CN115225379B - Method and device for detecting false data injection attack of power grid based on measurement coding - Google Patents
Method and device for detecting false data injection attack of power grid based on measurement coding Download PDFInfo
- Publication number
- CN115225379B CN115225379B CN202210849680.9A CN202210849680A CN115225379B CN 115225379 B CN115225379 B CN 115225379B CN 202210849680 A CN202210849680 A CN 202210849680A CN 115225379 B CN115225379 B CN 115225379B
- Authority
- CN
- China
- Prior art keywords
- measurement
- coding
- matrix
- injection attack
- false data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000005259 measurement Methods 0.000 title claims abstract description 316
- 238000002347 injection Methods 0.000 title claims abstract description 110
- 239000007924 injection Substances 0.000 title claims abstract description 110
- 238000000034 method Methods 0.000 title claims abstract description 64
- 239000011159 matrix material Substances 0.000 claims abstract description 110
- 238000001514 detection method Methods 0.000 claims abstract description 71
- 238000005457 optimization Methods 0.000 claims abstract description 37
- 230000005540 biological transmission Effects 0.000 claims abstract description 15
- 238000013461 design Methods 0.000 claims abstract description 14
- 238000004891 communication Methods 0.000 claims description 27
- 239000013598 vector Substances 0.000 claims description 10
- 230000002441 reversible effect Effects 0.000 claims description 9
- 230000006870 function Effects 0.000 claims description 7
- 238000003491 array Methods 0.000 claims description 4
- 230000000295 complement effect Effects 0.000 claims description 3
- 230000007123 defense Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 10
- 230000000694 effects Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000012360 testing method Methods 0.000 description 6
- 239000000243 solution Substances 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000010267 cellular communication Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000003313 weakening effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Arrangements For Transmission Of Measured Signals (AREA)
Abstract
The invention relates to the field of network attack defense of an electric power information physical system, in particular to a method and a device for detecting network false data injection attack based on measurement coding. The method of the invention comprises the following steps: s1, constructing a power grid false data injection attack model based on measurement coding; s2, establishing a measurement coding cost model; s3, acquiring a minimum measurement set of a required code and a requirement on a coding matrix; s4, acquiring the requirements of system measurement equipment; s5, constructing a measurement code optimization problem; s6, decoupling the coded measurement set selection-clustering problem and the coding matrix design problem; and S7, arranging a decoder formed by the coding matrix in a control center, and detecting whether potential false data injection attack exists in the transmission process of the power grid system measurement data. The invention can obviously reduce the cost of attack detection based on measurement coding on the premise of ensuring the capability of detecting the false data injection attack.
Description
Technical Field
The invention relates to the field of network attack defense of an electric power information physical system, in particular to a method and a device for detecting network false data injection attack based on measurement coding.
Background
With the continuous promotion of the informatization construction of the power grid, an electric power information communication system consisting of intelligent measurement, communication, calculation, control and other equipment is deeply integrated with an electric power physical system, so that the electric power information communication system becomes a typical information physical system.
However, standardized communication protocols and general software and hardware devices are increasingly adopted in the electric power information system, so that the original secret protection of the electric network based on the private protocols and special equipment is broken. In addition, in order to meet the requirements of power grid operation monitoring and scheduling, frequent measurement data interaction is needed between the transformer substation and a scheduling center as well as between the transformer substation and a regional power grid, and the transformer substation is very easy to tamper by potential network attackers, so that the power grid operation cost is increased, equipment is failed, and even 'blackout' is caused. The power system is faced with serious cyber attack threats with increasing vigour.
In the power system network attack, the false data injection attack (False Data Injection Attacks, FDIAs) can misguide the result of the network state estimation on the premise of not triggering bad data detection alarm in the state estimation by cooperatively tampering with the measured data such as branch power flow, node injection power and the like, so that the control center misjudges the current state of the power network and the safe and stable operation of the power system is affected. Because the power system measurement data is tampered cooperatively, the false data injection attack has stronger concealment. Therefore, the detection method for researching the false data injection attack of the power grid has great significance for timely finding potential network attack threats and weakening attack influence.
For the detection of false data injection attacks, some students have carried out related researches and various attack detection methods are proposed.
According to the attack detection method based on the measurement coding, the sensor side codes the measurement data and decodes the measurement data in the control center, and false data injection attack in the data transmission process can be effectively detected by utilizing the secret coding matrix information. However, the existing measurement coding method does not fully mine the requirements of attack detection on a coding matrix and coded measurement, so that the attack detection method based on measurement coding is high in cost.
Therefore, to overcome the shortcomings of the attack detection method based on the measurement data coding, optimizing the measurement coding mechanism and minimizing the measurement coding cost on the premise of ensuring the capability of detecting the false data injection attack is an urgent problem to be solved by the person skilled in the art.
Disclosure of Invention
The invention aims to provide a method and a device for detecting power grid false data injection attack based on measurement coding, which solve the problem that the cost of measurement coding of the attack detection method based on the measurement data coding in the prior art is too high.
In order to achieve the above purpose, the invention provides a method for detecting the injection attack of false data of a power grid based on measurement coding, which comprises the following steps:
s1, constructing a power grid false data injection attack model based on measurement coding;
s2, constructing a measurement coding frame based on clustering, and constructing a measurement coding cost model;
s3, acquiring a minimum measurement set of a required code and a requirement on a coding matrix based on detection conditions of false data injection attack;
s4, acquiring system measurement equipment requirements required by power grid false data injection attack detection based on the coded situation of the minimum measurement set;
s5, constructing a measurement coding optimization problem, wherein an objective function is to reduce the measurement coding cost on the premise of ensuring the detection capability of the false data injection attack;
s6, simplifying the measurement coding optimization problem constructed in the step S5, and decoupling the coded measurement set selection-clustering problem and the coding matrix design problem;
and S7, arranging a decoder formed by the coding matrix in the control center, decoding the received measurement data, performing state estimation and attack detection, and detecting whether potential false data injection attack exists in the transmission process of the measurement data of the power grid system.
In an embodiment, in the step S1, the attack model is injected based on the measured and encoded network dummy data, and the corresponding expression is:
z a =C·z+a,
wherein z is the real measurement data in the power grid state estimation, z a In order to measure the measurement data tampered by an attacker in the coding, C is a reversible coding matrix, and a is an attack vector injected by the attacker.
In one embodiment, the coding cost model is measured in the step S2, and the corresponding expression is:
wherein K epsilon {1, …, K } is the index set of the measurement code cluster, alpha k For the cost of arranging encoders in the kth cluster, G k Beta, the set of measurement devices in the kth cluster jk Formation for secure communication between jth measurement and encoder kThe cost is high.
In one embodiment, the encoding matrix in the measurement encoding in the step S3 satisfies the following expression:
rank([HC·H])=2·n,
wherein rank (·) represents matrix rank operation;
h is Jacobian matrix of the nonlinear measurement equation,n is the number of system states;
coding matrixIs reversible
In one embodiment, the measurements in set S in step S3 are encoded, setThe Jacobian matrix H and the coding matrix C of the nonlinear measurement equation are not coded, and can be expressed as:
and />
wherein ,HS Andfor the and set S and +.in Jacobian matrix H>Corresponding to the measurement of the matrix, C S and />For measuring the sum set S and +.>A sub-coding matrix corresponding to the measurement in (a);
the minimum set of measurements S required to be encoded satisfies the following expression:
rank(H S ) N and rank (C S -I)≥n,
Wherein I is a matrix C S And n is the number of system states of the unit arrays with the same dimension.
In an embodiment, when the minimum measurement set S is encoded in the step S4, the rank of the combining matrix satisfies the following expression:
rank(H S ) N and =n
wherein ,complement of set S, H s For the submatrices in Jacobian matrix H corresponding to the measurements in set S,for the set of measurements in matrix H and uncoded +.>The corresponding submatrix, H is Jacobian matrix of the nonlinear measurement equation,n is the number of system states; coding matrix->Is reversible.
In an embodiment, the measurement code optimization problem in step S5 corresponds to the following expression:
rank(C S )=n,
rank(C s -I)=n,
where M is a measurement set of the power system,for coding matrix C S In the row vector corresponding to measurement j, the supply (-) represents a non-zero element in the vector.
In an embodiment, the step S6 further includes:
will encode matrix C S Setting the diagonal elements as non-zero and non-unitary diagonal arrays, and carrying out equivalent simplification on the optimization problem constructed in the step S5;
the decision variables of the simplified optimization problem only comprise the coded measurement set and clustering conditions.
In an embodiment, the step S7 further includes:
step S71, measuring data z received by the control center a Decoding is performed by using a decoder, and the corresponding expression is:
wherein ,CS For a subcode matrix of the measurement matrix corresponding to the measurements in set S, I is the AND matrix C S A unit array of the same dimension;
step S72, for the decoded data z d And carrying out state estimation solving, wherein the corresponding expression is as follows:
step S73, detecting a potential false data injection attack by using an optimal value in the state estimation, and considering that the false data injection attack is not tampered in the process of measuring data transmission when the optimal value of the state estimation meets the following expression:
wherein τ is an attack detection threshold set according to the degree of freedom and detection confidence in chi-square distribution.
In order to achieve the above object, the present invention provides a device for detecting a network false data injection attack based on measurement coding, comprising:
a memory for storing instructions executable by the processor;
a processor for executing the instructions to implement the method as claimed in any one of the preceding claims.
To achieve the above object, the present invention provides a computer readable medium having stored thereon computer instructions, wherein the computer instructions, when executed by a processor, perform a method as set forth in any of the above.
According to the method and the device for detecting the power grid false data injection attack based on the measurement code, the attack detection based on the measurement code is described as the measurement code optimization problem, the code matrix design problem and the code set selection-clustering problem are decoupled through the equivalent simplification, the measurement code optimization problem is solved to obtain an optimal measurement code strategy, and the cost of the attack detection based on the measurement code can be obviously reduced on the premise of ensuring the capability of detecting the false data injection attack.
Drawings
The above and other features, properties and advantages of the present invention will become more apparent from the following description of embodiments taken in conjunction with the accompanying drawings in which like reference characters designate like features throughout the drawings, and in which:
FIG. 1 discloses a flow chart of a method for detecting network false data injection attacks based on measurement coding according to an embodiment of the invention;
FIG. 2 discloses a schematic diagram of an implementation of a method for detecting grid spurious data injection attacks based on measurement encoding according to an embodiment of the present invention;
FIG. 3 discloses a schematic diagram of the coded measurement and clustering results of measurement coding optimization in an IEEE 14-node system in accordance with one embodiment of the present invention;
FIG. 4 is a schematic diagram showing the detection effect of the optimal measurement coding strategy on the false data injection attack under the complete information scene according to one embodiment of the present invention;
FIG. 5 is a schematic diagram showing the detection effect of the optimal measurement coding strategy on the false data injection attack in the incomplete information scene according to an embodiment of the present invention;
fig. 6 discloses a schematic block diagram of a device for detecting a network false data injection attack based on measurement coding according to an embodiment of the invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The method and the device for detecting the power grid false data injection attack based on the measurement coding provided by the invention are based on a clustered measurement coding framework and optimized coding, and the requirements on coded measurement, coding matrixes and system measurement equipment in the measurement coding are quantized by analyzing the detection conditions of the false data injection attack in the measurement coding mechanism.
Fig. 1 discloses a flowchart of a method for detecting a false data injection attack of a power grid based on measurement coding according to an embodiment of the present invention, as shown in fig. 1, the method for detecting a false data injection attack of a power grid based on measurement coding provided by the present invention includes the following steps:
s1, constructing a power grid false data injection attack model based on measurement coding;
s2, constructing a measurement coding frame based on clustering, and constructing a measurement coding cost model;
s3, acquiring a minimum measurement set of a required code and a requirement on a coding matrix based on detection conditions of false data injection attack;
s4, acquiring system measurement equipment requirements required by power grid false data injection attack detection based on the coded situation of the minimum measurement set;
s5, constructing a measurement coding optimization problem, wherein an objective function is to reduce the measurement coding cost on the premise of ensuring the detection capability of the false data injection attack;
s6, simplifying the measurement coding optimization problem constructed in the step S5, and decoupling the coded measurement set selection-clustering problem and the coding matrix design problem;
and S7, arranging a decoder formed by the coding matrix in the control center, decoding the received measurement data, performing state estimation and attack detection, and detecting whether potential false data injection attack exists in the transmission process of the measurement data of the power grid system.
For ease of understanding, fig. 2 discloses an implementation schematic diagram of a method for detecting a network false data injection attack based on measurement coding according to an embodiment of the present invention, as shown in fig. 2, in a power system, a field measurement layer 201, a SCADA network 202 and a control center 203 are important components of monitoring an operation state of a power network.
The field measurement layer 201 is used for realizing the measurement of states such as voltage, branch power and the like of a power transmission network node (such as a transformer substation);
the SCADA network 202 is used for data transmission between the transformer substation and the control center;
the control center 203 is mainly used for monitoring the running state of the power grid in the area and comprises the functions of state estimation, economic dispatch and the like.
From the positions where the modules are deployed in the measurement coding-based attack detection, the measurement coding process is located in the field measurement layer 201, the decoding and attack detection is located in the control center 203, and the data injection attack occurs in the transmission process of the data in the SCADA network 202.
From the relationships between the steps of the present invention and the functional components described above, step S1 occurs during transmission over SCADA network 202; the steps S2-S6 are mainly related to the field measurement layer 201 and respectively correspond to a coding cost model, a coding matrix requirement and a coded measurement requirement, and the simplified solution of the measurement coding optimization is carried out; step S7 is associated with the control center, corresponding to the measured data decoding and attack detection procedure.
The above steps of the present invention will be described in detail with reference to fig. 1 and 2. It is understood that within the scope of the present invention, the above-described technical features of the present invention and technical features specifically described below (e.g., in the examples) may be combined with each other and associated with each other, thereby constituting a preferred technical solution.
Step S1: and constructing a power grid false data injection attack model based on measurement coding.
Constructing a power grid false data injection attack model under the condition of measurement coding, wherein the corresponding expression is as follows:
z a =C·z+a,#(1)
and z is real measurement data in power grid state estimation, and consists of measurement of active power, reactive power, node active injection power, tapping-free injection power, voltage amplitude and the like of a power system.
C is a reversible coding matrix, and a is an attack vector injected by an attacker.
Because of the functions of load prediction and the like of the power system, the falsification of the system state by an attacker is not excessive, and at the moment, hidden false data is injected into the attack, namely an attack vector a injected by the attacker can be expressed as follows in a linear way:
a=H·Δx,#(2)
wherein H is a Jacobian matrix of a nonlinear measurement equation, and Deltax is the system state change amount expected to be caused by an attacker, and represents the attack effect expected to be caused by the attacker;
based on a similar analysis, the system true measurement value, i.e. the true measurement data z in the grid state estimation, can be expressed linearly as:
z=H·x+e,#(3)
wherein x is the system state, including node voltage amplitude and phase angle;
e is measurement noise, and the measurement noise e meets zero-mean Gaussian distribution.
And S2, constructing a measurement coding frame based on clustering, and constructing a measurement coding cost model.
Measurement encoding uploads multiple measurement data to the same encoder by clustering to reduce the cost of installing the encoder and secure communication between the encoder and the measurement.
In cluster-based measurement coding, multiple measurement data are uploaded to the same encoder to reduce the cost of additional encoder installation, and furthermore, clustering the coded measurements can reduce the cost of secure communication between the encoder and the measurements.
The measurement code uploads a plurality of measurement data to the same encoder by clustering, and the coding cost is reduced by reducing the number of encoders to be installed and the safety communication cost between the encoder and the measurement data.
As shown in fig. 2, in the cluster-based measurement coding framework, the cost of measurement coding can be expressed as:
wherein K epsilon {1, …, K } is the index set of the measurement code cluster, alpha k For the cost of arranging encoders in the kth cluster, G k Beta, the set of measurement devices in the kth cluster jk The cost of secure communication with encoder k is measured for the jth.
And step S3, based on detection conditions of false data injection attack, acquiring a minimum measurement set of required codes and requirements on a coding matrix.
From the point of view of detectability of false data injection attacks, a minimum set of measurements of the required coding and the requirements on the coding matrix are obtained.
The measurement devices encoded in the measurement code need to be carefully chosen to ensure the detection capability of spurious data injection attacks. Therefore, to ensure the detection capability of an attack, it is necessary to analyze from the detection conditions of the attack, and to quantify the minimum set of coded measurements that can ensure the detection of the attack.
A spurious data injection attack can be detected equivalent to the following inequality holds for any two states x, x' and the system state change amount Δx:
C·H·x+H·Δx≠C·H·x′.#(5)
by analyzing the column space of the matrix, the attack detectable condition described above is equivalent to the following combining matrix satisfying the column full rank in the measurement coding:
rank([HC·H])=2·n,#(6)
wherein rank (·) represents the matrix rank operation,n is the number of system states, coding matrix->Is reversible;
the measurements in set S are encoded, setThe measurement in (a) is not encoded, and the Jacobian matrix H and the encoding matrix C of the nonlinear measurement equation can beExpressed as:
and />
wherein ,HS Andfor the and set S and +.in Jacobian matrix H>Corresponding to the measurement of the matrix, C S and />For measuring the sum set S and +.>Corresponding to the measurement of the sub-coding matrix.
According to the above conditions, to enable detection of false data injection attacks, the set of measurements S encoded needs to satisfy:
rank(H S ) N and rank (C S -I)≥n,#(7)
wherein ,HS Is a submatrix corresponding to the measurement in the set S in the Jacobian matrix H, C S For a subcode matrix of the measurement matrix corresponding to the measurements in set S, I is the AND matrix C S A unit array of the same dimensions.
FIG. 3 discloses a schematic diagram of the coded measurement and clustering results in an IEEE 14-node system, in which the coded measurement number is 27 and the system state number is 27 (including 14 voltage magnitudes and 13 voltage phase angles), the coded measurement number needs to be consistent with the system state number to satisfy the matrix H in (7), as shown in FIG. 3, according to one embodiment of the present invention S Rank-full condition.
And S4, acquiring system measurement equipment requirements required by the detection of the network false data injection attack based on the coded situation of the minimum measurement set.
And obtaining the system measurement equipment requirements required for detecting the network false data injection attack under the condition that only the minimum measurement set is encoded.
When a set of minimum measurement sets S satisfying equation (7) is encoded, the rank of the combining matrix satisfies:
wherein ,complement of set S, H S For the submatrices in Jacobian matrix H corresponding to the measurements in set S,for the set of measurements in matrix H and uncoded +.>The corresponding submatrix, H is Jacobian matrix of the nonlinear measurement equation,n is the number of system states; coding matrix->Is reversible;
for a full attack detection condition (6), according to equation (8), set S andthe measurement requirements of (a) are satisfied:
rank(H S ) N and =n
Thus, at least two non-coincident sets of measurements are required in the grid to be able to meet the observability of the system states, respectively.
And S5, constructing a measurement coding optimization problem, wherein the objective function is to reduce the measurement coding cost on the premise of ensuring the detection capability of the false data injection attack.
The measurement coding optimization problem is constructed, and the measurement coding cost is reduced on the premise of ensuring the detection capability of the false data injection attack.
For a grid satisfying equation (9), when a minimum set of measurements S satisfying equation (7) is encoded, the measurement encoding optimization problem, the optimization objective function can be expressed as:
rank(C S )=n,#(14)
rank(C s -I)=n,#(15)
where M is a measurement set of the power system,for coding matrix C S In the row vector corresponding to measurement j, the supply (-) represents a non-zero element in the vector.
In the IEEE 14-node scenario shown in FIG. 3, the optimization problem, G in equation (13), is described above k The clustering situation in fig. 3 is shown, where K is the number of clusters in the measurement code, and the number of clusters is 5. (11) In (2) represents the encoded measurement set, in the IEEE 14-node scenario shown in fig. 3, the encoded measurement states include { V 1 ,V 2 ,P 2 ,P 2,3 ,Q 2,3 ,…,V 8 ,P 8 Total 27 measurement states.
And S6, simplifying the measurement coding optimization problem constructed in the step S5, and decoupling the coded measurement set selection-clustering problem and the coding matrix design problem.
In measurement coding optimization, the positions of non-zero elements in the coding matrix represent the communication requirements between the measurement devices. This results in a coupling of the coding matrix design problem with the coding set selection-clustering problem, since the measurement devices can only communicate within the same cluster. The relevant coupling constraint may be described as conditional (16).
"coded measurement set selection problem" refers to deciding which measurement data needs to be coded, corresponding to decision variables S in the optimization problem (10);
the "clustering problem" refers to dividing the measurement devices in the coded measurement set S into different clusters (groups), and the measurement devices in the same cluster communicate with each other and share the same encoder code (the area indicated by the dashed line in fig. 3 is one cluster), so as to reduce the coding cost, and correspond to the decision variable G in the optimization problem (10) 1 ,…,G K ;
"coding matrix design problem" refers to the selection of coding matrix values corresponding to decision variables C in the optimization problem (10) S 。
In step S6, the measurement coding optimization problem is simplified, and the coded measurement set selection-clustering problem is decoupled from the coding matrix design problem.
Aiming at the problem that the Chinese (16) is used for coupling the coded measurement selection and clustering with the design of the coding matrix, in the embodiment, the coding matrix C is used S Diagonal matrix set to be non-zero and non-unitary for diagonal elementsThe original optimization problem is equivalently simplified into the following form, and the coded measurement selection-clustering problem is decoupled from the measurement coding matrix design.
s.t.(11),(12),(13).
The decision variables of the simplified optimization problem only comprise the coded measurement set and clustering conditions, and the optimal measurement coding strategy can be obtained by solving the combined optimization problem.
Taking the following coding matrix as an example, let the coding matrix C S The row vectors corresponding to the j-th measuring device are:
wherein, the columns corresponding to the non-zero elements are i, j and m respectively. Since the measurement data i, j, m isEncoded into the jth measurement data, the three measurement devices have communication requirements and must be located in the same cluster.
When encoding matrix C S When the code matrix is a diagonal matrix (and the diagonal elements are non-zero and non-unitary), the optimal solution of the original optimization problem is not affected, but the constraint between the measurement devices shown in (a 1) is not existed any more, so the code matrix design problem in the original optimization problem can be decoupled from the code set selection-clustering problem by setting the code matrix to be the diagonal matrix. Only the "code set selection-clustering problem" needs to be solved in the simplified optimization problem.
S7, arranging a decoder formed by a coding matrix in a control center, decoding received measurement data, performing state estimation and attack detection, and detecting whether potential false data injection attack exists in the transmission process of the measurement data of the power grid system
And arranging a decoder in the control center, decoding the received data, then carrying out state estimation and attack detection, and detecting potential false data injection attack tampering in the process of measuring data transmission.
Step S71, measuring data z received by the control center a Decoding is performed by using a decoder, and the corresponding expression is:
wherein ,CS For a subcode matrix of the measurement matrix corresponding to the measurements in set S, I is the AND matrix C S A unit array of the same dimension;
step S72, performing state estimation solution on the decoded data, and solving the optimal system state according to the following weighted least square method:
step S73, detecting potential false data injection attack by utilizing an optimal value in state estimation, and considering that the false data injection attack is not tampered in the measuring data transmission process when the optimal value of the state estimation meets the following formula according to a chi-square detection principle:
wherein τ is an attack detection threshold set according to the degree of freedom and detection confidence in chi-square distribution.
The invention provides a method for detecting the injection attack of false data of a power grid based on measurement coding, which comprises the steps of firstly designing a measurement coding frame based on clustering, and constructing a power grid false data injection attack model and a measurement coding cost model; secondly, based on the detection condition of attack, the minimum coded measurement set and the requirements on the coding matrix and the system measurement equipment are given; finally, a measurement coding optimization problem is constructed, and the equivalent reduction method of the design can decouple the coded measurement selection-clustering problem from the coding matrix design problem. A series of experiments show that the optimal measurement coding method provided by the invention can effectively reduce the measurement coding cost on the premise of ensuring the detection capability of the false data injection attack.
The test results for measuring the encoding cost are shown in table 1. From the reduced measurement code optimization problem, the coding cost, the number of coded measurements and the number of clusters in the IEEE 14-node and IEEE 57-node test systems can be obtained as shown in Table 1.
TABLE 1 measurement coding costs in IEEE 14-node and IEEE 57-node systems
In the test, IEEE 14-node and IEEE 57-node test systems were used, respectively, and it was assumed that all of the branch power, node injection power, and voltage amplitude were measured to meet the requirements of the system measurement device in (9).
Referring to the costs of ZigBee, cellular communication, encoders and other devices, the cost of the safety communication devices among the sensing devices in the same substation is assumed to be 2$/one, the cost of the safety communication devices among the sensing devices in different substations is assumed to be 20$/one, and the cost of the encoder is assumed to be 3$/one.
The optimal measurement coding method in table 1 refers to the network false data injection attack detection method based on measurement coding.
The full measurement coding method means that coded measurement is not clustered in the coding process, and all measurement data are coded by the same coder. In contrast to the method according to the invention, the full-measurement coding method requires coding all measurement data, and furthermore, all measurement devices need to communicate with a unique encoder, which results in an excessively high coding cost.
The measurement individual coding method means that each measuring device is provided with an encoder for coding in the coding process. Although the measurement-alone encoding method reduces the communication requirements between measurement devices compared to the method of the present invention, a large number of encoders need to be installed and all measurement data needs to be encoded, which results in excessive encoding costs.
As can be seen from the test results in Table 1, the optimal measurement coding method provided by the invention can effectively reduce the cost of measurement coding.
In order to verify the detection capability of the optimal measurement coding method provided by the invention on the false data injection attack, the false data injection attack in the complete information and incomplete information scenes and the linearized measurement equation and the nonlinear measurement equation in the power grid state estimation are respectively verified.
In particular, it is assumed that an attacker knows the linearized measurement matrix information in a complete information scenario, whereas it is assumed that the deviation Δh of the attacker known measurement matrix from the real measurement matrix in an incomplete information scenario satisfies the following three scenarios, respectively.
Scene 1: the elements in the measurement matrix bias are proportional to the values of the corresponding elements in the actual measurement matrix, namely:
|Δh ij |=λ·|h ij |.
the false data injection attack of the incomplete information described above is used to represent the form of the attack that can be detected by the bad data.
Scene 2: the non-zero elements in the measurement matrix deviation are the same as the unknowns of the non-zero elements in the actual measurement matrix, and the values satisfy:
|Δh ij |≤λ·|h ij |.
the above-described incomplete information false data injection attack is used to represent a scenario where an attacker knows the topology of the grid but the specific parameter values are unknown.
Scene 3: the elements in the measurement matrix deviation and the elements in the actual measurement matrix only satisfy in value:
|Δh ij |≤λ·|h ij |.
the above-described incomplete information false data injection attack is used to represent a scenario where an attacker is not known to both the grid topology and the parameter values.
Fig. 4 illustrates a schematic diagram of the detection effect of the optimal measurement coding strategy on the false data injection attack in the complete information scenario according to an embodiment of the present invention, and fig. 5 illustrates a schematic diagram of the detection effect of the optimal measurement coding strategy on the false data injection attack in the incomplete information scenario according to an embodiment of the present invention, as shown in fig. 4 and fig. 5, the detection effect on the false data injection attack in the complete information and the incomplete information scenario in the IEEE 14-node and IEEE 57-node test systems.
As shown in fig. 4, for the linearized measurement equation and the nonlinear measurement equation in the ac state estimation, the optimal measurement coding method provided by the present invention can effectively detect a potential false data injection attack.
As shown in fig. 5, the optimal measurement coding method provided by the invention can still ensure the detection capability of the false data injection attack in the incomplete information scene of the attacker.
As can be seen from the results of fig. 4 and fig. 5, the optimal measurement coding method provided by the invention can be applied to the linearization measurement equation and the nonlinear measurement equation of the power grid state estimation, and can ensure good checking capability for the false data injection attack of the complete information and the incomplete information of the attacker.
In summary, the method for detecting the power grid false data injection attack based on the measurement code can obviously reduce the cost of measurement protection on the premise of ensuring the capability of detecting the false data injection attack. The method can be applied to various scenes such as linearization measurement equation, nonlinear measurement equation, complete information false data injection attack, incomplete information false data injection attack and the like, and has strong applicability.
While, for purposes of simplicity of explanation, the methodologies are shown and described as a series of acts, it is to be understood and appreciated that the methodologies are not limited by the order of acts, as some acts may, in accordance with one or more embodiments, occur in different orders and/or concurrently with other acts from that shown and described herein or not shown and described herein, as would be understood and appreciated by those skilled in the art.
Fig. 6 shows a schematic block diagram of a device for detecting a network false data injection attack based on measurement coding according to an embodiment of the invention. The grid spurious data injection attack detection device based on measurement encoding may include an internal communication bus 601, a processor 602, a Read Only Memory (ROM) 603, a Random Access Memory (RAM) 604, a communication port 605, and a hard disk 607. The internal communication bus 601 may enable data communication between components of the grid spurious data injection attack detection device based on measurement coding. The processor 602 may make the determination and issue the prompt. In some embodiments, the processor 602 may be comprised of one or more processors.
The communication port 605 can realize data transmission and communication between the network false data injection attack detection device based on measurement coding and an external input/output device. In some embodiments, the grid spurious data injection attack detection device based on measurement coding may send and receive information and data from the network through the communication port 605. In some embodiments, the grid spurious data injection attack detection device based on measurement encoding may be in data transmission and communication with external input/output devices in a wired form through input/output 606.
The grid-spurious data injection attack detection means based on measurement coding may also comprise program storage units of different forms as well as data storage units, such as a hard disk 607, a read-only memory (ROM) 603 and a Random Access Memory (RAM) 604, capable of storing various data files for computer processing and/or communication use, and possible program instructions for execution by the processor 602. The processor 602 executes these instructions to carry out the main part of the method. The results processed by the processor 602 are transmitted to an external output device via the communication port 605 and displayed on the user interface of the output device.
For example, the implementation process file of the grid false data injection attack detection device based on measurement coding can be a computer program, stored in the hard disk 607 and recorded into the processor 602 for execution to implement the method of the present invention.
The implementation process file of the grid false data injection attack detection method based on measurement coding is a computer program and can also be stored in a computer readable storage medium as a product. For example, computer-readable storage media may include, but are not limited to, magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips), optical disks (e.g., compact Disk (CD), digital Versatile Disk (DVD)), smart cards, and flash memory devices (e.g., electrically erasable programmable read-only memory (EPROM), cards, sticks, key drives). Moreover, various storage media described herein can represent one or more devices and/or other machine-readable media for storing information. The term "machine-readable medium" can include, without being limited to, wireless channels and various other media (and/or storage media) capable of storing, containing, and/or carrying code and/or instructions and/or data.
Aiming at the technical problem that the cost of the attack detection method based on the measurement code is too high due to the fact that the requirements of the attack detection on the code matrix and the coded measurement are not fully mined in the measurement code method in the prior art, the invention provides the power grid false data injection attack detection method and device based on the measurement code, and the measurement code cost is obviously reduced on the premise of ensuring the capability of detecting the false data injection attack.
The method and the device for detecting the injection attack of the false data of the power grid based on the measurement code have the following advantages:
1) The method provides a cluster-based measurement coding framework and builds a cost model of measurement coding, and provides a universal measurement coding framework for building a low-cost attack detection method;
2) The requirements of detection conditions of false data injection attack on coded measurement, a coding matrix and system measurement equipment are given, and the detection effect of the measurement coding method on the false data injection attack can be ensured by taking the requirements as the constraint of the measurement coding optimization problem;
3) By optimizing the measurement coding strategy, the coded measurement set is reduced, and the clustering selection of the coded measurement is optimized according to the safety communication cost, so that the coding cost in false data injection attack detection can be remarkably reduced.
While, for purposes of simplicity of explanation, the methodologies are shown and described as a series of acts, it is to be understood and appreciated that the methodologies are not limited by the order of acts, as some acts may, in accordance with one or more embodiments, occur in different orders and/or concurrently with other acts from that shown and described herein or not shown and described herein, as would be understood and appreciated by those skilled in the art.
As used in the specification and in the claims, the terms "a," "an," "the," and/or "the" are not specific to a singular, but may include a plurality, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that the steps and elements are explicitly identified, and they do not constitute an exclusive list, as other steps or elements may be included in a method or apparatus.
The embodiments described above are intended to provide those skilled in the art with a full range of modifications and variations to the embodiments described above without departing from the inventive concept thereof, and therefore the scope of the invention is not limited by the embodiments described above, but is to be accorded the broadest scope consistent with the innovative features recited in the claims.
Claims (10)
1. The utility model provides a method for detecting the injection attack of false data of a power grid based on measurement coding, which is characterized by comprising the following steps:
s1, constructing a power grid false data injection attack model based on measurement coding;
s2, constructing a measurement coding frame based on clustering, and constructing a measurement coding cost model;
s3, acquiring a minimum measurement set of a required code and a requirement on a coding matrix based on detection conditions of false data injection attack;
s4, acquiring system measurement equipment requirements required by power grid false data injection attack detection based on the coded situation of the minimum measurement set;
s5, constructing a measurement coding optimization problem, wherein an objective function is to reduce the measurement coding cost on the premise of ensuring the detection capability of the false data injection attack;
s6, simplifying the measurement coding optimization problem constructed in the step S5, and decoupling the coded measurement set selection-clustering problem and the coding matrix design problem;
and S7, arranging a decoder formed by the coding matrix in the control center, decoding the received measurement data, performing state estimation and attack detection, and detecting whether potential false data injection attack exists in the transmission process of the measurement data of the power grid system.
2. The method for detecting the injection attack of the false data of the power grid based on the measurement code according to claim 1, wherein the injection attack model of the false data of the power grid based on the measurement code in the step S1 corresponds to the following expression:
z a =C·z+a,
wherein z is the real measurement data in the power grid state estimation, z a In order to measure the measurement data tampered by an attacker in the coding, C is a reversible coding matrix, and a is an attack vector injected by the attacker.
3. The method for detecting the injection attack of the false data of the power grid based on the measurement coding according to claim 1, wherein the measurement coding cost model in the step S2 corresponds to the expression:
wherein K epsilon {1, …, K } is the index set of the measurement code cluster, alpha k For the cost of arranging encoders in the kth cluster, G k Beta, the set of measurement devices in the kth cluster jk The cost of secure communication with encoder k is measured for the jth.
4. The method for detecting the network false data injection attack based on the measurement code according to claim 1, wherein the coding matrix in the measurement code in the step S3 satisfies the following expression:
rank([HC·H])=2·n
wherein rank (·) represents matrix rank operation;
h is Jacobian matrix of the nonlinear measurement equation,m is more than or equal to 2.n, n is the number of system states;
coding matrixIs reversible.
5. The method for detecting a grid false data injection attack based on measurement coding according to claim 1, wherein the measurements in the set S in the step S3 are coded, the setThe Jacobian matrix H and the coding matrix C of the nonlinear measurement equation are not coded, and can be expressed as:
and />
wherein ,HS Andfor the and set S and +.in Jacobian matrix H>Corresponding to the measurement of the matrix, C S and />For measuring the sum set S and +.>A sub-coding matrix corresponding to the measurement in (a);
the minimum set of measurements S required to be encoded satisfies the following expression:
rank(H S ) N and rank (C S -I)≥n,
Wherein I is a matrix C S And n is the number of system states of the unit arrays with the same dimension.
6. The method for detecting the injection attack of the false data of the power grid based on the measurement coding according to claim 1, wherein when the minimum measurement set S is coded in the step S4, the rank of the combining matrix satisfies the following expression:
rank(H S ) N and =n
wherein ,complement of set S, H S For the submatrix of Jacobian matrix H corresponding to the measurements in set S +.>For the set of measurements in matrix H and uncoded +.>The corresponding submatrix, H is Jacobian matrix of the nonlinear measurement equation,m is more than or equal to 2.n, n is the number of system states; coding matrix->Is reversible.
7. The method for detecting the grid false data injection attack based on the measurement coding according to claim 6, wherein the measurement coding optimization problem in the step S5 corresponds to the expression:
rank(C S )=n,
rank(C s -I)=n,
where M is a measurement set of the power system,for coding matrix C S In the row vector corresponding to measurement j, the supply (-) represents the non-zero element in the vectorK epsilon {1, …, K } is the index set of the measurement code cluster, alpha k For the cost of arranging encoders in the kth cluster, G k Beta, the set of measurement devices in the kth cluster jk The cost of secure communication with encoder k is measured for the jth.
8. The method for detecting a grid dummy data injection attack based on measurement coding according to claim 1, wherein the step S6 further comprises:
will encode matrix C S Setting the diagonal elements as non-zero and non-unitary diagonal arrays, and carrying out equivalent simplification on the optimization problem constructed in the step S5;
the decision variables of the simplified optimization problem only comprise the coded measurement set and clustering conditions.
9. A measurement coding based grid dummy data injection attack detection device, comprising:
a memory for storing instructions executable by the processor;
a processor for executing the instructions to implement the method of any one of claims 1-8.
10. A computer readable medium having stored thereon computer instructions, wherein the computer instructions, when executed by a processor, perform the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210849680.9A CN115225379B (en) | 2022-07-19 | 2022-07-19 | Method and device for detecting false data injection attack of power grid based on measurement coding |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210849680.9A CN115225379B (en) | 2022-07-19 | 2022-07-19 | Method and device for detecting false data injection attack of power grid based on measurement coding |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115225379A CN115225379A (en) | 2022-10-21 |
| CN115225379B true CN115225379B (en) | 2023-10-03 |
Family
ID=83611249
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210849680.9A Active CN115225379B (en) | 2022-07-19 | 2022-07-19 | Method and device for detecting false data injection attack of power grid based on measurement coding |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115225379B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988277A (en) * | 2020-07-18 | 2020-11-24 | 郑州轻工业大学 | Attack detection method based on bidirectional generation counternetwork |
| CN114282218A (en) * | 2021-12-23 | 2022-04-05 | 北京天融信网络安全技术有限公司 | Attack detection method and device, electronic equipment and storage medium |
| CN114721264A (en) * | 2022-03-21 | 2022-07-08 | 浙江工业大学 | Industrial information physical system attack detection method based on two-stage self-encoder |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10572659B2 (en) * | 2016-09-20 | 2020-02-25 | Ut-Battelle, Llc | Cyber physical attack detection |
-
2022
- 2022-07-19 CN CN202210849680.9A patent/CN115225379B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111988277A (en) * | 2020-07-18 | 2020-11-24 | 郑州轻工业大学 | Attack detection method based on bidirectional generation counternetwork |
| CN114282218A (en) * | 2021-12-23 | 2022-04-05 | 北京天融信网络安全技术有限公司 | Attack detection method and device, electronic equipment and storage medium |
| CN114721264A (en) * | 2022-03-21 | 2022-07-08 | 浙江工业大学 | Industrial information physical system attack detection method based on two-stage self-encoder |
Non-Patent Citations (1)
| Title |
|---|
| 分布式网络虚假数据注入攻击检测方法研究;孙灏;《新乡学院学报》;第37卷(第6期);32-35 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115225379A (en) | 2022-10-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yuen et al. | Real‐time system identification: an algorithm for simultaneous model class selection and parametric identification | |
| Amin et al. | Cyber security of water SCADA systems—Part II: Attack detection using enhanced hydrodynamic models | |
| Casado-Vara et al. | How blockchain could improve fraud detection in power distribution grid | |
| Siripanadorn et al. | Anomaly detection in wireless sensor networks using self-organizing map and wavelets | |
| Tian et al. | Data‐Driven and Low‐Sparsity False Data Injection Attacks in Smart Grid | |
| CN105447388B (en) | A kind of Android malicious code detection system based on weight and method | |
| CN103577323A (en) | Dynamic key command sequence birthmark-based software plagiarism detecting method | |
| Giani et al. | Phasor measurement unit selection for unobservable electric power data integrity attack detection | |
| Canepa et al. | Spoofing cyber attack detection in probe-based traffic monitoring systems using mixed integer linear programming | |
| Liu et al. | Adversarial false data injection attack against nonlinear ac state estimation with ann in smart grid | |
| Talebi et al. | Secure power systems against malicious cyber-physical data attacks: Protection and identification | |
| Moya et al. | Developing correlation indices to identify coordinated cyber‐attacks on power grids | |
| CN110826888B (en) | Data integrity attack detection method in power system dynamic state estimation | |
| Yang et al. | Fatigue evaluation of bridges based on strain influence line loaded by elaborate stochastic traffic flow | |
| CN115225379B (en) | Method and device for detecting false data injection attack of power grid based on measurement coding | |
| Yi et al. | Reliability analysis of high rockfill dam stability | |
| Eidiani | A rapid state estimation method for calculating transmission capacity despite cyber security concerns | |
| Khare et al. | Strategic PMU placement to alleviate power system vulnerability against cyber attacks | |
| Canepa et al. | A framework for privacy and security analysis of probe-based traffic information systems | |
| CN110941236B (en) | PLC safety monitoring and dynamic measuring method and system | |
| CN113919239B (en) | Intelligent internal threat detection method and system based on space-time feature fusion | |
| Liu et al. | Finite time secure state estimation for linear cyber‐physical systems with actuator and sensor attacks | |
| Chen et al. | Stacked autoencoder framework of false data injection attack detection in smart grid | |
| Zhou et al. | Robust geotechnical design for soil slopes considering uncertain parameters | |
| Wang et al. | F‐DDIA: A Framework for Detecting Data Injection Attacks in Nonlinear Cyber‐Physical Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |