CN115712894A - Load false data injection attack modeling method - Google Patents

Load false data injection attack modeling method Download PDF

Info

Publication number
CN115712894A
CN115712894A CN202211292172.1A CN202211292172A CN115712894A CN 115712894 A CN115712894 A CN 115712894A CN 202211292172 A CN202211292172 A CN 202211292172A CN 115712894 A CN115712894 A CN 115712894A
Authority
CN
China
Prior art keywords
attack
load
layer
node
transformer substation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211292172.1A
Other languages
Chinese (zh)
Other versions
CN115712894B (en
Inventor
施星宇
郭欢
赵一睿
尹邦煌
曹一家
李泽文
吴公平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha University of Science and Technology
Original Assignee
Changsha University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha University of Science and Technology filed Critical Changsha University of Science and Technology
Priority to CN202211292172.1A priority Critical patent/CN115712894B/en
Publication of CN115712894A publication Critical patent/CN115712894A/en
Application granted granted Critical
Publication of CN115712894B publication Critical patent/CN115712894B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Supply And Distribution Of Alternating Current (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a load false data injection attack modeling method, which relates to the technical field of power information physical systems and is used for solving the problems that a large-scale physical power flow transfer is caused by misleading a dispatcher to carry out wrong operation after a load false data injection attack is applied to an existing power system, even a cascading failure reaction of the power system is caused, and a large power failure accident is caused; the method can be used for timely and accurately predicting the most harmful attack path by considering the attack behavior of an intruder from the information layer perspective in combination with the actual network attack situation under the power information physical system fusion background, and provides beneficial inspiration for power system managers on how to effectively prevent and defend the load false injection attack.

Description

Load false data injection attack modeling method
Technical Field
The invention relates to the technical field of power information physical systems, in particular to a load false data injection attack modeling method.
Background
The electric power system is a significant infrastructure for every country and is the main power source in every city. With the gradual formation of smart grids, power systems are gradually upgraded from traditional systems mainly comprising physical facilities to highly-coupled power information physical systems, and network security troubles are brought to the power systems.
The state estimation is a key element for reliable operation and control of the current power system, collects information from a large number of instrument measurements, analyzes the information in a control center in a centralized manner, and finally performs unified scheduling on the power system by the control center according to analysis of the measurement data. However, due to the development of the computer industry and communication technology, it has recently been found that these measurement data are vulnerable to malicious spurious data injection attacks. With respect to the concept of load redistribution attacks, this is a special type of spurious data injection attacks that compromise the operation of the power system under different time steps and different attack resource constraints.
After the attack vector is reasonably selected, the network attack is extremely high in concealment and not easy to be found by the detection equipment, along with the fact that the automation degree of the power system is higher and higher, the intelligent equipment is continuously connected, the power system is more and more complex due to the high coupling of the physical layer and the information layer, and the unprecedented challenge is brought to the traditional power system. The existing research proves that large-scale physical power flow transfer can be caused by misleading a dispatcher to carry out wrong operation after a power system is attacked by load false data injection, and even cascading failure reaction of the power system can be finally caused to cause a large power failure accident.
Disclosure of Invention
The invention aims to solve the problems that a large-scale physical power flow transfer is caused by misleading a dispatcher to carry out wrong operation after an existing power system is attacked by load false data injection, and even a cascading failure reaction of the power system can be finally caused to cause a blackout accident.
The purpose of the invention can be realized by the following technical scheme: a load false data injection attack modeling method comprises the following steps:
s1, calculating average compromise time values of communication links of each transformer substation and a control center: firstly, determining a network attack path, namely determining a corresponding Bayesian network attack graph, and then calculating an average compromise time value for successfully invading each communication link and modifying data;
s2, establishing a double-layer optimization model for load false data injection: adding the constraint condition into the upper layer of the double-layer model based on the average compromise time value of each transformer substation calculated in the step S1;
s3, converting the double-layer mixed optimization model into a single-layer mixed integer model by applying a strong duality theory according to the double-layer optimization model established in the S2, and solving in a solver;
and S4, obtaining the optimal attack scheme of the attacker according to the calculation result of the optimization model.
As a preferred embodiment of the present invention, the specific process of S1 is:
s11, establishing a Bayesian attack graph of a communication link between the invading transformer substation and the control center, wherein the Bayesian attack graph consists of three layers of structures; wherein the first layer is strategy group A j The second level is sub-target B i The third layer is a global target C m Sub goal B i Represented by a circle node; by bypassing or defeating the respective countermeasure group A j Reach sub-goal B i (ii) a Quantifying the probability of successful unauthorized operation of an intruder on a target communication link through the constructed Bayesian model;
s12, calculating the successful intrusion probability of the transformer substation: calculating the successful intrusion probability of the transformer substation by using a Bayesian attack graph, wherein the successful intrusion probability of the transformer substation is changed along with the distribution of defense resources and the identified vulnerabilities, and the vulnerabilities of each network component are randomly generated;
s13, calculating an average compromise time value: establishing a mathematical model of average compromise time based on the Bayesian attack graph determined in the S11 and the probability of successful intrusion into the transformer substation determined in the S12, and calculating an MTTC value of the average compromise time; wherein
Figure BDA0003901550110000031
In the formula, T (v) i ) Is to exploit a single vulnerability v i The time required, p (c) represents the probability of successfully reaching the overall target condition, p (v) i Λ c) is the probability of successful attack, p (v), resulting in an overall target condition and exploiting a vulnerability i Ac) represents the probability of success leading to the target condition, given that an attacker always chooses the easiest attack path;
Figure BDA0003901550110000032
where i represents the number of pre-vulnerabilities that lead to the target vulnerability, p (v) i = T) represents the probability of successfully executing an attack if three preconditions are met, p (v) i =T|S i =T,N i =T,L i = T) is expressed as the probability that an attacker alone can successfully exploit a certain vulnerability.
As a preferred embodiment of the present invention, the specific process of S2 is:
s21, considering the average compromise time constraint of each loaded substation in the upper layer constraint:
Figure BDA0003901550110000033
wherein
Figure BDA0003901550110000035
Is a variable from 0 to 1, when the variable is equal to 1, the network intrusion on the transformer substation can be performed, T is the intrusion time set by an intruder for the transformer substation, and T is the intrusion time set by the intruder d A MTTC value representing an intruder calculated substation communication link;
s22, an upper layer model of the double-layer optimization model comprises an upper layer objective function and a constraint condition, wherein the upper layer objective function is as follows:
Figure BDA0003901550110000034
wherein the objective function represents maximizing the operation cost, including the power generation cost and the load shedding cost, c g The cost ($/MWh), cs of power generation for the generator g d To the cost of load shedding ($/MWh),
Figure BDA0003901550110000041
respectively representing the output of the generator g, the load reduction at the load node d, N g Number of generators, N d The number of the load nodes is delta D, and the delta D is a load attack quantity vector;
the lower layer constraint conditions comprise:
Figure BDA0003901550110000042
Figure BDA0003901550110000048
Figure BDA0003901550110000043
Figure BDA0003901550110000044
Figure BDA0003901550110000045
wherein Δ D d Representing the d node load attack amount; τ isSetting a load attack amount range; d d The actual measured value of the load node quantity is obtained;
Figure BDA0003901550110000049
variable 0-1 to constrain constraints, T represents the time set for the intruder, T n An MTTC value representing an intruder calculated substation communication link; delta D,d Is an integer variable from 0 to 1, and R is the limited attack resource number;
s23, the lower layer model of the double-layer optimization model comprises a lower layer objective function and a lower layer constraint condition, wherein the lower layer objective function is as follows:
Figure BDA0003901550110000046
the lower-layer objective function represents that the scheduling personnel of the power system react according to the upper-layer constraint to reduce the system operation cost to the minimum;
the lower layer constraint conditions comprise:
Figure BDA0003901550110000047
PL=SF·KP·P-SF·KD·(D+ΔD-S)(μ) (12)
Figure BDA0003901550110000051
Figure BDA0003901550110000052
Figure BDA0003901550110000053
wherein D is d Is the load at load node d; (12) For line flow constraints, PL is the line flow vector, P is the generator output vector, KP is the node-generator association momentThe SF is a transfer factor matrix, and the KD is a node-load incidence matrix; the equations (13) to (15) are respectively the upper and lower bounds of the load reduction amount corresponding to the line rated capacity, the generator output and the load node, λ, μ,α l
Figure BDA0003901550110000054
β g
Figure BDA0003901550110000055
γ d
Figure BDA0003901550110000056
respectively, representing their corresponding lagrangian constants for the underlying constraints.
As a preferred implementation mode of the invention, before an intruder implements network attack, the load false data injection attack model is used for calculation, the calculation result comprises the number and the position of the transformer substations to be intruded and the injection load amount corresponding to each transformer substation, the intruder is guided to implement subsequent attack, and a reference defense scheme is provided for a power grid defender under the threat of cyber physical attack according to the upper layer optimization result and the lower layer optimization result.
Compared with the prior art, the invention has the beneficial effects that:
1. under the background of physical interaction and fusion of power information, the average compromise time of the transformer substation and the control center communication link which is successfully invaded by an invader is considered, so that the attack scene considered by the established double-layer optimization model for injecting the load false data is more perfect;
2. the average compromise time considered by the invention provides a calculation model which is easy to operate in practice for the operators of the power system, because the calculation model does not need to define the whole power system in a too detailed way, and in addition, the calculation model can use the automatically collected information;
3. the method combines the physical layer and the information layer of the power system, fully considers the coupling relation of the physical layer and the information layer, and aims at a special network attack scene of false data injection attack.
Drawings
In order to facilitate understanding for those skilled in the art, the present invention will be further described with reference to the accompanying drawings.
FIG. 1 is a flow chart of a method implementation provided by the present invention;
FIG. 2 is a Bayesian attack graph of a communication link between an intruding substation and a control center provided by the present invention;
fig. 3 is a power transmission line topology diagram of IEEE 14 nodes in a specific application of the present embodiment.
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-3, a modeling method for load-induced dummy data injection attack includes:
s1, calculating an average compromise time value of communication links between each transformer substation and a control center by an intruder: firstly, according to professional knowledge in the aspect of an information layer, an intruder determines a network attack path, namely a corresponding Bayesian network attack graph, and calculates average compromise time values for successfully invading each communication link and modifying data; the method comprises the following specific steps:
s11, establishing a Bayesian attack graph of a communication link between the invading substation and the control center: the Bayesian attack graph is composed of three layers of structures. The first layer is a countermeasure group, consisting of j And (4) showing. Second level representation sub-target B i Represented by the circle node. By bypassing or defeating the corresponding countermeasures A j Can reach sub-goal B i . Overall target C m Composed of a third layer, the intruder for general purposeTarget, sub-target B corresponding to its general target i All must be satisfied. Through the constructed Bayesian model, the probability of the successful unauthorized operation of the intruder on the target communication link can be quantified.
S12, the successful intrusion probability of the transformer substation: and calculating the successful intrusion probability of the transformer substation by using the Bayesian attack graph, wherein the successful intrusion probability of the transformer substation is changed along with the distribution of the defense resources and the identified vulnerabilities, and the vulnerabilities of each network component are generated randomly.
S13, calculating an average compromise time value: and establishing a mathematical model of the average compromise time based on the Bayesian attack graph determined in the S11 and the probability of successfully invading the transformer substation determined in the S12, and calculating the average compromise time. The MTTC value is calculated specifically according to the following formula:
Figure BDA0003901550110000071
in the formula, T (v) i ) Is to exploit a single vulnerability v i The time required, p (c), represents the probability of successfully reaching the overall target condition. p (v) i Lambdac) is the probability of successful attack resulting in an overall target condition and exploiting the vulnerability, since the probability of success resulting in a target condition, p (v) is expressed by assuming that the attacker always chooses the easiest attack path to represent i Λ c) can be expressed as:
Figure BDA0003901550110000072
where i represents the number of pre-vulnerabilities that lead to the target vulnerability, the more exploitable vulnerability will have a higher attack success probability. p (v) i = T) means the probability of successfully executing an attack if three preconditions are met, the probability that an attacker can exploit a vulnerability alone can be p (v) i =T|S i =T,N i =T,L i = T) means;
in fig. 2, the node usage corresponding to node label A1 is message encryption, the node usage corresponding to node label A2 is information type, the node usage corresponding to node label A3 is network address locking, the node usage corresponding to node label A4 is physical connection protection, the node usage corresponding to node label A5 is unfair protocol, the node usage corresponding to node label A6 is detection message timestamp, the node usage corresponding to node label A7 is cryptographic signature, the node usage corresponding to node label A8 is message sequence number, the node usage corresponding to node label A9 is remote cipher, the node usage corresponding to node label B1 is decryption information content, the node usage corresponding to node label B2 is information interception, the node usage corresponding to node label B3 is acquisition connection network, the node usage corresponding to node label B4 is interpretation information structure, the node usage corresponding to node label B5 is validity of holding information, the node label B6 is holding information modification, the node usage corresponding to node label B7 is validity of interpretation information structure, the node label B5 is C information blocking, the node label C information blocking is created, and the node label C information blocking is created by using node label C information blocking;
the double-layer optimization model for load spurious data injection established in the embodiment considers the average compromise time constraint of each loaded substation in the upper layer constraint:
Figure BDA0003901550110000081
wherein
Figure BDA0003901550110000084
Is a variable from 0 to 1, when the variable is equal to 1, the network intrusion on the transformer substation can be performed, T is the intrusion time set by an intruder for the transformer substation, and T is d The MTTC value of the transformer substation communication link calculated by the intruder is represented, and when the set time is longer than the calculation time, the transformer substation can be regarded as a target to be attacked by the intruder;
s2, establishing a double-layer optimization model for load false data injection: adding the constraint condition into the upper layer of the double-layer model based on the average compromise time value of each transformer substation calculated in the step S1; the upper layer constraint considers the average compromise time constraint of each on-load substation, the upper layer model comprises an upper layer objective function and constraint conditions, and the upper layer objective function is as follows:
Figure BDA0003901550110000082
wherein the objective function represents maximizing the operation cost including the power generation cost and the load shedding cost, c g The power generation cost ($/MWh), cs of the generator g d For the cost of load shedding ($/MWh),
Figure BDA0003901550110000083
respectively representing the output of the generator g, the load reduction at the load node d, N g Number of generators, N d The number of load nodes, Δ D, is a load attack vector.
The lower layer constraint conditions include:
Figure BDA0003901550110000091
Figure BDA0003901550110000096
Figure BDA0003901550110000092
Figure BDA0003901550110000093
Figure BDA0003901550110000094
constraint conditions(5) And (6) the load false data is ensured to be injected successfully and not to be detected easily, the sum of the loads of all points is kept unchanged before and after the attack, and the change of the loads is within a certain range, wherein delta D d Representing the d node load attack amount; tau is a set load attack amount range; d d Is a true measure of the load node quantity. Constraint (7) considers an average compromise time constraint per loaded substation, wherein
Figure BDA0003901550110000097
Is a variable of 0-1 to constrain constraints, T represents the time set for the intruder, T n And the MTTC value of the transformer substation communication link calculated by the intruder is represented, and when the set time is longer than the calculation time, the transformer substation can be considered as a candidate intrusion target. In addition, the number of the communication links of the tampered substation should not exceed the maximum number of the attack resources, and the constraints (8) and (9) are attack resource constraint conditions, delta D,d Is an integer variable from 0 to 1, and R is the limited attack resource number;
the lower model reacts according to a decision variable delta D determined by the upper model to minimize the operation cost of the power system, and comprises a lower objective function and a lower constraint condition, wherein the lower objective function is as follows:
Figure BDA0003901550110000095
the lower-layer objective function represents that the dispatching personnel of the power system react according to the upper-layer constraint to reduce the system operation cost to the minimum.
The lower layer constraint conditions comprise:
Figure BDA0003901550110000101
PL=SF·KP·P-SF·KD·(D+ΔD-S)(μ) (12)
Figure BDA0003901550110000102
Figure BDA0003901550110000103
Figure BDA0003901550110000104
the lower layer constraint function includes a power balance constraint (11), D, of the system d Is the load at load node d; (12) For line power flow constraint, PL is a line power flow vector, P is a generator output vector, KP is a node-generator incidence matrix, SF is a transfer factor matrix, and KD is a node-load incidence matrix; (13) - (15) are the upper and lower bounds of the rated capacity of the line, the output of the generator and the load reduction amount corresponding to the load node, respectively. The number of the lambda, mu,α l
Figure BDA0003901550110000105
β g
Figure BDA0003901550110000106
γ d
Figure BDA0003901550110000107
respectively representing Lagrange constants of corresponding lower layer constraint conditions;
s3, establishing a double-layer optimization model according to the S2, converting the double-layer hybrid optimization model into a single-layer hybrid integer model by applying a strong duality theory, and solving in a solver;
s4, obtaining an optimal attack scheme of an attacker according to a calculation result of the optimization model, and effectively predicting load false data injection attacks of all transformer substations of the information physical system; before an intruder implements network attack, load false data is injected into an attack model in advance for calculation, and the calculation result comprises the number and the position of the transformer substations to be attacked and the corresponding injection load of each transformer substation to guide the intruder to implement subsequent attack;
in order to verify the effectiveness of the invention, taking an IEEE 14 node power information physical system as an example, the method is adopted to analyze the load false data injection network attack. Specifically, the coupling system comprises 14 transformer substation nodes and 20 power transmission lines, the original total load requirement is 259MW, the original operation cost of the power system is 6203.3$/h, t =250, τ =0.5 and the number of attack resources R =4. Simulating by using python3.7 as a simulation tool to obtain the average compromise time value of the communication link which successfully invades each transformer substation as shown in the table I, and comparing the result of the load false data injection attack with the original system as shown in the table II;
table-MTTC estimates for each node
Node numbering 1 2 3 4 5 6 7
MTTC(days) 279.99 243.71 217.08 231.67 289.2 188.96 289.4
Node numbering 8 9 10 11 12 13 14
MTTC(days) 320.51 256.38 231.3 258.15 500.12 409.8 270.75
Since the automation and security levels of the communication structures of the substations differ from one substation to another, there are network architectures of the substations. As can be seen from table one, the present invention assumes that known and zero day vulnerabilities are randomly assigned to the countermeasures of 14 links, so the MTTC values needed to achieve the same end goal in the 14 links may be different each. The shortest intrusion time required by the node 6 is considered that the network communication structure of the substation is easy to be successfully breached, and the longest intrusion time required by the node 12 is considered that the substation is difficult to successfully intrude.
Comparison of table two load spurious data injection attacks with original system operating costs
Figure BDA0003901550110000111
The second table shows that, by comparison, after the intruder performs the load dummy data injection attack, the operation cost of the whole power system is greatly increased, and the cost is increased by 7221-6205.6=1015.4. This is due to the effects of network attacks, where the operator is misled by spurious load data; in order to restore the power system to a "normal running" condition so that they operate in load shedding and regulating the generator contribution, the system is under load shedding at node 3 of 14.3MW in this example.
The preferred embodiments of the invention disclosed above are intended to be illustrative only. The preferred embodiments are not intended to be exhaustive or to limit the invention to the precise forms disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the invention and the practical application, to thereby enable others skilled in the art to best utilize the invention. The invention is limited only by the claims and their full scope and equivalents.

Claims (4)

1. A modeling method for load false data injection attack is characterized by comprising the following steps:
s1, calculating average compromise time values of communication links of each transformer substation and a control center: firstly, determining a network attack path, namely determining a corresponding Bayesian network attack graph, and then calculating an average compromise time value for successfully invading each communication link and modifying data;
s2, establishing a double-layer optimization model for load false data injection: adding the constraint condition into the upper layer of the double-layer model based on the average compromise time value of each transformer substation calculated in the step S1;
s3, converting the double-layer hybrid optimization model into a single-layer hybrid integer model by applying a strong duality theory according to the double-layer optimization model established in the S2, and solving in a solver;
and S4, obtaining the optimal attack scheme of the attacker according to the calculation result of the optimization model.
2. The modeling method for load false data injection attack according to claim 1, wherein the specific process of S1 is as follows:
s11, establishing a Bayesian attack graph of a communication link between the invading transformer substation and the control center, wherein the Bayesian attack graph consists of three layers of structures; wherein the first layer is strategy group A j The second layer is sub-target B i The third layer is a global target C m Sub-goal B of i Represented by a circle node; by bypassing or defeating the respective countermeasure group A j Reach sub-goal B i (ii) a Quantifying the probability of successful unauthorized operation of an intruder on a target communication link through the constructed Bayesian model;
s12, calculating the successful intrusion probability of the transformer substation: calculating the successful intrusion probability of the transformer substation by using a Bayesian attack graph, wherein the successful intrusion probability of the transformer substation is changed along with the distribution of defense resources and the identified vulnerabilities, and the vulnerabilities of each network component are randomly generated;
s13, calculating an average compromise time value: establishing a mathematical model of average compromise time based on the Bayesian attack graph determined in the S11 and the probability of successful intrusion into the transformer substation determined in the S12, and calculating an MTTC value of the average compromise time; wherein
Figure FDA0003901550100000021
In the formula, T (v) i ) Is to exploit a single vulnerability v i The time required, p (c) represents the probability of successfully reaching the overall target condition, p (v) i Λ c) is the probability of successful attack, p (v), resulting in an overall target condition and exploiting a vulnerability i Ac) represents the probability of success leading to the target condition, given that an attacker always chooses the easiest attack path;
Figure FDA0003901550100000022
where i denotes the cause of target leakageHole pre-vulnerability number, p (v) i = T) represents the probability of successfully executing an attack if three preconditions are met, p (v) i =T|S i =T,N i =T,L i = T) is expressed as the probability that an attacker alone can successfully exploit a certain vulnerability.
3. The method for modeling load dummy data injection attack according to claim 1, wherein the specific process of S2 is:
s21, considering the average compromise time constraint of each loaded transformer substation in the upper layer constraint:
Figure FDA0003901550100000023
wherein
Figure FDA0003901550100000024
Is a variable from 0 to 1, when the variable is equal to 1, the network intrusion on the transformer substation can be performed, T is the intrusion time set by an intruder for the transformer substation, and T is d An MTTC value representing an intruder calculated substation communication link;
s22, an upper layer model of the double-layer optimization model comprises an upper layer objective function and constraint conditions, wherein the upper layer objective function is as follows:
Figure FDA0003901550100000025
wherein the objective function is to maximize the operation cost, including the generation cost and the load shedding cost, c g Is the cost of generation of generator g, cs d In order to reduce the cost of the load shedding,
Figure FDA0003901550100000026
respectively representing the output of the generator g, the load reduction at the load node d, N g Number of generators, N d Number of load nodes, Δ D as load attackA stroke vector;
the lower layer constraint conditions comprise:
Figure FDA0003901550100000031
Figure FDA0003901550100000032
Figure FDA0003901550100000033
Figure FDA0003901550100000034
Figure FDA0003901550100000035
wherein Δ D d Representing the d node load attack amount; tau is a set load attack amount range; d d The actual measured value of the load node quantity is obtained;
Figure FDA0003901550100000036
is a variable of 0-1 to constrain constraints, T represents the time set for the intruder, T n An MTTC value representing an intruder calculated substation communication link; delta D,d Is an integer variable from 0 to 1, and R is the limited attack resource number;
s23, the lower layer model of the double-layer optimization model comprises a lower layer objective function and a lower layer constraint condition, wherein the lower layer objective function is as follows:
Figure FDA0003901550100000037
the lower-layer objective function represents that the scheduling personnel of the power system react according to the upper-layer constraint to reduce the system operation cost to the minimum;
the lower layer constraint conditions comprise:
Figure FDA0003901550100000038
PL=SF·KP·P-SF·KD·(D+ΔD-S)(μ) (12)
Figure FDA0003901550100000039
Figure FDA0003901550100000041
Figure FDA0003901550100000042
wherein D is d Is the load at load node d; (12) For line power flow constraint, PL is a line power flow vector, P is a generator output vector, KP is a node-generator incidence matrix, SF is a transfer factor matrix, and KD is a node-load incidence matrix; equations (13) to (15) are upper and lower bounds of the line rated capacity, the generator output, and the load reduction amount corresponding to the load node, λ, μ,α l
Figure FDA0003901550100000043
β g
Figure FDA0003901550100000044
γ d
Figure FDA0003901550100000045
respectively representing lagrange of their corresponding underlying constraintsA constant.
4. The load false data injection attack modeling method according to claim 1, characterized in that before an intruder implements network attack, the load false data injection attack model is used for calculation, the calculation result includes the number and the position of the transformer substations to be intruded and the injection load amount corresponding to each transformer substation, the intruder is guided to implement subsequent attack, and a reference defense scheme is provided for a power grid defender under the threat of cyber physical attack according to the upper optimization result and the lower optimization result.
CN202211292172.1A 2022-10-21 2022-10-21 Load false data injection attack modeling method Active CN115712894B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211292172.1A CN115712894B (en) 2022-10-21 2022-10-21 Load false data injection attack modeling method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211292172.1A CN115712894B (en) 2022-10-21 2022-10-21 Load false data injection attack modeling method

Publications (2)

Publication Number Publication Date
CN115712894A true CN115712894A (en) 2023-02-24
CN115712894B CN115712894B (en) 2023-09-15

Family

ID=85231379

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211292172.1A Active CN115712894B (en) 2022-10-21 2022-10-21 Load false data injection attack modeling method

Country Status (1)

Country Link
CN (1) CN115712894B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188995A (en) * 2019-04-29 2019-08-30 国网宁夏电力有限公司电力科学研究院 Unit load cooperates with spare Optimal Configuration Method and system, equipment, storage medium
CN110571787A (en) * 2019-09-26 2019-12-13 国网浙江省电力有限公司嘉兴供电公司 false data injection attack design and defense method for direct-current micro-grid
CN112235283A (en) * 2020-10-10 2021-01-15 南方电网科学研究院有限责任公司 Vulnerability description attack graph-based network attack evaluation method for power engineering control system
CN114051220A (en) * 2021-10-27 2022-02-15 上海智能网联汽车技术中心有限公司 Ontology-based dynamic Bayesian attack graph generation method and system for Internet of vehicles
CN115049270A (en) * 2022-06-20 2022-09-13 长沙理工大学 Power system risk assessment method considering network attack success probability of transformer substation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110188995A (en) * 2019-04-29 2019-08-30 国网宁夏电力有限公司电力科学研究院 Unit load cooperates with spare Optimal Configuration Method and system, equipment, storage medium
CN110571787A (en) * 2019-09-26 2019-12-13 国网浙江省电力有限公司嘉兴供电公司 false data injection attack design and defense method for direct-current micro-grid
CN112235283A (en) * 2020-10-10 2021-01-15 南方电网科学研究院有限责任公司 Vulnerability description attack graph-based network attack evaluation method for power engineering control system
CN114051220A (en) * 2021-10-27 2022-02-15 上海智能网联汽车技术中心有限公司 Ontology-based dynamic Bayesian attack graph generation method and system for Internet of vehicles
CN115049270A (en) * 2022-06-20 2022-09-13 长沙理工大学 Power system risk assessment method considering network attack success probability of transformer substation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
YANLING YUAN 等: "Modeling Load Redistribution Attacks in Power Systems", IEEE, pages 382 - 390 *
YICHI ZHANG 等: "Power System Reliability Evaluation With SCADA Cybersecurity Considerations", TRANSACTIONS ON SMART GRID, pages 1707 - 1721 *

Also Published As

Publication number Publication date
CN115712894B (en) 2023-09-15

Similar Documents

Publication Publication Date Title
Gunduz et al. Cyber-security on smart grid: Threats and potential solutions
Kurt et al. Secure distributed dynamic state estimation in wide-area smart grids
Xiang et al. An improved defender–attacker–defender model for transmission line defense considering offensive resource uncertainties
Xiang et al. Power system reliability evaluation considering load redistribution attacks
Che et al. Mitigating false data attacks induced overloads using a corrective dispatch scheme
Li et al. Bilevel model for analyzing coordinated cyber-physical attacks on power systems
Xiang et al. A game-theoretic study of load redistribution attack and defense in power systems
Cheng et al. Resilient collaborative distributed energy management system framework for cyber-physical DC microgrids
Pour et al. A review on cyber security issues and mitigation methods in smart grid systems
Tian et al. Multilevel programming-based coordinated cyber physical attacks and countermeasures in smart grid
Pan et al. Combined data integrity and availability attacks on state estimation in cyber-physical power grids
Liu et al. Pre-overload-graph-based vulnerable correlation identification under load redistribution attacks
Dorothy et al. Smart Grid Systems Based Survey on Cyber Security Issues
Meyur A Bayesian attack tree based approach to assess cyber-physical security of power system
Tang et al. Power system reliability analysis considering external and insider attacks on the SCADA system
Rahman et al. Challenges and opportunities in cyber-physical security of highly der-penetrated power systems
CN117768166A (en) AMI risk quantification evaluation method and system considering network attack damage-caused path
Behdadnia et al. Leveraging deep learning to increase the success rate of DOS attacks in PMU-based automatic generation control systems
Xia et al. Confidence-aware collaborative detection mechanism for false data attacks in smart grids
Arguello et al. A trilevel model for segmentation of the power transmission grid cyber network
CN115712894B (en) Load false data injection attack modeling method
Jena et al. Identification of strategic sensor locations for intrusion detection and classification in smart grid networks
Jena et al. An Optimal Scheme for Installation of PMUs and IEDs to Reinforce Electricity Market Immunity Against Data Attacks in Smart Grid
Mohammadpourfard et al. Anomaly detection in the distribution grid: a nonparametric approach
Merza et al. Identification scheme of false data injection attack based on deep learning algorithms for smart grids

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant