CN115225305B - Attack detection and recovery method for micro-grid distributed economic dispatch under network attack - Google Patents
Attack detection and recovery method for micro-grid distributed economic dispatch under network attack Download PDFInfo
- Publication number
- CN115225305B CN115225305B CN202210382613.0A CN202210382613A CN115225305B CN 115225305 B CN115225305 B CN 115225305B CN 202210382613 A CN202210382613 A CN 202210382613A CN 115225305 B CN115225305 B CN 115225305B
- Authority
- CN
- China
- Prior art keywords
- node
- attack
- information
- power generation
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000001514 detection method Methods 0.000 title claims abstract description 18
- 238000011084 recovery Methods 0.000 title claims abstract description 16
- 238000004891 communication Methods 0.000 claims abstract description 47
- 238000010248 power generation Methods 0.000 claims abstract description 39
- 238000013507 mapping Methods 0.000 claims abstract description 16
- 230000005540 biological transmission Effects 0.000 claims abstract description 7
- 238000013139 quantization Methods 0.000 claims abstract description 6
- 230000002159 abnormal effect Effects 0.000 claims description 19
- 230000005856 abnormality Effects 0.000 claims description 6
- 239000011159 matrix material Substances 0.000 claims description 6
- 238000004146 energy storage Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000002955 isolation Methods 0.000 claims description 3
- 238000005457 optimization Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 239000000446 fuel Substances 0.000 description 2
- 230000000116 mitigating effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000002411 adverse Effects 0.000 description 1
- 238000013496 data integrity verification Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003912 environmental pollution Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 238000013486 operation strategy Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an attack detection and recovery method for distributed economic dispatch of a micro-grid under network attack, which can detect the attack while protecting node privacy and reduce the influence caused by the attack through a formulated recovery method, and comprises the following main steps: (1) Establishing an economic dispatch model, wherein each power generation node generates random time-varying communication weight; (2) Carrying out quantization and mapping pretreatment on data to be transmitted before adopting a consistency algorithm; (3) Encrypting and transmitting the preprocessed data, and carrying out homomorphic operation in the transmission process to obtain ciphertext of the update information; (4) A hash function is put into the ciphertext to obtain a digest, and a digital signature is obtained by encrypting the ciphertext with a private key; (5) Verifying the digest and the signature to detect whether link attack and node attack occur; (6) updating the communication topology structure according to the detection result; (7) Performing iterative computation according to a new topological structure according to a formulated recovery strategy; (7) And sending the convergence result to a power grid executor for tracking.
Description
Technical Field
The invention relates to an attack detection and recovery method for distributed economic dispatch of a micro-grid under network attack.
Background
With the continuous development of technology and industrial technology, the global energy crisis is becoming more and more severe, and the shortage of traditional fuels and the environmental pollution caused by the shortage of traditional fuels are also becoming more and more serious. Meanwhile, the renewable energy technology mainly based on solar energy is continuously improved and gradually matured, and a new way is provided for solving the energy crisis. In order to solve the adverse effect of distributed energy access on a large power grid, and simultaneously fully utilize energy by combining the characteristics and advantages of renewable energy, micro power grids are widely researched gradually.
The micro-grid consists of distributed power generation, load and energy storage devices. The micro-grid can work in two modes of grid connection and island, when the micro-grid works in the grid connection mode, the micro-grid is connected with a large power grid through a public connection point, and the frequency and the voltage of the micro-grid are maintained to be stable by the large power grid; when the micro-grid is operated in the island mode, the voltage frequency needs to be kept stable by the micro-grid. The traditional power grid generally adopts centralized economic dispatch, a central controller collects global information and formulates an operation strategy, and the distributed economic dispatch method is gradually paid attention to because of the problems of single-point faults and the like. However, when the distributed method is adopted, information exchange needs to be carried out between adjacent devices, and the risk of meeting network attacks is difficult to avoid in the information exchange process, so that the economic dispatch result is affected.
In summary, the current distributed economic dispatch model mainly considers how to reduce the dependence on the leader node, but does not consider the influence of the network attack on the distributed economic dispatch, and has obvious defects in the aspects of network attack detection and defense after attack. Therefore, it is necessary to consider the network attack in the distributed economic dispatch, specify the network attack detection and defense method, and thus discover the network attack in time and reduce the impact caused by the network attack.
Disclosure of Invention
Aiming at the problem that the influence of network attacks is not considered in the existing distributed economic dispatching method, the invention aims to provide a method for defending privacy attacks and detecting false data injection attacks, and establishes a defending strategy after the attacks are found, thereby reducing the influence of the network attacks on economic dispatching results.
According to the invention, the following technical scheme is adopted:
An attack detection and recovery method for distributed economic dispatch of a micro-grid under network attack comprises the following steps:
step one, an economic dispatch model is established, and a random time-varying communication weight matrix is generated;
step two, solving the model by adopting a leader-free consistency algorithm;
thirdly, before each iteration, quantifying and mapping the state information of the node;
fourthly, encrypting the state information after node quantization mapping by adopting Daillier encryption algorithm;
Step five, verifying the integrity of the data through a hash algorithm, and detecting whether the data is tampered due to the attack of a communication link;
step six, if the abnormality is found in the step five, updating the communication topology according to the established updating rule, otherwise executing the step seven;
step seven, verifying the node identity through a digital signature, and detecting whether node attack occurs or not;
Step eight, if the abnormality is found in the detection in the step seven, updating the communication topology according to the formulated updating rule, otherwise, executing the step ten;
Step nine, when node isolation occurs, the load quantity of the abnormal node is distributed according to the residual capacity of the normal node;
And step ten, judging whether the convergence error is smaller than or equal to a given value, if so, issuing a calculation result to a power grid executor, and if not, returning to the step three.
Preferably, in the first step, each power generation, energy storage and load device in the micro-grid is abstracted into an information node in the information network, and the description is performed by adopting a graph theory mode: order theRepresents an undirected graph in which/>Representing a set of nodes in an information network,/>An edge set for connecting nodes is represented, wherein (i, j) epsilon represents that the node j and the node i in the undirected graph can communicate with each other, and a neighbor set of the node i is represented as N i={j∈v,|(i,j)∈ε},di=|Ni </u > which represents the degree of the node; in economic dispatch, consider the energy dispatch unit with the quadratic cost function of/>Where P i represents the power generated by the ith power generation node, a i、bi and c i represent the generator parameters of node i, respectively, and the model of the economic dispatch problem is expressed as:
Where i represents a power generation node, C i(Pi) represents a total cost, P i represents a power generation power of the node i, And/>Respectively representing the minimum power and the maximum power of the node i, and L i represents the load quantity of the node i; in the economic dispatch model, the Lagrangian multiplier method is adopted to introduce equation constraint into solution:
wherein n represents the number of nodes, and lambda is the incremental cost of each power generation node i;
and (3) deriving two sides of the equation under the condition of first-order linear optimization:
Where a i and b i are generator parameters, and the lagrangian multiplier λ is also the incremental cost per generation node i, expressed as:
Taking into account the power generation constraints, a leader-free consistency algorithm is employed:
Where k=1, 2,..n represents the number of iterations, λ i (k+1) represents the incremental cost of the ith power generation node in the k+1th iteration, w ij (k) represents the communication weight between node i and node j, e represents the iteration step size, and ζ j (k) represents the amount of mismatch between the jth power generation node power generation and load at the kth iteration: ζ j(k)=Pj(k)-Lj (k), finally The total cost of the system is lowest when lambda 1=λ2=λ3=...λn is based on the equi-consumption rate criterion.
Preferably, in the step two, when the communication weight matrix is fixed and globally known, the information obtained by the node i during the iteration from k=0 to k=k c is expressed as:
s1(k)=wij(k)λj(k) (10)
s2(k)=wij(k)ξj(k) (11)
Since s 1(k)、s2(k)、wij (k) is known to the node i, the known information collected by the node i is more than the unknown quantity during each iteration, and the node i calculates the state information of the neighbor node according to the known quantity, so that privacy leakage is caused; for this problem, a random time-varying communication weight is adopted, i.e. w ij (k) is generated by node j through a certain randomness and is not known by node i; the precondition for the consistency algorithm to finally reach consistency is that Only the consistency algorithm (7) needs to be reconstructed to ensure/>The method comprises the following steps:
based on the consistency algorithm, the rule for generating the random time-varying communication weight along with the node j is designed as follows:
Wherein, E 1 and E 2 are randomly generated constants, E 1 and E 2 satisfy D i and d j represent node i and section, respectively
The degree of point j, N i, represents the neighbor set of node i.
Preferably, in the third step, since the encrypted data must be a positive rational number, the data needs to be processed before encryption, and all information is quantized to a rational number set at intervals of 2 -m firstIn [ (2 n-m-1,2n-m-1- 2-m ], the quantized data is then mapped into a positive integer set I (n, m), the mapping formula is:
In,m(a)=2ma mod 2n (16)
where n and m are both positive integers, and a represents a band mapping value.
Preferably, in the fourth step, the transmission information is encrypted by using a Paillier encryption algorithm, each node generates a pair of public and private keys respectively at first, when the node i is updated, the node i and the neighbor node of the node i encrypt their own information by using the public key of the i, and perform homomorphic operation, so as to finally obtain the information used for updating the i, and the information is transmitted back to the node i, and the node i decrypts and updates the received information by using the private key.
Preferably, in the fifth step, after encrypting the data to ensure the integrity of the transmitted data, before transmitting, the data is put into a hash function to obtain a digest H (m) with a fixed length, after receiving the ciphertext information m, the receiver firstly puts the ciphertext into the same hash function H (·) and compares whether the obtained results are the same, and if so, the message is proved not to be tampered.
Preferably, in the sixth step, if the data is abnormal data, the communication link where the abnormal data is located is disconnected; after the communication topology is updated, the normal node is updated again and iterated according to the new topology to reach new balance, so that the influence caused by the attack is relieved.
Preferably, in the seventh step, before the sender transmits the message, the sender private key is used to sign the transmitted message, and the receiver receives the message and then signs the message with the sender public key, so as to verify whether the identity of the sender is true.
Preferably, in the step eight, if the identity of the node is found to be abnormal in the step seventh, the abnormal node is isolated, all communication links thereof are disconnected, and the communication topology structure is updated.
Preferably, in the step nine, after updating the communication topology, the load of the isolated node is redistributed according to the remaining power generation capacity of the normal node, and the normal node reaches a new balance according to the new topology updating iteration, so as to alleviate the influence caused by the attack.
Compared with the prior art, the invention has the following outstanding substantive features and remarkable advantages:
The method encrypts the data to be transmitted through the Paillier encryption algorithm, performs corresponding operation by applying the homomorphism adding property of the Paillier encryption algorithm, performs data integrity verification and identity verification through the hash algorithm and the digital signature, and finally updates the network topology structure according to the corresponding recovery strategy according to the verification result, thereby reducing the influence of network attack on the economic dispatching result.
Drawings
Fig. 1 is an algorithm flow chart of an attack detection and recovery method for a distributed economic dispatch of a micro grid under a network attack.
Fig. 2 is a connection diagram of an IEEE 39-bus system in an embodiment of the invention.
Fig. 3 is a diagram of a consistency algorithm iteration process employing encryption.
Fig. 4 shows node update information transmitted after homomorphic operation of ciphertext.
Fig. 5 is a mitigation method when an abnormal communication link is detected by a hash algorithm.
Fig. 6 is a method of mitigating when an abnormal node is detected by digital signature.
Fig. 7 is a graph of the iterative result after recovery according to the proposed recovery strategy after an attack is detected.
Detailed Description
The following provides a preferred embodiment of the present invention with reference to the accompanying drawings, so as to describe the technical scheme of the present invention in detail.
As shown in fig. 1, an attack detection and recovery method for distributed economic dispatch of a micro grid under network attack includes the following steps:
Step one, an economic dispatch model is established, and a random time-varying communication weight matrix is generated.
Abstracting each power generation, energy storage and load device in the micro-grid into information nodes in an information network, and describing in a graph theory mode: order theRepresents an undirected graph in which/>Representing a set of nodes in an information network,/>An edge set representing a connected node, where (i, j) ε epsilon represents that node j and node i can communicate with each other, and a neighbor set of node i is represented as D i=|Ni | represents the degree of the node; in economic dispatch, consider the energy dispatch unit with the quadratic cost function of/>Where P i represents the power generated by the ith power generation node, a i、bi and c i represent the generator parameters of node i, and the model of the economic dispatch problem is expressed as:
Where i represents a power generation node, C i(Pi) represents a total cost, P i represents a power generation power of the node i, And/>Respectively representing the minimum power and the maximum power of the node i, and L i represents the load quantity of the node i; in the economic dispatch model, the Lagrangian multiplier method is adopted to introduce equation constraint into solution:
wherein n represents the number of nodes, and lambda is the incremental cost of each power generation node i;
and (3) deriving two sides of the equation under the condition of first-order linear optimization:
Where a i and b i are generator parameters, and the lagrangian multiplier λ is also the incremental cost per generation node i, expressed as:
Taking into account the power generation constraints, a leader-free consistency algorithm is employed:
Where k=1, 2,..n represents the number of iterations, λ i (k+1) represents the incremental cost of the ith power generation node in the k+1th iteration, w ij (k) represents the communication weight between node i and node j, e represents the iteration step size, and ζ j (k) represents the amount of mismatch between the jth power generation node power generation and load at the kth iteration: ζ j(k)=Pj(k)-Lj (k), finally The total cost of the system is lowest when lambda 1=λ2=λ3=...λn is based on the equi-consumption rate criterion.
And secondly, solving the model by adopting a leader-free consistency algorithm.
When the communication weight matrix is fixed and globally known, the information obtained by node i during k=0 to k=k c iterations is expressed as:
s1(k)=wij(k)λj(k) (10)
s2(k)=wij(k)ξj(k) (11)
Since s 1(k)、s2(k)、wij (k) is known to the node i, the known information collected by the node i is more than the unknown quantity during each iteration, and the node i calculates the state information of the neighbor node according to the known quantity, so that privacy leakage is caused; for this problem, a random time-varying communication weight is adopted, i.e. w ij (k) is generated by node j through a certain randomness and is not known by node i; the precondition for the consistency algorithm to finally reach consistency is that Only the consistency algorithm (7) needs to be reconstructed to ensure/>The method comprises the following steps:
based on the consistency algorithm, the rule for generating the random time-varying communication weight along with the node j is designed as follows:
Wherein, E 1 and E 2 are randomly generated constants, E 1 and E 2 satisfy D i and d j represent degrees of node i and node j, respectively, and N i represents a neighbor set of node i.
And thirdly, quantizing and mapping the state information of the nodes before each iteration.
Since the encrypted data must be a positive rational number, it is necessary to process the data prior to encryption, and all information is quantized to a rational number set at intervals of 2-mIn [ (2 n-m-1,2n-m-1-2-m ], the quantized data is then mapped into a positive integer set I (n, m), the mapping formula is:
In,m(a)=2ma mod 2n (16)
where n and m are both positive integers, and a represents a band mapping value.
And step four, encrypting the state information after node quantization mapping by adopting a paillier encryption algorithm.
And encrypting the transmission information by using a Paillier encryption algorithm, generating a pair of public and private keys by each node at the beginning, encrypting the own information by using the public key of i when the node i is updated, carrying out homomorphic operation on the own information by using the public key of i and the neighbor nodes of i, finally obtaining the information used for updating i, transmitting the information back to the node i, and decrypting and updating the received information by using the private key by the node i.
And fifthly, verifying the data integrity through a hash algorithm, and detecting whether the data is tampered due to the communication link attack.
In order to ensure the integrity of the transmitted data, after encrypting the data, before transmitting, firstly putting the data into a hash function to obtain a digest H (m) with a fixed length, after receiving ciphertext information m, firstly putting the ciphertext into the same hash function H (-), comparing whether the obtained results are the same, and if so, proving that the message is not tampered.
Step six, if the abnormality is found in the step five, updating the communication topology according to the established updating rule, otherwise executing the step seven.
If the data is abnormal data in the fifth detection, disconnecting the communication link where the abnormal data is located; after the communication topology is updated, the normal node is updated again and iterated according to the new topology to reach new balance, so that the influence caused by the attack is relieved.
And step seven, verifying the node identity through the digital signature, and detecting whether node attack occurs.
Before a sender transmits a message, the sender private key is used for signing the transmitted message, and a receiver receives the message and then uses the sender public key for signing, so that whether the identity of the sender is real or not is verified.
And step eight, if the abnormality is found in the detection in the step seven, updating the communication topology according to the formulated updating rule, otherwise, executing the step ten.
If the identity of the node is found to be abnormal in the seventh step, isolating the abnormal node, disconnecting all communication links of the abnormal node, and updating the communication topological structure.
And step nine, when node isolation occurs, the load quantity of the abnormal node is distributed according to the residual capacity of the normal node.
After the communication topological structure is updated, the load of the isolated node is redistributed according to the residual power generation capacity of the normal node, and the normal node is updated again and iterated according to the new topological structure to reach new balance, so that the influence caused by the attack is relieved.
And step ten, judging whether the convergence error is smaller than or equal to a given value, if so, issuing a calculation result to a power grid executor, and if not, returning to the step three.
Examples
In the present embodiment, in the first step, the power network is abstracted into a connected graph composed of edges and pointsRepresenting a point set in the power grid topology, epsilon representing an edge set of the power grid topology, abstracting a generator, a load and energy storage in the micro-grid as points, abstracting a communication link as an edge, analyzing by an IEEE39 node system, and obtaining an example connection diagram as shown in figure 2 and system generator parameters as shown in table 1.
Table 1 system generator parameters
As can be seen from the above table, in the IEEE 39 node system, there are 10 generator nodes with a total load of 3100MW. The economic dispatch model may be expressed as:
wherein P i represents the output power of each generator, Representing generator node ,ε={(1,2),)1,9),)1,10),(2,1),(2,3),(2,5),(3,2),(3,4),(4,3) ,(4,5),(5,2),(5,4),(5,6),(5,7),(6,5),(6,7),(7,5),(7,6),(7,8 ,(8,7),(8,9),(9,1),(9,8),(9,10),(10,9),(10,1)} representing an adjacent edge,/>
Each node generates a communication weight according to the following formula:
Wherein ε 1 and ε 2 satisfy In the present embodiment, in the second step, a non-leader consistency algorithm is used to solve the model. The solving algorithm formula is as follows:
In this embodiment, in the third step, quantization and mapping processing are required for the data to be encrypted before encryption. First, w ij(k)、、λj(k)、ξi (k) is quantized to a rational number set at intervals of 2 -14 The quantized data is then mapped into a positive integer set I (34, 14) with the mapping formula of
I34,14(a)=214a mod 234
The data obtained after the processing are all positive integers.
In this embodiment, in the fourth step, the information to be transmitted is encrypted by using the public key generated by the Paillier encryption algorithm, and the encrypted ciphertext information is: e (λ i(k))、E(ξi (k)), from the homogeneity of the Paillier encryption algorithm:
E(λi(k)-λj(k))=E(λi(k))*E(λj(k))
Therefore, after each node receives the encrypted information sent by the adjacent node, the ciphertext can be operated according to the operation property, so that updated information is obtained. The iteration result after encryption is shown in fig. 3: title1 is an incremental cost iteration diagram, the abscissa represents iteration times, and the ordinate represents incremental cost values; title2 is a generator power generation power diagram, the abscissa represents the iteration number, and the ordinate represents the power generation power (kW); title3 is a node mismatch amount graph, the abscissa represents iteration times, and the ordinate represents mismatch amount; the title4 ordinate represents the total power generation amount, and the abscissa represents the iteration number. It can be seen that encryption does not affect algorithm iterations. The ciphertext information transmitted during each iteration is shown in fig. 4, the abscissa is the iteration number, the ordinate is the transmitted ciphertext value, and the fact that the ciphertext is irregular can be seen, so that an attacker cannot calculate the iteration rule through the ciphertext, and node privacy is fully guaranteed not to be leaked.
In the embodiment, in the fifth and seventh steps, the SHA2 hash algorithm is adopted to process the ciphertext to obtain a digest of the ciphertext, and then the digest is encrypted by the private key to obtain the digital signature.
In the present embodiment, in the sixth and eighth steps, when each node receives the neighbor information, the received information is first put into the hash function, and the comparison result is the same as the abstract, if not, the communication link is disconnected, see fig. 5; if the signature is the same, decrypting the signature by using the public key of the sender, and if the signature can be successfully decrypted, continuing the next step; otherwise, the sender node is isolated, see fig. 6, and node 10 is the detected attacked node in this embodiment.
In the present embodiment, in the step nine, the attacked node 10 is isolated, and the remaining capacity weight coefficient is defined:
wherein, And (3) representing the power generation residual capacity of the node i, and updating the load capacity of the node i after the communication topology is updated as follows: /(I)Where j represents the isolated node. The iteration diagram after topology updating is shown in fig. 7, and the ordinate of titlw-title 4 is the incremental cost value, the power generation power value, the mismatch amount and the total power generation power respectively, and the abscissa is the iteration number, so that after the attack node 10 is isolated, other nodes can quickly update the topology structure according to the algorithm to achieve convergence again, and the effectiveness of the algorithm is proved.
In a word, the attack detection and recovery method of the micro-grid distributed economic dispatch under the network attack can detect the attack while protecting the privacy of the nodes and reduce the influence caused by the attack through the formulated recovery method, an economic dispatch model is established, and each power generation node generates random time-varying communication weight; then, carrying out quantization and mapping pretreatment on the data to be transmitted before adopting a consistency algorithm; then carrying out encryption transmission on the preprocessed data, and carrying out homomorphic operation in the transmission process to obtain ciphertext of the updated information; then, a hash function is put into the ciphertext to obtain a digest, and a private key is used for encryption to obtain a digital signature; verifying the abstract and the signature to detect whether link attack and node attack occur; then updating the communication topology structure according to the detection result; performing iterative computation according to the new topological structure according to the formulated recovery strategy; and finally, issuing the convergence result to a power grid executor for tracking. The invention formulates a defending strategy after the attack is found, thereby reducing the influence of the network attack on the economic dispatching result.
The embodiments of the present invention have been described above with reference to the accompanying drawings, but the present invention is not limited to the embodiments described above, and various changes, modifications, substitutions, combinations or simplifications made under the spirit and principles of the technical solution of the present invention can be made according to the purpose of the present invention, and all the changes, modifications, substitutions, combinations or simplifications should be equivalent to the substitution, so long as the purpose of the present invention is met, and all the changes are within the scope of the present invention without departing from the technical principles and the inventive concept of the present invention.
Claims (1)
1. An attack detection and recovery method for distributed economic dispatch of a micro-grid under network attack is characterized by comprising the following steps:
step one, an economic dispatch model is established, and a random time-varying communication weight matrix is generated;
Abstracting each power generation, energy storage and load device in the micro-grid into information nodes in an information network, and describing in a graph theory mode: order the Represents an undirected graph in which/>Representing a set of nodes in an information network,/>An edge set representing a connected node, wherein (i, j) epsilon represents a node j and a node i in the undirected graph, which can communicate with each other, and a neighbor set of the node i is expressed as/>D i=|Ni | represents the degree of the node; the quadratic cost function of economic dispatch is/>Where P i represents the power generated by the ith power generation node, a i、bi and c i represent the generator parameters of node i, respectively, and the economic dispatch model is expressed as:
Where i represents a power generation node, C i(Pi) represents a total cost, P i represents a power generation power of the node i, And/>Respectively representing the minimum power and the maximum power of the node i, and L i represents the load quantity of the node i; in the economic dispatch model, the Lagrangian multiplier method is adopted to introduce equation constraint into solution:
wherein n represents the number of nodes, and lambda is the incremental cost of each power generation node i;
and (3) deriving two sides of the equation under the condition of first-order linear optimization:
Where a i and b i are generator parameters, and the lagrangian multiplier λ is also the incremental cost per generation node i, expressed as:
Taking into account the power generation constraints, a leader-free consistency algorithm is employed:
Where k=1, 2,..n represents the number of iterations, λ i (k+1) represents the incremental cost of the ith power generation node in the k+1th iteration, w ij (k) represents the communication weight between node i and node j, e represents the iteration step size, and ζ j (k) represents the amount of mismatch between the jth power generation node power generation and load at the kth iteration: ζ j(k)=Pj(k)-Lj (k), finally According to the equal consumption micro-increment rate criterion, when lambda 1=λ2=λ3=...λn is reached, the total cost of the system is the lowest;
step two, solving the model by adopting a leader-free consistency algorithm;
When the communication weight matrix is fixed and globally known, the information obtained by node i during k=0 to k=k c iterations is expressed as:
s1(k)=wij(k)λj(k) (10)
s2(k)=wij(k)ξj(k) (11)
The precondition for the consistency algorithm to finally reach consistency is that Only the non-leadership consistency algorithm formula (7) needs to be reconstructed to ensure/>The method comprises the following steps:
based on the consistency algorithm, the rule for generating the random time-varying communication weight along with the node j is designed as follows:
Wherein, E 1 and E 2 are randomly generated constants, E 1 and E 2 satisfy D i and d j represent the degrees of node i and node j, respectively, and N i represents the neighbor set of node i;
thirdly, before each iteration, quantifying and mapping the state information of the node;
First, all information is quantized to a rational number set with 2 -m as interval In [ (2 n-m-1,2n-m-1-2-m ], the quantized data is then mapped into a positive integer set I (n, m), the mapping formula is:
In,m(a)=2ma mod 2n (16)
Wherein n and m are positive integers, and a represents a band mapping value;
Step four, encrypting the state information after node quantization mapping by adopting a paillier encryption algorithm;
encrypting transmission information by using a Paillier encryption algorithm, generating a pair of public and private keys by each node at the beginning, encrypting own information by using a public key of i when the node i is updated, carrying out homomorphic operation on the own information by using the public key of i and the neighbor node of i, finally obtaining information used for updating i, transmitting the information back to the node i, decrypting the received information by using the private key by the node i, and updating the information;
Step five, verifying the integrity of the data through a hash algorithm, and detecting whether the data is tampered due to the attack of a communication link;
After encrypting the data, firstly putting the data into a hash function to obtain a digest H (m) with a fixed length before transmission, firstly putting the ciphertext into the same hash function H (&) after receiving the ciphertext information m by a receiver, comparing whether the obtained results are the same, and if so, proving that the message is not tampered;
step six, if the abnormality is found in the step five, updating the communication topology according to the established updating rule, otherwise executing the step seven;
if the data is abnormal data in the fifth detection, disconnecting the communication link where the abnormal data is located; after the communication topological structure is updated, the normal node is updated again and iterated according to the new topological structure to reach new balance, so that the influence caused by the attack is relieved;
step seven, verifying the node identity through a digital signature, and detecting whether node attack occurs or not;
Before a sender transmits a message, firstly signing the transmitted message by using a private key of the sender, and after receiving the message, a receiver signs the message by using a public key of the sender so as to verify whether the identity of the sender is true;
Step eight, if the abnormality is found in the detection in the step seven, updating the communication topology according to the formulated updating rule, otherwise, executing the step ten;
If the identity of the node is found to be abnormal in the seventh step, isolating the abnormal node and disconnecting all communication links of the abnormal node, and updating the communication topological structure;
Step nine, when node isolation occurs, the load quantity of the abnormal node is distributed according to the residual capacity of the normal node;
after the communication topological structure is updated, the load quantity of the isolated node is redistributed according to the residual power generation capacity of the normal node, and the normal node is updated again and iterated according to the new topological structure to reach new balance, so that the influence caused by attack is relieved;
And step ten, judging whether the convergence error is smaller than or equal to a given value, if so, issuing a calculation result to a power grid executor, and if not, returning to the step three.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210382613.0A CN115225305B (en) | 2022-04-12 | 2022-04-12 | Attack detection and recovery method for micro-grid distributed economic dispatch under network attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210382613.0A CN115225305B (en) | 2022-04-12 | 2022-04-12 | Attack detection and recovery method for micro-grid distributed economic dispatch under network attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115225305A CN115225305A (en) | 2022-10-21 |
| CN115225305B true CN115225305B (en) | 2024-04-19 |
Family
ID=83606127
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210382613.0A Active CN115225305B (en) | 2022-04-12 | 2022-04-12 | Attack detection and recovery method for micro-grid distributed economic dispatch under network attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115225305B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117117900A (en) * | 2023-08-29 | 2023-11-24 | 浙江大学海南研究院 | Micro-grid self-triggering control method and system for resisting FDI attack |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019134254A1 (en) * | 2018-01-02 | 2019-07-11 | 上海交通大学 | Real-time economic dispatch calculation method using distributed neural network |
| CN110545289A (en) * | 2019-09-26 | 2019-12-06 | 国网浙江省电力有限公司嘉兴供电公司 | error data injection attack defense method based on mixed homomorphic encryption |
| CN110830514A (en) * | 2019-12-12 | 2020-02-21 | 四川大学 | Detection method for collusion-based false data injection attack of smart power grid |
| CN112598211A (en) * | 2020-10-30 | 2021-04-02 | 天津大学 | Consistency-based distributed power grid economic dispatching injection attack mitigation method |
| CN112688315A (en) * | 2020-12-16 | 2021-04-20 | 国网辽宁省电力有限公司经济技术研究院 | Attack and defense system and method based on electric vehicle power distribution network information physical system |
| CN113704750A (en) * | 2021-08-27 | 2021-11-26 | 国网河北省电力有限公司电力科学研究院 | Network attack detection method and device of distributed power generation system and terminal equipment |
| CN114123173A (en) * | 2021-11-15 | 2022-03-01 | 南京邮电大学 | Micro-grid elastic energy management method based on event trigger mechanism under network attack |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106027262B (en) * | 2016-07-01 | 2017-02-22 | 陕西科技大学 | Multi-variable signing method resisting key recovery attack |
-
2022
- 2022-04-12 CN CN202210382613.0A patent/CN115225305B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019134254A1 (en) * | 2018-01-02 | 2019-07-11 | 上海交通大学 | Real-time economic dispatch calculation method using distributed neural network |
| CN110545289A (en) * | 2019-09-26 | 2019-12-06 | 国网浙江省电力有限公司嘉兴供电公司 | error data injection attack defense method based on mixed homomorphic encryption |
| CN110830514A (en) * | 2019-12-12 | 2020-02-21 | 四川大学 | Detection method for collusion-based false data injection attack of smart power grid |
| CN112598211A (en) * | 2020-10-30 | 2021-04-02 | 天津大学 | Consistency-based distributed power grid economic dispatching injection attack mitigation method |
| CN112688315A (en) * | 2020-12-16 | 2021-04-20 | 国网辽宁省电力有限公司经济技术研究院 | Attack and defense system and method based on electric vehicle power distribution network information physical system |
| CN113704750A (en) * | 2021-08-27 | 2021-11-26 | 国网河北省电力有限公司电力科学研究院 | Network attack detection method and device of distributed power generation system and terminal equipment |
| CN114123173A (en) * | 2021-11-15 | 2022-03-01 | 南京邮电大学 | Micro-grid elastic energy management method based on event trigger mechanism under network attack |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115225305A (en) | 2022-10-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yang et al. | On false data injection attacks against Kalman filtering in power system dynamic state estimation | |
| Chen et al. | Privacy-preserving distributed economic dispatch of microgrids: A dynamic quantization-based consensus scheme with homomorphic encryption | |
| Lin et al. | On false data injection attacks against distributed energy routing in smart grid | |
| Merad-Boudia et al. | An efficient and secure multidimensional data aggregation for fog-computing-based smart grid | |
| CN110474892B (en) | False data injection attack defense method based on block chain technology | |
| CN110830251B (en) | Method for safely transmitting electricity consumption information in ubiquitous power Internet of things environment | |
| Badr et al. | Privacy-preserving federated-learning-based net-energy forecasting | |
| Cheng et al. | A homomorphic encryption-based private collaborative distributed energy management system | |
| CN115225305B (en) | Attack detection and recovery method for micro-grid distributed economic dispatch under network attack | |
| CN113382016A (en) | Fault-tolerant safe lightweight data aggregation method under intelligent power grid environment | |
| Gao et al. | A blockchain peer-to-peer energy trading system for microgrids | |
| Wu et al. | Robust and auditable distributed data storage with scalability in edge computing | |
| Jiang et al. | Lightweight data security protection method for AMI in power Internet of Things | |
| Yang et al. | A privacy-preserving algorithm for AC microgrid cyber-physical system against false data injection attacks | |
| Huang et al. | A lightweight and fault-tolerable data aggregation scheme for privacy-friendly smart grids environment | |
| Sami et al. | Secure aggregation for clustered federated learning | |
| Jolfaei et al. | A lightweight integrity protection scheme for fast communications in smart grid | |
| Hong et al. | Privacy preserving and collusion resistant energy sharing | |
| Zhang et al. | A lightweight privacy preserving scheme of charging and discharging for electric vehicles based on consortium blockchain in charging service company | |
| CN112187770A (en) | Multisource ocean data safety fusion and statistics method based on near-shore Internet of things | |
| Zhang et al. | A Blockchain‐Based Microgrid Data Disaster Backup Scheme in Edge Computing | |
| CN115514568A (en) | Block chain-based power information safety system and method | |
| Chang et al. | Practical Privacy-Preserving Scheme With Fault Tolerance for Smart Grids | |
| Liu et al. | SEDE: State estimation-based dynamic encryption scheme for smart grid communication | |
| Pan et al. | Secure control using homomorphic encryption and efficiency analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |