CN110995761B - Method and device for detecting false data injection attack and readable storage medium - Google Patents

Method and device for detecting false data injection attack and readable storage medium Download PDF

Info

Publication number
CN110995761B
CN110995761B CN201911346152.6A CN201911346152A CN110995761B CN 110995761 B CN110995761 B CN 110995761B CN 201911346152 A CN201911346152 A CN 201911346152A CN 110995761 B CN110995761 B CN 110995761B
Authority
CN
China
Prior art keywords
value
data
local
layer
threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911346152.6A
Other languages
Chinese (zh)
Other versions
CN110995761A (en
Inventor
夏卓群
龙高航
尹波
王进
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha University of Science and Technology
Original Assignee
Changsha University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha University of Science and Technology filed Critical Changsha University of Science and Technology
Priority to CN201911346152.6A priority Critical patent/CN110995761B/en
Publication of CN110995761A publication Critical patent/CN110995761A/en
Application granted granted Critical
Publication of CN110995761B publication Critical patent/CN110995761B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J13/00Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the network; Circuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
    • HELECTRICITY
    • H02GENERATION; CONVERSION OR DISTRIBUTION OF ELECTRIC POWER
    • H02JCIRCUIT ARRANGEMENTS OR SYSTEMS FOR SUPPLYING OR DISTRIBUTING ELECTRIC POWER; SYSTEMS FOR STORING ELECTRIC ENERGY
    • H02J3/00Circuit arrangements for ac mains or ac distribution networks
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02EREDUCTION OF GREENHOUSE GAS [GHG] EMISSIONS, RELATED TO ENERGY GENERATION, TRANSMISSION OR DISTRIBUTION
    • Y02E60/00Enabling technologies; Technologies with a potential or indirect contribution to GHG emissions mitigation

Abstract

The application discloses a method and a device for detecting false data injection attack and a computer readable storage medium. The method is applied to a three-layer smart grid framework consisting of a PMU layer, a local aggregation layer and a control layer, wherein the local aggregation layer trains a plurality of fuzzy neural network models which are used for detecting false data in aggregated data of a local aggregator and are independent of each other in advance; inputting the received measurement data and the estimated state value sent by each local aggregator into a corresponding fuzzy neural network model to obtain the false data information of each local aggregator; if the false data value of at least one target local aggregator is larger than the threshold value, judging that the bus is attacked by false data injection; and the local aggregator aggregates the measurement data collected by the PMU in the corresponding region, performs state estimation to obtain an estimated state value, and sends data to the control layer after the identity validity verification request passes. The method and the device can effectively prevent false data from being injected into and attacking the power grid, and ensure the communication safety of the power grid.

Description

Method and device for detecting false data injection attack and readable storage medium
Technical Field
The present application relates to the field of power grid security technologies, and in particular, to a method and an apparatus for detecting a false data injection attack, and a computer-readable storage medium.
Background
In a distributed SE (state estimation) system, a state estimator executes SE on each branch, bus, in a distributed manner. Distributed SE systems support high R/X (resistance/reactance) ratios, low practical measurement availability, better scalability and minimized complexity. When applied to a High Voltage Direct Current (HVDC) system, distributed SE achieves better performance than centralized SE in a smart grid, and the centralized SE system occupies high computational overhead and high complexity burden of a control center.
Based on the advantages of distributed SE, the prior art adopts a three-layer smart grid framework, which includes a PMU layer, a local aggregation layer, and a control layer, where the PMU layer includes a plurality of PMUs (phasor units), and the local aggregation layer includes a plurality of local aggregators. This approach, while reducing the computational overhead of a CC (Control Center), also brings security vulnerabilities. For example, in current centralized power systems, it is easier to devote energy and resources to ensure the security of the CC; thus, a CC is typically considered a fully trusted party. It is not practical to have all decentralized local aggregators in a hierarchical framework ensure the same trust level with the CC. In particular, an attacker can intrude into an information physical system using a vulnerability of a wireless network, thereby causing a huge damage of the physical system, such as FDIA (False data injection attack), which is considered one of the most threatening cyber physical attacks of a smart grid due to tampering with a measurement value from a grid sensor or an RTU (Remote Terminal Unit).
In order to improve the security of the power grid and reduce the probability of the power grid being invaded, the method based on the residual error detection in the related art can detect the false data by determining whether the real-time measurement data meets the distribution of the historical measurement data. But an attacker can use measurement data that fits the previous historical data distribution and will disable the detection method. The latter can realize the detection of the false data though learning the characteristics of the false data through a machine learning algorithm. However, this is a centralized detection scheme implemented in the control center, and requires a large amount of computing resources of the control center. Furthermore, the related art may also be used for protection-based defense methods against false data injection attacks, which protect against FDIA by protecting the unique PMU. However, there are the following problems: first, only certain PMU measurements are reliable in this approach. Secondly, if an attacker attacks a specific PMU and modifies its measurement values, the PMU in the protection method may be in a dangerous state, and the state estimation may bear a great risk, and still false data injection attacks cannot be effectively resisted, and the security of the grid communication is poor.
In view of this, how to effectively resist false data injection to attack the power grid and ensure the communication security of the power grid on the basis of not occupying a large amount of computing resources of the control center is a problem to be solved by those skilled in the art.
Disclosure of Invention
The application provides a method and a device for detecting false data injection attack and a computer readable storage medium, which can effectively resist the false data injection attack on a power grid on the basis of not occupying a large amount of computing resources of a control center and ensure the communication safety of the power grid.
In order to solve the above technical problems, embodiments of the present invention provide the following technical solutions:
the embodiment of the invention provides a method for detecting false data injection attack on one hand, which is applied to a three-layer smart grid framework consisting of a PMU layer, a local aggregation layer and a control layer and is suitable for the local aggregation layer, and the method comprises the following steps:
pre-training a plurality of fuzzy neural network models which are used for detecting false data in the aggregated data of the local aggregator and are independent of each other; the fuzzy measurement of the fuzzy neural network model is a trust value, an error level value and a similarity level value between an estimated measurement value and a real measurement value of a bus and a synchronous phasor measurement unit;
inputting the measured data and the estimated state value sent by each local aggregator into a corresponding fuzzy neural network model to obtain the false data information of each local aggregator;
if the false data value of at least one target local aggregator is larger than a preset threshold, judging that a bus related to the target aggregator is attacked by false data injection;
each local aggregator aggregates measurement data collected by the synchrophasor measurement units in corresponding areas, performs state estimation according to the measurement data to obtain an estimated state value, and sends corresponding measurement data and the state estimation value to the control layer after an identity validity verification request carrying identification information, a secret key and a session sharing secret value is verified by the control layer.
Optionally, after the identity validity verification request carrying the identification information, the secret key, and the session shared secret value is verified by the control layer, sending corresponding measurement data and a state estimation value to the control layer includes:
each local aggregator registers in the control layer in advance, and obtains identification information and a key distributed by the control layer at the same time, and the identification information and the key are shared by the control layer and the corresponding local aggregator;
the current local aggregator sends an identity validity verification request carrying identification information and a secret key of the local aggregator to the controller;
after receiving a session shared secret value request sent by the control layer, the current local aggregator sends a session shared secret value to the control layer;
and when the control layer verifies that the session sharing secret value is true, sending corresponding measurement data and a state estimation value to the control layer.
Optionally, the key is generated by elliptic curve cryptography; and the session sharing secret value is any one of a group of session sharing secret values pre-assigned to the current local aggregator.
Optionally, the aggregating, by each local aggregator, measurement data collected by the synchrophasor measurement unit in the corresponding region includes:
dividing the PMU layer into a plurality of regions by using a weighted quadtree in advance, distributing edge nodes into the regions, collecting measurement values from a bus and a generator by using a local aggregator arranged in each region, determining the maximum capacity value of each region according to the power value of the generator and/or load of the corresponding region,
each local aggregator collects measurement data of the load, generator and edge nodes of the corresponding area.
Optionally, the local aggregator performs state estimation according to the measurement data by using a self-adaptive particle swarm optimization algorithm to obtain the estimated state value.
Optionally, a trust threshold, an error level threshold and a similarity level threshold are preset, and the recognition results output by the fuzzy neural network model are normal data, false data and suspicious data;
if the trust value input into the fuzzy neural network model is smaller than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is smaller than the similarity level threshold, the output identification result is false data;
if the input trust value of the fuzzy neural network model is larger than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is smaller than the similarity level threshold, the output identification result is normal data;
if the input trust value of the fuzzy neural network model is smaller than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is larger than the similarity level threshold, the output identification result is normal data;
if the input trust value of the fuzzy neural network model is larger than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is larger than the similarity level threshold, the output identification result is normal data;
if the trust value input into the fuzzy neural network model is smaller than the trust threshold, the error level value is larger than the error level threshold and the similarity level value is smaller than the similarity level threshold, the output identification result is false data;
if the input trust value of the fuzzy neural network model is greater than the trust threshold, the error level value is greater than the error level threshold and the similarity level value is less than the similarity level threshold, the output identification result is false data;
if the trust value input into the fuzzy neural network model is smaller than the trust threshold, the error level value is larger than the error level threshold and the similarity level value is larger than the similarity level threshold, the output identification result is false data;
and if the input trust value of the fuzzy neural network model is greater than the trust threshold, the error level value is greater than the error level threshold and the similarity level value is greater than the similarity level threshold, outputting the identification result as suspicious data.
Optionally, the PMU layer and the local aggregation layer use wireless communication, and encrypt data to be transmitted by using an encryption algorithm, and then transmit the data.
Another aspect of the embodiments of the present invention provides a device for detecting a false data injection attack, which is applied to a three-layer smart grid framework composed of a PMU layer, a local aggregation layer, and a control layer, and is applicable to the local aggregation layer, where the local aggregation layer includes:
the model training module is used for training a plurality of fuzzy neural network models which are used for detecting false data in the aggregated data of the local aggregator and are independent of each other in advance; the fuzzy measurement of the fuzzy neural network model is a trust value, an error level value and a similarity level value between an estimated measurement value and a real measurement value of a bus and a synchronous phasor measurement unit;
the state identification module is used for inputting the measured data and the estimated state value sent by each local aggregator into the corresponding fuzzy neural network model to obtain the false data information of each local aggregator; wherein, each local aggregator aggregates the measurement data collected by the synchrophasor measurement unit of the corresponding region, and performs state estimation according to the measurement data to obtain an estimated state value,
the rule identification module is used for judging that a bus related to the target aggregator is attacked by the injection of the false data if the false data value of at least one target local aggregator is larger than a preset threshold;
and the identity authentication module is used for sending corresponding measurement data and state estimation values to the control layer after the identity validity authentication request carrying the identification information, the secret key and the session sharing secret value is authenticated by the control layer.
An embodiment of the present invention further provides an apparatus for detecting a spurious data injection attack, including a processor, where the processor is configured to implement the steps of the method for detecting a spurious data injection attack as described in any one of the foregoing when executing a computer program stored in a memory.
Finally, an embodiment of the present invention provides a computer-readable storage medium, where a program for detecting a dummy data injection attack is stored on the computer-readable storage medium, and when the program for detecting a dummy data injection attack is executed by a processor, the steps of the method for detecting a dummy data injection attack are implemented as in any of the previous embodiments.
The technical scheme provided by the application has the advantages that the fuzzy neural network and the physical rule are combined to detect whether the power grid is subjected to false data injection attack or not, the false data injection attack of a plurality of bus nodes in the smart power grid can be effectively detected, the information processing process is simple, the virtual data injection attack can be efficiently, timely and accurately detected, the data communication safety of a PMU layer and a local aggregation layer can be ensured, and the data authenticity in the PMU layer is protected; in addition, identity validity verification is carried out when the local aggregation layer aggregation data are reported to the control layer, an attacker with an effective address can impersonate the local aggregation layer to realize infringement and attack, the safety of a power grid is further ensured, the authentication process is a lightweight method, the cost is low, and a large amount of computing resources of a control center are not occupied.
In addition, the embodiment of the invention also provides a corresponding implementation device and a computer readable storage medium for the method for detecting the false data injection attack, so that the method has higher practicability, and the device and the computer readable storage medium have corresponding advantages.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the related art, the drawings required to be used in the description of the embodiments or the related art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for detecting a spurious data injection attack according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a power grid layered framework according to an embodiment of the present invention;
fig. 3 is a structural diagram of an embodiment of an apparatus for detecting a dummy data injection attack according to an embodiment of the present invention;
fig. 4 is a block diagram of another specific embodiment of the apparatus for detecting a dummy data injection attack according to the embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the disclosure, the invention will be described in further detail with reference to the accompanying drawings and specific embodiments. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," "fourth," and the like in the description and claims of this application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "comprising" and "having," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements but may include other steps or elements not expressly listed.
Having described the technical solutions of the embodiments of the present invention, various non-limiting embodiments of the present application are described in detail below.
Referring to fig. 1, fig. 1 is a schematic flow diagram of a method for detecting a false data injection attack according to an embodiment of the present invention, where the method is applied to a three-layer smart grid framework including a PMU layer, a local aggregation layer, and a control layer, and since the local aggregation layer has a certain computation capability, the method uses the local aggregation layer to detect the false data injection attack, that is, the embodiment of the present invention is applicable to the local aggregation layer, the local aggregation layer includes a plurality of local aggregators LA and a control server CS, as shown in fig. 2, a PDC in fig. 2 is used to represent aggregated data of the local aggregators, and the following steps are executed by the control server, where the embodiment of the present invention may include the following steps:
s101: a plurality of fuzzy neural network models for detecting spurious data in the aggregated data of the local aggregator and independent of each other are trained in advance.
It can be understood that the fuzzy neural network is widely used due to its dual advantages of the fuzzy logic system and the neural network and its fast convergence speed. But it does not process and describe the fuzzy information, does not make good use of the existing empirical knowledge, especially the learning process has the characteristics of a black box, the work of which is not interpretable, and the requirements for the sample are high. The fuzzy system is just as applicable to neural networks because it is rule based. In a power grid, the variables of the information physical fusion system can be combined with a fuzzy system to form fuzzy measurement, so that the neural network is well combined, and more accurate identification and detection capability is realized. The fuzzy measurement of the fuzzy neural network model in the present application can be the trust value of the bus and the synchronous phasor measurement unit
Figure BDA0002333415120000071
Estimating the value of the level of error between the measured value and the true measured value
Figure BDA0002333415120000072
Estimating a level of similarity between a measurement and a true measurement
Figure BDA0002333415120000073
The error level value and the similarity level value can be provided by a local aggregator, and the trust values of the bus and the synchronous phasor measurement unit can be evaluated by a control server of a local aggregation layer according to the current actual application scenario. The fuzzy metric can be used as input of a fuzzy neural network, a fuzzy rule is applied to a hidden layer, and the fuzzy neural network outputs a recognition result which can be normal data, false data and suspicious data.
S102: and inputting the measured data and the estimated state value sent by each local aggregator into the corresponding fuzzy neural network model to obtain the false data information of each local aggregator.
In the application, each local aggregator aggregates the measurement data acquired by the synchrophasor measurement unit in the corresponding region, and performs state estimation according to the measurement data to obtain an estimated state value. The measured data and the estimated state value are reported to the control layer, and need to be sent to the control server of the layer for false data attack detection. The local aggregator sends corresponding measurement data and state estimation values to the control layer only after the identity validity verification request carrying the identification information, the secret key and the session shared secret value is verified by the control layer, and of course, the local aggregator can also report the similarity level and error level of the measurement data and the state estimation values to the control layer.
The control server will perform the dummy data recognition when receiving the measurement data of the local controller. In order to improve the identification efficiency of the false data, the method is implemented by adopting two steps of S102 and S103, wherein S102 can be a state identification layer, and S103 can be a rule identification layer. The state recognition layer performs detection FDIA by a plurality of independent child nodes. The target FDIA with the constraint condition only affects the target state variable in the direct current state estimation, and in the alternating current state estimation, the FDIA attack not only affects the target state variable but also has irrelevant state variables. Therefore, it is difficult for one classifier to handle the complex case where a plurality of FDIAs exist simultaneously. In the present application, a child node in the ac state estimation can be used to process an FDIA, that is, a fuzzy neural network model processes data gathered by a local aggregator. Meanwhile, for the power system with a large number of buses, the number of fuzzy neural network models is increased, and then the detection of the FDIA is completed by using the bus of the rule recognition layer to execute the recognition task attack.
S103: and if the spurious data value of at least one target local aggregator is larger than a preset threshold, judging that the bus related to the target aggregator is attacked by the spurious data injection.
S102, obtaining a plurality of identification results output by the fuzzy neural network modelAnd determining the bus associated with the attack by analyzing the identification result. Because the detection precision of each fuzzy neural network model is not high enough, the identification result output by the S102 has errors. Therefore, the method and the device solve the identification problem of the attacked bus by adopting the rule identification layer. The physical rules are as follows: (1) for most of the sub-nodes, the detected spurious data values should be below a certain threshold; (2) however, if the spurious data value detected for one or more of the sub-nodes is greater than a certain threshold, the bus associated with the latter is considered to be under attack, and the rule may be expressed as D G, if { u ═ Ga≤θfor a∈K and ub>Theta for b belongs to G }, a belongs to K, and b belongs to G; theta is a threshold value, uaIs a dummy data value of node a, ubIs the dummy data value of node b, D is the identification result of S103, and G, K are the set of area nodes of the system bus S, respectively.
The threshold may be determined according to an actual application scenario and a required precision, which is not limited in this application.
In the technical scheme provided by the embodiment of the invention, the fuzzy neural network and the physical rule are combined to detect whether the power grid is subjected to the false data injection attack or not, so that the false data injection attack of a plurality of bus nodes in the smart power grid can be effectively detected, the information processing process is simple, the virtual data injection attack can be efficiently, timely and accurately detected, the data communication safety of a PMU layer and a local aggregation layer can be ensured, and the data authenticity in the PMU layer is protected; in addition, identity validity verification is carried out when the local aggregation layer aggregation data are reported to the control layer, an attacker with an effective address can impersonate the local aggregation layer to realize infringement and attack, the safety of a power grid is further ensured, the authentication process is a lightweight method, the cost is low, and a large amount of computing resources of a control center are not occupied.
As an alternative implementation, in consideration that PMUs in the PMU layer are easily tampered with data by an attacker, and communication security of the PMU layer and the local aggregation layer is protected, the PMU layer and the local aggregation layer may use wireless communication, and encrypt data to be transmitted by using an encryption algorithm before transmitting the data. The encryption process can be executed by the control layer, but the encryption algorithm cost is low, the occupied control layer computing resources are less, and the normal operation of the control layer is not influenced.
It will be appreciated that to enable distributed state estimation in the grid, the grid may be partitioned. A quadtree is a tree-like data structure that is applied to two-dimensional data space classification. In the three-tier framework shown in fig. 2, the grid total system space is initialized to the root of the quadtree, and then the PMU layer can be divided into multiple regions according to a weighted quadtree structure, with edge nodes distributed into the regions, which collect measurements from the bus, the generators, through local aggregators deployed in each region. E.g. into four regions, i.e. with T ═ T1,T2,T3,T4And (4) making the root node have exactly four child nodes. Each child node TiI is 1, 2,3,4 or each zone has a maximum capacity value, which can be determined from the power values of the generators and/or loads of the respective zone. The main entities of the power grid are generators and loads, and the power value of each generator and load can be provided as a weighted value as shown in table 1:
TABLE 1 Generator and load power values
Generator Power of Load(s) Power of
G1 512 L1 125
G2 270 L2 90
G3 125 L3 100
The maximum capacity of each region is allocated according to the associated power value. Taking the IEEE-9 bus system as an example, the IEEE-9 bus system comprises 9 nodes, each of which may be denoted as BiI is 1, 2, …,9, and the power value of the generator or the load is taken as the weight value WvBased on the weight value WvCalculating the maximum capacity S of each regiong(Ti),i=1,2,3,4:
Sg(T1)=Wv(G1)=512;
Sg(T2)=Wv(L1)+Wv(L2)=125+90=215;
Sg(T3)=Wv(G2)=270;
Sg(T4)=Wv(G3)+Wv(L3)=125+100=225;
After the power grid partition is completed, the edge nodes are distributed in each area, and the edge nodes of each area can be represented as EiI is 1, 2,3,4, namely:
T1→E1,T2→E2,T3→E3,T4→E4
E1measurements will be collected from G1, B2 and B7, while E2Measurements will be collected from L1, L2, B1 and B8. Likewise, E3The measurements from G2, B1, and B4 were polymerized. From G3, L3, B3 andthe measured value of B9 will be E4And (4) polymerizing. The measurements may be, for example, engine measurements, load measurements, line voltage values, line current values, phase angles between voltages, reactive power, active power, and the like. After the data acquisition of the PMU layer is completed, each local aggregator collects the measurement data of the load, the generator and the edge node in the corresponding area.
After the data is aggregated by the local aggregation layer, all the data are finally reported to the control layer, and an identity validity problem exists. Namely, an attacker can impersonate the object of the local aggregation layer to realize infringement and attack. To ensure that the local aggregator is not modified by an intruder, authentication may be performed before the local aggregator transmits data to the control layer. After the verification is passed, the party can carry out conversation. Each local aggregator first registers at the control layer and obtains unique identification information such as ID and key assigned by the control layer, which may be generated for elliptic curve cryptography, for example. In the application, the identification information and the secret key are shared by the control layer and the corresponding local aggregator, and the identity can be verified to be legal only if the ID, the secret key and the shared secret value of the two parties are the same. This process can be carried out in two steps:
the current local aggregator sends an identity validity verification request carrying identification information and a secret key of the local aggregator to the controller. That is, a request is sent by the local aggregator to the control layer, and the local aggregator needs to send its own ID and key to the control layer for authentication. If the ID and key both match, step 2 will be performed. Otherwise, the control layer will deny service.
When receiving a session shared secret value request sent by the control layer, the current local aggregator sends the session shared secret value to the control layer. That is, upon authentication through the above steps, the control layer requests the session shared secret value SS for the current session from the local aggregatorS. In this phase, each local aggregator initially assigns a set of SS values, which may include, for example, 4 different session shared secret values, i.e., a session shared secret value that is any one of a set of session shared secret values pre-assigned to the current local aggregator. When the control layer receivesAnd if the session sharing secret value of the current session transmitted by the local aggregator is verified to be true, judging that the identity of the local aggregator is legal, and allowing the local aggregator to transmit corresponding measurement data and a state estimation value to the control layer. In each session, the local aggregators only submit corresponding session shared secret values to calculate that the identities are legal, and then the control layer aggregates data of all the local aggregators.
Therefore, the control layer and the local aggregation layer carry out identity validity verification, data transmission safety can be improved, virtual data injection attack can be efficiently detected, the authentication process does not need to occupy a large amount of computing resources of the control layer, cost is low, and normal operation of the control layer cannot be affected.
As an alternative embodiment, the local aggregator may perform state estimation according to the measurement data by using APSO (Adaptive Particle Swarm Optimization) to obtain an estimated state value.
At present, the state estimation of the smart grid can be modeled by formula 1:
Figure BDA0002333415120000121
Z∈Rmis measurement data comprising m measurement values. x is formed by RnIs a state vector consisting of a phase angle theta and a bus voltage amplitude V, comprising n state values (typically m)>n). e is the measurement noise, following a gaussian distribution. h (x) is a non-linear function between the measurement vector z and the system state vector x.
Zi=ZTrue+RAND×δi; (2)
ZTrueRepresenting the true measurement of aggregation, RAND denotes a random number. Variables of state estimation are bus voltage, phase angle and signature, e.g.
Figure BDA0002333415120000122
The purpose of the proposed state estimation is to enable real and estimated measurementsThe squared difference between the quantities is minimized, and the error between them can be calculated from the true and state estimates
Figure BDA0002333415120000123
As shown in equation (3):
Figure BDA0002333415120000124
in the three-tier framework of the present application, the state estimation uses the APSO algorithm. Generally, the PSO algorithm is an algorithm based on the best solution found by the population. The system performing state estimation to be suitable for the APSO algorithm may comprise the steps of:
step 1: the state estimation is initialized using APSO, and all state variables (V, θ) will initialize the particles in APSO.
Step 2: in APSO, the fitness for each particle is calculated as follows:
Figure BDA0002333415120000125
and step 3: in this step, each particle is updated based on the fitness function. First, the value of the particle itself iterated through the fitness function is compared to the previous value (U)pre) The comparison yields the optimum value, i.e. Ubest. The value of the particle iterated through the fitness function is then compared to the values of the other particles (G)pre) To obtain the optimum value, i.e. Gbest
Figure BDA0002333415120000136
For the current speed, rand () is between [0, 1 ]]J and J are learning factors, then the particle velocity update can be as follows:
Figure BDA0002333415120000131
and 4, step 4: in this step, different from the PSO algorithm, Levy is added into APSO to form a new solution. As follows. When the iteration of the algorithm is completed, the optimal value of the state estimation can be obtained.
Figure BDA0002333415120000132
And 5: in detection, FDIA attacks are performed by estimating the value of a state
Figure BDA0002333415120000133
And the obtained measured values
Figure BDA0002333415120000134
The similarity between the two can be judged by adopting a cosine similarity method. As shown in equation 7:
Figure BDA0002333415120000135
as can be seen from the formula, if the state estimation value and the obtained measurement value are the same, the similarity will be set to "1". Otherwise, the larger the difference, the lower the similarity. When an attacker launches FDIA, the state estimate may differ significantly from the obtained measurements, thereby reducing the similarity. Thus, if the similarity between the two is too low, it is determined that FDIA is detected.
Optionally, a trust threshold, an error level threshold, and a similarity level threshold are preset, and the recognition result output by the fuzzy neural network model is normal data, false data, and suspicious data. The rule that the fuzzy neural network model determines the output recognition result according to the input fuzzy metric specific value can be expressed as follows:
if the trust value of the input fuzzy neural network model is smaller than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is smaller than the similarity level threshold, the output identification result is false data;
if the trust value of the input fuzzy neural network model is greater than the trust threshold value, the error level value is less than the error level threshold value and the similarity level value is less than the similarity level threshold value, the output identification result is normal data;
if the trust value of the input fuzzy neural network model is smaller than the trust threshold value, the error level value is smaller than the error level threshold value and the similarity level value is larger than the similarity level threshold value, the output identification result is normal data;
if the trust value of the input fuzzy neural network model is greater than the trust threshold value, the error level value is less than the error level threshold value and the similarity level value is greater than the similarity level threshold value, the output identification result is normal data;
if the trust value of the input fuzzy neural network model is smaller than the trust threshold value, the error level value is larger than the error level threshold value and the similarity level value is smaller than the similarity level threshold value, the output identification result is false data;
if the trust value of the input fuzzy neural network model is greater than the trust threshold value, the error level value is greater than the error level threshold value and the similarity level value is less than the similarity level threshold value, the output identification result is false data;
if the trust value of the input fuzzy neural network model is smaller than the trust threshold value, the error level value is larger than the error level threshold value and the similarity level value is larger than the similarity level threshold value, the output identification result is false data;
and if the trust value of the input fuzzy neural network model is greater than the trust threshold, the error level value is greater than the error level threshold and the similarity level value is greater than the similarity level threshold, the output identification result is suspicious data.
The trust threshold, the error level threshold and the similarity level threshold may be selected according to an actual application scenario, which is not limited in this application, and table 2 is a table of correspondence between output information and input information of the fuzzy neural network model in a specific example:
TABLE 2 output and input information correspondence table for fuzzy neural network model
Figure BDA0002333415120000141
Figure BDA0002333415120000151
It should be noted that, in the present application, there is no strict sequential execution order among the steps, and as long as the logical order is met, the steps may be executed simultaneously or according to a certain preset order, and fig. 1 is only an exemplary manner, and does not represent that only the execution order is the order.
The embodiment of the invention also provides a corresponding device for the method for detecting the false data injection attack, so that the method has higher practicability. Wherein the means can be described separately from the functional module point of view and the hardware point of view. The device for detecting a dummy data injection attack according to an embodiment of the present invention is introduced below, and the device for detecting a dummy data injection attack described below and the method for detecting a dummy data injection attack described above may be referred to in correspondence with each other.
Based on the hardware perspective, fig. 3 is a structural diagram of another apparatus for detecting a dummy data injection attack according to an embodiment of the present application. The device is applied to a three-layer smart grid framework consisting of a PMU layer, a local aggregation layer and a control layer, wherein the local aggregation layer can also comprise a memory 30 for storing a computer program besides a plurality of local aggregators, as shown in FIG. 3;
the control server 31 is configured to implement the steps of the method for detecting the abnormal temperature point of the voltage transformer according to the above embodiment when executing the computer program.
The control server 31 may include one or more processing cores, such as a 4-core control server, an 8-core control server, and the like. The control server 31 may be implemented in at least one hardware form of a DSP (Digital Signal Processing), an FPGA (Field-Programmable Gate Array), and a PLA (Programmable Logic Array). The control server 31 may also include a main control server and a sub-control server, where the main control server is a control server for Processing data in an awake state, and is also called a Central Processing Unit (CPU); the co-control server is a low power consumption control server for processing data in a standby state. In some embodiments, the control server 31 may be integrated with a GPU (Graphics Processing Unit), which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the control server 31 may further include an AI (Artificial Intelligence) control server for processing a calculation operation related to machine learning.
Memory 30 may include one or more computer-readable storage media, which may be non-transitory. Memory 30 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 30 is at least used for storing the following computer program 301, wherein after the computer program is loaded and executed by the control server 31, the relevant steps of the testing method disclosed in any of the foregoing embodiments can be implemented. In addition, the resources stored by the memory 30 may also include an operating system 302, data 303, and the like, and the storage may be transient storage or permanent storage. Operating system 302 may include Windows, Unix, Linux, etc. Data 303 may include, but is not limited to, data corresponding to test results, and the like.
In some embodiments, the testing device may further include a display 32, an input/output interface 33, a communication interface 34, a power source 35, a communication bus 36, and a sensor 37.
Those skilled in the art will appreciate that the configuration shown in FIG. 3 is not intended to be limiting of testing devices and may include more or fewer components than those shown.
The functions of the functional modules of the device for detecting false data injection attacks according to the embodiments of the present invention may be specifically implemented according to the method in the above method embodiments, and the specific implementation process may refer to the description related to the above method embodiments, which is not described herein again.
Therefore, the embodiment of the invention can effectively resist the injection of false data into the power grid and attack the power grid on the basis of not occupying a large amount of computing resources of the control center, thereby ensuring the communication safety of the power grid.
The above mentioned apparatus for detecting a dummy data injection attack is described from a hardware perspective, and further, the present application provides an apparatus for detecting a dummy data injection attack, which is described from a functional module perspective. Referring to fig. 4, fig. 4 is a structural diagram of an apparatus for detecting a false data injection attack according to an embodiment of the present invention, in an embodiment, the apparatus is applied to a three-layer smart grid framework including a PMU layer, a local aggregation layer, and a control layer, where the local aggregation layer may include:
a model training module 401, configured to train a plurality of fuzzy neural network models that are used for detecting false data in the aggregated data of the local aggregator and are independent of each other in advance; the fuzzy measurement of the fuzzy neural network model is a trust value, an error level value and a similarity level value between an estimated measurement value and a real measurement value of a bus and a synchronous phasor measurement unit.
A state identification module 402, configured to input the measurement data and the estimated state value sent by each local aggregator into a corresponding fuzzy neural network model, so as to obtain false data information of each local aggregator; and each local aggregator aggregates the measurement data acquired by the synchronous phasor measurement unit in the corresponding area and performs state estimation according to the measurement data to obtain an estimated state value.
A rule identifying module 403, configured to determine that a bus associated with the target aggregator is attacked by the injection of the dummy data if there is at least one dummy data value of the target local aggregator greater than a preset threshold.
And an identity authentication module 404, configured to send, by each local aggregator, corresponding measurement data and a state estimation value to the control layer after the identity validity authentication request carrying the identification information, the key, and the session shared secret value is verified by the control layer.
Optionally, in some implementations of this embodiment, the identity verification module 404 may include:
the registration submodule is used for registering each local aggregator in the control layer in advance, acquiring identification information and a key distributed by the control layer at the same time, and sharing the identification information and the key by the control layer and the corresponding local aggregator;
the identity authentication submodule is used for sending an identity validity authentication request carrying the identification information and the secret key to the controller by the current local aggregator;
the validity verification sub-module is used for sending the session sharing secret value to the control layer by the current local aggregator after receiving the session sharing secret value request sent by the control layer;
and the data sending submodule is used for sending corresponding measurement data and a state estimation value to the control layer when the control layer verifies that the session sharing secret value is true.
The functions of the functional modules of the apparatus for detecting false data injection attack according to the embodiment of the present invention may be specifically implemented according to the method in the embodiment of the present invention, and the specific implementation process may refer to the description related to the embodiment of the method, which is not described herein again.
Therefore, the embodiment of the invention can effectively resist the injection of false data into the power grid and attack the power grid on the basis of not occupying a large amount of computing resources of the control center, thereby ensuring the communication safety of the power grid.
It is understood that, if the method for detecting the dummy data injection attack in the above embodiment is implemented in the form of a software functional unit and sold or used as a separate product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present application may be substantially or partially implemented in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods of the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), an electrically erasable programmable ROM, a register, a hard disk, a removable magnetic disk, a CD-ROM, a magnetic or optical disk, and other various media capable of storing program codes.
Based on this, the embodiment of the present invention further provides a computer-readable storage medium, in which a program for detecting a fake data injection attack is stored, and when the program for detecting a fake data injection attack is executed by a processor, the steps of the method for detecting a fake data injection attack are as described in any one of the above embodiments.
The functions of the functional modules of the computer-readable storage medium according to the embodiment of the present invention may be specifically implemented according to the method in the foregoing method embodiment, and the specific implementation process may refer to the related description of the foregoing method embodiment, which is not described herein again.
Therefore, the embodiment of the invention can effectively resist the injection of false data into the power grid and attack the power grid on the basis of not occupying a large amount of computing resources of the control center, thereby ensuring the communication safety of the power grid.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The method, the apparatus and the computer-readable storage medium for detecting a dummy data injection attack provided by the present application are described in detail above. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present application.

Claims (10)

1. A method for detecting false data injection attacks is applied to a three-layer smart grid framework consisting of a PMU layer, a local aggregation layer and a control layer, and is characterized in that the method is applied to the local aggregation layer and comprises the following steps:
pre-training a plurality of fuzzy neural network models which are used for detecting false data in the aggregated data of the local aggregator and are independent of each other; the fuzzy measurement of the fuzzy neural network model is a trust value, an error level value and a similarity level value between an estimated measurement value and a real measurement value of a bus and a synchronous phasor measurement unit;
inputting the measured data and the estimated state value sent by each local aggregator into a corresponding fuzzy neural network model to obtain the false data information of each local aggregator;
if the false data value of at least one target local aggregator is larger than a preset threshold, judging that a bus related to the target aggregator is attacked by false data injection;
each local aggregator aggregates measurement data collected by the synchrophasor measurement units in corresponding areas, performs state estimation according to the measurement data to obtain an estimated state value, and sends corresponding measurement data and the state estimation value to the control layer after an identity validity verification request carrying identification information, a secret key and a session sharing secret value is verified by the control layer.
2. The method according to claim 1, wherein the sending the corresponding measurement data and the state estimation value to the control layer after the identity validity verification request carrying the identification information, the secret key and the session sharing secret value is verified by the control layer comprises:
each local aggregator registers in the control layer in advance, and obtains identification information and a key distributed by the control layer at the same time, and the identification information and the key are shared by the control layer and the corresponding local aggregator;
the current local aggregator sends an identity validity verification request carrying identification information and a secret key of the local aggregator to the controller;
after receiving a session shared secret value request sent by the control layer, the current local aggregator sends a session shared secret value to the control layer;
and when the control layer verifies that the session sharing secret value is true, sending corresponding measurement data and a state estimation value to the control layer.
3. The method of detecting a dummy data injection attack as claimed in claim 2, wherein the secret key is generated by elliptic curve cryptography; and the session sharing secret value is any one of a group of session sharing secret values pre-assigned to the current local aggregator.
4. The method of detecting a spurious data injection attack according to claim 1, wherein the aggregating, by each local aggregator, the measurement data collected by the synchrophasor measurement units of the corresponding region comprises:
dividing the PMU layer into a plurality of areas by using a weighted quadtree in advance, distributing edge nodes into the areas, collecting measurement values from a bus and a generator by the edge nodes through a local aggregator deployed in each area, and determining the maximum capacity value of each area according to the power value of the generator and/or load of the corresponding area;
each local aggregator collects measurement data of the load, generator and edge nodes of the corresponding area.
5. The method according to claim 4, wherein the local aggregator performs state estimation from the measurement data by using an adaptive particle swarm optimization algorithm to obtain the estimated state value.
6. The method for detecting the injection attack of the false data according to any one of the claims 1 to 5, characterized in that a trust threshold, an error level threshold and a similarity level threshold are preset, and the identification result output by the fuzzy neural network model is normal data, false data and suspicious data;
if the trust value input into the fuzzy neural network model is smaller than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is smaller than the similarity level threshold, the output identification result is false data;
if the input trust value of the fuzzy neural network model is larger than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is smaller than the similarity level threshold, the output identification result is normal data;
if the input trust value of the fuzzy neural network model is smaller than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is larger than the similarity level threshold, the output identification result is normal data;
if the input trust value of the fuzzy neural network model is larger than the trust threshold, the error level value is smaller than the error level threshold and the similarity level value is larger than the similarity level threshold, the output identification result is normal data;
if the trust value input into the fuzzy neural network model is smaller than the trust threshold, the error level value is larger than the error level threshold and the similarity level value is smaller than the similarity level threshold, the output identification result is false data;
if the input trust value of the fuzzy neural network model is greater than the trust threshold, the error level value is greater than the error level threshold and the similarity level value is less than the similarity level threshold, the output identification result is false data;
if the trust value input into the fuzzy neural network model is smaller than the trust threshold, the error level value is larger than the error level threshold and the similarity level value is larger than the similarity level threshold, the output identification result is false data;
and if the input trust value of the fuzzy neural network model is greater than the trust threshold, the error level value is greater than the error level threshold and the similarity level value is greater than the similarity level threshold, outputting the identification result as suspicious data.
7. The method according to claim 6, wherein the PMU layer communicates with the local aggregation layer wirelessly, and the data to be transmitted is encrypted by using an encryption algorithm and then transmitted.
8. An apparatus for detecting false data injection attack, applied to a three-layer smart grid framework composed of a PMU layer, a local aggregation layer and a control layer, and adapted to the local aggregation layer, wherein the local aggregation layer includes:
the model training module is used for training a plurality of fuzzy neural network models which are used for detecting false data in the aggregated data of the local aggregator and are independent of each other in advance; the fuzzy measurement of the fuzzy neural network model is a trust value, an error level value and a similarity level value between an estimated measurement value and a real measurement value of a bus and a synchronous phasor measurement unit;
the state identification module is used for inputting the measured data and the estimated state value sent by each local aggregator into the corresponding fuzzy neural network model to obtain the false data information of each local aggregator; wherein, each local aggregator aggregates the measurement data collected by the synchrophasor measurement unit of the corresponding region, and performs state estimation according to the measurement data to obtain an estimated state value,
the rule identification module is used for judging that a bus related to the target aggregator is attacked by the injection of the false data if the false data value of at least one target local aggregator is larger than a preset threshold;
and the identity authentication module is used for sending corresponding measurement data and state estimation values to the control layer after the identity validity authentication request carrying the identification information, the secret key and the session sharing secret value is authenticated by the control layer.
9. An apparatus for detecting a dummy data injection attack, comprising a processor for implementing the steps of the method for detecting a dummy data injection attack according to any one of claims 1 to 7 when executing a computer program stored in a memory.
10. A computer-readable storage medium, on which a program of detecting a dummy data injection attack is stored, which when executed by a processor implements the steps of the method of detecting a dummy data injection attack as claimed in any one of claims 1 to 7.
CN201911346152.6A 2019-12-19 2019-12-19 Method and device for detecting false data injection attack and readable storage medium Active CN110995761B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911346152.6A CN110995761B (en) 2019-12-19 2019-12-19 Method and device for detecting false data injection attack and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911346152.6A CN110995761B (en) 2019-12-19 2019-12-19 Method and device for detecting false data injection attack and readable storage medium

Publications (2)

Publication Number Publication Date
CN110995761A CN110995761A (en) 2020-04-10
CN110995761B true CN110995761B (en) 2021-07-13

Family

ID=70076232

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911346152.6A Active CN110995761B (en) 2019-12-19 2019-12-19 Method and device for detecting false data injection attack and readable storage medium

Country Status (1)

Country Link
CN (1) CN110995761B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112565180B (en) * 2020-10-27 2021-12-28 西安交通大学 Power grid defense method, system, equipment and medium based on moving target defense
CN112953943B (en) * 2021-02-22 2022-04-29 浙江大学 False data injection attack resisting method based on trust mechanism in distributed estimation
CN113037755B (en) * 2021-03-10 2023-06-16 海能达通信股份有限公司 Method and equipment for defending network connection attack
CN113132360A (en) * 2021-03-30 2021-07-16 湘潭大学 False data detection method for ammeter metering system based on edge calculation
CN113094712B (en) * 2021-05-17 2022-08-26 国网山东省电力公司电力科学研究院 Power information physical system attack defense method based on self-adaptive sliding mode controller
CN113596020B (en) * 2021-07-28 2023-03-24 深圳供电局有限公司 Smart grid false data injection attack vulnerability detection method
CN115250193B (en) * 2021-12-22 2024-02-23 长沙理工大学 DoS attack detection method, device and medium for SDN network
CN114666153B (en) * 2022-04-08 2022-11-18 东南大学溧阳研究院 False data injection attack detection method and system based on state estimation residual distribution description
CN114997346A (en) * 2022-08-08 2022-09-02 广东电网有限责任公司佛山供电局 False data identification method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101523848A (en) * 2006-09-29 2009-09-02 阿尔卡特朗讯公司 Intelligence network anomaly detection using a type II fuzzy neural network
CN109165504A (en) * 2018-08-27 2019-01-08 广西大学 A kind of electric system false data attack recognition method generating network based on confrontation
CN110365647A (en) * 2019-06-13 2019-10-22 广东工业大学 A kind of false data detection method for injection attack based on PCA and BP neural network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10305932B2 (en) * 2016-12-21 2019-05-28 Abb Inc. System and method for detecting false data injection in electrical substations

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101523848A (en) * 2006-09-29 2009-09-02 阿尔卡特朗讯公司 Intelligence network anomaly detection using a type II fuzzy neural network
CN109165504A (en) * 2018-08-27 2019-01-08 广西大学 A kind of electric system false data attack recognition method generating network based on confrontation
CN110365647A (en) * 2019-06-13 2019-10-22 广东工业大学 A kind of false data detection method for injection attack based on PCA and BP neural network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
电力网络中基于物理信息的虚假数据入侵检测方法;夏卓群;《信息网络安全》;20190410;全文 *

Also Published As

Publication number Publication date
CN110995761A (en) 2020-04-10

Similar Documents

Publication Publication Date Title
CN110995761B (en) Method and device for detecting false data injection attack and readable storage medium
Kumar et al. A Distributed framework for detecting DDoS attacks in smart contract‐based Blockchain‐IoT Systems by leveraging Fog computing
Garg et al. SDN-based secure and privacy-preserving scheme for vehicular networks: A 5G perspective
Keshk et al. An integrated framework for privacy-preserving based anomaly detection for cyber-physical systems
Liu et al. Financially motivated FDI on SCED in real-time electricity markets: Attacks and mitigation
CN110276210A (en) Based on the determination method and device of the model parameter of federation's study
CN104639311B (en) The polymerization and system of electricity consumption privacy and integrity protection in a kind of intelligent grid
CN105681338A (en) Vulnerability exploiting success probability calculation method and network security risk management method
CN104009959B (en) A kind of cloud access control method that can verify that based on XACML
Ustun et al. Artificial intelligence based intrusion detection system for IEC 61850 sampled values under symmetric and asymmetric faults
Irita et al. Detection of replay attack on smart grid with code signal and bargaining game
Habib et al. False data injection attack in smart grid cyber physical system: Issues, challenges, and future direction
Kim et al. Smart grid security: Attacks and defence techniques
CN116405187B (en) Distributed node intrusion situation sensing method based on block chain
CN116074123B (en) Method for safely transmitting digital information of Internet of things
CN110290110B (en) Encrypted malicious traffic identification method and system based on redundancy detection architecture
Wang et al. An efficient data sharing scheme for privacy protection based on blockchain and edge intelligence in 6G-VANET
Liu et al. Resilient consensus of discrete-time connected vehicle systems with interaction network against cyber-attacks
CN107347064A (en) Cloud computing platform Tendency Prediction method based on neural network algorithm
Liu et al. Blockchain based trust management in vehicular networks
Xia et al. Confidence-aware collaborative detection mechanism for false data attacks in smart grids
Mahmood et al. A Hybrid Trust Management Model for Secure and Resource Efficient Vehicular Ad hoc Networks
Liu et al. A trust chain assessment method based on blockchain for SDN network nodes
CN114205816B (en) Electric power mobile internet of things information security architecture and application method thereof
Andrade et al. A continuum of undetectable timing-attacks on PMU-based linear state-estimation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant