Research Of Cyber-physical Coordinative Defense Methods For Cyber-attacks Against Power Systems

With the construction of smart grid,the communication,computing and control capabilities of the grid have been greatly developed.The cyber system and physical system of the power system are linked more closely,which reflect the characteristics of a typical cyber physical system(CPS).Supported by a high-speed communication network and distributed intelligent terminals,real-time monitoring and flexible control of such a power system can be achieved.However,such systems also pose potential cyber-attack risks.At present,to resist cyber-attacks,conventional ICT for power systems usually depends on intrusion detection systems(IDSs),which focus on virus intrusion processes.But these protection methods face great challenges under novel cyber-attacks against engineering failures.For such attack methods that are difficult to be detected by traditional IDSs,cyber physical power systems(CPPSs)should consider coordinated defense methods against cyber-attacks based on the deep coupling characteristics of CPPS cyber side and physical side.Aiming at the prevention and protection against cyber-attacks in CPPS,the research on coordinative defense methods is carried out in this paper.On the basis of the analysis and conclusions of current achievements on cyber-attack modelling,awareness,detection and defense,the main contents and contributions of this research are listed as follows.1)The analysis and step-by-step decomposition of typical CPPS cyber-attack incident are carried out,and the difficulties and key issues that need to be solved in each defense stage of CPPS are summarized.On this basis,a cyber-physical coordinated CPPS depth defense architecture against cyber-attacks is proposed.2)To defend against potential cyber-attacks when CPPS is on the steady state,a dynamic weight ensemble isolation forest algorithm is proposed to mine anomaly system state utilizing cyber physical bilateral information.Unsupervised learning and integrated learning methods are applied to construct subtrees of the isolated forest and integrated forest models,and finally the genetic algorithm is used to optimize the weight of each forest to build a stable attack awareness model.3)To identify the cause of the faults on the physical side,a cyber-physical sequence-data fusion method is proposed to synergistically combine the bilateral data.A sequence feature extraction method is then proposed to extract the features of different scenarios,which are called characteristic sequences.An integrated empirical-sequence-driven and data-driven identification model is proposed that satisfies the accuracy and speed requirements for practical online application.This model enables online identification with stable performance considering communication delay.The output of the integrated model could offer references for proper countermeasures in power system transient process.4)To effectively deal with engineering failures caused by cyber-attacks,an anticipated fault sets generation method considering cyber-attacks for CPPS is proposed.Then a doublelayer cyber physical cooperative control strategy adjustment method is proposed based on the feasibility judgement of the established strategy by an expandable judgement function.Considering the status of cyber modules and physical devices infected by cyber-attacks,cyberphysical coordinated adjustment of post-emergency control measures of CPPS can be achieved.