CN111092897A - Active immune attack recognition method and charging device - Google Patents
Active immune attack recognition method and charging device Download PDFInfo
- Publication number
- CN111092897A CN111092897A CN201911341263.8A CN201911341263A CN111092897A CN 111092897 A CN111092897 A CN 111092897A CN 201911341263 A CN201911341263 A CN 201911341263A CN 111092897 A CN111092897 A CN 111092897A
- Authority
- CN
- China
- Prior art keywords
- layer
- data
- encoder
- self
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60L—PROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
- B60L53/00—Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
- B60L53/60—Monitoring or controlling charging stations
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60L—PROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
- B60L53/00—Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
- B60L53/60—Monitoring or controlling charging stations
- B60L53/66—Data transfer between charging stations and vehicles
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60L—PROPULSION OF ELECTRICALLY-PROPELLED VEHICLES; SUPPLYING ELECTRIC POWER FOR AUXILIARY EQUIPMENT OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRODYNAMIC BRAKE SYSTEMS FOR VEHICLES IN GENERAL; MAGNETIC SUSPENSION OR LEVITATION FOR VEHICLES; MONITORING OPERATING VARIABLES OF ELECTRICALLY-PROPELLED VEHICLES; ELECTRIC SAFETY DEVICES FOR ELECTRICALLY-PROPELLED VEHICLES
- B60L53/00—Methods of charging batteries, specially adapted for electric vehicles; Charging stations or on-board charging equipment therefor; Exchange of energy storage elements in electric vehicles
- B60L53/60—Monitoring or controlling charging stations
- B60L53/66—Data transfer between charging stations and vehicles
- B60L53/665—Methods related to measuring, billing or payment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T10/00—Road transport of goods or passengers
- Y02T10/60—Other road transportation technologies with climate change mitigation effect
- Y02T10/70—Energy storage systems for electromobility, e.g. batteries
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T10/00—Road transport of goods or passengers
- Y02T10/60—Other road transportation technologies with climate change mitigation effect
- Y02T10/7072—Electromobility specific charging systems or methods for batteries, ultracapacitors, supercapacitors or double-layer capacitors
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T90/00—Enabling technologies or technologies with a potential or indirect contribution to GHG emissions mitigation
- Y02T90/10—Technologies relating to charging of electric vehicles
- Y02T90/12—Electric charging stations
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02T—CLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
- Y02T90/00—Enabling technologies or technologies with a potential or indirect contribution to GHG emissions mitigation
- Y02T90/10—Technologies relating to charging of electric vehicles
- Y02T90/16—Information or communication technologies improving the operation of electric vehicles
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Abstract
The invention provides a method for identifying active immune attack, which comprises the following steps: acquiring a real-time data stream of a charging device; the data flow is detected and classified in real time through a stack type self-coding network model so as to judge whether abnormal data exist in the data flow, and when the abnormal data do not exist, the data are directly forwarded; and when abnormal data exists, intercepting the real-time data stream, sending an alarm prompt, generating a log record and stopping the machine. The invention also provides a charging device. Compared with the prior art, the obtained data of the charging device is analyzed and classified through the stack type self-encoder network model, and the probability of being attacked by the network is output, so that whether the data is attacked or not is judged, corresponding operation is executed, the information safety and the operation reliability of the charging device are guaranteed, and the safety of a power grid is guaranteed.
Description
Technical Field
The present invention relates to a charging device, and more particularly, to a method for identifying a charging device with active immune attack and a charging device.
Background
The automobile industry is the pillar industry of national economy and also is a landmark industry reflecting national competitiveness. But at the same time, our environment is under great pressure and challenge, especially to atmospheric pollution. The automobile exhaust emission is one of the chief causes of atmospheric pollution by default, the quantity of fuel vehicles in China is at the top of the world, the quantity of fuel vehicles is excessively long, and the development of new energy automobiles is forced to be reduced.
Since 1993, China becomes a net importation of petroleum, and the import of petroleum increases year by year. Due to the relative shortage of fossil energy, particularly petroleum and natural gas production, the degree of dependence of energy supply in China on the international market will be higher and higher in the future. The instability and oil price fluctuation of the international petroleum market can seriously affect the petroleum supply of China and cause great impact on the economic society. The development of new energy automobiles can get rid of the embarrassment to a great extent, and the energy problem is not limited by other countries.
The automobile industry in China is changed from market technology later and in the early years. The traditional automobile industry in China is still obviously different from other automobile major countries. After all, traditional automobiles have been developed for over 130 years, and the barriers to technology and legislation are very high and difficult to catch up.
However, as a new field, all countries start running simultaneously, and China has to struggle with the need to upgrade the industry and achieve 'curve overtaking'.
The development of new energy automobiles inevitably leaves away the matched new energy automobile charging device. The charging form of the electric vehicle can be classified into 3 types: wired charging, unlimited charging and overall battery replacement. Among them, the charging method developed in the present day and widely used is wired charging. And the wired charging is classified into an ac charging device (slow charging) and a dc charging device (fast charging). According to the development guideline for electric vehicle charging infrastructure (2015-2020) published by the development committee, the development goal of the charging infrastructure in China is to build 1.2 ten thousand centralized charging stations and 480 ten thousand distributed charging devices in 2020.
The large-scale establishment of the charging device facilitates the use of the electric automobile and promotes the development of new energy industry. However, most of domestic charging device devices use imported chips, back doors which are not known to people may exist in the chips, a large leak may be hidden, and once network wars occur, the consequences are not reasonable. Meanwhile, along with the intellectualization and informatization of the power grid, various network attack means are developed, the charging device is located in a public environment and is easy to be attacked, the attacks can be submerged in a management system inside the charging device to steal other user information, or virus invades to modify the balance of an account of the charging device for infinite times to charge, even invade into the power grid to cause the fault of the power grid, and therefore, the security hole of the charging device is increasingly prominent, so that the security performance of the charging device is improved comprehensively.
