CN111127251A - Attack identification method based on LSTM neural network and grid-connected interface device - Google Patents

Attack identification method based on LSTM neural network and grid-connected interface device Download PDF

Info

Publication number
CN111127251A
CN111127251A CN201911342782.6A CN201911342782A CN111127251A CN 111127251 A CN111127251 A CN 111127251A CN 201911342782 A CN201911342782 A CN 201911342782A CN 111127251 A CN111127251 A CN 111127251A
Authority
CN
China
Prior art keywords
output
gate
input
weight
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911342782.6A
Other languages
Chinese (zh)
Inventor
习伟
李鹏
匡晓云
徐成斌
贺生国
姚浩
于杨
简淦杨
杨祎巍
陈锐
祖连兴
陈远生
占捷文
王乾刚
朱小帆
丁凯
何鸿雁
黄植炜
肖声远
吕志宁
刘威
邓巍
宁柏锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China South Power Grid International Co ltd
Shenzhen Power Supply Bureau Co Ltd
CYG Sunri Co Ltd
Original Assignee
China South Power Grid International Co ltd
Shenzhen Power Supply Bureau Co Ltd
CYG Sunri Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China South Power Grid International Co ltd, Shenzhen Power Supply Bureau Co Ltd, CYG Sunri Co Ltd filed Critical China South Power Grid International Co ltd
Priority to CN201911342782.6A priority Critical patent/CN111127251A/en
Publication of CN111127251A publication Critical patent/CN111127251A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/06Energy or water supply
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/045Combinations of networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Biomedical Technology (AREA)
  • Molecular Biology (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Artificial Intelligence (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Economics (AREA)
  • Public Health (AREA)
  • Water Supply & Treatment (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明提供了一种基于LSTM神经网络的攻击识别方法,其特征在于:包括对并网接口装置获取的数据进行实时检测,通过LSTM神经网络模型对数据进行识别,当数据中存在受到网络攻击的数据时,发出报警提示以及生成相应的日志记录;当数据为正常时,则将数据进行转发上送至监控主站。本发明还提供了一种并网接口装置。与现有技术相比,采用基于长短时记忆网络模型对并网接口装置获取的原始数据进行实时检测,当原始数据存在网络攻击时,则发出报警提示以及生成相应的日志记录,当原始数据中不存在网络攻击时,则将原始数据进行转发,避免并网接口装置将异常数据上传至上层,从而保证冷热电三联供系统的信息安全性以及运行可靠性。

Figure 201911342782

The invention provides an attack identification method based on LSTM neural network, which is characterized in that: it includes real-time detection of data obtained by a grid-connected interface device, and identification of the data through an LSTM neural network model. When the data is detected, an alarm prompt will be issued and corresponding log records will be generated; when the data is normal, the data will be forwarded and sent to the monitoring master station. The invention also provides a grid-connected interface device. Compared with the prior art, the raw data obtained by the grid-connected interface device is detected in real time based on a long-short-term memory network model. When there is a network attack on the raw data, an alarm prompt is issued and a corresponding log record is generated. When there is no network attack, the original data will be forwarded to prevent the grid-connected interface device from uploading abnormal data to the upper layer, thereby ensuring the information security and operational reliability of the combined cooling, heating and power system.

Figure 201911342782

Description

Attack identification method based on LSTM neural network and grid-connected interface device
Technical Field
The invention relates to a power grid system, in particular to an attack identification method based on an LSTM neural network and a grid-connected interface device.
Background
With the rapid development of economy and the improvement of the national standard of living, the demand and the requirement of energy sources in both industry and civilian use are continuously increasing. The phenomenon is obvious on the fossil energy, and the fossil energy still stays at the first place in various types of energy in twenty years in the future according to the latest statistical data of the global energy use condition.
In 2001, a plurality of government agencies in China jointly issue a 'rule on the development of cogeneration', which clearly shows that China encourages research and development and application of relevant aspects in the field of cogeneration and the like, encourages and supports the input of gas turbines using natural gas as energy, and gives great attention to national support and encourages application and research of relevant aspects in combined cycle cogeneration of gas turbines and small-sized gas combined cooling, heating and power generation and the like.
The combined cooling heating and power system is a combined cooling, heating and power system which takes gradient utilization of energy as a basic idea and natural gas as primary energy to generate three kinds of energy, namely cold, heat and power. Compared with the common energy supply system, the combined cooling heating and power system can supply the generated energy to the outside in addition to the efficient recovery and utilization of the energy, and has extremely low pollution to the environment.
The cold and heat electricity trigeminy supplies the system: the Combined Cooling, Heating and power supply, i.e. CCHP (Combined Cooling and power), refers to the power demand of users supplied by the generated power generated by using natural gas as the main fuel to drive gas power generation equipment such as gas turbines, micro-combustion engines or internal combustion engine generators, and the waste heat discharged after the system generates power is supplied to users for Cooling and Heating by waste heat recycling equipment. By the method, the primary energy utilization rate of the whole system is greatly improved, and the cascade utilization of energy is realized. The control variable of the cooling, heating and power triple supply system is mainly the gas engine power, and the control strategy is as follows: according to predicted or actually measured cold, heat and electric loads, the power of the combustion engine in optimized operation and the corresponding comprehensive utilization efficiency of the energy in optimized operation are calculated by using a program, and then the system operation state is adjusted by controlling the power of the combustion engine, so that the system tends to the highest state of the comprehensive utilization efficiency of the energy in the whole operation stage. In order to avoid optimization failure caused by load errors or overlarge errors in the calculation process, the comprehensive utilization efficiency of the optimized operation energy calculated by the program is compared with the actually measured comprehensive utilization efficiency of the energy, and if the difference is overlarge and exceeds a set value, the control system needs to be checked and corrected.
The combined cooling heating and power system is connected with a large power grid through a grid-connected interface device. With the development of the power grid towards the intellectualization direction, the national support of policies related to the cooling, heating and power combined supply system and the requirements of industries and people on the quality of electric energy at the present stage make the performances of the cooling, heating and power combined supply system grid-connected interface device, such as operation reliability, information safety and the like, more and more paid attention by researchers.
The combined network interface device of the combined cooling heating and power system is a kind of important intelligent equipment in the power grid, and the information technology is widely used in the current power grid. The intelligent devices in the power grid transmit respective instructions and requests through various communication modes, so that the importance of information technology is further highlighted in the intelligent power grid. However, while the power grid is developed intelligently and interactively, the network attack technology is also evolved step by step, the attack means has the characteristics of diversity, pertinence and the like, and an attacker can customize different information attack behaviors or modes for different service fields in the power grid, such as attack behaviors specific to intelligent equipment such as a power generation system, a power distribution network system, a control device and a protection device. At the present stage, the information security protection mechanism of the intelligent devices is not perfect, and the intelligent devices also have the intrusion tolerance function, so that the intelligent devices in the power grid cannot be well protected by using the traditional information security protection technology before the customized attack means.
Disclosure of Invention
The invention aims to provide an attack identification method based on an LSTM neural network and a grid-connected interface device, and aims to solve the technical problem of improving the information security and the operation reliability of a combined cooling heating and power system.
In order to solve the problems, the invention adopts the following technical scheme: an attack identification method based on an LSTM neural network comprises the steps of detecting data acquired by a grid-connected interface device in real time, identifying the data through an LSTM neural network model, and sending an alarm prompt and generating a corresponding log record when the data subjected to network attack exists; and when the data is normal, forwarding the data and uploading the data to the monitoring master station.
Further, when the data subjected to the network attack exists in the data, the data is also intercepted.
Further, when data subjected to network attack exists in the data, the alarm prompt is sent to an upper layer.
Further, before the data is identified by the LSTM neural network model, model training is also performed on the LSTM neural network, and the model training includes:
acquiring a training data set, namely acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive and negative samples form the training data set;
secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time memory neural network model through a training data set to obtain a trained LSTM neural network model.
Further, the model training of the long-term and short-term memory neural network model comprises:
(1) initializing an input and giving a desired output;
(2) randomly selecting a sample from the training sample set as the input of the LSTM neural network model, calculating the output value of each neuron by forward propagation, and calculating ftForget gate output, itInput gate output, ctCell state output, otOutput gate output, htThe values of five vectors are finally output:
ft=σ(Wfxxt+Wfhht-1+Wfcct-1+bf);
it=σ(Wixxt+Wihht-1+Wicct-1+bi);
Figure BDA0002332094210000032
ot=σ(Woxxt+Wohht-1+Wocct-1+bo);
Figure BDA0002332094210000033
wherein, Wfx、Wfh、WfcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; wix、Wih、WicWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; wox、Woh、WocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; wcx、WchThe weight matrixes are respectively input to a unit state and the unit state to output; bf、bi、bc、boBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number oftInputting training samples; h ist-1Is the output of the previous moment;
Figure BDA0002332094210000034
representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;
(3) introducing a cross entropy loss function E ═ y ln a + (1-y) ln (1-a)]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets the expectation, the expectation refers to the error value between the expected output and the actual output, the error value is less than or equal to 0.02, and the next sample is learned; otherwise, calculating the error term of the output layer:
Figure BDA0002332094210000031
where E is the loss function, htIs the output at time t;
(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; the error term at the t-1 moment needs to be calculated when the time is propagated reversely:
Figure BDA0002332094210000041
where E is the loss function, ht-1Is the output at time t-1, δt-1Represents the error at time t-1; back propagation along the model structure:
Figure BDA0002332094210000042
wherein E is a loss function;
Figure BDA0002332094210000043
the output of the previous layer after the calculation of the weight value and the offset value;
Figure BDA0002332094210000044
the error of the l-1 layer at the time t is shown;
(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:
Figure BDA0002332094210000045
input gate to output weight gradient:
Figure BDA0002332094210000046
cell state to output weight gradient:
Figure BDA0002332094210000047
output gate to output weight gradient:
Figure BDA0002332094210000048
input to forget gate weight gradient:
Figure BDA0002332094210000049
input to input gate weight gradient:
Figure BDA00023320942100000410
input to cell state weight gradient:
Figure BDA00023320942100000411
input to output gate weight gradient:
Figure BDA00023320942100000412
forgetting gate threshold gradient:
Figure BDA00023320942100000413
input gate threshold gradient:
Figure BDA00023320942100000414
cell state threshold gradient:
Figure BDA00023320942100000415
output gate threshold gradient:
Figure BDA00023320942100000416
wherein, Wfx、Wfh、WfcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; wix、Wih、WicWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; wox、Woh、WocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; wcx、WchThe weight matrixes are respectively input to a unit state and the unit state to output; bf、bi、bc、boBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; deltaf,t、δi,t、δc,t、δo,tRespectively correspond to f in the networkt、it、ct、otThe error term of (2); wherein xtAn input representing time t; h isj-1Represents the output of the output layer at time j-1; t represents transposition;
weight and threshold update: forget gate-to-output weight update:
Figure BDA0002332094210000051
input gate-to-output weight update:
Figure BDA0002332094210000052
cell state to outputUpdating the weight:
Figure BDA0002332094210000053
input to forget gate weight update:
Figure BDA0002332094210000054
input to forget gate weight update:
Figure BDA0002332094210000055
input to input Gate weight update:
Figure BDA0002332094210000056
input to cell state weight update:
Figure BDA0002332094210000057
input to output gate weight update:
Figure BDA0002332094210000058
forgetting to update the door threshold:
Figure BDA0002332094210000059
input gate threshold update:
Figure BDA00023320942100000510
updating the unit state threshold:
Figure BDA00023320942100000511
updating the output gate threshold value:
Figure BDA00023320942100000512
wherein η -0.01 is the learning rate;
(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;
(7) and repeating the process until all samples are learned to obtain the trained LSTM neural network model.
The invention also discloses a grid-connected interface device, which comprises a control module, a display module, a communication module, an alternating current module, an input/output module, a detection module, a storage module and a power module, wherein:
the control module is connected with the power supply module, the detection module, the communication module, the output module, the display module and the storage module;
the control module is used for being connected and communicated with the upper layer and the lower layer through the communication module and sending the received data to the detection module for real-time detection and classification; generating alarm information according to the alarm prompt sent by the detection module, sending the alarm information to the display module, sending the alarm information, log records and data to the storage module for storage and/or sending the alarm information, the log records and the data to an upper layer through the communication module;
the display module is used for displaying the running state, realizing man-machine interaction and displaying after receiving the alarm prompt of the control module;
the communication module is used for communicating with external intelligent equipment;
the alternating current module is used for collecting analog electric parameters such as voltage and current of a common connection point, and power generation units and load analog quantities in the cold-hot triple supply system, transmitting the collected analog quantities to the AD conversion module to be converted into digital quantities which can directly participate in calculation, converting the digital quantities into digital signals and then transmitting the digital signals to the detection module;
the output module is used for outputting the instruction signal sent by the control module;
the input module is used for receiving and controlling the state and instruction information of a load switching switch in a common connection point or a cold-hot triple co-generation system and sending the state and instruction information to the detection module;
the power supply module is used for supplying power to each module;
the storage module is used for storing;
the detection module is used for detecting and classifying data sent by the control module in real time through a long-time memory neural network, outputting a classification result, judging whether a network attack class exists in the classification result, generating an alarm prompt according to the type of the network attack and sending the alarm prompt and a log record to the control module when the network attack class exists in the classification result, and intercepting the data; and when the data in the classification result are all classified into the normal class, the data are sent to the control module, and the control module sends the data to the upper layer through the communication module.
Further, before real-time detection and classification are performed on the data sent by the control module through the LSTM neural network model, the detection module also performs model training on the LSTM neural network, where the model training includes:
acquiring a training data set, namely acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive and negative samples form the training data set;
secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time and short-time memory neural network through a training data set to obtain a trained LSTM neural network model.
Further, the model training of the long-time and short-time memory neural network model comprises:
(1) initializing an input and giving a desired output;
(2) randomly selecting a sample from the training sample set as the input of the LSTM neural network model, calculating the output value of each neuron by forward propagation, and calculating ftForget gate output, itInput gate output, ctCell state output, otOutput gate output, htThe values of five vectors are finally output:
ft=σ(Wfxxt+Wfhht-1+Wfcct-1+bf);
it=σ(Wixxt+Wihht-1+Wicct-1+bi);
Figure BDA0002332094210000061
ot=σ(Woxxt+Wohht-1+Wocct-1+bo);
Figure BDA0002332094210000071
wherein, Wfx、Wfh、WfcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; wix、Wih、WicWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; wox、Woh、WocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; wcx、WchThe weight matrixes are respectively input to a unit state and the unit state to output; bf、bi、bc、boBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number oftInputting training samples; h ist-1Is the output of the previous moment;
Figure BDA0002332094210000078
representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;
(3) introducing a cross-entropy loss function E ═ ylna + (1-y) ln (1-a)]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets the expectation, the expectation refers to the error value between the expected output and the actual output, the error value is less than or equal to 0.02, and the next sample is learned; otherwise, calculating the error term of the output layer:
Figure BDA0002332094210000072
where E is the loss function, htIs the output at time t;
(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; the error term at the t-1 moment needs to be calculated when the time is propagated reversely:
Figure BDA0002332094210000073
where E is the loss function, ht-1Is the output at time t-1, δt-1Represents the error at time t-1; back propagation along the model structure:
Figure BDA0002332094210000074
wherein E is a loss function;
Figure BDA0002332094210000075
the output of the previous layer after the calculation of the weight value and the offset value;
Figure BDA0002332094210000076
the error of the l-1 layer at the time t is shown;
(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:
Figure BDA0002332094210000077
input gate to output weight gradient:
Figure BDA0002332094210000081
cell state to output weight gradient:
Figure BDA0002332094210000082
output gate to output weight gradient:
Figure BDA0002332094210000083
input to forget gate weight gradient:
Figure BDA0002332094210000084
input to input gate weight gradient:
Figure BDA0002332094210000085
input to cell state weight gradient:
Figure BDA0002332094210000086
input to output gate weight gradient:
Figure BDA0002332094210000087
forgetting gate threshold gradient:
Figure BDA0002332094210000088
input gate threshold gradient:
Figure BDA0002332094210000089
cell state threshold gradient:
Figure BDA00023320942100000810
output gate threshold gradient:
Figure BDA00023320942100000811
wherein, Wfx、Wfh、WfcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; wix、Wih、WicWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; wox、Woh、WocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; wcx、WchThe weight matrixes are respectively input to a unit state and the unit state to output; bf、bi、bc、boBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; deltaf,t、δi,t、δc,t、δo,tRespectively correspond to f in the networkt、it、ct、otThe error term of (2); wherein xtAn input representing time t; h isj-1Represents the output of the output layer at time j-1; t represents transposition;
weight and threshold update: forget gate-to-output weight update:
Figure BDA00023320942100000812
input gate-to-output weight update:
Figure BDA00023320942100000813
cell state to output weight update:
Figure BDA00023320942100000814
input to forget gate weight update:
Figure BDA00023320942100000815
input to forget gate weight update:
Figure BDA00023320942100000816
input to input Gate weight update:
Figure BDA00023320942100000817
input to cell state weight update:
Figure BDA00023320942100000818
input to output gate weight update:
Figure BDA00023320942100000819
forgetting to update the door threshold:
Figure BDA0002332094210000091
input gate threshold update:
Figure BDA0002332094210000092
updating the unit state threshold:
Figure BDA0002332094210000093
updating the output gate threshold value:
Figure BDA0002332094210000094
wherein η -0.01 is the learning rate;
(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;
(7) and repeating the process until all samples are learned to obtain the trained LSTM neural network model.
Compared with the prior art, the method has the advantages that the long-time memory network (LSTM) -based model is adopted to detect the original data acquired by the grid-connected interface device in real time, when the network attack exists in the original data, the alarm prompt is sent out and the corresponding log record is generated, when the network attack does not exist in the original data, the original data is forwarded, the abnormal data is prevented from being uploaded to the upper layer by the grid-connected interface device, and therefore the information safety and the operation reliability of the combined cooling heating and power system are guaranteed.
Drawings
Fig. 1 is a structural diagram of a prior art intercooled-thermoelectric cogeneration system.
Fig. 2 is a flow chart of the present invention.
FIG. 3 is a schematic diagram of the LSTM neural network of the present invention.
Fig. 4 is a block diagram showing the configuration of the grid-connected interface device according to the present invention.
Fig. 5 is a schematic diagram of a specific example of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
As shown in fig. 1, the system structure of combined cooling, heating and power system is shown, the dotted line with double arrows in the figure is the communication line, the solid line is the power line, and the information that the combined cooling, heating and power system (grid-connected interface device) needs to collect mainly includes three types: the system comprises public connection point information, unit running state information and an upper layer scheduling instruction. Therefore, the system needs to exchange information with a lower-layer cold and hot combined supply system, a cold and hot load (intelligent equipment such as environmental meteorological monitoring and the like, which is not shown in the figure) and an upper-layer dispatching center, and collect electric quantities such as voltage, current and the like of a grid-connected point. In addition, running state information is generated according to the information and then is sent to a triple co-generation system monitoring master station (monitoring master station), so that the monitoring master station can judge the running state of the cooling, heating and power triple co-generation system in real time.
The combined cooling heating and power grid-connected interface device communicates respective instructions and requests with a lower-layer unit (combined cooling and power system, cooling and power load), an upper-layer monitoring master station and a scheduling center in a communication mode, so that the combined cooling and power grid-connected interface device occupies the position of an information interaction center in a grid-connected system. However, this also makes the possibility that the combined cooling heating and power grid-connected interface device is attacked by information and the influence on the operation of the whole system after the attack is great. For example, if the combined cooling, heating and power grid-connected interface device suffers from Dos attack, the combined cooling, heating and power grid-connected interface device cannot or stops responding to requests and instructions from a lower-layer unit, an upper-layer monitoring master station and a scheduling center, and even the combined cooling, heating and power grid-connected interface device is broken down. At this time, the whole system is in a paralyzed state. And the upper monitoring master station can not obtain an accurate state value of the combined cooling heating and power supply grid-connected interface device, so that an administrator makes an erroneous decision, and the safe and stable operation of the whole combined cooling heating and power supply system is endangered.
As shown in fig. 2, the invention discloses an attack identification method based on long-time and short-time memory neural network (LSTM) for a triple co-generation system, which comprises the steps of detecting data acquired by a grid-connected interface device in real time, identifying the data through an LSTM neural network model, and sending an alarm prompt and generating a corresponding log record when the data subjected to network attack exists; and when the data is normal, forwarding the data and uploading the data to the monitoring master station.
The data comprises voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control opening and closing, remote regulation and starting and stopping, output power, load power, environmental meteorological data and the like of a cold and hot triple supply system;
the network attack is a denial of service attack (Dos) attack, which refers to a defect of intentionally attacking a network protocol implementation or exhausting resources of an attacked object by a brute force means directly, and aims to make a target computer or a network fail to provide normal service or resource access, so that a target system service system stops responding or even crashes, and the attack does not include intrusion into a target server or a target network device. These service resources include network bandwidth, file system space capacity, open processes or allowed connections. Such attacks can result in resource scarcity, and the consequences of such attacks cannot be avoided no matter how fast the processing speed of the computer is, how large the memory capacity is, and how fast the network bandwidth is.
The normal state is not under network attack.
When the data subjected to the network attack exists in the data, the data is also intercepted.
The alarm prompt is the type of network attack;
when data subjected to network attack exists in the data, an alarm prompt is sent to an upper layer (a main station for monitoring a combined cooling and heating system and the like), and the upper layer (the combined cooling and heating grid-connected interface device) is informed of the attack and the attack, so that an upper layer controller can know the running state of the combined cooling and heating grid-connected interface device, and a correct instruction can be issued conveniently.
The alarm prompt is displayed through a display and/or an indicator light; the alarm prompt is used for displaying the type of the network attack; the indicator light can set light sources with different colors according to the number of network attacks, so that a system administrator can perform attack processing after being prompted by an alarm.
When the data subjected to network attack exists in the data, the alarm prompt and the log record are also stored.
As shown in fig. 2, before the data is identified by the LSTM neural network model, model training is also performed on the LSTM neural network, and the model training includes:
acquiring a training data set, acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive samples represent original data when the grid-connected interface device is normal, the original data comprise voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control switching-on and switching-off, remote regulation and starting and stopping, output power, load power and environmental meteorological data of the combined cooling and heating supply system and the like, and the negative samples represent abnormal data which are abnormal to the normal data when the grid-connected interface device is attacked by Dos; the positive and negative samples form a training data set;
secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time memory neural network model through a training data set to obtain the trained long-time memory (LSTM) neural network model.
The model training of the long-time memory neural network model comprises the following steps:
(1) initializing an input and giving a desired output; the scheme needs to detect whether the data contains the Dos attack type, so that the data is divided into two types: dos attack class, normal class; by X ═ X1,x2,…,xn,yk) To represent one sample in the training set, where x1、x2、…、xnRepresenting the characteristics of the sample X, selecting a source IP address, a target IP address, a protocol type, a service type, a data length and a time stamp of the sample as a characteristic vector for representing the sample X, wherein n is 6 to represent the characteristic number; y isk1, 2 denotes whether the sample belongs to the kth class, 0 denotes no; 1, indicates belonging to the kth class; and using the class value as the label value (i.e., the expected output value) of the sample; setting a network structure as three layers, namely an input layer, a hidden layer and an output layer;
(2) randomly selecting a sample (positive sample or negative sample) from the training sample set as an input of the LSTM neural network model, and calculating an output value of each neuron by forward propagation, namely calculating f in FIG. 3t(forget gate output), it(input gate output), ct(cell state output), ot(output gate output), ht(final output) values of five vectors:
ft=σ(Wfxxt+Wfhht-1+Wfcct-1+bf);
it=σ(Wixxt+Wihht-1+Wicct-1+bi);
Figure BDA0002332094210000121
ot=σ(Woxxt+Wohht-1+Wocct-1+bo);
Figure BDA0002332094210000122
wherein, Wfx、Wfh、WfcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; wix、Wih、WicWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; wox、Woh、WocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; wcx、WchThe weight matrixes are respectively input to a unit state and the unit state to output; bf、bi、bc、boBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number oftInputting training samples; h ist-1Is the output of the previous moment;
Figure BDA0002332094210000125
representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;
(3) the invention belongs to the binary problem, and the output layer adopts a sigmod activation function, so that a cross entropy loss function E ═ y ln a + (1-y) ln (1-a) is introduced]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets expectations (expectation refers to the error between the expected output and the actual output, ≦ 0.02), learn the next sample; otherwise, calculating the error term of the output layer:
Figure BDA0002332094210000123
where E is the loss function, htIs the output at time t;
(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; the error term at the t-1 moment needs to be calculated when the time is propagated reversely:
Figure BDA0002332094210000124
where E is the loss function, ht-1Is the output at time t-1, δt-1Represents the error at time t-1; back propagation along the model structure:
Figure BDA0002332094210000131
wherein E is a loss function;
Figure BDA0002332094210000132
the output of the previous layer after the calculation of the weight value and the offset value;
Figure BDA0002332094210000133
the error of the l-1 layer at the time t is shown;
(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:
Figure BDA0002332094210000134
input gate to output weight gradient:
Figure BDA0002332094210000135
cell state to output weight gradient:
Figure BDA0002332094210000136
output gate to output weight gradient:
Figure BDA0002332094210000137
input to forget gate weight gradient:
Figure BDA0002332094210000138
input to input gate weight gradient:
Figure BDA0002332094210000139
input to cell state weight gradient:
Figure BDA00023320942100001310
input deviceTo output gate weight gradient:
Figure BDA00023320942100001311
forgetting gate threshold gradient:
Figure BDA00023320942100001312
input gate threshold gradient:
Figure BDA00023320942100001313
cell state threshold gradient:
Figure BDA00023320942100001314
output gate threshold gradient:
Figure BDA00023320942100001315
wherein, Wfx、Wfh、WfcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; wix、Wih、WicWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; wox、Woh、WocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; wcx、WchThe weight matrixes are respectively input to a unit state and the unit state to output; bf、bi、bc、boBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; deltaf,t、δi,t、δc,t、δo,tRespectively correspond to f in the networkt、it、ct、otThe error term of (2); wherein xtAn input representing time t; h isj-1Represents the output of the output layer at time j-1; t represents transposition;
weight and threshold update: forget gate-to-output weight update:
Figure BDA00023320942100001316
input gate-to-output weight update:
Figure BDA00023320942100001317
cell state to output weight update:
Figure BDA00023320942100001318
input to forget gate weight update:
Figure BDA0002332094210000141
input to forget gate weight update:
Figure BDA0002332094210000142
input to input Gate weight update:
Figure BDA0002332094210000143
input to cell state weight update:
Figure BDA0002332094210000144
input to output gate weight update:
Figure BDA0002332094210000145
forgetting to update the door threshold:
Figure BDA0002332094210000146
input gate threshold update:
Figure BDA0002332094210000147
updating the unit state threshold:
Figure BDA0002332094210000148
updating the output gate threshold value:
Figure BDA0002332094210000149
wherein η -0.01 is the learning rate;
(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;
(7) the above process is repeated until all samples are learned, and a trained long-time memory (LSTM) neural network model (namely, the weight and threshold parameters in the network) is obtained.
When the network is trained, the neurons allocate a weight to each feature of the sample, and the weight depends on the importance degree of the corresponding feature (for example, according to the characteristic that Dos attacks exist and are sent repeatedly frequently, the feature of the timestamp is obvious in the scheme); each layer in the network is configured with a bias term, so that the output of the neuron introduces nonlinear characteristics. For the technical scheme, because the problem of two classifications is solved, the sigmod function is adopted as the activation function of the output layer, so that the output of the output layer has the probability of normal Dos attack types, and the sum of output values is ensured to be 1; then, after each sample is input into the network, the probability of the normal and Dos attack type is finally output through the processing of the input layer, the hidden layer and the output layer. For example, after a sample (negative sample) under Dos attack is input to the network for processing, the final output is a normal type, and the probabilities of Dos attack are respectively: 0.40, 0.60; and the desired output of the network is: 0. 1, calculating the error between the actual output and the expected output, and if the error meets the requirement (less than or equal to 0.02), then learning the next sample; otherwise, indicating that the weight and the threshold of each layer in the network do not meet the set error requirement, performing back propagation on the error according to the steps in the training process, and updating the weight and the threshold; then, a new round of learning is carried out, and finally, the output probability becomes: 0.05, 0.95; the error at this time is calculated again, and if the error at this time meets the requirement, the corresponding type (i.e., Dos attack) with the highest probability (0.95) is output as the type of the sample, i.e., the sample is the sample subjected to Dos attack. After all samples are trained, the obtained final weight and threshold are the optimal parameter values of the model capable of classifying the training samples as accurately as possible, and (the network taking the obtained optimal weight and threshold as parameters) can have certain prediction capability on similar samples (real-time data).
As shown in fig. 4, the present invention further discloses a combined cooling heating and power supply grid interface device (grid interface device), which includes a control module (main CPU), a display module, a communication module, an ac module, an input/output module, a detection module, a storage module, and a power module, wherein:
the control module is connected with the power supply module, the detection module, the communication module, the output module, the display module and the storage module; the system is used for being connected and communicated with the upper layer and the lower layer through the communication module and sending the received data to the detection module for real-time detection and classification; generating alarm information according to the alarm prompt sent by the detection module, sending the alarm information, log records and data to the display module, storing the alarm information, the log records and the data in the storage module and/or sending the alarm information, the log records and the data to an upper layer (a main monitoring station of a triple co-generation monitoring system) through the communication module; the control module also coordinates and controls the work among all the modules connected with the control module, and makes a correct decision through intelligent management, analysis and judgment and then sends the decision to a lower layer through the input and output module;
the data comprises voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control opening and closing, remote regulation and starting and stopping, output power, load power, environmental meteorological data and the like of a cold and hot triple supply system;
the log record includes information: attack time, attack duration, attack mode, type of transmission protocol corresponding to the attack, error data segmentation, start and end address information of the error data (namely, address information of the source device and the target device), and the like.
The display module is used for displaying the running state, realizing man-machine interaction and displaying after receiving the alarm prompt of the control module; the display module is a display and/or an indicator light, and displays an alarm prompt through the display and/or displays through the indicator light; the alarm prompt is used for displaying the type of the network attack; the indicator light can set light sources with different colors according to the number of network attacks, so that a system administrator can perform attack processing after being prompted by an alarm, and better human-computer interaction experience is realized;
the communication module is used for communicating with external intelligent equipment, mainly used for interacting data with intelligent equipment such as a lower layer controller, an environmental weather monitoring device, a cold and hot load and the like in a cold and hot triple supply system and a triple supply system monitoring master station and a scheduling center in an upper layer station, and mainly used for receiving or forwarding state information from the intelligent equipment on the lower layer and instruction information of a photovoltaic monitoring system and the scheduling center in the upper layer station, data such as remote signaling, remote measuring and power consumption, commands such as remote control on-off brake, remote regulating, start-stop and the like, output power, load power, environmental weather data and the like of a power generation unit;
the alternating current module is used for collecting analog electric parameters such as voltage and current of a common connection point, and power generation units and load analog quantities in the cold-hot triple supply system, transmitting the collected analog quantities to the AD conversion module to be converted into digital quantities which can directly participate in calculation, converting the digital quantities into digital signals and then transmitting the digital signals to the detection module;
the output module is used for outputting the instruction signals sent by the control module, and the instruction signals comprise an output control common connection point switch, a load switching switch in a cold-hot triple co-generation system, a breaker switch and the like;
the input module is used for receiving and controlling the state and instruction information of a load switching switch in a common connection point or a cold-hot triple co-generation system and sending the state and instruction information to the detection module;
the power supply module is used for supplying power to the control module, the communication module, the display module, the input and output module, the alternating current acquisition module, the detection module and other modules;
the storage module is used for storing alarm information, log information, data, control programs, electrical parameter information such as voltage and current of a public connection point, and state information such as a public connection point switch, a load switching switch in a cold and hot triple supply system, a breaker switch and the like;
the detection module is used for detecting and classifying data sent by the control module in real time through a long-time memory neural network, outputting a classification result, judging whether the classification result has a network attack class or not, generating an alarm prompt according to the type of the network attack and sending the alarm prompt and a log record to the control module when the network attack class exists in the classification result, and intercepting the data, and the control module sends the alarm prompt to the display module for display; when the data in the classification result are all classified into a normal class, the data are sent to the control module, and the control module sends the data to an upper layer through the communication module;
the data comprises voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control opening and closing, remote regulation and starting and stopping, output power, load power, environmental meteorological data and the like of a cold and hot triple supply system;
the normal data is data which is not attacked by the network.
The alarm prompt is used for displaying the type of the network attack when the display module is used as a display; when the light source is an indicator light, light sources with different colors can be set according to the number of network attacks, so that a system administrator can perform attack processing after being prompted by an alarm.
As shown in fig. 2, before the detection module performs real-time detection and classification on the data sent by the control module through the long-time and short-time memory neural network model, the detection module also performs model training on the LSTM neural network, where the model training includes:
acquiring a training data set, acquiring positive and negative samples of data of a combined cooling heating and power supply grid-connected interface device, wherein the positive samples represent original data when the grid-connected interface device is normal, the original data comprise voltage, current, frequency, active power, reactive power and power factor data of a public connection point, data such as remote signaling, remote measurement and power consumption, commands such as remote control switching-on and switching-off, remote regulation and starting and stopping, output power, load power and environmental meteorological data of the combined cooling and heating supply system and the like, and the negative samples represent abnormal data which are abnormal to the normal data when the grid-connected interface device is attacked by Dos; the positive and negative samples form a training data set;
secondly, model training is carried out on the long-time memory neural network: and performing model training on the long-time memory neural network through a training data set to obtain a trained long-time memory (LSTM) neural network model.
The model training of the long-time memory neural network model comprises the following steps:
(1) initializing an input and giving a desired output; the scheme needs to detect whether the data contains the Dos attack type, so that the data is divided into two types: dos attack class, normal class; by X ═ X1,x2,…,xn,yk) To represent one sample in the training set, where x1、x2、…、xnRepresenting the characteristics of the sample X, selecting a source IP address, a target IP address, a protocol type, a service type, a data length and a time stamp of the sample as a characteristic vector for representing the sample X, wherein n is 6 to represent the characteristic number; y isk1, 2 denotes whether the sample belongs to the kth class, 0 denotes no; 1, indicates belonging to the kth class; and using the class value as the label value (i.e., the expected output value) of the sample; setting a network structure as three layers, namely an input layer, a hidden layer and an output layer;
(2) randomly selecting a sample (positive sample or negative sample) from the training sample set as the input of the neural network model, and calculating the output value of each neuron by forward propagation, namely calculating f in fig. 3t(forget gate output), it(input gate output), ct(cell state output), ot(output gate output), ht(final output) values of five vectors:
ft=σ(Wfxxt+Wfhht-1+Wfcct-1+bf);
it=σ(Wixxt+Wihht-1+Wicct-1+bi);
Figure BDA0002332094210000171
ot=σ(Woxxt+Wohht-1+Wocct-1+bo);
Figure BDA0002332094210000172
wherein, Wfx、Wfh、WfcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; wix、Wih、WicWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; wox、Woh、WocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; wcx、WchThe weight matrixes are respectively input to a unit state and the unit state to output; bf、bi、bc、boBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; x is the number oftInputting training samples; h ist-1Is the output of the previous moment;
Figure BDA0002332094210000189
representing a multiply by element operator; the sigma is a binary classification activation function sigmod; tan h is an activation function;
(3) the invention belongs to the binary problem, and the output layer adopts a sigmod activation function, so that a cross entropy loss function E- [ ylna + (1-y) ln (1-a) is introduced]Calculating an error value, wherein y and a are respectively an expected output value and an actual output value of the sample; if the error meets expectations (expectation refers to the error between the expected output and the actual output, ≦ 0.02), learn the next sample; otherwise, calculating the error term of the output layer:
Figure BDA0002332094210000181
where E is the loss function, htIs the output at time t;
(4) starting back propagation according to the error in the step (3), wherein the back propagation of the error comprises two directions: backward propagation along time and backward propagation along the model structure; t-1 time needs to be calculated when propagating backward along timeError term of etching:
Figure BDA0002332094210000182
where E is the loss function, ht-1Is the output at time t-1, δt-1Represents the error at time t-1; back propagation along the model structure:
Figure BDA0002332094210000183
wherein E is a loss function;
Figure BDA0002332094210000184
the output of the previous layer after the calculation of the weight value and the offset value;
Figure BDA0002332094210000185
the error of the l-1 layer at the time t is shown;
(5) calculating the following weights and threshold gradients from the error terms calculated by back-propagation in step (4): forget gate to output weight gradient:
Figure BDA0002332094210000186
input gate to output weight gradient:
Figure BDA0002332094210000187
cell state to output weight gradient:
Figure BDA0002332094210000188
output gate to output weight gradient:
Figure BDA0002332094210000191
input to forget gate weight gradient:
Figure BDA0002332094210000192
input to input gate weight gradient:
Figure BDA0002332094210000193
input to cell state weight gradient:
Figure BDA0002332094210000194
input to output gate weight gradient:
Figure BDA0002332094210000195
forgetting gate threshold gradient:
Figure BDA0002332094210000196
input gate threshold gradient:
Figure BDA0002332094210000197
cell state threshold gradient:
Figure BDA0002332094210000198
output gate threshold gradient:
Figure BDA0002332094210000199
wherein, Wfx、Wfh、WfcThe weight matrixes are respectively input to a forgetting gate, the forgetting gate is output, and the forgetting gate is in a unit state; wix、Wih、WicWeight matrices for input to input gate, input gate to output, input gate to cell state, respectively; wox、Woh、WocThe weight matrixes are respectively input to an output gate, the output gate to an output and the output gate to a unit state; wcx、WchThe weight matrixes are respectively input to a unit state and the unit state to output; bf、bi、bc、boBias terms for the forgetting gate, the input gate, the cell state, and the output gate, respectively; e is a loss function; deltaf,t、δi,t、δc,t、δo,tRespectively correspond to f in the networkt、it、ct、otThe error term of (2); wherein xtAn input representing time t; h isj-1Represents the output of the output layer at time j-1; t represents transposition;
weight and threshold update: forget gate-to-output weight update:
Figure BDA00023320942100001910
input gate to outputAnd (3) updating the weight:
Figure BDA00023320942100001911
cell state to output weight update:
Figure BDA00023320942100001912
input to forget gate weight update:
Figure BDA00023320942100001913
input to forget gate weight update:
Figure BDA00023320942100001914
input to input Gate weight update:
Figure BDA00023320942100001915
input to cell state weight update:
Figure BDA00023320942100001916
input to output gate weight update:
Figure BDA00023320942100001917
forgetting to update the door threshold:
Figure BDA0002332094210000201
input gate threshold update:
Figure BDA0002332094210000202
updating the unit state threshold:
Figure BDA0002332094210000203
updating the output gate threshold value:
Figure BDA0002332094210000204
wherein η -0.01 is the learning rate;
(6) entering the next round of training, namely recalculating the output of the sample according to the updated weight and the threshold value until the error meets the expectation;
(7) the above process is repeated until all samples are learned, and a trained long-time memory (LSTM) neural network model (namely, the weight and threshold parameters in the network) is obtained.
When the network is trained, the neurons allocate a weight to each feature of the sample, and the weight depends on the importance degree of the corresponding feature (for example, according to the characteristic that Dos attacks exist and are sent repeatedly frequently, the feature of the timestamp is obvious in the scheme); each layer in the network is configured with a bias term, so that the output of the neuron introduces nonlinear characteristics. For the technical scheme, because the problem of two classifications is solved, the sigmod function is adopted as the activation function of the output layer, so that the output of the output layer has the probability of normal Dos attack types, and the sum of output values is ensured to be 1; then, after each sample is input into the network, the probability of the normal and Dos attack type is finally output through the processing of the input layer, the hidden layer and the output layer. For example, after a sample (negative sample) under Dos attack is input to the network for processing, the final output is a normal type, and the probabilities of Dos attack are respectively: 0.40, 0.60; and the desired output of the network is: 0. 1, calculating the error between the actual output and the expected output, and if the error meets the requirement (less than or equal to 0.02), then learning the next sample; otherwise, indicating that the weight and the threshold of each layer in the network do not meet the set error requirement, performing back propagation on the error according to the steps in the training process, and updating the weight and the threshold; then, a new round of learning is carried out, and finally, the output probability becomes: 0.05, 0.95; the error at this time is calculated again, and if the error at this time meets the requirement, the corresponding type (i.e., Dos attack) with the highest probability (0.95) is output as the type of the sample, i.e., the sample is the sample subjected to Dos attack. After all samples are trained, the obtained final weight and threshold are the optimal parameter values of the model capable of classifying the training samples as accurately as possible, and (the network taking the obtained optimal weight and threshold as parameters) can have certain prediction capability on similar samples (real-time data).
As shown in fig. 5, for the detection module to obtain the voltage and current parameters from the ethernet communication module in real time and detect the parameters, if Dos attack exists in the parameters, the long-term memory neural network module will recognize Dos attack from the parameters, so as to output the detection result of the information of Dos attack, and the control module will issue an alarm prompt and generate a log record according to the detection result.

Claims (8)

1.一种基于LSTM神经网络的攻击识别方法,其特征在于:包括对并网接口装置获取的数据进行实时检测,通过LSTM神经网络模型对数据进行识别,当数据中存在受到网络攻击的数据时,发出报警提示以及生成相应的日志记录;当数据为正常时,则将数据进行转发上送至监控主站。1. an attack identification method based on LSTM neural network, it is characterized in that: comprise the data that the network interface device is acquired and carry out real-time detection, by LSTM neural network model, the data is identified, when there is the data that is subjected to network attack in the data , issue an alarm prompt and generate corresponding log records; when the data is normal, the data will be forwarded and sent to the monitoring master station. 2.根据权利要求1所述的基于LSTM神经网络的攻击识别方法,其特征在于:当数据中存在受到网络攻击的数据时,还对数据进行拦截。2. The attack identification method based on LSTM neural network according to claim 1, characterized in that: when there is data subject to network attack in the data, the data is also intercepted. 3.根据权利要求1所述的基于LSTM神经网络的攻击识别方法,其特征在于:当数据中存在受到网络攻击的数据时,还将报警提示发送给上层。3. The attack identification method based on LSTM neural network according to claim 1, is characterized in that: when there is data subject to network attack in the data, an alarm prompt is also sent to the upper layer. 4.根据权利要求1所述的基于LSTM神经网络的攻击识别方法,其特征在于:在通过LSTM神经网络模型对数据进行识别前,还对LSTM神经网络进行模型训练,所述模型训练包括:4. the attack identification method based on LSTM neural network according to claim 1 is characterized in that: before data is identified by LSTM neural network model, model training is also carried out to LSTM neural network, and the model training comprises: 一、训练数据集的获取,获取冷热电三联供并网接口装置数据正负样本,所述正负样本组成训练数据集;1. The acquisition of the training data set, the positive and negative samples of the data of the combined cooling, heating and power grid-connected interface device are obtained, and the positive and negative samples constitute the training data set; 二、对长短时记忆神经网络进行模型训练:通过训练数据集对长短时记忆神经网络模型进行模型训练,得到训练后的LSTM神经网络模型。2. Model training on the long-short-term memory neural network: Model training on the long-short-term memory neural network model through the training data set to obtain the trained LSTM neural network model. 5.根据权利要求4所述的基于LSTM神经网络的攻击识别方法,其特征在于:所述对长短时记忆神经网络模型进行模型训练包括:5. the attack identification method based on LSTM neural network according to claim 4, is characterized in that: described carrying out model training to long short-term memory neural network model comprises: (1)初始化输入和给定期望输出;(1) Initialize the input and give the desired output; (2)随机从训练样本集中选取一个样本作为LSTM神经网络模型的输入,前向传播计算每个神经元的输出值,计算ft遗忘门输出、it输入门输出、ct单元状态输出、ot输出门输出、ht最终输出五个向量的值:(2) Randomly select a sample from the training sample set as the input of the LSTM neural network model, calculate the output value of each neuron in the forward propagation, calculate the output of the ft forgetting gate, the output of the it input gate, the output of the ct unit state, o t output gate output, h t finally output the value of five vectors: ft=σ(Wfxxt+Wfhht-1+Wfcct-1+bf);f t =σ(W fx x t +W fh h t-1 +W fc c t-1 +b f ); it=σ(Wixxt+Wihht-1+Wicct-1+bi);i t =σ(W ix x t +W ih h t-1 +W ic c t-1 +b i );
Figure FDA0002332094200000011
Figure FDA0002332094200000011
 ot=σ(Woxxt+Wohht-1+Wocct-1+bo);o t =σ(W ox x t +W oh h t-1 +W oc c t-1 +b o );
Figure FDA0002332094200000012
Figure FDA0002332094200000012
 其中,Wfx、Wfh、Wfc分别为输入到遗忘门、遗忘门到输出、遗忘门到单元状态的权重矩阵;Wix、Wih、Wic分别为输入到输入门、输入门到输出、输入门到单元状态的权重矩阵;Wox、Woh、Woc分别为输入到输出门、输出门到输出、输出门到单元状态的权重矩阵;Wcx、Wch分别为输入到单元状态、单元状态到输出的权重矩阵;bf、bi、bc、bo分别为遗忘门、输入门、单元状态以及输出门的偏置项;xt为输入的训练样本;ht-1为前一时刻的输出;
Figure FDA00023320942000000211
表示按元素乘运算符;所述σ为二分类激活函数sigmod;tanh为激活函数;Among them, W fx , W fh , and W fc are the weight matrices of input to forget gate, forget gate to output, and forget gate to unit state; Wi ix , W ih , and W ic are input to input gate, input gate to output, respectively , the weight matrix from the input gate to the unit state; W ox , W oh , and W oc are the weight matrix from the input to the output gate, the output gate to the output, and the output gate to the unit state respectively; W cx , W ch are the input to the unit state respectively , the weight matrix from the unit state to the output; b f , b i , b c , and b o are the bias terms of the forget gate, input gate, unit state and output gate, respectively; x t is the input training sample; h t-1 is the output of the previous moment;
Figure FDA00023320942000000211
represents the element-wise multiplication operator; the σ is the binary classification activation function sigmod; tanh is the activation function; (3)引入交叉熵损失函数E=-[y ln a+(1-y)ln(1-a)]计算误差值,其中,y、a分别为样本的期望输出、实际输出值;如果误差满足预期,所述预期指的是期望输出与实际输出之间的误差值,取≤0.02,学习下一个样本;否则,计算上述输出层的误差项:
Figure FDA0002332094200000021
其中E为损失函数,ht为t时刻的输出;(3) Introduce the cross-entropy loss function E=-[y ln a+(1-y)ln(1-a)] to calculate the error value, where y and a are the expected output and actual output value of the sample respectively; if the error meets the Expectation, the expectation refers to the error value between the expected output and the actual output, take ≤0.02, and learn the next sample; otherwise, calculate the error term of the above output layer:
Figure FDA0002332094200000021
where E is the loss function, and h t is the output at time t; (4)根据步骤(3)的误差开始反向传播,误差反向传播包括两个方向:沿时间的反向传播和将沿模型结构的反向传播;沿时间的反向传播时需要计算t-1时刻的误差项:
Figure FDA0002332094200000022
其中E为损失函数,ht-1为t-1时刻的输出,δt-1表示t-1时刻的误差;沿模型结构的反向传播:
Figure FDA0002332094200000023
其中E为损失函数;
Figure FDA0002332094200000024
为前一层经过权值和偏置值运算后的输出;
Figure FDA0002332094200000025
表示t时刻第l-1层的误差;(4) Start backpropagation according to the error in step (3). The backpropagation of the error includes two directions: backpropagation along time and backpropagation along the model structure; t needs to be calculated during backpropagation along time Error term at time -1:
Figure FDA0002332094200000022
where E is the loss function, h t-1 is the output at time t-1, δ t-1 is the error at time t-1; backpropagation along the model structure:
Figure FDA0002332094200000023
where E is the loss function;
Figure FDA0002332094200000024
It is the output of the previous layer after the weight and bias value operation;
Figure FDA0002332094200000025
Represents the error of the l-1th layer at time t; (5)根据步骤(4)反向传播计算出来的误差项计算以下权重和阈值梯度:遗忘门到输出权重梯度:
Figure FDA0002332094200000026
输入门到输出权重梯度:
Figure FDA0002332094200000027
单元状态到输出权重梯度:
Figure FDA0002332094200000028
输出门到输出权重梯度:
Figure FDA0002332094200000029
输入到遗忘门权重梯度:
Figure FDA00023320942000000210
输入到输入门权重梯度:
Figure FDA0002332094200000031
输入到单元状态权重梯度:
Figure FDA0002332094200000032
输入到输出门权重梯度:
Figure FDA0002332094200000033
遗忘门阈值梯度:
Figure FDA0002332094200000034
输入门阈值梯度:
Figure FDA0002332094200000035
单元状态阈值梯度:
Figure FDA0002332094200000036
输出门阈值梯度:
Figure FDA0002332094200000037
其中,Wfx、Wfh、Wfc分别为输入到遗忘门、遗忘门到输出、遗忘门到单元状态的权重矩阵;Wix、Wih、Wic分别为输入到输入门、输入门到输出、输入门到单元状态的权重矩阵;Wox、Woh、Woc分别为输入到输出门、输出门到输出、输出门到单元状态的权重矩阵;Wcx、Wch分别为输入到单元状态、单元状态到输出的权重矩阵;bf、bi、bc、bo分别为遗忘门、输入门、单元状态以及输出门的偏置项;E为损失函数;δf,t、δi,t、δc,t、δo,t分别对应网络中ft、it、ct、ot的误差项;其中xt表示t时刻的输入;hj-1表示j-1时刻的输出层的输出;T表示转置;(5) Calculate the following weights and threshold gradients according to the error term calculated by backpropagation in step (4): forget gate to output weight gradient:
Figure FDA0002332094200000026
Input gate to output weight gradient:
Figure FDA0002332094200000027
Cell state to output weight gradient:
Figure FDA0002332094200000028
Output gate to output weight gradient:
Figure FDA0002332094200000029
Input to forget gate weight gradient:
Figure FDA00023320942000000210
Input to input gate weight gradient:
Figure FDA0002332094200000031
Input to cell state weight gradient:
Figure FDA0002332094200000032
Input to output gate weight gradient:
Figure FDA0002332094200000033
Forget gate threshold gradient:
Figure FDA0002332094200000034
Input gate threshold gradient:
Figure FDA0002332094200000035
Cell state threshold gradient:
Figure FDA0002332094200000036
Output gate threshold gradient:
Figure FDA0002332094200000037
Among them, W fx , W fh , and W fc are the weight matrices of input to forget gate, forget gate to output, and forget gate to unit state, respectively; Wi ix , W ih , and W ic are input to input gate, input gate to output, respectively , the weight matrix from the input gate to the unit state; W ox , W oh , and W oc are the weight matrix from the input to the output gate, the output gate to the output, and the output gate to the unit state respectively; W cx , W ch are the input to the unit state respectively , the weight matrix from the unit state to the output; b f , b i , b c , and b o are the bias terms of the forget gate, input gate, unit state and output gate, respectively; E is the loss function; δ f,t , δ i ,t , δ c,t , δ o,t correspond to the error terms of f t , it , c t , and o t in the network respectively; where x t represents the input at time t; h j-1 represents the input at time j-1 The output of the output layer; T stands for transpose; 权重和阈值更新:遗忘门到输出权重更新:
Figure FDA0002332094200000038
输入门到输出权重更新:
Figure FDA0002332094200000039
单元状态到输出权重更新:
Figure FDA00023320942000000310
输入到遗忘门权重更新:
Figure FDA00023320942000000311
输入到遗忘门权重更新:
Figure FDA00023320942000000312
输入到输入门权重更新:
Figure FDA00023320942000000313
输入到单元状态权重更新:
Figure FDA00023320942000000314
输入到输出门权重更新:
Figure FDA00023320942000000315
遗忘门阈值更新:
Figure FDA00023320942000000316
输入门阈值更新:
Figure FDA00023320942000000317
单元状态阈值更新:
Figure FDA00023320942000000318
输出门阈值更新:
Figure FDA00023320942000000319
其中η=0.01为学习率;Weight and Threshold Update: Forget Gate to Output Weight Update:
Figure FDA0002332094200000038
Input gate to output weight update:
Figure FDA0002332094200000039
Cell state to output weight update:
Figure FDA00023320942000000310
Input to forget gate weight update:
Figure FDA00023320942000000311
Input to forget gate weight update:
Figure FDA00023320942000000312
Input to input gate weight update:
Figure FDA00023320942000000313
Input to cell state weight update:
Figure FDA00023320942000000314
Input to output gate weight update:
Figure FDA00023320942000000315
Forget gate threshold update:
Figure FDA00023320942000000316
Input gate threshold update:
Figure FDA00023320942000000317
Cell Status Threshold Update:
Figure FDA00023320942000000318
Output gate threshold update:
Figure FDA00023320942000000319
Where η=0.01 is the learning rate; (6)进入下一轮的训练,即根据更新的权重和阈值重新计算该样本的输出,直到误差满足期望;(6) Enter the next round of training, that is, recalculate the output of the sample according to the updated weight and threshold until the error meets expectations; (7)重复上述过程,直至学完所有样本,得到训练后的LSTM神经网络模型。(7) Repeat the above process until all samples are learned, and the trained LSTM neural network model is obtained. 6.一种并网接口装置,其特征在于:包括控制模块、显示模块、通信模块、交流模块、输入输出模块、检测模块、存储模块以及电源模块,其中:6. A grid-connected interface device, characterized in that: comprising a control module, a display module, a communication module, an AC module, an input and output module, a detection module, a storage module and a power supply module, wherein: 控制模块与所述电源模块、检测模块、通信模块、输出模块、显示模块、存储模块相连;The control module is connected with the power module, the detection module, the communication module, the output module, the display module and the storage module; 所述控制模块用于经通信模块与上层以及下层连接通信,并将接收数据发送至检测模块进行实时检测分类;根据检测模块发送来的报警提示生成报警信息发送至显示模块以及将报警信息、日志记录以及数据发送至存储模块进行保存和/或经通信模块发送至上层;The control module is used for connecting and communicating with the upper layer and the lower layer through the communication module, and sending the received data to the detection module for real-time detection and classification; according to the alarm prompt sent by the detection module, the alarm information is generated and sent to the display module, and the alarm information and log are sent to the display module. Records and data are sent to the storage module for storage and/or sent to the upper layer via the communication module; 显示模块用于运行状态的显示以及实现人机交互,并在接收到控制模块的报警提示后进行显示;The display module is used to display the running state and realize human-computer interaction, and display it after receiving the alarm prompt from the control module; 通信模块用于与外部智能设备进行通信;The communication module is used to communicate with external smart devices; 交流模块用于采集公共连接点的电压、电流等模拟电参量,以及冷热三联供系统内的发电单元、负荷模拟量,并将采集的模拟量传送给AD转换模块转换成能直接参与计算的数字量,并转换成数字信号后发送至检测模块;The AC module is used to collect analog electrical parameters such as voltage and current at the common connection point, as well as the power generation unit and load analog quantities in the cooling and heating triple supply system, and transmit the collected analog quantities to the AD conversion module to convert them into directly involved in the calculation. The digital quantity is converted into a digital signal and sent to the detection module; 输出模块用于将控制模块发送的指令信号进行输出;The output module is used to output the command signal sent by the control module; 输入模块用于接收、控制公共连接点或冷热三联供系统内负载投切开关的状态和指令信息并发送至检测模块;The input module is used to receive and control the status and command information of the load switching switch in the common connection point or the combined cooling and heating system and send it to the detection module; 电源模块用于为各模块供电;The power module is used to supply power to each module; 存储模块用于存储;The storage module is used for storage; 检测模块用于对控制模块发送的数据通过长短时记忆神经网络进行实时检测分类,输出分类结果,并判断分类结果是否存在网络攻击类,当分类结果中存在网络攻击类时,根据网络攻击的类型生成报警提示以及日志记录后发送至控制模块,同时对数据进行拦截,;当分类结果中数据均归入正常类时,则将数据发送至控制模块,控制模块将数据通过通信模块发送至上层。The detection module is used to detect and classify the data sent by the control module in real time through the long-short-term memory neural network, output the classification result, and determine whether there is a network attack type in the classification result. When there is a network attack type in the classification result, according to the type of network attack After generating alarm prompts and log records, it is sent to the control module, and the data is intercepted at the same time; when the data in the classification results are classified into the normal category, the data is sent to the control module, and the control module sends the data to the upper layer through the communication module. 7.根据权利要求6所述的并网接口装置,其特征在于:检测模块在对控制模块发送的数据通过LSTM神经网络模型进行实时检测分类之前,还对LSTM神经网络模型进行模型训练,所述模型训练包括:7. grid-connected interface device according to claim 6 is characterized in that: before the data sent by the control module is detected and classified in real time by the LSTM neural network model, the detection module also carries out model training to the LSTM neural network model, and the described Model training includes: 一、训练数据集的获取,获取冷热电三联供并网接口装置数据正负样本,所述正负样本组成训练数据集;1. The acquisition of the training data set, the positive and negative samples of the data of the combined cooling, heating and power grid-connected interface device are obtained, and the positive and negative samples constitute the training data set; 二、对长短时记忆神经网络模型进行模型训练:通过训练数据集对长短时记忆神经网络进行模型训练,得到训练后的LSTM神经网络模型。2. Model training on the long-short-term memory neural network model: Model training on the long-short-term memory neural network through the training data set to obtain the trained LSTM neural network model. 8.根据权利要求7所述的并网接口装置,其特征在于:对长短时记忆神经网络模型进行模型训练包括:8. The grid-connected interface device according to claim 7, wherein: performing model training on the long-short-term memory neural network model comprises: (1)初始化输入和给定期望输出;(1) Initialize the input and give the desired output; (2)随机从训练样本集中选取一个样本作为LSTM神经网络的输入,前向传播计算每个神经元的输出值,计算ft遗忘门输出、it输入门输出、ct单元状态输出、ot输出门输出、ht最终输出五个向量的值:(2) Randomly select a sample from the training sample set as the input of the LSTM neural network, calculate the output value of each neuron through forward propagation, calculate the output of the ft forgetting gate, the output of the input gate of it, the state output of the ct unit , and the output of the o t outputs the gate output, h t finally outputs the values of five vectors: ft=σ(Wfxxt+Wfhht-1+Wfcct-1+bf);f t =σ(W fx x t +W fh h t-1 +W fc c t-1 +b f ); it=σ(Wixxt+Wihht-1+Wicct-1+bi);i t =σ(W ix x t +W ih h t-1 +W ic c t-1 +b i );
Figure FDA0002332094200000051
Figure FDA0002332094200000051
 ot=σ(Woxxt+Wohht-1+Wocct-1+bo);o t =σ(W ox x t +W oh h t-1 +W oc c t-1 +b o );
Figure FDA0002332094200000052
Figure FDA0002332094200000052
 其中,Wfx、Wfh、Wfc分别为输入到遗忘门、遗忘门到输出、遗忘门到单元状态的权重矩阵;Wix、Wih、Wic分别为输入到输入门、输入门到输出、输入门到单元状态的权重矩阵;Wox、Woh、Woc分别为输入到输出门、输出门到输出、输出门到单元状态的权重矩阵;Wcx、Wch分别为输入到单元状态、单元状态到输出的权重矩阵;bf、bi、bc、bo分别为遗忘门、输入门、单元状态以及输出门的偏置项;xt为输入的训练样本;ht-1为前一时刻的输出;
Figure FDA0002332094200000053
表示按元素乘运算符;所述σ为二分类激活函数sigmod;tanh为激活函数;Among them, W fx , W fh , and W fc are the weight matrices of input to forget gate, forget gate to output, and forget gate to unit state; Wi ix , W ih , and W ic are input to input gate, input gate to output, respectively , the weight matrix from the input gate to the unit state; W ox , W oh , and W oc are the weight matrix from the input to the output gate, the output gate to the output, and the output gate to the unit state respectively; W cx , W ch are the input to the unit state respectively , the weight matrix from the unit state to the output; b f , b i , b c , and b o are the bias terms of the forget gate, input gate, unit state and output gate, respectively; x t is the input training sample; h t-1 is the output of the previous moment;
Figure FDA0002332094200000053
represents the element-wise multiplication operator; the σ is the binary classification activation function sigmod; tanh is the activation function; (3)引入交叉熵损失函数E=-[y ln a+(1-y)ln(1-a)]计算误差值,其中,y、a分别为样本的期望输出、实际输出值;如果误差满足预期,所述预期指的是期望输出与实际输出之间的误差值,取≤0.02,学习下一个样本;否则,计算上述输出层的误差项:
Figure FDA0002332094200000061
其中E为损失函数,ht为t时刻的输出;(3) Introduce the cross-entropy loss function E=-[y ln a+(1-y)ln(1-a)] to calculate the error value, where y and a are the expected output and actual output value of the sample respectively; if the error meets the Expectation, the expectation refers to the error value between the expected output and the actual output, take ≤0.02, and learn the next sample; otherwise, calculate the error term of the above output layer:
Figure FDA0002332094200000061
where E is the loss function, and h t is the output at time t; (4)根据步骤(3)的误差开始反向传播,误差反向传播包括两个方向:沿时间的反向传播和将沿模型结构的反向传播;沿时间的反向传播时需要计算t-1时刻的误差项:
Figure FDA0002332094200000062
其中E为损失函数,ht-1为t-1时刻的输出,δt-1表示t-1时刻的误差;沿模型结构的反向传播:
Figure FDA0002332094200000063
其中E为损失函数;
Figure FDA0002332094200000064
为前一层经过权值和偏置值运算后的输出;
Figure FDA0002332094200000065
表示t时刻第l-1层的误差;(4) Start backpropagation according to the error in step (3). The backpropagation of the error includes two directions: backpropagation along time and backpropagation along the model structure; t needs to be calculated during backpropagation along time Error term at time -1:
Figure FDA0002332094200000062
where E is the loss function, h t-1 is the output at time t-1, δ t-1 is the error at time t-1; backpropagation along the model structure:
Figure FDA0002332094200000063
where E is the loss function;
Figure FDA0002332094200000064
It is the output of the previous layer after the weight and bias value operation;
Figure FDA0002332094200000065
Represents the error of the l-1th layer at time t; (5)根据步骤(4)反向传播计算出来的误差项计算以下权重和阈值梯度:遗忘门到输出权重梯度:
Figure FDA0002332094200000066
输入门到输出权重梯度:
Figure FDA0002332094200000067
单元状态到输出权重梯度:
Figure FDA0002332094200000068
输出门到输出权重梯度:
Figure FDA0002332094200000069
输入到遗忘门权重梯度:
Figure FDA00023320942000000610
输入到输入门权重梯度:
Figure FDA00023320942000000611
输入到单元状态权重梯度:
Figure FDA00023320942000000612
输入到输出门权重梯度:
Figure FDA00023320942000000613
遗忘门阈值梯度:
Figure FDA00023320942000000614
输入门阈值梯度:
Figure FDA00023320942000000615
单元状态阈值梯度:
Figure FDA00023320942000000616
输出门阈值梯度:
Figure FDA00023320942000000617
其中,Wfx、Wfh、Wfc分别为输入到遗忘门、遗忘门到输出、遗忘门到单元状态的权重矩阵;Wix、Wih、Wic分别为输入到输入门、输入门到输出、输入门到单元状态的权重矩阵;Wox、Woh、Woc分别为输入到输出门、输出门到输出、输出门到单元状态的权重矩阵;Wcx、Wch分别为输入到单元状态、单元状态到输出的权重矩阵;bf、bi、bc、bo分别为遗忘门、输入门、单元状态以及输出门的偏置项;E为损失函数;δf,t、δi,t、δc,t、δo,t分别对应网络中ft、it、ct、ot的误差项;其中xt表示t时刻的输入;hj-1表示j-1时刻的输出层的输出;T表示转置;(5) Calculate the following weights and threshold gradients according to the error term calculated by backpropagation in step (4): forget gate to output weight gradient:
Figure FDA0002332094200000066
Input gate to output weight gradient:
Figure FDA0002332094200000067
Cell state to output weight gradient:
Figure FDA0002332094200000068
Output gate to output weight gradient:
Figure FDA0002332094200000069
Input to forget gate weight gradient:
Figure FDA00023320942000000610
Input to input gate weight gradient:
Figure FDA00023320942000000611
Input to cell state weight gradient:
Figure FDA00023320942000000612
Input to output gate weight gradient:
Figure FDA00023320942000000613
Forget gate threshold gradient:
Figure FDA00023320942000000614
Input gate threshold gradient:
Figure FDA00023320942000000615
Cell state threshold gradient:
Figure FDA00023320942000000616
Output gate threshold gradient:
Figure FDA00023320942000000617
Among them, W fx , W fh , and W fc are the weight matrices of input to forget gate, forget gate to output, and forget gate to unit state; Wi ix , W ih , and W ic are input to input gate, input gate to output, respectively , the weight matrix from the input gate to the unit state; W ox , W oh , and W oc are the weight matrix from the input to the output gate, the output gate to the output, and the output gate to the unit state respectively; W cx , W ch are the input to the unit state respectively , the weight matrix from the unit state to the output; b f , b i , b c , and b o are the bias terms of the forget gate, input gate, unit state and output gate, respectively; E is the loss function; δ f,t , δ i , t , δ c,t , δ o,t correspond to the error terms of f t , i t , c t , o t in the network respectively; where x t represents the input at time t; h j-1 represents the input at time j-1 The output of the output layer; T stands for transpose; 权重和阈值更新:遗忘门到输出权重更新:
Figure FDA0002332094200000071
输入门到输出权重更新:
Figure FDA0002332094200000072
单元状态到输出权重更新:
Figure FDA0002332094200000073
输入到遗忘门权重更新:
Figure FDA0002332094200000074
输入到遗忘门权重更新:
Figure FDA0002332094200000075
输入到输入门权重更新:
Figure FDA0002332094200000076
输入到单元状态权重更新:
Figure FDA0002332094200000077
输入到输出门权重更新:
Figure FDA0002332094200000078
遗忘门阈值更新:
Figure FDA0002332094200000079
输入门阈值更新:
Figure FDA00023320942000000710
单元状态阈值更新:
Figure FDA00023320942000000711
输出门阈值更新:
Figure FDA00023320942000000712
其中η=0.01为学习率;Weight and Threshold Update: Forget Gate to Output Weight Update:
Figure FDA0002332094200000071
Input gate to output weight update:
Figure FDA0002332094200000072
Cell state to output weight update:
Figure FDA0002332094200000073
Input to forget gate weight update:
Figure FDA0002332094200000074
Input to forget gate weight update:
Figure FDA0002332094200000075
Input to input gate weight update:
Figure FDA0002332094200000076
Input to cell state weight update:
Figure FDA0002332094200000077
Input to output gate weight update:
Figure FDA0002332094200000078
Forget gate threshold update:
Figure FDA0002332094200000079
Input gate threshold update:
Figure FDA00023320942000000710
Cell Status Threshold Update:
Figure FDA00023320942000000711
Output gate threshold update:
Figure FDA00023320942000000712
Where η=0.01 is the learning rate; (6)进入下一轮的训练,即根据更新的权重和阈值重新计算该样本的输出,直到误差满足期望;(6) Enter the next round of training, that is, recalculate the output of the sample according to the updated weight and threshold until the error meets expectations; (7)重复上述过程,直至学完所有样本,得到训练后的LSTM神经网络模型。(7) Repeat the above process until all samples are learned, and the trained LSTM neural network model is obtained.
CN201911342782.6A 2019-12-23 2019-12-23 Attack identification method based on LSTM neural network and grid-connected interface device Pending CN111127251A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911342782.6A CN111127251A (en) 2019-12-23 2019-12-23 Attack identification method based on LSTM neural network and grid-connected interface device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911342782.6A CN111127251A (en) 2019-12-23 2019-12-23 Attack identification method based on LSTM neural network and grid-connected interface device

Publications (1)

Publication Number Publication Date
CN111127251A true CN111127251A (en) 2020-05-08

Family

ID=70501553

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911342782.6A Pending CN111127251A (en) 2019-12-23 2019-12-23 Attack identification method based on LSTM neural network and grid-connected interface device

Country Status (1)

Country Link
CN (1) CN111127251A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165485A (en) * 2020-09-25 2021-01-01 山东炎黄工业设计有限公司 Intelligent prediction method for large-scale network security situation
CN113592150A (en) * 2021-07-04 2021-11-02 北京工业大学 Attack phase prediction method based on LSTM and attacker information
CN117473396A (en) * 2023-11-23 2024-01-30 湖南盈旺智慧能源科技有限公司 New energy automobile intelligent battery management system based on deep learning

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103545931A (en) * 2013-10-30 2014-01-29 国家电网公司 A distributed photovoltaic power generation grid-connected interface device
CN104167763A (en) * 2014-09-04 2014-11-26 华电电力科学研究院 Distributed energy management method and distributed energy management device composed of ground layer, intermediate layer and energy management layer
CN109670306A (en) * 2018-11-27 2019-04-23 国网山东省电力公司济宁供电公司 Electric power malicious code detecting method, server and system based on artificial intelligence
CN109922038A (en) * 2018-12-29 2019-06-21 中国电力科学研究院有限公司 A kind of detection method and device of the abnormal data for electric power terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103545931A (en) * 2013-10-30 2014-01-29 国家电网公司 A distributed photovoltaic power generation grid-connected interface device
CN104167763A (en) * 2014-09-04 2014-11-26 华电电力科学研究院 Distributed energy management method and distributed energy management device composed of ground layer, intermediate layer and energy management layer
CN109670306A (en) * 2018-11-27 2019-04-23 国网山东省电力公司济宁供电公司 Electric power malicious code detecting method, server and system based on artificial intelligence
CN109922038A (en) * 2018-12-29 2019-06-21 中国电力科学研究院有限公司 A kind of detection method and device of the abnormal data for electric power terminal

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112165485A (en) * 2020-09-25 2021-01-01 山东炎黄工业设计有限公司 Intelligent prediction method for large-scale network security situation
CN113592150A (en) * 2021-07-04 2021-11-02 北京工业大学 Attack phase prediction method based on LSTM and attacker information
CN117473396A (en) * 2023-11-23 2024-01-30 湖南盈旺智慧能源科技有限公司 New energy automobile intelligent battery management system based on deep learning

Similar Documents

Publication Publication Date Title
CN111131237B (en) Microgrid attack identification method and grid-connected interface device based on BP neural network
CN114430165B (en) Microgrid group intelligent coordination control method and device based on deep model prediction
CN111127251A (en) Attack identification method based on LSTM neural network and grid-connected interface device
CN117439045A (en) Multi-element load prediction method for comprehensive energy system
CN116840722B (en) Performance degradation evaluation and life prediction method for proton exchange membrane fuel cell
CN111144549A (en) Microgrid attack identification method and microgrid coordination controller based on convolutional neural network
Zu et al. A simple gated recurrent network for detection of power quality disturbances
CN113410874B (en) Load resource optimization control method based on virtual power plant peak regulation auxiliary service
CN116937565B (en) A distributed photovoltaic power generation power prediction method, system, device and medium
CN113872183A (en) Comprehensive energy optimization and coordination system
CN115118015B (en) A power supply stability monitoring system based on fusion terminal
CN109978236B (en) Small hydropower station short-term power refined prediction method based on feature combination
CN111061152B (en) Attack identification method and smart energy power control device based on deep neural network
KR20240001975A (en) Systems for predicting and monitoring solar power generation using artificial intelligence
CN119416099A (en) A method, system, device and storage medium for predicting line loss in an active distribution station area
CN111143835A (en) Non-invasive protection method for business logic of electric power metering system based on machine learning
CN118971344A (en) A new energy multi-energy complementary monitoring system and method based on artificial intelligence
CN111045330B (en) Attack recognition method and grid-connected interface device based on Elman neural network
CN117763447A (en) Electromechanical equipment fault probability prediction calculation model
CN117664558A (en) Generator gearbox abnormality detection method, device, equipment and storage medium
CN113420896B (en) Transformer substation inspection auxiliary method and system based on artificial intelligence and big data analysis
CN115598459A (en) Power failure prediction method for 10kV feeder line fault of power distribution network
Tan et al. Research on Fault Prediction Model Based on 5G Data Center
Zwirtes et al. Fault Detection in Photovoltaic Systems Using a Machine Learning Approach
Sun et al. Classification of Frequency Disturbance Event in Power Systems Considering Optimal PMU Placement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200508

RJ01 Rejection of invention patent application after publication