Research On Malicious Data Attack Model,Risk Assessment And Anomaly Detection Of Power Systems

The safe and reliable operation of electric power system is related to the ec onomic and national security of a country.With the application of advanced computer and communication technology,modern power system s is gradually transformed into an intelligent power system with high integration of information and physics.In recent years,a large number of sensors and communication networks have been deployed in China’s power system,which can obtain all kinds of real-time operation information of the power system,greatly improving the observability and controllability of the power system operation.However,on the other hand,it also makes the power system face serious security problems.Recent studies show that modern power system is facing serious threat from network attack due to the close combination of physical system and information system.The power grid as the important infrastructure of a country,is often a variety of cyber attacks happen areas,such as: hacker attacks,theft,denial of service,service,and is considered highly covert and destructive false data injection attacks,etc.,the smart grid security problem is widely considered to be a potentially catastrophic effects of major problems.Therefore,the research on the security of modern electric power information physical system is very important to guarantee the economic development and national defense security of our country.The attack mechanism,security risk assessment and abnormal data detection of malicious data injection attack on power information physical system are discussed.This paper is supported by the National Natural Science Foundation of China(No.51777062),the State Grid Hunan Communication Company-Power Control Security The research results fully consider the structural characteristics and operation logic of power information physical system,and put forward a series of key technologies and engineering practice strategies for the shortcomings of existing research results,which actively promote the theoretical research and practical application value of false data injection attacks in power information physical system.The main work and innovations are as follows:(1)This paper is based on a special type of power system network attack--false data injection attacks.Firstly,the basic principle of power system state estimation and bad data detection mechanism is analyzed,and then how false data injection attacks successfully bypass the bad data detection mechanism and manipulate the state estimation result is revealed.As a result,the security-constrained economic dispatch/SCED model formulates incorrect scheduling instructions under the guidance of incorrect state estimation results,which makes the power system deviate from the optimal operation state and even causes security problems.In order to improve the practical operability of the model in this paper,the strong assumption condition of traditional false data injection attacks is broken through,that is,the malicious attack vector is constructed and analyzed based on the local attack model independent of the global model of power topology.(2)The abnormal behavior characteristics of malicious attack vectors are studied and various algorithms that can effectively and accurately detect the traditional attacked samples in the existing research are comprehensively analyzed.Existing research shows that after a certain data processing metho d of massive historical measurement samples after feature extraction,these can represent the normal measure the characteristics of the sample data will be gathered in a feasible region within the scope of and in accordance with gaussian distribution(in the feasible region clustering center position characteristic of data can be considered the optimal power flow state measurement sample).However,the charact eristic data of the measurement samples carrying malicious injected data will be obviously far away from this feasible region and be regarded as outliers,so that the telemetry data collected can be effectively detected whether the telemetry data is attacked.Based on this characteristic,in order to further improve the effectiveness of malicious data attack,we propose a malicious data attack strategy with strong recessive,so that the characteristic data of the constructed malicious data attack vector can be hidden within the abnormal threshold range of the characteristic data of the normal measurement samples.Two kinds of malicious data injection attack models based on service characteristics are proposed to quantitatively analyze the damage caused by malicious data attack to the safe and stable operat ion of power system.(3)Aiming at the operation risk of power system under the threat of malicious data attack,this paper establishes a power network security risk assessment model,which is abstracted into a max-min two-level programming model.This evaluation model can effectively excavate the potential network security risks of the system,which is of great significance to the formulation of power network security defense strategy.In addition,a new fast algorithm is proposed to solve max-min bilevel programming problem because existing algorithms are difficult to solve effectively.On the one hand,the idea of iterative solution of upper and lower planning can reduce the computational complexity,and the number of iterations is less,and the approxima te solution of the model can be obtained quickly,which overcomes the shortcoming of low computational efficiency of traditional methods in dealing with large-scale power system.Adopted means of constraint and bound contraction,on the other hand,the bi-level programming model of multiple local optimal solution limit is outside the scope of solving the search domain,to provide an effective initial iteration process value,the final iteration result can be close to or equal to the global optimal solution,effectively overcome the shortcomings of traditional iterative algorithm to solve the low accuracy.(4)The basic principle of malicious data anomaly detection algorithm is analyzed emphatically,and a fast algorithm for malicious data anomaly detection in large-scale power system is proposed,which improves the detection efficiency of massive samples.Aiming at the problem that the strong hidden malicious data attack can make the measured samples carrying the attack data more hidden in the normal samples,which makes it difficult to detect,a false data sample detection strategy based on deep characteristic reduction algorithm is proposed.By studying the abnormal behavior characteristics of the strong recessive attack model,the characteristic data matri x composed of the measurement samples carrying attack data and the normal measurement samples was randomly sampled to find the suspected samples subjected to malicious data attacks.According to the boundary conditions of partial false data attack,the data restoration method is used to further judge the measured samples suspected to be attacked,which overcomes the shortcomings of the current abnormal detection algorithm of malicious data attack.(5)A power malicious data attack risk assessment and detect ion and warning platform based on engineering practice is established,which includes malicious data generation module,abnormal data detection module and security risk assessment module.The main function of the malicious data generation module is to take specific attack strategies to generate malicious tampered data that can affect the security of power regulation in the attack area of the input,providing support for subsequent analysis.The main function of abnormal data detection module is to analyze a bnormal data according to the maliciously tampered data generated by the malicious data generation module,and analyze abnormal characteristics of the measured samples carrying malicious data from different perspectives.The main function of the risk assessment and early warning module is to perform scheduling simulation by using the measured samples carrying malicious data to evaluate the risks caused by the maliciously tampered data injected at present and convert them into real-time alarm information.A detailed platform instruction and test plan are formulated.According to the requirements of power information physical system in security,economy and reliability,this paper analyzes the network security problems of power information physical system.Taking typical malicious data injection attack model as the research object,the attack mechanism,risk assessment model and abnormal data detection algorithm of malicious data attack are analyzed emphatically.In particular,a new generation of "strong recessive" malicious data attack strategy is proposed,and an effective anomaly detection algorithm is proposed to solve the problem that strong recessive malicious data attack is difficult to detect.The research results can provide valuable reference for the theoretical research and engineering practice application of network security analysis and defense in China’s power system.