CN112165491B - Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system - Google Patents
Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system Download PDFInfo
- Publication number
- CN112165491B CN112165491B CN202011048035.4A CN202011048035A CN112165491B CN 112165491 B CN112165491 B CN 112165491B CN 202011048035 A CN202011048035 A CN 202011048035A CN 112165491 B CN112165491 B CN 112165491B
- Authority
- CN
- China
- Prior art keywords
- fault
- cfas
- gcps
- early warning
- indicating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computing arrangements using knowledge-based models
- G06N5/02—Knowledge representation; Symbolic representation
- G06N5/022—Knowledge engineering; Knowledge acquisition
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Artificial Intelligence (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a Grid Cyber-Physical Systems (GCPS) cross-Space Cascading failure self-adaptive early warning method, which is a self-adaptive early warning method suitable for a Grid Cyber-Physical system cross-Space Cascading Failure (CFAS) caused by cooperative network attack. The CFAS self-adaptive early warning method provided by the invention can accurately judge the CFAS type and the evolution process implemented by an attacker, and can assist a GCPS defender to timely block the CFAS from continuing to evolve under the condition of avoiding the interference network attack confusion.
Description
Technical Field
The invention belongs to the field of safety protection of grid cyber-Physical Systems (GCPS), and relates to a cross-space cascade fault self-adaptive early warning method and system of a cyber-Physical system tolerant to periodic fault hazards.
Background
An attacker can cause a series of Space-time cooperative physical faults at a plurality of power grid physical nodes through cooperative network attack to form a large-scale cross-Space Cascade Fault (CFAS), so that the safety margin of a power grid physical system is reduced, even large-scale power failure is caused, and the stable operation of the GCPS is seriously influenced. Accurate early warning is carried out in the evolution process of the CFAS, a GCPS defender can be assisted to adopt effective protective measures to block or delay the continuous development of the CFAS, and the capability of the GCPS to resist malicious attacks is improved.
At present, research aiming at a CFAS early warning method is in a starting stage, most of research contents are a mechanism and a detection method for forming a small-range power grid physical fault caused by network attack, and the CFAS implemented by an attacker is difficult to accurately judge: firstly, the existing research object is only a small-range physical fault caused by network attack, the space-time cooperative relationship among a plurality of physical faults in the CFAS is not fully considered, and the type and the evolution trend of the CFAS are difficult to infer; secondly, the existing fault detection method works in a mode of harm zero tolerance and is difficult to provide effective decision support for blocking CFAS evolution, the existing fault detection method immediately alarms after a potential fault is found, a large number of false alarms are easily formed, even a GCPS defender is misled by interference network attack and adopts a wrong handling mode to further enlarge fault harm, frequent actions of three defense lines of a power system and a power failure defense system are caused, limited defense resources are consumed, and GCPS toughness is reduced. Therefore, an accurate and effective CFAS early warning method is urgently needed to be designed.
Disclosure of Invention
The invention aims to solve the technical problems in the prior art, provides a CFAS self-adaptive early warning method for a power grid information physical system, which is tolerant to stage fault hazards, aiming at CFAS caused by cooperative network attack, and can be applied to CFAS early warning of GCPS.
The method adopts the technical scheme that: a cross-space cascading fault self-adaptive early warning method for a power grid information physical system is characterized by comprising the following steps:
step 1: constructing a GCPS running state transition model considering the influence of the cross-space cascade fault stage fault hazard, wherein the GCPS running state transition model comprises 5 GCPS running states and 11 state transition and transition conditions;
wherein 5 GCPS running states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4And a shutdown state Q5;
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating a CFAS knowledge base;
step 2: establishing an offline CFAS knowledge base and updating periodically;
and step 3: detecting a cooperative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and the step is switched to step 6 to execute calculation and adjustment basis;
and 4, step 4: constructing a control object set of early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS typesControl object set F (t) for constructing adaptive control process0) Let t equal t0;
And 5: setting constraint conditions of the self-adaptive control process, and calculating the periodic fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time tStage fault hazard Δ (y (t));
step 6: adaptively adjusting a control object set;
if only one is present in F (t)Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; if there is more than one of F (t)Determine all residuals at time tIf the Δ (y (t)) of (a) meets the constraint condition of the threshold value, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is Q3→Q4And judging the residueWhether the self-adaptive regulation basis is met or not, if so, turning to the step 7, if not, reducing the scale of the control object set F (t), and continuously observing the restLet t be t +1, and go to step 5 to calculate the periodic fault hazard; if not, judging whether the information security defense measures are executed or not,if the fault is executed, immediately alarming and assisting fault blocking, turning to step 7, if the fault is not executed, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to step 5 for calculating stage fault hazards;
and 7: outputting an early warning result and updating a CFAS knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
The technical scheme adopted by the system of the invention is as follows: a power grid information physical system cross-space cascading fault self-adaptive pre-warning system is characterized by comprising a first module, a second module, a third module, a fourth module, a fifth module, a sixth module and a seventh module;
the module I is used for constructing a GCPS running state transition model tolerant to stage fault hazards, and comprises 5 GCPS states and 11 state transition and transition conditions;
wherein 5 GCPS running states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4And a shutdown state Q5;
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating the CFAS repository.
The module II is used for establishing an offline CFAS knowledge base and updating the offline CFAS knowledge base periodically;
the module III is used for detecting the cooperative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and calculation and regulation are executed;
the module IV is used for constructing a control object set for early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS typesControl object set F (t) for constructing adaptive control process0) Let t equal t0;
The module V is used for setting constraint conditions of the self-adaptive control process and calculating the stage fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time tStage fault hazard Δ (y (t));
the module six is used for adaptively adjusting a control object set;
if only one is present in F (t)Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is S3→S1And go to module 7; if there is more than one of F (t)Determine all residuals at time tIf the Δ (y (t)) of (a) meets the constraint condition of the threshold, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is S3→S4And judging the residueWhether the self-adaptive regulation basis is met or not, if so, the control module is switched to a module 7, if not, the scale of the control object set F (t) is reduced, and the rest is continuously observedLet t be t +1 and turn to calculating the stage fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking, turning to a module 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to calculating the stage fault hazards;
the module III is used for outputting an early warning result and updating a CFAS (computational fluid dynamics) knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
The beneficial effects of the invention include:
1. a control object set in the self-adaptive control process is constructed according to the network attack observation sequence at the initial moment, so that the early warning purpose is increased, the initial scale of the control object set is restricted, and the blind matching of all known CFAS types in a CFAS (computational fluid dynamics) knowledge base is avoided;
2. by tolerating gracefully staged fault hazards, the analysis time to discern CFAS is increased to more fully observe attack behavior and fault hazards.
3. The observation error and the prediction error are used as the self-adaptive adjustment basis of CFAS early warning, the scale of a control object set is dynamically reduced, the influence of interference network attack is reduced, and the control object approaches to the CFAS implemented by an attacker.
4. The defender can timely and accurately block the unformed fault path according to the CFAS early warning result so as to eliminate or reduce fault damage and reduce defense cost.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a GCPS operating state transition model for tolerating the hazards of the periodic faults according to an embodiment of the present invention.
Detailed Description
In order to facilitate the understanding and implementation of the present invention for those of ordinary skill in the art, the present invention is further described in detail with reference to the accompanying drawings and examples, it is to be understood that the embodiments described herein are merely illustrative and explanatory of the present invention and are not restrictive thereof.
Referring to fig. 1, the self-adaptive early warning method for cross-space cascading faults of a power grid cyber physical system (CFAS self-adaptive early warning method) provided by the invention comprises the following steps:
step 1: constructing a GCPS running state migration model tolerant to stage fault hazards, wherein the GCPS running state migration model comprises 5 GCPS states and 11 state migration and migration conditions;
referring to fig. 2, in the GCPS operation state transition model for tolerating the periodic fault hazard provided in the embodiment, 5 GCPS operation states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4And a shutdown state Q5;
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating CFAS repository
Step 2: establishing an offline CFAS knowledge base and updating periodically;
the defender establishes an offline CFAS knowledge base according to the mastered cascading failure knowledge and updates the CFAS knowledge base regularly. In the embodiment, the power grid cascading failure cases caused by known network attacks or communication failures are collected to serve as data sources of the knowledge base, and the CFAS type is presumed according to the existing research results.
And step 3: detecting a cooperative network attack;
the network attack detection nodes deployed in the intelligent substations capture the network flow and message of each substation and GCPS real-time operation data in real time, and detect whether network attack exists or not; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and the step is switched to step 6 to execute calculation and mediation basis;
and 4, step 4: constructing a control object set of early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS typesControl object set F (t) for constructing adaptive control process0) Let t equal t0;
The specific implementation of the step 4 comprises the following substeps:
step 4.1: t is t0At the initial moment, combining the observation results of all the network attack detection nodes to obtain t0Network attack observation sequence X (t) of time0) Let us orderWhereinIs t0Single network attacks initiated at a moment;
step 4.2: x (t) is inferred according to evolution rules (Wangyufei, Lijune, Qiujia and the like) of physical faults of a power grid caused by network attacks, "a cross-space cascading fault selection and sorting method for considering attack benefits and losses", power grid technology, 2018, 42 (12): 3926-0) The network attack in (1) is what kind of compound fault is caused at which physical nodes; note some compound fault as yi,j,t*:Wherein y isi,j,t*Indicating that the ith composite fault occurs on the physical node j at the moment t, x' indicating a secondary fault, and xi,j,t*Indicating that the physical node j has the ith physical fault at the time t;
in this embodiment, the principle of attack profit and loss is used for reasoning, as shown in formula 1.
In equation 1, O is the expected target of attack, O (t)*) For each stage of the attack sub-target, phikFor a cooperative network attack scheme, x 'is network attack, x' is secondary failure,is t*At time instant physical node j experiences a physical fault of type i,to make it stand againAnd failure, FkCan be made of phikInitiated CFAS type, fgainAn attack revenue function for a composite fault or CFAS;
step 4.3: searching the CFAS knowledge base to obtain various potential CFAS types containing the fault paths, and recording a certain potential CFAS type asOrder toAnd in various waysSet of as t0Control object set F (t) at initial time0) Let us order
And 5: setting constraint conditions of the self-adaptive control process and calculating the periodic fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time tStage fault hazard Δ (y (t));
the invention provides a principle of tolerance of GCPS operation to the damage of stage faults, which comprises the following steps: in the CFAS early warning process, when the CFAS type and the evolution trend thereof implemented by an attacker can not be deduced according to the currently observed network attack and the stage fault hazard, comparing the current stage fault hazard with tolerance threshold values preset for various potential CFAS stage fault hazard tolerance degrees according to the GCPS running state: if the current phasic failure hazard is below a threshold, the GCPS is moderately allowed to operate in a degraded service mode in a state where a physical failure exists (such as a reduced safety margin, a small amount of primary equipment temporarily out of control), and continuously observe; if the current stage fault hazard reaches or exceeds a threshold value, the following measures are selected according to the current GCPS running state and the capability of a GCPS defender: firstly, when the GCPS does not operate in an emergency state, part of compound faults are blocked to reduce the damage of the stage faults and continuously observe; secondly, when the GCPS is in an emergency state or the capability of a GCPS defender, the emergency warning device immediately alarms and carries out emergency control and recovery of faults.
Based on the above principle of tolerance of the GCPS operation state to the damage of the periodic fault, the specific implementation of step 5 includes the following sub-steps:
step 5.1: setting a tolerance threshold delta of the stage fault hazard according to the GCPS running state and an expected defense targetmax;
In formula 2, PmaxThe upper limit of active power allowed to be lost under the constraint condition of the periodic fault hazard tolerance principle; hmaxThe upper limit of the number of the primary equipment which is allowed to be out of control temporarily under the principle constraint condition is set according to the extreme value of the active regulation capacity of a defender on the physical system of the power grid; t ismaxAn upper limit on the duration of allowable periodic faults, T (y), subject to the principle constraintsi,j,t*) To form a single yi,j,t*Time of (y)i,j,t*Indicating that the physical node j has the ith composite fault at the time t;
step 5.2: calculating the hazard delta (Y) of the periodic fault according to the active power loss, the out-of-control of the primary equipment and the duration of the periodic faulti,j,t);
In formula 3, Yi,j,tComposite fault y at time t for a potential CFAS of some kindi,j,t*Set of (2), Δ (Y)i,j,t) In order to be a risk of a stage failure,is a complex number of virtualA part number; p (Y)i,j,t) For the loss of active power up to time t, P (t)0) Is t0The active total amount of the power grid at the moment, P (t), is the active total amount of the power grid at the moment t; h (Y)i,j,t) As primary equipment runaway rate, H (t)0) Is t0The total number of the controllable primary equipment at the moment, H (t) is the total number of the controllable primary equipment at the moment t;a duration factor for a periodic fault; t > t0。
Step 6: adaptively adjusting a control object set;
if only one is present in F (t)Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; if there is more than one of F (t)Determine all residuals at time tIf the Δ (y (t)) of (a) meets the constraint condition of the threshold value, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is Q3→Q4And judge the multiplication residueWhether the self-adaptive regulation basis is met or not, if so, turning to the step 7, if not, reducing the scale of the control object set F (t), and continuously observing the restLet t be t +1 and go to step 5.2 to calculate the periodic fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking,turning to step 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to step 5.2 to calculate the stage fault hazards;
in this embodiment, the specific implementation of step 6 includes the following sub-steps:
step 6.1: if F (t) is present only uniquelyThe early warning is directly carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; otherwise, determine the various typesΔ (Y) ofi,j,t) Whether or not the threshold value δ is satisfiedmaxThe constraint constraints of (2) are discussed separately as follows:
case a: if 0. ltoreq. max { Δ (Y)i,j,t)}<δmaxAll ofΔ (Y) ofi,j,t) If the constraint conditions of the threshold values are met, each CFAS is tolerated to continue to evolve, the GCPS enters the degradation service, and the transition process of the running state is Q3→Q4Go to step 6.2;
case b: if deltamax≤min{Δ(Yi,j,t) All ofΔ (Y) ofi,j,t) All of which do not meet the threshold constraint, a limited number of information security defensive measures are performed against the various potential CFAS in an attempt to block part Y thereofi,j,tDecrease its delta (Y)i,j,t) And continuously observing, wherein the transition process of the GCPS running state is Q3→Q4Turning to step 5.2 to calculate the stage fault hazard; conversely, after taking information security defense measuresΔ (Y) ofi,j,t) If the threshold value of the constraint condition is not met, the GCPS defense system immediately alarms and assists a GCPS defense person to carry out fault blocking and emergency control through physical fault defense measures such as three defense lines of a power system, a power failure defense system and the like, and the transition process of the GCPS running state is Q3→Q5→Q1Or Q4→Q5→Q1;
Case c: if min { Δ (Y)i,j,t)}<δmax≤max{Δ(Yi,j,t) I.e. partIf the constraint condition of the threshold is satisfied, the various kinds of the constraint conditions are satisfiedTolerating the damage of the stage fault and continuously observing according to the mode of the case a, and for other various conditions which do not meet the constraint conditionLimiting the staged fault hazards according to the mode of the condition b, and turning to the step 6.2;
step 6.2: calculating and matching adaptive adjustment basis;
including calculating an observed error e of a phased fault hazardΦ(t) prediction error e from the network attack prediction sequenceX(t +1), as in equation 3;
in formula 3, x (t) is a network attack observation sequence at time t;andrespectively predicting sequences of network attacks at the moment t +1 deduced according to X (t)With the set of staged compound faults at time t,for compound failures presumed from network attacks, fgain() An attack gain function for a fault path (Wangyufei, Lijune, Qijian, and the like), "a cross-space cascading failure selection ordering method for considering attack gains and losses", a power grid technology, 2018, 42 (12): 3926-; e.g. of the typeΔ(t) observation errors of the stage fault hazards;is the hazard of the staged compound fault at the moment t; Δ (y (t)) is the stage-wise fault hazard for each potential CFAS; e.g. of the typeX(t +1) is a prediction error of the network attack prediction sequence;
e is to beΔ(t) and eX(t +1) is used as the adjusting basis of the CFAS self-adaptive pre-alarm, and the judgment is carried out according to the following four conditions:
1、eΔ(t)≈0&&eX(t +1) ≈ 0: determining the CFAS type and the evolution trend, and turning to step 7;
2、eΔ(t)>0&&eX(t +1) ≈ 0: knowing the historical stage faults, but not knowing the future evolution trend, and continuously observing;
3、eΔ(t)≈0&&eX(t +1) > 0: missing detection exists in historical periodic faults, the future evolution trend is known, and observation is continued;
4、eΔ(t)>0&&eX(t +1) > 0: and (3) continuously observing whether the historical stage faults and the evolution trend are unknown:
step 6.3: judge the residueWhether the adjustment basis is met is judged, if so, the step 7 is carried out, and if not, the step 6.4 is carried out;
in the formula 5, FkThe type of CFAS actually implemented for the attacker; t is thEach error at the moment is approximate to 0;
step 6.4: adaptively adjusting a control object set;
reducing the solution set size according to the adjustment basis, as shown in formula 5, and then turning to step 5.2 to calculate the stage fault hazard by setting t to t + 1;
F(t+1)=F(t)-μ(eΔ(t),eX(t+1)) (5)
s.t.Δ(Y(t))<δmax
in formula 6, μ () is the criterion for CFAS warning; f (t) is a solution set at the time t, and the scale of the solution set is gradually reduced according to the criterion function.
And 7: outputting an early warning result and updating a CFAS knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
The embodiment is applied to a power information physical system, which comprises a GCPS dispatching center and a plurality of intelligent substations. And a CFAS early warning decision node is deployed in a GCPS dispatching center, the CFAS early warning decision node senses the operation state of a physical system of the power grid in real time through an SCADA and senses network attacks generated by each station in real time through a network attack detection node to judge the CFAS implemented by an attacker, and can guide each information security defense node to block a composite fault so that the stage fault hazard of the potential CFAS meets the constraint condition. And deploying information security defense nodes and network attack detection nodes in each intelligent substation. The network attack detection node captures network messages in a station control layer network and a process layer network in real time, detects real-time network attacks in the local station according to the network messages and calculates various composite fault types possibly caused by the network attacks. The information security defense node carries out attack blocking and isolation on the detected network attack through various information security defense measures and prevents or delays the formation of corresponding compound faults.
The power grid information physics system CFAS self-adaptive pre-warning system provided by the embodiment comprises a first module, a second module, a third module, a fourth module, a fifth module, a sixth module and a seventh module;
the first module is used for constructing a GCPS running state transition model tolerant to stage fault hazards, and comprises 5 GCPS states and 11 state transition and transition conditions;
the module II is used for establishing an offline CFAS knowledge base and updating the offline CFAS knowledge base periodically;
a third module, configured to detect a collaborative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state S3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and calculation and mediation basis is executed;
a module IV for constructing a control object set of early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS typesControl object set F (t) for constructing adaptive control process0) Let t equal t0;
A fifth module, configured to set constraint conditions for an adaptive control process and calculate a periodic fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time tStage fault hazard Δ (y (t));
a sixth module, configured to adaptively adjust the control object set;
if only one is present in F (t)Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is S3→S1And go to step 7; if there is more than one advantage in F (t)Determine all residuals at time tIf the Δ (y (t)) of (a) meets the constraint condition of the threshold, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is S3→S4And judging the residueWhether the self-adaptive regulation basis is met or not, if so, turning to the step 7, if not, reducing the scale of the control object set F (t), and continuously observing the restLet t be t +1 and turn to calculating the stage fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking, turning to the step 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to calculating the stage fault hazards;
a seventh module, configured to output an early warning result and update a CFAS knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finishAnd (5) CFAS early warning.
It should be understood that parts of the specification not set forth in detail are well within the prior art.
It should be understood that the above description of the preferred embodiments is given for clarity and not for any purpose of limitation, and that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. A cross-space cascading fault self-adaptive early warning method for a power grid information physical system is characterized by comprising the following steps:
step 1: constructing a GCPS running state transition model considering the influence of the cross-space cascade fault stage fault hazard, wherein the GCPS running state transition model comprises 5 GCPS running states and 11 state transition and transition conditions;
wherein 5 GCPS running states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4And a shutdown state Q5;
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating a CFAS knowledge base;
step 2: establishing an offline CFAS knowledge base and updating periodically;
and step 3: detecting a cooperative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and the step is switched to step 6 to execute calculation and adjustment basis;
and 4, step 4: constructing a control object set of early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS typesControl object set F (t) for constructing adaptive control process0) Let t equal t0;
And 5: setting constraint conditions of the self-adaptive control process, and calculating the periodic fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time tStage fault hazard Δ (y (t));
step 6: adaptively adjusting a control object set;
if only one is present in F (t)Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; if there is more than one of F (t)Determine all residuals at time tIf the Δ (y (t)) of (a) meets the constraint condition of the threshold value, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is Q3→Q4And judging the residueWhether the self-adaptive regulation basis is met or not, if so, turning to the step 7, if not, reducing the scale of the control object set F (t), and continuously observing the restLet t be t +1, and go to step 5 to calculate the periodic fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking, turning to step 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to step 5 to calculate the stage fault hazards;
and 7: outputting an early warning result and updating a CFAS knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
2. The power grid cyber-physical system cross-space cascading failure adaptive early warning method according to claim 1, wherein: in step 2, the defender establishes an offline CFAS knowledge base according to the mastered cascading failure knowledge and updates the knowledge base regularly.
3. The power grid cyber-physical system cross-space cascading failure adaptive early warning method according to claim 1, wherein: the specific implementation of the step 4 comprises the following substeps:
step 4.1: t is t0At the initial moment, combining the observation results of all the network attack detection nodes to obtain t0Network attack observation sequence X (t) of time0) Let us orderWhereinIs t0Single network attacks initiated at a moment;
step 4.2: reasoning X (t) according to evolution rule of network attack induced grid physical fault0) The network attack in (1) is what kind of compound fault is caused at which physical nodes; record a compound fault as Wherein y isi,j,t*Indicating that the ith composite fault occurs on the physical node j at the moment t, x' indicating a secondary fault, and xi,j,t*Indicating that the physical node j has the ith physical fault at the time t;
4. The power grid cyber-physical system cross-space cascading failure adaptive early warning method according to claim 3, wherein the specific implementation of the step 5 comprises the following sub-steps:
step 5.1: setting a tolerance threshold delta of the stage fault hazard according to the GCPS running state and an expected defense targetmax;
In formula 1, PmaxThe upper limit of active power allowed to be lost under the constraint condition of the periodic fault hazard tolerance principle; hmaxThe upper limit of the number of the primary equipment which is allowed to be out of control temporarily under the principle constraint condition is set according to the extreme value of the active regulation capacity of a defender on the physical system of the power grid; t ismaxAn upper limit on the duration of allowable periodic faults, T (y), subject to the principle constraintsi,j,t*) To form a single yi,j,t*Time of (y)i,j,t*Indicating that the physical node j has the ith composite fault at the time t;
step 5.2: calculating the hazard delta (Y) of the periodic fault according to the active power loss, the out-of-control of the primary equipment and the duration of the periodic faulti,j,t);
In formula 2, Yi,j,tComposite fault y at time t for a potential CFAS of some kindi,j,t*Set of (2), Δ (Y)i,j,t) In order to be a risk of a stage failure,the imaginary part of the complex number; p (Y)i,j,t) For the loss of active power up to time t, P (t)0) Is t0The active total amount of the power grid at the moment, P (t), is the active total amount of the power grid at the moment t; h (Y)i,j,t) As primary equipment runaway rate, H (t)0) Is t0The total number of the controllable primary equipment at the moment, H (t) is the total number of the controllable primary equipment at the moment t;a duration factor for a periodic fault; t > t0。
5. The power grid cyber-physical system cross-space cascading failure adaptive early warning method according to claim 4, wherein the specific implementation of the step 6 comprises the following sub-steps:
step 6.1: if F (t) is present only uniquelyThe early warning is directly carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; otherwise, determine the various typesΔ (Y) ofi,j,t) Whether or not the threshold value δ is satisfiedmaxThe constraint constraints of (2) are discussed separately as follows:
case a: if 0. ltoreq. max { Δ (Y)i,j,t)}<δmaxAll ofΔ (Y) ofi,j,t) If the constraint conditions of the threshold values are met, each CFAS is tolerated to continue to evolve, the GCPS enters the degradation service, and the transition process of the running state is Q3→Q4Go to step 6.2;
case b: if deltamax≤min{Δ(Yi,j,t) All ofΔ (Y) ofi,j,t) All of which do not meet the threshold constraint, a limited number of information security defensive measures are performed against the various potential CFAS in an attempt to block part Y thereofi,j,tDecrease its delta (Y)i,j,t) And continuously observing, wherein the transition process of the GCPS running state is Q3→Q4Turning to step 5 to calculate the periodic fault hazard; conversely, after taking information security defense measuresΔ (Y) ofi,j,t) If the threshold value of the constraint condition is not met, the warning is immediately given and the GCPS defender is assisted to carry out fault blocking and emergency control through physical fault defense measures, wherein the transition process of the GCPS running state is Q3→Q5→Q1Or Q4→Q5→Q1;
Case c: if min { Δ (Y)i,j,t)}<δmax≤max{Δ(Yi,j,t) I.e. partIf the constraint condition of the threshold is satisfied, the various kinds of the constraint conditions are satisfiedTolerating the damage of the stage fault and continuously observing according to the mode of the case a, and for other various conditions which do not meet the constraint conditionLimiting the staged fault hazards according to the mode of the condition b, and turning to the step 6.2;
step 6.2: calculating and matching adaptive adjustment basis;
including calculating an observed error e of a phased fault hazardΦ(t) prediction error e from the network attack prediction sequenceX(t +1), as in equation 3;
in formula 3, x (t) is a network attack observation sequence at time t;andrespectively a network attack prediction sequence at the t +1 moment deduced according to X (t) and a periodic composite fault set at the t moment,for compound failures presumed from network attacks, fgain() An attack revenue function for the failed path; e.g. of the typeΔ(t) observation errors of the stage fault hazards;is the hazard of the staged compound fault at the moment t; Δ (y (t)) is the stage-wise fault hazard for each potential CFAS; e.g. of the typeX(t +1) is a prediction error of the network attack prediction sequence;
e is to beΔ(t) and eX(t +1) is used as the adjusting basis of the CFAS self-adaptive pre-alarm, and the judgment is carried out according to the following four conditions:
1、eΔ(t)≈0&&eX(t +1) ≈ 0: determining the CFAS type and the evolution trend, and turning to step 7;
2、eΔ(t)>0&&eX(t +1) ≈ 0: knowing the historical stage faults, but not knowing the future evolution trend, and continuously observing;
3、eΔ(t)≈0&&eX(t +1) > 0: missing detection exists in historical periodic faults, the future evolution trend is known, and observation is continued;
4、eΔ(t)>0&&eX(t +1) > 0: continuously observing the historical periodic faults and the evolution trend which are unknown;
step 6.3: judge the residueWhether the adjustment basis is met is judged, if so, the step 7 is carried out, and if not, the step 6.4 is carried out;
in formula 4, FkThe type of CFAS actually implemented for the attacker; t is thEach error at the moment is approximate to 0;
step 6.4: adaptively adjusting a control object set;
reducing the collective scale of the solutions according to the regulation basis, as shown in formula 5, and then turning to step 5 to calculate the stage fault hazard by setting t to t + 1;
F(t+1)=F(t)-μ(eΔ(t),eX(t+1)) (5)
s.t.Δ(Y(t))<δmax
in formula 5, μ () is the criterion for CFAS warning; f (t) is a solution set at the time t, and the scale of the solution set is gradually reduced according to the criterion function.
6. A power grid information physical system cross-space cascading fault self-adaptive pre-warning system is characterized by comprising a first module, a second module, a third module, a fourth module, a fifth module, a sixth module and a seventh module;
the module I is used for constructing a GCPS running state transition model tolerant to stage fault hazards, and comprises 5 GCPS states and 11 state transition and transition conditions;
wherein 5 GCPS running states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4In the state of and out of serviceState Q5;
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating a CFAS knowledge base;
the module II is used for establishing an offline CFAS knowledge base and updating the offline CFAS knowledge base periodically;
the module III is used for detecting the cooperative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and calculation and regulation are executed;
the module IV is used for constructing a control object set for early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS typesControl object set F (t) for constructing adaptive control process0) Let t equal t0;
The fifth module is used for setting a constraint strip of the adaptive control processChecking and calculating the stage fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time tStage fault hazard Δ (y (t));
the module six is used for adaptively adjusting a control object set;
if only one is present in F (t)Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is S3→S1And go to module 7; if there is more than one of F (t)Determine all residuals at time tIf the Δ (y (t)) of (a) meets the constraint condition of the threshold, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is S3→S4And judging the residueWhether the self-adaptive regulation basis is met or not, if so, the control module is switched to a module 7, if not, the scale of the control object set F (t) is reduced, and the rest is continuously observedLet t be t +1 and turn to calculating the stage fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking, turning to a module 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to calculationA periodic fault hazard;
the module III is used for outputting an early warning result and updating a CFAS (computational fluid dynamics) knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011048035.4A CN112165491B (en) | 2020-09-29 | 2020-09-29 | Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011048035.4A CN112165491B (en) | 2020-09-29 | 2020-09-29 | Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112165491A CN112165491A (en) | 2021-01-01 |
CN112165491B true CN112165491B (en) | 2021-09-03 |
Family
ID=73860638
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011048035.4A Active CN112165491B (en) | 2020-09-29 | 2020-09-29 | Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112165491B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114021999A (en) * | 2021-11-09 | 2022-02-08 | 国网山东省电力公司信息通信公司 | Full scene power grid dispatching exchange network management and control system and method |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107222348A (en) * | 2017-06-22 | 2017-09-29 | 湘潭大学 | A kind of method for reducing power information physical system cascading failure risk |
CN109145428A (en) * | 2018-08-14 | 2019-01-04 | 国网四川省电力公司信息通信公司 | A kind of information physical emerging system vulnerability assessment method under cascading failure mode |
CN110474327A (en) * | 2019-08-20 | 2019-11-19 | 国电南瑞科技股份有限公司 | Power distribution network CPS information-physical combination forecast failure generation method and system |
CN111428200A (en) * | 2020-03-23 | 2020-07-17 | 全球能源互联网研究院有限公司 | Cross-space cascading failure assessment method, device and equipment |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9129108B2 (en) * | 2012-01-31 | 2015-09-08 | International Business Machines Corporation | Systems, methods and computer programs providing impact mitigation of cyber-security failures |
CN108053126A (en) * | 2017-12-22 | 2018-05-18 | 南京邮电大学 | A kind of electric power CPS methods of risk assessment under Dos attacks |
-
2020
- 2020-09-29 CN CN202011048035.4A patent/CN112165491B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107222348A (en) * | 2017-06-22 | 2017-09-29 | 湘潭大学 | A kind of method for reducing power information physical system cascading failure risk |
CN109145428A (en) * | 2018-08-14 | 2019-01-04 | 国网四川省电力公司信息通信公司 | A kind of information physical emerging system vulnerability assessment method under cascading failure mode |
CN110474327A (en) * | 2019-08-20 | 2019-11-19 | 国电南瑞科技股份有限公司 | Power distribution network CPS information-physical combination forecast failure generation method and system |
CN111428200A (en) * | 2020-03-23 | 2020-07-17 | 全球能源互联网研究院有限公司 | Cross-space cascading failure assessment method, device and equipment |
Non-Patent Citations (6)
Title |
---|
An assessment method of vulnerabilities in electric CPS cyber space;Guotai Yang等;《2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery》;20160815;全文 * |
Optimal Allocation of Interconnecting Links in Cyber-Physical Systems:Interdependence, Cascading Failure, and Robustness;Osman Yagan等;《IEEE Transactions in Parallel and Distributed Systems》;20120207;第23卷(第9期);全文 * |
复杂网络理论在电力CPS连锁故障研究中的应用综述;王先培等;《电网技术》;20170930;第41卷(第9期);全文 * |
电力CPS信息网络脆弱性及其评估方法;杨国泰等;《中国电力》;20180131;第51卷(第1期);全文 * |
考虑攻击损益的电网CPS场站级跨空间连锁故障早期预警方法;王宇飞等;《中国电力》;20200131;第53卷(第1期);全文 * |
计及攻击损益的跨空间连锁故障选择排序方法;王宇飞等;《电网技术》;20181231;第42卷(第12期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN112165491A (en) | 2021-01-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Fillatre et al. | Security of SCADA systems against cyber–physical attacks | |
Zonouz et al. | RRE: A game-theoretic intrusion response and recovery engine | |
US11283257B2 (en) | Securing against malicious control of circuit breakers in electrical substations | |
Hu et al. | Intrusion-detector-dependent distributed economic model predictive control for load frequency regulation with PEVs under cyber attacks | |
US9910982B2 (en) | Large-scale, time-sensitive secure distributed control systems and methods | |
Mhaskar et al. | Fault‐tolerant control of nonlinear process systems subject to sensor faults | |
Orojloo et al. | Modelling and evaluation of the security of cyber‐physical systems using stochastic Petri nets | |
CN112165491B (en) | Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system | |
Sheikh et al. | Cyber attack and fault identification of hvac system in building management systems | |
Kaouk et al. | A review of intrusion detection systems for industrial control systems | |
Rieger et al. | Resilient control system execution agent (ReCoSEA) | |
Akbarian et al. | A security framework in digital twins for cloud-based industrial control systems: Intrusion detection and mitigation | |
CN110474327B (en) | CPS (control performance Standard) information-physical combination expected fault generation method and system for power distribution network | |
Patil et al. | A machine learning approach to distinguish faults and cyberattacks in smart buildings | |
US20230291753A1 (en) | Event-triggering control scheme for discrete time cyberphysical systems in the presence of simultaneous hybrid stochastic attacks | |
Xie et al. | Observer-based adaptive NN security control for switched nonlinear systems against DoS attacks: An ADT approach | |
Saravanakumar et al. | Hybrid‐driven‐based resilient control for networked T‐S fuzzy systems with time‐delay and cyber‐attacks | |
Shafei et al. | A comprehensive review on cyber-attack detection and control of microgrid systems | |
CN107918740A (en) | A kind of sensitive data decision-making decision method and system | |
Rieger et al. | A cyber resilient design for control systems | |
Ding et al. | Neuroadaptive prescribed-time secure control for nonlinear interconnected NCSs via multiple triggering against DoS attacks | |
CN111338297B (en) | Industrial control safety framework system based on industrial cloud | |
Rath et al. | Improvise, Adapt, Overcome: Dynamic Resiliency Against Unknown Attack Vectors in Microgrid Cybersecurity Games | |
El Hariri et al. | An artificially intelligent physical model-checking approach to detect switching-related attacks on power systems | |
Zhao et al. | Multi-agent learning for resilient distributed control systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |