CN116708026B - Method and device for detecting network attack of direct-current micro-grid and estimating global state - Google Patents

Method and device for detecting network attack of direct-current micro-grid and estimating global state Download PDF

Info

Publication number
CN116708026B
CN116708026B CN202310969950.4A CN202310969950A CN116708026B CN 116708026 B CN116708026 B CN 116708026B CN 202310969950 A CN202310969950 A CN 202310969950A CN 116708026 B CN116708026 B CN 116708026B
Authority
CN
China
Prior art keywords
state
area
estimation
initial
state vector
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310969950.4A
Other languages
Chinese (zh)
Other versions
CN116708026A (en
Inventor
那琼澜
苏丹
来骥
张实君
杨艺西
曾婧
李信
庞思睿
任建伟
马跃
娄竞
邬小波
杨峰
许大卫
卢嫱舒
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Jibei Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Jibei Electric Power Co Ltd
Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Jibei Electric Power Co Ltd, Information and Telecommunication Branch of State Grid Jibei Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202310969950.4A priority Critical patent/CN116708026B/en
Publication of CN116708026A publication Critical patent/CN116708026A/en
Application granted granted Critical
Publication of CN116708026B publication Critical patent/CN116708026B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/04Processing captured monitoring data, e.g. for logfile generation
    • H04L43/045Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to the technical field of electric power, in particular to a method and a device for detecting network attack and estimating global state of a direct current micro-grid. The method comprises the following steps: determining an initial global state vector and an initial covariance matrix; determining an estimated state vector of the current time region according to the initial global state vector, the initial covariance matrix, the input vectors of all regions at the initial time and the observed state vector of the current time region; determining an area which is not attacked by the network according to the area estimation state vector at the current moment; updating the initial global state vector by using the area estimation state vector of the area not attacked by the network to obtain an updated global estimation state; and taking the current moment as the initial moment, and iteratively calculating the area estimation state vector of each area at the next moment according to the updated global estimation state. The method and the device detect the specific condition of the network attack, analyze the specific attacked area when the network attack occurs, provide accurate health state estimation and have practical value.

Description

直流微电网网络攻击检测与全局状态估计方法及装置DC microgrid network attack detection and global state estimation method and device

技术领域Technical field

本文涉及电力技术领域,尤其是直流微电网网络攻击检测与全局状态估计方法及装置。This article relates to the field of power technology, especially DC microgrid network attack detection and global state estimation methods and devices.

背景技术Background technique

直流微电网是智能配电系统的重要组成部分,能有效解决分布式可再生能源发电的利用问题,对推进节能减排以及实现可持续能源发展具有重要意义。直流微电网通过通信网络连接分布式发电机组,与控制决策中心进行信息共享,以构建互联协作的智能直流微电网。通信网络容易遭受各种网络攻击的风险,例如虚假数据注入攻击、通信延迟攻击、拒绝服务攻击等,都会对系统稳定性以及性能造成巨大的影响,导致控制决策中心错误的监督决策。DC microgrid is an important part of the intelligent power distribution system. It can effectively solve the problem of utilizing distributed renewable energy power generation and is of great significance to promoting energy conservation and emission reduction and achieving sustainable energy development. The DC microgrid connects distributed generating units through a communication network and shares information with the control decision center to build an interconnected and collaborative smart DC microgrid. Communication networks are vulnerable to various network attacks, such as false data injection attacks, communication delay attacks, denial of service attacks, etc., which will have a huge impact on system stability and performance, leading to incorrect supervision decisions by the control decision center.

现有的智能直流微电网网络攻击检测方法集中在对智能直流微电网故障位置遭受攻击位置的检测,在多个网络攻击同时出现时,缺少对攻击总次数以及各个网络攻击的攻击位置的研究,导致无法准确获取复杂攻击情况的网络攻击信息。同时大多数研究缺少在攻击发生时,对微电网整体进行准确状态估计的研究联网的通信质量的研究,无法发挥电力物联网作用。Existing smart DC microgrid network attack detection methods focus on detecting attack locations at smart DC microgrid fault locations. When multiple network attacks occur simultaneously, there is a lack of research on the total number of attacks and the attack locations of each network attack. This makes it impossible to accurately obtain network attack information about complex attack situations. At the same time, most studies lack accurate state estimation of the entire microgrid when an attack occurs, and research on the communication quality of the network cannot play a role in the power Internet of Things.

发明内容Contents of the invention

为解决上述现有技术无法准确获取复杂攻击情况的问题,本文实施例提供了直流微电网网络攻击检测与全局状态估计方法及装置。In order to solve the above-mentioned problem that the existing technology cannot accurately obtain complex attack situations, embodiments of this article provide a DC microgrid network attack detection and global state estimation method and device.

本文实施例提供了直流微电网网络攻击检测与全局状态估计方法,所述方法包括:根据直流微电网内所有区域的降压换流器在初始时刻的状态向量,确定初始全局状态向量及初始协方差矩阵,所述初始全局状态向量为初始时刻的全局状态向量;根据所述初始全局状态向量、所述初始协方差矩阵、初始时刻所有区域的输入向量、当前时刻区域状态观测向量,确定当前时刻区域估计状态向量,其中,所述当前时刻区域状态观测向量中的元素为各区域降压换流器的输出电压、各区域所受噪声信号及所受网络攻击信号之和;根据当前时刻区域估计状态向量,确定直流微电网内未受到网络攻击的区域;利用未受到网络攻击的区域的区域估计状态向量,更新所述初始全局状态向量,得到更新后的全局估计状态;将当前时刻作为初始时刻,根据更新后的全局估计状态,迭代计算下一时刻各区域的区域估计状态向量。The embodiments of this article provide a DC microgrid network attack detection and global state estimation method. The method includes: determining the initial global state vector and initial coordination according to the state vectors of the buck converters in all areas of the DC microgrid at the initial moment. Variance matrix, the initial global state vector is the global state vector at the initial moment; according to the initial global state vector, the initial covariance matrix, the input vectors of all regions at the initial moment, and the regional state observation vector at the current moment, the current moment is determined Regional estimated state vector, wherein the elements in the regional state observation vector at the current moment are the sum of the output voltage of the step-down converter in each region, the noise signal received by each region, and the network attack signal received; according to the regional estimate at the current moment The state vector determines the area in the DC microgrid that has not been attacked by the network; uses the regional estimated state vector of the area that has not been attacked by the network to update the initial global state vector to obtain the updated global estimated state; use the current moment as the initial moment , based on the updated global estimated state, iteratively calculate the regional estimated state vector of each region at the next moment.

根据本文实施例的一个方面,确定当前时刻的区域估计状态包括:根据初始全局状态向量及初始协方差矩阵,确定初始区域估计状态向量及估计协方差矩阵;根据所述初始区域估计状态向量及估计协方差矩阵,利用容积点计算第一区域估计状态向量及第一估计协方差矩阵;根据第一区域估计状态向量及第一估计协方差矩阵及卡尔曼滤波算法,确定当前时刻区域估计状态向量及当前时刻估计协方差矩阵。According to one aspect of the embodiments of this article, determining the regional estimation state at the current moment includes: determining the initial regional estimation state vector and the estimated covariance matrix according to the initial global state vector and the initial covariance matrix; according to the initial regional estimation state vector and the estimated covariance matrix The covariance matrix uses the volume points to calculate the first regional estimated state vector and the first estimated covariance matrix; based on the first regional estimated state vector and the first estimated covariance matrix and the Kalman filter algorithm, determine the current moment regional estimated state vector and The estimated covariance matrix at the current moment.

根据本文实施例的一个方面,所述根据当前时刻区域估计状态,确定直流微电网内未受到网络攻击的区域包括:根据各区域的区域估计状态,确定当前时刻各区域的攻击特征值;确定所述攻击特征值与区域估计状态的平均区域状态向量的偏差程度;将偏差程度超过预设阈值的区域,确定为受到网络攻击的区域;将偏差程度小于或等于预设阈值的区域,确定为未受到网络攻击的区域。According to one aspect of the embodiments of this article, determining the areas in the DC microgrid that are not subject to network attacks based on the regional estimation status at the current moment includes: determining the attack characteristic value of each area at the current moment based on the area estimation status of each area; determining the attack characteristic value of each area at the current moment; The degree of deviation between the attack characteristic value and the average regional state vector of the regional estimated state; the area where the deviation exceeds the preset threshold is determined to be an area subject to network attacks; the area where the deviation is less than or equal to the preset threshold is determined to be under attack Areas subject to cyberattacks.

根据本文实施例的一个方面,所述方法还包括:对所述当前时刻各区域的攻击特征值进行聚类分析,得到聚类集群;根据所述聚类集群的数量、集群内各攻击特征值对应的区域,确定区域所受网络攻击的次数 。According to one aspect of the embodiments of this article, the method further includes: performing cluster analysis on the attack characteristic values of each area at the current moment to obtain cluster clusters; according to the number of cluster clusters, each attack characteristic value in the cluster Corresponding area, determine the number of network attacks suffered by the area.

根据本文实施例的一个方面,所述确定全局估计状态包括:判断未受到网络攻击的区域的数量是否超出区域总数的一半;若是,确定全局估计状态;若否,不进行全局状态估计。According to one aspect of the embodiments of this article, determining the global estimated state includes: determining whether the number of areas not subject to network attacks exceeds half of the total number of areas; if so, determining the global estimated state; if not, not performing global state estimation.

本文实施例还公开了一种直流微电网网络攻击检测与全局状态估计装置,所述装置包括:初始确定单元,用于根据直流微电网内所有区域的降压换流器在初始时刻的状态向量,确定初始全局状态向量及初始协方差矩阵,所述初始全局状态向量为初始时刻的全局状态向量;Embodiments of this article also disclose a DC microgrid network attack detection and global state estimation device. The device includes: an initial determination unit for determining the state vector of the buck converters in all areas of the DC microgrid at the initial moment. , determine the initial global state vector and the initial covariance matrix, where the initial global state vector is the global state vector at the initial moment;

当前确定单元,用于根据所述初始全局状态向量、所述初始协方差矩阵、初始时刻所有区域的输入向量、当前时刻区域状态观测向量,确定当前时刻区域估计状态向量,其中,所述当前时刻区域状态观测向量中的元素为各区域降压换流器的输出电压、各区域所受噪声信号及所受网络攻击信号之和;网络攻击确定单元,用于根据当前时刻区域估计状态向量,确定直流微电网内未受到网络攻击的区域;更新单元,用于利用未受到网络攻击的区域的区域估计状态向量,更新所述初始全局状态向量,得到更新后的全局估计状态;迭代计算单元,用于将当前时刻作为初始时刻,根据更新后的全局估计状态,迭代计算下一时刻各区域的区域估计状态向量。The current determination unit is configured to determine the regional estimated state vector at the current moment based on the initial global state vector, the initial covariance matrix, the input vectors of all regions at the initial moment, and the regional state observation vector at the current moment, wherein the current moment The elements in the regional state observation vector are the sum of the output voltage of the step-down converter in each region, the noise signal received by each region, and the network attack signal received; the network attack determination unit is used to estimate the state vector according to the current moment of the region, and determine Areas within the DC microgrid that have not been attacked by the network; an update unit, used to update the initial global state vector using the regional estimated state vector of the area that has not been attacked by the network, to obtain an updated global estimated state; an iterative calculation unit, with Taking the current moment as the initial moment, based on the updated global estimated state, iteratively calculates the regional estimated state vector of each region at the next moment.

本文实施例还提供了一种计算机设备,所述计算机设备包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现所述直流微电网网络攻击检测与全局状态估计方法。The embodiments of this article also provide a computer device. The computer device includes a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the computer program, the DC Microgrid network attack detection and global state estimation method.

本说明书实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现所述直流微电网网络攻击检测与全局状态估计方法。Embodiments of this specification also provide a computer-readable storage medium that stores a computer program. When the computer program is executed by a processor, the DC microgrid network attack detection and global state estimation method is implemented. .

本文实施例检测网络攻击的具体情况,分析多次网络攻击发生时的具体受攻击区域并提供准确的健康状态估计,具有实用价值。The embodiment of this article detects the specific situation of network attacks, analyzes the specific attacked areas when multiple network attacks occur, and provides accurate health status estimates, which has practical value.

附图说明Description of the drawings

为了更清楚地说明本文实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本文的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of this article or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings in the following description are only For some embodiments of this article, those of ordinary skill in the art can also obtain other drawings based on these drawings without exerting creative efforts.

图1所示为本文实施例一种直流微电网网络攻击检测与全局状态估计方法的流程图;Figure 1 shows a flow chart of a DC microgrid network attack detection and global state estimation method according to the embodiment of this article;

图2所示为本文实施例一种确定当前时刻的区域估计状态的方法流程图;Figure 2 shows a flow chart of a method for determining the regional estimation status at the current moment according to an embodiment of this article;

图3所示为本文实施例一种确定未受到网络攻击的区域的方法流程图;Figure 3 shows a flow chart of a method for determining areas not subject to network attacks according to an embodiment of this article;

图4所示为本文实施例一种确定区域所受网络攻击次数的方法流程图;Figure 4 shows a flow chart of a method for determining the number of network attacks in an area according to an embodiment of this article;

图5所示为本文实施例一种确定全局估计状态的方法流程图;Figure 5 shows a flow chart of a method for determining the global estimated state according to the embodiment of this article;

图6所示为本文实施例一种直流微电网网络攻击检测与全局状态估计装置的结构示意图;Figure 6 shows a schematic structural diagram of a DC microgrid network attack detection and global state estimation device according to the embodiment of this article;

图7所示为本文实施例直流微电网网络攻击检测与全局状态估计系统的示意图;Figure 7 shows a schematic diagram of the DC microgrid network attack detection and global state estimation system according to the embodiment of this article;

图8所示为本文实施例一种计算机设备的结构示意图。Figure 8 shows a schematic structural diagram of a computer device according to an embodiment of this article.

附图符号说明:Explanation of drawing symbols:

601、初始确定单元;601. Initial determination unit;

602、当前确定单元;602. Current determined unit;

603、网络攻击确定单元;603. Network attack determination unit;

604、更新单元;604. Update unit;

605、迭代计算单元;605. Iterative calculation unit;

802、计算机设备;802. Computer equipment;

804、处理器;804, processor;

806、存储器;806. Memory;

808、驱动机构;808. Driving mechanism;

810、输入/输出模块;810. Input/output module;

812、输入设备;812. Input device;

814、输出设备;814. Output device;

816、呈现设备;816. Presentation equipment;

818、图形用户接口;818. Graphical user interface;

820、网络接口;820. Network interface;

822、通信链路;822. Communication link;

824、通信总线。824, communication bus.

具体实施方式Detailed ways

为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本文实施例中的附图,对本文实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本文一部分实施例,而不是全部的实施例。基于本文中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本文保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this document will be clearly and completely described below in conjunction with the drawings in the embodiments of this document. Obviously, the described implementation The examples are only part of the embodiments herein, but not all of the embodiments. Based on the embodiments in this article, all other embodiments obtained by those of ordinary skill in the art without creative efforts fall within the scope of protection in this article.

需要说明的是,本文的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本文的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、装置、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms “first”, “second”, etc. in the description, claims and above-mentioned drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It is to be understood that the data so used are interchangeable under appropriate circumstances so that the embodiments described herein can be practiced in sequences other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions, for example, a process, method, apparatus, product or equipment that includes a series of steps or units and need not be limited to those explicitly listed. Those steps or elements may instead include other steps or elements not expressly listed or inherent to the process, method, product or apparatus.

本说明书提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的劳动可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的系统或装置产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行。This specification provides method operation steps as described in the examples or flow charts, but more or less operation steps may be included based on routine or non-inventive efforts. The sequence of steps listed in the embodiment is only one way of executing the sequence of many steps, and does not represent the only execution sequence. When the actual system or device product is executed, the methods shown in the embodiments or drawings may be executed sequentially or in parallel.

需要说明的是,本文的直流微电网网络攻击检测与全局状态估计方法可用于电力技术领域,也可用于通信安全领域,本文对方法及装置的应用领域不做限定。It should be noted that the DC microgrid network attack detection and global state estimation methods in this article can be used in the field of power technology and communication security. This article does not limit the application fields of the methods and devices.

图1所示为本文实施例一种直流微电网网络攻击检测与全局状态估计的方法流程图,具体包括如下步骤:Figure 1 shows a flow chart of a DC microgrid network attack detection and global state estimation method according to the embodiment of this article, which specifically includes the following steps:

步骤101,根据直流微电网内所有区域的降压换流器在初始时刻的状态向量,确定初始全局状态向量及初始协方差矩阵,所述初始全局状态向量为初始时刻的全局状态向量。Step 101: Determine the initial global state vector and the initial covariance matrix based on the state vectors of the buck converters in all areas of the DC microgrid at the initial moment. The initial global state vector is the global state vector at the initial moment.

在本说明书实施例中,直流微电网内所有区域中的每一区域具有降压换流器。直流微电网中每一个区域的降压换流器在初始时刻的状态向量可以由表示。其中,i表示第i个区域,k表示当前时刻为第k个时刻,在本说明书实施例中第k个时刻表示为初始时刻。其中,初始时刻的状态向量可以理解为初始时刻每一区域输出的电信号,包括:降压换流器的输出电压和输出电流。In the embodiment of this description, each of all areas within the DC microgrid has a step-down converter. The state vector of the buck converter in each area of the DC microgrid at the initial moment can be expressed by express. Among them, i represents the i- th area, k represents the current time as the k-th time, and in the embodiment of this specification, the k -th time is represented as the initial time. Among them, the state vector at the initial moment can be understood as the electrical signal output by each area at the initial moment, including: the output voltage and output current of the buck converter.

在本说明书的一些实施例中,对整体直流微电网设计直流微电网全局状态估计器及网络攻击检测定位器,另外对直流微电网中的每个区域设计局部状态估计器,多个局部状态估计器在各区域内依次平行分布。其中,全局状态估计器、攻击检测定位器与所有局部状态估计器相连。各区域的局部状态估计器基于其他区域的输出信号对本区域进行非线性的区域状态估计,从而获得各区域的区域估计状态。In some embodiments of this specification, a DC microgrid global state estimator and a network attack detection locator are designed for the overall DC microgrid, and a local state estimator is designed for each area in the DC microgrid. Multiple local state estimators The devices are distributed in parallel in each area. Among them, the global state estimator and attack detection locator are connected to all local state estimators. The local state estimator of each region performs nonlinear regional state estimation of this region based on the output signals of other regions, thereby obtaining the regional estimated state of each region.

在本说明书实施例中,各区域在初始时刻的状态向量可以作为所有区域的全局状态估计器的输入。In the embodiment of this specification, the state vector of each region at the initial moment Can be used as input to the global state estimator for all regions.

从直流微电网的全局状态估计器,直接获取k时刻的全局估计状态向量及其协方差矩阵/>。基于当前时刻k时刻的上一时刻k-1时刻的局部状态估计器的结合,可以计算得到k时刻第i个区域的初始区域估计状态向量/>及估计协方差矩阵/>。详细计算方法见图2描述。Directly obtain the global estimated state vector at time k from the global state estimator of the DC microgrid and its covariance matrix/> . Based on the combination of the local state estimators at the current time k and the previous time k-1 , the initial regional estimated state vector of the i- th region at time k can be calculated/> and estimated covariance matrix/> . The detailed calculation method is described in Figure 2.

步骤102,根据所述初始全局状态向量、所述初始协方差矩阵、初始时刻所有区域的输入向量、当前时刻区域状态观测向量,确定当前时刻区域估计状态向量,其中,所述当前时刻区域状态观测向量中的元素为各区域降压换流器的输出电压、各区域所受噪声信号及所受网络攻击信号之和。Step 102: Determine the regional estimated state vector at the current moment based on the initial global state vector, the initial covariance matrix, the input vectors of all regions at the initial moment, and the regional state observation vector at the current moment, where the regional state observation at the current moment The elements in the vector are the sum of the output voltage of the buck converter in each area, the noise signal received by each area, and the network attack signal received.

在本说明书一些实施例中,初始时刻所有区域的输入向量由U表示。第i个区域局部状态估计器的区域输入向量由表示。当前时刻区域状态观测向量由Z表示,。其中,M表示区域总数量。可以直接从直流微电网中收集到当前时刻的区域状态观测向量。进一步根据区域状态观测向量,计算区域状态向量。In some embodiments of this specification, the input vectors of all areas at the initial moment are represented by U. The regional input vector of the i- th regional local state estimator is given by express. The regional state observation vector at the current moment is represented by Z , . Among them, M represents the total number of areas. The regional state observation vector at the current moment can be collected directly from the DC microgrid. Further, the regional state vector is calculated based on the regional state observation vector.

在本说明书实施例中,当前时刻区域状态观测向量中的元素为各区域降压换流器的输出电压、各区域所受噪声信号及所受网络攻击信号之和。可由如下公式表示: ,其中,/>表示第i个区域的测量输出信号;/>表示第i个区域所受到的外界噪声;/>表示第i个区域所受到的网络攻击q。本步骤关于确定当前时刻区域估计状态的具体描述见图2。In the embodiment of this specification, the elements in the regional state observation vector at the current moment are the sum of the output voltage of the buck converter in each region, the noise signal received by each region, and the network attack signal received. It can be expressed by the following formula: , where,/> Represents the measurement output signal of the i- th area;/> Indicates the external noise received by the i- th area;/> Indicates the network attack q suffered by the i -th area. The specific description of this step on determining the current regional estimation status is shown in Figure 2.

步骤103,根据当前时刻区域估计状态向量,确定直流微电网内未受到网络攻击的区域。本步骤中,根据各区域的区域估计状态,确定当前时刻各区域的攻击特征值,并根据攻击特征值确定该区域与平均区域状态向量的偏离程度,进一步确定该区域是否遭受网络攻击。关于步骤103的具体描述详见图3描述。Step 103: Determine the area within the DC microgrid that is not subject to network attacks based on the current regional estimated state vector. In this step, based on the regional estimated status of each region, the attack characteristic value of each region at the current moment is determined, and the deviation degree of the region from the average regional status vector is determined based on the attack characteristic value to further determine whether the region is subject to a network attack. For a detailed description of step 103, see the description in Figure 3 .

步骤104,利用未受到网络攻击的区域的区域估计状态向量,更新所述初始全局状态向量,得到更新后的全局估计状态。未收到网络攻击的区域的区域估计状态向量较为准确,因此利用这种健康区域的区域估计状态向量更新下一时刻的初始全局向量,得到更新后的全局估计状态。Step 104: Update the initial global state vector using the regional estimated state vector of the area that has not been attacked by the network to obtain an updated global estimated state. The regional estimated state vector of an area that has not received a network attack is more accurate. Therefore, the regional estimated state vector of this healthy area is used to update the initial global vector at the next moment to obtain the updated global estimated state.

步骤105,将当前时刻作为初始时刻,根据更新后的全局估计状态,迭代计算下一时刻各区域的区域估计状态向量。Step 105: Using the current time as the initial time, iteratively calculate the regional estimated state vector of each region at the next time based on the updated global estimated state.

根据此更新后的直流微电网的全局估计状态,计算下一时刻各区域的区域估计状态,考虑到各区域测量输出信号时可能采取不完全相同的传感器,因此测量输出信号会具有不同的噪声特性、可靠性水平以及测量精度,因此本步骤引入各区域信息权重因子以准确评估各区域局部状态估计器的局部状态向量。Based on the updated global estimated state of the DC microgrid, calculate the regional estimated state of each region at the next moment. Considering that each region may use different sensors when measuring the output signal, the measured output signal will have different noise characteristics. , reliability level and measurement accuracy, so this step introduces the information weight factor of each region to accurately evaluate the local state vector of the local state estimator in each region.

具体使用如下公式确定下一时刻的区域估计状态。 Specifically, the following formula is used to determine the regional estimated state at the next moment.

其中,表示k时刻的各区域信息权重因子,M表示区域总数量。当各区域负责测量输出信号的传感器性能相同时,/>M表示区域总数量。in, represents the information weight factor of each region at time k , and M represents the total number of regions. When the performance of the sensors responsible for measuring output signals in each area is the same,/> , M represents the total number of areas.

图2所示为本文实施例一种确定当前时刻的区域估计状态的方法流程图,具体包括如下步骤:Figure 2 shows a flow chart of a method for determining the regional estimation status at the current moment according to an embodiment of this article, which specifically includes the following steps:

步骤201,根据初始全局状态向量及初始协方差矩阵,确定初始区域估计状态向量及估计协方差矩阵。在本说明书的一些实施例中,例如如下公式确定初始区域估计状态向量及估计协方差矩阵:Step 201: Determine the initial regional estimated state vector and estimated covariance matrix based on the initial global state vector and initial covariance matrix. In some embodiments of this specification, the initial regional estimated state vector and estimated covariance matrix are determined by, for example, the following formula:

,其中,/>表示k时刻的各区域信息权重因子,当各区域负责测量输出信号的传感器性能相同时,/>;/>表示k时刻第i个区域的初始区域估计状态向量;/>表示k时刻的全局状态估计状态向量;/>表示k时刻第i个区域的初始区域估计状态向量的协方差矩阵;N为一数组,表示智能直流微电网的所有区域序号;A为一数组,表示当前时刻智能直流微电网受到网络攻击的区域序号。 , where,/> Represents the information weight factor of each area at time k . When the performance of the sensors responsible for measuring the output signal in each area is the same,/> ;/> Represents the initial regional estimated state vector of the i- th region at time k ;/> Represents the global state estimation state vector at time k ;/> Represents the covariance matrix of the initial regional estimated state vector of the i- th region at time k ; N is an array, indicating the serial numbers of all regions of the smart DC microgrid; A is an array, indicating the areas where the smart DC microgrid is under network attack at the current moment serial number.

步骤202,根据所述初始区域估计状态向量及估计协方差矩阵,利用容积点计算第一区域估计状态向量及第一估计协方差矩阵。前述步骤确定的初始区域估计状态向量为预测得到的区域估计状态向量,该值并不是完全真实的区域状态向量。因此在本步骤中,根据如下公式确定第一区域估计状态向量及第一估计协方差矩阵:Step 202: Calculate the first regional estimated state vector and the first estimated covariance matrix using volume points based on the initial regional estimated state vector and estimated covariance matrix. The initial regional estimated state vector determined in the previous steps is the predicted regional estimated state vector, which is not a completely real regional state vector. Therefore, in this step, the first regional estimated state vector and the first estimated covariance matrix are determined according to the following formula:

;

其中,表示k+1时刻第i个区域的区域状态向量的先验预测向量,即为所述第一区域估计状态向量、/>表示k+1时刻第i个区域的区域状态向量的先验预测误差的协方差矩阵,为所述第一估计协方差矩阵;/>表示容积点;m为所有容积点个数,此取m =4;/>表示第/>个容积点;/>表示单位矩阵;/>为/>的方差矩阵;/>表示k时刻第i个区域的初始区域估计状态向量;/>表示k时刻第i个区域的初始区域估计状态向量的协方差矩阵。in, The prior prediction vector representing the regional state vector of the i- th region at time k+1 is the first regional estimated state vector,/> The covariance matrix representing the a priori prediction error of the regional state vector of the i -th region at time k+1 is the first estimated covariance matrix;/> Represents the volume point; m is the number of all volume points, which is m =4 ;/> Indicates the first/> volume points;/> Represents the identity matrix;/> for/> The variance matrix;/> Represents the initial regional estimated state vector of the i- th region at time k ;/> Represents the covariance matrix of the initial regional estimated state vector of the i -th region at time k .

步骤203,根据第一区域估计状态向量及第一估计协方差矩阵及卡尔曼滤波算法,确定当前时刻区域估计状态向量及当前时刻估计协方差矩阵。Step 203: Determine the current regional estimated state vector and the current estimated covariance matrix based on the first regional estimated state vector, the first estimated covariance matrix and the Kalman filter algorithm.

在本说明书实施例中,利用如下公式确定当前时刻区域估计状态向量及当前时刻估计协方差矩阵:In the embodiment of this specification, the following formula is used to determine the current time regional estimated state vector and the current time estimated covariance matrix:

;

其中,表示k+1时刻第i个区域局部状态估计器的区域状态观测向量的先验预测向量;/>表示k+1时刻第i个区域的区域状态向量,即为当前时刻区域估计状态向量,/>表示k+1时刻第i个区域的区域状态向量的协方差矩阵,即为当前时刻估计协方差矩阵;/>为卡尔曼增益,/>表示局部状态向量与局部状态观测向量的关系矩阵。in, Represents the prior prediction vector of the regional state observation vector of the i- th regional local state estimator at time k+1 ;/> Represents the regional state vector of the i- th region at time k+1 , which is the regional estimated state vector at the current time,/> Represents the covariance matrix of the regional state vector of the i -th region at time k+1 , which is the estimated covariance matrix at the current time;/> is the Kalman gain,/> Represents the relationship matrix between the local state vector and the local state observation vector.

图3所示为本文实施例一种确定未受到网络攻击的区域的方法流程图,具体包括如下步骤:Figure 3 shows a flow chart of a method for determining areas not subject to network attacks according to the embodiment of this article, which specifically includes the following steps:

步骤301,根据各区域的区域估计状态,确定当前时刻各区域的攻击特征值。在本说明书实施例中,攻击特征值可以体现网络攻击对不同区域的影响。本步骤可以根据各区域的区域估计状态计算各区域的攻击特征值。攻击特征值表示区域遭受的攻击与所有区域的平均区域状态的偏差程度。其中,攻击特征值越大、偏差程度越大,说明区域遭受攻击造成的影响越大;反之,攻击特征值越小、偏差程度越小,区域遭受攻击导致的变化越小。在本步骤中,根据如下公式计算各区域的攻击特征值。Step 301: Determine the attack characteristic value of each area at the current time based on the area estimation status of each area. In the embodiment of this specification, attack characteristic values can reflect the impact of network attacks on different areas. This step can calculate the attack characteristic value of each area based on the regional estimation status of each area. The attack characteristic value represents the deviation of the attack suffered by the area from the average area status of all areas. Among them, the larger the attack characteristic value and the greater the degree of deviation, the greater the impact caused by the area being attacked; conversely, the smaller the attack characteristic value and the smaller the degree of deviation, the smaller the change caused by the area being attacked. In this step, the attack characteristic value of each area is calculated according to the following formula.

;

表示k+1时刻(也即为,下一时刻)第i个区域的攻击特征值;/>表示所有局部状态估计器的平均区域状态向量;W为权重矩阵,用于调整各区域局部状态估计器的局部状态的重要性。 Indicates the attack characteristic value of the i - th area at k+1 time (that is, the next time);/> Represents the average regional state vector of all local state estimators; W is a weight matrix, used to adjust the importance of the local state of each regional local state estimator.

步骤302,确定所述攻击特征值与区域估计状态的平均区域状态向量的偏差程度。根据攻击特征值的大小,确定偏差程度。Step 302: Determine the degree of deviation between the attack characteristic value and the average regional state vector of the regional estimated state. The degree of deviation is determined based on the size of the attack characteristic value.

步骤303,将偏差程度超过预设阈值的区域,确定为受到网络攻击的区域。本说明书实例中,根据偏差程度与攻击特征值的大小,设置用于确定是否属于网路攻击区域的预设阈值。若根据攻击特征值计算得到的偏差程度大于预设阈值,说明该区域遭受网络攻击。Step 303: Determine areas where the degree of deviation exceeds a preset threshold as areas subject to network attacks. In the example of this manual, based on the degree of deviation and the size of the attack characteristic value, a preset threshold is set to determine whether it belongs to the network attack area. If the deviation calculated based on the attack characteristic value is greater than the preset threshold, it means that the area is subject to a network attack.

步骤304,将偏差程度小于或等于预设阈值的区域,确定为未受到网络攻击的区域。若根据攻击特征值计算得到的偏差程度小于预设阈值,说明该区域未遭受网络攻击。Step 304: Determine areas where the degree of deviation is less than or equal to a preset threshold as areas not subject to network attacks. If the deviation calculated based on the attack characteristic value is less than the preset threshold, it means that the area has not been attacked by a network.

图4所示为本文实施例一种确定区域所受网络攻击次数的方法流程图,具体包括如下步骤:Figure 4 shows a flow chart of a method for determining the number of network attacks in an area according to an embodiment of this article, which specifically includes the following steps:

步骤401,对所述当前时刻各区域的攻击特征值进行聚类分析,得到聚类集群。Step 401: Perform cluster analysis on the attack characteristic values of each area at the current moment to obtain cluster clusters.

本步骤中,使用模糊c均值聚类算法,对当前时刻各区域的攻击特征值进行处理,从而检测各区域的网络攻击情况。其中,分析确定各区域遭受攻击的次数及遭受网络攻击的类型,从而对不同的区域进行聚类。In this step, the fuzzy c-means clustering algorithm is used to process the attack characteristic values of each area at the current moment, thereby detecting the network attacks in each area. Among them, the analysis determines the number of attacks and types of network attacks in each area, thereby clustering different areas.

具有的,构建目标函数,通过最小化目标函数以完成聚类。对隶属度进行随机初始化,计算当前隶属度所对应的聚类集群中心,并迭代计算隶属度与该隶属度所对应的聚类集群中心,直到满足聚类结束条件。其中,目标函数的公式表达式如下:With, construct an objective function and complete clustering by minimizing the objective function. Randomly initialize the membership degree, calculate the cluster center corresponding to the current membership degree, and iteratively calculate the membership degree and the cluster center corresponding to the membership degree until the clustering end condition is met. Among them, the formula expression of the objective function is as follows:

;

其中,为隶属度;/>为聚类集群数;/>表示第j个聚类集群中心,M为区域总数量,/>表示k+1时刻第i个区域的攻击特征值。in, is the degree of membership;/> is the number of clusters;/> Represents the jth cluster center, M is the total number of regions,/> Indicates the attack characteristic value of the i- th area at time k+1 .

聚类集群中心计算公式如下表示:The calculation formula of cluster center is as follows:

;/>表示第b个聚类集群中心; ;/> Represents the bth cluster center;

其中,隶属度迭代公式如下表示:Among them, the membership iteration formula is expressed as follows:

;/>表示第j个聚类集群中心,/>表示第b个聚类集群中心;聚类结束的条件公式如下表示: ;/> Represents the jth cluster center,/> Represents the bth cluster center; the conditional formula for the end of clustering is as follows:

,/>表示第t次迭代后的目标函数;/>为聚类结束阈值。 ,/> Represents the objective function after the t -th iteration;/> is the clustering end threshold.

步骤402,根据所述聚类集群的数量、集群内各攻击特征值对应的区域,确定区域所受网络攻击的次数。Step 402: Determine the number of network attacks in the area based on the number of clusters and the areas corresponding to each attack characteristic value in the cluster.

本说明书实施例中,对各区域攻击特征值进行聚类分析之后,可以获得个聚类集群。聚类得到的集群数量可以反映区域遭受网络攻击的次数。其中,聚类集群中心最小的聚类集群为安全集群,该集群的攻击特征值的偏差程度最小。该安全集群中的各攻击特征值所对应的区域即为未遭受网络攻击的安全区域,则此时该智能微电网在当前时刻所受到的网络攻击次数为In the embodiment of this specification, after performing cluster analysis on the attack characteristic values of each area, a cluster cluster can be obtained. The number of clusters obtained by clustering can reflect the number of cyber attacks in a region. Among them, the cluster with the smallest cluster center is the safe cluster, and the attack characteristic value of this cluster has the smallest deviation. The area corresponding to each attack characteristic value in the security cluster is the security area that has not suffered network attacks. At this time, the number of network attacks suffered by the smart microgrid at the current moment is .

例如,聚类集群的数量为5,则受到4次网络攻击。进一步的,根据攻击特征值可以确定不同区域遭受的网络攻击是否为同一类型。除了安全集群之外,其它每一聚类集群各自代表了一次网络攻击,同一聚类集群内的各攻击特征值所对应的区域即为遭受同一次攻击的各个区域。将当前时刻受到网络攻击的各区域序号由数组A表示,将当前时刻受到网络攻击的区域数量可以由a表示。For example, if the number of clusters is 5, it is subject to 4 network attacks. Furthermore, based on the attack characteristic values, it can be determined whether the network attacks suffered by different areas are of the same type. Except for the security cluster, each other cluster represents a network attack. The areas corresponding to each attack characteristic value in the same cluster are the areas that have suffered the same attack. The serial number of each area under network attack at the current moment is represented by the array A , and the number of areas under network attack at the current moment can be represented by a .

在本说明书实施例中,攻击检测定位器分析得到的受攻击区域的序号以及受到网络攻击的区域的数量。进一步隔离因遭受网络攻击而产生误差的局部状态估计器,并接收未遭受网络攻击的安全区域的局部状态估计器在步骤203中估计得到的区域状态向量及其协方差矩阵。In the embodiment of this specification, the attack detection locator analyzes the sequence number of the area under attack and the number of areas under network attack. Further isolate the local state estimator that produces errors due to network attacks, and receive the regional state vector and its covariance matrix estimated in step 203 by the local state estimator of the safe area that has not suffered network attacks.

本说明书的一些实施例中,利用未受到网络攻击的区域的区域估计状态,更新初始全局状态向量。具体的利用如下公式,确定更新的全局估计状态:In some embodiments of this specification, the initial global state vector is updated using the regional estimated state of the area not subject to network attacks. Specifically, the following formula is used to determine the updated global estimated state:

;

其中,A表示受到攻击的区域的序号,N为包括直流微电网所有区域的序号的数组,则N-A表示未遭受网络攻击的区域的序号;表示当前时刻区全局估计向量,/>表示当前时刻全局估计向量的协方差矩阵。本说明书实施例通过检测网络攻击的具体情况,分析多次网络攻击发生时的具体受攻击区域并提供准确的健康状态估计。Among them, A represents the serial number of the area under attack, N is an array including the serial numbers of all areas of the DC microgrid, then NA represents the serial number of the area that has not been attacked by the network; Represents the global estimation vector of the current time zone,/> Represents the covariance matrix of the global estimated vector at the current moment. The embodiments of this specification detect the specific circumstances of network attacks, analyze the specific attacked areas when multiple network attacks occur, and provide accurate health status estimates.

图5所示为本文实施例一种确定全局估计状态的方法流程图,具体包括如下步骤:Figure 5 shows a flow chart of a method for determining the global estimated state according to the embodiment of this article, which specifically includes the following steps:

步骤501,判断未受到网络攻击的区域的数量是否超出区域总数的一半。判断未遭受网络攻击的区域的数量N-a,与0.5M的大小关系。Step 501: Determine whether the number of areas not subject to network attacks exceeds half of the total number of areas. Determine the number of areas Na that are not subject to network attacks, and its relationship with the size of 0.5 M.

步骤502,若是,确定全局估计状态。在本步骤中,当遭受网络攻击的区域的数量少于总区域数量M的一半,则全局状态估计器接收到的各区域的局部状态估计器的区域状态向量及其协方差矩阵信息足够充分,从而可以计算获得智能直流微电网的全局估计状态。Step 502, if yes, determine the global estimated state. In this step, when the number of areas subject to network attacks is less than half of the total number of areas M , the regional state vector and its covariance matrix information of the local state estimator of each area received by the global state estimator is sufficient, In this way, the global estimated state of the smart DC microgrid can be calculated and obtained.

步骤503,若否,不进行全局状态估计。当遭受攻击的区域数大于或等于总区域数的一半,即时,则全局状态估计器所接收到的各局部状态估计器的局部状态向量及其协方差矩阵信息数量较少,无法充分计算获得智能直流微电网的全局估计状态;Step 503, if not, no global state estimation is performed. When the number of areas under attack is greater than or equal to half of the total number of areas, that is When , the number of local state vectors and their covariance matrix information of each local state estimator received by the global state estimator is small, and the global estimated state of the smart DC microgrid cannot be fully calculated;

如图6所示为本文实施例一种直流微电网网络攻击检测与全局状态估计装置的结构示意图,在本图中描述了直流微电网网络攻击检测与全局状态估计装置的基本结构,其中的功能单元、模块可以采用软件方式实现,也可以采用通用芯片或者特定芯片实现直流微电网网络攻击检测与全局状态估计,该直流微电网网络攻击检测与全局状态估计装置具体包括:Figure 6 is a schematic structural diagram of a DC microgrid network attack detection and global state estimation device according to the embodiment of this article. This figure describes the basic structure of the DC microgrid network attack detection and global state estimation device, and its functions Units and modules can be implemented in software, or general chips or specific chips can be used to implement DC microgrid network attack detection and global state estimation. The DC microgrid network attack detection and global state estimation device specifically includes:

初始确定单元601,用于根据直流微电网内所有区域的降压换流器在初始时刻的状态向量,确定初始全局状态向量及初始协方差矩阵,所述初始全局状态向量为初始时刻的全局状态向量;The initial determination unit 601 is used to determine the initial global state vector and the initial covariance matrix based on the state vectors of the step-down converters in all areas of the DC microgrid at the initial moment. The initial global state vector is the global state at the initial moment. vector;

当前确定单元602,用于根据所述初始全局状态向量、所述初始协方差矩阵、初始时刻所有区域的输入向量、当前时刻区域状态观测向量,确定当前时刻区域估计状态 向量,其中,所述当前时刻区域状态观测向量中的元素为各区域降压换流器的输出电压、各区域所受噪声信号及所受网络攻击信号之和;The current determination unit 602 is configured to determine the current regional estimated state vector according to the initial global state vector, the initial covariance matrix, the input vectors of all regions at the initial time, and the current regional state observation vector, wherein the current The elements in the moment-to-moment regional state observation vector are the sum of the output voltage of the buck converter in each region, the noise signal received by each region, and the network attack signal received;

网络攻击确定单元603,用于根据当前时刻区域估计状态向量,确定直流微电网内未受到网络攻击的区域;The network attack determination unit 603 is used to determine the area in the DC microgrid that is not subject to network attacks based on the current regional estimation state vector;

更新单元604,用于利用未受到网络攻击的区域的区域估计状态向量,更新所述初始全局状态向量,得到更新后的全局估计状态;The update unit 604 is configured to update the initial global state vector using the regional estimated state vector of the area not subject to network attacks to obtain the updated global estimated state;

迭代计算单元605,用于将当前时刻作为初始时刻,根据更新后的全局估计状态,迭代计算下一时刻各区域的区域估计状态向量。The iterative calculation unit 605 is configured to use the current time as the initial time, and iteratively calculate the regional estimated state vector of each region at the next time based on the updated global estimated state.

本说明书实施例适用于包含非线性负载的智能直流微电网这样的非线性系统,无需对非线性方程进行线性化,减轻了在线计算负担;本方案采用多滤波器平行布置的方式,避免单个容积卡尔曼滤波器降噪能力弱的缺点,达到了更好的降噪效果,减轻了噪声对最终全局估计状态的影响;通过加权2范数基于残差计算攻击特征值,对攻击造成的状态变化检测更加敏感,加强了检测的成功率;通过聚类方法排除了被攻击估计,并引入了各区域信息权重因子以体现不同区域传感器的可靠性,提高了全局状态估计的准确性;可以检测网络攻击的具体情况,分析多次网络攻击发生时的具体受攻击区域并提供准确的健康状态估计,具有实用价值。The embodiments of this specification are suitable for nonlinear systems such as smart DC microgrids containing nonlinear loads. There is no need to linearize the nonlinear equations, which reduces the burden of online calculations. This solution uses multiple filters arranged in parallel to avoid the need for a single volume. The Kalman filter has the disadvantage of weak noise reduction ability, achieving better noise reduction effect and reducing the impact of noise on the final global estimated state; calculating the attack eigenvalue based on the residual through the weighted 2 norm, reducing the state changes caused by the attack The detection is more sensitive and the success rate of detection is enhanced; the attack estimation is eliminated through the clustering method, and each regional information weight factor is introduced to reflect the reliability of sensors in different regions, improving the accuracy of global state estimation; it can detect the network The specific circumstances of the attack, analyzing the specific attacked areas when multiple network attacks occurred, and providing accurate health status estimates are of practical value.

图7所示为本文实施例直流微电网网络攻击检测与全局状态估计系统的示意图。图中,直流微电网内有多个区域,分别为区域1、区域2、区域i……区域M。每一区域内包括直流电源、降压换流器及非线性负载。降压换流器具有电容、电感与电阻等参数、区域内的非线性负载包括电阻、恒定功率。该系统中包括一个全局状态估计器及网络攻击检测定位器,直流微电网中的每个区域具有一个局部状态估计器。全局状态估计器、攻击检测定位器与所有局部状态估计器相连。Figure 7 shows a schematic diagram of the DC microgrid network attack detection and global state estimation system according to the embodiment of this article. In the figure, there are multiple areas in the DC microgrid, namely area 1, area 2, area i ...area M. Each area includes DC power supplies, step-down converters and non-linear loads. The buck converter has parameters such as capacitance, inductance and resistance, and the nonlinear load in the area includes resistance and constant power. The system includes a global state estimator and a network attack detection locator, and each area in the DC microgrid has a local state estimator. The global state estimator and attack detection locator are connected to all local state estimators.

具体的,各区域的局部状态估计器输出上一时刻各区域的初始状态向量,作为全局状态估计器的输入信号。全局状态估计器输出返回给局部状态估计器,用于计算下一时刻的区域状态估计。Specifically, the local state estimator of each region outputs the initial state vector of each region at the previous moment as the input signal of the global state estimator. The output of the global state estimator is returned to the local state estimator, which is used to calculate the regional state estimate at the next moment.

如图8所示,为本文实施例提供的一种计算机设备。本申请所述直流微电网网络攻击检测与全局状态估计方法可以应用于所述计算机设备。所述计算机设备802可以包括一个或多个处理器804,诸如一个或多个中央处理单元(CPU),每个处理单元可以实现一个或多个硬件线程。计算机设备802还可以包括任何存储器806,其用于存储诸如代码、设置、数据等之类的任何种类的信息。非限制性的,比如,存储器806可以包括以下任一项或多种组合:任何类型的RAM,任何类型的ROM,闪存设备,硬盘,光盘等。更一般地,任何存储器都可以使用任何技术来存储信息。进一步地,任何存储器可以提供信息的易失性或非易失性保留。进一步地,任何存储器可以表示计算机设备802的固定或可移除部件。在一种情况下,当处理器804执行被存储在任何存储器或存储器的组合中的相关联的指令时,计算机设备802可以执行相关联指令的任一操作。计算机设备802还包括用于与任何存储器交互的一个或多个驱动机构808,诸如硬盘驱动机构、光盘驱动机构等。As shown in Figure 8, it is a computer device provided by the embodiment of this article. The DC microgrid network attack detection and global state estimation methods described in this application can be applied to the computer equipment. The computer device 802 may include one or more processors 804, such as one or more central processing units (CPUs), each of which may implement one or more hardware threads. Computer device 802 may also include any memory 806 for storing any kind of information such as code, settings, data, and the like. Without limitation, for example, the memory 806 may include any one or more combinations of the following: any type of RAM, any type of ROM, flash memory device, hard disk, optical disk, etc. More generally, any memory can use any technology to store information. Further, any memory can provide volatile or non-volatile retention of information. Further, any memory may represent a fixed or removable component of computer device 802. In one instance, when processor 804 executes associated instructions stored in any memory or combination of memories, computer device 802 may perform any operation of the associated instructions. The computer device 802 also includes one or more drive mechanisms 808 for interacting with any memory, such as a hard disk drive, an optical disk drive, and the like.

计算机设备802还可以包括输入/输出模块810(I/O),其用于接收各种输入(经由输入设备812)和用于提供各种输出(经由输出设备814)。一个具体输出机构可以包括呈现设备816和相关联的图形用户接口(GUI)818。在其他实施例中,还可以不包括输入/输出模块810(I/O)、输入设备812以及输出设备814,仅作为网络中的一台计算机设备。计算机设备802还可以包括一个或多个网络接口820,其用于经由一个或多个通信链路822与其他设备交换数据。一个或多个通信总线824将上文所描述的部件耦合在一起。Computer device 802 may also include an input/output module 810 (I/O) for receiving various inputs (via input device 812) and for providing various outputs (via output device 814). One particular output mechanism may include a presentation device 816 and an associated graphical user interface (GUI) 818. In other embodiments, the input/output module 810 (I/O), the input device 812 and the output device 814 may not be included, and may only be used as a computer device in the network. Computer device 802 may also include one or more network interfaces 820 for exchanging data with other devices via one or more communication links 822 . One or more communication buses 824 couple together the components described above.

通信链路822可以以任何方式实现,例如,通过局域网、广域网(例如,因特网)、点对点连接等、或其任何组合。通信链路822可以包括由任何协议或协议组合支配的硬连线链路、无线链路、路由器、网关功能、名称服务器等的任何组合。Communication link 822 may be implemented in any manner, such as through a local area network, a wide area network (eg, the Internet), a point-to-point connection, etc., or any combination thereof. Communication link 822 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc. governed by any protocol or combination of protocols.

对应于图1至图5中的方法,本文实施例还提供了一种计算机可读存储介质,该计算机可读存储介质上存储有计算机程序,该计算机程序被处理器运行时执行上述方法的步骤。Corresponding to the methods in Figures 1 to 5, embodiments of this article also provide a computer-readable storage medium. The computer-readable storage medium stores a computer program. The computer program executes the steps of the above method when run by a processor. .

本文实施例还提供一种计算机可读指令,其中当处理器执行所述指令时,其中的程序使得处理器执行如图1至图5所示的方法。Embodiments of this document also provide computer-readable instructions, wherein when a processor executes the instructions, the program therein causes the processor to perform the methods shown in FIGS. 1 to 5 .

应理解,在本文的各种实施例中,上述各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本文实施例的实施过程构成任何限定。It should be understood that in the various embodiments of this article, the size of the sequence numbers of the above-mentioned processes does not mean the order of execution. The execution order of each process should be determined by its functions and internal logic, and should not be used in the implementation of the embodiments of this article. The process constitutes any limitation.

还应理解,在本文实施例中,术语“和/或”仅仅是一种描述关联对象的关联关系,表示可以存在三种关系。例如,A和/或B,可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。It should also be understood that in the embodiments of this article, the term "and/or" is only an association relationship describing associated objects, indicating that three relationships can exist. For example, A and/or B can mean: A exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in this article generally indicates that the related objects are an "or" relationship.

本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本文的范围。Those of ordinary skill in the art can appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, computer software, or a combination of both. In order to clearly illustrate the relationship between hardware and software Interchangeability, in the above description, the composition and steps of each example have been generally described according to functions. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. The skilled artisan may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of this article.

所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,上述描述的系统、装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be described again here.

在本文所提供的几个实施例中,应该理解到,所揭露的系统、装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另外,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口、装置或单元的间接耦合或通信连接,也可以是电的,机械的或其它的形式连接。In the several embodiments provided herein, it should be understood that the disclosed systems, devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or can be integrated into another system, or some features can be ignored, or not implemented. In addition, the coupling or direct coupling or communication connection between each other shown or discussed may be an indirect coupling or communication connection through some interfaces, devices or units, or may be electrical, mechanical or other forms of connection.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本文实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or they may be distributed to multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiments of this article.

另外,在本文各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以是两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of this article can be integrated into one processing unit, each unit can exist physically alone, or two or more units can be integrated into one unit. The above integrated units can be implemented in the form of hardware or software functional units.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本文的技术方案本质上或者说对现有技术做出贡献的部分,或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本文各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, the technical solution in this article essentially contributes to the existing technology, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to cause a computer device (which can be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in various embodiments of this article. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program code. .

本文中应用了具体实施例对本文的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本文的方法及其核心思想;同时,对于本领域的一般技术人员,依据本文的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本文的限制。This article uses specific embodiments to illustrate the principles and implementation methods of this article. The description of the above embodiments is only used to help understand the methods and core ideas of this article; at the same time, for those of ordinary skill in the field, based on the ideas of this article , there will be changes in the specific implementation and application scope. In summary, the content of this description should not be understood as a limitation of this article.

Claims (12)

1. A method for detecting a direct current micro-grid network attack and estimating a global state, the method comprising:
determining an initial global state vector and an initial covariance matrix according to state vectors of buck converters of all areas in a direct current micro-grid at an initial moment, wherein the initial global state vector is a global state vector at the initial moment;
determining an area estimation state vector at the current moment according to the initial global state vector, the initial covariance matrix, input vectors of all areas at the initial moment and an area state observation vector at the current moment, wherein elements in the area state observation vector at the current moment are the sum of output voltage of the buck converter at each area, noise signals received by each area and network attack signals received by each area;
According to the current time zone estimation state vector, determining a zone which is not attacked by the network in the direct current micro-grid;
updating the initial global state vector by using the area estimation state vector of the area not attacked by the network to obtain an updated global estimation state;
and taking the current moment as the initial moment, and iteratively calculating the area estimation state vector of each area at the next moment according to the updated global estimation state.
2. The method for detecting and estimating a global state of a dc micro-grid network attack according to claim 1, wherein determining the area estimation state at the current moment comprises:
determining an initial region estimation state vector and an estimation covariance matrix according to the initial global state vector and the initial covariance matrix;
calculating a first region estimation state vector and a first estimation covariance matrix by using volume points according to the initial region estimation state vector and the estimation covariance matrix;
and determining the area estimation state vector at the current moment and the estimation covariance matrix at the current moment according to the first area estimation state vector, the first estimation covariance matrix and the Kalman filtering algorithm.
3. The method for detecting and estimating the global state of a direct current micro grid network attack according to claim 2, wherein the method comprises the following steps: the initial region estimation state vector and the estimation covariance matrix are determined by using the following formula: Wherein->Representation->Information weighting factors of each region at a time, when the sensor performance of each region responsible for measuring the output signal is the same, < >>M represents the total number of areas, a represents the total number of areas subject to network attacks,each region information weight factor indicating the time k+1; />Representation->Time of day (time)iInitial region estimation state vectors for individual regions; />Representation->Estimating a state vector by a global state at a moment; />Representation->Time of day (time)iInitial region estimation state vector covariance matrix of each region;Nthe system is an array, and represents all area serial numbers of the intelligent direct current micro-grid;Ais an array, which indicates the sequence number of the area of the intelligent direct-current micro-grid under network attack at the current moment,/->And represents the covariance matrix of the global state estimation vector at time k.
4. The method for detecting and estimating a global state of a dc micro-grid network attack of claim 3, wherein the first area estimation state vector and the first estimation covariance matrix are determined by using the following formula:
wherein (1)>Representation of k+ 1Time->Priori pre-prediction of region state vectors for individual regionsA measured vector, namely the first area estimation state vector,Representation ofk+1Time->A covariance matrix of the prior prediction errors of the regional state vectors of the individual regions is the first estimated covariance matrix; / >Representing a volume point;mfor all volume points, this is takenm=4;/>Represent the firstjA plurality of volume points; />Representing the identity matrix; />Is->Is a variance matrix of (a); />Representation ofkTime of day (time)iInitial region estimation state vectors for individual regions; />Representation->Time->Initial region estimation state vector covariance matrix of each region, f ()A relationship function representing a region state vector at a previous time and a region state vector at a subsequent time;a region input vector representing an i-th region at a time k; />A relationship function representing a region state vector at a current time and a region input vector at the current time; />A transpose of the matrix of prior prediction errors of the region state vector representing the i-th region at time k+1.
5. The method for detecting and estimating a global state of a direct current micro-grid network attack according to claim 4, wherein the current time zone estimation state vector and the current time estimation covariance matrix are determined by using the following formula:
wherein (1)>Representation ofTime->A priori prediction vector of the regional state observation vector of the regional local state estimator of each region; />Representation ofTime->The regional state vector of each region is the regional estimation state vector of the current moment, +. >Representation->Time->The covariance matrix of the regional state vector of each region is the estimated covariance matrix of the current moment; />For Kalman gain, ++>Is a relation matrix of the regional state vector and the regional state observation vector,>represents time k-1>The initial region of each region estimates the covariance matrix of the state vector.
6. The method for detecting and estimating the global state of network attacks on a direct current micro-grid according to claim 5, wherein determining the area which is not attacked by the network in the direct current micro-grid according to the current time area estimation state comprises:
according to the area estimation state of each area, determining the attack characteristic value of each area at the current moment;
determining the deviation degree of the attack characteristic value and the average area state vector of the area estimation state;
determining an area with the deviation degree exceeding a preset threshold value as an area under network attack;
and determining the area with the deviation degree smaller than or equal to the preset threshold value as the area not attacked by the network.
7. The method of direct current micro grid network attack detection and global state estimation according to claim 6, further comprising:
performing cluster analysis on the attack characteristic values of each region at the current moment to obtain a cluster;
And determining the number of network attacks to which the area is subjected according to the number of the clustered clusters and the areas corresponding to the attack characteristic values in the clusters.
8. The method of claim 7, wherein updating the initial global state vector with the area estimation state of the area not under network attack comprises:
the updated global estimated state is determined using the following formula:wherein, Ais an array, represents the sequence number of the area under attack,Nthe array comprises serial numbers of all areas of the direct current micro-grid; />Representing the global estimate vector of the current time zone, +.>And the covariance matrix of the global estimation vector at the current moment is represented.
9. The method for detecting and estimating a global state of a dc micro-grid network attack of claim 8, wherein determining the global estimated state comprises:
judging whether the number of the areas not attacked by the network exceeds half of the total number of the areas;
if yes, determining a global estimation state;
if not, the global state estimation is not performed.
10. A direct current micro grid network attack detection and global state estimation device, the device comprising:
The initial determining unit is used for determining an initial global state vector and an initial covariance matrix according to the state vectors of the buck converters of all areas in the direct current micro-grid at the initial moment, wherein the initial global state vector is the global state vector at the initial moment;
the current determining unit is used for determining a current time zone estimation state vector according to the initial global state vector, the initial covariance matrix, input vectors of all zones at the initial time and a current time zone state observation vector, wherein elements in the current time zone state observation vector are the sum of output voltage of the buck converter of each zone, noise signals received by each zone and network attack signals received by each zone;
the network attack determining unit is used for determining an area which is not attacked by the network in the direct current micro-grid according to the area estimation state vector at the current moment;
the updating unit is used for updating the initial global state vector by utilizing the area estimation state vector of the area which is not attacked by the network to obtain an updated global estimation state;
and the iterative calculation unit is used for taking the current moment as the initial moment and iteratively calculating the area estimation state vector of each area at the next moment according to the updated global estimation state.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1 to 9 when executing the computer program.
12. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 9.
CN202310969950.4A 2023-08-03 2023-08-03 Method and device for detecting network attack of direct-current micro-grid and estimating global state Active CN116708026B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310969950.4A CN116708026B (en) 2023-08-03 2023-08-03 Method and device for detecting network attack of direct-current micro-grid and estimating global state

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310969950.4A CN116708026B (en) 2023-08-03 2023-08-03 Method and device for detecting network attack of direct-current micro-grid and estimating global state

Publications (2)

Publication Number Publication Date
CN116708026A CN116708026A (en) 2023-09-05
CN116708026B true CN116708026B (en) 2023-10-24

Family

ID=87839569

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310969950.4A Active CN116708026B (en) 2023-08-03 2023-08-03 Method and device for detecting network attack of direct-current micro-grid and estimating global state

Country Status (1)

Country Link
CN (1) CN116708026B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113765880A (en) * 2021-07-01 2021-12-07 电子科技大学 A detection method of power system network attack based on spatiotemporal correlation
CN115296853A (en) * 2022-07-06 2022-11-04 国网山西省电力公司信息通信分公司 A network attack detection method based on network spatiotemporal features

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180262525A1 (en) * 2017-03-09 2018-09-13 General Electric Company Multi-modal, multi-disciplinary feature discovery to detect cyber threats in electric power grid

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113765880A (en) * 2021-07-01 2021-12-07 电子科技大学 A detection method of power system network attack based on spatiotemporal correlation
CN115296853A (en) * 2022-07-06 2022-11-04 国网山西省电力公司信息通信分公司 A network attack detection method based on network spatiotemporal features

Also Published As

Publication number Publication date
CN116708026A (en) 2023-09-05

Similar Documents

Publication Publication Date Title
CN104751229B (en) Bearing fault diagnosis method capable of recovering missing data of back propagation neural network estimation values
JP6609050B2 (en) Anomalous fusion in temporal causal graphs
CN112946484B (en) SOC estimation method, system, terminal equipment and readable storage medium based on BP neural network
CN112765896A (en) LSTM-based water treatment time sequence data anomaly detection method
CN104376231A (en) Damage identification method based on improved similar Bayesian calculation
CN109409425B (en) A Fault Type Recognition Method Based on Neighbor Component Analysis
CN115453376A (en) State monitoring method and system for power battery of electric automobile and electric automobile
CN110505114A (en) A node abnormality judgment method in cloud computing environment
CN105245362B (en) Important node information collecting method in a kind of SDN environment
CN102801629A (en) Traffic matrix estimation method
CN114528547A (en) ICPS (information storage and protection System) unsupervised online attack detection method and device based on community feature selection
CN108333571B (en) A multi-sensor and multi-frame joint detection and tracking method based on spot trace sequence fusion
CN114580578B (en) Constrained distributed stochastic optimization model training method, device and terminal
CN110244690B (en) Multivariable industrial process fault identification method and system
CN116708026B (en) Method and device for detecting network attack of direct-current micro-grid and estimating global state
CN113151842B (en) Method and device for determining the conversion efficiency of hydrogen production by wind-solar hybrid electrolysis of water
Zhu et al. State of Health Estimation of Lithium‐Ion Battery Using Time Convolution Memory Neural Network
CN112434930B (en) Drilling process fault diagnosis method, system and equipment
CN108170648A (en) A kind of nongausian process monitoring method returned based on given data
Rahman et al. ANFIS based cyber physical attack detection system
WO2014173271A1 (en) Optimization method and system for the number of monitoring units of digital man-machine interface
CN107506824A (en) Bad the observation data detection method and device of a kind of power distribution network
CN118033463A (en) Lithium battery health state estimation method and device based on meta-learning
CN109525453B (en) Networked CPS Anomaly Detection Method and System Based on Node Dependency
CN109976974A (en) It is a kind of for operating status judgement cloud computing environment under system monitoring method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant