CN114666153A - False data injection attack detection method and system based on state estimation residual distribution description - Google Patents

False data injection attack detection method and system based on state estimation residual distribution description Download PDF

Info

Publication number
CN114666153A
CN114666153A CN202210367966.3A CN202210367966A CN114666153A CN 114666153 A CN114666153 A CN 114666153A CN 202210367966 A CN202210367966 A CN 202210367966A CN 114666153 A CN114666153 A CN 114666153A
Authority
CN
China
Prior art keywords
residual
distribution
state estimation
real
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210367966.3A
Other languages
Chinese (zh)
Other versions
CN114666153B (en
Inventor
王�琦
陈家琪
汤奕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dongda Testing Services Changzhou Co ltd
Liyang Research Institute of Southeast University
Original Assignee
Liyang Research Institute of Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Liyang Research Institute of Southeast University filed Critical Liyang Research Institute of Southeast University
Priority to CN202210367966.3A priority Critical patent/CN114666153B/en
Publication of CN114666153A publication Critical patent/CN114666153A/en
Application granted granted Critical
Publication of CN114666153B publication Critical patent/CN114666153B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a false data injection attack detection method and a system thereof based on state estimation residual distribution description, wherein the method comprises the steps of obtaining continuous state estimation residual data at t moments from a master station server of a power system; dividing each measured residual data into intervals to obtain the distribution of the preprocessed measured residual; carrying out Gaussian fitting on the residual distribution of each measurement to obtain distributed characteristic parameters; and acquiring real-time state estimation residual data in a sliding time window, preprocessing the data, and performing Gaussian fitting on the obtained measurement residual distribution to obtain real-time distribution characteristic parameters. And comparing the real-time system residual error characteristics with the standard system residual error characteristics to judge that the system is under the implementation of false data injection attack within the acceptance range, and judging that the system is under the implementation of false data injection attack if the real-time system residual error characteristics exceed the early warning range. The invention can effectively solve the problem that the data tampering attack aiming at the state estimation is difficult to detect.

Description

False data injection attack detection method and system based on state estimation residual distribution description
Technical Field
The invention belongs to the field of network security of a power system, and particularly relates to a false data injection attack detection method and system based on state estimation residual distribution description.
Background
With the deep development of smart power grids, the problem of grid information security is increasingly concerned by the industry and academia. The energy management system utilizes the real-time data information of the power grid and is matched with various high-level software to realize the functions of state estimation, load flow calculation, static/dynamic safe operation analysis and the like. State estimation is the most basic application, with the estimation result being the raw input for many advanced functions. A spurious data injection attack on the state estimation can skew the estimation result, thereby triggering a wrong instruction to destroy the safe and stable operation of the power system. Therefore, how to detect the concealed false data injection attack in the state estimation needs to be researched.
Therefore, on the basis of fully combining the state estimation and the spurious data injection attack principle, a detection method for the spurious data injection attack is researched starting from state estimation residual distribution.
Disclosure of Invention
The invention provides a false data injection attack detection method and system based on state estimation residual distribution description, which are used for solving the technical problem that false data injection attacks aiming at state estimation are difficult to detect.
In order to achieve the above purpose, the invention provides the following technical scheme: ,
the invention discloses a false data injection attack detection method based on state estimation residual distribution description, which specifically comprises the following operation steps:
s1: acquiring continuous t-moment state estimation residual error data from a power system master station server;
s2: dividing each measured state estimation residual data into intervals to obtain the distribution of the preprocessed measured residual;
s3: carrying out Gaussian fitting on the measured residual error distribution of each measurement to obtain distribution characteristic parameters, and recording the distribution characteristic parameters as residual error characteristics F of the standard systemSE,0
S4: obtaining real-time state estimation residual data in a sliding time window, preprocessing the data according to the step S2, and performing Gaussian fitting on the obtained measurement residual distribution to obtain real-time distribution characteristic parameters which are recorded as real-time system residual characteristics FSE
S5: the residual error characteristic F of the real-time systemSEResidual error characteristic F from standard systemSE,0Comparing, and if the real-time system residual error characteristics are within a preset safety range, injecting no false data; if the real-time system residual error characteristics exceed the preset attack early warning range, sending out false data injection attack early warning; and if the residual error characteristics of the real-time system exceed the preset acceptable range and are within the attack early warning range, continuing to track and observe.
In step S1, the state estimation residual data includes all measured residuals within the system.
In step S2, the interval division of the state estimation residual data specifically includes:
xi=rL+(i-0.5)Δr,i=1,2,...,q
wherein r isUAnd rLFor the upper and lower bounds set, Δ r is the range between cells, Δ r ═ r (r)U-rL) Q, q is the number of equally spaced cells, xiIs the center value of the ith cell.
In step S2, the measured residual distribution is represented as (x)i,yi) Wherein i is 1, 2, …, q, wherein yiIs the number of residuals within the ith cell.
In step S3, the gaussian fitting method for the measured residual distribution of each measurement is as follows:
for each set of data (x)i,yi) Represented by the formula:
Figure BDA0003587874480000021
wherein a represents the center height of the curve, b represents the expectation, c represents the standard deviation, and a, b and c are characteristic parameters of the distribution.
In step S3, the standard system residual feature FSE,0Is a vector formed by a and c parameters in all measured residual distribution characteristic parameters.
In step S4, the length of the sliding time window is adjusted according to the cycle length of the state estimation.
In step S5, the safety range is defined by an acceptability threshold ω1And ω2Determining that the real-time system residual error characteristics satisfy the following formula:
aj,T∈[(1-ω1)aj,0,(1+ω1)aj,0]
cj,T∈[(1-ω2)cj,0,(1+ω2)cj,0]
wherein, aj,TAnd cj,TReal-time system residual error characteristic F at time TSE,TA characteristic parameter of the j-th measured residual distribution of (1)j,0And cj,0Then it is the corresponding standard system residual error feature FSE,0The characteristic parameter of the j-th measured residual distribution in (1).
In step S5, the attack warning range is determined by the warning parameter τ1And τ2It is determined that the real-time system residual error characteristics satisfy the following equation:
aj,T>τ1aj,0
cj,T<τ2cj,0
the invention relates to a false data injection attack detection system based on state estimation residual distribution description, which comprises: a network interface, a memory, and a processor; wherein,
the network interface is used for receiving and sending signals in the process of receiving and sending information with other external network elements;
the memory for storing a computer program operable on the processor;
the processor is configured to execute the steps of the above false data injection attack detection method based on state estimation residual distribution description when the computer program is run.
According to the technical scheme, the invention has the following advantages:
according to the method, historical data of a state estimation residual result is obtained, distribution conditions are obtained for the historical residual data, and then distribution characteristic parameters are obtained for the distribution by using a Gaussian fitting method, so that a standard system residual characteristic is formed; after the real-time system residual error characteristics are obtained in the same mode in the sliding time window, the real-time system residual error characteristics are compared with the standard system residual error characteristics, attack is not considered to be generated in the acceptance range, if the real-time system residual error characteristics exceed the early warning range, the fact that the system is under implementation of false data injection attack is judged, effective attack detection with low calculation complexity and without the need of adding other power equipment is achieved depending on the state estimation result, and the problem that hidden data tampering attack aiming at state estimation is difficult to detect is solved.
Drawings
FIG. 1 is a flowchart of the operation of the method for detecting a spurious data injection attack described based on a state estimation residual distribution according to the present invention;
fig. 2 is a schematic diagram of an IEEE14 node system used in an embodiment of the present invention.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments.
The embodiment of the application provides a false data injection attack detection method based on state estimation residual distribution description, which comprises the steps of obtaining historical data of a state estimation residual result, obtaining distribution conditions of the historical residual data, obtaining distribution characteristic parameters of the distribution by using a Gaussian fitting method, and forming a standard system residual characteristic; after the real-time system residual error characteristics are obtained in the same mode in the sliding time window, the real-time system residual error characteristics are compared with the standard system residual error characteristics, no attack is considered in an acceptance range, and if the real-time system residual error characteristics exceed an early warning range, the system is judged to be under the implementation of false data injection attack, so that the technical problem that data tampering attack aiming at state estimation is difficult to detect is solved.
Referring to fig. 1, the method for detecting a false data injection attack of the present invention is applied to a power system, and includes the following steps:
s1, acquiring continuous state estimation residual error data at t moments from a master station server of an electric power system;
s2, carrying out interval division on each measured residual error data to obtain the distribution of the preprocessed measured residual errors;
s3, carrying out Gaussian fitting on each measured residual error distribution to obtain distributed characteristic parameters, and recording the distributed characteristic parameters as residual error characteristics F of the standard systemSE,0
S4, obtaining real-time state estimation residual error data in a sliding time window, preprocessing the data according to the step S2, carrying out Gaussian fitting on the obtained measurement residual error distribution to obtain real-time distribution characteristic parameters, and recording the parameters as real-time system residual error characteristics FSE
S5, carrying out residual error characteristic F on the real-time systemSEResidual error characteristic F from standard systemSE,0Comparing, and if the residual error characteristics of the real-time system are in a safe range, considering that no false data is injected; if the real-time system residual error characteristics exceed the attack early warning range, sending out false data injection attack early warning; and if the residual error characteristics of the real-time system exceed the acceptable range and are within the attack early warning range, continuing tracking and observing.
Referring to fig. 2, taking IEEE14 node system as an example, 65 measurements are included. The target subnet of the false data injection attack is a small ring network consisting of nodes 1-5 identified by red boxes in the graph, wherein there are 24 offensive measures. Assume that the measurement noise of all measurements is set to obey N (0, 10)-4) Is normally distributed.
In the embodiment of the present invention, the state estimation residual data of step S1 includes all 65 measured residuals in the system, and 144 time instants of state estimation residual data are extracted.
In step S2, the specific step of partitioning the residual data into sections is:
xi=rL+(i-0.5)Δr,i=1,2,...,q
wherein r isUAnd rLFor a set upper and lower bound, Δ r is the range between cellsCircumference,. DELTA.r ═ r (r)U-rL) Q, q is the number of equally spaced cells, xiIs the center value of the ith cell.
In the embodiment of the present invention, r is setU=0.02,rLWhen q is-0.02 and q is 20, Δ r is 0.002.
In step S2, the measurement residual distribution may be represented as (x)i,yi) (i ═ 1, 2, …, q), where yiIs the number of residuals within the ith cell.
In step S3, the gaussian fitting of the residual distribution of each measurement means that each set of data (x) is subjected toi,yi) (i ═ 1, 2, …, q) is represented by the following formula:
Figure BDA0003587874480000041
where a represents the center height of the curve, b represents the expectation, and c represents the standard deviation. a. b and c are characteristic parameters of the distribution.
In the embodiment of the present invention, in step S3, the standard system residual error feature is a vector composed of a and c parameters of all measured residual error distribution feature parameters. This embodiment measures P3The attack detection method is illustrated by way of example, and the standard system residual error characteristic is [23.8,0.00861 ]]。
In step S4, the sliding time window is set to include 144 times.
In the embodiment of the present invention, in step S5, an acceptability threshold ω is set1=ω2When the real-time system residual error characteristic is 0.1, the following equation is satisfied:
aj,T∈[0.9*aj,0,1.1*aj,0]
cj,T∈[0.9*cj,0,1.1*cj,0]
wherein, aj,TAnd cj,TReal-time system residual error characteristic F at time TSE,TA characteristic parameter of the j-th measured residual distribution of (1)j,0And cj,0Then it is the corresponding standard system residual error feature FSE,0The characteristic parameter of the j-th measured residual distribution in (1).
In the embodiment of the present invention, in step S5, the pre-warning parameter is set to τ11.5 and τ2The real-time system residual error characteristic needs to satisfy the following formula:
aj,T>1.5*aj,0
cj,T<0.75*cj,0
table 1 shows the real-time system residual error characteristics at the partial time without attack. Under the set acceptance threshold, the real-time system residual error characteristics in the table are all in a safe range, and the system is considered to have no attack behavior at the moment.
TABLE 1 real-time System residual error characteristics for non-attack partial moments
Starting time of time window End time Parameter a Parameter c
1 144 23.75 0.008591
73 216 23.15 0.009002
145 288 22.77 0.009262
Table 2 shows the real-time system residual error characteristics at the time when the dummy data injection attacks the lower part. When the dummy data is just injected into the system for measurement, the variation range of the residual error characteristics of the real-time system is small and still in a safe range. Over time, at time 298, both parameters a, c begin to deviate from the safe range, and then both extracted fingerprints continue to drift. At time 321, the real-time system residual error characteristic breaches the set early warning threshold, confirming that the system measurement is being tampered.
TABLE 2 real-time system residual error characterization for the moment of dummy data injection attacking the lower part
Starting time of time window End time Parameter a Parameter c
146 289 25.37 0.007941
150 293 25.37 0.007941
155 298 26.32 0.007587
175 318 33.3 0.005393
178 321 35.25 0.004931
189 332 40.6 0.004027
217 360 62.86 0.002552
When the dummy data is just injected into the system for measurement, the variation range of the residual error characteristics of the real-time system is small and still in a safe range. Over time, at time 298, both parameters a, c begin to deviate from the safe range, and then both extracted fingerprints continue to drift; at time 321, the real-time system residual error characteristic breaches the set early warning threshold, confirming that the system measurement is being tampered.
In summary, by acquiring the historical data of the state estimation residual error result, firstly, the distribution condition of the historical residual error data is obtained, and then, the distribution characteristic parameters are obtained by using a gaussian fitting method for the distribution, so as to form the residual error characteristic of the standard system; and after the real-time system residual error characteristics are obtained in the same way in the sliding time window, the real-time system residual error characteristics are compared with the standard system residual error characteristics, no attack is considered in an acceptance range, and if the real-time system residual error characteristics exceed the early warning range, the system is judged to be under the implementation of false data injection attack, so that the problem that the data tampering attack aiming at state estimation is difficult to detect is solved.
All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

Claims (10)

1. A false data injection attack detection method based on state estimation residual distribution description is characterized by specifically comprising the following operation steps:
s1: acquiring continuous t-moment state estimation residual error data from a power system master station server;
s2: dividing each measured state estimation residual data into intervals to obtain the distribution of the preprocessed measured residual;
s3: carrying out Gaussian fitting on the measured residual error distribution of each measurement to obtain distribution characteristic parameters, and recording the distribution characteristic parameters as residual error characteristics F of the standard systemSE,0
S4: obtaining real-time state estimation residual data in a sliding time window, preprocessing the data according to the step S2, and performing Gaussian fitting on the obtained measurement residual distribution to obtain real-time distribution characteristic parameters which are recorded as real-time system residual characteristics FSE
S5: the residual error characteristic F of the real-time systemSEResidual error characteristic F from standard systemSE,0Comparing, and if the residual error characteristics of the real-time system are within a preset safety range, injecting no false data; if the real-time system residual error characteristics exceed the preset attack early warning range, sending out false data injection attack early warning; and if the residual error characteristics of the real-time system exceed the preset acceptable range and are within the attack early warning range, continuing to track and observe.
2. The method for detecting injection attack of false data based on state estimation residual distribution description according to claim 1, wherein in step S1, the state estimation residual data includes all measured residuals in the system.
3. The method for detecting injection attack of false data based on state estimation residual distribution description as claimed in claim 1, wherein in step S2, the interval division of the state estimation residual data is specifically:
xi=rL+(i-0.5)Δr,i=1,2,...,q
wherein r isUAnd rLFor the upper and lower bounds set, Δ r is the range between cells, Δ r ═ r (r)U-rL) Q, q is the number of equally spaced cells, xiIs the center value of the ith cell.
4. The method according to claim 3, wherein in step S2, the measured residual distribution is represented by (x)i,yi) Wherein i is 1, 2, …, q, wherein yiIs the number of residuals within the ith cell.
5. The method for detecting false data injection attack described by the state estimation residual distribution according to claim 4, wherein in step S3, the Gaussian fitting method for each measured residual distribution is:
for each set of data (x)i,yi) Represented by the formula:
Figure FDA0003587874470000021
wherein a represents the center height of the curve, b represents the expectation, c represents the standard deviation, and a, b and c are characteristic parameters of the distribution.
6. The method according to claim 5, wherein in step S3, the standard system residual feature F is used as the reference system residual featureSE,0Is a vector formed by a and c parameters in all measured residual distribution characteristic parameters.
7. The method according to claim 1, wherein in step S4, the length of the sliding time window is adjusted according to the cycle length of the state estimation.
8. The method for detecting injection attack of false data based on state estimation residual distribution description according to claim 1, wherein in step S5, the safety range is defined by an acceptability threshold ω1And omega2Determining that the real-time system residual error characteristics satisfy the following formula:
aj,T∈[(1-ω1)aj,0,(1+ω1)aj,0]
cj,T∈[(1-ω2)cj,0,(1+ω2)cj,0]
wherein, aj,TAnd cj,TReal-time system residual error characteristic F at time TSE,TA characteristic parameter of the j-th measured residual distribution of (1)j,0And cj,0Then it is the corresponding standard system residual error feature FSE,0The characteristic parameter of the j-th measured residual distribution in (1).
9. The method for detecting injection attack of false data based on state estimation residual distribution description as claimed in claim 8, wherein in step S5, the attack pre-warning range is defined by a pre-warning parameter τ1And τ2It is determined that the real-time system residual error characteristics satisfy the following equation:
aj,T>τ1aj,0
cj,T<τ2cj,0
10. the system for detecting the injection attack of the spurious data based on the description of the state estimation residual distribution is characterized by comprising the following steps of: a network interface, a memory, and a processor; wherein,
the network interface is used for receiving and sending signals in the process of receiving and sending information with other external network elements;
the memory for storing a computer program operable on the processor;
the processor, when executing the computer program, is configured to perform the steps of the method for detecting a spurious data injection attack based on state estimation residual distribution description according to any one of claims 1 to 9.
CN202210367966.3A 2022-04-08 2022-04-08 False data injection attack detection method and system based on state estimation residual distribution description Active CN114666153B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210367966.3A CN114666153B (en) 2022-04-08 2022-04-08 False data injection attack detection method and system based on state estimation residual distribution description

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210367966.3A CN114666153B (en) 2022-04-08 2022-04-08 False data injection attack detection method and system based on state estimation residual distribution description

Publications (2)

Publication Number Publication Date
CN114666153A true CN114666153A (en) 2022-06-24
CN114666153B CN114666153B (en) 2022-11-18

Family

ID=82034693

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210367966.3A Active CN114666153B (en) 2022-04-08 2022-04-08 False data injection attack detection method and system based on state estimation residual distribution description

Country Status (1)

Country Link
CN (1) CN114666153B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405273A (en) * 2023-03-27 2023-07-07 苏州慧至智能科技有限公司 Internet of things-oriented network attack detection and state estimation method
CN117039890A (en) * 2023-10-08 2023-11-10 南京邮电大学 Network attack detection-oriented power distribution network prediction auxiliary interval state estimation method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180176249A1 (en) * 2016-12-21 2018-06-21 Abb Inc. System and method for detecting false data injection in electrical substations
CN110995761A (en) * 2019-12-19 2020-04-10 长沙理工大学 Method and device for detecting false data injection attack and readable storage medium
CN111079271A (en) * 2019-12-02 2020-04-28 浙江工业大学 Industrial information physical system attack detection method based on system residual fingerprint
CN113191485A (en) * 2021-04-26 2021-07-30 东北大学 Power information network safety detection system and method based on NARX neural network
CN114189047A (en) * 2021-12-02 2022-03-15 南京邮电大学 False data detection and correction method for active power distribution network state estimation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180176249A1 (en) * 2016-12-21 2018-06-21 Abb Inc. System and method for detecting false data injection in electrical substations
CN111079271A (en) * 2019-12-02 2020-04-28 浙江工业大学 Industrial information physical system attack detection method based on system residual fingerprint
CN110995761A (en) * 2019-12-19 2020-04-10 长沙理工大学 Method and device for detecting false data injection attack and readable storage medium
CN113191485A (en) * 2021-04-26 2021-07-30 东北大学 Power information network safety detection system and method based on NARX neural network
CN114189047A (en) * 2021-12-02 2022-03-15 南京邮电大学 False data detection and correction method for active power distribution network state estimation

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116405273A (en) * 2023-03-27 2023-07-07 苏州慧至智能科技有限公司 Internet of things-oriented network attack detection and state estimation method
CN116405273B (en) * 2023-03-27 2023-10-20 苏州慧至智能科技有限公司 Internet of things-oriented network attack detection and state estimation method
CN117039890A (en) * 2023-10-08 2023-11-10 南京邮电大学 Network attack detection-oriented power distribution network prediction auxiliary interval state estimation method
CN117039890B (en) * 2023-10-08 2023-12-22 南京邮电大学 Network attack detection-oriented power distribution network prediction auxiliary interval state estimation method

Also Published As

Publication number Publication date
CN114666153B (en) 2022-11-18

Similar Documents

Publication Publication Date Title
CN114666153B (en) False data injection attack detection method and system based on state estimation residual distribution description
US20190261204A1 (en) Method and system for abnormal value detection in lte network
CN107016236B (en) Power grid false data injection attack detection method based on nonlinear measurement equation
US20140201048A1 (en) Method and apparatus of identifying a website user
He et al. Fully automated precise operational modal identification
Mahapatra et al. Bad data detection in PMU measurements using principal component analysis
EP4430494A1 (en) Modeling of adversarial artificial intelligence in blind false data injection against ac state estimation in smart grid security, safety and reliability
CN108803565B (en) Real-time detection method and device for industrial control system hidden attack
Yue An integrated anomaly detection method for load forecasting data under cyberattacks
CN103577695A (en) Method and device for detecting suspect data in power quality data
CN115128345B (en) Power grid safety early warning method and system based on harmonic monitoring
Basiri et al. Kalman filter based secure state estimation and individual attacked sensor detection in cyber-physical systems
Wu et al. Online identification of bad synchrophasor measurements via spatio-temporal correlations
CN107818135B (en) Voronoi diagram electric power big data abnormality detection method based on gray correlation method
US9535917B1 (en) Detection of anomalous utility usage
CN112804197B (en) Power network malicious attack detection method and system based on data recovery
Mukherjee et al. Deep learning based real-time detection of false data injection attacks in power grids
Zhang et al. Detection and localization of data forgery attacks in automatic generation control
Mokhtari et al. Measurement data intrusion detection in industrial control systems based on unsupervised learning
CN113886765B (en) Method and device for detecting error data injection attack
García‐Sánchez et al. Approach to fitting parameters and clustering for characterising measured voltage dips based on two‐dimensional polarisation ellipses
Andic et al. False Data Injection Attacks on CSA-Based State Estimation in Smart Grid
De et al. A simple cyber attack detection scheme for smart grid cyber security enhancement
CN111505445B (en) Credibility detection method and device for mutual-user relationship of transformer area and computer equipment
Kabiri et al. Robust optimisation‐based state estimation considering parameter errors for systems observed by phasor measurement units

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20231023

Address after: 213376 First Floor, No. 21 Chuangzhi Road, Kunlun Street, Liyang City, Changzhou City, Jiangsu Province

Patentee after: Dongda Testing Services (Changzhou) Co.,Ltd.

Patentee after: Liyang Research Institute of Southeast University

Address before: Room 428, building a, 218 Hongkou Road, Kunlun Street, Liyang City, Changzhou City, Jiangsu Province

Patentee before: Liyang Research Institute of Southeast University