CN112165491B - Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system - Google Patents

Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system Download PDF

Info

Publication number
CN112165491B
CN112165491B CN202011048035.4A CN202011048035A CN112165491B CN 112165491 B CN112165491 B CN 112165491B CN 202011048035 A CN202011048035 A CN 202011048035A CN 112165491 B CN112165491 B CN 112165491B
Authority
CN
China
Prior art keywords
fault
cfas
gcps
early warning
indicating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011048035.4A
Other languages
Chinese (zh)
Other versions
CN112165491A (en
Inventor
王宇飞
李俊娥
陆秋余
陈洋荣
梁佳琦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN202011048035.4A priority Critical patent/CN112165491B/en
Publication of CN112165491A publication Critical patent/CN112165491A/en
Application granted granted Critical
Publication of CN112165491B publication Critical patent/CN112165491B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/02Knowledge representation; Symbolic representation
    • G06N5/022Knowledge engineering; Knowledge acquisition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a Grid Cyber-Physical Systems (GCPS) cross-Space Cascading failure self-adaptive early warning method, which is a self-adaptive early warning method suitable for a Grid Cyber-Physical system cross-Space Cascading Failure (CFAS) caused by cooperative network attack. The CFAS self-adaptive early warning method provided by the invention can accurately judge the CFAS type and the evolution process implemented by an attacker, and can assist a GCPS defender to timely block the CFAS from continuing to evolve under the condition of avoiding the interference network attack confusion.

Description

Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system
Technical Field
The invention belongs to the field of safety protection of grid cyber-Physical Systems (GCPS), and relates to a cross-space cascade fault self-adaptive early warning method and system of a cyber-Physical system tolerant to periodic fault hazards.
Background
An attacker can cause a series of Space-time cooperative physical faults at a plurality of power grid physical nodes through cooperative network attack to form a large-scale cross-Space Cascade Fault (CFAS), so that the safety margin of a power grid physical system is reduced, even large-scale power failure is caused, and the stable operation of the GCPS is seriously influenced. Accurate early warning is carried out in the evolution process of the CFAS, a GCPS defender can be assisted to adopt effective protective measures to block or delay the continuous development of the CFAS, and the capability of the GCPS to resist malicious attacks is improved.
At present, research aiming at a CFAS early warning method is in a starting stage, most of research contents are a mechanism and a detection method for forming a small-range power grid physical fault caused by network attack, and the CFAS implemented by an attacker is difficult to accurately judge: firstly, the existing research object is only a small-range physical fault caused by network attack, the space-time cooperative relationship among a plurality of physical faults in the CFAS is not fully considered, and the type and the evolution trend of the CFAS are difficult to infer; secondly, the existing fault detection method works in a mode of harm zero tolerance and is difficult to provide effective decision support for blocking CFAS evolution, the existing fault detection method immediately alarms after a potential fault is found, a large number of false alarms are easily formed, even a GCPS defender is misled by interference network attack and adopts a wrong handling mode to further enlarge fault harm, frequent actions of three defense lines of a power system and a power failure defense system are caused, limited defense resources are consumed, and GCPS toughness is reduced. Therefore, an accurate and effective CFAS early warning method is urgently needed to be designed.
Disclosure of Invention
The invention aims to solve the technical problems in the prior art, provides a CFAS self-adaptive early warning method for a power grid information physical system, which is tolerant to stage fault hazards, aiming at CFAS caused by cooperative network attack, and can be applied to CFAS early warning of GCPS.
The method adopts the technical scheme that: a cross-space cascading fault self-adaptive early warning method for a power grid information physical system is characterized by comprising the following steps:
step 1: constructing a GCPS running state transition model considering the influence of the cross-space cascade fault stage fault hazard, wherein the GCPS running state transition model comprises 5 GCPS running states and 11 state transition and transition conditions;
wherein 5 GCPS running states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4And a shutdown state Q5
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating a CFAS knowledge base;
step 2: establishing an offline CFAS knowledge base and updating periodically;
and step 3: detecting a cooperative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and the step is switched to step 6 to execute calculation and adjustment basis;
and 4, step 4: constructing a control object set of early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS types
Figure GDA0003118890740000021
Control object set F (t) for constructing adaptive control process0) Let t equal t0
And 5: setting constraint conditions of the self-adaptive control process, and calculating the periodic fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time t
Figure GDA0003118890740000022
Stage fault hazard Δ (y (t));
step 6: adaptively adjusting a control object set;
if only one is present in F (t)
Figure GDA0003118890740000023
Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; if there is more than one of F (t)
Figure GDA0003118890740000024
Determine all residuals at time t
Figure GDA0003118890740000025
If the Δ (y (t)) of (a) meets the constraint condition of the threshold value, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is Q3→Q4And judging the residue
Figure GDA0003118890740000026
Whether the self-adaptive regulation basis is met or not, if so, turning to the step 7, if not, reducing the scale of the control object set F (t), and continuously observing the rest
Figure GDA0003118890740000027
Let t be t +1, and go to step 5 to calculate the periodic fault hazard; if not, judging whether the information security defense measures are executed or not,if the fault is executed, immediately alarming and assisting fault blocking, turning to step 7, if the fault is not executed, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to step 5 for calculating stage fault hazards;
and 7: outputting an early warning result and updating a CFAS knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
The technical scheme adopted by the system of the invention is as follows: a power grid information physical system cross-space cascading fault self-adaptive pre-warning system is characterized by comprising a first module, a second module, a third module, a fourth module, a fifth module, a sixth module and a seventh module;
the module I is used for constructing a GCPS running state transition model tolerant to stage fault hazards, and comprises 5 GCPS states and 11 state transition and transition conditions;
wherein 5 GCPS running states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4And a shutdown state Q5
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating the CFAS repository.
The module II is used for establishing an offline CFAS knowledge base and updating the offline CFAS knowledge base periodically;
the module III is used for detecting the cooperative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and calculation and regulation are executed;
the module IV is used for constructing a control object set for early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS types
Figure GDA0003118890740000031
Control object set F (t) for constructing adaptive control process0) Let t equal t0
The module V is used for setting constraint conditions of the self-adaptive control process and calculating the stage fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time t
Figure GDA0003118890740000041
Stage fault hazard Δ (y (t));
the module six is used for adaptively adjusting a control object set;
if only one is present in F (t)
Figure GDA0003118890740000042
Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is S3→S1And go to module 7; if there is more than one of F (t)
Figure GDA0003118890740000043
Determine all residuals at time t
Figure GDA0003118890740000044
If the Δ (y (t)) of (a) meets the constraint condition of the threshold, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is S3→S4And judging the residue
Figure GDA0003118890740000045
Whether the self-adaptive regulation basis is met or not, if so, the control module is switched to a module 7, if not, the scale of the control object set F (t) is reduced, and the rest is continuously observed
Figure GDA0003118890740000046
Let t be t +1 and turn to calculating the stage fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking, turning to a module 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to calculating the stage fault hazards;
the module III is used for outputting an early warning result and updating a CFAS (computational fluid dynamics) knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
The beneficial effects of the invention include:
1. a control object set in the self-adaptive control process is constructed according to the network attack observation sequence at the initial moment, so that the early warning purpose is increased, the initial scale of the control object set is restricted, and the blind matching of all known CFAS types in a CFAS (computational fluid dynamics) knowledge base is avoided;
2. by tolerating gracefully staged fault hazards, the analysis time to discern CFAS is increased to more fully observe attack behavior and fault hazards.
3. The observation error and the prediction error are used as the self-adaptive adjustment basis of CFAS early warning, the scale of a control object set is dynamically reduced, the influence of interference network attack is reduced, and the control object approaches to the CFAS implemented by an attacker.
4. The defender can timely and accurately block the unformed fault path according to the CFAS early warning result so as to eliminate or reduce fault damage and reduce defense cost.
Drawings
FIG. 1 is a flow chart of a method according to an embodiment of the present invention.
Fig. 2 is a schematic diagram of a GCPS operating state transition model for tolerating the hazards of the periodic faults according to an embodiment of the present invention.
Detailed Description
In order to facilitate the understanding and implementation of the present invention for those of ordinary skill in the art, the present invention is further described in detail with reference to the accompanying drawings and examples, it is to be understood that the embodiments described herein are merely illustrative and explanatory of the present invention and are not restrictive thereof.
Referring to fig. 1, the self-adaptive early warning method for cross-space cascading faults of a power grid cyber physical system (CFAS self-adaptive early warning method) provided by the invention comprises the following steps:
step 1: constructing a GCPS running state migration model tolerant to stage fault hazards, wherein the GCPS running state migration model comprises 5 GCPS states and 11 state migration and migration conditions;
referring to fig. 2, in the GCPS operation state transition model for tolerating the periodic fault hazard provided in the embodiment, 5 GCPS operation states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4And a shutdown state Q5
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating CFAS repository
Step 2: establishing an offline CFAS knowledge base and updating periodically;
the defender establishes an offline CFAS knowledge base according to the mastered cascading failure knowledge and updates the CFAS knowledge base regularly. In the embodiment, the power grid cascading failure cases caused by known network attacks or communication failures are collected to serve as data sources of the knowledge base, and the CFAS type is presumed according to the existing research results.
And step 3: detecting a cooperative network attack;
the network attack detection nodes deployed in the intelligent substations capture the network flow and message of each substation and GCPS real-time operation data in real time, and detect whether network attack exists or not; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and the step is switched to step 6 to execute calculation and mediation basis;
and 4, step 4: constructing a control object set of early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS types
Figure GDA00031188907400000612
Control object set F (t) for constructing adaptive control process0) Let t equal t0
The specific implementation of the step 4 comprises the following substeps:
step 4.1: t is t0At the initial moment, combining the observation results of all the network attack detection nodes to obtain t0Network attack observation sequence X (t) of time0) Let us order
Figure GDA0003118890740000061
Wherein
Figure GDA0003118890740000062
Is t0Single network attacks initiated at a moment;
step 4.2: x (t) is inferred according to evolution rules (Wangyufei, Lijune, Qiujia and the like) of physical faults of a power grid caused by network attacks, "a cross-space cascading fault selection and sorting method for considering attack benefits and losses", power grid technology, 2018, 42 (12): 3926-0) The network attack in (1) is what kind of compound fault is caused at which physical nodes; note some compound fault as yi,j,t*
Figure GDA0003118890740000063
Wherein y isi,j,t*Indicating that the ith composite fault occurs on the physical node j at the moment t, x' indicating a secondary fault, and xi,j,t*Indicating that the physical node j has the ith physical fault at the time t;
in this embodiment, the principle of attack profit and loss is used for reasoning, as shown in formula 1.
Figure GDA0003118890740000064
In equation 1, O is the expected target of attack, O (t)*) For each stage of the attack sub-target, phikFor a cooperative network attack scheme, x 'is network attack, x' is secondary failure,
Figure GDA00031188907400000611
is t*At time instant physical node j experiences a physical fault of type i,
Figure GDA00031188907400000610
to make it stand againAnd failure, FkCan be made of phikInitiated CFAS type, fgainAn attack revenue function for a composite fault or CFAS;
step 4.3: searching the CFAS knowledge base to obtain various potential CFAS types containing the fault paths, and recording a certain potential CFAS type as
Figure GDA0003118890740000065
Order to
Figure GDA0003118890740000066
And in various ways
Figure GDA0003118890740000067
Set of as t0Control object set F (t) at initial time0) Let us order
Figure GDA0003118890740000068
And 5: setting constraint conditions of the self-adaptive control process and calculating the periodic fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time t
Figure GDA0003118890740000069
Stage fault hazard Δ (y (t));
the invention provides a principle of tolerance of GCPS operation to the damage of stage faults, which comprises the following steps: in the CFAS early warning process, when the CFAS type and the evolution trend thereof implemented by an attacker can not be deduced according to the currently observed network attack and the stage fault hazard, comparing the current stage fault hazard with tolerance threshold values preset for various potential CFAS stage fault hazard tolerance degrees according to the GCPS running state: if the current phasic failure hazard is below a threshold, the GCPS is moderately allowed to operate in a degraded service mode in a state where a physical failure exists (such as a reduced safety margin, a small amount of primary equipment temporarily out of control), and continuously observe; if the current stage fault hazard reaches or exceeds a threshold value, the following measures are selected according to the current GCPS running state and the capability of a GCPS defender: firstly, when the GCPS does not operate in an emergency state, part of compound faults are blocked to reduce the damage of the stage faults and continuously observe; secondly, when the GCPS is in an emergency state or the capability of a GCPS defender, the emergency warning device immediately alarms and carries out emergency control and recovery of faults.
Based on the above principle of tolerance of the GCPS operation state to the damage of the periodic fault, the specific implementation of step 5 includes the following sub-steps:
step 5.1: setting a tolerance threshold delta of the stage fault hazard according to the GCPS running state and an expected defense targetmax
Figure GDA0003118890740000071
In formula 2, PmaxThe upper limit of active power allowed to be lost under the constraint condition of the periodic fault hazard tolerance principle; hmaxThe upper limit of the number of the primary equipment which is allowed to be out of control temporarily under the principle constraint condition is set according to the extreme value of the active regulation capacity of a defender on the physical system of the power grid; t ismaxAn upper limit on the duration of allowable periodic faults, T (y), subject to the principle constraintsi,j,t*) To form a single yi,j,t*Time of (y)i,j,t*Indicating that the physical node j has the ith composite fault at the time t;
step 5.2: calculating the hazard delta (Y) of the periodic fault according to the active power loss, the out-of-control of the primary equipment and the duration of the periodic faulti,j,t);
Figure GDA0003118890740000072
In formula 3, Yi,j,tComposite fault y at time t for a potential CFAS of some kindi,j,t*Set of (2), Δ (Y)i,j,t) In order to be a risk of a stage failure,
Figure GDA0003118890740000073
is a complex number of virtualA part number; p (Y)i,j,t) For the loss of active power up to time t, P (t)0) Is t0The active total amount of the power grid at the moment, P (t), is the active total amount of the power grid at the moment t; h (Y)i,j,t) As primary equipment runaway rate, H (t)0) Is t0The total number of the controllable primary equipment at the moment, H (t) is the total number of the controllable primary equipment at the moment t;
Figure GDA0003118890740000081
a duration factor for a periodic fault; t > t0
Step 6: adaptively adjusting a control object set;
if only one is present in F (t)
Figure GDA0003118890740000082
Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; if there is more than one of F (t)
Figure GDA0003118890740000083
Determine all residuals at time t
Figure GDA0003118890740000084
If the Δ (y (t)) of (a) meets the constraint condition of the threshold value, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is Q3→Q4And judge the multiplication residue
Figure GDA0003118890740000085
Whether the self-adaptive regulation basis is met or not, if so, turning to the step 7, if not, reducing the scale of the control object set F (t), and continuously observing the rest
Figure GDA0003118890740000086
Let t be t +1 and go to step 5.2 to calculate the periodic fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking,turning to step 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to step 5.2 to calculate the stage fault hazards;
in this embodiment, the specific implementation of step 6 includes the following sub-steps:
step 6.1: if F (t) is present only uniquely
Figure GDA0003118890740000087
The early warning is directly carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; otherwise, determine the various types
Figure GDA0003118890740000088
Δ (Y) ofi,j,t) Whether or not the threshold value δ is satisfiedmaxThe constraint constraints of (2) are discussed separately as follows:
case a: if 0. ltoreq. max { Δ (Y)i,j,t)}<δmaxAll of
Figure GDA0003118890740000089
Δ (Y) ofi,j,t) If the constraint conditions of the threshold values are met, each CFAS is tolerated to continue to evolve, the GCPS enters the degradation service, and the transition process of the running state is Q3→Q4Go to step 6.2;
case b: if deltamax≤min{Δ(Yi,j,t) All of
Figure GDA00031188907400000810
Δ (Y) ofi,j,t) All of which do not meet the threshold constraint, a limited number of information security defensive measures are performed against the various potential CFAS in an attempt to block part Y thereofi,j,tDecrease its delta (Y)i,j,t) And continuously observing, wherein the transition process of the GCPS running state is Q3→Q4Turning to step 5.2 to calculate the stage fault hazard; conversely, after taking information security defense measures
Figure GDA00031188907400000811
Δ (Y) ofi,j,t) If the threshold value of the constraint condition is not met, the GCPS defense system immediately alarms and assists a GCPS defense person to carry out fault blocking and emergency control through physical fault defense measures such as three defense lines of a power system, a power failure defense system and the like, and the transition process of the GCPS running state is Q3→Q5→Q1Or Q4→Q5→Q1
Case c: if min { Δ (Y)i,j,t)}<δmax≤max{Δ(Yi,j,t) I.e. part
Figure GDA0003118890740000091
If the constraint condition of the threshold is satisfied, the various kinds of the constraint conditions are satisfied
Figure GDA0003118890740000092
Tolerating the damage of the stage fault and continuously observing according to the mode of the case a, and for other various conditions which do not meet the constraint condition
Figure GDA0003118890740000093
Limiting the staged fault hazards according to the mode of the condition b, and turning to the step 6.2;
step 6.2: calculating and matching adaptive adjustment basis;
including calculating an observed error e of a phased fault hazardΦ(t) prediction error e from the network attack prediction sequenceX(t +1), as in equation 3;
Figure GDA0003118890740000094
in formula 3, x (t) is a network attack observation sequence at time t;
Figure GDA0003118890740000095
and
Figure GDA0003118890740000096
respectively predicting sequences of network attacks at the moment t +1 deduced according to X (t)With the set of staged compound faults at time t,
Figure GDA0003118890740000097
for compound failures presumed from network attacks, fgain() An attack gain function for a fault path (Wangyufei, Lijune, Qijian, and the like), "a cross-space cascading failure selection ordering method for considering attack gains and losses", a power grid technology, 2018, 42 (12): 3926-; e.g. of the typeΔ(t) observation errors of the stage fault hazards;
Figure GDA0003118890740000098
is the hazard of the staged compound fault at the moment t; Δ (y (t)) is the stage-wise fault hazard for each potential CFAS; e.g. of the typeX(t +1) is a prediction error of the network attack prediction sequence;
e is to beΔ(t) and eX(t +1) is used as the adjusting basis of the CFAS self-adaptive pre-alarm, and the judgment is carried out according to the following four conditions:
1、eΔ(t)≈0&&eX(t +1) ≈ 0: determining the CFAS type and the evolution trend, and turning to step 7;
2、eΔ(t)>0&&eX(t +1) ≈ 0: knowing the historical stage faults, but not knowing the future evolution trend, and continuously observing;
3、eΔ(t)≈0&&eX(t +1) > 0: missing detection exists in historical periodic faults, the future evolution trend is known, and observation is continued;
4、eΔ(t)>0&&eX(t +1) > 0: and (3) continuously observing whether the historical stage faults and the evolution trend are unknown:
step 6.3: judge the residue
Figure GDA0003118890740000101
Whether the adjustment basis is met is judged, if so, the step 7 is carried out, and if not, the step 6.4 is carried out;
Figure GDA0003118890740000102
Figure GDA0003118890740000103
in the formula 5, FkThe type of CFAS actually implemented for the attacker; t is thEach error at the moment is approximate to 0;
step 6.4: adaptively adjusting a control object set;
reducing the solution set size according to the adjustment basis, as shown in formula 5, and then turning to step 5.2 to calculate the stage fault hazard by setting t to t + 1;
F(t+1)=F(t)-μ(eΔ(t),eX(t+1)) (5)
s.t.Δ(Y(t))<δmax
in formula 6, μ () is the criterion for CFAS warning; f (t) is a solution set at the time t, and the scale of the solution set is gradually reduced according to the criterion function.
And 7: outputting an early warning result and updating a CFAS knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
The embodiment is applied to a power information physical system, which comprises a GCPS dispatching center and a plurality of intelligent substations. And a CFAS early warning decision node is deployed in a GCPS dispatching center, the CFAS early warning decision node senses the operation state of a physical system of the power grid in real time through an SCADA and senses network attacks generated by each station in real time through a network attack detection node to judge the CFAS implemented by an attacker, and can guide each information security defense node to block a composite fault so that the stage fault hazard of the potential CFAS meets the constraint condition. And deploying information security defense nodes and network attack detection nodes in each intelligent substation. The network attack detection node captures network messages in a station control layer network and a process layer network in real time, detects real-time network attacks in the local station according to the network messages and calculates various composite fault types possibly caused by the network attacks. The information security defense node carries out attack blocking and isolation on the detected network attack through various information security defense measures and prevents or delays the formation of corresponding compound faults.
The power grid information physics system CFAS self-adaptive pre-warning system provided by the embodiment comprises a first module, a second module, a third module, a fourth module, a fifth module, a sixth module and a seventh module;
the first module is used for constructing a GCPS running state transition model tolerant to stage fault hazards, and comprises 5 GCPS states and 11 state transition and transition conditions;
the module II is used for establishing an offline CFAS knowledge base and updating the offline CFAS knowledge base periodically;
a third module, configured to detect a collaborative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state S3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and calculation and mediation basis is executed;
a module IV for constructing a control object set of early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS types
Figure GDA0003118890740000111
Control object set F (t) for constructing adaptive control process0) Let t equal t0
A fifth module, configured to set constraint conditions for an adaptive control process and calculate a periodic fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time t
Figure GDA0003118890740000112
Stage fault hazard Δ (y (t));
a sixth module, configured to adaptively adjust the control object set;
if only one is present in F (t)
Figure GDA0003118890740000113
Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is S3→S1And go to step 7; if there is more than one advantage in F (t)
Figure GDA0003118890740000114
Determine all residuals at time t
Figure GDA0003118890740000115
If the Δ (y (t)) of (a) meets the constraint condition of the threshold, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is S3→S4And judging the residue
Figure GDA0003118890740000116
Whether the self-adaptive regulation basis is met or not, if so, turning to the step 7, if not, reducing the scale of the control object set F (t), and continuously observing the rest
Figure GDA0003118890740000117
Let t be t +1 and turn to calculating the stage fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking, turning to the step 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to calculating the stage fault hazards;
a seventh module, configured to output an early warning result and update a CFAS knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finishAnd (5) CFAS early warning.
It should be understood that parts of the specification not set forth in detail are well within the prior art.
It should be understood that the above description of the preferred embodiments is given for clarity and not for any purpose of limitation, and that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (6)

1. A cross-space cascading fault self-adaptive early warning method for a power grid information physical system is characterized by comprising the following steps:
step 1: constructing a GCPS running state transition model considering the influence of the cross-space cascade fault stage fault hazard, wherein the GCPS running state transition model comprises 5 GCPS running states and 11 state transition and transition conditions;
wherein 5 GCPS running states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4And a shutdown state Q5
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating a CFAS knowledge base;
step 2: establishing an offline CFAS knowledge base and updating periodically;
and step 3: detecting a cooperative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and the step is switched to step 6 to execute calculation and adjustment basis;
and 4, step 4: constructing a control object set of early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS types
Figure FDA0003051332590000011
Control object set F (t) for constructing adaptive control process0) Let t equal t0
And 5: setting constraint conditions of the self-adaptive control process, and calculating the periodic fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time t
Figure FDA0003051332590000012
Stage fault hazard Δ (y (t));
step 6: adaptively adjusting a control object set;
if only one is present in F (t)
Figure FDA0003051332590000013
Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; if there is more than one of F (t)
Figure FDA0003051332590000014
Determine all residuals at time t
Figure FDA0003051332590000015
If the Δ (y (t)) of (a) meets the constraint condition of the threshold value, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is Q3→Q4And judging the residue
Figure FDA0003051332590000021
Whether the self-adaptive regulation basis is met or not, if so, turning to the step 7, if not, reducing the scale of the control object set F (t), and continuously observing the rest
Figure FDA0003051332590000022
Let t be t +1, and go to step 5 to calculate the periodic fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking, turning to step 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to step 5 to calculate the stage fault hazards;
and 7: outputting an early warning result and updating a CFAS knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
2. The power grid cyber-physical system cross-space cascading failure adaptive early warning method according to claim 1, wherein: in step 2, the defender establishes an offline CFAS knowledge base according to the mastered cascading failure knowledge and updates the knowledge base regularly.
3. The power grid cyber-physical system cross-space cascading failure adaptive early warning method according to claim 1, wherein: the specific implementation of the step 4 comprises the following substeps:
step 4.1: t is t0At the initial moment, combining the observation results of all the network attack detection nodes to obtain t0Network attack observation sequence X (t) of time0) Let us order
Figure FDA0003051332590000027
Wherein
Figure FDA0003051332590000028
Is t0Single network attacks initiated at a moment;
step 4.2: reasoning X (t) according to evolution rule of network attack induced grid physical fault0) The network attack in (1) is what kind of compound fault is caused at which physical nodes; record a compound fault as
Figure FDA0003051332590000029
Figure FDA00030513325900000210
Wherein y isi,j,t*Indicating that the ith composite fault occurs on the physical node j at the moment t, x' indicating a secondary fault, and xi,j,t*Indicating that the physical node j has the ith physical fault at the time t;
step 4.3: searching the CFAS knowledge base to obtain various potential CFAS types containing the fault paths, and recording a certain potential CFAS type as
Figure FDA0003051332590000023
Order to
Figure FDA0003051332590000024
And in various ways
Figure FDA0003051332590000025
Set of as t0Control object set F (t) at initial time0) Let us order
Figure FDA0003051332590000026
4. The power grid cyber-physical system cross-space cascading failure adaptive early warning method according to claim 3, wherein the specific implementation of the step 5 comprises the following sub-steps:
step 5.1: setting a tolerance threshold delta of the stage fault hazard according to the GCPS running state and an expected defense targetmax
Figure FDA0003051332590000031
In formula 1, PmaxThe upper limit of active power allowed to be lost under the constraint condition of the periodic fault hazard tolerance principle; hmaxThe upper limit of the number of the primary equipment which is allowed to be out of control temporarily under the principle constraint condition is set according to the extreme value of the active regulation capacity of a defender on the physical system of the power grid; t ismaxAn upper limit on the duration of allowable periodic faults, T (y), subject to the principle constraintsi,j,t*) To form a single yi,j,t*Time of (y)i,j,t*Indicating that the physical node j has the ith composite fault at the time t;
step 5.2: calculating the hazard delta (Y) of the periodic fault according to the active power loss, the out-of-control of the primary equipment and the duration of the periodic faulti,j,t);
Figure FDA0003051332590000032
In formula 2, Yi,j,tComposite fault y at time t for a potential CFAS of some kindi,j,t*Set of (2), Δ (Y)i,j,t) In order to be a risk of a stage failure,
Figure FDA0003051332590000037
the imaginary part of the complex number; p (Y)i,j,t) For the loss of active power up to time t, P (t)0) Is t0The active total amount of the power grid at the moment, P (t), is the active total amount of the power grid at the moment t; h (Y)i,j,t) As primary equipment runaway rate, H (t)0) Is t0The total number of the controllable primary equipment at the moment, H (t) is the total number of the controllable primary equipment at the moment t;
Figure FDA0003051332590000033
a duration factor for a periodic fault; t > t0
5. The power grid cyber-physical system cross-space cascading failure adaptive early warning method according to claim 4, wherein the specific implementation of the step 6 comprises the following sub-steps:
step 6.1: if F (t) is present only uniquely
Figure FDA0003051332590000034
The early warning is directly carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is Q3→Q1And go to step 7; otherwise, determine the various types
Figure FDA0003051332590000035
Δ (Y) ofi,j,t) Whether or not the threshold value δ is satisfiedmaxThe constraint constraints of (2) are discussed separately as follows:
case a: if 0. ltoreq. max { Δ (Y)i,j,t)}<δmaxAll of
Figure FDA0003051332590000036
Δ (Y) ofi,j,t) If the constraint conditions of the threshold values are met, each CFAS is tolerated to continue to evolve, the GCPS enters the degradation service, and the transition process of the running state is Q3→Q4Go to step 6.2;
case b: if deltamax≤min{Δ(Yi,j,t) All of
Figure FDA0003051332590000041
Δ (Y) ofi,j,t) All of which do not meet the threshold constraint, a limited number of information security defensive measures are performed against the various potential CFAS in an attempt to block part Y thereofi,j,tDecrease its delta (Y)i,j,t) And continuously observing, wherein the transition process of the GCPS running state is Q3→Q4Turning to step 5 to calculate the periodic fault hazard; conversely, after taking information security defense measures
Figure FDA0003051332590000042
Δ (Y) ofi,j,t) If the threshold value of the constraint condition is not met, the warning is immediately given and the GCPS defender is assisted to carry out fault blocking and emergency control through physical fault defense measures, wherein the transition process of the GCPS running state is Q3→Q5→Q1Or Q4→Q5→Q1
Case c: if min { Δ (Y)i,j,t)}<δmax≤max{Δ(Yi,j,t) I.e. part
Figure FDA0003051332590000043
If the constraint condition of the threshold is satisfied, the various kinds of the constraint conditions are satisfied
Figure FDA0003051332590000044
Tolerating the damage of the stage fault and continuously observing according to the mode of the case a, and for other various conditions which do not meet the constraint condition
Figure FDA0003051332590000045
Limiting the staged fault hazards according to the mode of the condition b, and turning to the step 6.2;
step 6.2: calculating and matching adaptive adjustment basis;
including calculating an observed error e of a phased fault hazardΦ(t) prediction error e from the network attack prediction sequenceX(t +1), as in equation 3;
Figure FDA0003051332590000046
in formula 3, x (t) is a network attack observation sequence at time t;
Figure FDA0003051332590000047
and
Figure FDA0003051332590000048
respectively a network attack prediction sequence at the t +1 moment deduced according to X (t) and a periodic composite fault set at the t moment,
Figure FDA0003051332590000049
for compound failures presumed from network attacks, fgain() An attack revenue function for the failed path; e.g. of the typeΔ(t) observation errors of the stage fault hazards;
Figure FDA00030513325900000410
is the hazard of the staged compound fault at the moment t; Δ (y (t)) is the stage-wise fault hazard for each potential CFAS; e.g. of the typeX(t +1) is a prediction error of the network attack prediction sequence;
e is to beΔ(t) and eX(t +1) is used as the adjusting basis of the CFAS self-adaptive pre-alarm, and the judgment is carried out according to the following four conditions:
1、eΔ(t)≈0&&eX(t +1) ≈ 0: determining the CFAS type and the evolution trend, and turning to step 7;
2、eΔ(t)>0&&eX(t +1) ≈ 0: knowing the historical stage faults, but not knowing the future evolution trend, and continuously observing;
3、eΔ(t)≈0&&eX(t +1) > 0: missing detection exists in historical periodic faults, the future evolution trend is known, and observation is continued;
4、eΔ(t)>0&&eX(t +1) > 0: continuously observing the historical periodic faults and the evolution trend which are unknown;
step 6.3: judge the residue
Figure FDA0003051332590000051
Whether the adjustment basis is met is judged, if so, the step 7 is carried out, and if not, the step 6.4 is carried out;
Figure FDA0003051332590000052
Figure FDA0003051332590000053
in formula 4, FkThe type of CFAS actually implemented for the attacker; t is thEach error at the moment is approximate to 0;
step 6.4: adaptively adjusting a control object set;
reducing the collective scale of the solutions according to the regulation basis, as shown in formula 5, and then turning to step 5 to calculate the stage fault hazard by setting t to t + 1;
F(t+1)=F(t)-μ(eΔ(t),eX(t+1)) (5)
s.t.Δ(Y(t))<δmax
in formula 5, μ () is the criterion for CFAS warning; f (t) is a solution set at the time t, and the scale of the solution set is gradually reduced according to the criterion function.
6. A power grid information physical system cross-space cascading fault self-adaptive pre-warning system is characterized by comprising a first module, a second module, a third module, a fourth module, a fifth module, a sixth module and a seventh module;
the module I is used for constructing a GCPS running state transition model tolerant to stage fault hazards, and comprises 5 GCPS states and 11 state transition and transition conditions;
wherein 5 GCPS running states are respectively a normal state Q1Vulnerable operating State Q2Operational state Q in the presence of a network attack3Degraded service operating State Q4In the state of and out of serviceState Q5
The 11 state transitions and transition conditions include Q1→Q1Indicating that the GCPS continues normal operation; q1→Q2Indicating that the GCPS operation has a bug; q2→Q1Indicating that the vulnerability is fixed; q2→Q3Indicating that the GCPS is attacked by the network; q3→Q1,Q4→Q1Indicating that the CFAS can be warned immediately and blocked from continuing to evolve; q3→Q4Indicating that CFAS-tolerant staged fault hazards are observed continuously; q3→Q5Indicating uncontrolled GCPS; q4→Q4Indicating continuous observation of CFAS evolution; q4→Q5Indicating an extended fault hazard; q5→Q1Indicating fault recovery and updating a CFAS knowledge base;
the module II is used for establishing an offline CFAS knowledge base and updating the offline CFAS knowledge base periodically;
the module III is used for detecting the cooperative network attack;
capturing network flow and message of each station and GCPS real-time operation data in real time, and detecting whether network attack exists; will state Q3The moment of detecting the network attack for the first time is taken as the initial moment t of early warning0(ii) a When the cooperative network attack is detected, judging whether the current time t is t or not0If yes, inputting the network attack observation sequence X (t) at the initial moment0) And then, early warning CFAS is started, if not, real-time network attack observation sequence X (t) and GCPS real-time operation data are input, and calculation and regulation are executed;
the module IV is used for constructing a control object set for early warning;
according to t0Network attack observation sequence at initial moment for distinguishing various potential CFAS types
Figure FDA0003051332590000061
Control object set F (t) for constructing adaptive control process0) Let t equal t0
The fifth module is used for setting a constraint strip of the adaptive control processChecking and calculating the stage fault hazard; setting a tolerance threshold delta for the risk of a periodic fault based on the GCPS operating state and an expected defense objectivemaxAnd calculate various times at time t
Figure FDA0003051332590000062
Stage fault hazard Δ (y (t));
the module six is used for adaptively adjusting a control object set;
if only one is present in F (t)
Figure FDA0003051332590000063
Direct early warning is carried out to assist a GCPS defender to block the CFAS from continuing to evolve, and the transition process of the GCPS running state is S3→S1And go to module 7; if there is more than one of F (t)
Figure FDA0003051332590000064
Determine all residuals at time t
Figure FDA0003051332590000065
If the Δ (y (t)) of (a) meets the constraint condition of the threshold, if so, the CFAS is tolerated to continue to evolve and the GCPS enters the degraded service, and the transition process of the GCPS operation state is S3→S4And judging the residue
Figure FDA0003051332590000066
Whether the self-adaptive regulation basis is met or not, if so, the control module is switched to a module 7, if not, the scale of the control object set F (t) is reduced, and the rest is continuously observed
Figure FDA0003051332590000067
Let t be t +1 and turn to calculating the stage fault hazard; if not, judging whether the information security defense measures are executed or not, if so, immediately alarming and assisting fault blocking, turning to a module 7, if not, executing limited information security defense measures, trying to reduce partial fault hazards, and turning to calculationA periodic fault hazard;
the module III is used for outputting an early warning result and updating a CFAS (computational fluid dynamics) knowledge base;
the early warning result comprises the CFAS type F really implemented by the attackerkAnd F, early-warned F and evolution trendkAnd the fault occurrence scene is used as historical knowledge and added into a CFAS knowledge base to finish CFAS early warning.
CN202011048035.4A 2020-09-29 2020-09-29 Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system Active CN112165491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011048035.4A CN112165491B (en) 2020-09-29 2020-09-29 Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011048035.4A CN112165491B (en) 2020-09-29 2020-09-29 Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system

Publications (2)

Publication Number Publication Date
CN112165491A CN112165491A (en) 2021-01-01
CN112165491B true CN112165491B (en) 2021-09-03

Family

ID=73860638

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011048035.4A Active CN112165491B (en) 2020-09-29 2020-09-29 Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system

Country Status (1)

Country Link
CN (1) CN112165491B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114021999A (en) * 2021-11-09 2022-02-08 国网山东省电力公司信息通信公司 Full scene power grid dispatching exchange network management and control system and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107222348A (en) * 2017-06-22 2017-09-29 湘潭大学 A kind of method for reducing power information physical system cascading failure risk
CN109145428A (en) * 2018-08-14 2019-01-04 国网四川省电力公司信息通信公司 A kind of information physical emerging system vulnerability assessment method under cascading failure mode
CN110474327A (en) * 2019-08-20 2019-11-19 国电南瑞科技股份有限公司 Power distribution network CPS information-physical combination forecast failure generation method and system
CN111428200A (en) * 2020-03-23 2020-07-17 全球能源互联网研究院有限公司 Cross-space cascading failure assessment method, device and equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9129108B2 (en) * 2012-01-31 2015-09-08 International Business Machines Corporation Systems, methods and computer programs providing impact mitigation of cyber-security failures
CN108053126A (en) * 2017-12-22 2018-05-18 南京邮电大学 A kind of electric power CPS methods of risk assessment under Dos attacks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107222348A (en) * 2017-06-22 2017-09-29 湘潭大学 A kind of method for reducing power information physical system cascading failure risk
CN109145428A (en) * 2018-08-14 2019-01-04 国网四川省电力公司信息通信公司 A kind of information physical emerging system vulnerability assessment method under cascading failure mode
CN110474327A (en) * 2019-08-20 2019-11-19 国电南瑞科技股份有限公司 Power distribution network CPS information-physical combination forecast failure generation method and system
CN111428200A (en) * 2020-03-23 2020-07-17 全球能源互联网研究院有限公司 Cross-space cascading failure assessment method, device and equipment

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
An assessment method of vulnerabilities in electric CPS cyber space;Guotai Yang等;《2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery》;20160815;全文 *
Optimal Allocation of Interconnecting Links in Cyber-Physical Systems:Interdependence, Cascading Failure, and Robustness;Osman Yagan等;《IEEE Transactions in Parallel and Distributed Systems》;20120207;第23卷(第9期);全文 *
复杂网络理论在电力CPS连锁故障研究中的应用综述;王先培等;《电网技术》;20170930;第41卷(第9期);全文 *
电力CPS信息网络脆弱性及其评估方法;杨国泰等;《中国电力》;20180131;第51卷(第1期);全文 *
考虑攻击损益的电网CPS场站级跨空间连锁故障早期预警方法;王宇飞等;《中国电力》;20200131;第53卷(第1期);全文 *
计及攻击损益的跨空间连锁故障选择排序方法;王宇飞等;《电网技术》;20181231;第42卷(第12期);全文 *

Also Published As

Publication number Publication date
CN112165491A (en) 2021-01-01

Similar Documents

Publication Publication Date Title
Fillatre et al. Security of SCADA systems against cyber–physical attacks
Zonouz et al. RRE: A game-theoretic intrusion response and recovery engine
US11283257B2 (en) Securing against malicious control of circuit breakers in electrical substations
Hu et al. Intrusion-detector-dependent distributed economic model predictive control for load frequency regulation with PEVs under cyber attacks
US9910982B2 (en) Large-scale, time-sensitive secure distributed control systems and methods
Mhaskar et al. Fault‐tolerant control of nonlinear process systems subject to sensor faults
Orojloo et al. Modelling and evaluation of the security of cyber‐physical systems using stochastic Petri nets
CN112165491B (en) Cross-space cascading fault self-adaptive early warning method and system for power grid information physical system
Sheikh et al. Cyber attack and fault identification of hvac system in building management systems
Kaouk et al. A review of intrusion detection systems for industrial control systems
Rieger et al. Resilient control system execution agent (ReCoSEA)
Akbarian et al. A security framework in digital twins for cloud-based industrial control systems: Intrusion detection and mitigation
CN110474327B (en) CPS (control performance Standard) information-physical combination expected fault generation method and system for power distribution network
Patil et al. A machine learning approach to distinguish faults and cyberattacks in smart buildings
US20230291753A1 (en) Event-triggering control scheme for discrete time cyberphysical systems in the presence of simultaneous hybrid stochastic attacks
Xie et al. Observer-based adaptive NN security control for switched nonlinear systems against DoS attacks: An ADT approach
Saravanakumar et al. Hybrid‐driven‐based resilient control for networked T‐S fuzzy systems with time‐delay and cyber‐attacks
Shafei et al. A comprehensive review on cyber-attack detection and control of microgrid systems
CN107918740A (en) A kind of sensitive data decision-making decision method and system
Rieger et al. A cyber resilient design for control systems
Ding et al. Neuroadaptive prescribed-time secure control for nonlinear interconnected NCSs via multiple triggering against DoS attacks
CN111338297B (en) Industrial control safety framework system based on industrial cloud
Rath et al. Improvise, Adapt, Overcome: Dynamic Resiliency Against Unknown Attack Vectors in Microgrid Cybersecurity Games
El Hariri et al. An artificially intelligent physical model-checking approach to detect switching-related attacks on power systems
Zhao et al. Multi-agent learning for resilient distributed control systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant