CN112528443A - Poor tolerance data injection attack detection method based on deep learning framework - Google Patents
Poor tolerance data injection attack detection method based on deep learning framework Download PDFInfo
- Publication number
- CN112528443A CN112528443A CN202011272910.7A CN202011272910A CN112528443A CN 112528443 A CN112528443 A CN 112528443A CN 202011272910 A CN202011272910 A CN 202011272910A CN 112528443 A CN112528443 A CN 112528443A
- Authority
- CN
- China
- Prior art keywords
- data
- model
- training
- deep learning
- testing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002347 injection Methods 0.000 title claims abstract description 23
- 239000007924 injection Substances 0.000 title claims abstract description 23
- 238000001514 detection method Methods 0.000 title claims abstract description 20
- 238000013135 deep learning Methods 0.000 title claims abstract description 16
- 238000012360 testing method Methods 0.000 claims abstract description 25
- 238000012549 training Methods 0.000 claims abstract description 23
- 238000000034 method Methods 0.000 claims abstract description 22
- 238000013528 artificial neural network Methods 0.000 claims abstract description 6
- 238000007781 pre-processing Methods 0.000 claims abstract description 5
- 230000009467 reduction Effects 0.000 claims abstract description 4
- 230000003068 static effect Effects 0.000 claims abstract description 4
- 230000005540 biological transmission Effects 0.000 claims description 11
- 230000006870 function Effects 0.000 claims description 8
- 238000013145 classification model Methods 0.000 claims description 7
- 239000011159 matrix material Substances 0.000 claims description 6
- 238000011156 evaluation Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 230000004913 activation Effects 0.000 claims description 3
- 238000012847 principal component analysis method Methods 0.000 claims description 3
- 238000003062 neural network model Methods 0.000 abstract 1
- 238000011161 development Methods 0.000 description 2
- 238000002372 labelling Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/10—Geometric CAD
- G06F30/18—Network design, e.g. design based on topological or interconnect aspects of utility systems, piping, heating ventilation air conditioning [HVAC] or cabling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/16—Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/20—Design optimisation, verification or simulation
- G06F30/27—Design optimisation, verification or simulation using machine learning, e.g. artificial intelligence, neural networks, support vector machines [SVM] or training a model
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F30/00—Computer-aided design [CAD]
- G06F30/30—Circuit design
- G06F30/32—Circuit design at the digital level
- G06F30/33—Design verification, e.g. functional simulation or model checking
- G06F30/3323—Design verification, e.g. functional simulation or model checking using formal methods, e.g. equivalence checking or property checking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/045—Combinations of networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Evolutionary Computation (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Artificial Intelligence (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- Life Sciences & Earth Sciences (AREA)
- Computer Hardware Design (AREA)
- Geometry (AREA)
- Pure & Applied Mathematics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Computing Systems (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Computational Mathematics (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Biomedical Technology (AREA)
- Evolutionary Biology (AREA)
- Biophysics (AREA)
- Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Algebra (AREA)
- Medical Informatics (AREA)
- Supply And Distribution Of Alternating Current (AREA)
Abstract
The invention discloses a bad data injection attack detection method based on deep learning, which comprises the following steps: and (3) data set generation: the method comprises the steps of selecting an IEEE 14 node system and an IEEE 30 node system, generating data, obtaining net injection power of the nodes under different load conditions by using a DC OPF, testing the capacity range of least square estimation and a traditional detection method, and generating label data; data preprocessing: sequentially carrying out data standardization and data dimension reduction; neural network training, namely classifying a neural network model into two classes to distinguish whether the measured data is attacked or not; and (3) testing a model: static load and dynamic load scenarios. Firstly, testing the classification accuracy under the condition of determining the load; the generalization ability of the model to different loads was then tested. The invention improves the bad data injection attack based on the deep learning method, in particular to the detection precision of the bad data injection attack aiming at the state estimation tolerance.
Description
Technical Field
The invention relates to the technical field of safety protection of a power system, in particular to a safety protection method for poor tolerance data injection attack detection based on deep learning.
Background
The power system mainly comprises a generator, a power transmission system, a power distribution system and other automation equipment. The function of the system is to supply power to users through substations and distribution equipment. With the rapid development of automatic control technology and information networks, in order to realize stable energy transmission, each link of the power grid is provided with a corresponding information and control system, so as to ensure that users can obtain safe and reliable electric energy quality. The power grid and its various components have undergone an evolution over decades. The SCADA system becomes a historical milestone of the power system, and essentially converts a power grid into an information physical fusion system. Things are two-sided. However, the development of everything is twofold, and the widespread use of network information technology and automatic control technology also poses a great challenge to the security of the power grid.
Among the known attack methods, the bad data injection (FDI) attack is the most threatening, and is a new class of cyber attacks proposed by liu yao et al for grid state estimation. State Estimation (SE) is an important component of modern power system Energy Management Systems (EMS) and estimates the voltage and phase angle at the nodes of the power system from measured data collected by Remote Terminal Units (RTUs) equipped with SCADA units. Weighted Least Squares (WLS) is a classical method of finding the state vector of the minimum of an objective function based on a residual vector. In state estimation, the residual test and the normalized residual test are the most common estimation methods for detecting and identifying gross errors. Most FDI attacks manipulate measurements in the system maliciously, with sufficient knowledge of the system parameters. However, in actual practice, there are significant difficulties in launching such attacks. First, power system configuration parameters are nearly impossible to obtain as the highest secret of a power system. Secondly, some smart meters have complete protection mechanisms, and modification and operation of all the measuring meters are almost impossible. Third, some smart meter readings, such as active power, reactive power, and voltage, are read only. The attacker can only forge some other writable configuration parameters, such as transformer transformation ratio and time.
Disclosure of Invention
The present invention is directed to solving, to some extent, one of the technical problems in the related art. To this end, the present invention studies to detect a tolerance-based bad data injection attack (TFDI). TFDI bypasses the traditional bad data detection method by taking advantage of the tolerance of traditional detectors to observation errors. The invention aims to provide a TFDI detection method based on deep learning, which adopts a heuristic algorithm to improve the detection success rate of TFDI.
The technical scheme adopted by the invention is as follows:
1) generating a training and testing data set according to a poor data injection attack technology with tolerance;
2) building a model of two categories according to the deep learning framework;
3) preprocessing a training data set and training;
4) and testing the test data set by using the trained model, and evaluating the result.
The invention further improves the method for generating the data set in the step 1) as follows: firstly, constructing a network structure topological graph of a power system, determining a series of network parameters such as the number of nodes, the number of lines, line impedance and the like of the power system, constructing an adjacency matrix and an admittance matrix of a computational network, and modeling components of the power system, wherein a transmission line is represented by a dual-port pi model, and the parameters of the transmission line correspond to a positive-sequence equivalent circuit of the transmission line; the phase-shifting transformer with a movable tap can be modeled as an ideal transformer which is connected with a fixed impedance value in series; the load and generator are modeled as equivalent complex power injections. And then generating data such as node voltage under different loads based on an IEEE standard node system in MATPOWER, and adding noise to the data. And selecting an IEEE 14 node system and a 30 node system, obtaining the net injection power of the nodes under different load conditions by using the DC OPF, testing the capability range of the least square estimation and the traditional detection method, and labeling data.
The invention has the further improvement that the model method for building the second classification in the step 2) comprises the following steps: and according to a framework of the neural network in deep learning, preliminarily selecting the layer number, the activation function, the loss function and the like of the neural network, and constructing a detection binary classification model.
The invention is further improved in that, the process of preprocessing and training the data set in the step 3) is as follows: firstly, carrying out standardization processing on data, then carrying out dimensionality reduction processing on a data set by using a principal component analysis method, training by using the model built in advance in the step 2) in the training process, and training according to different network structures and parameter settings to finally obtain a better classification model.
The invention is further improved in that the process of the model test in the step 4) is as follows: classifying and testing the static load and the dynamic load respectively by using the test data sets generated in the steps 1) and 2) and the model obtained by training in the step 3), and performing index evaluation including classification accuracy, precision, recall rate and F1 score on the test result.
Compared with the prior art, the invention has the following beneficial effects:
(1) the bad data injection attack is detected by constructing a deep learning framework, so that the detection precision of the bad data is improved;
(2) the algorithm complexity is low: the method comprises the following steps of constructing and training a model on the basis of the traditional bad data detection technology without changing the structure and the flow of the original system too much;
(3) the method has better universality: the method is suitable for detecting various types of bad data injection attacks, particularly for the bad data injection attacks aiming at state estimation.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
FIG. 1 is a schematic flow chart of a method for constructing a bad data injection attack based on tolerance according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of step 1) of a TFDI detection method based on deep learning according to an embodiment of the present invention.
Fig. 3 is a schematic flow chart of step 3) and step 4) of a TFDI detection method based on deep learning according to an embodiment of the present invention.
Detailed Description
The technical solutions of the present invention will be further described below with reference to the accompanying drawings, but the present invention is not limited to these embodiments.
Considering the practical difficulty of common FDI attack aiming at power system state estimation, the invention provides a method for detecting poor tolerance data injection attack (TFDI) based on deep learning, which comprises the following steps:
s1, constructing a network structure topological graph of the power system, determining a series of network parameters such as the node number, the line impedance and the like of the power system, constructing an adjacency matrix and an admittance matrix of a computational network, and modeling components of the power system, wherein a transmission line is represented by a dual-port pi model, and the parameters of the transmission line correspond to a positive sequence equivalent circuit of the transmission line; the phase-shifting transformer with a movable tap can be modeled as an ideal transformer which is connected with a fixed impedance value in series; the load and generator are modeled as equivalent complex power injections. And then generating data such as node voltage under different loads based on an IEEE standard node system in MATPOWER, and adding noise to the data. And selecting an IEEE 14 node system and a 30 node system, obtaining the net injection power of the nodes under different load conditions by using the DC OPF, testing the capability range of the least square estimation and the traditional detection method, and labeling data.
And S2, preliminarily selecting the frame characteristics of the deep learning network such as the layer number, the activation function and the loss function of the neural network according to the power system network topological graph constructed in the step S1, and constructing a binary classification model for bad data detection.
S3, because the data obtained in the step S1 can not be directly trained to the binary classification model built in the step S2, firstly, the data needs to be standardized; then, performing dimensionality reduction on the data set by using a principal component analysis method; in the training, the model built in advance in step S2 is used for training, and training is performed for different network structures and parameter settings, so as to obtain a better classification model.
And S4, performing classification test on the static load scene and the dynamic load scene respectively by using the test data sets generated in the steps S1 and S2 and the model obtained by training in the step S3, and performing index evaluation on the test result, wherein the index evaluation comprises classification accuracy, precision, recall rate and F1 score.
Claims (5)
1. The poor tolerance data injection attack detection method based on the deep learning framework is characterized by comprising the following steps of:
1) generating a training and testing data set according to a poor data injection attack technology with tolerance;
2) building a model of two categories according to the deep learning framework;
3) preprocessing a training data set and training;
4) and testing the test data set by using the trained model, and evaluating the result.
2. The method of claim 1, wherein the training and testing data set generated in step 1) is generated by: firstly, constructing a network structure topological graph of a power system, determining a series of network parameters such as the number of nodes, the number of lines, line impedance and the like of the power system, constructing an adjacency matrix and an admittance matrix of a computational network, and modeling components of the power system, wherein a transmission line is represented by a dual-port pi model, and the parameters of the transmission line correspond to a positive-sequence equivalent circuit of the transmission line; the phase-shifting transformer with a movable tap can be modeled as an ideal transformer which is connected with a fixed impedance value in series; the load and the generator are modeled into equivalent complex power injection, then node voltage and other data under different loads are generated based on an IEEE standard node system in MATPOWER, noise is added to the data, an IEEE 14 node system and a 30 node system are selected, the net injection power of the nodes under different load conditions is obtained by using DC OPF, the capability range of least square estimation and a traditional detection method is tested, and positive and negative data sets are labeled according to set tolerance.
3. The method according to claim 1, wherein the model method for building the second classification in the step 2) is as follows: and according to a framework of the neural network in deep learning, preliminarily selecting the layer number, the activation function, the loss function and the like of the neural network, and constructing a detection binary classification model.
4. The method of claim 1, wherein the data set preprocessing and training in step 3) comprises: firstly, carrying out standardization processing on data, then carrying out dimensionality reduction processing on a data set by using a principal component analysis method, training by using the model built in advance in the step 2) in the training process, and training according to different network structures and parameter settings to finally obtain a better classification model.
5. The method of claim 1, wherein the model test in step 4) is performed by: classifying and testing the static load and the dynamic load respectively by using the test data sets generated in the steps 1) and 2) and the model obtained by training in the step 3), and performing index evaluation including classification accuracy, precision, recall rate and F1 score on the test result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011272910.7A CN112528443A (en) | 2020-11-13 | 2020-11-13 | Poor tolerance data injection attack detection method based on deep learning framework |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011272910.7A CN112528443A (en) | 2020-11-13 | 2020-11-13 | Poor tolerance data injection attack detection method based on deep learning framework |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112528443A true CN112528443A (en) | 2021-03-19 |
Family
ID=74980876
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011272910.7A Pending CN112528443A (en) | 2020-11-13 | 2020-11-13 | Poor tolerance data injection attack detection method based on deep learning framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112528443A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116055117A (en) * | 2022-12-19 | 2023-05-02 | 燕山大学 | Cascade failure model of scaleless network under mobile overload attack |
| CN116915513A (en) * | 2023-09-14 | 2023-10-20 | 国网江苏省电力有限公司常州供电分公司 | False data injection attack detection method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104795811A (en) * | 2015-03-17 | 2015-07-22 | 河海大学 | Power system interval state estimation method |
-
2020
- 2020-11-13 CN CN202011272910.7A patent/CN112528443A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104795811A (en) * | 2015-03-17 | 2015-07-22 | 河海大学 | Power system interval state estimation method |
Non-Patent Citations (2)
| Title |
|---|
| 安培秀: ""智能电网中虚假数据注入攻击检测方法研究"", "智能电网中虚假数据注入攻击检测方法研究", no. 3, pages 042 - 2267 * |
| 王冠森, "基于机器学习的电网虚假数据注入攻击检测方法研究", no. 8, pages 042 - 4 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116055117A (en) * | 2022-12-19 | 2023-05-02 | 燕山大学 | Cascade failure model of scaleless network under mobile overload attack |
| CN116915513A (en) * | 2023-09-14 | 2023-10-20 | 国网江苏省电力有限公司常州供电分公司 | False data injection attack detection method and device |
| CN116915513B (en) * | 2023-09-14 | 2023-12-01 | 国网江苏省电力有限公司常州供电分公司 | False data injection attack detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Hong et al. | Vehicle energy system active defense: a health assessment of lithium‐ion batteries | |
| CN109165504B (en) | Power system false data attack identification method based on anti-generation network | |
| Huang et al. | Hybrid state estimation for distribution systems with AMI and SCADA measurements | |
| CN110942109A (en) | PMU false data injection attack prevention method based on machine learning | |
| Mirshekali et al. | Linear and nonlinear fault location in smart distribution network under line parameter uncertainty | |
| CN111064180B (en) | Medium-voltage distribution network topology detection and identification method based on AMI (advanced mechanical arm) power flow matching | |
| CN108199891B (en) | Cps network attack identification method based on artificial neural network multi-angle comprehensive decision | |
| CN113904786B (en) | False data injection attack identification method based on line topology analysis and tide characteristics | |
| CN110348114B (en) | Non-precise fault identification method for power grid completeness state information reconstruction | |
| Chen et al. | Customized optimal μPMU placement method for distribution networks | |
| CN111415059B (en) | Practical model machine construction and online application method | |
| CN110289613A (en) | The identification of distribution net topology and line parameter circuit value discrimination method based on sensitivity matrix | |
| CN109902373A (en) | A kind of area under one's jurisdiction Fault Diagnosis for Substation, localization method and system | |
| CN106127047A (en) | A kind of power system malicious data detection method based on Jensen Shannon distance | |
| CN109639736A (en) | A kind of Power system state estimation malicious attack detection and localization method based on OPTICS | |
| CN115545479A (en) | Method and device for determining important nodes or important lines of power distribution network | |
| CN112528443A (en) | Poor tolerance data injection attack detection method based on deep learning framework | |
| Lu et al. | False data injection attacks detection on power systems with convolutional neural network | |
| He et al. | Detection method for tolerable false data injection attack based on deep learning framework | |
| CN114189047A (en) | False data detection and correction method for active power distribution network state estimation | |
| Jiang et al. | Application of a hybrid model of big data and BP network on fault diagnosis strategy for microgrid | |
| Deng et al. | Real-time detection of false data injection attacks based on load forecasting in smart grid | |
| CN116502149A (en) | Low-voltage power distribution network user-transformation relation identification method and system based on current characteristic conduction | |
| Wei et al. | Low-voltage station area topology recognition method based on weighted least squares method | |
| CN111898843B (en) | Method for evaluating stability of electric power system against network attack by using false alarm attack model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20240423 Address after: 710000 the 12th and 14th floors of the main building of the scientific research complex, No. 669, Hangtian Middle Road, national civil aerospace industry base, Xi'an, Shaanxi Province Applicant after: Electric Power Research Institute of State Grid Shaanxi Electric Power Co.,Ltd. Country or region after: China Applicant after: National Network (Xi'an) Environmental Protection Technology Center Co.,Ltd. Address before: No.669, Hangtian Middle Road, Chang'an District, Xi'an City, Shaanxi Province Applicant before: STATE GRID SHAANXI ELECTRIC POWER Research Institute Country or region before: China |