CN111092897A - Active immune attack recognition method and charging device - Google Patents

Active immune attack recognition method and charging device Download PDF

Info

Publication number
CN111092897A
CN111092897A CN201911341263.8A CN201911341263A CN111092897A CN 111092897 A CN111092897 A CN 111092897A CN 201911341263 A CN201911341263 A CN 201911341263A CN 111092897 A CN111092897 A CN 111092897A
Authority
CN
China
Prior art keywords
layer
data
encoder
self
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911341263.8A
Other languages
Chinese (zh)
Other versions
CN111092897B (en
Inventor
吴海涛
徐成斌
肖声远
刘威
陈锐
罗伟峰
汪伟
李重杭
习伟
匡晓云
姚浩
于杨
简淦杨
杨祎巍
祖连兴
丁凯
朱小帆
贺生国
黄植炜
何鸿雁
陈远生
占捷文
王乾刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CSG Electric Power Research Institute
Shenzhen Power Supply Bureau Co Ltd
CYG Sunri Co Ltd
Original Assignee
CSG Electric Power Research Institute
Shenzhen Power Supply Bureau Co Ltd
CYG Sunri Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CSG Electric Power Research Institute, Shenzhen Power Supply Bureau Co Ltd, CYG Sunri Co Ltd filed Critical CSG Electric Power Research Institute
Priority to CN201911341263.8A priority Critical patent/CN111092897B/en
Publication of CN111092897A publication Critical patent/CN111092897A/en
Application granted granted Critical
Publication of CN111092897B publication Critical patent/CN111092897B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60LPROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
    • B60L53/00Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
    • B60L53/60Monitoring or controlling charging stations
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60LPROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
    • B60L53/00Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
    • B60L53/60Monitoring or controlling charging stations
    • B60L53/66Data transfer between charging stations and vehicles
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60LPROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
    • B60L53/00Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
    • B60L53/60Monitoring or controlling charging stations
    • B60L53/66Data transfer between charging stations and vehicles
    • B60L53/665Methods related to measuring, billing or payment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/60Other road transportation technologies with climate change mitigation effect
    • Y02T10/70Energy storage systems for electromobility, e.g. batteries
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/60Other road transportation technologies with climate change mitigation effect
    • Y02T10/7072Electromobility specific charging systems or methods for batteries, ultracapacitors, supercapacitors or double-layer capacitors
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T90/00Enabling technologies or technologies with a potential or indirect contribution to GHG emissions mitigation
    • Y02T90/10Technologies relating to charging of electric vehicles
    • Y02T90/12Electric charging stations
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T90/00Enabling technologies or technologies with a potential or indirect contribution to GHG emissions mitigation
    • Y02T90/10Technologies relating to charging of electric vehicles
    • Y02T90/16Information or communication technologies improving the operation of electric vehicles
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Abstract

The invention provides a method for identifying active immune attack, which comprises the following steps: acquiring a real-time data stream of a charging device; the data flow is detected and classified in real time through a stack type self-coding network model so as to judge whether abnormal data exist in the data flow, and when the abnormal data do not exist, the data are directly forwarded; and when abnormal data exists, intercepting the real-time data stream, sending an alarm prompt, generating a log record and stopping the machine. The invention also provides a charging device. Compared with the prior art, the obtained data of the charging device is analyzed and classified through the stack type self-encoder network model, and the probability of being attacked by the network is output, so that whether the data is attacked or not is judged, corresponding operation is executed, the information safety and the operation reliability of the charging device are guaranteed, and the safety of a power grid is guaranteed.

Description

Active immune attack recognition method and charging device
Technical Field
The present invention relates to a charging device, and more particularly, to a method for identifying a charging device with active immune attack and a charging device.
Background
The automobile industry is the pillar industry of national economy and also is a landmark industry reflecting national competitiveness. But at the same time, our environment is under great pressure and challenge, especially to atmospheric pollution. The automobile exhaust emission is one of the chief causes of atmospheric pollution by default, the quantity of fuel vehicles in China is at the top of the world, the quantity of fuel vehicles is excessively long, and the development of new energy automobiles is forced to be reduced.
Since 1993, China becomes a net importation of petroleum, and the import of petroleum increases year by year. Due to the relative shortage of fossil energy, particularly petroleum and natural gas production, the degree of dependence of energy supply in China on the international market will be higher and higher in the future. The instability and oil price fluctuation of the international petroleum market can seriously affect the petroleum supply of China and cause great impact on the economic society. The development of new energy automobiles can get rid of the embarrassment to a great extent, and the energy problem is not limited by other countries.
The automobile industry in China is changed from market technology later and in the early years. The traditional automobile industry in China is still obviously different from other automobile major countries. After all, traditional automobiles have been developed for over 130 years, and the barriers to technology and legislation are very high and difficult to catch up.
However, as a new field, all countries start running simultaneously, and China has to struggle with the need to upgrade the industry and achieve 'curve overtaking'.
The development of new energy automobiles inevitably leaves away the matched new energy automobile charging device. The charging form of the electric vehicle can be classified into 3 types: wired charging, unlimited charging and overall battery replacement. Among them, the charging method developed in the present day and widely used is wired charging. And the wired charging is classified into an ac charging device (slow charging) and a dc charging device (fast charging). According to the development guideline for electric vehicle charging infrastructure (2015-2020) published by the development committee, the development goal of the charging infrastructure in China is to build 1.2 ten thousand centralized charging stations and 480 ten thousand distributed charging devices in 2020.
The large-scale establishment of the charging device facilitates the use of the electric automobile and promotes the development of new energy industry. However, most of domestic charging device devices use imported chips, back doors which are not known to people may exist in the chips, a large leak may be hidden, and once network wars occur, the consequences are not reasonable. Meanwhile, along with the intellectualization and informatization of the power grid, various network attack means are developed, the charging device is located in a public environment and is easy to be attacked, the attacks can be submerged in a management system inside the charging device to steal other user information, or virus invades to modify the balance of an account of the charging device for infinite times to charge, even invade into the power grid to cause the fault of the power grid, and therefore, the security hole of the charging device is increasingly prominent, so that the security performance of the charging device is improved comprehensively.
Fig. 1 is a view showing an application scenario of a conventional charging device, and as can be seen from fig. 1, the charging device is connected to a station monitoring system and an ac power distribution cabinet. The charging device uploads state monitoring data in the charging process, battery data analysis, electric energy charging, user information and the like of the electric automobile to the station-level monitoring system, and related data are analyzed and stored. In the conventional charging device, it is easy for a hacker to issue various attacks thereon according to a known security hole. An attacker can inject trojan into the charging device and take the trojan as a springboard to gradually invade the upper-layer system; an attacker can also repeatedly send malformed attack data according to the defects of the transmission protocol of the charging device, for example, electricity consumption data is tampered to achieve the purpose of stealing electricity charges, the voltage of a public power grid fluctuates due to the manipulation of real-time electricity prices and the tampering of voltage data, even the adverse effects of power grid resonance and the like are further caused, and the safe and stable operation of the power grid is directly influenced.
Disclosure of Invention
The invention aims to provide an identification method with active immune attack and a charging device, and aims to solve the technical problem of improving the information security and the operation reliability of the charging device.
In order to solve the problems, the invention adopts the following technical scheme: an identification method with active immune attack comprises the following steps:
step one, acquiring a real-time data stream of a charging device;
step two, detecting and classifying the data flow in real time through a stacked self-coding network model so as to judge whether abnormal data exist in the data flow, and directly forwarding the data when the abnormal data do not exist; and when abnormal data exists, intercepting the real-time data stream, sending an alarm prompt, generating a log record and stopping the machine.
Further, the real-time detection and classification in the second step includes calculating probabilities of abnormal data and normal data in the data after data classification is performed on the data stream, and when the probability of the abnormal data is greater than that of the normal data, judging that the attacked abnormal data exists in the data stream; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
Further, the alarm prompt comprises the steps of displaying attack types on the charging device according to the classification of the abnormal data and sending alarm information to the station level monitoring system; the charging device also stores the log records locally and/or sends the log records to a station level monitoring system for storage.
Further, the stacked self-encoder network model is established by adopting the following steps:
(1) constructing a first layer self-encoder, wherein the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function expression is as follows:
z=f(x)=s(W(1)x+b(1))
wherein x is belonged to Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1An input bias for the hidden layer; s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:
Figure BDA0002332333010000031
tan h function:
Figure BDA0002332333010000032
and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein W is(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X; a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers;
the reconstruction error for each datum is:
L=||x-g(f(x))||2
the cost function is defined as:
Figure BDA0002332333010000033
wherein x is(i)Represents the ith sample;
Figure BDA0002332333010000034
representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is a regularization coefficient, λ is taken to be 1;
taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error reverse conduction and batch gradient descent algorithm;
(2) constructing a second layer of the self-encoder, and encoding W(1)As input data of a second-layer self-encoder, performing operation according to the step (1) to construct the second-layer self-encoder to obtain optimal solutions W and b;
(3) build a third layer of self-plaitingEncoder, W(2)As input data of a third-layer self-encoder, performing operation according to the step (1) to construct the third-layer self-encoder to obtain optimal solutions W and b;
(4) constructing a BP neural network classifier layer and taking the output of the third layer self-encoder as the input of the BP neural network; firstly, carrying out forward calculation on input feature vectors, and obtaining predicted categories on an output layer; then, the predicted categories are compared with actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and parameters of each layer of self-encoders are subjected to fine adjustment;
in the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
Figure BDA0002332333010000041
wherein k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;
Figure BDA0002332333010000043
is the output value of the ith unit of the k layers;
after calculating the residual error of each layer, adjusting the parameters of each layer of the stacked self-encoder network according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α;
Figure BDA0002332333010000042
the invention also discloses a charging device, which comprises a charging equipment controller, a touch controller, a charging control module, a card reader, an ammeter and a display unit, wherein the charging equipment controller is connected with the charging control module through a CANBUS bus, the charging control module is connected with the display unit through LVDS/parallel ports and the like, is connected with the card reader through an RS232 interface, is connected with the ammeter through an RS485 interface, and is connected with an upper layer through a network;
the charging equipment controller is used for sending the operation instruction sent by the charging control module downwards; receiving the alternating current and direct current change information, vehicle data, vehicle battery conditions, charging modes, output power, output voltage, output current and environmental data of the lower layer and then sending the information to a charging control module;
the touch controller is used for carrying out operation input on the charging equipment controller;
the card reader is used for reading user information of the IC card and sending the user information to the charging control module, wherein the user information comprises an account ID, balance and the like;
the ammeter is used for reading the electric energy consumption condition and the power grid electric energy quality information and sending the electric energy consumption condition and the power grid electric energy quality information to the charging control module;
a display module: the display and man-machine interaction device is used for displaying and man-machine interaction;
the charging control module comprises:
the electricity charge metering module is used for counting the electricity consumption condition sent by the electricity meter and the power quality information of the power grid to generate electricity consumption information, then charging the electricity consumption information to generate electricity charging information, and then sending the electricity charging information to the network attack detection unit for detection; the electric quantity charging information is that the electric energy use condition is obtained from an electric meter, the electric energy consumption and the electric energy payment data are transmitted to a network attack detection unit through a communication module after the electric energy payment required by a consumer is calculated by combining time-of-use electric charge and profit premium;
the positioning module is used for acquiring time and position information in real time and then sending the time and position information to the network attack detection module through the communication module;
the storage module is used for storing data, and the data comprises alarm information and log records;
the communication module is used for communication;
the network attack detection module is used for receiving the data stream sent by the communication module and detecting and classifying the data stream in real time through the network model of the stacked self-encoder so as to judge whether abnormal data exist in the data stream or not, and when the abnormal data do not exist, the data stream is directly forwarded to an upper layer through the communication module; when abnormal data exist, intercepting the real-time data stream, sending an alarm prompt, generating a log record, and sending a shutdown instruction to a charging equipment controller; when the charging equipment controller receives the stop instruction, the controller takes measures in time, disconnects the output interface and stops charging with the vehicle.
Further, the network attack detection module sends alarm information to an upper layer through a communication module, wherein the alarm information is an attack type corresponding to the abnormal data.
Further, intercepting the real-time data stream and sending an alarm prompt specifically refers to an alarm prompt for displaying attack types on a display module according to the classification of abnormal data while intercepting the real-time data stream.
Further, the network attack detection module stores the log record in a storage module and/or a sending upper layer for saving.
Further, the real-time detection classification comprises the steps of calculating the probability of abnormal data and normal data in data after data classification is carried out on the data stream, and judging that the attacked abnormal data exist in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
Further, the stacked self-encoder network model is established by adopting the following steps:
(1) constructing a first layer self-encoder, wherein the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function expression is as follows:
z=f(x)=s(W(1)x+b(1))
wherein x is belonged to Rd×1Indication inputAn input vector, d is the dimension of input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1An input bias for the hidden layer; s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:
Figure BDA0002332333010000061
tan h function:
Figure BDA0002332333010000062
and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein W is(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X; a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers;
the reconstruction error for each datum is:
L=||x-g(f(x))||2
the cost function is defined as:
Figure BDA0002332333010000063
wherein x is(i)Represents the ith sample;
Figure BDA0002332333010000064
representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is a regularization coefficient, λ is taken to be 1;
taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error reverse conduction and batch gradient descent algorithm;
(2) constructing a second layer of the self-encoder, and encoding W(1)As input data of a second-layer self-encoder, performing operation according to the step (1) to construct the second-layer self-encoder to obtain optimal solutions W and b;
(3) constructing a third layer of self-encoder, and encoding W(2)As input data of a third-layer self-encoder, performing operation according to the step (1) to construct the third-layer self-encoder to obtain optimal solutions W and b;
(4) constructing a BP neural network classifier layer and taking the output of the third layer self-encoder as the input of the BP neural network; firstly, carrying out forward calculation on input feature vectors, and obtaining predicted categories on an output layer; then, the predicted categories are compared with actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and parameters of each layer of self-encoders are subjected to fine adjustment;
in the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
Figure BDA0002332333010000071
wherein k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;
Figure BDA0002332333010000072
is the output value of the ith unit of the k layers;
after calculating the residual error of each layer, adjusting the parameters of each layer of the stacked self-encoder network according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α;
Figure BDA0002332333010000073
compared with the prior art, the method and the device have the advantages that the obtained data of the charging device are analyzed and classified through the stack type self-encoder network model, and the probability of being attacked by the network is output, so that whether the data are attacked or not is judged, corresponding operation is executed, the information safety and the operation reliability of the charging device are guaranteed, and the safety of a power grid is guaranteed.
Drawings
Fig. 1 is a diagram of a system in the prior art.
Fig. 2 is a flow chart of the present invention.
Fig. 3 is a diagram of a network model structure of a stacked self-encoder according to the present invention.
Fig. 4 is a structural diagram of a first layer self-encoder of the present invention.
Fig. 5 is a block diagram of the charging device of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
As shown in fig. 1, in the existing system for charging electric vehicles, each power station is provided with a station monitoring system, an internet of vehicles platform, a charging device, an ac power distribution system, a transformer, and a public power grid, in general, the station monitoring system is connected and communicated with the charging device (charging pile) through a TCP/IP protocol, the charging device is connected with the ac power distribution system, the ac power distribution system is connected to the public power grid through the transformer, and the station monitoring system is also connected to the internet of vehicles platform, so as to realize real-time publishing of the current situation of the station.
As shown in fig. 2, the invention discloses a method for identifying active immune attack, which comprises the following steps:
step one, acquiring a real-time data stream of a charging device, wherein the data stream is characteristic data or influence factors capable of representing whether data are attacked, and the data stream comprises an account ID, a balance, electric quantity consumption, electric charge consumption, power grid electric energy quality, a payment mode, payment information, charging mode selection (from an Internet of vehicles platform), charging reservation, charging mode selection (from a display unit), a payment mode, payment information, alternating current and direct current change information, vehicle data, a vehicle battery condition, a charging mode (from a charging equipment manager), output power, output voltage, output current and environment data;
step two, detecting and classifying the data flow in real time through a stacked self-coding network model so as to judge whether abnormal data exist in the data flow, and directly forwarding the data when the abnormal data do not exist; when abnormal data exists, intercepting the real-time data stream, sending an alarm prompt, generating a log record and stopping the machine;
the stacked self-coding network model comprises a plurality of self-encoders which are unsupervised to extract features, then the self-encoders are stacked to form a deep network model, and each layer of network is trained from bottom to top by an unsupervised method. Then, supervised learning is carried out on the characteristics through a back propagation neural network, and the whole network parameters are further optimized by utilizing error back propagation to obtain a final stack type self-coding network model; the back propagation neural network is a BP neural network;
the real-time detection and classification in the second step comprises the steps of calculating the probability of abnormal data and normal data in the data after classifying the data stream, and judging that the attacked abnormal data exists in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the maximum probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack;
the alarm prompt comprises the steps of displaying attack types on the charging device according to the classification of the abnormal data and sending alarm information to the station level monitoring system; the charging device also stores the log records locally and/or sends the log records to a station level monitoring system for storage.
The stacked self-encoder network model is a stacked self-encoding network structure of three hidden layers and a BP neural network classification layer, as shown in FIG. 3.
The learning process of the stack type self-encoder network model is divided into two steps of unsupervised learning and supervised learning. Firstly, greedy layer-by-layer learning is carried out on a denoising self-encoder by using a label-free sample, and the specific process is that the number of network hidden layers is assumed to be M, original data are input into a first layer self-encoder (AE) and are subjected to unsupervised training, and a parameter W of the first hidden layer is obtained(1)In each subsequent step, the trained top k-1 (k e [2, 3, …, M)]) Layer as input to train the k-th layer, resulting in W(k)And taking the weight obtained by training each layer as the weight for initializing the final deep network. And then, carrying out supervised learning by using the BP neural network and using the labeled data, and finely adjusting the parameters of the whole network through error back propagation while obtaining the parameters of the last layer of associated features and categories, so that the parameters are converged to a better position. The original data is normal data stream;
the stack type self-encoder network model is established by adopting the following steps:
(1) build first layer self encoder (AE1)
An Automatic Encoder (AE) is an unsupervised three-layer neural network, which is composed of an encoder and a decoder, and comprises an input layer, a hidden layer and an output layer, wherein the network structure is shown in fig. 4. The specific construction process of the first layer self-encoder is as follows:
the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function is expressed as follows:
z=f(x)=s(W(1)x+b(1))
wherein x is belonged to Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1Is the input bias of the hidden layer. s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:
Figure BDA0002332333010000101
tan h function:
Figure BDA0002332333010000102
and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein W is(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X (the mapped raw output); a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers.
The reconstruction error for each datum is:
L=||x-g(f(x))||2
a layer of reconstruction errors from the input and output of the encoder is associated with L;
the cost function is defined as:
Figure BDA0002332333010000103
wherein x is(i)Represents the ith sample;
Figure BDA0002332333010000104
representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is the regularization coefficient, λ takes 1.
The number of data streams is associated with N; λ is the regularization coefficient;
Figure BDA0002332333010000105
this term is to set the regularization function to prevent over-fitting and under-fitting; the global minimum value of the cost function represents that all the different weights W and offsets b are inThe optimal position with the minimum error can be reached when the iteration is changed.
Figure BDA0002332333010000106
The term is to calculate the sum of the amount u of all samples and the output error loss;
and taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error back propagation and batch gradient descent algorithm.
(2) Construction of second layer self-encoder (AE2)
And removing the output layer of the first layer self-encoder, and taking the feature set of the first layer self-encoder as the input of the second layer self-encoder.
I.e. the handle W(1)And (3) as input data of the second-layer self-encoder, performing operation according to the step (1), and constructing the second-layer self-encoder to obtain optimal solutions W and b.
(3) Build third level auto encoder (AE3)
Removing the output layer of the second layer self-encoder and using the feature set of the second layer self-encoder as the input of the third layer self-encoder, i.e. W(2)And (3) as input data of the third-layer self-encoder, performing operation according to the step (1), and constructing the third-layer self-encoder to obtain optimal solutions W and b.
(4) Construction of BP neural network classifier layer (BP)
The output of the third layer self-encoder (AE3) is taken as the input of the BP neural network.
And carrying out supervised classification on the features learned by the stacked self-encoder through a BP neural network by utilizing the data with the network attack labels, and associating the feature vectors with the network attack labels. Meanwhile, parameters of the stacked self-encoder are finely adjusted through error back propagation, so that the classification accuracy of the whole network is further improved. The training of the BP neural network is mainly divided into two processes of forward conduction and error back propagation. Firstly, carrying out forward calculation on an input feature vector (output of a third-layer self-encoder (AE 3)), and obtaining a predicted category at an output layer; and then the predicted categories are compared with the actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and the parameters of each layer of self-encoder are finely adjusted. The data with the network attack tag is obtained by different network attacks on normal data flow.
The data flow of the charging pile is input into the stack type self-encoder network model, the probability of normal data and the probability of abnormal data of the data flow are finally obtained, and whether the data in the data flow have the abnormal data attacked or not is finally obtained through judging the probabilities.
In the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
Figure BDA0002332333010000121
wherein k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;
Figure BDA0002332333010000122
is the output value of the ith cell of the k layers.
After calculating the residual error of each layer, the parameters of each layer of the stacked self-encoder network are adjusted according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α.
Figure BDA0002332333010000123
As shown in fig. 5, the present invention further discloses a charging device, which includes a charging device controller, a touch controller, a charging control module, a card reader, an electric meter and a display unit, wherein the charging device controller is connected with the charging control module through a CANBUS, the charging control module is connected with the display unit through LVDS/parallel port, etc., is connected with the card reader through an RS232 interface, is connected with the electric meter through an RS485 interface, and is connected with an upper layer (a station level monitoring system and/or a car networking platform) through a network;
the charging equipment controller is used for sending an operation instruction (charging mode selection, charging stop instruction and the like) sent by the charging control module downwards; receiving the alternating current and direct current change information, vehicle data, vehicle battery conditions, charging modes, output power, output voltage, output current and environmental data of the lower layer and then sending the information to a charging control module;
the touch controller is used for carrying out operation input on the charging equipment controller;
the card reader is used for reading user information of the IC card and sending the user information to the charging control module, wherein the user information comprises an account ID, balance and the like;
electric meter: the charging control module is used for reading the power consumption condition and the power grid power quality information and sending the power consumption condition and the power grid power quality information to the charging control module, wherein the power consumption condition and the power grid power quality information comprise power consumption, power consumption charge and power grid power quality;
the car networking platform: the charging control module is used for receiving the charging condition information of the vehicle sent by the charging control module and providing remote inquiry for a user;
the station level monitoring system is used for receiving the alarm information, the log record and the real-time data stream sent by the charging control module; the data center of the superior power grid power supply office can conveniently know the running condition of the charging station in real time;
a display module: the charging control module is used for displaying and man-machine interaction, displaying alarm information sent by the charging control module and displaying the information, wherein the information display comprises the display of consumed money, consumed electric quantity, vehicle type, charging mode selection, payment mode, charging mode, payment information and the like;
the charging control module comprises:
the electricity charge metering module is used for counting the electricity consumption condition sent by the electricity meter and the power quality information of the power grid to generate electricity consumption information, then charging the electricity consumption information to generate electricity charging information, and then sending the electricity charging information to the network attack detection unit for detection; the electric quantity charging information is that the electric energy use condition is obtained from an electric meter, the electric energy consumption and the electric energy payment data are transmitted to a network attack detection unit through a communication module after the electric energy payment required by a consumer is calculated by combining time-of-use electric charge and profit premium;
the positioning module is used for acquiring time and position information in real time and then sending the time and position information to the network attack detection module through the communication module;
the storage module is used for storing data, and the data comprises alarm information and log records;
the communication module is used for receiving data streams sent by the charging equipment controller, the electricity charge metering module, the card reader and the upper layer, sending the data streams to the network attack detection module and sending normal data streams to the upper layer; the system also comprises a data stream used for being connected with the card reader, the ammeter, the Internet of vehicles platform and the station level monitoring system for communication, and acquiring data streams of the card reader, the ammeter and the charging equipment controller, wherein the data stream comprises an account ID, a balance, electric quantity consumption, electric charge consumption, power grid electric energy quality, a payment mode, payment information, charging mode selection (from the Internet of vehicles platform), charging reservation, charging mode selection (from a display unit), a payment mode, payment information, alternating current and direct current change information, vehicle data, vehicle battery conditions, a charging mode (from the charging equipment manager), output power, output voltage, output current and environment data;
the network attack detection module is used for receiving the data stream sent by the communication module and detecting and classifying the data stream in real time through the network model of the stacked self-encoder so as to judge whether abnormal data exist in the data stream or not, and when the abnormal data do not exist, the data stream is directly forwarded to an upper layer through the communication module; when abnormal data exist, intercepting the real-time data stream, sending an alarm prompt, generating a log record, and sending a shutdown instruction to a charging equipment controller; when the charging equipment controller receives the stop instruction, the controller takes measures in time, disconnects the output interface and stops charging with the vehicle.
The network attack detection module also sends alarm information to an upper layer through the communication module, wherein the alarm information is an attack type corresponding to the abnormal data.
Intercepting the real-time data stream and sending an alarm prompt specifically refers to displaying the attack type on a display module according to the classification of abnormal data while intercepting the real-time data stream.
The network attack detection module also stores the log record storage and re-storage module and/or the sending upper layer.
The real-time detection classification comprises the steps of calculating the probability of abnormal data and normal data in data after data classification is carried out on the data stream, and judging that the attacked abnormal data exists in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
The stacked self-encoder network model is a stacked self-encoding network structure of three hidden layers and a BP neural network classification layer, as shown in FIG. 3.
The learning process of the stack type self-encoder network model is divided into two steps of unsupervised learning and supervised learning. Firstly, greedy layer-by-layer learning is carried out on a denoising self-encoder by using a label-free sample, and the specific process is that the number of network hidden layers is assumed to be M, original data are input into a first layer self-encoder (AE) and are subjected to unsupervised training, and a parameter W of the first hidden layer is obtained(1)In each subsequent step, the trained top k-1 (k e [2, 3, …, M)]) Layer as input to train the k-th layer, resulting in W(k)And taking the weight obtained by training each layer as the weight for initializing the final deep network. And then, carrying out supervised learning by using the BP neural network and using the labeled data, and finely adjusting the parameters of the whole network through error back propagation while obtaining the parameters of the last layer of associated features and categories, so that the parameters are converged to a better position. The original data is a normal data stream,
the stack type self-encoder network model is established by adopting the following steps:
(1) build first layer self encoder (AE1)
An Automatic Encoder (AE) is an unsupervised three-layer neural network, which is composed of an encoder and a decoder, and comprises an input layer, a hidden layer and an output layer, wherein the network structure is shown in fig. 4. The specific construction process of the first layer self-encoder is as follows:
the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function is expressed as follows:
z=f(x)=s(W(1)x+b(1))
wherein x is belonged to Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1Is the input bias of the hidden layer. s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:
Figure BDA0002332333010000151
tan h function:
Figure BDA0002332333010000152
and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein W is(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X (the mapped raw output); a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers.
The reconstruction error for each datum is:
L=||x-g(f(x))||2
a layer of reconstruction errors from the input and output of the encoder is associated with L;
the cost function is defined as:
Figure BDA0002332333010000153
wherein x is(i)Represents the ith sample;
Figure BDA0002332333010000154
representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is the regularization coefficient, λ takes 1.
The number of data streams is associated with N; λ is the regularization coefficient;
Figure BDA0002332333010000155
this term is to set the regularization function to prevent over-fitting and under-fitting; the global minimum value of the cost function represents an optimal position where all different weights W and offsets b can reach the minimum error when being changed iteratively.
Figure BDA0002332333010000156
The term is to calculate the sum of the amount u of all samples and the output error loss;
and taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error back propagation and batch gradient descent algorithm.
(2) Construction of second layer self-encoder (AE2)
And removing the output layer of the first layer self-encoder, and taking the feature set of the first layer self-encoder as the input of the second layer self-encoder.
I.e. the handle W(1)And (3) as input data of the second-layer self-encoder, performing operation according to the step (1), and constructing the second-layer self-encoder to obtain optimal solutions W and b.
(3) Build third level auto encoder (AE3)
Self-knitting by removing the second layerThe output layer of the coder takes the feature set of the second layer self-encoder as the input of the third layer self-encoder, i.e. W(2)And (3) as input data of the third-layer self-encoder, performing operation according to the step (1), and constructing the third-layer self-encoder to obtain optimal solutions W and b.
(4) Construction of BP neural network classifier layer (BP)
The output of the third layer self-encoder (AE3) is taken as the input of the BP neural network.
And carrying out supervised classification on the features learned by the stacked self-encoder through a BP neural network by utilizing the data with the network attack labels, and associating the feature vectors with the network attack labels. Meanwhile, parameters of the stacked self-encoder are finely adjusted through error back propagation, so that the classification accuracy of the whole network is further improved. The training of the BP neural network is mainly divided into two processes of forward conduction and error back propagation. Firstly, carrying out forward calculation on an input feature vector (output of a third-layer self-encoder (AE 3)), and obtaining a predicted category at an output layer; and then the predicted categories are compared with the actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and the parameters of each layer of self-encoder are finely adjusted. The data with the network attack tag is obtained by different network attacks on normal data flow.
The data flow of the charging pile is input into the stack type self-encoder network model, the probability of normal data and the probability of abnormal data of the data flow are finally obtained, and whether the data in the data flow have the abnormal data attacked or not is finally obtained through judging the probabilities.
The charging device with the network attack detection function is formed on the premise that the normal function of the charging device is not influenced by the fact that the charging device carries out real-time detection on the data stream based on the stacked self-encoder network model added in the charging device, classification and probability calculation are carried out on the data stream; the data streams in the charging device are detected in real time, the attack behaviors hidden in the data streams are mined and identified, an attacker is prevented from further invading an upper-layer system through security holes in the charging device, the information security and the operation reliability of the charging device are improved, and the security of a power grid is protected to a certain extent.

Claims (10)

1. A method for identifying active immune attack is characterized in that: the method comprises the following steps:
step one, acquiring a real-time data stream of a charging device;
step two, detecting and classifying the data flow in real time through a stacked self-coding network model so as to judge whether abnormal data exist in the data flow, and directly forwarding the data when the abnormal data do not exist; and when abnormal data exists, intercepting the real-time data stream, sending an alarm prompt, generating a log record and stopping the machine.
2. The method of claim 1, wherein the method comprises the steps of: the real-time detection and classification in the second step comprises the steps of calculating the probability of abnormal data and normal data in the data after classifying the data stream, and judging that the attacked abnormal data exists in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
3. The method of claim 1, wherein the method comprises the steps of: the alarm prompt comprises the steps of displaying attack types on the charging device according to the classification of abnormal data and sending alarm information to the station level monitoring system; the charging device also stores the log records locally and/or sends the log records to a station level monitoring system for storage.
4. The method of claim 1, wherein the method comprises the steps of: the stack type self-encoder network model is established by adopting the following steps:
(1) constructing a first layer self-encoder, wherein the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function expression is as follows:
z=f(x)=s(W(1)x+b(1))
wherein: x is formed by Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1An input bias for the hidden layer; s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:
Figure FDA0002332333000000011
tan h function:
Figure FDA0002332333000000012
and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein: w(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X; a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers;
the reconstruction error for each datum is:
L=||x-g(f(x))||2
the cost function is defined as:
Figure FDA0002332333000000021
wherein: x is the number of(i)Represents the ithA sample;
Figure FDA0002332333000000022
representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is a regularization coefficient, λ is taken to be 1;
taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error reverse conduction and batch gradient descent algorithm;
(2) constructing a second layer of the self-encoder, and encoding W(1)As input data of a second-layer self-encoder, performing operation according to the step (1) to construct the second-layer self-encoder to obtain optimal solutions W and b;
(3) constructing a third layer of self-encoder, and encoding W(2)As input data of a third-layer self-encoder, performing operation according to the step (1) to construct the third-layer self-encoder to obtain optimal solutions W and b;
(4) constructing a BP neural network classifier layer and taking the output of the third layer self-encoder as the input of the BP neural network; firstly, carrying out forward calculation on input feature vectors, and obtaining predicted categories on an output layer; then, the predicted categories are compared with actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and parameters of each layer of self-encoders are subjected to fine adjustment;
in the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
Figure FDA0002332333000000023
wherein: k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;
Figure FDA0002332333000000031
is the output value of the ith unit of the k layers;
after calculating the residual error of each layer, adjusting the parameters of each layer of the stacked self-encoder network according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α;
Figure FDA0002332333000000032
5. a charging device, characterized by: the charging device controller is connected with the charging control module through a CANBUS bus, the charging control module is connected with the display unit through LVDS/parallel ports and the like, connected with the card reader through an RS232 interface, connected with the ammeter through an RS485 interface and connected with an upper layer through a network;
the charging equipment controller is used for sending the operation instruction sent by the charging control module downwards; receiving the alternating current and direct current change information, vehicle data, vehicle battery conditions, charging modes, output power, output voltage, output current and environmental data of the lower layer and then sending the information to a charging control module;
the touch controller is used for carrying out operation input on the charging equipment controller;
the card reader is used for reading user information of the IC card and sending the user information to the charging control module, wherein the user information comprises an account ID, balance and the like;
the ammeter is used for reading the electric energy consumption condition and the power grid electric energy quality information and sending the electric energy consumption condition and the power grid electric energy quality information to the charging control module;
a display module: the display and man-machine interaction device is used for displaying and man-machine interaction;
the charging control module comprises:
the electricity charge metering module is used for counting the electricity consumption condition sent by the electricity meter and the power quality information of the power grid to generate electricity consumption information, then charging the electricity consumption information to generate electricity charging information, and then sending the electricity charging information to the network attack detection unit for detection; the electric quantity charging information is that the electric energy use condition is obtained from an electric meter, the electric energy consumption and the electric energy payment data are transmitted to a network attack detection unit through a communication module after the electric energy payment required by a consumer is calculated by combining time-of-use electric charge and profit premium;
the positioning module is used for acquiring time and position information in real time and then sending the time and position information to the network attack detection module through the communication module;
the storage module is used for storing data, and the data comprises alarm information and log records;
the communication module is used for communication;
the network attack detection module is used for receiving the data stream sent by the communication module and detecting and classifying the data stream in real time through the network model of the stacked self-encoder so as to judge whether abnormal data exist in the data stream or not, and when the abnormal data do not exist, the data stream is directly forwarded to an upper layer through the communication module; when abnormal data exist, intercepting the real-time data stream, sending an alarm prompt, generating a log record, and sending a shutdown instruction to a charging equipment controller; when the charging equipment controller receives the stop instruction, the controller takes measures in time, disconnects the output interface and stops charging with the vehicle.
6. The charging device according to claim 5, wherein: the network attack detection module also sends alarm information to an upper layer through the communication module, wherein the alarm information is an attack type corresponding to the abnormal data.
7. The charging device according to claim 5, wherein: intercepting the real-time data stream and sending an alarm prompt specifically refers to displaying the attack type on a display module according to the classification of abnormal data while intercepting the real-time data stream.
8. The charging device according to claim 5, wherein: the network attack detection module also stores the log records in the storage module and/or the upper sending layer for storage.
9. The charging device according to claim 5, wherein: the real-time detection classification comprises the steps of calculating the probability of abnormal data and normal data in data after data classification is carried out on the data stream, and judging that the attacked abnormal data exists in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
10. The charging device according to claim 5, wherein: the stack type self-encoder network model is established by adopting the following steps:
(1) constructing a first layer self-encoder, wherein the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function expression is as follows:
z=f(x)=s(W(1)x+b(1))
wherein: x is formed by Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1An input bias for the hidden layer; s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:
Figure FDA0002332333000000041
tan h function:
Figure FDA0002332333000000042
and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein: w(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X (the mapped raw output); a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers;
the reconstruction error for each datum is:
L=||x-g(f(x))||2
the cost function is defined as:
Figure FDA0002332333000000051
wherein: x is the number of(i)Represents the ith sample;
Figure FDA0002332333000000052
representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is a regularization coefficient, λ is taken to be 1;
taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error reverse conduction and batch gradient descent algorithm;
(2) constructing a second layer of the self-encoder, and encoding W(1)As input data of a second-layer self-encoder, performing operation according to the step (1) to construct the second-layer self-encoder to obtain optimal solutions W and b;
(3) constructing a third layer of self-encoder, and encoding W(2)As input data of a third-layer self-encoder, performing operation according to the step (1) to construct the third-layer self-encoder to obtain optimal solutions W and b;
(4) constructing a BP neural network classifier layer and taking the output of the third layer self-encoder as the input of the BP neural network; firstly, carrying out forward calculation on input feature vectors, and obtaining predicted categories on an output layer; then, the predicted categories are compared with actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and parameters of each layer of self-encoders are subjected to fine adjustment;
in the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
Figure FDA0002332333000000061
wherein: k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;
Figure FDA0002332333000000062
is the output value of the ith unit of the k layers;
after calculating the residual error of each layer, adjusting the parameters of each layer of the stacked self-encoder network according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α;
Figure FDA0002332333000000063
CN201911341263.8A 2019-12-23 2019-12-23 Active immune attack recognition method and charging device Active CN111092897B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911341263.8A CN111092897B (en) 2019-12-23 2019-12-23 Active immune attack recognition method and charging device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911341263.8A CN111092897B (en) 2019-12-23 2019-12-23 Active immune attack recognition method and charging device

Publications (2)

Publication Number Publication Date
CN111092897A true CN111092897A (en) 2020-05-01
CN111092897B CN111092897B (en) 2021-01-26

Family

ID=70395310

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911341263.8A Active CN111092897B (en) 2019-12-23 2019-12-23 Active immune attack recognition method and charging device

Country Status (1)

Country Link
CN (1) CN111092897B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113268729A (en) * 2021-05-01 2021-08-17 群智未来人工智能科技研究院(无锡)有限公司 Smart grid attack positioning method based on convolutional neural network
CN113449837A (en) * 2020-11-12 2021-09-28 江西理工大学 Intrusion detection method, system, equipment and readable storage medium
CN115834159A (en) * 2022-11-08 2023-03-21 国网重庆市电力公司电力科学研究院 Network security protection method for power grid informatization construction based on deep learning

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102280904A (en) * 2010-06-10 2011-12-14 上海市电力公司 Automatic charging method based on a V2G and apparatus thereof
CN103366459A (en) * 2013-06-26 2013-10-23 朱幕松 The hidden type electricity of electric automobile road running rail automatic charge device
CN103426246A (en) * 2013-07-26 2013-12-04 国家电网公司 Charging pile with opening prevention and monitoring functions
CN103956790A (en) * 2014-05-04 2014-07-30 奈文(武汉)软件有限公司 Charging device of intelligent terminal and method thereof
CN104796291A (en) * 2015-04-27 2015-07-22 清华大学 System and method for detecting transmission standardization of routers in core routing area
CN105044418A (en) * 2015-08-09 2015-11-11 安徽普为智能科技有限责任公司 DC charging pile charging metering method
US20160226894A1 (en) * 2015-02-04 2016-08-04 Electronics And Telecommunications Research Institute System and method for detecting intrusion intelligently based on automatic detection of new attack type and update of attack type model
CN106357618A (en) * 2016-08-26 2017-01-25 北京奇虎科技有限公司 Web abnormality detection method and device
CN109760542A (en) * 2018-12-24 2019-05-17 长园深瑞继保自动化有限公司 Charging pile control method and its controller
CN110086776A (en) * 2019-03-22 2019-08-02 国网河南省电力公司经济技术研究院 Intelligent substation Network Intrusion Detection System and detection method based on deep learning
CN110542826A (en) * 2019-09-23 2019-12-06 深圳供电局有限公司 On-site calibration method for failure protection starting circuit of power grid transmission line breaker

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102280904A (en) * 2010-06-10 2011-12-14 上海市电力公司 Automatic charging method based on a V2G and apparatus thereof
CN103366459A (en) * 2013-06-26 2013-10-23 朱幕松 The hidden type electricity of electric automobile road running rail automatic charge device
CN103426246A (en) * 2013-07-26 2013-12-04 国家电网公司 Charging pile with opening prevention and monitoring functions
CN103956790A (en) * 2014-05-04 2014-07-30 奈文(武汉)软件有限公司 Charging device of intelligent terminal and method thereof
US20160226894A1 (en) * 2015-02-04 2016-08-04 Electronics And Telecommunications Research Institute System and method for detecting intrusion intelligently based on automatic detection of new attack type and update of attack type model
CN104796291A (en) * 2015-04-27 2015-07-22 清华大学 System and method for detecting transmission standardization of routers in core routing area
CN105044418A (en) * 2015-08-09 2015-11-11 安徽普为智能科技有限责任公司 DC charging pile charging metering method
CN106357618A (en) * 2016-08-26 2017-01-25 北京奇虎科技有限公司 Web abnormality detection method and device
CN109760542A (en) * 2018-12-24 2019-05-17 长园深瑞继保自动化有限公司 Charging pile control method and its controller
CN110086776A (en) * 2019-03-22 2019-08-02 国网河南省电力公司经济技术研究院 Intelligent substation Network Intrusion Detection System and detection method based on deep learning
CN110542826A (en) * 2019-09-23 2019-12-06 深圳供电局有限公司 On-site calibration method for failure protection starting circuit of power grid transmission line breaker

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
李鹤飞: "《基于软件定义网络的DDoS攻击检测方法和缓解机制的研究》", 《中国硕士学位论文全文数据库 信息技术辑》 *
赵娜: "《多手段融合的网络攻击行为检测技术》", 《安全技术》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113449837A (en) * 2020-11-12 2021-09-28 江西理工大学 Intrusion detection method, system, equipment and readable storage medium
CN113449837B (en) * 2020-11-12 2022-10-11 江西理工大学 Intrusion detection method, system, equipment and readable storage medium
CN113268729A (en) * 2021-05-01 2021-08-17 群智未来人工智能科技研究院(无锡)有限公司 Smart grid attack positioning method based on convolutional neural network
CN113268729B (en) * 2021-05-01 2023-07-28 群智未来人工智能科技研究院(无锡)有限公司 Smart grid attack positioning method based on convolutional neural network
CN115834159A (en) * 2022-11-08 2023-03-21 国网重庆市电力公司电力科学研究院 Network security protection method for power grid informatization construction based on deep learning
CN115834159B (en) * 2022-11-08 2024-03-19 国网重庆市电力公司电力科学研究院 Network safety protection method for power grid informatization construction based on deep learning

Also Published As

Publication number Publication date
CN111092897B (en) 2021-01-26

Similar Documents

Publication Publication Date Title
CN111092897B (en) Active immune attack recognition method and charging device
CN110097297B (en) Multi-dimensional electricity stealing situation intelligent sensing method, system, equipment and medium
Li et al. Electricity theft detection in power grids with deep learning and random forests
CN110108914B (en) Intelligent decision-making method, system, equipment and medium for preventing electricity stealing
CN102243497B (en) Networking technology-based remote intelligent analysis service system used for engineering machinery
Depuru et al. A hybrid neural network model and encoding technique for enhanced classification of energy consumption data
CN112116080A (en) CNN-GRU water quality prediction method integrated with attention mechanism
CN109784388A (en) Stealing user identification method and device
Bian et al. Abnormal detection of electricity consumption of user based on particle swarm optimization and long short term memory with the attention mechanism
CN111413565B (en) Intelligent power grid fault diagnosis method capable of identifying and measuring tampering attack
Zhang et al. Anomaly Detection method of Smart Meters data based on GMM-LDA clustering feature Learning and PSO Support Vector Machine
CN112836738B (en) BP neural network-based electricity stealing behavior detection method
CN112258251A (en) Grey correlation-based integrated learning prediction method and system for electric vehicle battery replacement demand
CN113505926B (en) Fuel cell fault prediction method based on impedance prediction model self-updating
CN110334948A (en) Power equipment shelf depreciation Severity method and system based on characteristic quantity prediction
Chen et al. Electricity theft detection using deep bidirectional recurrent neural network
CN112733456B (en) Electricity stealing prevention behavior identification method and system
CN114692956A (en) Charging facility load prediction method and system based on multilayer optimization kernel limit learning machine
CN114460481A (en) Energy storage battery thermal runaway early warning method based on Bi-LSTM and attention mechanism
Klass et al. Lifelong performance monitoring of PEM fuel cells using machine learning models
CN111738483A (en) Power grid loss reduction optimization method and system based on clustering and deep belief network
CN112183877A (en) Photovoltaic power station fault intelligent diagnosis method based on transfer learning
CN111209979A (en) Method and device for monitoring vehicle voltage and electronic equipment
CN111143835A (en) Non-invasive protection method for business logic of electric power metering system based on machine learning
CN114154617A (en) Low-voltage resident user abnormal electricity utilization identification method and system based on VFL

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant