CN-122027255-A - Point-to-point energy transaction attack detection method and device and electronic equipment

Abstract

The application provides an attack detection method and device for point-to-point energy transaction and electronic equipment, and relates to the technical field of network security protection. The method comprises the steps of obtaining a characteristic data set aiming at a preset potential attack path, carrying out false data injection FDI attack recognition on the preset potential attack path by adopting a first layer detector according to the characteristic data set to obtain an FDI recognition result of the preset potential attack path, carrying out black box countermeasure attack recognition on the first layer detector by adopting a second layer detector according to the characteristic data set and the FDI recognition result to obtain a black box countermeasure recognition result of the first layer detector, and determining a security judgment result of the point-to-point energy transaction platform in a preset time period according to the FDI recognition result and the black box countermeasure recognition result of the first layer detector. The application constructs a layered cooperative defense framework to realize the whole coverage detection of FDI attack and black box countermeasure attack, and solves the problem that the existing scheme can not cooperatively defend the pain points of double threats.

Inventors

• GUO HAOTIAN
• LIU JINGRONG
• HU XIAORUI
• HUANG ZHANGHAO

Assignees

• 澳门大学

Dates

Publication Date

20260512

Application Date

20260129

Claims (10)

1. 1. An attack detection method for point-to-point energy transaction, comprising the steps of: acquiring a transaction data stream of a point-to-point energy transaction platform in a preset time period before the current time; According to the transaction data stream, acquiring a characteristic data set aiming at a preset potential attack path in the point-to-point energy transaction platform; Adopting a first layer detector, and performing false data injection FDI attack identification on the preset potential attack path according to the characteristic data set to obtain an FDI identification result of the preset potential attack path; Adopting a second layer detector, and carrying out black box countermeasure attack recognition on the first layer detector according to the characteristic data set and the FDI recognition result to obtain a black box countermeasure recognition result of the first layer detector; and determining the safety judgment result of the point-to-point energy transaction platform in the preset time period according to the FDI identification result and the black box countermeasure identification result of the first layer detector.
2. 2. The method of claim 1, wherein the preset potential attack path comprises a first potential attack path and a second potential attack path, wherein the first potential attack path is an FDI attack path for an individual producer and the second potential attack path is an FDI attack path for a total demand; The obtaining, according to the transaction data stream, a feature data set of the point-to-point energy transaction platform for a preset potential attack path includes: Extracting a characteristic data set of the first potential attack path from the transaction data stream according to the first potential attack path; and extracting a characteristic data set of the second potential attack path from the transaction data stream according to the second potential attack path.
3. 3. The method of claim 1, wherein the first layer detector is a multi-layer perception model formed by a single thermal encoding module, a preprocessing layer, a diagonal weight layer, a first linear layer and a second linear layer, and the performing False Data Injection (FDI) attack recognition on the preset potential attack path according to the feature data set by using the first layer detector to obtain an FDI recognition result of the preset potential attack path comprises: adopting the single-heat coding module to carry out single-heat coding on the characteristic data set to obtain corresponding binary coding characteristics; Preprocessing the binary coding features by adopting the preprocessing layer to obtain preprocessed binary coding features; Carrying out weight learning on the preprocessing binary coding features by adopting the diagonal weight layer to obtain a corresponding diagonal weight matrix, wherein the diagonal weight matrix comprises weight parameters of each feature in the preprocessing binary coding features; Performing nerve tangent parameterization processing according to the diagonal weight matrix and the preprocessing binary coding characteristic by adopting the first linear layer to obtain linear processing data; And converting the linear processing data into the FDI recognition result by adopting the second linear layer.
4. 4. The method of claim 1, wherein the second tier detector comprises a column aware embedded network, a column aware interactive network, a context learning network, and an identification network, wherein the employing the second tier detector performs black box challenge identification on the first tier detector based on the feature dataset and the FDI identification result to obtain a black box challenge identification result for the first tier detector, comprising: performing column sensing on the characteristic data set by adopting the column sensing embedded network to obtain a column sensing embedded characteristic set corresponding to the characteristic data set; performing row-level feature interaction on each row of embedded features in the row perception embedded feature set by adopting the row perception interaction network to obtain a row perception interaction feature set, wherein the row perception interaction feature set comprises row embedded features corresponding to each row of embedded features; Performing context learning on the row embedded features corresponding to each column of embedded features in the column-aware interaction feature set by adopting the context learning network to obtain a context feature set, wherein the context feature set comprises context features corresponding to each column of embedded features; and outputting the black box countermeasure identification result for the context feature set and the FDI identification result by adopting the identification network.
5. 5. The method of claim 4, wherein the performing column sensing on the feature data set by using the column sensing embedded network to obtain a column sensing embedded feature set corresponding to the feature data set comprises: mapping each column of data in the characteristic data set to a multidimensional space by adopting a first linear layer in the column-aware embedded network to obtain an initial column embedded matrix; adopting the induced self-attention layer in the column-aware embedded network to conduct induced self-attention learning on the initial column embedded matrix to obtain a corresponding induced vector; mapping the induction vector by adopting a second linear layer and a third linear layer in the column perception embedded network to obtain a weight matrix and a bias vector; And adopting a column perception embedding layer in the column perception embedding network, and carrying out column perception embedding on the characteristic data set according to the weight matrix and the bias vector to obtain the column perception embedding characteristic set.
6. 6. The method of claim 4, wherein performing row-level feature interactions on each of the column-aware embedded features in the column-aware embedded feature set using the column-aware interaction network to obtain a column-aware interaction feature set comprises: adopting a rotary position coding layer in the column perception interaction network to carry out rotary position coding on each column of embedded features in the column perception embedded feature set to obtain coding position information corresponding to each column of embedded features; and carrying out row-level feature interaction on the embedded features of each row according to the coding position information by adopting a row-level feature perception interaction layer in the row perception interaction network to obtain the row perception interaction feature set.
7. 7. The method according to claim 1, wherein the method further comprises: and adopting an explanatory deep learning model to explain the FDI recognition result to obtain the judgment contribution degree of each feature in the feature data set, and generating an interpretation report of the FDI recognition result.
8. 8. The method of claim 1, wherein the determining the security decision of the peer-to-peer energy transaction platform for the preset time period based on the FDI identification result and the black box challenge identification result of the first tier detector comprises: if the FDI identification result is that FDI attack exists, determining that the safety judgment result is unsafe; If the FDI identification result is that no FDI attack exists, but the black box countermeasure identification result of the first layer detector is that black box countermeasure attack exists, determining that the safety judgment result is unsafe; and if the FDI identification result is that no FDI attack exists and the black box countermeasure identification result of the first layer detector is that no black box countermeasure attack exists, determining that the safety judgment result is safety.
9. 9. An attack detection device for point-to-point energy transactions, comprising: The first acquisition module is used for acquiring a transaction data stream of the point-to-point energy transaction platform in a preset time period before the current time; the second acquisition module is used for acquiring a characteristic data set aiming at a preset potential attack path in the point-to-point energy trading platform according to the trading data stream; the first detection module is used for adopting a first layer detector to perform false data injection FDI attack identification on the preset potential attack path according to the characteristic data set to obtain an FDI identification result of the preset potential attack path; The second detection module is used for adopting a second layer detector, carrying out black box countermeasure attack recognition on the first layer detector according to the characteristic data set and the FDI recognition result, and obtaining a black box countermeasure recognition result of the first layer detector; And the determining module is used for determining the safety judging result of the point-to-point energy transaction platform in the preset time period according to the FDI identifying result and the black box countermeasure identifying result of the first layer detector.
10. 10. An electronic device comprising a processor, a storage medium and a bus, wherein the storage medium stores program instructions executable by the processor, the processor and the storage medium communicate via the bus when the electronic device is in operation, and the processor executes the program instructions to implement the method for detecting an attack of a point-to-point energy transaction according to any one of claims 1 to 8.

Description

Point-to-point energy transaction attack detection method and device and electronic equipment Technical Field The application relates to the technical field of network security protection, in particular to an attack detection method and device for point-to-point energy transaction and electronic equipment. Background The Peer-to-Peer (P2P) energy transaction allows energy producers (both energy producers and consumers, such as families equipped with photovoltaic panels) to directly conduct power transaction in local communities, micro-grids or smart Home scenes without excessively relying on traditional centralized grids or power service providers, effectively realizes the local production, consumption and balance of energy, remarkably improves the energy utilization efficiency and the system flexibility, and simultaneously can optimize the energy use through a family energy management system (Home ENERGY MANAGEMENT SYSTEM, HEMS), brings about 5-30% of electricity charge saving for consumers and service providers, and shows wide application prospects in the fields of micro-grids, community grids, smart Home and the like. The market operation mechanism of the P2P energy transaction is complex and various, and can be divided into three structures of a centralized type, a decentralized type and a hybrid type according to the centralization degree. Under various architectures, the achievement of transactions depends on a series of precise pricing mechanisms such as dynamic pricing, auction theory, game theory, real-time settlement system and the like, and the effective operation of the mechanisms highly depends on the accuracy and integrity of massive real-time data. However, the inherent openness and distribution characteristics of the P2P energy trading system make it a key target for network attack while facilitating trading, and the security and stable operation of the P2P energy trading system face serious challenges. Among the many cyber security threats to P2P energy transaction systems, false Data Injection (FDI) attacks and black box challenge attacks to detection models constitute a double and deadly threat. The FDI attack misleads the system state estimation by injecting forged or tampered data into the system, further manipulates the market price or transaction amount to strive for illegal economic benefits or destroy the normal operation of the system, while the black box resistance attack is more hidden, an attacker does not need to know the internal structure of the detection model, and only inputs and outputs of the detection model are observed, and small and indiscernible disturbance is applied to the input data, so that the detection model can be deceived to be invalid, thereby seriously threatening the system safety. In order to cope with the security threat, researchers have explored various security strategies, such as applying blockchain technology to ensure the security and traceability of transactions, adopting privacy protection technologies such as homomorphic encryption, secure multiparty computing and the like to ensure the confidentiality of transaction data, and also trying to apply technologies such as machine learning, deep learning and the like to FDI attack detection. However, the prior art still has obvious defects that the blockchain and privacy protection technology faces the problems of low expandability, low calculation cost and low high-level attack defense capability, the prior FDI detection scheme depends on simulation data, the effectiveness of the prior FDI detection scheme in a real P2P energy transaction scene is to be verified, the decision process lacks transparency, and more importantly, the advanced threat of black box resistance attack is generally ignored, and the defense strategies such as resistance training and the like usually have the cost of sacrificing the generalization capability of a model and are difficult to resist various types of attacks. In summary, the current P2P energy transaction security field has significant research blank, and lacks a comprehensive framework capable of cooperatively defending against FDI attacks and black box challenge attacks against detection models, so as to ensure safe, reliable and transparent operation of the P2P energy transaction system. Disclosure of Invention The application aims at the defects in the prior art and provides an attack detection method, an attack detection device and electronic equipment for point-to-point energy transaction, so as to solve the problems in the prior art. The technical scheme adopted by the embodiment of the application is as follows: in a first aspect, an embodiment of the present application provides an attack detection method for peer-to-peer energy transaction, including: acquiring a transaction data stream of a point-to-point energy transaction platform in a preset time period before the current time; According to the transaction data stream, acquiring a characteristic data se