CN113704750A - Network attack detection method and device of distributed power generation system and terminal equipment - Google Patents
Network attack detection method and device of distributed power generation system and terminal equipment Download PDFInfo
- Publication number
- CN113704750A CN113704750A CN202110994679.0A CN202110994679A CN113704750A CN 113704750 A CN113704750 A CN 113704750A CN 202110994679 A CN202110994679 A CN 202110994679A CN 113704750 A CN113704750 A CN 113704750A
- Authority
- CN
- China
- Prior art keywords
- distributed
- power generation
- generation system
- micro
- distributed power
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010248 power generation Methods 0.000 title claims abstract description 135
- 238000001514 detection method Methods 0.000 title claims abstract description 51
- 238000000034 method Methods 0.000 claims abstract description 48
- 238000005457 optimization Methods 0.000 claims abstract description 38
- 230000007246 mechanism Effects 0.000 claims abstract description 19
- 238000004590 computer program Methods 0.000 claims description 20
- 239000011159 matrix material Substances 0.000 claims description 18
- 238000004364 calculation method Methods 0.000 claims description 17
- 238000004422 calculation algorithm Methods 0.000 claims description 12
- 230000002159 abnormal effect Effects 0.000 claims description 7
- 230000008569 process Effects 0.000 description 13
- 230000006854 communication Effects 0.000 description 12
- 230000006870 function Effects 0.000 description 12
- 238000004891 communication Methods 0.000 description 10
- 230000003993 interaction Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000004931 aggregating effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012804 iterative process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q50/00—Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
- G06Q50/06—Energy or water supply
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/50—Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Public Health (AREA)
- Water Supply & Treatment (AREA)
- Human Resources & Organizations (AREA)
- Marketing (AREA)
- Primary Health Care (AREA)
- Strategic Management (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Virology (AREA)
- Supply And Distribution Of Alternating Current (AREA)
Abstract
The invention is suitable for the technical field of power systems, and provides a network attack detection method, a network attack detection device and terminal equipment of a distributed power generation system, wherein the method comprises the following steps: acquiring the connection relation and the operation parameters of each distributed generator in the distributed power generation system; establishing an undirected graph model of the distributed power generation system based on the connection relation; establishing a scheduling optimization model of the distributed power generation system based on the operation parameters; determining the micro-increment rate of each distributed generator based on the scheduling optimization model and the undirected graph model; and determining a network attack detection result of the distributed power generation system according to the micro-increment rate based on a neighborhood observation mechanism. The network attack detection method of the distributed power generation system can effectively detect the network attack based on the neighborhood observation mechanism, fully protect the information security of the distributed power generation system and ensure the safe and stable operation of the system.
Description
Technical Field
The invention belongs to the technical field of power systems, and particularly relates to a network attack detection method and device for a distributed power generation system and terminal equipment.
Background
The distributed power generation system has the outstanding characteristics of high efficiency, cleanness and sustainable development, so that the distributed power generation system is one of the future important development trends of the power system. The capacity of a single distributed generator in the distributed power generation system is small, the geographical positions of the distributed generators are scattered, and a distributed control method more suitable for a distributed scene is needed. However, distributed control has high dependence on communication and is easy to be a target of network attack.
In the local communication process among the distributed nodes, the global information of each node on the system is not well mastered, the communication and interaction safety of each power generation main body is low, and the detection of malicious data and malicious nodes is difficult to realize.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for detecting a network attack of a distributed power generation system, and a terminal device, which can effectively detect malicious data and malicious nodes in the distributed power generation system.
A first aspect of an embodiment of the present invention provides a network attack detection method for a distributed power generation system, including:
the method comprises the steps of obtaining the connection relation of all distributed generators in a distributed power generation system, and establishing an undirected graph model of the distributed power generation system based on the connection relation;
the method comprises the steps of obtaining operation parameters of all distributed generators in a distributed power generation system, and establishing a scheduling optimization model of the distributed power generation system based on the operation parameters;
determining a fractional increase rate of each distributed generator in the distributed power generation system based on the scheduling optimization model and the undirected graph model;
and determining a network attack detection result of the distributed power generation system according to the micro-increment rate based on a neighborhood observation mechanism.
A second aspect of the embodiments of the present invention provides a network attack detection apparatus for a distributed power generation system, including:
the undirected graph model establishing module is used for acquiring the connection relation of each distributed generator in the distributed generation system and establishing an undirected graph model of the distributed generation system based on the connection relation;
the scheduling optimization model establishing module is used for acquiring the operating parameters of each distributed generator in the distributed power generation system and establishing a scheduling optimization model of the distributed generators based on the operating parameters;
the micro-increment rate calculation module is used for determining the micro-increment rate of each distributed generator in the distributed generation system based on the scheduling optimization model;
and the detection result generation module is used for determining a network attack detection result of the distributed power generation system according to the micro-increment rate based on a neighborhood observation mechanism.
A third aspect of the embodiments of the present invention provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the method when executing the computer program.
A fourth aspect of embodiments of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the method as described above.
A fifth aspect of embodiments of the present invention provides a computer program product, which, when run on a terminal device, causes the electronic device to perform the steps of the method according to any one of the first aspect.
Compared with the prior art, the embodiment of the invention has the following beneficial effects: the embodiment of the invention provides a network attack detection method of a distributed power generation system, which comprises the steps of obtaining the connection relation and the operation parameters of each distributed power generator in the distributed power generation system; establishing an undirected graph model of the distributed power generation system based on the connection relation; establishing a scheduling optimization model of the distributed power generation system based on the operation parameters; determining the micro-increment rate of each distributed generator based on the scheduling optimization model and the undirected graph model; and determining a network attack detection result of the distributed power generation system according to the micro-increment rate based on a neighborhood observation mechanism. The network attack detection method for the distributed power generation system provided by the embodiment of the invention can effectively detect the network attack based on the neighborhood guarding mechanism, fully protect the information security of the distributed power generation system and ensure the safe and stable operation of the system.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic view of an application scenario of a network attack detection method of a distributed power generation system according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating an implementation of a network attack detection method for a distributed power generation system according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of another implementation of the network attack detection method for the distributed power generation system according to the embodiment of the present invention;
fig. 4 is a schematic structural diagram of a network attack detection apparatus of a distributed power generation system according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
In the local communication process of the Distributed power generation system, the global information of each node on the system is not sufficiently grasped, so that the Distributed Economic Dispatch (DED) method is suitable for dispatching. In the distributed economic dispatching, all power generation main bodies are in the same grade, and communication and interaction among the main bodies are very frequent. However, the security performance of the main information interaction approaches, such as Zigbee, WLAN, LTE, and other communication methods, is lower than the security of the private network line under centralized control, and therefore protection needs to be performed on distributed economic scheduling, and malicious data and malicious nodes need to be detected.
In this embodiment, the distributed power generation system may be a Virtual Power Plant (VPP) formed by aggregating distributed power generators.
Fig. 1 is a schematic view of an application scenario of a network attack detection method for a distributed power generation system according to an embodiment of the present invention.
In one particular example, the distributed power generation system includes five distributed power generators. There are inherent physical and communication network connections between the various distributed generators. Wherein the communication generator 1 is not in full connection with the network, and the data paths are in bidirectional conduction.
Fig. 2 is a schematic flow chart illustrating an implementation of the network attack detection method for the distributed power generation system according to the embodiment of the present invention. Referring to fig. 2, a network attack detection method for a distributed power generation system according to an embodiment of the present invention may include steps S101 to S104.
S101: the connection relation of all distributed generators in the distributed power generation system is obtained, and an undirected graph model corresponding to the distributed power generation system is established based on the connection relation.
In some embodiments, S101 comprises:
and establishing a node set and an edge set of the distributed power generation system according to the connection relation.
And establishing a neighbor set of each node based on the node set and the edge set.
And establishing a weighted adjacency matrix of the distributed power generation system based on the neighbor set.
And taking the node set, the edge set and the weight adjacency matrix as undirected graph models.
In the specific application scenario shown in fig. 1, 5 distributed generator nodes, i.e., v1, v2, v3, v4, v5, are included in the node set. The set of edges includes communication connection paths between the distributed generators, i.e., w1, w2, w3, w4, w5, w 6.
Specifically, the undirected graph model can be represented as a ternary set:
wherein G is a undirected graph model; v is a node set, and n is the number of nodes; w is an edge set; a is a weight adjacency matrix.
Specifically, the definition formula of the neighbor set may be:
Ni={vj∈v:(vi,vj)∈w}
wherein N isiIs a neighbor set of the ith node, viIs the ith node, vjIs the jth node, (v)i,vj) To connect nodes viAnd node vjV is a node set and w is an edge set.
According to the above definitions, in the specific application scenario shown in fig. 1, the neighbor set of the node v1 includes v2, v4, v 5; the neighbor set of the node v2 includes v1, v 3; the neighbor set of the node v3 includes v2, v 4; the neighbor set of the node v4 comprises v1, v3 and v 5; the neighbor set of the node v5 includes v1, v 4.
In some embodiments, the weight adjacency matrix a is a dual random matrix, and the elements in the weight adjacency matrix satisfy:
where dij is the element in ith row and jth column of the weight adjacency matrix, niIs weighted to the number of rows in the adjacent matrix, njIs, the number of columns of the weight adjacency matrix, NiIs a neighbor set of the ith node. The double random matrix is a non-negative real number square matrix in which the sum of elements in each row and each column is 1.
S102: the method comprises the steps of obtaining operation parameters of all distributed generators in a distributed generator system, and establishing a scheduling optimization model of the distributed generator system based on the operation parameters.
In some embodiments, the scheduling optimization model of the distributed power generation system is a scheduling optimization model of a virtual power plant aggregated by each distributed power generator.
The optimization goal of the scheduling optimization model is to minimize the total operating cost of the system.
In some embodiments, the operational data includes historical power generation costs for each of the distributed generators.
The specific implementation manner of S102 includes:
a power generation cost model for each distributed generator is established based on historical power generation costs for each distributed generator.
And establishing a dispatching optimization model of the distributed power generation system based on the power generation cost model.
In some embodiments, for any one distributed generator entity, the power generation cost model is:
wherein,the active power output of the ith distributed generator,for the generating cost of the ith distributed generator, ai、biAnd ciAre the price coefficients of the power generation cost function.
In some embodiments, the scheduling optimization model includes an objective function and a constraint equation.
In some embodiments, the objective function of the virtual plant scheduling optimization model is:
wherein, CtotalV is the total power generation cost of the distributed power generation system, v is the number of distributed generators,the power generation cost of the ith distributed generator.
In some embodiments, the constraint equation of the virtual plant scheduling optimization model is:
wherein, PoutIs the total output of the virtual power plant,for the active output of the ith distributed generator, PloadFor load consumption in virtual power plants, PdemandThe virtual power plant active output preset for the virtual power plant energy management system,the lower bound of the output of the ith distributed generator,the upper output bound of the ith distributed generator.
When the distributed power generation system stably operates, the active power output can meet the requirements of the energy management system on power generation and economic dispatching of the virtual power plant.
S103: determining a incremental rate of the distributed power generation system based on the scheduling optimization model and the undirected graph model.
In some embodiments, S103 comprises:
an Incremental Rate (ICR) of power generation of each distributed generator is defined according to a power generation cost model of each distributed generator.
In some embodiments, the power generation micro-augmentation rate is calculated by the formula:
wherein λ isiFor the incremental rate of the ith distributed generator,for the cost of power generation of the ith distributed generator,is the active power output of the ith distributed generator, aiAnd biAre the price coefficients of the power generation cost function.
In some embodiments, the method provided in embodiments of the present invention further comprises:
and adjusting the distributed power generation system based on a consistency algorithm until the distributed power generation system is in a stable state. The consistency algorithm comprises the step of carrying out synchronous iterative interactive calculation of the micro-increment rate on each distributed generator and the corresponding neighbor set.
In some embodiments, the incremental ratio calculated by the consistency algorithm is:
λ[k+1]=Aλ[k]+εF(Pdemand-Pout)
wherein, λ [ k +1 ]]The micro-increment rate after iterative interaction of a consistency algorithm; a is a weight adjacency matrix; lambda [ k ]]The previous micro-increment rate in the iteration process; epsilon is a convergence coefficient which satisfies that the optimization problem iteratively receives a feasible solution; f is a column vector with the first element being 1 and the remaining elements being 0, i.e. F1=1;fi≠1=0;PdemandThe method comprises the steps of presetting virtual power plant active output for a virtual power plant energy management system; poutIs the total output of the virtual power plant.
Specifically, for the ith distributed generator, the incremental ratio calculation formula through the consistency algorithm is as follows:
wherein λ isi(k +1) is the incremental rate of the ith distributed generator after iterative interaction of a consistency algorithm; n is a radical ofiThe neighbor set of the ith node is the neighbor set of the ith node; dijThe element of the ith row and the jth column in the weighted adjacency matrix; lambda [ alpha ]j(k) The last micro-increment rate of the jth distributed generator in the iteration process is obtained; epsilon is a convergence coefficient which satisfies the iterative convergence of the optimization problem to a feasible solution; f. ofiIs the ith element in the column vector F.
The basis for judging the convergence of the iterative interaction process comprises the following steps:
wherein, the lambda is the micro-increment rate,steady state micro-increment rate for iterative convergence process, PdemandThe method comprises the steps of presetting virtual power plant active output for a virtual power plant energy management system; poutIs the total output of the virtual power plant.
When the micro-increment rate obtained by iteration of the consistency algorithm is equal to the preset steady-state micro-increment rate, and the total output of the virtual power plant is equal to the preset active output of the virtual power plant, the iterative interaction process is judged to be converged, and the distributed power generation system realizes steady-state operation.
Specifically, the steady state micro-increment rate calculation formula when iteration reaches convergence is as follows:
wherein,at a steady state micro-increment rate, lambdastableTo achieve the average incremental rate at convergence for the consistency algorithm,the lower bound of the output of the ith distributed generator,is the upper bound of the output of the ith distributed generator, aiAnd biAre the price coefficients of the power generation cost function.
When iteration reaches convergence, each distributed generator generates power under the constraint of the micro-increment rate during convergence, and the specific active power output of each generator is as follows:
wherein, the active power output of the ith distributed generator after iterative interaction of the consistency algorithm is lambdai(k +1) is the ith score after iterative interaction of a consistency algorithmThe micro-increment rate of the distributed generator is increased,the active output for the ith distributed generator is,the lower bound of the output of the ith distributed generator,is the upper bound of the output of the ith distributed generator, aiAnd biAre the price coefficients of the power generation cost function.
S104: and determining a network attack detection result of the distributed power generation system according to the micro-increment rate based on a neighborhood observation mechanism.
The neighborhood observation mechanism can exchange data with each other through a distributed main body, namely each distributed generator, and check the exchanged data to generate a network attack detection result of the distributed power generation system.
In this embodiment, the data exchanged between the various distributed generators is the incremental rate in the iterative process.
Specifically, the ith distributed generator broadcasts its own incremental rate to its neighbor set in the k-th broadcast process, and each distributed generator in the neighbor set estimates the normal range of the (k +1) -th incremental rate of the ith distributed generator according to the k-th incremental rate. And if the actually received (k +1) th micro-increment rate does not conform to the normal range, judging that the communication network of the distributed power generation system is attacked and abnormal.
In some embodiments, the distributed generator node is restored if it is determined that the distributed generator node is restored to normal.
Specifically, the values in the proximity matrix are defined by the parameters of the distributed confidence, thereby isolating or recovering the malicious subject.
Specifically, the normal range of the micro-increment rate is determined by a normal range calculation formula.
The normal range calculation formula includes:
If j is 1, then
Wherein,is the upper limit value of the (k +1) th micro-increment rate of the jth distributed generator,is the lower limit value of the (k +1) th micro-increment rate of the jth distributed generator, eta is a coefficient which is larger than zero,is a neighbor set, λ, of the jth distributed generatorq(k) For the kth incremental rate of the qth distributed generator in the neighbor set of the jth distributed generator,the maximum value of the kth micro-increment rate in the neighbor set of the jth distributed generator,is the minimum value of the kth micro-increment rate in the neighbor set of the jth distributed generator,the element with the largest k-th micro-increment rate in the neighbor set of the jth distributed generator,is the element with the minimum k-th micro-increment rate in the neighbor set of the jth distributed generator, epsilon is a convergence coefficient meeting the requirement of iterative convergence of an optimization problem to a feasible solution, and PdemandThe method comprises the steps of presetting virtual power plant active output for a virtual power plant energy management system; poutIs the total output of the virtual power plant.
In particular, the method comprises the following steps of,
in some embodiments, after S104, the network attack detection method of the distributed power generation system further includes: and judging whether the abnormal distributed generator needs to be disconnected or not based on the distributed confidence machine and the micro-increment rate.
Specifically, a distributed trust degree recording mechanism is used for recording suspicious nodes, received data are judged, and if the received micro-increment rate is not in a normal range, the micro-increment rate is proved to be in doubt.
Specifically, the model of the distributed confidence engine comprises:
wherein G isj[k+1]Is the k +1 confidence of the jth distributed generator, Gj[k]For the kth confidence of the jth generator, is,is the upper limit value of the kth micro-increment rate of the jth distributed generator,for the j-th distributed generatorLower limit of kth micro-increment rate, lambdajIs the fractional increase of the jth distributed generator.
By using the abnormal performance of the distributed confidence machine, whether the malicious node under the network attack needs to be disconnected or restarted can be judged.
The network attack detection method for the distributed power generation system provided by the embodiment of the invention can effectively detect the network attack based on the neighborhood guarding mechanism, fully protect the information security of the distributed power generation system and ensure the safe and stable operation of the system. In the embodiment, by taking privacy protection into consideration, the internet power flow synchronous iterative computation method is adopted, suspicious data are recorded by using a distributed trust degree recording mechanism, and attacks are positioned and isolated by abnormality of the distributed trust degree mechanism, so that cyber attack detection of a Cyber Physical System (CPS) of the distributed power generation system can be effectively realized.
Fig. 3 is a flowchart illustrating a step of determining whether the incremental rate meets a normal range in the network attack detection method for a distributed power generation system according to the embodiment of the present invention.
Referring to fig. 3, the process of determining the micro-increment rate includes:
the ith distributed generator broadcasts its kth incremental rate lambda to the distributed generators in its neighbor seti(k) In that respect The distributed generators in the neighbor set receive and record the data, and the (k +1) th micro-increment rate lambda of the ith distributed generator is calculated according to the received dataiThe upper and lower bounds of (k + 1). And after receiving the (k +1) th micro-increment rate of the ith distributed generator, the neighbor set detects whether the micro-increment rate is between an upper bound and a lower bound. By circulating the above processes, the detection of the network attack is realized.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 4 shows a schematic structural diagram of a distributed power generation system network attack detection apparatus provided by an embodiment of the present invention. Referring to fig. 4, the distributed power generation system network attack detection apparatus 40 provided in the embodiment of the present invention may include an undirected graph model building module 410, an optimization model building module 420, a incremental launching rate calculation module 430, and a detection result generation module 440.
And an undirected graph model establishing module 410, configured to obtain a connection relationship between the distributed generators in the distributed power generation system, and establish an undirected graph model of the distributed power generation system based on the connection relationship.
And the scheduling optimization model establishing module 420 is configured to obtain operation parameters of each distributed generator in the distributed power generation system, and establish a scheduling optimization model of the distributed generators based on the operation parameters.
And the micro-increment rate calculation module 430 is used for determining the micro-increment rate of each distributed generator in the distributed power generation system based on the scheduling optimization model and the undirected graph model.
And the detection result generation module 440 is configured to determine a network attack detection result of the distributed power generation system according to the micro-increment rate based on a neighborhood guarding mechanism.
The network attack detection device of the distributed power generation system provided by the embodiment of the invention can effectively detect the network attack based on the neighborhood guarding mechanism, fully protect the information security of the distributed power generation system and ensure the safe and stable operation of the system.
In some embodiments, the undirected graph model building module 410 is specifically configured to:
and establishing a node set and an edge set of the distributed power generation system according to the connection relation. And establishing a neighbor set of each node based on the node set and the edge set. And establishing a weighted adjacency matrix of the distributed power generation system based on the neighbor set. And taking the node set, the edge set and the weight adjacency matrix as undirected graph models.
In some embodiments, the operational data includes historical power generation costs for each distributed generator, and the optimization model building module 420 is specifically configured to:
a power generation cost model for each distributed generator is established based on historical power generation costs for each distributed generator. And establishing a dispatching optimization model of the distributed power generation system based on the power generation cost model.
In some embodiments, the detection result generation module 440 may include: the device comprises a first micro-increment rate acquisition unit, a normal range calculation unit, a second micro-increment rate acquisition unit and a judgment unit.
The first micro-increment rate acquisition unit is used for acquiring the kth micro-increment rate of the first distributed generator; the first distributed generator is any one of the distributed generators in the distributed power generation system.
And the normal range calculation unit is used for calculating the normal range of the (k +1) th micro-increment rate of the first distributed generator based on the kth micro-increment rate.
And the second micro-increment rate acquisition unit is used for acquiring the (k +1) th micro-increment rate of the first distributed generator.
The judging unit is used for judging whether the (k +1) th micro-increment rate belongs to a normal range or not; and if the (k +1) th micro-increment rate does not belong to the normal range, judging that the network attack detection result of the distributed power generation system is abnormal.
In some embodiments, the normal range calculation unit is specifically configured to:
and calculating the normal range of the (k +1) th micro-increment rate of the first distributed generator based on the k-th micro-increment rate and the normal range calculation formula.
The normal range calculation formula includes:
If j is 1, then
Wherein,is the jth minuteThe upper limit value of the (k +1) th micro-increment rate of the distributed generator,is the lower limit value of the (k +1) th micro-increment rate of the jth distributed generator, eta is a coefficient which is larger than zero,is a neighbor set, λ, of the jth distributed generatorq(k) For the kth incremental rate of the qth distributed generator in the neighbor set of the jth distributed generator,the maximum value of the kth micro-increment rate in the neighbor set of the jth distributed generator,is the minimum value of the kth micro-increment rate in the neighbor set of the jth distributed generator,the element with the largest k-th micro-increment rate in the neighbor set of the jth distributed generator,is the element with the minimum k-th micro-increment rate in the neighbor set of the jth distributed generator, epsilon is a convergence coefficient meeting the requirement of iterative convergence of an optimization problem to a feasible solution, and PdemandThe method comprises the steps of presetting virtual power plant active output for a virtual power plant energy management system; poutIs the total output of the virtual power plant.
In some embodiments, the cyber attack detecting apparatus 40 of the distributed power generation system further includes an adjusting module for adjusting the distributed power generation system based on the consistency algorithm until the distributed power generation system is in a stable operation state.
In some embodiments, the network attack detection apparatus of the distributed power generation system further includes a protection module for determining whether an abnormal distributed power generator needs to be disconnected based on the distributed confidence machine and the incremental rate.
Fig. 5 is a schematic diagram of a terminal device according to an embodiment of the present invention. As shown in fig. 5, the terminal device 50 of this embodiment includes: a processor 500, a memory 510, and a computer program 520 stored in the memory 510 and executable on the processor 500, such as a cyber attack detection program for a distributed power generation system. The processor 50, when executing the computer program 520, implements the steps in the network attack detection method embodiments of the respective distributed power generation systems described above, such as the steps S101 to S104 shown in fig. 2. Alternatively, the processor 500 executes the computer program 520 to implement the functions of the modules/units in the device embodiments, such as the functions of the modules 410 to 440 shown in fig. 4.
Illustratively, the computer program 520 may be partitioned into one or more modules/units that are stored in the memory 510 and executed by the processor 500 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program 520 in the terminal device 50. For example, the computer program 520 may be divided into an undirected graph model building module, an optimization model building module, a fractional increase rate calculation module, and a detection result generation module.
The terminal device 50 may be a computing device such as a desktop computer, a notebook, a palm computer, and a cloud server. The terminal device may include, but is not limited to, a processor 500, a memory 510. Those skilled in the art will appreciate that fig. 5 is merely an example of a terminal device 50 and does not constitute a limitation of terminal device 50 and may include more or fewer components than shown, or some components may be combined, or different components, for example, the terminal device may also include input output devices, network access devices, buses, etc.
The Processor 500 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The storage 510 may be an internal storage unit of the terminal device 50, such as a hard disk or a memory of the terminal device 50. The memory 510 may also be an external storage device of the terminal device 50, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the terminal device 50. Further, the memory 510 may also include both an internal storage unit and an external storage device of the terminal device 50. The memory 510 is used for storing the computer programs and other programs and data required by the terminal device. The memory 510 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A network attack detection method of a distributed power generation system is characterized by comprising the following steps:
the method comprises the steps of obtaining the connection relation of all distributed generators in a distributed power generation system, and establishing an undirected graph model of the distributed power generation system based on the connection relation;
acquiring operation parameters of all distributed generators in the distributed power generation system, and establishing a scheduling optimization model of the distributed power generation system based on the operation parameters;
determining a micro-augmentation rate of each distributed generator in the distributed power generation system based on the scheduling optimization model and the undirected graph model;
and determining a network attack detection result of the distributed power generation system according to the micro-increment rate based on a neighborhood observation mechanism.
2. The network attack detection method for the distributed power generation system according to claim 1, wherein the establishing an undirected graph model of the distributed power generation system based on the connection relationship comprises:
establishing a node set and an edge set of the distributed power generation system according to the connection relation;
establishing a neighbor set of each node based on the node set and the edge set;
establishing a weighted adjacency matrix of the distributed power generation system based on the neighbor set;
and taking the node set, the edge set and the weight adjacency matrix as the undirected graph model.
3. The cyber attack detecting method of a distributed power generating system according to claim 1, wherein the operation data includes a historical power generation cost of each distributed power generator;
the establishing a scheduling optimization model of the distributed power generation system based on the operating parameters includes:
establishing a power generation cost model of each distributed generator based on the historical power generation cost of each distributed generator;
and establishing a scheduling optimization model of the distributed power generation system based on the power generation cost model.
4. The method for detecting cyber attack of a distributed power generation system according to claim 1, wherein the determining the cyber attack detection result of the distributed power generation system according to the micro-augmentation rate based on the neighborhood-based watching mechanism comprises:
acquiring the kth micro-increment rate of the first distributed generator; the first distributed generator is any one of the distributed generators in the distributed power generation system;
calculating a normal range of a k +1 th micro-increment rate of the first distributed generator based on the k-th micro-increment rate;
acquiring the (k +1) th micro-increment rate of the first distributed generator;
judging whether the (k +1) th micro-increment rate belongs to the normal range or not;
and if the (k +1) th micro-increment rate does not belong to the normal range, judging that the network attack detection result of the distributed power generation system is abnormal.
5. The cyber attack detecting method according to claim 4, wherein the calculating of the normal range of the (k +1) th micro-increment rate of the first distributed generator based on the k-th micro-increment rate includes:
calculating a normal range of the (k +1) th micro-increment rate of the first distributed generator based on the kth micro-increment rate and a normal range calculation formula;
the normal range calculation formula includes:
If j is 1, then
Wherein,is the upper limit value of the (k +1) th micro-increment rate of the jth distributed generator,is the lower limit value of the (k +1) th micro-increment rate of the jth distributed generator, eta is a coefficient which is larger than zero,is a neighbor set, λ, of the jth distributed generatorq(k) For the kth incremental rate of the qth distributed generator in the neighbor set of the jth distributed generator,the maximum value of the kth micro-increment rate in the neighbor set of the jth distributed generator,is the minimum value of the kth micro-increment rate in the neighbor set of the jth distributed generator,the element with the largest k-th micro-increment rate in the neighbor set of the jth distributed generator,is the element with the minimum k-th micro-increment rate in the neighbor set of the jth distributed generator, epsilon is a convergence coefficient meeting the requirement of iterative convergence of an optimization problem to a feasible solution, and PdemandThe method comprises the steps of presetting virtual power plant active output for a virtual power plant energy management system; poutIs the total output of the virtual power plant.
6. The method for detecting cyber attack of a distributed power generation system according to any one of claims 1 to 5, wherein before the neighborhood-based watchful waiting mechanism determines the cyber attack detection result of the distributed power generation system according to the micro-augmentation rate, the method further comprises:
and adjusting the distributed power generation system based on a consistency algorithm until the distributed power generation system is in a stable operation state.
7. The method for detecting cyber attack of a distributed power generation system according to any one of claims 1 to 5, wherein after the neighborhood-based watchful waiting mechanism determines the cyber attack detection result of the distributed power generation system according to the micro-increment rate, the method comprises:
and judging whether the abnormal distributed generator needs to be disconnected or not based on the distributed confidence machine and the micro-increment rate.
8. A network attack detection device of a distributed power generation system is characterized by comprising:
the undirected graph model establishing module is used for acquiring the connection relation of each distributed generator in the distributed generation system and establishing an undirected graph model of the distributed generation system based on the connection relation;
the scheduling optimization model establishing module is used for acquiring the operating parameters of each distributed generator in the distributed power generation system and establishing a scheduling optimization model of the distributed generators based on the operating parameters;
the micro-increment rate calculation module is used for determining the micro-increment rate of each distributed generator in the distributed power generation system based on the scheduling optimization model and the undirected graph model;
and the detection result generation module is used for determining a network attack detection result of the distributed power generation system according to the micro-increment rate based on a neighborhood observation mechanism.
9. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110994679.0A CN113704750A (en) | 2021-08-27 | 2021-08-27 | Network attack detection method and device of distributed power generation system and terminal equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110994679.0A CN113704750A (en) | 2021-08-27 | 2021-08-27 | Network attack detection method and device of distributed power generation system and terminal equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113704750A true CN113704750A (en) | 2021-11-26 |
Family
ID=78655851
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110994679.0A Pending CN113704750A (en) | 2021-08-27 | 2021-08-27 | Network attack detection method and device of distributed power generation system and terminal equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113704750A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115225305A (en) * | 2022-04-12 | 2022-10-21 | 上海大学 | Attack detection and recovery method for distributed economic dispatch of microgrid under network attack |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105826944A (en) * | 2016-03-18 | 2016-08-03 | 上海电机学院 | Method and system for predicting power of microgrid group |
CN109474017A (en) * | 2018-12-24 | 2019-03-15 | 武汉大学 | A kind of real-time distributed economic load dispatching method of power distribution network |
CN110048415A (en) * | 2019-05-06 | 2019-07-23 | 南京邮电大学 | A kind of real-time distributed economic load dispatching method suitable for grid type micro-capacitance sensor |
CN110265991A (en) * | 2019-05-07 | 2019-09-20 | 上海电力学院 | A kind of distributed and coordinated control method of direct-current grid |
CN112598211A (en) * | 2020-10-30 | 2021-04-02 | 天津大学 | Consistency-based distributed power grid economic dispatching injection attack mitigation method |
CN113190782A (en) * | 2020-01-14 | 2021-07-30 | 华北电力大学(保定) | Microgrid distributed economic dispatching method based on consistency algorithm |
CN113241794A (en) * | 2021-05-28 | 2021-08-10 | 合肥工业大学 | Island micro-grid self-adaptive control method based on multiple intelligent agents |
-
2021
- 2021-08-27 CN CN202110994679.0A patent/CN113704750A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105826944A (en) * | 2016-03-18 | 2016-08-03 | 上海电机学院 | Method and system for predicting power of microgrid group |
CN109474017A (en) * | 2018-12-24 | 2019-03-15 | 武汉大学 | A kind of real-time distributed economic load dispatching method of power distribution network |
CN110048415A (en) * | 2019-05-06 | 2019-07-23 | 南京邮电大学 | A kind of real-time distributed economic load dispatching method suitable for grid type micro-capacitance sensor |
CN110265991A (en) * | 2019-05-07 | 2019-09-20 | 上海电力学院 | A kind of distributed and coordinated control method of direct-current grid |
CN113190782A (en) * | 2020-01-14 | 2021-07-30 | 华北电力大学(保定) | Microgrid distributed economic dispatching method based on consistency algorithm |
CN112598211A (en) * | 2020-10-30 | 2021-04-02 | 天津大学 | Consistency-based distributed power grid economic dispatching injection attack mitigation method |
CN113241794A (en) * | 2021-05-28 | 2021-08-10 | 合肥工业大学 | Island micro-grid self-adaptive control method based on multiple intelligent agents |
Non-Patent Citations (3)
Title |
---|
PEIKAI LI; YUN LIU; HUANHAI XIN; XICHEN JIANG: "A Robust Distributed Economic Dispatch Strategy of Virtual Power Plant Under Cyber-Attacks", 《IEEE TRANSACTIONS ON INDUSTRIAL INFORMATICS》, pages 1 - 10 * |
YUN LIU UNIVERSITY OF CENTRAL FLORIDA, ORLANDO, FL, USA, DEPARTMENT OF ELECTRICAL ENGINEERING, ZHEJIANG UNIVERSITY, HANGZHOU, CHIN: "An Attack-Resilient Cooperative Control Strategy of Multiple Distributed Generators in Distribution Networks", 《 IEEE TRANSACTIONS ON SMART GRID 》, pages 2923 * |
王蕊: "智能电网中经济调度问题的分布式算法研究", 《中国博士学位论文全文数据库工程科技Ⅱ辑》, pages 1 - 130 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115225305A (en) * | 2022-04-12 | 2022-10-21 | 上海大学 | Attack detection and recovery method for distributed economic dispatch of microgrid under network attack |
CN115225305B (en) * | 2022-04-12 | 2024-04-19 | 上海大学 | Attack detection and recovery method for micro-grid distributed economic dispatch under network attack |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Dwivedi et al. | A maximum-flow-based complex network approach for power system vulnerability analysis | |
US10103942B2 (en) | Computer processing method and system for network data | |
Fattahi et al. | A bound strengthening method for optimal transmission switching in power systems | |
Nakarmi et al. | Interaction graphs for cascading failure analysis in power grids: A survey | |
Liu et al. | A new dynamic security assessment framework based on semi-supervised learning and data editing | |
Zhou et al. | Privacy regulation aware process mapping in geo-distributed cloud data centers | |
Babakmehr et al. | Smart-grid topology identification using sparse recovery | |
CN103365727A (en) | Host load forecasting method in cloud computing environment | |
CN111638666B (en) | Multi-module parallel machine system master-slave-free power distribution method and multi-module power system | |
Shayesteh et al. | Scenario reduction, network aggregation, and DC linearisation: which simplifications matter most in operations and planning optimisation? | |
Durvasulu et al. | Market‐based generator cost functions for power system test cases | |
Xu et al. | Risk‐averse multi‐objective generation dispatch considering transient stability under load model uncertainty | |
Zhao et al. | Identification of critical lines for enhancing disaster resilience of power systems with renewables based on complex network theory | |
CN113704750A (en) | Network attack detection method and device of distributed power generation system and terminal equipment | |
Liu | A Real‐Time Detection Method for Abnormal Data of Internet of Things Sensors Based on Mobile Edge Computing | |
CN105518723A (en) | A spinning reserve capacity optimization method based on a backup object performance ratio | |
CN114138231A (en) | Method, circuit and SOC for executing matrix multiplication operation | |
CN115189863B (en) | E-commerce transaction information management system based on block chain network architecture | |
CN109033603B (en) | Intelligent substation secondary system simulation method based on source flow path chain | |
Şencan | Modeling of thermodynamic properties of refrigerant/absorbent couples using data mining process | |
CN116644567A (en) | Method, system, equipment and medium for determining key transmission section of power system | |
CN116032553A (en) | False data injection attack detection method, detection terminal and storage medium | |
Su et al. | TrendRank method for evaluating the importance of power grid nodes considering information network | |
CN113991686B (en) | Fault recovery method and device for multi-energy coupling power distribution system and storage medium | |
Chin et al. | Formation of ad hoc microgrids for prompt critical load pickup during blackouts by leveraging stochastic distributed energy resources |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |