CN-121981467-A - Zero trust-based multi-region power target range resource scheduling method

Abstract

The invention relates to the technical field of attack and defense exercise and resource scheduling of a power system, and discloses a multi-region power target resource scheduling method based on zero trust, which is used for collecting basic resource data and trust characteristic data of edge computing nodes of a power target; according to basic resource data and trust characteristic data, adopting an asymmetric sensitivity and space-time coupling mechanism to carry out self-adaptive dynamic trust quantification on edge computing nodes to obtain a real-time trust value of each edge computing node, constructing a maximized edge cooperative scheduling objective function by taking the real-time trust value as a safety constraint and decision basis to obtain an optimal decision variable, and carrying out resource scheduling on the edge computing nodes of the electric power target according to the optimal decision variable.

Inventors

• WANG FENG
• WANG SHUZHOU
• ZHAO ZHIBO
• ZHANG FAN
• Dang Mingyi
• GENG YIMING
• DONG HAIBIN

Assignees

• 河南能睿科技有限公司

Dates

Publication Date

20260505

Application Date

20260122

Claims (10)

1. 1. A multi-region power target range resource scheduling method based on zero trust is characterized by comprising the following steps: S1, collecting basic resource data and trust characteristic data of edge computing nodes of the electric power target range; s2, carrying out self-adaptive dynamic trust quantification on the edge computing nodes by adopting an asymmetric sensitivity and space-time coupling mechanism according to the basic resource data and the trust characteristic data to obtain a real-time trust value of each edge computing node; s3, constructing a maximized edge cooperative scheduling objective function by taking the real-time trust value as a safety constraint and decision basis, and obtaining an optimal decision variable for the edge cooperative scheduling objective function; and S4, carrying out resource scheduling on the edge computing nodes of the electric power target range according to the optimal decision variables.
2. 2. The zero-trust-based multi-region power range resource scheduling method according to claim 1, wherein the collecting of the basic resource data and the trust feature data in step S1 comprises: s11, adopting a multi-region 'cloud-side-end' layered heterogeneous physical architecture for the electric power target range, wherein the physical architecture comprises a central cloud node, an edge computing node and end-side equipment; S12, collecting at least one basic resource data of CPU utilization rate, memory allowance and network bandwidth of the edge computing nodes through a resource sensing probe of each edge computing node; S13, collecting at least one trust characteristic data in the identity authentication compliance, abnormal traffic frequency and historical task execution reputation of each edge computing node through a zero trust security architecture component.
3. 3. The zero-trust-based multi-region power range resource scheduling method according to claim 1, wherein the step of performing adaptive dynamic trust quantization on the edge computing node by adopting an asymmetric sensitivity and space-time coupling mechanism in step S2 comprises: s21, carrying out standardized processing on the trust feature data to obtain mapping values of all trust dimensions; S22, dynamically weighting each trust dimension based on the space-time coupling variation coefficient to obtain the weight of each trust dimension; s23, combining the weight and the mapping value, and calculating an instant aggregation trust value of the edge calculation node; and S24, updating the instant aggregation trust value based on the asymmetric forgetting factor to obtain the real-time trust value of the edge computing node.
4. 4. A multi-region electric power range resource scheduling method based on zero trust according to claim 3, wherein in step S21, the calculation formula for obtaining the mapping value of each trust dimension is: ; Wherein, the Calculating a mapping value of the node i after feature standardization of the jth trust dimension for the edge, For the curve sharpness coefficient corresponding to the j-th trust dimension, >0、 Calculating asymmetric adjustment factors of node i in the jth trust dimension for edges, Calculating the median of the observation values corresponding to all the edge calculation nodes for the j-th trust dimension in the current time window; Calculating an original observation value of the node i in the j-th trust dimension for the edge; Obtaining the asymmetric regulating factor through a forward index function and a forward index function; an expression of the forward index function: ; the expression of the negative going index function is: ; Wherein, the Is a preset constant, Is a preset constant, 。
5. 5. The zero-trust-based multi-region power range resource scheduling method according to claim 4, wherein the calculation formula for obtaining the weight of each trust dimension in step S22 is as follows: ; Wherein, the A weight of the j-th trust dimension, Spatial conflict information amount for jth trust dimension, To punish intensity coefficient, A time instability penalty term for the jth trust dimension, Is the total number of trust dimensions, Spatial conflict information amount for kth trust dimension, A temporal instability penalty term for the kth trust dimension; Calculating the space conflict information quantity of each trust dimension through a Pearson correlation coefficient matrix, wherein the space conflict information quantity expression is as follows: ; Wherein, the Standardized features for the jth trust dimension, The Pearson correlation coefficient between the jth trust dimension and the kth trust dimension; Calculating a time instability penalty term for each trust dimension, the time instability penalty term expression: ; wherein T is the length of the sliding window, For time backtracking variable, t is a time reference point for calculating the time instability penalty term, Is that In the time-course of which the first and second contact surfaces, calculating the average value of nodes by all edges of the j-th trust dimension; Is the overall mean of the jth trust dimension in the sliding window, Is a correction factor.
6. 6. The zero-trust-based multi-region power range resource scheduling method according to claim 5, wherein the calculation formula of the instant aggregate trust value of the edge calculation node in step S23 is as follows: ; Wherein, the An instant aggregate trust value for node i within the current time window t is calculated for the edge.
7. 7. The zero-trust-based multi-region power range resource scheduling method according to claim 6, wherein the calculation formula for obtaining the real-time trust value of the edge calculation node in step S24 is as follows: ; Wherein, the Calculating the final real-time trust value of the node i in the current time window t for the edge, As a forgetting weight factor when the trust value rises, Is forgetting weight factor when trust value is reduced, and 、 The historical trust value of node i for the last time window t-1 is calculated for the edge.
8. 8. The zero-trust-based multi-region power range resource scheduling method according to claim 7, wherein the maximized edge cooperative scheduling objective function expression in step S3 is: ; Wherein, the For the optimal decision variable, M z is the set of attack and defense exercise tasks z, N i is the set of edge computing nodes i, x i,z =1 or 0; a weight factor for adapting degree, Weighting factors punished for security risk, A weight factor for the cooperative gain, Calculating the adaptation degree of the node i and the attack and defense exercise task z for the edge, Executing a security risk penalty term, y i,j,e =1 or 0, of the attack and defense exercise task z for the edge computing node i, Unloading the cooperative gain from the attack and defense exercise task z to the adjacent edge computing node j for the edge computing node i, The migration cost of the attack and defense exercise task z; The calculation formula of the adaptation degree of the edge calculation node i and the attack and defense exercise task z comprises the following steps: ; wherein D Z is a resource demand vector of the attack and defense drilling task z, Wherein d z,cpu is the CPU resource amount required by the attack and defense exercise task z, d z,men is the memory resource amount required by the attack and defense exercise task z, d z,bw is the network bandwidth resource amount required by the attack and defense exercise task z, R i is the available resource vector of the edge computing node i, Wherein r i,cpu is the amount of CPU resources currently available to the edge computing node i, r i,men is the amount of memory resources currently available to the edge computing node i, and r i,bw is the amount of network bandwidth resources currently available to the edge computing node i; the edge computing node i executes a computing formula of a security risk penalty term of the attack and defense exercise task z: ; Wherein, the Is punishment weight coefficient, S is security sensitivity level, Is a risk sensitivity coefficient; The edge computing node i unloads the calculation formula of the cooperative gain from the attack and defense exercise task z to the adjacent edge computing node j: ; Wherein, the Normalized weight coefficient for trust value term, Network delay between edge computing node i and neighbor edge computing node j, Is a correction factor, Normalized weight coefficient for link bandwidth term, The link bandwidth capacity between node i and the neighbor edge is calculated for the edge.
9. 9. The zero-trust-based multi-region power range resource scheduling method according to claim 8, wherein the specific way of solving the edge cooperative scheduling objective function in the step S3 is to solve through a double-layer game model, wherein an upper-layer game of the double-layer game model outputs a local execution task set, and a lower-layer game of the double-layer game model outputs an unloading task set, so as to finally obtain the global optimal decision variable.
10. 10. The zero-trust-based multi-region power shooting range resource scheduling method according to claim 9, wherein the specific process of the step S4 includes verifying the optimal decision variable to enable the real-time trust value of the edge computing node executing the attack and defense exercise task to be not lower than the lowest trust threshold corresponding to the attack and defense exercise task; And generating a scheduling instruction based on the optimized decision variable after compliance, and transmitting the scheduling instruction to a power range branch center and an edge computing node, wherein the node trust value is updated in real time in the execution process of the attack and defense exercise task, and the scheduling instruction is dynamically adjusted when the trust value is lower than a threshold value.

Description

Zero trust-based multi-region power target range resource scheduling method Technical Field The invention relates to the technical field of power system attack and defense drilling and resource scheduling, and discloses a multi-region power target resource scheduling method based on zero trust. Background With the advanced advancement of informatization and intelligent construction of an electric power system, an electric power network becomes a core component of a national key infrastructure, and the safe and stable operation of the electric power network is directly related to social and economic development and public benefits. However, the digital transformation of the power system also faces more complex and diverse network attack threats, and the network security situation is getting more severe. The electric power target range is used as a core infrastructure for supporting electric power system network attack and defense exercise, safety protection strategy verification and emergency response capability improvement, can simulate the normal running state of the electric power system and various network attack scenes in a high-fidelity simulation environment, and provides key support for safety technology verification, attack and defense talent cultivation and emergency treatment process optimization. Currently, an electric power target range gradually evolves towards multi-region distributed deployment, and cross-region cooperative attack and defense exercise is realized by arranging sub-centers in different regions so as to fit the actual operation characteristics of wide-area distribution of an electric power system. However, in the prior art, resource scheduling and security coordination of a multi-region electric power target range still face a plurality of bottlenecks, and particularly when dealing with complex attack and defense exercise tasks, the balance of scheduling security, instantaneity and resource utilization rate is difficult to be considered, and the specific problems are as follows: Although the prior related technology has a certain progress in a specific scene, the method has the obvious defects that the power safety range system-based resource allocation method disclosed by the Chinese patent publication No. CN202210779099.4 is used for realizing dynamic allocation by establishing a virtual resource training model and combining machine learning, the method relies on a fixed threshold to carry out scheduling decision, does not consider the dynamic trust relationship and the edge node cooperative demand among multi-regional sub-centers, lacks a safety access control mechanism in a cross-regional heterogeneous environment, causes the universality and the safety limitation in multi-regional cooperative exercise, and the power range resource scheduling method and the power range resource scheduling system disclosed by the Chinese patent publication No. CN202410894759.2 are used for focusing on the accuracy of the improvement scheduling scheme through simulation, but do not relate to the edge cooperative scheduling mechanism among the multi-regional sub-centers, do not introduce a dynamic trust evaluation and zero trust access control system, and cannot realize the safety management and the whole-course reliability guarantee in the multi-regional cooperative process. In summary, the existing power range resource scheduling lacks a dynamic security trust evaluation system, a scheduling decision depends on a static resource state or a fixed threshold value, a node security risk dynamic adjustment strategy is not combined, real-time change of a node trusted state cannot be dealt with, a zero trust security concept is not integrated, an identity verification and access control mechanism of a whole process is lacking, and the whole process trusted guarantee of resource access and task execution is difficult to realize. The problems of low scheduling efficiency, uncontrolled safety risk, resource waste and the like easily occur when the multi-region electric power target range is used for carrying out cross-region and complex attack and defense exercise, and the exercise effect and the safety of an electric power system are seriously influenced. Disclosure of Invention The invention solves the technical problems that the existing power range resource scheduling cannot cope with the real-time change of the node trusted state, the whole process trusted guarantee of resource access and task execution is difficult to realize, and the like, and therefore, the invention provides a multi-region power range resource scheduling method based on zero trust. In order to achieve the technical effects, the technical scheme adopted by the invention is that the multi-region power target range resource scheduling method based on zero trust comprises the following steps: S1, collecting basic resource data and trust characteristic data of edge computing nodes of the electric power target range; s2, carrying ou