Research On The Methodology Of Cyber Security Defense For Smart Substation And Distribution Systems Driven By Data And Model

The modern power system is not only significantly different from the traditional power system in the energy structure of the primary side,but also has a profound change in the measurement and control system on the secondary side.The innovation and progress of information technology have greatly improved the observability and controllability of the power system,which will develop into a green,low-carbon,widely interconnected,intelligent and interactive smart grid.The IEC 61850 standards possess high degree of openness,scalability,and self-describing capabilities.And they provide a standardized paradigm for interchange and interoperability that highly meet the vision of smart grid construction.Therefore,this series of standards has been widely used in smart substation and distribution systems,and has become one of the most important communication standards in power automation systems.However,the openness of the standards and the deep interaction of cyber-physics have led to blurred security boundaries,advanced security threats,and frequent security incidents for power grid.In the context,this thesis conducts research on the cyber security protection methodology of smart substation and distribution systems from three perspectives "node level","function level" and "system level".The closed-loop control idea driven by the model and data is adopted to improve the resilience against advanced cyber attacks,gain insight on security situations,optimize the defensive resources deployment and ensure the power system is safe and reliable.The main summary is shown as followings:(1)In terms of node importance quantification,a weighted and directed static complex network dynamics model is established for the 61850 Substation Automation System(SAS),and a method is proposed to integrate the topology value and information adjunction value of logical nodes by introducing a first-order linear feedback controller.On this basis,some definitions for equivalent network conversion are proposed to greatly reduce the complexity of original network topology.Also,the absolute value and relative value are introduced to quantify logical node importance from the perspective of node’s necessity and influence,respectively.Case studies show that the proposed method can accurately evaluate the importance of logical nodes.(2)In terms of intrusion detection,a PWM-like traffic fingerprint model inspired by pulse width modulation(PWM)is proposed to capture the features of SAS network traffic.Furthermore,the thesis establishes a Bernstein polynomial-based nonparametric R-vine copula model to do train dataset sampling for data balance.To preserve the key information of original features and reduce the risk of false negative,a both process-and objective-oriented loss function is proposed to construct an improved Deep Autoencoding Gaussian Mixture Model(MDAGMM)for intrusion detection.Case studies show that the proposed detection framework has good performance to detect both known and unknown attacks.(3)In terms of risk assessment,an integrated attack model with limited adversarial knowledge is established on the basis of the general state estimation model for the 61850 distribution network cyber-physical system.A calculation method of risk probability interval based on fuzzy Bayesian Network(BN)is proposed.On this basis,this thesis proposes to use the integrated deviation of system states and measurements under cyberattacks as the physical impact metric to realize the cross-space risk assessment from the cyber system to the physical system.Case studies show that the proposed method can fully reveal the nonlinear relationship between system risk and related attack factors.(4)In terms of defense decision-making,a robust active distribution network islanding defensive strategy considering multi-uncertainties is proposed to make full use of active resources.Aiming at the uncertainties of renewable outputs and attack strategy,a trilevel Defender-Attacker-Defender(DAD)and two-stage robust mathematical model is established.The first stage is to pre-allocate defensive resources.In the second stage,the emergent defensive resources are dispatched in the worst scenario to minimize the load shedding.The model is solved using Column and Constraint Generation(C&CG)algorithm.Case studies show that the proposed defensive strategy can effectively allocate defensive resources and reduce the load shedding.