods of detection false data injection attack, for solving the prior art
Present in be difficult to detect false data injection attack.
The technical scheme adopted by the invention to solve the technical problem is that:
A method of detection false data injection attack includes the following steps:
(1) historical probabilities distribution is exported according to the historical data of measurement variation amount;
(2) the monitoring probability distribution of measurement variation amount of the export in monitoring time section;
(3) the absolute distance model between the historical data probability distribution and the monitoring probability distribution is set up;
(4) the monitoring distance model according to step (3) monitors absolute distance in real time, if absolute distance becomes larger,
Illustrate there is false data injection to be attacked.
Further, the absolute distance model is
Wherein, A (p | | q) is the absolute distance, and p is the monitoring probability distribution, and q is historical probabilities distribution, x
For system state estimation value vector.
Further, when exporting the historical probabilities distribution and the monitoring probability distribution, pass through long-haul telemetry
Terminal is acquired data.
The beneficial effects of the invention are as follows:The present invention is proposed by calculating the exhausted of probability distribution derived from two groups of measurands
It adjusts the distance, whether to find out electric system by false data injection attack.When containing false data in the data of acquisition, two
The absolute distance of probability distribution derived from group measurand will become larger.Deceptive information injection attack is found out in time, it as early as possible will be empty
False information is rejected from electric system gathered data, and the safe and stable operation of electric system is ensured based on this.Deceptive information is noted
Enter the safe operation that formula attack threatens power grid.The present invention by calculate and monitor two groups of data p and q probability distribution it is absolute away from
From, the absolute distance of measured value is smaller in electric system, when receiving deceptive information injection attack, the absolute distance of measured value
It can become larger.Based on this, we may be used institute's extracting method of the present invention and find out deceptive information injection attack in AC system,
It can be slightly modified applied to alternating current-direct current combined hybrid system by this method.
Description of the drawings
Fig. 1 is -39 node system figure of standard IEEE;
When Fig. 2 is not under attack, the absolute distance histogram of system data in November;
When Fig. 3 is under attack, the histogram of the absolute distance of system data in November;
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The every other embodiment that member is obtained without making creative work, shall fall within the protection scope of the present invention.
A method of detection false data injection attack includes the following steps:
(1) historical probabilities distribution is exported according to the historical data of measurement variation amount;
(2) the monitoring probability distribution of measurement variation amount of the export in monitoring time section;With standard shown in FIG. 1
For IEEE-39 node system figures, which includes 1 to 39, amounts to 5 nodes, each node respectively includes active and reactive
Totally 5 measured values, 39 nodes are 195 total for active and reactive power and node voltage amplitude on injecting power, transmission line
Measured value, monitoring probability distribution be generated using the distribution situation of the variable quantity of this 195 measured values acquired every time it is general
Rate is distributed.
(3) the absolute distance model between the historical data probability distribution and the monitoring probability distribution is set up;
(4) the monitoring distance model according to step (3) monitors absolute distance in real time, if absolute distance becomes larger,
Illustrate there is false data injection to be attacked.
Further, the absolute distance model is
Wherein, A (p | | q) is the absolute distance, and p is the monitoring probability distribution, and q is historical probabilities distribution, x
For system state estimation value vector.
Further, when exporting the historical probabilities distribution and the monitoring probability distribution, pass through long-haul telemetry
Terminal is acquired data.
The relationship between the state estimation of AC system and telemetering measured value is described by a nonlinear equation.
Z=h (x)+e (1)
Wherein, h () indicates that nonlinear equation, z are telemetering measured value vector, and x is system state estimation value vector.
When the desired state estimation for influencing AC system by injecting deceptive information of attacker, usually from two sides
Start in face:One is to manipulate certain system state variables;Another method is to manipulate certain measured values.
1) when target of attack is system state variables.
When node voltage phase angle (θ) and voltage magnitude (V) are tampered, all measured values based on the two quantity of states all will
It is affected.
