针对电力CPS数据驱动算法对抗攻击的防御方法

doi:10.11930/j.issn.1004-9649.202312067

中国电力 ›› 2024, Vol. 57 ›› Issue (9): 32-43.DOI: 10.11930/j.issn.1004-9649.202312067

• 面向电力基础设施的跨域攻击威胁与防御 • 上一篇下一篇

针对电力CPS数据驱动算法对抗攻击的防御方法

朱卫平¹(), 汤奕²(), 魏兴慎³(), 刘增稷²()

1. 国网江苏省电力有限公司，江苏南京　210024
2. 东南大学电气工程学院，江苏南京　211189
3. 南瑞集团有限公司（国网电力科学研究院有限公司），江苏南京　211106

收稿日期:2023-12-17 接受日期:2024-04-12 出版日期:2024-09-28 发布日期:2024-09-23
作者简介:朱卫平（1983—），男，博士，高级工程师，从事电力监控系统网络研究，E-mail：1162146433@qq.com
汤奕（1977—），男，通信作者，博士，教授，博士生导师，从事电力系统稳定分析与控制、电力信息物理系统、人工智能在电力系统中的应用研究，E-mail：tangyi@seu.edu.cn
魏兴慎（1986—），男，硕士，高级工程师，从事电力监控系统网络安全研究，E-mail：weixingshen@sgepri.sgcc.com.cn
刘增稷（1993—），男，博士，讲师，从事电力信息物理系统、网络安全相关研究，E-mail：liuzengji@seu.edu.cn
基金资助:
国家电网有限公司科技项目（面向新型配电系统的网络安全动态防御关键技术深化研究，5400-202340217A-1-1-ZN）。

Defense Methods for Adversarial Attacks Against Power CPS Data-Driven Algorithms

Weiping ZHU¹(), Yi TANG²(), Xingshen WEI³(), Zengji LIU²()

1. State Grid Jiangsu Electric Power Co., Ltd., Nanjing 210024, China
2. School of Electrical Engineering, Southeast University, Nanjing 211189, China
3. NARI Group Corporation (State Grid Electric Power Research Institute), Nanjing 211106, China

Received:2023-12-17 Accepted:2024-04-12 Online:2024-09-28 Published:2024-09-23
Supported by:
This work is supported by Science and Technology Project of SGCC (Further Research on Key Technologies of Network Security Dynamic Defense for New Distribution Systems, No.5400-202340217A-1-1-ZN).

摘要/Abstract

摘要：

大规模电力电子设备的接入为系统引入了数量庞大的强非线性量测/控制节点，使得传统电力系统逐渐转变为电力信息物理系统（cyber-physical system，CPS），许多原本应用模型驱动方法解决的系统问题不得不因维度灾难等局限转而采取数据驱动算法进行分析。然而，数据驱动算法自身的缺陷为系统的安全稳定运行引入了新的风险，攻击者可以对其加以利用，发起可能引发系统停电甚至失稳的对抗攻击。针对电力CPS中数据驱动算法可能遭受的对抗攻击，从异常数据剔除与恢复、算法漏洞挖掘与优化、算法自身可解释性提升3个方面，提出了对应的防御方法：异常数据过滤器、基于生成式对抗网络（generative adversarial network，GAN）的漏洞挖掘与优化方法、数据-知识融合模型及其训练方法，并经算例分析验证了所提方法的有效性。

关键词: 对抗攻击, 数据驱动算法, 电力CPS, 攻击防御

Abstract:

The integration of large-scale power electronic devices has introduced a large number of strong nonlinear measurement/control nodes into the system, gradually transforming the traditional power system into a cyber physical system (CPS). Many system problems that were originally solved by model-driven methods have had to be analyzed using data-driven algorithms due to limitations such as dimensional disasters. However, the inherent flaws of data-driven algorithms introduce new risks to the safe and stable operation of the system, which attackers can exploit to launch adversarial attacks that may cause system power outages and even instability. In response to the potential adversarial attacks on data-driven algorithms in power CPS, this paper proposes corresponding defense methods from such three aspects as abnormal data filtering and recovery, algorithm vulnerability mining and optimization, and algorithm self interpretability improvement: abnormal data filter, GAN-based vulnerability mining and optimization method, data knowledge fusion model and its training method. The effectiveness of the proposed method is verified through case analysis.

Key words: adversarial attacks, data-driven algorithms, power CPS, attack defense

朱卫平, 汤奕, 魏兴慎, 刘增稷. 针对电力CPS数据驱动算法对抗攻击的防御方法[J]. 中国电力, 2024, 57(9): 32-43.

Weiping ZHU, Yi TANG, Xingshen WEI, Zengji LIU. Defense Methods for Adversarial Attacks Against Power CPS Data-Driven Algorithms[J]. Electric Power, 2024, 57(9): 32-43.

导出引用管理器 EndNote|Ris|BibTeX

链接本文: https://www.electricpower.com.cn/CN/10.11930/j.issn.1004-9649.202312067

https://www.electricpower.com.cn/CN/Y2024/V57/I9/32

图/表 11

图 1 输入数据过滤方案结构

Fig.1 Structure of input data filtering scheme

图 2 基于GAN的漏洞挖掘与优化方法

Fig.2 The GAN-based vulnerability mining and optimization method

图 3 数据-知识融合模型架构

Fig.3 Architecture of the data knowledge fusion model

图 4 基于GAN的数据-知识融合模型训练方法结构

Fig.4 Structure of training method for the GAN-based data knowledge fusion model

图 5 含有分布式电源的39节点系统拓扑结构

Fig.5 Topology structure of a 39-node system with distributed power sources

图 6 正常数据与异常样本数据的指标对比

Fig.6 Comparison of indicators between normal data and abnormal sample data

图 7 攻击样本检测结果

Fig.7 Attack sample detection results

表 1 数据驱动算法输出准确率对比

Table 1 Comparison of output accuracy of data-driven algorithms 单位：%

预测系统稳定数据驱动算法	不接入过滤器		接入过滤器
预测系统稳定数据驱动算法	无攻击	有攻击	无攻击	有攻击
AlexNet	98.75	56.0	97.0	92.8
VGG16	98.75	40.0	94.8	89.8
ResNet	99.25	72.0	97.5	94.2
InceptionV3	98.50	74.0	96.0	91.8

表 2 不同模型在对抗攻击下的鲁棒性指标

Table 2 Robustness metrics of different models under adversarial attacks

模型类型	数据驱动算法	鲁棒性指标$ \sigma $
数据驱动模型	ELM	0.4061
	AlexNet	0.3546
	SqueezeNet	0.3890
初始融合模型	IEEAC+ELM	0.3142
	IEEAC+AlexNet	0.2656
	IEEAC+SqueezeNet	0.2986
完备融合模型	IEEAC+ELM	0.1662
	IEEAC+AlexNet	0.1461
	IEEAC+SqueezeNet	0.2200

图 8 不同模型在对抗攻击下遭受的影响

Fig.8 The impact of adversarial attacks on different models

图 9 不同模型在对抗攻击下的被攻击节点情况

Fig.9 The situation of attacked nodes in different models under adversarial attacks

参考文献 30

1	汤奕, 崔晗, 李峰, 等. 人工智能在电力系统暂态问题中的应用综述[J]. 中国电机工程学报, 2019, 39 (1): 2- 13, 315.
	TANG Yi, CUI Han, LI Feng, et al. Review on artificial intelligence in power system transient stability analysis[J]. Proceedings of the CSEE, 2019, 39 (1): 2- 13, 315.
2	李峰, 王琦, 胡健雄, 等. 数据与知识联合驱动方法研究进展及其在电力系统中应用展望[J]. 中国电机工程学报, 2021, 41 (13): 4377- 4390.
	LI Feng, WANG Qi, HU Jianxiong, et al. Combined data-driven and knowledge-driven methodology research advances and its applied prospect in power systems[J]. Proceedings of the CSEE, 2021, 41 (13): 4377- 4390.
3	黄书民, 蒋林高, 李志川, 等. 基于PSO寻优与DBN神经网络的电晕损耗预测[J]. 中国电力, 2022, 55 (6): 95- 102, 214.
	HUANG Shumin, JIANG Lingao, LI Zhichuan, et al. Corona loss prediction of UHV AC transmission line based on DBN neural network optimized by PSO[J]. Electric Power, 2022, 55 (6): 95- 102, 214.
4	李丰君, 王磊, 赵健, 等. 基于天气融合和LSTM网络的分布式光伏短期功率预测方法[J]. 中国电力, 2022, 55 (11): 149- 154.
	LI Fengjun, WANG Lei, ZHAO Jian, et al. Research on distributed photovoltaic short-term power prediction method based on weather fusion and LSTM-net[J]. Electric Power, 2022, 55 (11): 149- 154.
5	杨胡萍, 余阳, 汪超, 等. 基于VMD-CNN-BIGRU的电力系统短期负荷预测[J]. 中国电力, 2022, 55 (10): 71- 76.
	YANG Huping, YU Yang, WANG Chao, et al. Short-term load forecasting of power system based on VMD-CNN-BIGRU[J]. Electric Power, 2022, 55 (10): 71- 76.
6	杨朋朋, 王蓓蓓, 胥鹏, 等. 不完全信息下基于深度双Q网络的发电商三段式竞价策略[J]. 中国电力, 2021, 54 (11): 47- 58.
	YANG Pengpeng, WANG Beibei, XU Peng, et al. Three-stage bidding strategy of generation company based on double deep Q-network under incomplete information condition[J]. Electric Power, 2021, 54 (11): 47- 58.
7	YU J J Q, HOU Y H, LI V O K. Online false data injection attack detection with wavelet transform and deep neural networks[J]. IEEE Transactions on Industrial Informatics, 2018, 14 (7): 3271- 3280. DOI
8	王健, 易姝慧, 刘俊杰, 等. 基于随机森林算法和稳态波形的非介入式工业负荷辨识[J]. 中国电力, 2022, 55 (2): 82- 89.
	WANG Jian, YI Shuhui, LIU Junjie, et al. Non-intrusive industrial load identification based on random forest algorithm and steady-state waveform[J]. Electric Power, 2022, 55 (2): 82- 89.
9	严宇, 刘天琪. 基于决策表-粗糙集理论的动态安全分析神经网络输入特征优选[J]. 电力系统自动化, 2004, 28 (15): 25- 29.
	YAN Yu, LIU Tianqi. Ann injection features optimization of dynamic security analysis based on decision tables-rough set theory[J]. Automation of Electric Power Systems, 2004, 28 (15): 25- 29.
10	ZHANG Y, KRISHNAN V V G, PI J, et al. Cyber physical security analytics for transactive energy systems[J]. IEEE Transactions on Smart Grid, 2020, 11 (2): 931- 941. DOI
11	QU Y Y, POKHREL S R, GARG S, et al. A blockchained federated learning framework for cognitive computing in industry 4.0 networks[J]. IEEE Transactions on Industrial Informatics, 2021, 17 (4): 2964- 2973. DOI
12	GOLDBLUM M, TSIPRAS D, XIE C, et al. Dataset security for machine learning: data poisoning, backdoor attacks, and defenses[J]. IEEE Trans Pattern Anal Mach Intell, 2023, 45 (2): 1563- 1580. DOI
13	NIAZAZARI I, LIVANI H. Attack on grid event cause analysis: an adversarial machine learning approach[C]//2020 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT). Washington, DC, USA. IEEE, 2020: 1–5.
14	REN C, DU X N, XU Y, et al. Vulnerability analysis, robustness verification, and mitigation strategy for machine learning-based power system stability assessment model under adversarial examples[J]. IEEE Transactions on Smart Grid, 2022, 13 (2): 1622- 1632. DOI
15	PAUL S, NI Z, MU C X. A learning-based solution for an adversarial repeated game in cyber–physical power systems[J]. IEEE Transactions on Neural Networks and Learning Systems, 2020, 31 (11): 4512- 4523. DOI
16	TIAN J W, WANG B H, WANG Z, et al. Joint adversarial example and false data injection attacks for state estimation in power systems[J]. IEEE Transactions on Cybernetics, 2022, 52 (12): 13699- 13713.
17	SU J W, VARGAS D V, SAKURAI K. One pixel attack for fooling deep neural networks[J]. IEEE Transactions on Evolutionary Computation, 2019, 23 (5): 828- 841. DOI
18	GOSWAMI G, AGARWAL A, RATHA N, et al. Detecting and mitigating adversarial perturbations for robust face recognition[J]. International Journal of Computer Vision, 2019, 127 (6/7): 719- 742.
19	JIN G Q, SHEN S W, ZHANG D M, et al. APE-GAN: adversarial perturbation elimination with GAN[C]//2019 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). Brighton, United Kingdom. IEEE, 2019: 3842–3846.
20	LIAO F Z, LIANG M, DONG Y P, et al. Defense against adversarial attacks using high-level representation guided denoiser[C]//2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Salt Lake City, UT. IEEE, 2018: 1778–1787.
21	CHIANG P Y, GEIPING J, GOIDBUIM M, et al. Witchcraft: Efficient PGD attacks with random step size[C]//2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). Barcelona, Spain. IEEE, 2020: 3747–3751.
22	WENG J, LUO Z, LI S, et al. Logit margin matters: Improving transferable targeted adversarial attack by logit calibration[J]. IEEE Transactions on Information Forensics and Security, 2023, 18, 3561- 3574. DOI
23	HEO B, LEE M, YUN S, et al. Knowledge distillation with adversarial samples supporting decision boundary[J]. Proceedings of the AAAI Conference on Artificial Intelligence, 2019, 33 (1): 3771- 3778. DOI
24	TIAN J W, LI T Y, SHANG F T, et al. Adaptive normalized attacks for learning adversarial attacks and defenses in power systems[C]//2019 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm). Beijing, China. IEEE, 2019: 1–6.
25	TIAN J W, WANG B H, LI J, et al. Adversarial attacks and defense for CNN based power quality recognition in smart grid[J]. IEEE Transactions on Network Science and Engineering, 2022, 9 (2): 807- 819. DOI
26	REN C, XU Y. A universal defense strategy for data-driven power system stability assessment models under adversarial examples[J]. IEEE Internet of Things Journal, 2023, 10 (9): 7568- 7576. DOI
27	HUANG R, LI Y C. Adversarial attack mitigation strategy for machine learning-based network attack detection model in power system[J]. IEEE Transactions on Smart Grid, 2023, 14 (3): 2367- 2376.
28	黄冬梅, 丁仲辉, 胡安铎, 等. 低成本对抗性隐蔽虚假数据注入攻击及其检测方法[J]. 电网技术, 2023, 47 (4): 1531- 1540.
	HUANG Dongmei, DING Zhonghui, HU Anduo, et al. Low-cost adversarial stealthy false data injection attack and detection method[J]. Power System Technology, 2023, 47 (4): 1531- 1540.
29	ATHAY T, PODMORE R, VIRMANI S. A practical method for the direct analysis of transient stability[J]. IEEE Transactions on Power Apparatus Systems, 1979, 98 (2): 573- 584.
30	LI F, WANG Q, TANG Y, et al. An integrated method for critical clearing time prediction based on a model-driven and ensemble cost-sensitive data-driven scheme[J]. International Journal of Electrical Power & Energy Systems, 2021, 125, 106513.

针对电力CPS数据驱动算法对抗攻击的防御方法

Defense Methods for Adversarial Attacks Against Power CPS Data-Driven Algorithms

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 30

相关文章 0

编辑推荐

Metrics

模态框（Modal）标题

针对电力CPS数据驱动算法对抗攻击的防御方法

Defense Methods for Adversarial Attacks Against Power CPS Data-Driven Algorithms

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 11

参考文献 30

相关文章 0

编辑推荐

Metrics