Fig. 1 is a view showing an application scenario of a conventional charging device, and as can be seen from fig. 1, the charging device is connected to a station monitoring system and an ac power distribution cabinet. The charging device uploads state monitoring data in the charging process, battery data analysis, electric energy charging, user information and the like of the electric automobile to the station-level monitoring system, and related data are analyzed and stored. In the conventional charging device, it is easy for a hacker to issue various attacks thereon according to a known security hole. An attacker can inject trojan into the charging device and take the trojan as a springboard to gradually invade the upper-layer system; an attacker can also repeatedly send malformed attack data according to the defects of the transmission protocol of the charging device, for example, electricity consumption data is tampered to achieve the purpose of stealing electricity charges, the voltage of a public power grid fluctuates due to the manipulation of real-time electricity prices and the tampering of voltage data, even the adverse effects of power grid resonance and the like are further caused, and the safe and stable operation of the power grid is directly influenced.
Disclosure of Invention
The invention aims to provide an identification method with active immune attack and a charging device, and aims to solve the technical problem of improving the information security and the operation reliability of the charging device.
In order to solve the problems, the invention adopts the following technical scheme: an identification method with active immune attack comprises the following steps:
step one, acquiring a real-time data stream of a charging device;
step two, detecting and classifying the data flow in real time through a stacked self-coding network model so as to judge whether abnormal data exist in the data flow, and directly forwarding the data when the abnormal data do not exist; and when abnormal data exists, intercepting the real-time data stream, sending an alarm prompt, generating a log record and stopping the machine.
Further, the real-time detection and classification in the second step includes calculating probabilities of abnormal data and normal data in the data after data classification is performed on the data stream, and when the probability of the abnormal data is greater than that of the normal data, judging that the attacked abnormal data exists in the data stream; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
Further, the alarm prompt comprises the steps of displaying attack types on the charging device according to the classification of the abnormal data and sending alarm information to the station level monitoring system; the charging device also stores the log records locally and/or sends the log records to a station level monitoring system for storage.
Further, the stacked self-encoder network model is established by adopting the following steps:
(1) constructing a first layer self-encoder, wherein the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function expression is as follows:
z=f(x)=s(W(1)x+b(1))
wherein x is belonged to Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1An input bias for the hidden layer; s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:tan h function:and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein W is(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X; a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers;
the reconstruction error for each datum is:
L=||x-g(f(x))||2,
the cost function is defined as:
wherein x is(i)Represents the ith sample;representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is a regularization coefficient, λ is taken to be 1;
taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error reverse conduction and batch gradient descent algorithm;
(2) constructing a second layer of the self-encoder, and encoding W(1)As input data of a second-layer self-encoder, performing operation according to the step (1) to construct the second-layer self-encoder to obtain optimal solutions W and b;
(3) build a third layer of self-plaitingEncoder, W(2)As input data of a third-layer self-encoder, performing operation according to the step (1) to construct the third-layer self-encoder to obtain optimal solutions W and b;
(4) constructing a BP neural network classifier layer and taking the output of the third layer self-encoder as the input of the BP neural network; firstly, carrying out forward calculation on input feature vectors, and obtaining predicted categories on an output layer; then, the predicted categories are compared with actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and parameters of each layer of self-encoders are subjected to fine adjustment;
in the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
wherein k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;is the output value of the ith unit of the k layers;
after calculating the residual error of each layer, adjusting the parameters of each layer of the stacked self-encoder network according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α;
the invention also discloses a charging device, which comprises a charging equipment controller, a touch controller, a charging control module, a card reader, an ammeter and a display unit, wherein the charging equipment controller is connected with the charging control module through a CANBUS bus, the charging control module is connected with the display unit through LVDS/parallel ports and the like, is connected with the card reader through an RS232 interface, is connected with the ammeter through an RS485 interface, and is connected with an upper layer through a network;
the charging equipment controller is used for sending the operation instruction sent by the charging control module downwards; receiving the alternating current and direct current change information, vehicle data, vehicle battery conditions, charging modes, output power, output voltage, output current and environmental data of the lower layer and then sending the information to a charging control module;
the touch controller is used for carrying out operation input on the charging equipment controller;
the card reader is used for reading user information of the IC card and sending the user information to the charging control module, wherein the user information comprises an account ID, balance and the like;
the ammeter is used for reading the electric energy consumption condition and the power grid electric energy quality information and sending the electric energy consumption condition and the power grid electric energy quality information to the charging control module;
a display module: the display and man-machine interaction device is used for displaying and man-machine interaction;
the charging control module comprises:
the electricity charge metering module is used for counting the electricity consumption condition sent by the electricity meter and the power quality information of the power grid to generate electricity consumption information, then charging the electricity consumption information to generate electricity charging information, and then sending the electricity charging information to the network attack detection unit for detection; the electric quantity charging information is that the electric energy use condition is obtained from an electric meter, the electric energy consumption and the electric energy payment data are transmitted to a network attack detection unit through a communication module after the electric energy payment required by a consumer is calculated by combining time-of-use electric charge and profit premium;
the positioning module is used for acquiring time and position information in real time and then sending the time and position information to the network attack detection module through the communication module;
the storage module is used for storing data, and the data comprises alarm information and log records;
the communication module is used for communication;
the network attack detection module is used for receiving the data stream sent by the communication module and detecting and classifying the data stream in real time through the network model of the stacked self-encoder so as to judge whether abnormal data exist in the data stream or not, and when the abnormal data do not exist, the data stream is directly forwarded to an upper layer through the communication module; when abnormal data exist, intercepting the real-time data stream, sending an alarm prompt, generating a log record, and sending a shutdown instruction to a charging equipment controller; when the charging equipment controller receives the stop instruction, the controller takes measures in time, disconnects the output interface and stops charging with the vehicle.
Further, the network attack detection module sends alarm information to an upper layer through a communication module, wherein the alarm information is an attack type corresponding to the abnormal data.
Further, intercepting the real-time data stream and sending an alarm prompt specifically refers to an alarm prompt for displaying attack types on a display module according to the classification of abnormal data while intercepting the real-time data stream.
Further, the network attack detection module stores the log record in a storage module and/or a sending upper layer for saving.
Further, the real-time detection classification comprises the steps of calculating the probability of abnormal data and normal data in data after data classification is carried out on the data stream, and judging that the attacked abnormal data exist in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
Further, the stacked self-encoder network model is established by adopting the following steps:
(1) constructing a first layer self-encoder, wherein the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function expression is as follows:
z=f(x)=s(W(1)x+b(1))
wherein x is belonged to Rd×1Indication inputAn input vector, d is the dimension of input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1An input bias for the hidden layer; s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:tan h function:and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein W is(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X; a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers;
the reconstruction error for each datum is:
L=||x-g(f(x))||2,
the cost function is defined as:
wherein x is(i)Represents the ith sample;representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is a regularization coefficient, λ is taken to be 1;
taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error reverse conduction and batch gradient descent algorithm;
(2) constructing a second layer of the self-encoder, and encoding W(1)As input data of a second-layer self-encoder, performing operation according to the step (1) to construct the second-layer self-encoder to obtain optimal solutions W and b;
(3) constructing a third layer of self-encoder, and encoding W(2)As input data of a third-layer self-encoder, performing operation according to the step (1) to construct the third-layer self-encoder to obtain optimal solutions W and b;
(4) constructing a BP neural network classifier layer and taking the output of the third layer self-encoder as the input of the BP neural network; firstly, carrying out forward calculation on input feature vectors, and obtaining predicted categories on an output layer; then, the predicted categories are compared with actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and parameters of each layer of self-encoders are subjected to fine adjustment;
in the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
wherein k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;is the output value of the ith unit of the k layers;
after calculating the residual error of each layer, adjusting the parameters of each layer of the stacked self-encoder network according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α;
compared with the prior art, the method and the device have the advantages that the obtained data of the charging device are analyzed and classified through the stack type self-encoder network model, and the probability of being attacked by the network is output, so that whether the data are attacked or not is judged, corresponding operation is executed, the information safety and the operation reliability of the charging device are guaranteed, and the safety of a power grid is guaranteed.
Drawings
Fig. 1 is a diagram of a system in the prior art.
Fig. 2 is a flow chart of the present invention.
Fig. 3 is a diagram of a network model structure of a stacked self-encoder according to the present invention.
Fig. 4 is a structural diagram of a first layer self-encoder of the present invention.
Fig. 5 is a block diagram of the charging device of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
As shown in fig. 1, in the existing system for charging electric vehicles, each power station is provided with a station monitoring system, an internet of vehicles platform, a charging device, an ac power distribution system, a transformer, and a public power grid, in general, the station monitoring system is connected and communicated with the charging device (charging pile) through a TCP/IP protocol, the charging device is connected with the ac power distribution system, the ac power distribution system is connected to the public power grid through the transformer, and the station monitoring system is also connected to the internet of vehicles platform, so as to realize real-time publishing of the current situation of the station.
As shown in fig. 2, the invention discloses a method for identifying active immune attack, which comprises the following steps:
step one, acquiring a real-time data stream of a charging device, wherein the data stream is characteristic data or influence factors capable of representing whether data are attacked, and the data stream comprises an account ID, a balance, electric quantity consumption, electric charge consumption, power grid electric energy quality, a payment mode, payment information, charging mode selection (from an Internet of vehicles platform), charging reservation, charging mode selection (from a display unit), a payment mode, payment information, alternating current and direct current change information, vehicle data, a vehicle battery condition, a charging mode (from a charging equipment manager), output power, output voltage, output current and environment data;
step two, detecting and classifying the data flow in real time through a stacked self-coding network model so as to judge whether abnormal data exist in the data flow, and directly forwarding the data when the abnormal data do not exist; when abnormal data exists, intercepting the real-time data stream, sending an alarm prompt, generating a log record and stopping the machine;
the stacked self-coding network model comprises a plurality of self-encoders which are unsupervised to extract features, then the self-encoders are stacked to form a deep network model, and each layer of network is trained from bottom to top by an unsupervised method. Then, supervised learning is carried out on the characteristics through a back propagation neural network, and the whole network parameters are further optimized by utilizing error back propagation to obtain a final stack type self-coding network model; the back propagation neural network is a BP neural network;
the real-time detection and classification in the second step comprises the steps of calculating the probability of abnormal data and normal data in the data after classifying the data stream, and judging that the attacked abnormal data exists in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the maximum probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack;
the alarm prompt comprises the steps of displaying attack types on the charging device according to the classification of the abnormal data and sending alarm information to the station level monitoring system; the charging device also stores the log records locally and/or sends the log records to a station level monitoring system for storage.
The stacked self-encoder network model is a stacked self-encoding network structure of three hidden layers and a BP neural network classification layer, as shown in FIG. 3.
The learning process of the stack type self-encoder network model is divided into two steps of unsupervised learning and supervised learning. Firstly, greedy layer-by-layer learning is carried out on a denoising self-encoder by using a label-free sample, and the specific process is that the number of network hidden layers is assumed to be M, original data are input into a first layer self-encoder (AE) and are subjected to unsupervised training, and a parameter W of the first hidden layer is obtained(1)In each subsequent step, the trained top k-1 (k e [2, 3, …, M)]) Layer as input to train the k-th layer, resulting in W(k)And taking the weight obtained by training each layer as the weight for initializing the final deep network. And then, carrying out supervised learning by using the BP neural network and using the labeled data, and finely adjusting the parameters of the whole network through error back propagation while obtaining the parameters of the last layer of associated features and categories, so that the parameters are converged to a better position. The original data is normal data stream;
the stack type self-encoder network model is established by adopting the following steps:
(1) build first layer self encoder (AE1)
An Automatic Encoder (AE) is an unsupervised three-layer neural network, which is composed of an encoder and a decoder, and comprises an input layer, a hidden layer and an output layer, wherein the network structure is shown in fig. 4. The specific construction process of the first layer self-encoder is as follows:
the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function is expressed as follows:
z=f(x)=s(W(1)x+b(1))
wherein x is belonged to Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1Is the input bias of the hidden layer. s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:tan h function:and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein W is(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X (the mapped raw output); a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers.
The reconstruction error for each datum is:
L=||x-g(f(x))||2,
a layer of reconstruction errors from the input and output of the encoder is associated with L;
the cost function is defined as:
wherein x is(i)Represents the ith sample;representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is the regularization coefficient, λ takes 1.
The number of data streams is associated with N; λ is the regularization coefficient;this term is to set the regularization function to prevent over-fitting and under-fitting; the global minimum value of the cost function represents that all the different weights W and offsets b are inThe optimal position with the minimum error can be reached when the iteration is changed.
and taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error back propagation and batch gradient descent algorithm.
(2) Construction of second layer self-encoder (AE2)
And removing the output layer of the first layer self-encoder, and taking the feature set of the first layer self-encoder as the input of the second layer self-encoder.
I.e. the handle W(1)And (3) as input data of the second-layer self-encoder, performing operation according to the step (1), and constructing the second-layer self-encoder to obtain optimal solutions W and b.
(3) Build third level auto encoder (AE3)
Removing the output layer of the second layer self-encoder and using the feature set of the second layer self-encoder as the input of the third layer self-encoder, i.e. W(2)And (3) as input data of the third-layer self-encoder, performing operation according to the step (1), and constructing the third-layer self-encoder to obtain optimal solutions W and b.
(4) Construction of BP neural network classifier layer (BP)
The output of the third layer self-encoder (AE3) is taken as the input of the BP neural network.
And carrying out supervised classification on the features learned by the stacked self-encoder through a BP neural network by utilizing the data with the network attack labels, and associating the feature vectors with the network attack labels. Meanwhile, parameters of the stacked self-encoder are finely adjusted through error back propagation, so that the classification accuracy of the whole network is further improved. The training of the BP neural network is mainly divided into two processes of forward conduction and error back propagation. Firstly, carrying out forward calculation on an input feature vector (output of a third-layer self-encoder (AE 3)), and obtaining a predicted category at an output layer; and then the predicted categories are compared with the actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and the parameters of each layer of self-encoder are finely adjusted. The data with the network attack tag is obtained by different network attacks on normal data flow.
The data flow of the charging pile is input into the stack type self-encoder network model, the probability of normal data and the probability of abnormal data of the data flow are finally obtained, and whether the data in the data flow have the abnormal data attacked or not is finally obtained through judging the probabilities.
In the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
wherein k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;is the output value of the ith cell of the k layers.
After calculating the residual error of each layer, the parameters of each layer of the stacked self-encoder network are adjusted according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α.
As shown in fig. 5, the present invention further discloses a charging device, which includes a charging device controller, a touch controller, a charging control module, a card reader, an electric meter and a display unit, wherein the charging device controller is connected with the charging control module through a CANBUS, the charging control module is connected with the display unit through LVDS/parallel port, etc., is connected with the card reader through an RS232 interface, is connected with the electric meter through an RS485 interface, and is connected with an upper layer (a station level monitoring system and/or a car networking platform) through a network;
the charging equipment controller is used for sending an operation instruction (charging mode selection, charging stop instruction and the like) sent by the charging control module downwards; receiving the alternating current and direct current change information, vehicle data, vehicle battery conditions, charging modes, output power, output voltage, output current and environmental data of the lower layer and then sending the information to a charging control module;
the touch controller is used for carrying out operation input on the charging equipment controller;
the card reader is used for reading user information of the IC card and sending the user information to the charging control module, wherein the user information comprises an account ID, balance and the like;
electric meter: the charging control module is used for reading the power consumption condition and the power grid power quality information and sending the power consumption condition and the power grid power quality information to the charging control module, wherein the power consumption condition and the power grid power quality information comprise power consumption, power consumption charge and power grid power quality;
the car networking platform: the charging control module is used for receiving the charging condition information of the vehicle sent by the charging control module and providing remote inquiry for a user;
the station level monitoring system is used for receiving the alarm information, the log record and the real-time data stream sent by the charging control module; the data center of the superior power grid power supply office can conveniently know the running condition of the charging station in real time;
a display module: the charging control module is used for displaying and man-machine interaction, displaying alarm information sent by the charging control module and displaying the information, wherein the information display comprises the display of consumed money, consumed electric quantity, vehicle type, charging mode selection, payment mode, charging mode, payment information and the like;
the charging control module comprises:
the electricity charge metering module is used for counting the electricity consumption condition sent by the electricity meter and the power quality information of the power grid to generate electricity consumption information, then charging the electricity consumption information to generate electricity charging information, and then sending the electricity charging information to the network attack detection unit for detection; the electric quantity charging information is that the electric energy use condition is obtained from an electric meter, the electric energy consumption and the electric energy payment data are transmitted to a network attack detection unit through a communication module after the electric energy payment required by a consumer is calculated by combining time-of-use electric charge and profit premium;
the positioning module is used for acquiring time and position information in real time and then sending the time and position information to the network attack detection module through the communication module;
the storage module is used for storing data, and the data comprises alarm information and log records;
the communication module is used for receiving data streams sent by the charging equipment controller, the electricity charge metering module, the card reader and the upper layer, sending the data streams to the network attack detection module and sending normal data streams to the upper layer; the system also comprises a data stream used for being connected with the card reader, the ammeter, the Internet of vehicles platform and the station level monitoring system for communication, and acquiring data streams of the card reader, the ammeter and the charging equipment controller, wherein the data stream comprises an account ID, a balance, electric quantity consumption, electric charge consumption, power grid electric energy quality, a payment mode, payment information, charging mode selection (from the Internet of vehicles platform), charging reservation, charging mode selection (from a display unit), a payment mode, payment information, alternating current and direct current change information, vehicle data, vehicle battery conditions, a charging mode (from the charging equipment manager), output power, output voltage, output current and environment data;
the network attack detection module is used for receiving the data stream sent by the communication module and detecting and classifying the data stream in real time through the network model of the stacked self-encoder so as to judge whether abnormal data exist in the data stream or not, and when the abnormal data do not exist, the data stream is directly forwarded to an upper layer through the communication module; when abnormal data exist, intercepting the real-time data stream, sending an alarm prompt, generating a log record, and sending a shutdown instruction to a charging equipment controller; when the charging equipment controller receives the stop instruction, the controller takes measures in time, disconnects the output interface and stops charging with the vehicle.
The network attack detection module also sends alarm information to an upper layer through the communication module, wherein the alarm information is an attack type corresponding to the abnormal data.
Intercepting the real-time data stream and sending an alarm prompt specifically refers to displaying the attack type on a display module according to the classification of abnormal data while intercepting the real-time data stream.
The network attack detection module also stores the log record storage and re-storage module and/or the sending upper layer.
The real-time detection classification comprises the steps of calculating the probability of abnormal data and normal data in data after data classification is carried out on the data stream, and judging that the attacked abnormal data exists in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
The stacked self-encoder network model is a stacked self-encoding network structure of three hidden layers and a BP neural network classification layer, as shown in FIG. 3.
The learning process of the stack type self-encoder network model is divided into two steps of unsupervised learning and supervised learning. Firstly, greedy layer-by-layer learning is carried out on a denoising self-encoder by using a label-free sample, and the specific process is that the number of network hidden layers is assumed to be M, original data are input into a first layer self-encoder (AE) and are subjected to unsupervised training, and a parameter W of the first hidden layer is obtained(1)In each subsequent step, the trained top k-1 (k e [2, 3, …, M)]) Layer as input to train the k-th layer, resulting in W(k)And taking the weight obtained by training each layer as the weight for initializing the final deep network. And then, carrying out supervised learning by using the BP neural network and using the labeled data, and finely adjusting the parameters of the whole network through error back propagation while obtaining the parameters of the last layer of associated features and categories, so that the parameters are converged to a better position. The original data is a normal data stream,
the stack type self-encoder network model is established by adopting the following steps:
(1) build first layer self encoder (AE1)
An Automatic Encoder (AE) is an unsupervised three-layer neural network, which is composed of an encoder and a decoder, and comprises an input layer, a hidden layer and an output layer, wherein the network structure is shown in fig. 4. The specific construction process of the first layer self-encoder is as follows:
the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function is expressed as follows:
z=f(x)=s(W(1)x+b(1))
wherein x is belonged to Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1Is the input bias of the hidden layer. s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:tan h function:and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein W is(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X (the mapped raw output); a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers.
The reconstruction error for each datum is:
L=||x-g(f(x))||2,
a layer of reconstruction errors from the input and output of the encoder is associated with L;
the cost function is defined as:
wherein x is(i)Represents the ith sample;representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is the regularization coefficient, λ takes 1.
The number of data streams is associated with N; λ is the regularization coefficient;this term is to set the regularization function to prevent over-fitting and under-fitting; the global minimum value of the cost function represents an optimal position where all different weights W and offsets b can reach the minimum error when being changed iteratively.The term is to calculate the sum of the amount u of all samples and the output error loss;
and taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error back propagation and batch gradient descent algorithm.
(2) Construction of second layer self-encoder (AE2)
And removing the output layer of the first layer self-encoder, and taking the feature set of the first layer self-encoder as the input of the second layer self-encoder.
I.e. the handle W(1)And (3) as input data of the second-layer self-encoder, performing operation according to the step (1), and constructing the second-layer self-encoder to obtain optimal solutions W and b.
(3) Build third level auto encoder (AE3)
Self-knitting by removing the second layerThe output layer of the coder takes the feature set of the second layer self-encoder as the input of the third layer self-encoder, i.e. W(2)And (3) as input data of the third-layer self-encoder, performing operation according to the step (1), and constructing the third-layer self-encoder to obtain optimal solutions W and b.
(4) Construction of BP neural network classifier layer (BP)
The output of the third layer self-encoder (AE3) is taken as the input of the BP neural network.
And carrying out supervised classification on the features learned by the stacked self-encoder through a BP neural network by utilizing the data with the network attack labels, and associating the feature vectors with the network attack labels. Meanwhile, parameters of the stacked self-encoder are finely adjusted through error back propagation, so that the classification accuracy of the whole network is further improved. The training of the BP neural network is mainly divided into two processes of forward conduction and error back propagation. Firstly, carrying out forward calculation on an input feature vector (output of a third-layer self-encoder (AE 3)), and obtaining a predicted category at an output layer; and then the predicted categories are compared with the actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and the parameters of each layer of self-encoder are finely adjusted. The data with the network attack tag is obtained by different network attacks on normal data flow.
The data flow of the charging pile is input into the stack type self-encoder network model, the probability of normal data and the probability of abnormal data of the data flow are finally obtained, and whether the data in the data flow have the abnormal data attacked or not is finally obtained through judging the probabilities.
The charging device with the network attack detection function is formed on the premise that the normal function of the charging device is not influenced by the fact that the charging device carries out real-time detection on the data stream based on the stacked self-encoder network model added in the charging device, classification and probability calculation are carried out on the data stream; the data streams in the charging device are detected in real time, the attack behaviors hidden in the data streams are mined and identified, an attacker is prevented from further invading an upper-layer system through security holes in the charging device, the information security and the operation reliability of the charging device are improved, and the security of a power grid is protected to a certain extent.
Claims (10)
1. A method for identifying active immune attack is characterized in that: the method comprises the following steps:
step one, acquiring a real-time data stream of a charging device;
step two, detecting and classifying the data flow in real time through a stacked self-coding network model so as to judge whether abnormal data exist in the data flow, and directly forwarding the data when the abnormal data do not exist; and when abnormal data exists, intercepting the real-time data stream, sending an alarm prompt, generating a log record and stopping the machine.
2. The method of claim 1, wherein the method comprises the steps of: the real-time detection and classification in the second step comprises the steps of calculating the probability of abnormal data and normal data in the data after classifying the data stream, and judging that the attacked abnormal data exists in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
3. The method of claim 1, wherein the method comprises the steps of: the alarm prompt comprises the steps of displaying attack types on the charging device according to the classification of abnormal data and sending alarm information to the station level monitoring system; the charging device also stores the log records locally and/or sends the log records to a station level monitoring system for storage.
4. The method of claim 1, wherein the method comprises the steps of: the stack type self-encoder network model is established by adopting the following steps:
(1) constructing a first layer self-encoder, wherein the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function expression is as follows:
z=f(x)=s(W(1)x+b(1))
wherein: x is formed by Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1An input bias for the hidden layer; s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:tan h function:and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein: w(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X; a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers;
the reconstruction error for each datum is:
L=||x-g(f(x))||2,
the cost function is defined as:
wherein: x is the number of(i)Represents the ithA sample;representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is a regularization coefficient, λ is taken to be 1;
taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error reverse conduction and batch gradient descent algorithm;
(2) constructing a second layer of the self-encoder, and encoding W(1)As input data of a second-layer self-encoder, performing operation according to the step (1) to construct the second-layer self-encoder to obtain optimal solutions W and b;
(3) constructing a third layer of self-encoder, and encoding W(2)As input data of a third-layer self-encoder, performing operation according to the step (1) to construct the third-layer self-encoder to obtain optimal solutions W and b;
(4) constructing a BP neural network classifier layer and taking the output of the third layer self-encoder as the input of the BP neural network; firstly, carrying out forward calculation on input feature vectors, and obtaining predicted categories on an output layer; then, the predicted categories are compared with actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and parameters of each layer of self-encoders are subjected to fine adjustment;
in the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
wherein: k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;is the output value of the ith unit of the k layers;
after calculating the residual error of each layer, adjusting the parameters of each layer of the stacked self-encoder network according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α;
5. a charging device, characterized by: the charging device controller is connected with the charging control module through a CANBUS bus, the charging control module is connected with the display unit through LVDS/parallel ports and the like, connected with the card reader through an RS232 interface, connected with the ammeter through an RS485 interface and connected with an upper layer through a network;
the charging equipment controller is used for sending the operation instruction sent by the charging control module downwards; receiving the alternating current and direct current change information, vehicle data, vehicle battery conditions, charging modes, output power, output voltage, output current and environmental data of the lower layer and then sending the information to a charging control module;
the touch controller is used for carrying out operation input on the charging equipment controller;
the card reader is used for reading user information of the IC card and sending the user information to the charging control module, wherein the user information comprises an account ID, balance and the like;
the ammeter is used for reading the electric energy consumption condition and the power grid electric energy quality information and sending the electric energy consumption condition and the power grid electric energy quality information to the charging control module;
a display module: the display and man-machine interaction device is used for displaying and man-machine interaction;
the charging control module comprises:
the electricity charge metering module is used for counting the electricity consumption condition sent by the electricity meter and the power quality information of the power grid to generate electricity consumption information, then charging the electricity consumption information to generate electricity charging information, and then sending the electricity charging information to the network attack detection unit for detection; the electric quantity charging information is that the electric energy use condition is obtained from an electric meter, the electric energy consumption and the electric energy payment data are transmitted to a network attack detection unit through a communication module after the electric energy payment required by a consumer is calculated by combining time-of-use electric charge and profit premium;
the positioning module is used for acquiring time and position information in real time and then sending the time and position information to the network attack detection module through the communication module;
the storage module is used for storing data, and the data comprises alarm information and log records;
the communication module is used for communication;
the network attack detection module is used for receiving the data stream sent by the communication module and detecting and classifying the data stream in real time through the network model of the stacked self-encoder so as to judge whether abnormal data exist in the data stream or not, and when the abnormal data do not exist, the data stream is directly forwarded to an upper layer through the communication module; when abnormal data exist, intercepting the real-time data stream, sending an alarm prompt, generating a log record, and sending a shutdown instruction to a charging equipment controller; when the charging equipment controller receives the stop instruction, the controller takes measures in time, disconnects the output interface and stops charging with the vehicle.
6. The charging device according to claim 5, wherein: the network attack detection module also sends alarm information to an upper layer through the communication module, wherein the alarm information is an attack type corresponding to the abnormal data.
7. The charging device according to claim 5, wherein: intercepting the real-time data stream and sending an alarm prompt specifically refers to displaying the attack type on a display module according to the classification of abnormal data while intercepting the real-time data stream.
8. The charging device according to claim 5, wherein: the network attack detection module also stores the log records in the storage module and/or the upper sending layer for storage.
9. The charging device according to claim 5, wherein: the real-time detection classification comprises the steps of calculating the probability of abnormal data and normal data in data after data classification is carried out on the data stream, and judging that the attacked abnormal data exists in the data stream when the probability of the abnormal data is greater than that of the normal data; the probability of the abnormal data comprises the probability of each network attack on the data in the data flow; and when the probability of the abnormal data is greater than that of the normal data, finding out the probability of the network attack with the highest probability from the probabilities of the abnormal data, and classifying the abnormal data into the category of the network attack.
10. The charging device according to claim 5, wherein: the stack type self-encoder network model is established by adopting the following steps:
(1) constructing a first layer self-encoder, wherein the self-encoder is provided with an encoder and a decoder, the encoder is used for mapping an input vector to a hidden layer to obtain a new feature representation, and the function expression is as follows:
z=f(x)=s(W(1)x+b(1))
wherein: x is formed by Rd×1Representing an input vector, d being the dimension of the input data; z is equal to Rr×1R is the number of hidden layer units; w(1)∈Rr×dAn input weight for the hidden layer; b(1)∈Rr×1An input bias for the hidden layer; s represents an activation function, which is generally non-linear, and a commonly used activation function is the sigmoid function:tan h function:and Relu function: s (x) max (0, x);
the role of the decoder is to map the representation z of the hidden layer back to the original input x, the function is expressed as follows:
x=g(z)=s(W(2)z+b(2))
wherein: w(2)∈Rd×r;b(2)∈Rd×1The self-encoder network model output is associated with X (the mapped raw output); a first order feature of the data stream is associated with z in the first layer encoder; output weight and W from first order features to output(2)Associating; output bias of first order features to output and b(2)Associating; the superscript (2) is associated with the number of network layers;
the reconstruction error for each datum is:
L=||x-g(f(x))||2,
the cost function is defined as:
wherein: x is the number of(i)Represents the ith sample;representing the connection weight between the ith unit of the kth layer and the jth unit of the (k + 1) th layer; n represents the number of samples; skRepresents the number of cells of the k-th layer; λ is a regularization coefficient, λ is taken to be 1;
taking parameters W and b when J (W, b) is a minimum value as an optimal solution through an error reverse conduction and batch gradient descent algorithm;
(2) constructing a second layer of the self-encoder, and encoding W(1)As input data of a second-layer self-encoder, performing operation according to the step (1) to construct the second-layer self-encoder to obtain optimal solutions W and b;
(3) constructing a third layer of self-encoder, and encoding W(2)As input data of a third-layer self-encoder, performing operation according to the step (1) to construct the third-layer self-encoder to obtain optimal solutions W and b;
(4) constructing a BP neural network classifier layer and taking the output of the third layer self-encoder as the input of the BP neural network; firstly, carrying out forward calculation on input feature vectors, and obtaining predicted categories on an output layer; then, the predicted categories are compared with actual corresponding categories to obtain classification errors, parameters of the BP neural network are trained by using an error back propagation algorithm, and parameters of each layer of self-encoders are subjected to fine adjustment;
in the process of error back propagation, firstly, the residual δ of each layer network is calculated, and for each output unit i of an output layer, the calculation formula of δ is as follows:
δi=ai(1-ai)(ai-yi),
wherein: a isiSample values; y isiEstimating value; for each of the other hidden layers, the calculation formula of δ is:
wherein: k refers to the k-th layer network; sk+1Means the total number of k +1 layer network neurons;is the output value of the ith unit of the k layers;
after calculating the residual error of each layer, adjusting the parameters of each layer of the stacked self-encoder network according to the following two formulas, wherein α is an adjustment coefficient, and 0.01 is selected from α;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911341263.8A CN111092897B (en) | 2019-12-23 | 2019-12-23 | Active immune attack recognition method and charging device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911341263.8A CN111092897B (en) | 2019-12-23 | 2019-12-23 | Active immune attack recognition method and charging device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111092897A true CN111092897A (en) | 2020-05-01 |
CN111092897B CN111092897B (en) | 2021-01-26 |
Family
ID=70395310
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911341263.8A Active CN111092897B (en) | 2019-12-23 | 2019-12-23 | Active immune attack recognition method and charging device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111092897B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113268729A (en) * | 2021-05-01 | 2021-08-17 | 群智未来人工智能科技研究院(无锡)有限公司 | Smart grid attack positioning method based on convolutional neural network |
CN113449837A (en) * | 2020-11-12 | 2021-09-28 | 江西理工大学 | Intrusion detection method, system, equipment and readable storage medium |
CN115834159A (en) * | 2022-11-08 | 2023-03-21 | 国网重庆市电力公司电力科学研究院 | Network security protection method for power grid informatization construction based on deep learning |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102280904A (en) * | 2010-06-10 | 2011-12-14 | 上海市电力公司 | Automatic charging method based on a V2G and apparatus thereof |
CN103366459A (en) * | 2013-06-26 | 2013-10-23 | 朱幕松 | The hidden type electricity of electric automobile road running rail automatic charge device |
CN103426246A (en) * | 2013-07-26 | 2013-12-04 | 国家电网公司 | Charging pile with opening prevention and monitoring functions |
CN103956790A (en) * | 2014-05-04 | 2014-07-30 | 奈文(武汉)软件有限公司 | Charging device of intelligent terminal and method thereof |
CN104796291A (en) * | 2015-04-27 | 2015-07-22 | 清华大学 | System and method for detecting transmission standardization of routers in core routing area |
CN105044418A (en) * | 2015-08-09 | 2015-11-11 | 安徽普为智能科技有限责任公司 | DC charging pile charging metering method |
US20160226894A1 (en) * | 2015-02-04 | 2016-08-04 | Electronics And Telecommunications Research Institute | System and method for detecting intrusion intelligently based on automatic detection of new attack type and update of attack type model |
CN106357618A (en) * | 2016-08-26 | 2017-01-25 | 北京奇虎科技有限公司 | Web abnormality detection method and device |
CN109760542A (en) * | 2018-12-24 | 2019-05-17 | 长园深瑞继保自动化有限公司 | Charging pile control method and its controller |
CN110086776A (en) * | 2019-03-22 | 2019-08-02 | 国网河南省电力公司经济技术研究院 | Intelligent substation Network Intrusion Detection System and detection method based on deep learning |
CN110542826A (en) * | 2019-09-23 | 2019-12-06 | 深圳供电局有限公司 | On-site calibration method for failure protection starting circuit of power grid transmission line breaker |
-
2019
- 2019-12-23 CN CN201911341263.8A patent/CN111092897B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102280904A (en) * | 2010-06-10 | 2011-12-14 | 上海市电力公司 | Automatic charging method based on a V2G and apparatus thereof |
CN103366459A (en) * | 2013-06-26 | 2013-10-23 | 朱幕松 | The hidden type electricity of electric automobile road running rail automatic charge device |
CN103426246A (en) * | 2013-07-26 | 2013-12-04 | 国家电网公司 | Charging pile with opening prevention and monitoring functions |
CN103956790A (en) * | 2014-05-04 | 2014-07-30 | 奈文(武汉)软件有限公司 | Charging device of intelligent terminal and method thereof |
US20160226894A1 (en) * | 2015-02-04 | 2016-08-04 | Electronics And Telecommunications Research Institute | System and method for detecting intrusion intelligently based on automatic detection of new attack type and update of attack type model |
CN104796291A (en) * | 2015-04-27 | 2015-07-22 | 清华大学 | System and method for detecting transmission standardization of routers in core routing area |
CN105044418A (en) * | 2015-08-09 | 2015-11-11 | 安徽普为智能科技有限责任公司 | DC charging pile charging metering method |
CN106357618A (en) * | 2016-08-26 | 2017-01-25 | 北京奇虎科技有限公司 | Web abnormality detection method and device |
CN109760542A (en) * | 2018-12-24 | 2019-05-17 | 长园深瑞继保自动化有限公司 | Charging pile control method and its controller |
CN110086776A (en) * | 2019-03-22 | 2019-08-02 | 国网河南省电力公司经济技术研究院 | Intelligent substation Network Intrusion Detection System and detection method based on deep learning |
CN110542826A (en) * | 2019-09-23 | 2019-12-06 | 深圳供电局有限公司 | On-site calibration method for failure protection starting circuit of power grid transmission line breaker |
Non-Patent Citations (2)
Title |
---|
李鹤飞: "《基于软件定义网络的DDoS攻击检测方法和缓解机制的研究》", 《中国硕士学位论文全文数据库 信息技术辑》 * |
赵娜: "《多手段融合的网络攻击行为检测技术》", 《安全技术》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113449837A (en) * | 2020-11-12 | 2021-09-28 | 江西理工大学 | Intrusion detection method, system, equipment and readable storage medium |
CN113449837B (en) * | 2020-11-12 | 2022-10-11 | 江西理工大学 | Intrusion detection method, system, equipment and readable storage medium |
CN113268729A (en) * | 2021-05-01 | 2021-08-17 | 群智未来人工智能科技研究院(无锡)有限公司 | Smart grid attack positioning method based on convolutional neural network |
CN113268729B (en) * | 2021-05-01 | 2023-07-28 | 群智未来人工智能科技研究院(无锡)有限公司 | Smart grid attack positioning method based on convolutional neural network |
CN115834159A (en) * | 2022-11-08 | 2023-03-21 | 国网重庆市电力公司电力科学研究院 | Network security protection method for power grid informatization construction based on deep learning |
CN115834159B (en) * | 2022-11-08 | 2024-03-19 | 国网重庆市电力公司电力科学研究院 | Network safety protection method for power grid informatization construction based on deep learning |
Also Published As
Publication number | Publication date |
---|---|
CN111092897B (en) | 2021-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111092897B (en) | Active immune attack recognition method and charging device | |
CN110097297B (en) | Multi-dimensional electricity stealing situation intelligent sensing method, system, equipment and medium | |
Li et al. | Electricity theft detection in power grids with deep learning and random forests | |
CN110108914B (en) | Intelligent decision-making method, system, equipment and medium for preventing electricity stealing | |
CN102243497B (en) | Networking technology-based remote intelligent analysis service system used for engineering machinery | |
Depuru et al. | A hybrid neural network model and encoding technique for enhanced classification of energy consumption data | |
CN112116080A (en) | CNN-GRU water quality prediction method integrated with attention mechanism | |
CN109784388A (en) | Stealing user identification method and device | |
Bian et al. | Abnormal detection of electricity consumption of user based on particle swarm optimization and long short term memory with the attention mechanism | |
CN111413565B (en) | Intelligent power grid fault diagnosis method capable of identifying and measuring tampering attack | |
Zhang et al. | Anomaly Detection method of Smart Meters data based on GMM-LDA clustering feature Learning and PSO Support Vector Machine | |
CN112836738B (en) | BP neural network-based electricity stealing behavior detection method | |
CN112258251A (en) | Grey correlation-based integrated learning prediction method and system for electric vehicle battery replacement demand | |
CN113505926B (en) | Fuel cell fault prediction method based on impedance prediction model self-updating | |
CN110334948A (en) | Power equipment shelf depreciation Severity method and system based on characteristic quantity prediction | |
Chen et al. | Electricity theft detection using deep bidirectional recurrent neural network | |
CN112733456B (en) | Electricity stealing prevention behavior identification method and system | |
CN114692956A (en) | Charging facility load prediction method and system based on multilayer optimization kernel limit learning machine | |
CN114460481A (en) | Energy storage battery thermal runaway early warning method based on Bi-LSTM and attention mechanism | |
Klass et al. | Lifelong performance monitoring of PEM fuel cells using machine learning models | |
CN111738483A (en) | Power grid loss reduction optimization method and system based on clustering and deep belief network | |
CN112183877A (en) | Photovoltaic power station fault intelligent diagnosis method based on transfer learning | |
CN111209979A (en) | Method and device for monitoring vehicle voltage and electronic equipment | |
CN111143835A (en) | Non-invasive protection method for business logic of electric power metering system based on machine learning | |
CN114154617A (en) | Low-voltage resident user abnormal electricity utilization identification method and system based on VFL |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |