Research On Intrusion Detection Method Of Cyber-Physical Power System Of Distribution Network Based On Machine Learning

In the background of climate change and energy crisis resolution,the goal of " Carbon peak,Carbon neutralization" is promoting the transformation and upgrading of China’s energy structure and high-quality development,and is also promoting the theoretical research and practical application of the energy Internet.The deep integration of transportation networks,power networks,and information communication networks has become a typical cyber-physical system.In the field where a high proportion of distributed renewable energy and energy storage devices are connected,the electrified transportation system composed of electrified regional railways,urban rail transit,and electric vehicles has evolved into the transportation energy internet.The openness of the transportation energy internet enables the near elimination of distributed renewable energy,the horizontal multisource complementarity,and the vertical "power generation-transmission-loading-storage." coordination optimization,meanwhile,its cyber-physical power systems of the distribution network is facing diverse and complex network attacks also.The intrusion detection system deployed on the CPPS of distribution networks can detect abnormal attack behavior in time and reduce the security risk through network traffic data collection and analysis.At the same time,tens of thousands of intelligent terminals,sensors,AMIs,distributed renewable energy,distributed energy storage devices,and other devices and systems are connected to the CPPS.The network scale is expanding continuously,resulting in an explosive growth of business and network traffic data.It presents the characteristics of multisource,heterogeneous,massive,high-dimensional,dynamic data flow.It brings significant challenges to the traditional intrusion detection system based on anomaly detection.Therefore,intrusion detection technology research on network attacks facing the CPPS of distribution networks under transportation energy internet can effectively guarantee the power supply security of the transportation network,which has significant academic value and practical significance.This research,combined with machine learning technology,focuses on small sample data generation,feature dimension reduction,feature extraction,anomaly data classification,and other technologies in intrusion detection.There are and some innovative results have been gotten.The main work is summarized as follows:(1)Intrusion detection model building and performance evaluation based on anomaly detection.On the premise of in-depth analysis of the mechanisms of abnormal flow data characteristics,network attack characteristics,classified prediction of abnormal data,and model performance evaluation in the CPPS of distribution networks.Furthermore,a small sample data generation model emphasizes generating adversarial network as the core is built based on the fully connected network,recurrent network,and convolution network.Meanwhile,a feature reduction model with a stacked sparse autoencoder as the improvement foundation and a multi-classification model based on an artificial neural network are presented,and the overall architecture of the intrusion detection model is given.The performance evaluation indicators such as confusion matrix,precision,recall,F1 score,and inference time are set up for the above model,which lays a foundation for the research of intrusion detection technology based on machine learning.(2)To solve the problem that standard traffic data is much larger than anomalous data in intrusion detection and anomalous data shows small samples and the imbalance between sample classes,this research combines small sample learning theory and data enhancement method to study the generation of small sample data.Small sample data generation uses a small amount of data to learn the characteristics of the original data to achieve high-precision prediction of the model.The data enhancement method effectively solves the imbalance between sample classes and improves the learning ability and robustness of the model.This research presents a method to generate a small sample of intrusion data based on Wasserstein distance and the generative adversarial network.Wasserstein distance is used instead JS divergence to optimize the loss function of the generative adversarial network,which measures the difference between the generated data and the original data distribution.It solves the problem that the model cannot be trained thoroughly.To solve the problem of data imbalance among sample classes,conditional batch normalization and attention modules are added to the model of the native generative adversarial network,which makes the generated data from uncontrollable trends controlled and improves the performance of a conditional generative adversarial network.The combination of the two methods improves small samples and the imbalance between sample classes and improves the classification performance of anomalous data using unlabeled data.(3)In order to solve the inefficiency of processing and analysis of massive multisource heterogeneous high-dimensional data in the intrusion detection process,feature extraction and feature dimension reduction are studied by combining multicore learning theory and the autoencoder method.Feature reduction is to reduce the feature dimension and improve the efficiency of data processing and analysis without reducing the ability of original data expression and classification.This research,a feature reduction method based on a hybrid kernel function and stacked sparse autoencoder is presented.Using multicore learning theory,a hybrid kernel function is constructed to map the original non-linear raw data to a high-dimensional Hilbert space for feature linear segmentation,and then the feature data is further reduced by a stacked sparse autoencoder.The loss function of the stacked sparse autoencoder is reconstructed by using the joint constraints of a sparse penalty and the KL divergence regularization.Without affecting the performance of subsequent classification models,the combination of the two methods extracts multilevel features from the original data and reduces dimensionality,which improves the data processing and analysis efficiency of intrusion detection.(4)Intrusion detection based on anomaly detection is essentially an unsupervised multi-classification problem.The training of multi-classification models is usually completed by using labeled data,but the high cost of obtaining labeled data and the characteristics of dynamic data flow are the problems that must be faced in practical applications.To solve this problem,this research proposed a combined classification model based on a hybrid kernel function and improved stacked sparse autoencoder and ANN.Three sets of experiments are set to evaluate the performance of the method and verify the model.Firstly,the performance of two classical classification models based on traditional machine learning and deep learning is verified on public datasets.Secondly,the data after feature reduction in chapter 4 is used to conduct transverse performance comparison experiments on different classical deep learning classification models.Then,the performance of the classification model is evaluated by using the data generated from small samples in chapter 3,respectively,before and after data amplification.Finally,the classification model selected in this paper is verified to be optimal.Meanwhile,the performance of the proposed intrusion detection model is tested in the actual environment.The mirrored traffic data of the core switch of the distribution automation master system in a province is captured and converted into feature data by the CICFlowmeter tool,and then the feature data is trained to the intrusion detection model and deployed in the network.The model is tested from the perspectives of resource consumption,intrusion identification and load intensity,and the results prove that the proposed intrusion detection model is effective in the field of CPPS of distribution networks.In summary,under the field of a high proportion of distributed renewable energy and energy storage devices,the network attack means facing the CPPS of distribution network under the transportation energy internet are increasingly diverse,complex,and intelligent.This research,based on the machine learning method,small sample data generation,feature reduction,feature extraction,data classification,and anomaly detection are studied in depth,and solutions are proposed.The feasibility of the intrusion detection model method is verified by simulation experiments in different dimensions and tests in natural environments.The results of this research help improve the real-time detection rate and precision of the intrusion detection system based on anomaly detection,enhancing the intelligence and adaptability of the intrusion detection system,and improving the ability of the CPPS of distribution networks to recognize and perceive potential threats accurately in real-time from massive high-dimensional traffic data.