Disclosure of Invention
The embodiment of the invention provides a network vulnerability guided information attack-oriented mobile target defense deployment optimization method, which is used for solving the D-FACTS equipment safety deployment problem when applying MTD to solve FDI attack in a power grid.
In order to achieve the purpose, the invention adopts the following technical scheme:
a network vulnerability guided information attack-oriented mobile target defense deployment optimization method comprises the following steps:
s1, acquiring power grid system data:
collecting topology and power flow data of the power grid system during long-time operation, and switching to S2;
s2, preprocessing of collected data:
formatting the data, classifying the data according to data types, and transferring the static data to S3; the dynamic data is transferred to S4 for processing;
s3, static data processing:
the number of equipment required by the system is preliminarily analyzed by processing the static data acquired by the system;
s4, dynamic data processing:
through processing dynamic data collected by a system, calculating the weight of a line and the possibility of emergency accidents of nodes at two ends of the line during normal operation by historical load flow data and node line parameters, and comprehensively evaluating the specific weight of the line when D-FACTS equipment is configured;
s5, generating a configuration strategy:
generating a configuration strategy according to the device number and the node weight obtained in S3 and S4;
s6, configuring strategy weight coverage detection:
detecting whether the generated configuration strategy covers the required corresponding fragile node;
if the requirement is met, the operation goes to S7; if not, the step is shifted to S3, the number of the devices is recalculated, and the configuration strategy is updated;
s7, detecting the economic cost and the line regulation capacity of the configuration strategy:
detecting whether the configuration strategy meets the installation economic cost constraint and the physical safety constraint of the power grid operation when the line adjusting parameters;
if yes, outputting a configuration strategy; if not, the step is shifted to S3, the number of the devices is recalculated, and the configuration strategy is updated;
and S8, outputting the installation scheme.
As a further improvement of the present invention, in step S1, the system acquiring data includes: the system comprises a system topological structure, node injection power, line tide, node parameters, line parameters and system emergency accident data.
As a further improvement of the present invention, in step S2, the static data of the system itself includes network topology and line parameters; and the dynamic data generated during the operation of the system comprises node parameters, node injection power, line tide and system emergency accident data.
As a further improvement of the present invention, in step S3, the number of D-FACTS devices required by the system is calculated according to the system topology, and the specific method includes:
in a system with n nodes and m lines, m is generally more than or equal to (n-1), a measurement matrix of the system is H, H is an admittance matrix of the system after a balanced node column in the system is removed, and H is a system adjacent matrix of mx (n-1) order in the system after direct current simplification; after the line parameters are changed using D-FACTS, the measurement matrix of the system is changed to HtThen for the composite matrix M ═ H Ht]The dimension is mx 2(n-1), and the configuration scheme that maximizes the matrix M rank is the optimal defense scheme;
if M is larger than or equal to 2(n-1), the system is called a complete system, and when the number of the installed M matrix arrays is n-1, the M matrix arrays are full-rank, so that the defense requirements of all nodes are met; if the number m of lines in the system is less than 2(n-1), a complete D-FACTS equipment configuration scheme does not exist in the system, namely, security threats always exist in the system; the defense strategy aims to maximize the defense effect, in an incomplete system at the moment, when each line is provided with D-FACTS equipment, the defense effect is necessarily maximized, but unnecessary cost is caused, so the optimal installation quantity is the minimum installation quantity which accords with the maximum matrix, the maximum rank of the composite matrix is m at the moment, the rank of the original system measurement matrix H is n-1, when the installation quantity is m-n +1, the rank of the composite matrix is maximized, and the optimal installation scheme is the optimal installation scheme when the defense effect is maximized at the moment.
As a further improvement of the present invention, in step S4, a line weight is calculated according to the historical power flow data, the node line parameters and the node emergency power failure accident data, and the specific method is as follows:
the method comprises the following steps of calculating the influence of certain line parameters on the grid loss when changed, and determining the weight in the economic aspect, wherein the calculation method comprises the following steps:
when the emergency accident probability of a certain node is calculated, the node is calculated by using an independent time axis, namely whether the two adjacent nodes have power failure accidents or not is mutually independent, so that
Wherein P is
outIs the probability of an emergency; to the line l
ijThe weight of the line in configuring the D-FACTS device is
As a further improvement of the present invention, in step S5, the configuration policy includes: the method comprises the steps of configuring the number of devices, configuring positions of the devices and adjusting capacity of the devices, wherein the adjusting capacity of the devices refers to the maximum adjusting capacity of the D-FACTS devices at the line under the constraint of safe operation of a power grid.
As a further improvement of the present invention, in step S6, the vulnerability coverage of the configuration scheme is checked, and the specific method is as follows:
according to the result calculated by the S5, each node has its corresponding vulnerability, specifically, the resistance of the node in the face of power flow fluctuation and information attack, while the radiation capability of the D-FACTS devices configured on the same line to different nodes is different, and the deployment optimization method should satisfy: lines provided with the D-FACTS equipment are matched with one another, so that the resistance of each fragile node in the power grid reaches a certain threshold value; the overall resistance of the system reaches another threshold.
As a further improvement of the present invention, in step S7, the adjustment capability and economic cost detection method specifically includes:
the installation cost and the economic cost generated by the dispatching trend should be less than the precalculated value, i.e. c
1ΔP
Loss++c
2n
DC or less, wherein C
1,c
2Is the economic coefficient, C is the total budget; in addition, the regulation capability of the D-FACTS to the line should be within the normal operation allowable range of the power grid, namely
Wherein
ijx,
Are respectively a line l
ijLower and upper bounds for the parameters.
As a further improvement of the present invention, in step S8, the output configuration policy includes: the number of devices configured, the location of the devices configured, and the adjustability of the devices.
Compared with the prior art, the invention has the following technical effects:
according to the deployment optimization method of the distributed flexible alternating current transmission equipment (D-FACTS) based on topology perception and model response analysis, by analyzing the topology of the power grid and the vulnerability of nodes, the line deployment capability and the deployment cost are taken as constraints, and when the deployment of the D-FACTS equipment is considered in step S5, the economic requirement of the operation of the power grid is considered, and the safety requirement of the power grid in the face of information attack is also considered, which is a point that has not been considered in the design of the traditional D-FACTS equipment configuration scheme. The method comprises the steps of firstly calculating the minimum number of devices meeting requirements of two aspects, and determining the optimal installation position of the D-FACTS device according to the coupling relation between the nodes and lines, so that deployed devices can cover all fragile nodes. On the premise of ensuring normal operation and power flow scheduling of a power grid, the requirement of information safety is met, and the problem of D-FACTS equipment deployment when an MTD technology is applied to FDI attack under the engineering constraint background of the power grid is solved.
Detailed Description
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the embodiments described below are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a network vulnerability guided information attack-oriented mobile target defense deployment optimization method provided by an embodiment of the present invention includes the following steps:
s1, collecting various data generated by the system in long-time operation, which specifically comprises the following steps: the method comprises the following steps of (1) transferring collected data to S2 for processing, wherein the collected data comprise a system topological structure, node injection power, line load flow (active power direction and reactive power amplitude), node parameters (voltage and phase angle), line parameters (node admittance matrix), and system emergency accident data (historical operation data at least comprising operation and unplanned power failure data within one year);
s2: formatting the collected data, classifying according to data types, wherein network topology, line parameters and the like belong to static data, and processing in S3;
the node parameters, the operation trend, the system emergency accident data and the like belong to dynamic data, and S4 is carried out for processing;
s3: static data processing:
the number of devices required by the system can be preliminarily analyzed by processing the static data acquired by the system.
In a system with n nodes and m lines, m is generally greater than or equal to (n-1), assuming that a measurement matrix of the system is H, which is an admittance matrix of the system after a balanced node column in the system is removed, and H is a system adjacent matrix of m x (n-1) order in a direct current simplified system. After the line parameters are changed using D-FACTS, the measurement matrix of the system is changed to HtThen for the composite matrix M ═ H Ht]The dimension is M × 2(n-1), and the configuration scheme that maximizes the matrix M rank is the optimal defense scheme.
Particularly, if M is larger than or equal to 2(n-1), the system is called a complete system, and when the number of installed M is n-1, the M matrix array is full-rank, so that the defense requirements of all nodes are met; if the number m of lines in the system is less than 2(n-1), a complete D-FACTS equipment configuration scheme does not exist in the system, namely, security threats always exist in the system. At this time, the defense strategy aims to maximize the defense effect, and in an incomplete system at this time, when each line is provided with a D-FACTS device, the defense effect is necessarily maximized, but unnecessary cost is caused, so the optimal installation quantity is the minimum installation quantity which accords with the maximum matrix, the maximum rank of the composite matrix is m at this moment, the rank of the original system measurement matrix H is n-1, when the installation quantity is m-n +1, the rank of the composite matrix is maximized, and the optimal installation scheme is the optimal installation scheme when the defense effect is maximized at this moment.
S4: dynamic data processing:
through the processing of dynamic data collected by a system, the weight of the line during normal operation and the possibility of emergency accidents of nodes at two ends of the line are calculated according to historical load flow data and node line parameters, and the specific weight of the line during the configuration of D-FACTS equipment is comprehensively evaluated.
The specific method comprises the following steps:
firstly, the influence on the grid loss of a certain line when the parameters of the line are changed is calculated, and the weight in the economic aspect is determined, wherein the calculation method comprises the following steps:
wherein G is
ijRepresents a line l
ijConductance value of (B)
ijRepresents a line l
ijBoth data can be obtained by the system admittance matrix, x
ijIs line impedance, P
lossFor the entire network loss, P
flow,ijIs a line l
ijFlow of (a), s
(θ,V)Is the state value of the system node, including voltage and phase angle.
The formula represents the network loss change generated by the sum of the system node power and the line power flow when the line parameters are changed, and the network loss change is the influence of the changed line parameters on the network loss change of the whole system. As the equipment installation side is an operation mechanism, the mechanism is acquiescent to master operation data and emergency accident data of the system for a long time, the probability of emergency accidents of a certain node is analyzed on the basis, the probability of power failure of a certain line is the union set of the power failure probabilities of nodes at two ends of the line, and when the emergency accident probability of the certain node is calculated, the node is calculated by using an independent time axis, namely whether the power failure accidents of two adjacent nodes occur or not is mutually independent, so that the equipment installation side is an operation mechanism, the mechanism is acquiescent to master the operation data and the emergency accident data of the system for a long time, and the probability of the emergency accidents of the certain node is calculated
![Figure BDA0002368739810000081](https://patentimages.storage.***apis.com/b0/7f/47/450ee16ba95614/BDA0002368739810000081.png)
Wherein P is
outIs the probability of an emergency. To the line l
ijThe weight of the line in configuring the D-FACTS device is
w
1,w
2And the weights are respectively the line loss of the line and the fault rate of the line, and the specific numerical value is calculated according to system data.
S5: and (3) generating a configuration strategy:
generating a configuration strategy according to the device number and the node weight obtained in S3 and S4, specifically comprising: the method comprises the steps of configuring the number of devices, configuring positions of the devices and adjusting capacity of the devices, wherein the adjusting capacity of the devices refers to the maximum adjusting capacity of the D-FACTS devices at the line under the constraint of safe operation of a power grid.
S6: configuring policy weight coverage detection:
detecting whether the generated configuration strategy covers the required corresponding fragile node or not, wherein the specific method comprises the following steps: according to the result calculated by the S5, each node has its corresponding vulnerability, which can be understood as the resistance of the node in the face of power flow fluctuation and information attack, while the radiation capability of the D-FACTS device configured on the same line to different nodes is different, and according to the above, the obtained deployment optimization method should satisfy: lines provided with the D-FACTS equipment are matched with one another, so that the resistance of each fragile node in the power grid reaches a certain threshold value; the overall resistance of the system reaches another threshold. If the requirement is met, switching to S7, otherwise, switching to S3, recalculating the number of the devices and updating the configuration strategy;
s7: detecting economic cost and line regulation capacity of a configuration strategy:
whether a configuration strategy meets installation economic cost constraint and physical safety constraint of power grid operation when line adjusting parameters is detected, and the specific method comprises the following steps: the installation cost and the economic cost generated by the dispatching trend should be less than the precalculated value, i.e. c
1ΔP
Loss++c
2n
DC or less, wherein C
1,c
2And C is the total budget. In addition, the regulation capability of the D-FACTS to the line should be within the normal operation allowable range of the power grid, namely
Wherein
ijx,
Are respectively a line l
ijLower and upper bounds for the parameters. Typically, the adjustment of the line parameters should be within ± 20%. If the condition is satisfied, the configuration policy is output, otherwise, the process proceeds to S3, the number of devices is recalculated, and the configuration policy is updatedSlightly less than
S8: outputting an installation scheme: the output configuration policy specifically includes: the configuration number of the equipment, the configuration position of the equipment and the adjustment capability of the equipment.
Another embodiment of the network vulnerability guided information attack-oriented mobile target defense deployment optimization method provided by the embodiment of the present invention will be described in detail.
Examples
Fig. 2 is a system structure diagram of a test case of an IEEE-9 node standard power system, where the system includes 9 nodes, where nodes 1, 2, and 3 are power generation nodes, nodes 5, 7, and 9 are load nodes, and there are 9 branches in total between the nodes, where the nodes 1 and 4, the nodes 2 and 8, and the nodes 3 and 6 are connected by transformers.
The control center can control the on-off of each branch in the system and the working condition of each generator, each generator in the system is in an on state under normal operation, and after an attacker invades the control center, a false control instruction for the generator can be issued, for example, the attacker sends the control instruction to close the generator on the node 2, and after receiving the instruction, the generator responds to the instruction, so that the operation state of the system can be possibly damaged.
Under the MATPOWER environment, a physical response model of the power system is constructed according to the connection structure, the electrical parameters and the on-off states of the generators of the power system, and power flow analysis can be performed on the power system through the physical response model, and the physical response model specifically comprises the following steps in combination with fig. 2:
step S101: setting the value of a reference capacity baseMVA of the whole system as 100MVA, and initially generating the following bus matrix according to the node power parameter and the voltage parameter:
the first column of the Bus matrix is an NO parameter, the second column is a Type parameter, the third column is a Pd parameter, the fourth column is an Od parameter, the fifth column is a Gs parameter, the sixth column is a Bs parameter, the seventh column is an area parameter, the eighth column is a Vm parameter, the ninth column is a Va parameter, the tenth column is a baseKV parameter, the eleventh column is a zone parameter, the twelfth column is a Vmax parameter, and the thirteenth column is a Vmin parameter.
Type in the Bus matrix represents the Type of the node, wherein 1 is a PQ node, 2 is a PV node, and 3 is a balance node; pd and Qd represent active power and reactive power injected by the node pair load; gs and Bs represent the conductance value and the susceptance value of the parallel connection of the nodes, and the values are set to be 0 in the system; vm, Va, Vmax and Vmin respectively represent an initial amplitude value, an initial phase value, a highest amplitude value and a lowest amplitude value of the node voltage, wherein the voltage amplitude values are unit values under reference capacity, for simplification of a system model, the initial phase value of each node is uniformly set to be 0, and the highest amplitude value and the lowest amplitude value are uniformly set to be 1.1 and 0.9; baseKV represents a node reference voltage, and is consistent with the system reference capacity; area and zone are used for setting the section number and the partition number of the power grid, and are generally set to be 1;
step S102: according to the line connection relation among the nodes and the impedance and admittance parameters on each branch, determining a branch matrix as follows:
in the branch matrix, the first column is fb parameter, the second column is tb parameter, the third column is R parameter, the fourth column is X parameter, the fifth column is B parameter, the sixth column is rA parameter, the seventh column is rB parameter, the eighth column is rC parameter, the ninth column is ratio parameter, the tenth column is ang parameter, the eleventh column is S parameter, the twelfth column is angmin parameter, and the thirteenth column is angmax parameter.
Fb and tb in the branch matrix represent the node numbers connected with the branches; column R, X, B indicates the resistance, reactance and susceptance values on the branch, respectively; rA, rB and rC respectively represent the allowed power of the branch in long term, short term and emergency, and the values of the three columns are uniformly set to 250 in order to simplify the system model; the ratio represents the voltage transformation ratio of the branch circuit, if the branch circuit is a conducting wire, the value of the ratio is 0, and if a transformer exists in the branch circuit, the value of the ratio is the reference voltage ratio of two sides of the transformer; s represents the closed state of the branch, wherein 1 is the branch is closed, and 0 is the branch is open; ang, angmin, angmax respectively represent the phase angle of the branch and the maximum and minimum angle difference;
step S103: according to the power parameters and the electrical parameters of the generator, the following generator matrix (gen matrix) is determined:
the first column in the gen matrix is a bus parameter, the second column is a Pg parameter, the third column is a Qg parameter, the fourth column is a Qmax parameter, the fifth column is a Qmin parameter, the sixth column is a Vg parameter, the seventh column is an mBase parameter, the eighth column is an S parameter, the ninth column is a Pmax parameter, and the tenth column is a Pmin parameter.
Pg, Pmax and Pmin in the gen matrix respectively represent the active power of the generator and the maximum and minimum allowable values; qg, Qmax and Qmin represent the reactive power of the generator and the maximum and minimum allowable values respectively; vg represents the operating voltage of the generator, and the value of Vg is a per unit value under the basic capacity; mBase represents the power reference of the generator, consistent with the reference capacity; s represents the working state of the generator, wherein 1 is the running of the generator, and 0 is the closing of the generator;
step S2: and calculating a system load flow to determine a system state matrix s and a line load flow matrix l.
The first column of the s matrix is node number data, the second column is a voltage amplitude, the third column is a voltage phase angle, the fourth column injects active power into the node, the fifth column injects reactive power into the node, the nodes without the two values are load nodes, the sixth column is nodes absorbing active power, the seventh column is nodes absorbing reactive power, and the nodes without the two values are generator nodes.
The first column of the l-matrix is the line number data, the second column is the line power start node, the third column is the line power end node, the fourth column injects active power for the line start node, the fifth column injects reactive power for the start node, the sixth column injects active power for the end node, the negative value indicates that the node absorbs active power from the line, the seventh column indicates that the end node injects reactive power, the negative value indicates that the node absorbs reactive power from the line, and the eighth and ninth columns respectively indicate the active and reactive power of the line loss.
Step S3: the system has 9 nodes and 9 lines, m is less than 2(n-1), and if the system is incomplete, the installation number with the maximum defense effect is 9-9+1 to 1, and in a small system such as an IEEE-9 node, the maximum defense effect can be achieved by installing equipment on one line.
TABLE 1
Note: the weights are normalized.
Step S4: calculating line weight according to system operation load flow data and node line parameters, and respectively calculating w in experiments1,w2The values of (a) were set to 0.75 and 0.25, and the calculation results are shown in table 1 above.
Step S5: the configuration strategy is generated as follows:
TABLE 2
Number of installations
|
Installation circuit
|
Capacity of equipment
|
1
|
8-9
|
±(0.017+0.0322j) |
Before and after the configuration scheme is adopted, the detection efficiency of the attack quantity with different magnitudes is shown in figure 3. After the D-FACTS equipment is installed, the probability of attack detection of the system on different orders of magnitude is obviously increased, the influence on the budget of the system after the installation is small, and the scheme is considered to meet the design requirement.
The above is a detailed description of the present invention with reference to specific preferred embodiments, and it should not be considered that the present invention is limited to the specific embodiments, but that the present invention can be easily derived or substituted by those skilled in the art without departing from the spirit of the present invention, and all of them should be considered as falling within the scope of the patent protection defined by the claims of the present invention.