CN111127251A - Attack identification method based on LSTM neural network and grid-connected interface device - Google Patents

Abstract

The invention provides an attack identification method based on an LSTM neural network, which is characterized by comprising the following steps: the method comprises the steps of detecting data acquired by a grid-connected interface device in real time, identifying the data through an LSTM neural network model, and sending an alarm prompt and generating a corresponding log record when the data subjected to network attack exists; and when the data is normal, forwarding the data and uploading the data to the monitoring master station. The invention also provides a grid-connected interface device. Compared with the prior art, the long-time and short-time memory-based network model is adopted to detect the original data acquired by the grid-connected interface device in real time, when the original data has network attack, an alarm prompt is sent out and a corresponding log record is generated, when the original data does not have the network attack, the original data is forwarded, abnormal data are prevented from being uploaded to the upper layer by the grid-connected interface device, and therefore the information safety and the operation reliability of the combined cooling heating and power system are guaranteed.

Description

Attack identification method based on LSTM neural network and grid-connected interface device

Technical Field

The invention relates to a power grid system, in particular to an attack identification method based on an LSTM neural network and a grid-connected interface device.

Background

With the rapid development of economy and the improvement of the national standard of living, the demand and the requirement of energy sources in both industry and civilian use are continuously increasing. The phenomenon is obvious on the fossil energy, and the fossil energy still stays at the first place in various types of energy in twenty years in the future according to the latest statistical data of the global energy use condition.

In 2001, a plurality of government agencies in China jointly issue a 'rule on the development of cogeneration', which clearly shows that China encourages research and development and application of relevant aspects in the field of cogeneration and the like, encourages and supports the input of gas turbines using natural gas as energy, and gives great attention to national support and encourages application and research of relevant aspects in combined cycle cogeneration of gas turbines and small-sized gas combined cooling, heating and power generation and the like.

The combined cooling heating and power system is a combined cooling, heating and power system which takes gradient utilization of energy as a basic idea and natural gas as primary energy to generate three kinds of energy, namely cold, heat and power. Compared with the common energy supply system, the combined cooling heating and power system can supply the generated energy to the outside in addition to the efficient recovery and utilization of the energy, and has extremely low pollution to the environment.

The cold and heat electricity trigeminy supplies the system: the Combined Cooling, Heating and power supply, i.e. CCHP (Combined Cooling and power), refers to the power demand of users supplied by the generated power generated by using natural gas as the main fuel to drive gas power generation equipment such as gas turbines, micro-combustion engines or internal combustion engine generators, and the waste heat discharged after the system generates power is supplied to users for Cooling and Heating by waste heat recycling equipment. By the method, the primary energy utilization rate of the whole system is greatly improved, and the cascade utilization of energy is realized. The control variable of the cooling, heating and power triple supply system is mainly the gas engine power, and the control strategy is as follows: according to predicted or actually measured cold, heat and electric loads, the power of the combustion engine in optimized operation and the corresponding comprehensive utilization efficiency of the energy in optimized operation are calculated by using a program, and then the system operation state is adjusted by controlling the power of the combustion engine, so that the system tends to the highest state of the comprehensive utilization efficiency of the energy in the whole operation stage. In order to avoid optimization failure caused by load errors or overlarge errors in the calculation process, the comprehensive utilization efficiency of the optimized operation energy calculated by the program is compared with the actually measured comprehensive utilization efficiency of the energy, and if the difference is overlarge and exceeds a set value, the control system needs to be checked and corrected.

The combined cooling heating and power system is connected with a large power grid through a grid-connected interface device. With the development of the power grid towards the intellectualization direction, the national support of policies related to the cooling, heating and power combined supply system and the requirements of industries and people on the quality of electric energy at the present stage make the performances of the cooling, heating and power combined supply system grid-connected interface device, such as operation reliability, information safety and the like, more and more paid attention by researchers.

The combined network interface device of the combined cooling heating and power system is a kind of important intelligent equipment in the power grid, and the information technology is widely used in the current power grid. The intelligent devices in the power grid transmit respective instructions and requests through various communication modes, so that the importance of information technology is further highlighted in the intelligent power grid. However, while the power grid is developed intelligently and interactively, the network attack technology is also evolved step by step, the attack means has the characteristics of diversity, pertinence and the like, and an attacker can customize different information attack behaviors or modes for different service fields in the power grid, such as attack behaviors specific to intelligent equipment such as a power generation system, a power distribution network system, a control device and a protection device. At the present stage, the information security protection mechanism of the intelligent devices is not perfect, and the intelligent devices also have the intrusion tolerance function, so that the intelligent devices in the power grid cannot be well protected by using the traditional information security protection technology before the customized attack means.

Disclosure of Invention

The invention aims to provide an attack identification method based on an LSTM neural network and a grid-connected interface device, and aims to solve the technical problem of improving the information security and the operation reliability of a combined cooling heating and power system.

In order to solve the problems, the invention adopts the following technical scheme: an attack identification method based on an LSTM neural network comprises the steps of detecting data acquired by a grid-connected interface device in real time, identifying the data through an LSTM neural network model, and sending an alarm prompt and generating a corresponding log record when the data subjected to network attack exists; and when the data is normal, forwarding the data and uploading the data to the monitoring master station.

Further, when the data subjected to the network attack exists in the data, the data is also intercepted.

Further, when data subjected to network attack exists in the data, the alarm prompt is sent to an upper layer.

Further, before the data is identified by the LSTM neural network model, model training is also performed on the LSTM neural network, and the model training includes:

acquiring a training data set, namely acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive and negative samples form the training data set;

secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time memory neural network model through a training data set to obtain a trained LSTM neural network model.

Further, the model training of the long-term and short-term memory neural network model comprises:

(1) initializing an input and giving a desired output;

(2) randomly selecting a sample from the training sample set as the input of the LSTM neural network model, calculating the output value of each neuron by forward propagation, and calculating f_tForget gate output, i_tInput gate output, c_tCell state output, o_tOutput gate output, h_tThe values of five vectors are finally output:

f_t＝σ(W_fxx_t+W_fhh_t-1+W_fcc_t-1+b_f)；

i_t＝σ(W_ixx_t+W_ihh_t-1+W_icc_t-1+b_i)；

o_t＝σ(W_oxx_t+W_ohh_t-1+W_occ_t-1+b_o)；

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number of_tInputting training samples; h is_t-1Is the output of the previous moment;

representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;

(3) introducing a cross entropy loss function E ═ y ln a + (1-y) ln (1-a)]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets the expectation, the expectation refers to the error value between the expected output and the actual output, the error value is less than or equal to 0.02, and the next sample is learned; otherwise, calculating the error term of the output layer:

where E is the loss function, h_tIs the output at time t;

(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; the error term at the t-1 moment needs to be calculated when the time is propagated reversely:

where E is the loss function, h_t-1Is the output at time t-1, δ_t-1Represents the error at time t-1; back propagation along the model structure:

wherein E is a loss function;

the output of the previous layer after the calculation of the weight value and the offset value;

the error of the l-1 layer at the time t is shown;

(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:

input gate to output weight gradient:

cell state to output weight gradient:

output gate to output weight gradient:

input to forget gate weight gradient:

input to input gate weight gradient:

input to cell state weight gradient:

input to output gate weight gradient:

forgetting gate threshold gradient:

input gate threshold gradient:

cell state threshold gradient:

output gate threshold gradient:

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; delta_f,t、δ_i,t、δ_c,t、δ_o,tRespectively correspond to f in the network_t、i_t、c_t、o_tThe error term of (2); wherein x_tAn input representing time t; h is_j-1Represents the output of the output layer at time j-1; t represents transposition;

weight and threshold update: forget gate-to-output weight update:

input gate-to-output weight update:

cell state to outputUpdating the weight:

input to forget gate weight update:

input to forget gate weight update:

input to input Gate weight update:

input to cell state weight update:

input to output gate weight update:

forgetting to update the door threshold:

input gate threshold update:

updating the unit state threshold:

updating the output gate threshold value:

wherein η -0.01 is the learning rate;

(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;

(7) and repeating the process until all samples are learned to obtain the trained LSTM neural network model.

The invention also discloses a grid-connected interface device, which comprises a control module, a display module, a communication module, an alternating current module, an input/output module, a detection module, a storage module and a power module, wherein:

the control module is connected with the power supply module, the detection module, the communication module, the output module, the display module and the storage module;

the control module is used for being connected and communicated with the upper layer and the lower layer through the communication module and sending the received data to the detection module for real-time detection and classification; generating alarm information according to the alarm prompt sent by the detection module, sending the alarm information to the display module, sending the alarm information, log records and data to the storage module for storage and/or sending the alarm information, the log records and the data to an upper layer through the communication module;

the display module is used for displaying the running state, realizing man-machine interaction and displaying after receiving the alarm prompt of the control module;

the communication module is used for communicating with external intelligent equipment;

the alternating current module is used for collecting analog electric parameters such as voltage and current of a common connection point, and power generation units and load analog quantities in the cold-hot triple supply system, transmitting the collected analog quantities to the AD conversion module to be converted into digital quantities which can directly participate in calculation, converting the digital quantities into digital signals and then transmitting the digital signals to the detection module;

the output module is used for outputting the instruction signal sent by the control module;

the input module is used for receiving and controlling the state and instruction information of a load switching switch in a common connection point or a cold-hot triple co-generation system and sending the state and instruction information to the detection module;

the power supply module is used for supplying power to each module;

the storage module is used for storing;

the detection module is used for detecting and classifying data sent by the control module in real time through a long-time memory neural network, outputting a classification result, judging whether a network attack class exists in the classification result, generating an alarm prompt according to the type of the network attack and sending the alarm prompt and a log record to the control module when the network attack class exists in the classification result, and intercepting the data; and when the data in the classification result are all classified into the normal class, the data are sent to the control module, and the control module sends the data to the upper layer through the communication module.

Further, before real-time detection and classification are performed on the data sent by the control module through the LSTM neural network model, the detection module also performs model training on the LSTM neural network, where the model training includes:

acquiring a training data set, namely acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive and negative samples form the training data set;

secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time and short-time memory neural network through a training data set to obtain a trained LSTM neural network model.

Further, the model training of the long-time and short-time memory neural network model comprises:

(1) initializing an input and giving a desired output;

(2) randomly selecting a sample from the training sample set as the input of the LSTM neural network model, calculating the output value of each neuron by forward propagation, and calculating f_tForget gate output, i_tInput gate output, c_tCell state output, o_tOutput gate output, h_tThe values of five vectors are finally output:

f_t＝σ(W_fxx_t+W_fhh_t-1+W_fcc_t-1+b_f)；

i_t＝σ(W_ixx_t+W_ihh_t-1+W_icc_t-1+b_i)；

o_t＝σ(W_oxx_t+W_ohh_t-1+W_occ_t-1+b_o)；

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number of_tInputting training samples; h is_t-1Is the output of the previous moment;

representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;

(3) introducing a cross-entropy loss function E ═ ylna + (1-y) ln (1-a)]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets the expectation, the expectation refers to the error value between the expected output and the actual output, the error value is less than or equal to 0.02, and the next sample is learned; otherwise, calculating the error term of the output layer:

where E is the loss function, h_tIs the output at time t;

(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; the error term at the t-1 moment needs to be calculated when the time is propagated reversely:

where E is the loss function, h_t-1Is the output at time t-1, δ_t-1Represents the error at time t-1; back propagation along the model structure:

wherein E is a loss function;

the output of the previous layer after the calculation of the weight value and the offset value;

the error of the l-1 layer at the time t is shown;

(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:

input gate to output weight gradient:

cell state to output weight gradient:

output gate to output weight gradient:

input to forget gate weight gradient:

input to input gate weight gradient:

input to cell state weight gradient:

input to output gate weight gradient:

forgetting gate threshold gradient:

input gate threshold gradient:

cell state threshold gradient:

output gate threshold gradient:

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; delta_f,t、δ_i,t、δ_c,t、δ_o,tRespectively correspond to f in the network_t、i_t、c_t、o_tThe error term of (2); wherein x_tAn input representing time t; h is_j-1Represents the output of the output layer at time j-1; t represents transposition;

weight and threshold update: forget gate-to-output weight update:

input gate-to-output weight update:

cell state to output weight update:

input to forget gate weight update:

input to forget gate weight update:

input to input Gate weight update:

input to cell state weight update:

input to output gate weight update:

forgetting to update the door threshold:

input gate threshold update:

updating the unit state threshold:

updating the output gate threshold value:

wherein η -0.01 is the learning rate;

(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;

(7) and repeating the process until all samples are learned to obtain the trained LSTM neural network model.

Compared with the prior art, the method has the advantages that the long-time memory network (LSTM) -based model is adopted to detect the original data acquired by the grid-connected interface device in real time, when the network attack exists in the original data, the alarm prompt is sent out and the corresponding log record is generated, when the network attack does not exist in the original data, the original data is forwarded, the abnormal data is prevented from being uploaded to the upper layer by the grid-connected interface device, and therefore the information safety and the operation reliability of the combined cooling heating and power system are guaranteed.

Drawings

Fig. 1 is a structural diagram of a prior art intercooled-thermoelectric cogeneration system.

Fig. 2 is a flow chart of the present invention.

FIG. 3 is a schematic diagram of the LSTM neural network of the present invention.

Fig. 4 is a block diagram showing the configuration of the grid-connected interface device according to the present invention.

Fig. 5 is a schematic diagram of a specific example of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples.

As shown in fig. 1, the system structure of combined cooling, heating and power system is shown, the dotted line with double arrows in the figure is the communication line, the solid line is the power line, and the information that the combined cooling, heating and power system (grid-connected interface device) needs to collect mainly includes three types: the system comprises public connection point information, unit running state information and an upper layer scheduling instruction. Therefore, the system needs to exchange information with a lower-layer cold and hot combined supply system, a cold and hot load (intelligent equipment such as environmental meteorological monitoring and the like, which is not shown in the figure) and an upper-layer dispatching center, and collect electric quantities such as voltage, current and the like of a grid-connected point. In addition, running state information is generated according to the information and then is sent to a triple co-generation system monitoring master station (monitoring master station), so that the monitoring master station can judge the running state of the cooling, heating and power triple co-generation system in real time.

The combined cooling heating and power grid-connected interface device communicates respective instructions and requests with a lower-layer unit (combined cooling and power system, cooling and power load), an upper-layer monitoring master station and a scheduling center in a communication mode, so that the combined cooling and power grid-connected interface device occupies the position of an information interaction center in a grid-connected system. However, this also makes the possibility that the combined cooling heating and power grid-connected interface device is attacked by information and the influence on the operation of the whole system after the attack is great. For example, if the combined cooling, heating and power grid-connected interface device suffers from Dos attack, the combined cooling, heating and power grid-connected interface device cannot or stops responding to requests and instructions from a lower-layer unit, an upper-layer monitoring master station and a scheduling center, and even the combined cooling, heating and power grid-connected interface device is broken down. At this time, the whole system is in a paralyzed state. And the upper monitoring master station can not obtain an accurate state value of the combined cooling heating and power supply grid-connected interface device, so that an administrator makes an erroneous decision, and the safe and stable operation of the whole combined cooling heating and power supply system is endangered.

As shown in fig. 2, the invention discloses an attack identification method based on long-time and short-time memory neural network (LSTM) for a triple co-generation system, which comprises the steps of detecting data acquired by a grid-connected interface device in real time, identifying the data through an LSTM neural network model, and sending an alarm prompt and generating a corresponding log record when the data subjected to network attack exists; and when the data is normal, forwarding the data and uploading the data to the monitoring master station.

The data comprises voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control opening and closing, remote regulation and starting and stopping, output power, load power, environmental meteorological data and the like of a cold and hot triple supply system;

the network attack is a denial of service attack (Dos) attack, which refers to a defect of intentionally attacking a network protocol implementation or exhausting resources of an attacked object by a brute force means directly, and aims to make a target computer or a network fail to provide normal service or resource access, so that a target system service system stops responding or even crashes, and the attack does not include intrusion into a target server or a target network device. These service resources include network bandwidth, file system space capacity, open processes or allowed connections. Such attacks can result in resource scarcity, and the consequences of such attacks cannot be avoided no matter how fast the processing speed of the computer is, how large the memory capacity is, and how fast the network bandwidth is.

The normal state is not under network attack.

When the data subjected to the network attack exists in the data, the data is also intercepted.

The alarm prompt is the type of network attack;

when data subjected to network attack exists in the data, an alarm prompt is sent to an upper layer (a main station for monitoring a combined cooling and heating system and the like), and the upper layer (the combined cooling and heating grid-connected interface device) is informed of the attack and the attack, so that an upper layer controller can know the running state of the combined cooling and heating grid-connected interface device, and a correct instruction can be issued conveniently.

The alarm prompt is displayed through a display and/or an indicator light; the alarm prompt is used for displaying the type of the network attack; the indicator light can set light sources with different colors according to the number of network attacks, so that a system administrator can perform attack processing after being prompted by an alarm.

When the data subjected to network attack exists in the data, the alarm prompt and the log record are also stored.

As shown in fig. 2, before the data is identified by the LSTM neural network model, model training is also performed on the LSTM neural network, and the model training includes:

acquiring a training data set, acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive samples represent original data when the grid-connected interface device is normal, the original data comprise voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control switching-on and switching-off, remote regulation and starting and stopping, output power, load power and environmental meteorological data of the combined cooling and heating supply system and the like, and the negative samples represent abnormal data which are abnormal to the normal data when the grid-connected interface device is attacked by Dos; the positive and negative samples form a training data set;

secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time memory neural network model through a training data set to obtain the trained long-time memory (LSTM) neural network model.

The model training of the long-time memory neural network model comprises the following steps:

(1) initializing an input and giving a desired output; the scheme needs to detect whether the data contains the Dos attack type, so that the data is divided into two types: dos attack class, normal class; by X ═ X₁,x₂,…，x_n，y_k) To represent one sample in the training set, where x₁、x₂、…、x_nRepresenting the characteristics of the sample X, selecting a source IP address, a target IP address, a protocol type, a service type, a data length and a time stamp of the sample as a characteristic vector for representing the sample X, wherein n is 6 to represent the characteristic number; y is_k1, 2 denotes whether the sample belongs to the kth class, 0 denotes no; 1, indicates belonging to the kth class; and using the class value as the label value (i.e., the expected output value) of the sample; setting a network structure as three layers, namely an input layer, a hidden layer and an output layer;

(2) randomly selecting a sample (positive sample or negative sample) from the training sample set as an input of the LSTM neural network model, and calculating an output value of each neuron by forward propagation, namely calculating f in FIG. 3_t(forget gate output), i_t(input gate output), c_t(cell state output), o_t(output gate output), h_t(final output) values of five vectors:

f_t＝σ(W_fxx_t+W_fhh_t-1+W_fcc_t-1+b_f)；

i_t＝σ(W_ixx_t+W_ihh_t-1+W_icc_t-1+b_i)；

o_t＝σ(W_oxx_t+W_ohh_t-1+W_occ_t-1+b_o)；

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number of_tInputting training samples; h is_t-1Is the output of the previous moment;

representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;

(3) the invention belongs to the binary problem, and the output layer adopts a sigmod activation function, so that a cross entropy loss function E ═ y ln a + (1-y) ln (1-a) is introduced]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets expectations (expectation refers to the error between the expected output and the actual output, ≦ 0.02), learn the next sample; otherwise, calculating the error term of the output layer:

where E is the loss function, h_tIs the output at time t;

(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; the error term at the t-1 moment needs to be calculated when the time is propagated reversely:

where E is the loss function, h_t-1Is the output at time t-1, δ_t-1Represents the error at time t-1; back propagation along the model structure:

wherein E is a loss function;

the output of the previous layer after the calculation of the weight value and the offset value;

the error of the l-1 layer at the time t is shown;

(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:

input gate to output weight gradient:

cell state to output weight gradient:

output gate to output weight gradient:

input to forget gate weight gradient:

input to input gate weight gradient:

input to cell state weight gradient:

input deviceTo output gate weight gradient:

forgetting gate threshold gradient:

input gate threshold gradient:

cell state threshold gradient:

output gate threshold gradient:

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; delta_f,t、δ_i,t、δ_c,t、δ_o,tRespectively correspond to f in the network_t、i_t、c_t、o_tThe error term of (2); wherein x_tAn input representing time t; h is_j-1Represents the output of the output layer at time j-1; t represents transposition;

weight and threshold update: forget gate-to-output weight update:

input gate-to-output weight update:

cell state to output weight update:

input to forget gate weight update:

input to forget gate weight update:

input to input Gate weight update:

input to cell state weight update:

input to output gate weight update:

forgetting to update the door threshold:

input gate threshold update:

updating the unit state threshold:

updating the output gate threshold value:

wherein η -0.01 is the learning rate;

(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;

(7) the above process is repeated until all samples are learned, and a trained long-time memory (LSTM) neural network model (namely, the weight and threshold parameters in the network) is obtained.

When the network is trained, the neurons allocate a weight to each feature of the sample, and the weight depends on the importance degree of the corresponding feature (for example, according to the characteristic that Dos attacks exist and are sent repeatedly frequently, the feature of the timestamp is obvious in the scheme); each layer in the network is configured with a bias term, so that the output of the neuron introduces nonlinear characteristics. For the technical scheme, because the problem of two classifications is solved, the sigmod function is adopted as the activation function of the output layer, so that the output of the output layer has the probability of normal Dos attack types, and the sum of output values is ensured to be 1; then, after each sample is input into the network, the probability of the normal and Dos attack type is finally output through the processing of the input layer, the hidden layer and the output layer. For example, after a sample (negative sample) under Dos attack is input to the network for processing, the final output is a normal type, and the probabilities of Dos attack are respectively: 0.40, 0.60; and the desired output of the network is: 0. 1, calculating the error between the actual output and the expected output, and if the error meets the requirement (less than or equal to 0.02), then learning the next sample; otherwise, indicating that the weight and the threshold of each layer in the network do not meet the set error requirement, performing back propagation on the error according to the steps in the training process, and updating the weight and the threshold; then, a new round of learning is carried out, and finally, the output probability becomes: 0.05, 0.95; the error at this time is calculated again, and if the error at this time meets the requirement, the corresponding type (i.e., Dos attack) with the highest probability (0.95) is output as the type of the sample, i.e., the sample is the sample subjected to Dos attack. After all samples are trained, the obtained final weight and threshold are the optimal parameter values of the model capable of classifying the training samples as accurately as possible, and (the network taking the obtained optimal weight and threshold as parameters) can have certain prediction capability on similar samples (real-time data).

As shown in fig. 4, the present invention further discloses a combined cooling heating and power supply grid interface device (grid interface device), which includes a control module (main CPU), a display module, a communication module, an ac module, an input/output module, a detection module, a storage module, and a power module, wherein:

the control module is connected with the power supply module, the detection module, the communication module, the output module, the display module and the storage module; the system is used for being connected and communicated with the upper layer and the lower layer through the communication module and sending the received data to the detection module for real-time detection and classification; generating alarm information according to the alarm prompt sent by the detection module, sending the alarm information, log records and data to the display module, storing the alarm information, the log records and the data in the storage module and/or sending the alarm information, the log records and the data to an upper layer (a main monitoring station of a triple co-generation monitoring system) through the communication module; the control module also coordinates and controls the work among all the modules connected with the control module, and makes a correct decision through intelligent management, analysis and judgment and then sends the decision to a lower layer through the input and output module;

the data comprises voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control opening and closing, remote regulation and starting and stopping, output power, load power, environmental meteorological data and the like of a cold and hot triple supply system;

the log record includes information: attack time, attack duration, attack mode, type of transmission protocol corresponding to the attack, error data segmentation, start and end address information of the error data (namely, address information of the source device and the target device), and the like.

The display module is used for displaying the running state, realizing man-machine interaction and displaying after receiving the alarm prompt of the control module; the display module is a display and/or an indicator light, and displays an alarm prompt through the display and/or displays through the indicator light; the alarm prompt is used for displaying the type of the network attack; the indicator light can set light sources with different colors according to the number of network attacks, so that a system administrator can perform attack processing after being prompted by an alarm, and better human-computer interaction experience is realized;

the communication module is used for communicating with external intelligent equipment, mainly used for interacting data with intelligent equipment such as a lower layer controller, an environmental weather monitoring device, a cold and hot load and the like in a cold and hot triple supply system and a triple supply system monitoring master station and a scheduling center in an upper layer station, and mainly used for receiving or forwarding state information from the intelligent equipment on the lower layer and instruction information of a photovoltaic monitoring system and the scheduling center in the upper layer station, data such as remote signaling, remote measuring and power consumption, commands such as remote control on-off brake, remote regulating, start-stop and the like, output power, load power, environmental weather data and the like of a power generation unit;

the alternating current module is used for collecting analog electric parameters such as voltage and current of a common connection point, and power generation units and load analog quantities in the cold-hot triple supply system, transmitting the collected analog quantities to the AD conversion module to be converted into digital quantities which can directly participate in calculation, converting the digital quantities into digital signals and then transmitting the digital signals to the detection module;

the output module is used for outputting the instruction signals sent by the control module, and the instruction signals comprise an output control common connection point switch, a load switching switch in a cold-hot triple co-generation system, a breaker switch and the like;

the input module is used for receiving and controlling the state and instruction information of a load switching switch in a common connection point or a cold-hot triple co-generation system and sending the state and instruction information to the detection module;

the power supply module is used for supplying power to the control module, the communication module, the display module, the input and output module, the alternating current acquisition module, the detection module and other modules;

the storage module is used for storing alarm information, log information, data, control programs, electrical parameter information such as voltage and current of a public connection point, and state information such as a public connection point switch, a load switching switch in a cold and hot triple supply system, a breaker switch and the like;

the detection module is used for detecting and classifying data sent by the control module in real time through a long-time memory neural network, outputting a classification result, judging whether the classification result has a network attack class or not, generating an alarm prompt according to the type of the network attack and sending the alarm prompt and a log record to the control module when the network attack class exists in the classification result, and intercepting the data, and the control module sends the alarm prompt to the display module for display; when the data in the classification result are all classified into a normal class, the data are sent to the control module, and the control module sends the data to an upper layer through the communication module;

the data comprises voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control opening and closing, remote regulation and starting and stopping, output power, load power, environmental meteorological data and the like of a cold and hot triple supply system;

the normal data is data which is not attacked by the network.

The alarm prompt is used for displaying the type of the network attack when the display module is used as a display; when the light source is an indicator light, light sources with different colors can be set according to the number of network attacks, so that a system administrator can perform attack processing after being prompted by an alarm.

As shown in fig. 2, before the detection module performs real-time detection and classification on the data sent by the control module through the long-time and short-time memory neural network model, the detection module also performs model training on the LSTM neural network, where the model training includes:

acquiring a training data set, acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive samples represent original data when the grid-connected interface device is normal, the original data comprise voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control switching-on and switching-off, remote regulation and starting and stopping, output power, load power and environmental meteorological data of the combined cooling and heating supply system and the like, and the negative samples represent abnormal data which are abnormal to the normal data when the grid-connected interface device is attacked by Dos; the positive and negative samples form a training data set;

secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time memory neural network through a training data set to obtain a trained long-time memory (LSTM) neural network model.

The model training of the long-time memory neural network model comprises the following steps:

(1) initializing an input and giving a desired output; the scheme needs to detect whether the data contains the Dos attack type, so that the data is divided into two types: dos attack class, normal class; by X ═ X₁,x₂,…，x_n，y_k) To represent one sample in the training set, where x₁、x₂、…、x_nRepresenting the characteristics of the sample X, selecting a source IP address, a target IP address, a protocol type, a service type, a data length and a time stamp of the sample as a characteristic vector for representing the sample X, wherein n is 6 to represent the characteristic number; y is_k1, 2 denotes whether the sample belongs to the kth class, 0 denotes no; 1, indicates belonging to the kth class; and using the class value as the label value (i.e., the expected output value) of the sample; setting a network structure as three layers, namely an input layer, a hidden layer and an output layer;

(2) randomly selecting a sample (positive sample or negative sample) from the training sample set as the input of the neural network model, and calculating the output value of each neuron by forward propagation, namely calculating f in fig. 3_t(forget gate output), i_t(input gate output), c_t(cell state output), o_t(output gate output), h_t(final output) values of five vectors:

f_t＝σ(W_fxx_t+W_fhh_t-1+W_fcc_t-1+b_f)；

i_t＝σ(W_ixx_t+W_ihh_t-1+W_icc_t-1+b_i)；

o_t＝σ(W_oxx_t+W_ohh_t-1+W_occ_t-1+b_o)；

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number of_tInputting training samples; h is_t-1Is the output of the previous moment;

representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;

(3) the invention belongs to the binary problem, and the output layer adopts a sigmod activation function, so that a cross entropy loss function E- [ ylna + (1-y) ln (1-a) is introduced]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets expectations (expectation refers to the error between the expected output and the actual output, ≦ 0.02), learn the next sample; otherwise, calculating the error term of the output layer:

where E is the loss function, h_tIs the output at time t;

(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; t-1 time needs to be calculated when propagating backward along timeError term of etching:

where E is the loss function, h_t-1Is the output at time t-1, δ_t-1Represents the error at time t-1; back propagation along the model structure:

wherein E is a loss function;

the output of the previous layer after the calculation of the weight value and the offset value;

the error of the l-1 layer at the time t is shown;

(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:

input gate to output weight gradient:

cell state to output weight gradient:

output gate to output weight gradient:

input to forget gate weight gradient:

input to input gate weight gradient:

input to cell state weight gradient:

input to output gate weight gradient:

forgetting gate threshold gradient:

input gate threshold gradient:

cell state threshold gradient:

output gate threshold gradient:

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; delta_f,t、δ_i,t、δ_c,t、δ_o,tRespectively correspond to f in the network_t、i_t、c_t、o_tThe error term of (2); wherein x_tAn input representing time t; h is_j-1Represents the output of the output layer at time j-1; t represents transposition;

weight and threshold update: forget gate-to-output weight update:

input gate to outputAnd (3) updating the weight:

cell state to output weight update:

input to forget gate weight update:

input to forget gate weight update:

input to input Gate weight update:

input to cell state weight update:

input to output gate weight update:

forgetting to update the door threshold:

input gate threshold update:

updating the unit state threshold:

updating the output gate threshold value:

wherein η -0.01 is the learning rate;

(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;

(7) the above process is repeated until all samples are learned, and a trained long-time memory (LSTM) neural network model (namely, the weight and threshold parameters in the network) is obtained.

When the network is trained, the neurons allocate a weight to each feature of the sample, and the weight depends on the importance degree of the corresponding feature (for example, according to the characteristic that Dos attacks exist and are sent repeatedly frequently, the feature of the timestamp is obvious in the scheme); each layer in the network is configured with a bias term, so that the output of the neuron introduces nonlinear characteristics. For the technical scheme, because the problem of two classifications is solved, the sigmod function is adopted as the activation function of the output layer, so that the output of the output layer has the probability of normal Dos attack types, and the sum of output values is ensured to be 1; then, after each sample is input into the network, the probability of the normal and Dos attack type is finally output through the processing of the input layer, the hidden layer and the output layer. For example, after a sample (negative sample) under Dos attack is input to the network for processing, the final output is a normal type, and the probabilities of Dos attack are respectively: 0.40, 0.60; and the desired output of the network is: 0. 1, calculating the error between the actual output and the expected output, and if the error meets the requirement (less than or equal to 0.02), then learning the next sample; otherwise, indicating that the weight and the threshold of each layer in the network do not meet the set error requirement, performing back propagation on the error according to the steps in the training process, and updating the weight and the threshold; then, a new round of learning is carried out, and finally, the output probability becomes: 0.05, 0.95; the error at this time is calculated again, and if the error at this time meets the requirement, the corresponding type (i.e., Dos attack) with the highest probability (0.95) is output as the type of the sample, i.e., the sample is the sample subjected to Dos attack. After all samples are trained, the obtained final weight and threshold are the optimal parameter values of the model capable of classifying the training samples as accurately as possible, and (the network taking the obtained optimal weight and threshold as parameters) can have certain prediction capability on similar samples (real-time data).

As shown in fig. 5, for the detection module to obtain the voltage and current parameters from the ethernet communication module in real time and detect the parameters, if Dos attack exists in the parameters, the long-term memory neural network module will recognize Dos attack from the parameters, so as to output the detection result of the information of Dos attack, and the control module will issue an alarm prompt and generate a log record according to the detection result.

Claims (8)

1. An attack identification method based on an LSTM neural network is characterized in that: the method comprises the steps of detecting data acquired by a grid-connected interface device in real time, identifying the data through an LSTM neural network model, and sending an alarm prompt and generating a corresponding log record when the data subjected to network attack exists; and when the data is normal, forwarding the data and uploading the data to the monitoring master station.

2. The LSTM neural network-based attack recognition method of claim 1, wherein: when the data subjected to the network attack exists in the data, the data is also intercepted.

3. The LSTM neural network-based attack recognition method of claim 1, wherein: and when the data subjected to the network attack exists in the data, sending an alarm prompt to an upper layer.

4. The LSTM neural network-based attack recognition method of claim 1, wherein: before data is identified through the LSTM neural network model, model training is carried out on the LSTM neural network, and the model training comprises the following steps:

acquiring a training data set, namely acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive and negative samples form the training data set;

secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time memory neural network model through a training data set to obtain a trained LSTM neural network model.

5. The LSTM neural network-based attack recognition method of claim 4, wherein: the model training of the long-time memory neural network model comprises the following steps:

(1) initializing an input and giving a desired output;

(2) randomly selecting a sample from the training sample set as the input of the LSTM neural network model, calculating the output value of each neuron by forward propagation, and calculating f_tForget gate output, i_tInput gate output, c_tCell state output, o_tOutput gate output, h_tThe values of five vectors are finally output:

f_t＝σ(W_fxx_t+W_fhh_t-1+W_fcc_t-1+b_f)；

i_t＝σ(W_ixx_t+W_ihh_t-1+W_icc_t-1+b_i)；

o_t＝σ(W_oxx_t+W_ohh_t-1+W_occ_t-1+b_o)；

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number of_tInputting training samples; h is_t-1Is the output of the previous moment;

representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;

(3) introducing a cross entropy loss function E ═ y ln a + (1-y) ln (1-a)]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets the expectation, the expectation refers to the error value between the expected output and the actual output, the error value is less than or equal to 0.02, and the next sample is learned; otherwise, calculating the error term of the output layer:

where E is the loss function, h_tIs the output at time t;

(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; the error term at the t-1 moment needs to be calculated when the time is propagated reversely:

where E is the loss function, h_t-1Is the output at time t-1, δ_t-1Represents the error at time t-1; back propagation along the model structure:

wherein E is a loss function;

the output of the previous layer after the calculation of the weight value and the offset value;

the error of the l-1 layer at the time t is shown;

(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:

input gate to output weight gradient:

cell state to output weight gradient:

output gate to output weight gradient:

input to forget gate weight gradient:

input to input gate weight gradient:

input to cell state weight gradient:

input to output gate weight gradient:

forgetting gate threshold gradient:

input gate threshold gradient:

cell state threshold gradient:

output gate threshold gradient:

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; delta_f,t、δ_i,t、δ_c,t、δ_o,tRespectively correspond to f in the network_t、i_t、c_t、o_tThe error term of (2); wherein x_tAn input representing time t; h is_j-1Represents the output of the output layer at time j-1; t represents transposition;

weight and threshold update: forget gate-to-output weight update:

input gate-to-output weight update:

cell state to output weight update:

input to forget gate weight update:

input to forget gate weight update:

input to input Gate weight update:

input to cell state weight update:

input to output gate weight update:

forgetting to update the door threshold:

input gate threshold update:

updating the unit state threshold:

updating the output gate threshold value:

wherein η -0.01 is the learning rate;

(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;

(7) and repeating the process until all samples are learned to obtain the trained LSTM neural network model.

6. A grid-connected interface device is characterized in that: including control module, display module, communication module, exchange module, input/output module, detection module, storage module and power module, wherein:

the control module is connected with the power supply module, the detection module, the communication module, the output module, the display module and the storage module;

the control module is used for being connected and communicated with the upper layer and the lower layer through the communication module and sending the received data to the detection module for real-time detection and classification; generating alarm information according to the alarm prompt sent by the detection module, sending the alarm information to the display module, sending the alarm information, log records and data to the storage module for storage and/or sending the alarm information, the log records and the data to an upper layer through the communication module;

the display module is used for displaying the running state, realizing man-machine interaction and displaying after receiving the alarm prompt of the control module;

the communication module is used for communicating with external intelligent equipment;

the alternating current module is used for collecting analog electric parameters such as voltage and current of a common connection point, and power generation units and load analog quantities in the cold-hot triple supply system, transmitting the collected analog quantities to the AD conversion module to be converted into digital quantities which can directly participate in calculation, converting the digital quantities into digital signals and then transmitting the digital signals to the detection module;

the output module is used for outputting the instruction signal sent by the control module;

the input module is used for receiving and controlling the state and instruction information of a load switching switch in a common connection point or a cold-hot triple co-generation system and sending the state and instruction information to the detection module;

the power supply module is used for supplying power to each module;

the storage module is used for storing;

the detection module is used for detecting and classifying data sent by the control module in real time through a long-time memory neural network, outputting a classification result, judging whether a network attack class exists in the classification result, generating an alarm prompt according to the type of the network attack and sending the alarm prompt and a log record to the control module when the network attack class exists in the classification result, and intercepting the data; and when the data in the classification result are all classified into the normal class, the data are sent to the control module, and the control module sends the data to the upper layer through the communication module.

7. The grid-tied interface device according to claim 6, wherein: before real-time detection and classification are carried out on data sent by the control module through the LSTM neural network model by the detection module, model training is carried out on the LSTM neural network model, and the model training comprises the following steps:

acquiring a training data set, namely acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive and negative samples form the training data set;

secondly, model training is carried out on the long-time memory neural network model: and performing model training on the long-time and short-time memory neural network through a training data set to obtain a trained LSTM neural network model.

8. The grid-tied interface device according to claim 7, wherein: the model training of the long-time memory neural network model comprises the following steps:

(1) initializing an input and giving a desired output;

(2) randomly selecting a sample from the training sample set as the input of the LSTM neural network, calculating the output value of each neuron by forward propagation, and calculating f_tForget gate output, i_tInput gate output, c_tCell state output, o_tOutput gate output, h_tThe values of five vectors are finally output:

f_t＝σ(W_fxx_t+W_fhh_t-1+W_fcc_t-1+b_f)；

i_t＝σ(W_ixx_t+W_ihh_t-1+W_icc_t-1+b_i)；

o_t＝σ(W_oxx_t+W_ohh_t-1+W_occ_t-1+b_o)；

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number of_tInputting training samples; h is_t-1Is the output of the previous moment;

representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;

(3) introducing a cross entropy loss function E ═ y ln a + (1-y) ln (1-a)]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets the expectation, the expectation refers to the error value between the expected output and the actual output, the error value is less than or equal to 0.02, and the next sample is learned; otherwise, calculating the error term of the output layer:

where E is the loss function, h_tIs the output at time t;

(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; the error term at the t-1 moment needs to be calculated when the time is propagated reversely:

where E is the loss function, h_t-1Is the output at time t-1, δ_t-1Represents the error at time t-1; back propagation along the model structure:

wherein E is a loss function;

the output of the previous layer after the calculation of the weight value and the offset value;

the error of the l-1 layer at the time t is shown;

(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:

input gate to output weight gradient:

cell state to output weight gradient:

output gate to output weight gradient:

input to forget gate weight gradient:

input to input gate weight gradient:

input to cell state rightHeavy gradient:

input to output gate weight gradient:

forgetting gate threshold gradient:

input gate threshold gradient:

cell state threshold gradient:

output gate threshold gradient:

wherein, W_fx、W_fh、W_fcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; w_ix、W_ih、W_icWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; w_ox、W_oh、W_ocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; w_cx、W_chThe weight matrixes are respectively input to a unit state and the unit state to output; b_f、b_i、b_c、b_oBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; delta_f,t、δ_i,t、δ_c,t、δ_o,tRespectively correspond to f in the network_t、i_t、c_t、o_tThe error term of (2); wherein x_tAn input representing time t; h is_j-1Represents the output of the output layer at time j-1; t represents transposition;

weight and threshold update: forget gate-to-output weight update:

input gate-to-output weight update:

cell state to output weight update:

input to forget gate weight update:

input to forget gate weight update:

input to input Gate weight update:

input to cell state weight update:

input to output gate weight update:

forgetting to update the door threshold:

input gate threshold update:

updating the unit state threshold:

updating the output gate threshold value:

wherein η -0.01 is the learning rate;

(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;

(7) and repeating the process until all samples are learned to obtain the trained LSTM neural network model.

Images