CN115348094A - Universal method for recovering smart grid attack, computer equipment and storage medium - Google Patents
Universal method for recovering smart grid attack, computer equipment and storage medium Download PDFInfo
- Publication number
- CN115348094A CN115348094A CN202210990204.9A CN202210990204A CN115348094A CN 115348094 A CN115348094 A CN 115348094A CN 202210990204 A CN202210990204 A CN 202210990204A CN 115348094 A CN115348094 A CN 115348094A
- Authority
- CN
- China
- Prior art keywords
- value
- data
- recovering
- measurement
- smart grid
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000005259 measurement Methods 0.000 claims abstract description 81
- 238000011084 recovery Methods 0.000 claims abstract description 39
- 238000005457 optimization Methods 0.000 claims abstract description 34
- 238000002347 injection Methods 0.000 claims abstract description 28
- 239000007924 injection Substances 0.000 claims abstract description 28
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 27
- 238000007429 general method Methods 0.000 claims abstract description 21
- 230000001133 acceleration Effects 0.000 claims description 33
- 230000008859 change Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 11
- 238000004364 calculation method Methods 0.000 claims description 6
- 239000000243 solution Substances 0.000 claims description 4
- 230000005611 electricity Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 claims description 2
- 239000000126 substance Substances 0.000 claims 3
- 239000002609 medium Substances 0.000 description 17
- 230000008569 process Effects 0.000 description 9
- 238000011160 research Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 230000000875 corresponding effect Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 101100521992 Dictyostelium discoideum psiI gene Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000012120 mounting media Substances 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/11—Complex mathematical operations for solving equations, e.g. nonlinear equations, general mathematical optimization problems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/16—Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/17—Function evaluation by approximation methods, e.g. inter- or extrapolation, smoothing, least mean square method
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Mathematical Analysis (AREA)
- Theoretical Computer Science (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Computational Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Algebra (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Operations Research (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Supply And Distribution Of Alternating Current (AREA)
Abstract
The invention relates to a general method, computer equipment and a storage medium for recovering smart grid attacks, which relate to the field of network security and comprise the following steps: after injection of the false data is detected, a preliminary guess value of state estimation is obtained through a time sequence measurement data inertia phenomenon and a proximity algorithm; constructing an optimization model for data recovery according to the preliminary guess value and the power grid state; and operating the constructed data recovery optimization model to recover the data tampered by the network attack. By using the universal data recovery method aiming at the false data injection attack of the smart grid, false data tampered by network attack can be quickly recovered, economic influence caused by the network attack is relieved, and the running stability of the smart grid is improved.
Description
Technical Field
The invention relates to the field of network security, in particular to a general method, computer equipment and a storage medium for recovering smart grid attacks.
Background
With the rapid development of the smart power grid, the operating efficiency and the economic benefit of the power system are improved. Meanwhile, the network risk is greatly increased, and various network attack means are diversified. The method aims to destroy the integrity of data and further damage network assets by aiming at the false data injection attack of the smart grid, and has great concealment and destructiveness. Therefore, the data can be quickly recovered after the attack, and the loss reduction is an urgent need of the current smart grid for resisting the network attack.
Currently, various complex preset conditions and attack forms are often considered in research on data recovery after an attack, a part of the research needs a relatively stable power load environment, and a part of the research needs a large amount of attack data as example references, which are difficult to apply in a real scene.
Disclosure of Invention
In view of this, the embodiments of the present application provide a general method, a computer device, and a storage medium for recovering a smart grid attack, and unlike previous researches, the present invention adopts a suitable recovery method, which can omit the above preset conditions and perform data recovery on a false information injection attack by a general method.
In order to achieve the purpose, the invention provides the following technical scheme:
in a first aspect, an embodiment of the present application provides a general method for recovering a smart grid attack, where after a false data injection attack is detected, the method includes the following steps:
step one, estimating data measurement data speed and measurement data acceleration according to a time sequence measurement data inertia phenomenon and a proximity algorithm;
step two, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and acceleration;
and step three, obtaining a recovered system data value according to the optimization model.
As a further scheme of the invention, after the injection of the false data is detected, a preliminary guess value of the state estimation is obtained based on a time sequence measurement data inertia phenomenon and a proximity algorithm; and recovering the attacked node voltage by adopting a preset optimization model, and obtaining a recovery result by minimizing the system state change and the difference between the primary guess value and the attacked measurement value.
As a further aspect of the present invention, the time series measurement data inertia phenomenon includes:
whereinIs the measurement value of the ith measurement meter at time t,andrespectively defined as the measured data speed and the measured data acceleration of the ith measured electricity meter at the time t. Which together constitute the inertial characteristics of the measurement data. The measurement result is discrete with time in consideration of the measurement characteristics of the electric meter data. Accordingly, the corresponding inertial data of the measurement data (including velocity and acceleration as described above) is also correspondingly discrete over time.
As a further aspect of the present invention, in this case, the measurement data velocity may be represented by a difference between adjacent state estimation measurement values, and the measurement data acceleration may be represented by a difference between adjacent measurement data velocities, and in step one, based on the time series data measurement value inertia phenomenon, the following measurement data velocity and measurement data acceleration representations may be obtained:
wherein Γ = Γ j -Γ j-1 ,Γ j Represents a time point of a jth state estimate;
whereinAndrespectively represent the (j-1) th velocity and acceleration,representing the jth measurement.
As a further scheme of the invention, the step two: after the estimated values of the speed and the acceleration are obtained through the first step, according to Taylor series quadratic approximation, a preliminary guess value of data recovery is given through the following equation;
in view of the case of spurious information injection, the preliminary guess value that can give the jth state estimate based on taylor series quadratic approximation is expressed as follows:
as a further aspect of the present invention, a preliminary guess value of the inertia value may be obtained based on the inertia value and a proximity algorithm, and since the (j-1) th measurement data value is required to calculate the preliminary guess value of the jth inertia value and is unknown in an attacked situation, the following proximity algorithm is used to estimate the measurement data velocity and the measurement data acceleration, which is specifically characterized as follows:
that is to say the preliminary guess value,andrespectively represent as defined in claim 2Andthe magnitude of which is determined by the proximity algorithm based on the inertial value over a period of time.And ψ (-) denotes the proximity algorithm relationship, L being the amount of data used by the algorithm. Based on these two estimates, the preliminary guess of the required state estimate is expressed as follows:
as a further scheme of the invention, in the third step, the preliminary guess value and the system state are solved, and the recovered system data value is solved based on the optimization equation. The optimization equation target is divided into two parts, wherein one part is the relative change of the system state, the other part is the relative change of the initial guess value and the recovery value, and the two parts are weighted and summed;
based on the state estimation preliminary guess value and the current system state, the following optimization model is provided:
whereinIs the magnitude of the voltage at the i-node,is the phase angle of the voltage at the i-node,the active power of the node i is the active power,is the reactive power of the node i,the power is actively transmitted from the i node to the j node,reactive power is transmitted from the node i to the node j;variables are target recovery variables, which are unified withIn this representation, the corner mark j indicates the jth meter.The preliminary guess value obtained from claim 3 is indicated.Andrespectively representing the state value of the system after attack and the state value of the node i in the system after recovery, including the voltage amplitudePhase angle of voltageOmega is a variable set; Ψ is a set of measurement tables. Alpha and beta are respectively the weight of the system state value and the state estimation speculative value in the recovery, and can be adjusted according to the actual situation. n is 1 And n 2 Respectively the number of nodes and the number of electric meters.
As a further aspect of the invention, steps one and two address giving preliminary guesses quickly after being attacked by spurious information injection. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
In a second aspect, an embodiment of the present invention provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the above general method for recovering from a smart grid attack.
In a third aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the above general method for recovering from a smart grid attack.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the embodiment of the application provides a general method, computer equipment and a storage medium for recovering smart grid attacks, and after a false data injection attack is detected, the first step is that data measurement data speed and measurement data acceleration are estimated according to a time sequence measurement data inertia phenomenon and a proximity algorithm; step two, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and acceleration; and step three, obtaining the recovered system data value according to the optimization model. Steps one and two address giving preliminary guesses quickly after a spurious information injection attack. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
These and other aspects of the present application will be more readily apparent from the following description of the embodiments. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application. In the drawings:
FIG. 1 is a schematic diagram illustrating changes in meter data and changes in system power load over time in a general method of recovering from a smart grid attack in an exemplary embodiment of the invention;
FIG. 2 is a diagram schematically illustrating a comparison of a normal value, an attacked value and a preliminary guessed value of measured data after a certain system attack in a general method for recovering smart grid attack in an exemplary embodiment of the invention;
FIG. 3 is a diagram schematically illustrating a comparison of a recovery value with a normal value after a system is attacked at a certain time in a general method for recovering smart grid attacks in an exemplary embodiment of the invention;
FIG. 4 is a diagram schematically illustrating a normal value of a node voltage amplitude after a system is attacked a certain time, and a comparison between the attacked value and a recovery value in a general method for recovering smart grid attack in an exemplary embodiment of the present invention;
FIG. 5 is a diagram schematically illustrating a normal value of a node voltage phase angle after a certain system attack, a comparison between the attacked value and a recovery value in a general method for recovering smart grid attack in an exemplary embodiment of the invention
Fig. 6 is a diagram of a hardware architecture of a computer device in an embodiment of the invention.
The objectives, features, and advantages of the present application will be further described with reference to the accompanying drawings.
Detailed Description
The present application is further described with reference to the accompanying drawings and the detailed description, and it should be noted that, in the present application, the embodiments or technical features described below may be arbitrarily combined to form a new embodiment without conflict.
It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The present application will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some of the structures related to the present application are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as schematics. Although a diagram depicts steps as a sequential process, many of the steps may be performed in parallel, concurrently, or simultaneously. In addition, the order of the steps may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Because various complex preset conditions and attack forms are generally required to be considered in the current research on data recovery after attack, part of the current research needs a relatively stable power load environment, and part of the current research needs a large amount of attack data as example reference, which are difficult to apply in a real scene.
Therefore, the invention provides a general method, computer equipment and a storage medium for recovering the smart grid attack, which are different from the previous research.
In an example of the present invention, please refer to fig. 1 to fig. 5, which are used for describing a general method for recovering a smart grid attack according to an embodiment of the present application, where the method may be performed by a general apparatus for recovering a smart grid attack, and the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device. After detecting a spurious data injection attack, the method comprises:
And 2, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and the acceleration.
And 3, obtaining the recovered system data value according to the optimization model.
Therein, FIG. 1 depicts measurements from three meters randomly in a system, and a plot of total load of the system power over time. From this image, it is clear that the change in the meter measurement is positively/negatively correlated to the change in the total system load. Thereby reflecting the presence of measurement data inertia.
Fig. 2 to 5 illustrate the comparison of the related meter data and the system data after the system passes a certain attack and recovers the data. The attack is set in an IEEE-30 node system, and the system load adopts a real load curve. First, the fault data injection attack appears as randomly changing the voltage (including the amplitude and phase angle) of several nodes of the system, and in fig. 4 and 5, it can be seen that in this example, 5 nodes are attacked, and the node voltage amplitude and phase angle are changed abnormally to different degrees. Shown on the meter data as the dashed blue line in fig. 1. It can be seen that a large number of meters change after being attacked. After that, the preliminary guess values obtained through the first and second processes are the red dashed lines in fig. 2. In this case, the preliminary guess may achieve relatively good recovery. And after the model optimization of the step three, the recovery line is almost coincident with the normal line. It reflects that the recovery process has good effect. The recovery error of this model optimization is almost negligible through a large number of example statistics.
In some embodiments, after the injection of the spurious data is detected, a preliminary guess value of the state estimation is obtained based on a time series measurement data inertia phenomenon and a proximity algorithm; and recovering the voltage of the attacked node by adopting a preset optimization model, and obtaining a recovery result by minimizing the state change of the system and the difference between the initial guess value and the attacked measurement value.
In some embodiments, the time series metrology data inertia phenomena include:
whereinIs the measurement value of the ith measurement meter at time t,andrespectively defined as the measured data speed and the measured data acceleration of the ith measured electricity meter at the time t. Which together constitute the inertial characteristics of the measurement data. The measurement result is discrete with time in consideration of the measurement characteristics of the electric meter data. Accordingly, the corresponding inertial data of the measurement data (including velocity as described above)Degrees and accelerations) are also correspondingly discrete over time.
In some embodiments, in this case, the measured data velocity may be represented by a difference between adjacent state estimate measurements and the measured data acceleration may be represented by a difference between adjacent measured data velocities, and in step one, from the time series data metrology inertia phenomena, the following measured data velocity and measured data acceleration representations may be obtained:
wherein Γ = Γ j -Γ j-1 ,Γ j Represents a time point of a jth state estimate;
whereinAndrespectively represent the (j-1) th velocity and acceleration,representing the jth measurement.
In some embodiments, step two: after the estimated values of the speed and the acceleration are obtained through the first step, according to Taylor series quadratic approximation, a preliminary guess value of data recovery is given through the following equation;
in view of the case of spurious information injection, the preliminary guess value that can give the jth state estimate based on taylor series quadratic approximation is expressed as follows:
in some embodiments, based on the inertia values and the proximity algorithm, a preliminary guess value of the inertia values may be obtained, since calculating the preliminary guess value of the (j-1) th inertia value requires the jth measurement data value, which is unknown in the attacked situation, the following proximity algorithm is used to estimate the measurement data velocity and the measurement data acceleration, which is characterized in particular as follows:
that is to say the preliminary guess value,andrespectively represent as defined in claim 2Andthe magnitude of which is determined by the proximity algorithm based on the inertial value over a period of time.And ψ (-) denotes the proximity algorithm relationship, L being the amount of data used by the algorithm. Based on these two estimates, the preliminary guess of the required state estimate is expressed as follows:
in some embodiments, in step three, the recovered system data values are solved using the optimization equations using the solution preliminary guess values and the system states. The optimization equation target is divided into two parts, wherein one part is the relative change of the system state, the other part is the relative change of the initial guess value and the recovery value, and the two parts are weighted and summed;
based on the state estimation preliminary guess value and the current system state, the following optimization model is provided:
whereinFor the voltage amplitude of the i-node,is the phase angle of the voltage at the i-node,the active power of the node i is the active power,is the reactive power of the i-node,the active transmission power from the i node to the j node,transmitting power from the node i to the node j in a reactive mode;variables are target recovery variables, which are unifiedThe angle S indicates the jth meter.The preliminary guess value obtained from claim 3 is indicated.Andrespectively representing the state value of the system after attack and the state value of the node i in the system after recovery, including the voltage amplitudePhase angle of voltageOmega is a variable set; psiIs a measurement table set. Alpha and beta are respectively the weight of the system state value and the state estimation speculative value in the recovery, and can be adjusted according to the actual situation. n is a radical of an alkyl radical 1 And n 2 Respectively the number of nodes and the number of electric meters.
In some embodiments, steps one and two address giving preliminary guesses quickly after being attacked by spurious information injection. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
The embodiment of the application provides a general method, computer equipment and a storage medium for recovering smart grid attacks, and after a false data injection attack is detected, the first step is that data measurement data speed and measurement data acceleration are estimated according to a time sequence measurement data inertia phenomenon and a proximity algorithm; secondly, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and the acceleration; and step three, obtaining the recovered system data value according to the optimization model. Steps one and two address the fast giving of preliminary guesses after a spurious information injection attack. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
It should be understood that although the steps are described above in a certain order, the steps are not necessarily performed in the order described. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, some steps of this embodiment may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a part of the steps or stages in other steps.
As shown in fig. 6, the computer apparatus includes a plurality of computer apparatuses 1000, in an embodiment, components of the general apparatus for recovering from a smart grid attack may be distributed in different computer apparatuses 1000, and the computer apparatus 1000 may be a smartphone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server, or a rack server (including an independent server or a server cluster formed by a plurality of servers) that executes a program, and the like. The computer device 1000 of the present embodiment includes at least but is not limited to: a memory 1001 and a processor 1002 communicatively coupled to each other via a system bus. It is noted that fig. 6 only shows the computer device 1000 with a component memory 1001 and a processor 1002, but it is to be understood that not all shown components need to be implemented, and more or fewer components may instead be implemented.
In this embodiment, the memory 1001 (i.e., a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 1001 may be an internal storage unit of the computer device 1000, such as a hard disk or a memory of the computer device 1000. In other embodiments, the memory 1001 may also be an external storage device of the computer device 1000, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 1000. Of course, the memory 1001 may also include both internal and external storage devices of the computer device 1000. In this embodiment, the memory 1001 is generally used to store an operating system and various application software installed in the computer device, for example, the general-purpose device for recovering from a smart grid attack in the embodiment. Further, the memory 1001 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 1002 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 1002 generally operates to control the overall operation of the computer device 1000. In this embodiment, the processor 1002 is configured to execute program codes stored in the memory 1001 or process data. The general method for recovering from a smart grid attack according to the embodiment is implemented when the processors 1002 of the plurality of computer devices 1000 of the computer device of the embodiment execute a computer program together, and the method includes:
after the injection of the false data is detected, a preliminary guess value of state estimation is obtained based on a time sequence measurement data inertia phenomenon and a proximity algorithm; and recovering the attacked node voltage by adopting a preset optimization model, and obtaining a recovery result by minimizing the system state change and the difference between the primary guess value and the attacked measurement value.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by computer programs, which may be stored in a computer-compatible storage medium, and which, when executed, may include processes of the embodiments of the methods described above.
Embodiments of the present application also provide a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application store, etc., on which a computer program is stored, which when executed by a processor implements a corresponding function. The computer-readable storage medium stores the universal device 10 for recovering a smart grid attack of the embodiment, and when executed by a processor, the universal method for recovering a smart grid attack of the embodiment is implemented, where the method includes:
after the injection of the false data is detected, a preliminary guess value of state estimation is obtained based on a time sequence measurement data inertia phenomenon and a proximity algorithm; and recovering the voltage of the attacked node by adopting a preset optimization model, and obtaining a recovery result by minimizing the state change of the system and the difference between the initial guess value and the attacked measurement value.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDRRAM, SRAM, EDORAM, lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage media" may include two or more storage media that may reside in different locations, such as in different computer systems that are connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium containing the computer-executable instructions provided in the embodiments of the present application is not limited to the general operation of recovering from a smart grid attack as described above, and may also perform related operations in the voice recognition method provided in any embodiment of the present application.
The embodiment of the application provides a general method, computer equipment and a storage medium for recovering the attack of a smart grid, wherein after false data injection attack is detected, step one is carried out, and data measurement data speed and measurement data acceleration are estimated according to a time sequence measurement data inertia phenomenon and a proximity algorithm; secondly, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and the acceleration; and step three, obtaining the recovered system data value according to the optimization model. Steps one and two address giving preliminary guesses quickly after a spurious information injection attack. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.
Claims (10)
1. A general method for recovering smart grid attacks is characterized in that after a false data injection attack is detected, the method comprises the following steps:
firstly, estimating data measurement data speed and measurement data acceleration according to a time sequence measurement data inertia phenomenon and a proximity algorithm;
secondly, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and the acceleration;
and step three, obtaining the recovered system data value according to the optimization model.
2. The universal method for recovering from smart grid attacks as recited in claim 1, wherein after the injection of the dummy data is detected, a preliminary guess value of the state estimation is obtained based on a time series measured data inertia phenomenon and a proximity algorithm; and recovering the attacked node voltage by adopting a preset optimization model, and obtaining a recovery result by minimizing the system state change and the difference between the primary guess value and the attacked measurement value.
3. The generalized method of recovering from smart grid attacks as recited in claim 2, wherein the time series metrology data inertia phenomena comprises:
wherein the content of the first and second substances,is the measurement value of the ith measurement meter at time t,andrespectively defined as the measured data speed and the measured data acceleration of the ith measured electricity meter at the time t,andthe inertia characteristics of the measurement data are formed together, the measurement result is discrete along with time based on the measurement characteristics of the electric meter data, and the corresponding inertia data of the measurement data, including the speed and the acceleration, are correspondingly discrete along with time.
4. The universal method for recovering smart grid attacks according to claim 3, wherein the measured data speed is represented by a difference between adjacent state estimation measurement values, and the measured data acceleration is represented by a difference between adjacent measured data speeds, and in the first step, according to an inertia phenomenon of a measurement value of time series data, the following measured data speed and measured data acceleration representations are obtained:
wherein Γ = Γ j -Γ j-1 ,Γ j Represents a time point of a jth state estimate;
5. The universal method for recovering smart grid attacks according to claim 4, wherein in the second step, after the estimated values of the speed and the acceleration are obtained in the first step, according to Taylor series quadratic approximation, the initial guess value of data recovery is given by the following equation;
wherein the preliminary guess value given for the jth state estimate based on the taylor series quadratic approximation is represented as follows:
6. the universal method for recovering smart grid attacks according to claim 5, characterized in that a preliminary guess value of the inertia value is obtained based on the inertia value and a proximity algorithm; since the (j-1) th measurement data value is needed to calculate the preliminary guess value of the j-th inertia value and is unknown in the attack situation, the following proximity algorithm is used to estimate the measurement data velocity and the measurement data acceleration, and the following characteristics are adopted:
i.e. the preliminary pushThe value of the measured value is measured,andeach representsAndthe magnitude of the value is determined by a proximity algorithm based on the inertia value of a past period of time;and ψ (-) denotes a proximity algorithm relationship, L being the amount of data used by the algorithm; based onAnd an estimate of ψ (·), the preliminary guess of the required state estimate is expressed as follows:
7. the universal method for recovering smart grid attacks according to claim 6, characterized in that in step three, the system data value after recovery is solved by using the optimization equation by using the solution of the preliminary guess value and the system state; the optimization equation target is divided into two parts, wherein one part is the relative change of the system state, the other part is the relative change of the initial guess value and the recovery value, and the two parts are weighted and summed.
8. The universal method for recovering from smart grid attacks according to claim 7, based on the state estimation preliminary guess value and the current system state, having the following optimization model:
wherein the content of the first and second substances,for the voltage amplitude of the i-node,is the phase angle of the voltage at the i-node,is the active power of the node i and the node i,is the reactive power of the node i,the active transmission power from the i node to the j node,reactive power is transmitted from the node i to the node j;recovering variables as target variables, unifyingIndicating that the corner mark j indicates the jth measuring meter;
then it is indicated by the preliminary guess value, andrespectively representing the state value of the system after attack and the state value of the node i in the system after recovery, including the voltage amplitude V i a Phase angle of voltageOmega is a variable set; psi is a measurement table set; alpha and beta are respectively the weight of the system state value and the state estimation speculative value in recovery, and can be adjusted according to the actual situation; n is a radical of an alkyl radical 1 And n 2 Respectively node number and meter number.
9. A computer device, characterized in that the computer device comprises a plurality of computer devices, each computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processors of the plurality of computer devices when executing the computer program jointly implement the steps of the general method for recovering from a smart grid attack according to any one of claims 1 to 8.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the general method of recovering from a smart grid attack according to any one of claims 1 to 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210990204.9A CN115348094B (en) | 2022-08-18 | Universal method for recovering smart grid attack, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210990204.9A CN115348094B (en) | 2022-08-18 | Universal method for recovering smart grid attack, computer equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115348094A true CN115348094A (en) | 2022-11-15 |
CN115348094B CN115348094B (en) | 2024-07-02 |
Family
ID=
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2558534A (en) * | 2016-11-08 | 2018-07-18 | Univ Durham | Detecting a bad data injection event within an industrial control system |
CN112887274A (en) * | 2021-01-12 | 2021-06-01 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
US20210168175A1 (en) * | 2015-10-28 | 2021-06-03 | Qomplx, Inc. | Ai-driven defensive cybersecurity strategy analysis and recommendation system |
CN113746818A (en) * | 2021-08-23 | 2021-12-03 | 国网山东省电力公司济南供电公司 | Power system security defense method and device for false data injection attack |
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20210168175A1 (en) * | 2015-10-28 | 2021-06-03 | Qomplx, Inc. | Ai-driven defensive cybersecurity strategy analysis and recommendation system |
GB2558534A (en) * | 2016-11-08 | 2018-07-18 | Univ Durham | Detecting a bad data injection event within an industrial control system |
CN112887274A (en) * | 2021-01-12 | 2021-06-01 | 恒安嘉新(北京)科技股份公司 | Method and device for detecting command injection attack, computer equipment and storage medium |
CN113746818A (en) * | 2021-08-23 | 2021-12-03 | 国网山东省电力公司济南供电公司 | Power system security defense method and device for false data injection attack |
Non-Patent Citations (2)
Title |
---|
"计及通信失效的输电***信息物理协同恢复策略", 《电力***自动化》, 31 December 2021 (2021-12-31) * |
RUAN JIAQI等: "Deep learning aided interval state prediction for improving cyber security in energy internet.", 《ENERGY》, 1 May 2019 (2019-05-01) * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN115688488B (en) | Criterion determination method, criterion determination device, criterion determination equipment, computer storage medium and program product | |
JP7371148B2 (en) | Method, device, storage medium and program for determining vehicle positioning information | |
CN113048920B (en) | Method and device for measuring flatness of industrial structural part and electronic equipment | |
WO2009146246A1 (en) | System and method of improved kalman filtering for estimating the state of a dynamic system | |
CN111461164A (en) | Sample data set capacity expansion method and model training method | |
CN111739016A (en) | Target detection model training method and device, electronic equipment and storage medium | |
CN115221017A (en) | Method, system, equipment and storage medium for self-checking of server temperature sensor | |
US9547768B2 (en) | Privacy measurement and quantification | |
US7774160B2 (en) | Method, device, and system for verifying points determined on an elliptic curve | |
CN108985559A (en) | Air control data processing method, device, computer equipment and storage medium | |
Păun et al. | Sequentiality induced by spike number in SNP systems: small universal machines | |
EP2573719A1 (en) | Kalman filtering and inferential sensing for a system with uncertain dynamics | |
Liu et al. | An efficient nonlinear filter for spacecraft attitude estimation | |
CN115348094A (en) | Universal method for recovering smart grid attack, computer equipment and storage medium | |
CN114166312A (en) | Vehicle oil quantity measuring method and device, computer equipment and storage medium | |
CN115348094B (en) | Universal method for recovering smart grid attack, computer equipment and storage medium | |
CN117395043A (en) | Evaluation method, device, equipment and storage medium of cross-domain attack path | |
CN114614797B (en) | Adaptive filtering method and system based on generalized maximum asymmetric correlation entropy criterion | |
US20130325917A1 (en) | Maintaining dependencies among supernodes during repeated matrix factorizations | |
CN116032553A (en) | False data injection attack detection method, detection terminal and storage medium | |
CN113221307B (en) | Power distribution network transient operation topology identification method and device based on compressed sensing algorithm | |
US20150134807A1 (en) | Determining Community Gatekeepers in Networked Systems | |
CN113672159B (en) | Wind control method, wind control device, computing equipment and computer storage medium | |
Zhang et al. | A high-order level-set method with enhanced stability for curvature driven flows and surface diffusion motion | |
CN111429399A (en) | Straight line detection method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |