Research On Data-Driven Power CPS Network Attack Detectionand Classification Model

With the rapid development of communication technology,the modern power system has been transformed into the Cyber Physical System(CPS).The interaction of information flow increases the operating efficiency of the power grid,but it also increases the way for attackers to carry out interactive attacks,which makes the power grid face great security problems.How to effectively detect and classify power CPS network attacks has become an important issue.research topic.Aiming at the problems of time-series-related features,high-dimensional features and model parameter tuning in the current power CPS network attack detection and classification model,this paper establishes a power CPS network attack detection model and a classification model based on a data-driven method.The main research results are as follows:1)Most of the existing power CPS network attack detection methods use intelligent algorithms,but they have the defect of incomplete attack data samples.Since intelligent algorithms need normal data and attack data during training,when the attack data is incomplete,the detection accuracy will be low..In addition,most of them do not consider temporal correlation and local features of samples,and the generalization ability is low.In order to solve the above problems,this paper proposes a power CPS network attack detection model based on manifold learning.The model only needs to collect the historical measurement data under the normal operation of the power grid,and then an offline model can be established to obtain a T~2 statistical limit.The obtained statistic is compared with the statistic limit.If it exceeds the statistic limit,it means that there is a network attack.Finally,an example is used to verify that the model has a good detection effect.2)Aiming at the high-dimensional characteristics of current power CPS network attack data and the problem of model parameter tuning,this paper proposes a power CPS network attack classification model based on sparse autoencoder-particle swarm optimization-random forest(SAE-PSO-RF).The data used includes natural emergencies and various network attack events.First,based on the sparse auto-encoder,hierarchical feature extraction is performed on the data to obtain low-dimensional feature data,and then the particle swarm optimization algorithm is used to perform parameter self-tuning.Random forests classify and identify data.The given model has good practicability.The experimental results show that the proposed model can not only effectively distinguish various types of attacks,but also distinguish emergencies and network attack events,and the classification effect is better than the traditional machine learning model.3)A software system of power CPS network attack detection and classification is designed.The system can realize the functions of data selection,network attack detection and network attack classification through human-computer interaction interface.This paper firstly describes the architecture and function of the software system in detail,and gives the final design results.