CN115348094A - Universal method for recovering smart grid attack, computer equipment and storage medium - Google Patents

Universal method for recovering smart grid attack, computer equipment and storage medium Download PDF

Info

Publication number
CN115348094A
CN115348094A CN202210990204.9A CN202210990204A CN115348094A CN 115348094 A CN115348094 A CN 115348094A CN 202210990204 A CN202210990204 A CN 202210990204A CN 115348094 A CN115348094 A CN 115348094A
Authority
CN
China
Prior art keywords
value
data
recovering
measurement
smart grid
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210990204.9A
Other languages
Chinese (zh)
Other versions
CN115348094B (en
Inventor
阮嘉祺
朱一凡
梁高琪
赵俊华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chinese University of Hong Kong Shenzhen
Original Assignee
Chinese University of Hong Kong Shenzhen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chinese University of Hong Kong Shenzhen filed Critical Chinese University of Hong Kong Shenzhen
Priority to CN202210990204.9A priority Critical patent/CN115348094B/en
Priority claimed from CN202210990204.9A external-priority patent/CN115348094B/en
Publication of CN115348094A publication Critical patent/CN115348094A/en
Application granted granted Critical
Publication of CN115348094B publication Critical patent/CN115348094B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/11Complex mathematical operations for solving equations, e.g. nonlinear equations, general mathematical optimization problems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/17Function evaluation by approximation methods, e.g. inter- or extrapolation, smoothing, least mean square method
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computational Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Algebra (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Operations Research (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Supply And Distribution Of Alternating Current (AREA)

Abstract

The invention relates to a general method, computer equipment and a storage medium for recovering smart grid attacks, which relate to the field of network security and comprise the following steps: after injection of the false data is detected, a preliminary guess value of state estimation is obtained through a time sequence measurement data inertia phenomenon and a proximity algorithm; constructing an optimization model for data recovery according to the preliminary guess value and the power grid state; and operating the constructed data recovery optimization model to recover the data tampered by the network attack. By using the universal data recovery method aiming at the false data injection attack of the smart grid, false data tampered by network attack can be quickly recovered, economic influence caused by the network attack is relieved, and the running stability of the smart grid is improved.

Description

Universal method for recovering smart grid attack, computer equipment and storage medium
Technical Field
The invention relates to the field of network security, in particular to a general method, computer equipment and a storage medium for recovering smart grid attacks.
Background
With the rapid development of the smart power grid, the operating efficiency and the economic benefit of the power system are improved. Meanwhile, the network risk is greatly increased, and various network attack means are diversified. The method aims to destroy the integrity of data and further damage network assets by aiming at the false data injection attack of the smart grid, and has great concealment and destructiveness. Therefore, the data can be quickly recovered after the attack, and the loss reduction is an urgent need of the current smart grid for resisting the network attack.
Currently, various complex preset conditions and attack forms are often considered in research on data recovery after an attack, a part of the research needs a relatively stable power load environment, and a part of the research needs a large amount of attack data as example references, which are difficult to apply in a real scene.
Disclosure of Invention
In view of this, the embodiments of the present application provide a general method, a computer device, and a storage medium for recovering a smart grid attack, and unlike previous researches, the present invention adopts a suitable recovery method, which can omit the above preset conditions and perform data recovery on a false information injection attack by a general method.
In order to achieve the purpose, the invention provides the following technical scheme:
in a first aspect, an embodiment of the present application provides a general method for recovering a smart grid attack, where after a false data injection attack is detected, the method includes the following steps:
step one, estimating data measurement data speed and measurement data acceleration according to a time sequence measurement data inertia phenomenon and a proximity algorithm;
step two, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and acceleration;
and step three, obtaining a recovered system data value according to the optimization model.
As a further scheme of the invention, after the injection of the false data is detected, a preliminary guess value of the state estimation is obtained based on a time sequence measurement data inertia phenomenon and a proximity algorithm; and recovering the attacked node voltage by adopting a preset optimization model, and obtaining a recovery result by minimizing the system state change and the difference between the primary guess value and the attacked measurement value.
As a further aspect of the present invention, the time series measurement data inertia phenomenon includes:
Figure BDA0003803536390000021
Figure BDA0003803536390000022
wherein
Figure BDA0003803536390000023
Is the measurement value of the ith measurement meter at time t,
Figure BDA0003803536390000024
and
Figure BDA0003803536390000025
respectively defined as the measured data speed and the measured data acceleration of the ith measured electricity meter at the time t. Which together constitute the inertial characteristics of the measurement data. The measurement result is discrete with time in consideration of the measurement characteristics of the electric meter data. Accordingly, the corresponding inertial data of the measurement data (including velocity and acceleration as described above) is also correspondingly discrete over time.
As a further aspect of the present invention, in this case, the measurement data velocity may be represented by a difference between adjacent state estimation measurement values, and the measurement data acceleration may be represented by a difference between adjacent measurement data velocities, and in step one, based on the time series data measurement value inertia phenomenon, the following measurement data velocity and measurement data acceleration representations may be obtained:
Figure BDA0003803536390000026
Figure BDA0003803536390000027
wherein Γ = Γ jj-1 ,Γ j Represents a time point of a jth state estimate;
wherein
Figure BDA0003803536390000028
And
Figure BDA0003803536390000029
respectively represent the (j-1) th velocity and acceleration,
Figure BDA00038035363900000210
representing the jth measurement.
As a further scheme of the invention, the step two: after the estimated values of the speed and the acceleration are obtained through the first step, according to Taylor series quadratic approximation, a preliminary guess value of data recovery is given through the following equation;
in view of the case of spurious information injection, the preliminary guess value that can give the jth state estimate based on taylor series quadratic approximation is expressed as follows:
Figure BDA0003803536390000031
as a further aspect of the present invention, a preliminary guess value of the inertia value may be obtained based on the inertia value and a proximity algorithm, and since the (j-1) th measurement data value is required to calculate the preliminary guess value of the jth inertia value and is unknown in an attacked situation, the following proximity algorithm is used to estimate the measurement data velocity and the measurement data acceleration, which is specifically characterized as follows:
Figure BDA0003803536390000032
Figure BDA0003803536390000033
Figure BDA0003803536390000034
that is to say the preliminary guess value,
Figure BDA0003803536390000035
and
Figure BDA0003803536390000036
respectively represent as defined in claim 2
Figure BDA0003803536390000037
And
Figure BDA0003803536390000038
the magnitude of which is determined by the proximity algorithm based on the inertial value over a period of time.
Figure BDA0003803536390000039
And ψ (-) denotes the proximity algorithm relationship, L being the amount of data used by the algorithm. Based on these two estimates, the preliminary guess of the required state estimate is expressed as follows:
Figure BDA00038035363900000310
as a further scheme of the invention, in the third step, the preliminary guess value and the system state are solved, and the recovered system data value is solved based on the optimization equation. The optimization equation target is divided into two parts, wherein one part is the relative change of the system state, the other part is the relative change of the initial guess value and the recovery value, and the two parts are weighted and summed;
based on the state estimation preliminary guess value and the current system state, the following optimization model is provided:
Obj:
Figure BDA00038035363900000311
S.t.:
Figure BDA00038035363900000312
Figure BDA00038035363900000313
Figure BDA00038035363900000314
Figure BDA00038035363900000315
Figure BDA0003803536390000041
Figure BDA0003803536390000042
Figure BDA0003803536390000043
wherein
Figure BDA0003803536390000044
Is the magnitude of the voltage at the i-node,
Figure BDA0003803536390000045
is the phase angle of the voltage at the i-node,
Figure BDA0003803536390000046
the active power of the node i is the active power,
Figure BDA0003803536390000047
is the reactive power of the node i,
Figure BDA0003803536390000048
the power is actively transmitted from the i node to the j node,
Figure BDA0003803536390000049
reactive power is transmitted from the node i to the node j;
Figure BDA00038035363900000410
variables are target recovery variables, which are unified with
Figure BDA00038035363900000411
In this representation, the corner mark j indicates the jth meter.
Figure BDA00038035363900000412
The preliminary guess value obtained from claim 3 is indicated.
Figure BDA00038035363900000413
And
Figure BDA00038035363900000414
respectively representing the state value of the system after attack and the state value of the node i in the system after recovery, including the voltage amplitude
Figure BDA00038035363900000415
Phase angle of voltage
Figure BDA00038035363900000416
Omega is a variable set; Ψ is a set of measurement tables. Alpha and beta are respectively the weight of the system state value and the state estimation speculative value in the recovery, and can be adjusted according to the actual situation. n is 1 And n 2 Respectively the number of nodes and the number of electric meters.
As a further aspect of the invention, steps one and two address giving preliminary guesses quickly after being attacked by spurious information injection. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
In a second aspect, an embodiment of the present invention provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the steps of the above general method for recovering from a smart grid attack.
In a third aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps of the above general method for recovering from a smart grid attack.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the embodiment of the application provides a general method, computer equipment and a storage medium for recovering smart grid attacks, and after a false data injection attack is detected, the first step is that data measurement data speed and measurement data acceleration are estimated according to a time sequence measurement data inertia phenomenon and a proximity algorithm; step two, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and acceleration; and step three, obtaining the recovered system data value according to the optimization model. Steps one and two address giving preliminary guesses quickly after a spurious information injection attack. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
These and other aspects of the present application will be more readily apparent from the following description of the embodiments. It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application. In the drawings:
FIG. 1 is a schematic diagram illustrating changes in meter data and changes in system power load over time in a general method of recovering from a smart grid attack in an exemplary embodiment of the invention;
FIG. 2 is a diagram schematically illustrating a comparison of a normal value, an attacked value and a preliminary guessed value of measured data after a certain system attack in a general method for recovering smart grid attack in an exemplary embodiment of the invention;
FIG. 3 is a diagram schematically illustrating a comparison of a recovery value with a normal value after a system is attacked at a certain time in a general method for recovering smart grid attacks in an exemplary embodiment of the invention;
FIG. 4 is a diagram schematically illustrating a normal value of a node voltage amplitude after a system is attacked a certain time, and a comparison between the attacked value and a recovery value in a general method for recovering smart grid attack in an exemplary embodiment of the present invention;
FIG. 5 is a diagram schematically illustrating a normal value of a node voltage phase angle after a certain system attack, a comparison between the attacked value and a recovery value in a general method for recovering smart grid attack in an exemplary embodiment of the invention
Fig. 6 is a diagram of a hardware architecture of a computer device in an embodiment of the invention.
The objectives, features, and advantages of the present application will be further described with reference to the accompanying drawings.
Detailed Description
The present application is further described with reference to the accompanying drawings and the detailed description, and it should be noted that, in the present application, the embodiments or technical features described below may be arbitrarily combined to form a new embodiment without conflict.
It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The present application will be described in further detail with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the application and are not limiting of the application. It should be further noted that, for the convenience of description, only some of the structures related to the present application are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as schematics. Although a diagram depicts steps as a sequential process, many of the steps may be performed in parallel, concurrently, or simultaneously. In addition, the order of the steps may be rearranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Because various complex preset conditions and attack forms are generally required to be considered in the current research on data recovery after attack, part of the current research needs a relatively stable power load environment, and part of the current research needs a large amount of attack data as example reference, which are difficult to apply in a real scene.
Therefore, the invention provides a general method, computer equipment and a storage medium for recovering the smart grid attack, which are different from the previous research.
In an example of the present invention, please refer to fig. 1 to fig. 5, which are used for describing a general method for recovering a smart grid attack according to an embodiment of the present application, where the method may be performed by a general apparatus for recovering a smart grid attack, and the apparatus may be implemented by software and/or hardware, and may be generally integrated in an electronic device. After detecting a spurious data injection attack, the method comprises:
step 1, estimating data measurement data speed and measurement data acceleration according to a time sequence measurement data inertia phenomenon and a proximity algorithm.
And 2, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and the acceleration.
And 3, obtaining the recovered system data value according to the optimization model.
Therein, FIG. 1 depicts measurements from three meters randomly in a system, and a plot of total load of the system power over time. From this image, it is clear that the change in the meter measurement is positively/negatively correlated to the change in the total system load. Thereby reflecting the presence of measurement data inertia.
Fig. 2 to 5 illustrate the comparison of the related meter data and the system data after the system passes a certain attack and recovers the data. The attack is set in an IEEE-30 node system, and the system load adopts a real load curve. First, the fault data injection attack appears as randomly changing the voltage (including the amplitude and phase angle) of several nodes of the system, and in fig. 4 and 5, it can be seen that in this example, 5 nodes are attacked, and the node voltage amplitude and phase angle are changed abnormally to different degrees. Shown on the meter data as the dashed blue line in fig. 1. It can be seen that a large number of meters change after being attacked. After that, the preliminary guess values obtained through the first and second processes are the red dashed lines in fig. 2. In this case, the preliminary guess may achieve relatively good recovery. And after the model optimization of the step three, the recovery line is almost coincident with the normal line. It reflects that the recovery process has good effect. The recovery error of this model optimization is almost negligible through a large number of example statistics.
In some embodiments, after the injection of the spurious data is detected, a preliminary guess value of the state estimation is obtained based on a time series measurement data inertia phenomenon and a proximity algorithm; and recovering the voltage of the attacked node by adopting a preset optimization model, and obtaining a recovery result by minimizing the state change of the system and the difference between the initial guess value and the attacked measurement value.
In some embodiments, the time series metrology data inertia phenomena include:
Figure BDA0003803536390000081
Figure BDA0003803536390000082
wherein
Figure BDA0003803536390000083
Is the measurement value of the ith measurement meter at time t,
Figure BDA0003803536390000084
and
Figure BDA0003803536390000085
respectively defined as the measured data speed and the measured data acceleration of the ith measured electricity meter at the time t. Which together constitute the inertial characteristics of the measurement data. The measurement result is discrete with time in consideration of the measurement characteristics of the electric meter data. Accordingly, the corresponding inertial data of the measurement data (including velocity as described above)Degrees and accelerations) are also correspondingly discrete over time.
In some embodiments, in this case, the measured data velocity may be represented by a difference between adjacent state estimate measurements and the measured data acceleration may be represented by a difference between adjacent measured data velocities, and in step one, from the time series data metrology inertia phenomena, the following measured data velocity and measured data acceleration representations may be obtained:
Figure BDA0003803536390000086
Figure BDA0003803536390000087
wherein Γ = Γ jj-1 ,Γ j Represents a time point of a jth state estimate;
wherein
Figure BDA0003803536390000088
And
Figure BDA0003803536390000089
respectively represent the (j-1) th velocity and acceleration,
Figure BDA00038035363900000810
representing the jth measurement.
In some embodiments, step two: after the estimated values of the speed and the acceleration are obtained through the first step, according to Taylor series quadratic approximation, a preliminary guess value of data recovery is given through the following equation;
in view of the case of spurious information injection, the preliminary guess value that can give the jth state estimate based on taylor series quadratic approximation is expressed as follows:
Figure BDA0003803536390000091
in some embodiments, based on the inertia values and the proximity algorithm, a preliminary guess value of the inertia values may be obtained, since calculating the preliminary guess value of the (j-1) th inertia value requires the jth measurement data value, which is unknown in the attacked situation, the following proximity algorithm is used to estimate the measurement data velocity and the measurement data acceleration, which is characterized in particular as follows:
Figure BDA0003803536390000092
Figure BDA0003803536390000093
Figure BDA0003803536390000094
that is to say the preliminary guess value,
Figure BDA0003803536390000095
and
Figure BDA0003803536390000096
respectively represent as defined in claim 2
Figure BDA0003803536390000097
And
Figure BDA0003803536390000098
the magnitude of which is determined by the proximity algorithm based on the inertial value over a period of time.
Figure BDA0003803536390000099
And ψ (-) denotes the proximity algorithm relationship, L being the amount of data used by the algorithm. Based on these two estimates, the preliminary guess of the required state estimate is expressed as follows:
Figure BDA00038035363900000910
in some embodiments, in step three, the recovered system data values are solved using the optimization equations using the solution preliminary guess values and the system states. The optimization equation target is divided into two parts, wherein one part is the relative change of the system state, the other part is the relative change of the initial guess value and the recovery value, and the two parts are weighted and summed;
based on the state estimation preliminary guess value and the current system state, the following optimization model is provided:
Obj:
Figure BDA00038035363900000911
S.t.:
Figure BDA00038035363900000912
Figure BDA00038035363900000913
Figure BDA00038035363900000914
Figure BDA0003803536390000101
Figure BDA0003803536390000102
Figure BDA0003803536390000103
Figure BDA0003803536390000104
wherein
Figure BDA0003803536390000105
For the voltage amplitude of the i-node,
Figure BDA0003803536390000106
is the phase angle of the voltage at the i-node,
Figure BDA0003803536390000107
the active power of the node i is the active power,
Figure BDA0003803536390000108
is the reactive power of the i-node,
Figure BDA0003803536390000109
the active transmission power from the i node to the j node,
Figure BDA00038035363900001010
transmitting power from the node i to the node j in a reactive mode;
Figure BDA00038035363900001011
variables are target recovery variables, which are unified
Figure BDA00038035363900001012
The angle S indicates the jth meter.
Figure BDA00038035363900001013
The preliminary guess value obtained from claim 3 is indicated.
Figure BDA00038035363900001014
And
Figure BDA00038035363900001015
respectively representing the state value of the system after attack and the state value of the node i in the system after recovery, including the voltage amplitude
Figure BDA00038035363900001016
Phase angle of voltage
Figure BDA00038035363900001017
Omega is a variable set; psiIs a measurement table set. Alpha and beta are respectively the weight of the system state value and the state estimation speculative value in the recovery, and can be adjusted according to the actual situation. n is a radical of an alkyl radical 1 And n 2 Respectively the number of nodes and the number of electric meters.
In some embodiments, steps one and two address giving preliminary guesses quickly after being attacked by spurious information injection. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
The embodiment of the application provides a general method, computer equipment and a storage medium for recovering smart grid attacks, and after a false data injection attack is detected, the first step is that data measurement data speed and measurement data acceleration are estimated according to a time sequence measurement data inertia phenomenon and a proximity algorithm; secondly, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and the acceleration; and step three, obtaining the recovered system data value according to the optimization model. Steps one and two address the fast giving of preliminary guesses after a spurious information injection attack. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
It should be understood that although the steps are described above in a certain order, the steps are not necessarily performed in the order described. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, some steps of this embodiment may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a part of the steps or stages in other steps.
As shown in fig. 6, the computer apparatus includes a plurality of computer apparatuses 1000, in an embodiment, components of the general apparatus for recovering from a smart grid attack may be distributed in different computer apparatuses 1000, and the computer apparatus 1000 may be a smartphone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server, or a rack server (including an independent server or a server cluster formed by a plurality of servers) that executes a program, and the like. The computer device 1000 of the present embodiment includes at least but is not limited to: a memory 1001 and a processor 1002 communicatively coupled to each other via a system bus. It is noted that fig. 6 only shows the computer device 1000 with a component memory 1001 and a processor 1002, but it is to be understood that not all shown components need to be implemented, and more or fewer components may instead be implemented.
In this embodiment, the memory 1001 (i.e., a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 1001 may be an internal storage unit of the computer device 1000, such as a hard disk or a memory of the computer device 1000. In other embodiments, the memory 1001 may also be an external storage device of the computer device 1000, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 1000. Of course, the memory 1001 may also include both internal and external storage devices of the computer device 1000. In this embodiment, the memory 1001 is generally used to store an operating system and various application software installed in the computer device, for example, the general-purpose device for recovering from a smart grid attack in the embodiment. Further, the memory 1001 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 1002 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 1002 generally operates to control the overall operation of the computer device 1000. In this embodiment, the processor 1002 is configured to execute program codes stored in the memory 1001 or process data. The general method for recovering from a smart grid attack according to the embodiment is implemented when the processors 1002 of the plurality of computer devices 1000 of the computer device of the embodiment execute a computer program together, and the method includes:
after the injection of the false data is detected, a preliminary guess value of state estimation is obtained based on a time sequence measurement data inertia phenomenon and a proximity algorithm; and recovering the attacked node voltage by adopting a preset optimization model, and obtaining a recovery result by minimizing the system state change and the difference between the primary guess value and the attacked measurement value.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a general hardware platform, and certainly can also be implemented by hardware. It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by computer programs, which may be stored in a computer-compatible storage medium, and which, when executed, may include processes of the embodiments of the methods described above.
Embodiments of the present application also provide a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application store, etc., on which a computer program is stored, which when executed by a processor implements a corresponding function. The computer-readable storage medium stores the universal device 10 for recovering a smart grid attack of the embodiment, and when executed by a processor, the universal method for recovering a smart grid attack of the embodiment is implemented, where the method includes:
after the injection of the false data is detected, a preliminary guess value of state estimation is obtained based on a time sequence measurement data inertia phenomenon and a proximity algorithm; and recovering the voltage of the attacked node by adopting a preset optimization model, and obtaining a recovery result by minimizing the state change of the system and the difference between the initial guess value and the attacked measurement value.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner.
Storage medium-any of various types of memory devices or storage devices. The term "storage medium" is intended to include: mounting media such as CD-ROM, floppy disk, or tape devices; computer system memory or random access memory such as DRAM, DDRRAM, SRAM, EDORAM, lanbas (Rambus) RAM, etc.; non-volatile memory such as flash memory, magnetic media (e.g., hard disk or optical storage); registers or other similar types of memory elements, etc. The storage medium may also include other types of memory or combinations thereof. In addition, the storage medium may be located in a first computer system in which the program is executed, or may be located in a different second computer system connected to the first computer system through a network (such as the internet). The second computer system may provide program instructions to the first computer for execution. The term "storage media" may include two or more storage media that may reside in different locations, such as in different computer systems that are connected by a network. The storage medium may store program instructions (e.g., embodied as a computer program) that are executable by one or more processors.
Of course, the storage medium containing the computer-executable instructions provided in the embodiments of the present application is not limited to the general operation of recovering from a smart grid attack as described above, and may also perform related operations in the voice recognition method provided in any embodiment of the present application.
The embodiment of the application provides a general method, computer equipment and a storage medium for recovering the attack of a smart grid, wherein after false data injection attack is detected, step one is carried out, and data measurement data speed and measurement data acceleration are estimated according to a time sequence measurement data inertia phenomenon and a proximity algorithm; secondly, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and the acceleration; and step three, obtaining the recovered system data value according to the optimization model. Steps one and two address giving preliminary guesses quickly after a spurious information injection attack. In practical applications, there may be some fluctuation in the power load of the smart grid system, and therefore the preliminary guess has some error. Meanwhile, the false information injection attack aims at modifying data of a plurality of nodes, and the recovery process does not cause too much fluctuation to the node state value of the whole system. In view of the above, we need to use the optimization model in step three to minimize the change degree of the node data while using the preliminary guess value. Other constraints in the optimization model are determined by the operating conditions of the power system.
The above description is only a preferred embodiment of the present application, and not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application, or which are directly or indirectly applied to other related technical fields, are included in the scope of the present application.

Claims (10)

1. A general method for recovering smart grid attacks is characterized in that after a false data injection attack is detected, the method comprises the following steps:
firstly, estimating data measurement data speed and measurement data acceleration according to a time sequence measurement data inertia phenomenon and a proximity algorithm;
secondly, obtaining a preliminary presumption value of the measurement data through Taylor approximate calculation according to the obtained speed and the acceleration;
and step three, obtaining the recovered system data value according to the optimization model.
2. The universal method for recovering from smart grid attacks as recited in claim 1, wherein after the injection of the dummy data is detected, a preliminary guess value of the state estimation is obtained based on a time series measured data inertia phenomenon and a proximity algorithm; and recovering the attacked node voltage by adopting a preset optimization model, and obtaining a recovery result by minimizing the system state change and the difference between the primary guess value and the attacked measurement value.
3. The generalized method of recovering from smart grid attacks as recited in claim 2, wherein the time series metrology data inertia phenomena comprises:
Figure FDA0003803536380000011
Figure FDA0003803536380000012
wherein the content of the first and second substances,
Figure FDA0003803536380000014
is the measurement value of the ith measurement meter at time t,
Figure FDA0003803536380000015
and
Figure FDA0003803536380000016
respectively defined as the measured data speed and the measured data acceleration of the ith measured electricity meter at the time t,
Figure FDA0003803536380000017
and
Figure FDA0003803536380000018
the inertia characteristics of the measurement data are formed together, the measurement result is discrete along with time based on the measurement characteristics of the electric meter data, and the corresponding inertia data of the measurement data, including the speed and the acceleration, are correspondingly discrete along with time.
4. The universal method for recovering smart grid attacks according to claim 3, wherein the measured data speed is represented by a difference between adjacent state estimation measurement values, and the measured data acceleration is represented by a difference between adjacent measured data speeds, and in the first step, according to an inertia phenomenon of a measurement value of time series data, the following measured data speed and measured data acceleration representations are obtained:
Figure FDA0003803536380000013
Figure FDA0003803536380000021
wherein Γ = Γ jj-1j Represents a time point of a jth state estimate;
wherein the content of the first and second substances,
Figure FDA0003803536380000026
and
Figure FDA0003803536380000027
respectively represent the (j-1) th velocity and acceleration,
Figure FDA0003803536380000028
representing the jth measurement.
5. The universal method for recovering smart grid attacks according to claim 4, wherein in the second step, after the estimated values of the speed and the acceleration are obtained in the first step, according to Taylor series quadratic approximation, the initial guess value of data recovery is given by the following equation;
wherein the preliminary guess value given for the jth state estimate based on the taylor series quadratic approximation is represented as follows:
Figure FDA0003803536380000022
6. the universal method for recovering smart grid attacks according to claim 5, characterized in that a preliminary guess value of the inertia value is obtained based on the inertia value and a proximity algorithm; since the (j-1) th measurement data value is needed to calculate the preliminary guess value of the j-th inertia value and is unknown in the attack situation, the following proximity algorithm is used to estimate the measurement data velocity and the measurement data acceleration, and the following characteristics are adopted:
Figure FDA0003803536380000023
Figure FDA0003803536380000024
Figure FDA0003803536380000029
i.e. the preliminary pushThe value of the measured value is measured,
Figure FDA00038035363800000210
and
Figure FDA00038035363800000211
each represents
Figure FDA00038035363800000212
And
Figure FDA00038035363800000213
the magnitude of the value is determined by a proximity algorithm based on the inertia value of a past period of time;
Figure FDA00038035363800000214
and ψ (-) denotes a proximity algorithm relationship, L being the amount of data used by the algorithm; based on
Figure FDA00038035363800000215
And an estimate of ψ (·), the preliminary guess of the required state estimate is expressed as follows:
Figure FDA0003803536380000025
7. the universal method for recovering smart grid attacks according to claim 6, characterized in that in step three, the system data value after recovery is solved by using the optimization equation by using the solution of the preliminary guess value and the system state; the optimization equation target is divided into two parts, wherein one part is the relative change of the system state, the other part is the relative change of the initial guess value and the recovery value, and the two parts are weighted and summed.
8. The universal method for recovering from smart grid attacks according to claim 7, based on the state estimation preliminary guess value and the current system state, having the following optimization model:
Obj:
Figure FDA0003803536380000031
S.t.:
Figure FDA0003803536380000032
Figure FDA0003803536380000033
Figure FDA0003803536380000034
Figure FDA0003803536380000035
Figure FDA0003803536380000036
Figure FDA0003803536380000037
Figure FDA0003803536380000038
wherein the content of the first and second substances,
Figure FDA0003803536380000039
for the voltage amplitude of the i-node,
Figure FDA00038035363800000310
is the phase angle of the voltage at the i-node,
Figure FDA00038035363800000311
is the active power of the node i and the node i,
Figure FDA00038035363800000312
is the reactive power of the node i,
Figure FDA00038035363800000313
the active transmission power from the i node to the j node,
Figure FDA00038035363800000314
reactive power is transmitted from the node i to the node j;
Figure FDA00038035363800000315
recovering variables as target variables, unifying
Figure FDA00038035363800000316
Indicating that the corner mark j indicates the jth measuring meter;
Figure FDA00038035363800000317
then it is indicated by the preliminary guess value, and
Figure FDA00038035363800000318
respectively representing the state value of the system after attack and the state value of the node i in the system after recovery, including the voltage amplitude V i a Phase angle of voltage
Figure FDA00038035363800000319
Omega is a variable set; psi is a measurement table set; alpha and beta are respectively the weight of the system state value and the state estimation speculative value in recovery, and can be adjusted according to the actual situation; n is a radical of an alkyl radical 1 And n 2 Respectively node number and meter number.
9. A computer device, characterized in that the computer device comprises a plurality of computer devices, each computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processors of the plurality of computer devices when executing the computer program jointly implement the steps of the general method for recovering from a smart grid attack according to any one of claims 1 to 8.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the general method of recovering from a smart grid attack according to any one of claims 1 to 8.
CN202210990204.9A 2022-08-18 Universal method for recovering smart grid attack, computer equipment and storage medium Active CN115348094B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210990204.9A CN115348094B (en) 2022-08-18 Universal method for recovering smart grid attack, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210990204.9A CN115348094B (en) 2022-08-18 Universal method for recovering smart grid attack, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115348094A true CN115348094A (en) 2022-11-15
CN115348094B CN115348094B (en) 2024-07-02

Family

ID=

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2558534A (en) * 2016-11-08 2018-07-18 Univ Durham Detecting a bad data injection event within an industrial control system
CN112887274A (en) * 2021-01-12 2021-06-01 恒安嘉新(北京)科技股份公司 Method and device for detecting command injection attack, computer equipment and storage medium
US20210168175A1 (en) * 2015-10-28 2021-06-03 Qomplx, Inc. Ai-driven defensive cybersecurity strategy analysis and recommendation system
CN113746818A (en) * 2021-08-23 2021-12-03 国网山东省电力公司济南供电公司 Power system security defense method and device for false data injection attack

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210168175A1 (en) * 2015-10-28 2021-06-03 Qomplx, Inc. Ai-driven defensive cybersecurity strategy analysis and recommendation system
GB2558534A (en) * 2016-11-08 2018-07-18 Univ Durham Detecting a bad data injection event within an industrial control system
CN112887274A (en) * 2021-01-12 2021-06-01 恒安嘉新(北京)科技股份公司 Method and device for detecting command injection attack, computer equipment and storage medium
CN113746818A (en) * 2021-08-23 2021-12-03 国网山东省电力公司济南供电公司 Power system security defense method and device for false data injection attack

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"计及通信失效的输电***信息物理协同恢复策略", 《电力***自动化》, 31 December 2021 (2021-12-31) *
RUAN JIAQI等: "Deep learning aided interval state prediction for improving cyber security in energy internet.", 《ENERGY》, 1 May 2019 (2019-05-01) *

Similar Documents

Publication Publication Date Title
CN115688488B (en) Criterion determination method, criterion determination device, criterion determination equipment, computer storage medium and program product
JP7371148B2 (en) Method, device, storage medium and program for determining vehicle positioning information
CN113048920B (en) Method and device for measuring flatness of industrial structural part and electronic equipment
WO2009146246A1 (en) System and method of improved kalman filtering for estimating the state of a dynamic system
CN111461164A (en) Sample data set capacity expansion method and model training method
CN111739016A (en) Target detection model training method and device, electronic equipment and storage medium
CN115221017A (en) Method, system, equipment and storage medium for self-checking of server temperature sensor
US9547768B2 (en) Privacy measurement and quantification
US7774160B2 (en) Method, device, and system for verifying points determined on an elliptic curve
CN108985559A (en) Air control data processing method, device, computer equipment and storage medium
Păun et al. Sequentiality induced by spike number in SNP systems: small universal machines
EP2573719A1 (en) Kalman filtering and inferential sensing for a system with uncertain dynamics
Liu et al. An efficient nonlinear filter for spacecraft attitude estimation
CN115348094A (en) Universal method for recovering smart grid attack, computer equipment and storage medium
CN114166312A (en) Vehicle oil quantity measuring method and device, computer equipment and storage medium
CN115348094B (en) Universal method for recovering smart grid attack, computer equipment and storage medium
CN117395043A (en) Evaluation method, device, equipment and storage medium of cross-domain attack path
CN114614797B (en) Adaptive filtering method and system based on generalized maximum asymmetric correlation entropy criterion
US20130325917A1 (en) Maintaining dependencies among supernodes during repeated matrix factorizations
CN116032553A (en) False data injection attack detection method, detection terminal and storage medium
CN113221307B (en) Power distribution network transient operation topology identification method and device based on compressed sensing algorithm
US20150134807A1 (en) Determining Community Gatekeepers in Networked Systems
CN113672159B (en) Wind control method, wind control device, computing equipment and computer storage medium
Zhang et al. A high-order level-set method with enhanced stability for curvature driven flows and surface diffusion motion
CN111429399A (en) Straight line detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant