A lightweight automatic model search method for detecting fake data injection attacks on power grids
By employing a lightweight model automatic search method based on genetic algorithms and mixed-precision quantization, the problem of complex and time-consuming model design in the detection of power grid fake data injection attacks has been solved. This method achieves efficient automated design of lightweight models, improves detection speed and accuracy, and ensures power grid security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ZHEJIANG UNIV
- Filing Date
- 2023-08-03
- Publication Date
- 2026-06-30
Smart Images

Figure CN116886397B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of power system security, and in particular relates to a lightweight automatic search method for detecting fake data injection attacks on power grids. Background Technology
[0002] With the rapid development of information technology, electricity has become an indispensable part of human production and daily activities. While the informatization and intelligent transformation of power grids has made them more efficient and convenient, it has also brought security threats. Attackers' spoofed data injection attacks targeting the power grid are particularly dangerous because such attacks can disrupt the normal operation of the smart grid without triggering bad data detectors (BDD), leading to huge economic and loss of life. Therefore, developing an effective detection method for spoofed input injection attacks is considered an effective way to defend against these threats.
[0003] A common approach to early False Data Injection Attack (FDIA) detection was model-based, which is widely used due to its interpretability and portability. For example, Khalaf [KHALAF M, YOUSSEF A, EL-SAADANY E. Joint detection and mitigation of false data injection attacks in AGC systems[J].IEEE Transactions on Smart Grid, 2018, 10(5): 4985-4995.] proposed a FDIA detection compensation algorithm based on an input / state estimation method. This algorithm can estimate the value of the FDIA attack and then compensate for the attack, thereby eliminating the impact of FDIA attacks on the smart grid. Moslemi [MOSLEMI R, MESBAHI A, VELNI J MA fast, decentralized covariance selection-based approach to detect cyber attacks in smart grids[J].IEEE Transactions on Smart Grid, 2017, 9(5): 4930-4941.] proposed a fast, decentralized cyber attack detection method based on maximum likelihood estimation. This method utilizes the near-sine sparsity of the power grid to establish an effective framework to solve the relevant maximum likelihood estimation problem. Then, the proposed detection method is decomposed into several local maximum likelihood estimation problems, which will ensure the security of the power grid and reduce the complexity of potential problems. However, due to the complexity and nonlinearity of the power grid, it is usually difficult to establish an accurate power grid structure model, making these model-based data injection attack detection methods difficult to implement.
[0004] With the continuous development of machine learning and deep learning, data-driven methods have been widely studied and applied to the detection of fake data injection attacks in order to avoid the problems existing in model-based fake data attack detection. Data-driven attack detection methods do not require modeling of the original power grid structure. These methods train a high-performance AI model for attack detection through supervised learning using a large amount of labeled data. For example, Wang [WANG D, WANG X, ZHANGY, et al. Detection of power grid disturbances and cyber-attacks based on machine learning[J]. Journal of Information Security and Applications, 2019, 46: 42-52.] proposed an attack detection model based on convolutional neural networks. This model can use information and logs collected by phasor measurement units (PMUs) to detect data injection attacks in smart grids. Specifically, the authors first augmented the features of the raw data collected by the PMU, expanding 128 feature points to 144 feature points to facilitate feature extraction by the convolutional layer; then, the data was transmitted to the convolutional neural network model for inference calculation to obtain the attack detection results, thereby protecting the normal operation of the power grid.
[0005] Despite the extensive research and attention given to data-driven attack detection methods, these approaches still face challenges. Because data-driven methods require training a parameter-intensive model, ensuring accuracy can lead to excessively long real-time attack detection times on grid edge devices, making it difficult to meet the demands of high-frequency sampling and thus threatening the security of the power grid system. To improve detection speed, lightweight attack detection models need to be designed.
[0006] After being lightweighted, the attack detection model has fewer parameters and less computation, resulting in shorter detection time after inference deployment on edge devices, thus better protecting the security of the power grid system.
[0007] Among existing lightweight methods for neural network models, mixed-precision quantization is a commonly used approach. Mixed-precision quantization reduces memory usage and computation time by quantizing the parameters of some layers to a lower quantization bit width, while quantizing the parameters of other layers to a higher quantization bit width to ensure model accuracy. Therefore, mixed-precision quantization better achieves the trade-off between inference speed and accuracy in attack detection models, improving inference speed while better ensuring inference accuracy.
[0008] When designing a convolutional neural network (CNN) model with mixed-precision quantization for power grid attack detection scenarios, it is necessary to determine the number of output channels and quantization bit width of each layer in the CNN model based on the actual power grid's requirements for inference accuracy and speed. This is a complex search task. Taking a model with N convolutional layers as an example, when each layer has M quantization bit width options and K output channel numbers to choose from, the search space size is (M*K). N .
[0009] Furthermore, the research objects and tasks of attack detection missions have different performance requirements (inference accuracy and inference speed) in different power grid structures. Therefore, it is necessary to manually design corresponding lightweight models for different power grid systems, which is a time-consuming and laborious task that requires a lot of professional knowledge.
[0010] To address this, this paper proposes a lightweight automatic model search method based on genetic algorithms, aiming to reduce the difficulty of model design and search. This method can automatically search for lightweight attack detection models that meet the requirements of different power grid structures and performance specifications, thereby significantly reducing the difficulty of model design and improving the speed of attack detection at the edge. The application of this method can effectively ensure the security of the power grid system. Summary of the Invention
[0011] This invention addresses the scenario of detecting fake data injection attacks in power grids. To solve the problem of the difficulty in designing lightweight attack detection models, it proposes an automatic search method for lightweight models based on genetic algorithms, thereby reducing the difficulty of model design.
[0012] The purpose of this method is to achieve the following technical solution: a lightweight automatic search method for detecting fake data injection attacks on power grids, which includes a task analysis phase, a search preparation phase, and a search phase;
[0013] The task analysis phase includes the analysis and preparation of the research object and research objectives, and the steps are as follows:
[0014] S11, Determine the target power grid structure and generate an attack detection dataset containing attack data and normal load data under the power grid;
[0015] S12, determine the performance of the target model and analyze the requirements of the attack detection task on the inference accuracy and inference speed of the target model;
[0016] S13, determine the deployment device of the attack detection model, analyze the storage and computing resources of the deployment device, and determine the number of layers of the attack detection model based on the storage resources of the deployment device;
[0017] The search preparation phase mainly involves preparing the model for the search process, and the steps are as follows:
[0018] S21. Based on PyTorch, build an attack detection model with mixed precision quantization, and set the number of output channels and quantization bit width of each convolutional layer in the model as variables for genetic algorithm search; determine the alternative schemes for the number of output channels of the convolutional layers in the attack detection model, and the alternative schemes for the quantization bit width of each convolutional layer.
[0019] S22, set the genetic algorithm parameters, including the number of individuals in the population, mutation rate, crossover rate, and number of iterations;
[0020] S23, Determine the fitness function; During the search process of the attack detection model, the fitness function is set from the perspectives of the model's inference accuracy and inference speed.
[0021] The search phase involves multiple population iterations to find the target model, and a search acceleration method is used to speed up the convergence of the genetic algorithm. The steps are as follows:
[0022] S31, Population Individual Search Iteration: Determine the encoding method of the individuals in the population; in each iteration of the genetic algorithm, firstly, decode the encoded genotype to determine the parameter configuration of each individual model, including the number of output channels and quantization bit width of the convolutional layer, then train the individual model and obtain the inference accuracy of the individual model, and at the same time obtain the inference speed of the individual model based on the roofline model, and then calculate the fitness function value of each individual; select individuals from the population for crossover and mutation, and finally obtain the genotype of the offspring to carry out the next iteration process;
[0023] S32, Search Acceleration: Optimize the method for obtaining the inference accuracy and inference speed of individual models in the population, including: setting the model training times value e and selecting the highest accuracy of the individual model during the e training times as the model's inference accuracy for search; in order to obtain the inference speed of the population individuals, predict the inference speed of the individual model on the target device based on the roofline model.
[0024] S33, Target Model Retraining: After the population iteration is completed, select the model with the highest fitness function during the population iteration as the target model.
[0025] Furthermore, when building the attack detection dataset, the fake data injection attack data is generated by itself; 70% of each batch of data is divided into training set and 30% into validation set.
[0026] Furthermore, the inference accuracy is a primary requirement of the model; the inference accuracy of the searched target model must be greater than the set minimum inference accuracy.
[0027] Furthermore, when the number of model parameters meets the memory requirements of the device, the more layers the model has and the larger the number of parameters, the higher the inference accuracy of the attack detection model. Once the device to be deployed is determined, the number of model layers N needs to be determined based on the device's memory.
[0028] Furthermore, the attack detection model consists of several blocks, each block consisting of a Conv layer, a BN layer, and a ReLU layer; the ReLU layer has no parameters, the parameters of the BN layer are consistent with the number of output channels of the convolutional layer; the parameters to be searched are only the number of output channels Cout of the convolutional layer and the quantization bit width Bk of the convolutional layer.
[0029] Furthermore, the formula for implementing model mixture precision quantization is as follows:
[0030]
[0031] Where q and r are the quantized value and the original floating-point value, respectively; s and zp are the scaling factor and the zero point, respectively; and round(·) represents the floor function. s and zp are calculated as follows:
[0032]
[0033]
[0034] Where, r max and r min q represents the largest and smallest number in the original floating-point values, respectively. max and q min These represent the maximum and minimum values in the quantized value, respectively. Mixed-precision quantization involves k-bit quantization of the original floating-point value. When the quantization bit width is k, the range of the quantized value q is: q max -q min =2 k -1.
[0035] Furthermore, the fitness function F(X) i The calculation formula for ) is as follows:
[0036]
[0037] Where, A(X) i ) and L(X i ) represent model X respectively i The reasoning accuracy and reasoning speed, A minThis represents the minimum accuracy requirement for the model. The setting of ω needs to be determined based on the actual performance requirements. When the actual task requires a high inference speed from the attack detection model, a larger ω value should be set; conversely, when the actual task requires a high inference accuracy from the attack detection model, a smaller ω value should be set. During the model search process, since model accuracy is the first priority in performance requirements, if the inference accuracy of an individual model is lower than the required minimum accuracy, this individual will not be considered, and its fitness value will be set to 0.
[0038] Furthermore, when encoding individuals in the population, binary encoding is used to represent the specific number of output channels and quantization bit width of the convolutional layer in the attack detection model.
[0039] Furthermore, when predicting the inference speed of individual populations based on the roofline model, the computational parameters of the model and the hardware parameters of the deployment equipment need to be considered; the computational parameters of the model include the computational complexity M. c And the number of parameters M of the model m The hardware parameters of the device include the peak computing power π and memory bandwidth β of the computing unit; Model X i Reasoning speed L(X) i The calculation formula for ) is as follows:
[0040]
[0041] Where I represents the computational intensity of the model, I max P represents the maximum computational intensity of the device, and P represents the computational speed of the model on the current device.
[0042] Furthermore, since the model was only trained a set number of times to accelerate the search process, it is underfitting; the model needs to be retrained to improve its accuracy.
[0043] The beneficial effects of this invention are as follows: This invention proposes a lightweight automatic search method for detecting fake data injection attacks in power grids. It achieves model lightweighting by performing mixed precision quantization on the attack detection model built by convolutional neural networks, and proposes an automatic search method for lightweight models based on genetic algorithms. This method can automatically search for the number of output channels and quantization bit width of each convolutional layer in the model for different power grid architectures and task objectives (including inference speed and inference accuracy). It realizes the fully automated design and search of lightweight attack detection models, and solves the problems of complex and time-consuming lightweight model design in different power grids, which requires a lot of expert knowledge. Attached Figure Description
[0044] Figure 1 This is a flowchart illustrating the lightweight model automatic search method for detecting fake data injection attacks on the power grid provided in this embodiment of the invention.
[0045] Figure 2 This is a schematic diagram of the route model provided in an embodiment of the present invention;
[0046] Figure 3 This is a structural diagram of the target model provided in an embodiment of the present invention;
[0047] Figure 4 This is a population individual genotype and encoding / decoding diagram provided in an embodiment of the present invention. Specific implementation methods
[0048] The technical details of this patent are further described below with reference to the accompanying drawings and embodiments.
[0049] This invention proposes a lightweight automatic model search method for detecting fake data injection attacks on power grids. First, addressing the issues of slow inference speed and long inference latency in attack detection models designed based on convolutional neural networks when performing inference at the edge, this method uses mixed-precision quantization to lightweight the attack detection model. Second, addressing the problem that the search space for the number of output channels and quantization bit width of each convolutional layer in mixed-precision quantization convolutional neural networks is too large and difficult to determine, this method uses a genetic algorithm for automatic search of lightweight attack detection models. Finally, addressing the slow search speed of model search based on genetic algorithms, this method proposes corresponding search acceleration methods, specifically including using the highest precision of the model during e training cycles instead of absolute precision, using the inference speed of individual models estimated by the roofline model instead of the inference speed on the actual device, and reducing the overall target model search time by optimizing the methods for obtaining the inference precision and inference speed of individual models in the population.
[0050] When the attack detection model consists of N Conv-BN-ReLU blocks, and each convolutional layer has M quantization bit width options and K output channel options, the search space size is (M*K). N When there are 4 options for the number of output channels of the convolutional layer, 4 options for the quantization bit width, and the attack detection model consists of 5 Conv-BN-ReLU blocks, then the search space is (4×4). 10 = 1,048,576 possible solutions. Therefore, the search space for attack detection models is large, necessitating the design of an efficient model search method. This invention uses a genetic algorithm to solve this search problem, and the implementation process of the method is described in detail below.
[0051] like Figure 1 As shown, the specific steps of this method mainly include three stages: task analysis stage, search preparation stage, and search stage.
[0052] The task analysis phase mainly includes the analysis and preparation of the research object and research objectives, and the specific steps are as follows:
[0053] Step S1: Determine the target power grid structure and generate an attack detection dataset containing both attack data and normal load data for that power grid.
[0054] Specifically, when building the attack detection dataset, the fake data injection attack data is generated by the user. Furthermore, this method divides each batch of data into a training set (70%) and a validation set (30%).
[0055] Step S2: Determine the performance of the target model. This step mainly analyzes the requirements of the attack detection task on the inference accuracy and inference speed of the target model. Inference accuracy is the primary requirement of the model; the inference accuracy of the searched target model must be greater than the set minimum inference accuracy.
[0056] Step S3: Determine the deployment device for the attack detection model. This step mainly analyzes the storage and computing resources of the device to be deployed, and determines the number of layers N of the attack detection model based on the storage resources of the deployment device. Generally, the more layers and the larger the number of parameters in the model, the higher the inference accuracy of the attack detection model, provided that the number of model parameters meets the memory requirements of the device. Therefore, once the deployment device is determined, the number of layers N of the model needs to be determined based on the device's memory.
[0057] After the task analysis phase is completed, the search preparation phase begins. The search preparation phase primarily involves preparing the model for the search process. The specific steps included in the search preparation phase are as follows:
[0058] Step S4: Build an attack detection model.
[0059] Specifically, this method uses the PyTorch neural network framework, builds a mixed-precision quantization attack detection model based on PyTorch, and sets the number of output channels and quantization bit width of each convolutional layer in the model as variables for the genetic algorithm to search.
[0060] Specifically, the attack detection model mainly consists of several structurally similar blocks, each of which comprises three layers: a Conv layer, a BN layer, and a ReLU layer. In this block structure, the ReLU layer has no parameters, and the parameters of the BN layer are consistent with the number of output channels of the convolutional layer. Therefore, for this block structure, the parameters to be searched are only the number of output channels Cout of the convolutional layer and the quantization bit width Bk of the convolutional layer. The alternative schemes [C1, C2, ..., Ck] for the number of output channels Cout of the convolutional layer in the attack detection model, and the alternative schemes [B1, B2, ..., Bm] for the quantization bit width Bk of each convolutional layer are determined.
[0061] Specifically, the formula for implementing model mixture precision quantization is as follows:
[0062]
[0063] Where q and r are the quantized value and the original floating-point value, respectively, s and zp are the scaling factor and zero point, and round(·) represents the floor function. s and zp can be calculated as follows:
[0064]
[0065]
[0066] Where, r max and r min q represents the largest and smallest number in the original floating-point values, respectively. max and q min These represent the maximum and minimum values in the quantized value, respectively. Mixed-precision quantization involves k-bit quantization of the original floating-point value. When the quantization bit width is k, the range of the quantized value q is: q max -q min =2 k -1.
[0067] Step S5: Set the genetic algorithm parameters.
[0068] Specifically, the parameters of a genetic algorithm mainly include the number of individuals in the population, mutation rate, crossover rate, and number of population iterations. These parameters need to be set according to the actual situation, taking into account both the performance of the search model and the convergence speed of the search process.
[0069] Step S6: Determine the fitness function. In the genetic algorithm's search process, individual selection is based on the fitness function. To find well-performing model individuals from the population, a suitable fitness function should be designed. In the attack detection model search process, the fitness function is set primarily from the perspectives of the model's inference accuracy and inference speed.
[0070] Specifically, the fitness function F(X) i The calculation formula for ) is as follows:
[0071]
[0072] Where, A(X) i ) and L(X i ) represent model X respectively i The reasoning accuracy and reasoning speed, A minThis represents the minimum accuracy requirement for the model. The value of ω needs to be determined based on the actual performance requirements. When the actual task requires high inference speed from the attack detection model, a larger ω value should be set; conversely, when the actual task requires high inference accuracy from the attack detection model, a smaller ω value should be set. During the model search process, since model accuracy is primacy in performance requirements, if the inference accuracy of an individual model is lower than the required minimum accuracy, this individual is not considered, and its fitness value is set to 0.
[0073] After the search preparation phase is completed, the search phase begins. The search phase involves multiple population iterations to find the target model and uses search acceleration methods to speed up the convergence of the genetic algorithm. The specific steps included in the search phase are as follows:
[0074] Step S7: Population individual search iteration.
[0075] The encoding method for individuals in the population is determined. When encoding individuals in the population, this method uses binary encoding to represent the specific number of output channels and quantization bit width of the convolutional layer in the attack detection model. Specifically, the decimal number d converted from binary encoding is used to represent the d-th number in the scheme list corresponding to the number of output channels or quantization bit width of the convolutional layer. That is, the number of output channels is set to Cd, and the quantization bit width of the layer is set to Bd.
[0076] In each iteration of the genetic algorithm, the encoded genotype is first decoded to determine the parameter configuration of each individual model (number of output channels and quantization bit width of the convolutional layer); then the individual model is trained and the inference accuracy A(X) of the individual model is obtained. i Meanwhile, based on the roofline model [WILLIAMS S, WATERMAN A, PATTERSON D. Roofline: an insightful visual performance model for multicore architectures[J]. Communications of the ACM, 2009, 52(4): 65-76.], the inference speed L(X) of the individual model is obtained. i Then, calculate the fitness function value of each individual; and select individuals from the population for crossover and mutation, finally obtaining the genotype of the offspring for the next iteration.
[0077] Step S8: Search Acceleration. In the model search process based on genetic algorithms, only after determining the inference speed L(X) of each individual in the population... i ) and inference accuracy A(X) i Only after determining the specific value of A(X) can individual selection and further population iterations proceed. However, A(X)i Obtaining the value of L(X) requires model training, a process that takes a long time. Simultaneously, the inference speed L(X) is slow. i It also requires deploying the trained model on actual hardware to obtain the desired result, which is a time-consuming process.
[0078] To accelerate the model search process and reduce search time, this method optimizes the acquisition of inference accuracy and speed for individual models in the population. First, by setting the number of training iterations *e*, the highest accuracy of an individual model during *e* training iterations is selected as the model's inference accuracy A(X). i The search is performed. Secondly, to obtain the inference speed of individual populations, this method uses a roofline model to predict the inference speed L(X) of individual models on the target device. i ).
[0079] When predicting the inference speed of an individual population using a roofline model, the model's computational parameters and the hardware parameters of the deployment equipment need to be considered. The model's computational parameters mainly include the computational complexity M. c And the number of parameters M of the model m The hardware parameters of the device mainly include the peak computing power π and memory bandwidth β of the computing unit, and the roofline model is as follows: Figure 2 As shown.
[0080] exist Figure 2 In the diagram, the slope β of the triangular region represents the device's memory bandwidth. max The maximum computational intensity of the hardware device is used to describe the amount of computation performed per unit of memory data when the algorithm accesses memory, as shown in the following formula:
[0081]
[0082] According to I max The value can be Figure 2 It is divided into a memory bandwidth-constrained region on the left (a triangular area) and a computational resource-constrained region on the right. Figure 2 The left-hand triangular region in the diagram represents the area where the model's computational intensity I is less than the device's maximum computational intensity I. max At this point, the theoretical performance of the model is entirely determined by the bandwidth limit β of the computing platform and the computational intensity I of the model itself. The computational speed P of the model on the current device is shown in the following formula:
[0083] P = I × β
[0084] When the computational intensity I of the model is greater than or equal to the maximum computational intensity I of the device maxAt that time, the calculation speed of the model is limited by the computing power π of the computing platform. No matter how the computing intensity I changes, the calculation speed remains constant at π.
[0085] Therefore, the inference speed of the model L(X) i The complete calculation formula is as follows:
[0086]
[0087] Among them, M c M represents the computational cost of the model. m π represents the number of parameters in the model, π represents the peak computing power of the device's computing unit, β represents the memory bandwidth, and I represents the computational intensity of the model. max P represents the maximum computational intensity of the device, and P represents the computational speed of the model on the current device.
[0088] Step S9: Target Model Retraining. After the population iteration is complete, the model with the highest fitness function during the population iteration is selected as the target model. Since only e training iterations were performed during the search process to accelerate the search, the resulting model is underfitting. Therefore, it is necessary to retrain this model to improve its accuracy. Example
[0089] This invention provides an embodiment for searching a lightweight attack detection model for the IEEE 118-Bus power grid system. The target model has a minimum accuracy of 85%, the target deployment device is a Raspberry Pi 4B, the model contains 5 Conv-BN-ReLU blocks, the alternative output channels for each convolutional layer are [32, 64, 128, 256], and the alternative quantization bit width for each layer is [1, 2, 4, 8]. Therefore, the search space size for the model under this task is 16. 5 =1048576.
[0090] The structure diagram of the target model is as follows Figure 3 As shown, the model consists of five convolutional layers and one fully connected layer. The first convolutional layer is mainly used to input data and map it to a specific dimension, while the last fully connected layer is mainly used for result prediction. To ensure the accuracy of the quantized model, this method does not perform quantization on the first convolutional layer and the last fully connected layer.
[0091] When searching for a target attack detection model based on a genetic algorithm, this embodiment encodes individuals in the population as follows: Considering that each block in the model has 16 parameters that need to be searched and determined, each block can be encoded using a 4-bit binary number. When the model consists of N blocks, the genotype length of each individual in the population is 4N. The genotype and encoding / decoding diagram of the population individuals is shown below. Figure 4 As shown.
[0092] When solving for the fitness value of each individual model in the population, the fitness function used in this embodiment is as follows:
[0093]
[0094] The fitness function primarily considers the inference accuracy and inference speed of individual models, while requiring a minimum accuracy of 85%. Furthermore, the weighting term ω between inference accuracy and inference speed is set to 10.
[0095] In accelerating the search algorithm, this embodiment uses a Raspberry Pi 4B as the target deployment device. This device can provide a peak computing power of 40 GFLOPS and a memory bandwidth of 3 GB / s. Therefore, the maximum computing intensity of this device is 13.33 FLOPs / Byte. Based on this device, the inference speed prediction formula for the population individual model is as follows:
[0096]
[0097] Experimental analysis showed that the model's accuracy began to converge after 60 training iterations and fluctuated within a certain range. To obtain the inference accuracy of individual models more quickly, this embodiment sets the number of training iterations, e, to 60.
[0098] During the target model search process, the search hyperparameters in this embodiment are set as follows: mutation rate is set to 0.05, crossover rate is set to 0.85, population size is set to 50, and population iteration count is set to 10.
[0099] After searching, the first convolutional layer and the last fully connected layer of the obtained model were found to be unquantized, the second and fourth convolutional layers were 8-bit quantized, and the third and fifth convolutional layers were 4-bit quantized. After retraining, the model achieved an accuracy of 92%, meeting practical performance requirements, and the quantized model also had a faster inference speed.
[0100] The experimental results above show that the proposed lightweight model automatic search method can be applied to actual power grid scenarios, searching for lightweight attack detection models that meet the corresponding performance requirements. While improving the speed of model attack detection, it greatly reduces the difficulty of model design and search, thus verifying the effectiveness of the proposed method.
[0101] The above description is merely a preferred embodiment of the present invention. Although the present invention has been disclosed above with reference to preferred embodiments, it is not intended to limit the present invention. Any person skilled in the art can make many possible variations and modifications to the technical solutions of the present invention using the methods and techniques disclosed above, or modify them into equivalent embodiments with equivalent changes, without departing from the scope of the technical solutions of the present invention. Therefore, any simple modifications, equivalent changes, and modifications made to the above embodiments based on the technical essence of the present invention without departing from the content of the technical solutions of the present invention shall still fall within the protection scope of the technical solutions of the present invention.
Claims
1. A lightweight automatic model search method for detecting fake data injection attacks on power grids, characterized in that, This method includes a task analysis phase, a search preparation phase, and a search phase; The task analysis phase includes the analysis and preparation of the research object and research objectives, and the steps are as follows: S11, Determine the target power grid structure and generate an attack detection dataset containing attack data and normal load data under the power grid; S12, determine the performance of the target model and analyze the requirements of the attack detection task on the inference accuracy and inference speed of the target model; S13, determine the deployment device of the attack detection model, analyze the storage and computing resources of the deployment device, and determine the number of layers of the attack detection model based on the storage resources of the deployment device; The search preparation phase prepares the model for the search process, and the steps are as follows: S21. Based on PyTorch, build an attack detection model with mixed precision quantization, and set the number of output channels and quantization bit width of each convolutional layer in the model as variables for genetic algorithm search; determine the alternative schemes for the number of output channels of the convolutional layers in the attack detection model, and the alternative schemes for the quantization bit width of each convolutional layer. S22, set the genetic algorithm parameters, including the number of individuals in the population, mutation rate, crossover rate, and number of iterations; S23, Determine the fitness function; During the search process of the attack detection model, the fitness function is set from the perspectives of the model's inference accuracy and inference speed. The search phase involves multiple population iterations to find the target model, and a search acceleration method is used to speed up the convergence of the genetic algorithm. The steps are as follows: S31, Population Individual Search Iteration: Determine the encoding method of the individuals in the population; in each iteration of the genetic algorithm, firstly, decode the encoded genotype to determine the parameter configuration of each individual model, including the number of output channels and quantization bit width of the convolutional layer, then train the individual model and obtain the inference accuracy of the individual model, and at the same time obtain the inference speed of the individual model based on the roofline model, and then calculate the fitness function value of each individual; select individuals from the population for crossover and mutation, and finally obtain the genotype of the offspring for the next iteration process; S32, Search Acceleration: Optimize the method for obtaining the inference accuracy and inference speed of individual models in the population, including: setting the model training times value e and selecting the highest accuracy of the individual model during the e training times as the model's inference accuracy for search; in order to obtain the inference speed of the population individuals, predict the inference speed of the individual model on the target device based on the roofline model. S33, Target Model Retraining: After the population iteration is completed, select the model with the highest fitness function during the population iteration as the target model.
2. The lightweight automatic model search method for detecting fake data injection attacks in power grids according to claim 1, characterized in that, When building the attack detection dataset, the fake data injection attack data was generated by ourselves; 70% of each batch of data was divided into training set and 30% into validation set.
3. The lightweight automatic model search method for detecting fake data injection attacks in power grids according to claim 1, characterized in that, The inference accuracy is a primary requirement of the model; the inference accuracy of the target model searched must be greater than the set minimum inference accuracy.
4. The lightweight automatic model search method for detecting fake data injection attacks in power grids according to claim 1, characterized in that, When the number of model parameters meets the device's memory requirements, the more layers and the larger the number of parameters in the model, the higher the inference accuracy of the attack detection model. Once the device to be deployed is determined, the number of model layers N needs to be determined based on the device's memory.
5. A lightweight automatic model search method for detecting fake data injection attacks in power grids, as described in claim 1, is characterized in that... The attack detection model consists of several blocks, each block consisting of a convolutional Conv layer, a batch normalized BN layer, and a linear rectified ReLU layer; the ReLU layer has no parameters, and the parameters of the BN layer are the same as the number of output channels of the convolutional layer; The parameters to be searched are only the number of output channels Cout of the convolutional layer and the quantization bit width Bk of the convolutional layer.
6. The lightweight automatic model search method for detecting fake data injection attacks in power grids according to claim 1, characterized in that, The formula for implementing model mixture precision quantization is as follows: Where q and r are the quantized value and the original floating-point value, respectively; s and zp are the scaling factor and the zero point, respectively; and round(·) represents the floor function. s and zp are calculated as follows: in, and These represent the largest and smallest numbers in the original floating-point values, respectively. and These represent the maximum and minimum values in the quantized value, respectively. Mixed-precision quantization involves k-bit quantization of the original floating-point value. When the quantization bit width is k, the range of the quantized value q is: .
7. The lightweight automatic model search method for detecting fake data injection attacks in power grids according to claim 1, characterized in that, fitness function The calculation formula is as follows: in, and Representing the model respectively The accuracy and speed of reasoning This indicates the minimum accuracy requirement for the model; The setting needs to be determined based on the actual performance requirements. When the actual task requires a high inference speed from the attack detection model, a larger setting should be used. Value; conversely, when the actual task requires high inference accuracy from the attack detection model, a smaller value should be set. During the model search process, since model accuracy is of paramount importance in performance requirements, if the inference accuracy of an individual model is lower than the required minimum accuracy, this individual will not be considered and its fitness value will be set to 0.
8. The lightweight automatic model search method for detecting fake data injection attacks in power grids according to claim 1, characterized in that, When encoding individuals in the population, binary encoding is used to represent the specific number of output channels and quantization bit width of the convolutional layer in the attack detection model.
9. A lightweight automatic model search method for detecting fake data injection attacks in power grids according to claim 1, characterized in that, When predicting the inference speed of an individual population model based on a roofline model, the model's computational parameters and the hardware parameters of the deployment device need to be considered; the model's computational parameters include the computational cost of the model. and the number of model parameters The device's hardware parameters include the peak computing power (π) of the computing unit and memory bandwidth. ;Model Reasoning speed The calculation formula is as follows: in, For the computational strength of the model, This represents the maximum computational intensity of the equipment. This refers to the computation speed of the model on the current device.
10. A lightweight automatic model search method for detecting fake data injection attacks in power grids according to claim 1, characterized in that, Because the model was only trained a set number of times to accelerate the search process, it is underfitting and needs to be retrained to improve its accuracy.