For example, i-th node is active and idle:
It is active and idle on transmission line of electricity from node i to j:
Pij=Vi 2(gsi+gij)-ViVj(gijcosθij+bijsinθij)(4)
Qij=-Vi 2(bsi+bij)-ViVj(gijsinθij-bijcosθij)(5)
Wherein, ViFor the voltage of node i;θiFor the phase angle of node i;θijFor θi-θj;Gij+jBijThe line between node i and j
The admittance on road;gsi+jbsiEach branch of admittance for to(for) node i;ΩiSet for other nodes being connected with node i.
From formula (2)~(5) as can be seen that attacking a state variable, such as Vi, corresponding these measured values Pi, Qi, Pij
And Qij(wherein j ∈ Ωi) be also required to be modified.It is more to measure if attacker wants to change simultaneously multiple quantity of states
Value needs to be modified.For example, attacker wants modification node set k (wherein k ∈ Ua) in all node voltage Vk, then
All measured value P in this setk, Qk, PkjAnd Qkj(wherein k ∈ Ua,j∈Ωk) be also required to be modified.
2) when target of attack is specified measurement value.
A specific measured value in state estimation depends on system structure and at least two system variables.It changes specific
Measured value, attacker need change control targe measured value at least one state variable.It to be attacked by raw data detection
The person of hitting needs to change all measured values influenced by state variable.
In conclusion it is general can to calculate two groups by the way that absolute distance model is arranged by absolute distance model by the present invention
Absolute distance between rate distribution, can from the situation of change of absolute distance, whether there is or not false data injections detecting, to judge
Whether by false data injection attack.So the present invention can solve existing in the prior art to be difficult to detect falseness
The problem of data injection attack.
As shown in Figures 2 and 3, by taking November as an example, when not under attack, absolute distance from 0.1 to 0.6, by
When total, absolute distance is from 0.4 to 0.8, and when by attack, the minimum of absolute distance becomes larger, absolute distance
Maximum value also become larger.
So the absolute distance by calculating probability distribution derived from two groups of measurands that the present invention carries, to find out electricity
Whether Force system is by false data injection attack.When containing false data in the data of acquisition, two groups of measurands export
The absolute distance of probability distribution will become larger.Deceptive information injection attack is found out in time, as early as possible by deceptive information from power train
It is rejected in system gathered data, the safe and stable operation of electric system is ensured based on this.Deceptive information injection attack threatens
The safe operation of power grid.The present invention is by calculating and monitoring the absolute distances of two groups of data p and q probability distribution, in electric system
The absolute distance of measured value is smaller, and when receiving deceptive information injection attack, the absolute distance of measured value can become larger.It is based on
This, we may be used institute's extracting method of the present invention and find out deceptive information injection attack in AC system, also can be by this method
It is slightly modified to be applied to alternating current-direct current combined hybrid system.
Claims (3)
1. a kind of method of detection false data injection attack, characterized in that include the following steps:
(1) historical probabilities distribution is exported according to the historical data of measurement variation amount;
(2) the monitoring probability distribution of measurement variation amount of the export in monitoring time section;
(3) the absolute distance model between the historical data probability distribution and the monitoring probability distribution is set up;
(4) the monitoring distance model according to step (3) monitors absolute distance in real time, if absolute distance becomes larger, illustrates
There is false data injection to be attacked.
2. it is according to claim 1 it is a kind of detection false data injection attack method, characterized in that it is described absolutely away from
It is A (p | | q)=∑ from model | p (x)-q (x) |
Wherein, A (p | | q) is the absolute distance, and p is the monitoring probability distribution, and q is that the historical probabilities are distributed, and x is is
State estimation of uniting is vectorial.
3. a kind of method of detection false data injection attack according to claim 1, characterized in that described in export
When historical probabilities are distributed with the monitoring probability distribution, data are acquired by long-haul telemetry terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810516749.XA CN108599378A (en) | 2018-05-25 | 2018-05-25 | A method of detection false data injection attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810516749.XA CN108599378A (en) | 2018-05-25 | 2018-05-25 | A method of detection false data injection attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108599378A true CN108599378A (en) | 2018-09-28 |
Family
ID=63629743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810516749.XA Pending CN108599378A (en) | 2018-05-25 | 2018-05-25 | A method of detection false data injection attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108599378A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110930265A (en) * | 2019-12-12 | 2020-03-27 | 燕山大学 | Power system false data injection attack detection method based on moving distance to ground |
| CN112327632A (en) * | 2020-11-23 | 2021-02-05 | 哈尔滨理工大学 | Multi-agent system tracking control method for false data injection attack |
-
2018
- 2018-05-25 CN CN201810516749.XA patent/CN108599378A/en active Pending
Non-Patent Citations (1)
| Title |
|---|
| 邓美清: "无线传感器网络源位置隐私保护研究", 《中国优秀硕士学位论文全文数据库信息科技辑(月刊)》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110930265A (en) * | 2019-12-12 | 2020-03-27 | 燕山大学 | Power system false data injection attack detection method based on moving distance to ground |
| CN110930265B (en) * | 2019-12-12 | 2023-09-26 | 燕山大学 | Power system false data injection attack detection method based on ground displacement distance |
| CN112327632A (en) * | 2020-11-23 | 2021-02-05 | 哈尔滨理工大学 | Multi-agent system tracking control method for false data injection attack |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110930265B (en) | Power system false data injection attack detection method based on ground displacement distance | |
| CN106127047B (en) | A kind of electric system malicious data detection method based on Jensen-Shannon distance | |
| CN107016236A (en) | Power network false data detection method for injection attack based on non-linear measurement equation | |
| CN112383046B (en) | Voltage amplitude false data injection attack method for alternating current-direct current series-parallel system | |
| CN109284938A (en) | A kind of comprehensive estimation method and device of power cable line state | |
| CN107155353A (en) | The diagnostic device of motor | |
| CN105021953A (en) | A transformer substation grounding grid corrosion detection system and method based on earth's surface magnetic induction intensity | |
| CN108599378A (en) | A method of detection false data injection attack | |
| CN106501673B (en) | A kind of normal harmonic wave method of discrimination based on transmission line of electricity hidden danger electric discharge measured current traveling wave | |
| CN107132455B (en) | A kind of grounding net of transformer substation performance estimating method based on ground line current injection | |
| BR112019027931A2 (en) | lightning detection and measurement system and method for detecting the location of lightning strikes in a wind turbine blade | |
| CN112636323B (en) | Defense strategy optimization method for cooperative attack of alternating current-direct current system | |
| CN107525996A (en) | A kind of series compensation device voltage limiter On-line Monitoring of Leakage Current method and system | |
| CN114938287B (en) | Power network abnormal behavior detection method and device integrating service characteristics | |
| CN106124950A (en) | High voltage electric transmission cable on-line measuring device | |
| CN106096161A (en) | Power transmission line power frequency induced voltage and the emulated computation method of electric current | |
| CN104537581A (en) | Method for positioning temporary voltage drop source on line by adopting fuzzy similarity match | |
| CN108008195B (en) | A kind of powerline pole tower ground resistance monitoring system and its application method | |
| CN104121945A (en) | Distributed sag online monitoring system and method for optical fiber composite overhead ground wire | |
| CN110826888A (en) | Data integrity attack detection method in power system dynamic state estimation | |
| CN208297613U (en) | Grounding measurement device and grounding wire detection system | |
| CN109901022A (en) | Power distribution network area positioning method based on synchronous measure data | |
| CN109149563A (en) | Method for determining stray current value in alternating current power grid | |
| CN105914738A (en) | Power distribution network bad data detection and identification method based on uncertainty of measurement | |
| CN106546926B (en) | A kind of lithium battery group SOC measuring method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180928 |
|
| RJ01 | Rejection of invention patent application after publication |