Method for detecting model version update based covert attack on power grid data
By employing a combination of LIME and LOF algorithms in the power grid data analysis system to extract feature values and perform outlier detection, the problem of detecting covert attacks is solved, achieving efficient and accurate anomaly identification and improving the system's security and stability.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ELECTRIC POWER RES INST CHINA SOUTHERN POWER GRID CO LTD
- Filing Date
- 2024-07-19
- Publication Date
- 2026-06-23
Smart Images

Figure CN118921199B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of smart grid applications involving model version updates, and in particular to a method for detecting covert attacks based on model version updates for secure sharing of power grid data. Background Technology
[0002] In today's digital and internet-driven era, the security of the power grid as infrastructure is of paramount importance. With the development of smart grids, the collection, transmission, and analysis of grid data have become increasingly complex and critical. However, this centralization and processing of large-scale data also brings new security challenges, particularly for data analysis systems based on model version updates, which pose potential risks of covert attacks.
[0003] Model version updates, as an emerging distributed learning method, allow model training while protecting data privacy. It protects data privacy by performing computations on devices or local data without transmitting raw data to a central server. However, this decentralized computation also provides potential opportunities for malicious attackers to implant backdoors. Covert attacks on power grid data can lead to serious consequences, such as paralysis of control systems, malicious control of power grid operation, information leakage, or data tampering. Therefore, ensuring the security of power grid data analysis systems based on model version updates is crucial. Currently, researchers are actively exploring various methods to detect and prevent these potential covert attacks.
[0004] One of the key challenges in this research is how to effectively monitor and identify potential backdoors while ensuring data privacy. Traditional security mechanisms may not be directly applicable to model update environments because data is not centrally stored in a single location but distributed across multiple devices or data centers. Therefore, new algorithms and technologies need to be developed to adapt to this distributed learning and data analysis model. Another important research direction is how to enhance the accuracy and real-time performance of detection mechanisms without sacrificing system performance and efficiency. Model update systems typically require data exchange and model updates between multiple power grid users, which demands that the security detection system possess sufficient response speed and real-time performance, as well as a high degree of adaptability to cope with constantly changing attack threats and patterns.
[0005] Given the critical nature of the power grid as a key infrastructure, any security solution must consider the system's stability and reliability. The introduction of security measures should not impose additional burdens or risks on the normal operation of the power grid, but should be compatible with existing operation and maintenance processes and technical architectures. With the development and application of power grid data analysis systems based on model version updates, research into protecting these systems from covert attacks is particularly urgent. Through in-depth research and the application of innovative technologies, we can effectively improve the security and anti-attack capabilities of power grid data analysis systems, thereby ensuring the stable operation of the power grid and the protection of data privacy. Currently, there are no patents similar to this invention, either domestically or internationally. Summary of the Invention
[0006] This invention addresses the lack of effective methods for detecting covert attacks in existing model updates. It provides a method that utilizes LIME to extract feature values for each power grid user in each training round, and then uses a two-round outlier detection algorithm to quickly and effectively detect attackers or abnormal behavior. Compared to traditional attacks that target either centralized scenarios (characterized by the detection algorithm's access to all training datasets) or data poisoning attacks (characterized by attackers attempting to disrupt model convergence, resulting in uploaded gradient data that is significantly different from that of normal users), covert attacks are more covert, do not require access to other data, and behave similarly to ordinary models in the absence of backdoors, making detection much more difficult.
[0007] This invention is achieved through the following technical solution:
[0008] A method for detecting covert attacks based on model version updates targeting power grid data, characterized by including:
[0009] Model training phase: Each grid user trains a smart grid sub-model locally and uploads it to the central integration node of the grid for integration. After integrating all the smart grid sub-models, the central integration node distributes them to each grid user for the next training of the smart grid sub-model.
[0010] User model feature extraction stage: Feature extraction is performed on the smart grid sub-models trained locally by power grid users in each round.
[0011] User anomaly detection phase: Detecting whether there are any power grid users who have been abnormally attacked through outlier detection algorithms.
[0012] Furthermore, during the model training phase: the central node of the power grid randomly initializes the model and distributes it to each power grid user. The learning rate η during smart grid model training and the proportion C of the number of power grid users selected for each model update training are determined.
[0013] In training round t, for each individual grid user k, the global model parameters G are calculated at the current stage. t-1 Below is the gradient data calculated by the user on the local model dataset.
[0014] After obtaining this gradient data, the grid users will upload it to the central grid node for aggregation. After aggregation, the central grid node will update the overall parameters. The aggregated model is then distributed to each grid user.
[0015] Further user model feature extraction stage: In the training of each round of model version update, feature extraction and influence factor of each feature are performed on the smart grid sub-model trained for each grid user.
[0016] Furthermore, the selection of data for the model can be a subset of data used by each power grid user during training, or a representative test dataset, ensuring that the selected data covers all important features and possible boundary cases. Then, the data is standardized or normalized to ensure that the data characteristics of different power grid users are on the same scale. Finally, missing values, outliers, and noise are addressed to guarantee data quality.
[0017] Furthermore, each grid user trains its own smart grid sub-model and synchronizes it with the overall model of the central grid node. The central grid node also records the model parameters and key data features of each grid user during the training process. These features may include grid operating parameters, equipment status, etc.
[0018] Furthermore, LIME is applied for model interpretation, selecting input data points x used during the training process for each power grid user. Disturbance data is generated in the vicinity of x to construct a disturbance dataset D. x For the perturbation dataset D x Using the sub-model for prediction, we obtain the model's predicted output f(D). x According to the perturbation dataset D) x The prediction results f(D) of the sub-model x ), train an interpretable model g.
[0019] Furthermore, feature contribution analysis, through interpreting the model, analyzes the contribution of each feature to the model's predictions on selected samples. In the fitted interpretive model, different methods can be used to analyze the contribution of each feature to the model's predictions on selected samples. For linear models, the coefficient of a feature represents its contribution. A larger coefficient indicates that the feature has a greater impact on the model output. A Shapley value can also be calculated for each feature. The Shapley value evaluates the impact of each feature on the model output by considering different permutations and combinations of features, and is suitable for interpreting models with nonlinear relationships.
[0020] Furthermore, using the feature weights and feature values of each sub-model extracted above, user anomaly detection is performed through an outlier detection algorithm. The main step is to perform detailed screening through the local outlier factor algorithm.
[0021] The Local Outlier Factor (LOF) algorithm is used to screen out abnormal power grid users in detail, calculating the local neighborhood density of samples in the feature space. The LOF score represents the ratio of the density of each sample relative to its neighborhood to the density of other samples in the neighborhood. Generally, an LOF score significantly higher than 1 is considered an outlier.
[0022] The formula for the locally reachable density of point P is:
[0023] O is a locally reachable point of P.
[0024] The formula for the local anomaly factor at point P is:
[0025] Compared with the prior art, the beneficial effects of the present invention are:
[0026] This invention effectively defends against covert attacks similar to stealth attacks launched by attackers in model version update environments. It employs the LIME (Model-Independent Modeling) approach for feature extraction and the weights of each feature. LIME is a model- and data-independent method applicable to any type of model and data, thus ignoring differences in models and data between individual power grid users to extract features and their weights. Feature values are then extracted using a linear model and Shapley algorithm. Furthermore, this invention utilizes the LOF (Local Outlier Factor) algorithm for outlier detection, significantly improving the accuracy and efficiency of the detection algorithm. The LOF algorithm has several advantages. First, it can identify more subtle outliers by analyzing local density differences among data points. LOF determines whether a data point is an outlier by comparing its density with that of its neighbors. Therefore, LOF can detect not only points that deviate significantly from the overall data distribution but also points that are anomalous within local regions. Compared to outlier detection methods based solely on global statistical features, LOF provides more refined anomaly detection results, particularly excelling when data distributions are complex or local anomalies exist. This method ensures both high efficiency and accuracy in the entire detection process, providing strong security guarantees for model version updates. The application of the LOF algorithm guarantees the robustness and precision of the detection algorithm, helping to maintain high-level detection performance in various complex data environments. Attached Figure Description
[0027] Other features, objects, and advantages of the present invention will become more apparent from the following detailed description of non-limiting embodiments with reference to the accompanying drawings:
[0028] Figure 1 This is a flowchart of an embodiment of the method for detecting covert attacks based on model version updates for power grid data according to the present invention. Detailed Implementation
[0029] The specific embodiments of the present invention will now be described in detail with reference to the accompanying drawings and preferred embodiments.
[0030] A detection scheme for detecting covert attacks in power grid data based on model version updates during model training or iteration.
[0031] This solution for detecting covert attacks is based on feature extraction and outlier detection for power grid users. Since data is not shared between different smart grid sub-models with varying model versions, and each power grid user's model and data type may differ, we employ the LIME method for feature extraction. LIME is a model- and data-independent method that can be used with any type of model and data, thus ignoring the differences in models and data between power grid users to extract features and the weights of each feature. Furthermore, this invention uses LOF (Local Outlier Factor) for outlier detection. LOF can deeply analyze the local density differences of data points, identifying outliers by comparing the local density of each data point and its neighbors. Compared to other algorithms, LOF has higher flexibility and adaptability when processing multidimensional datasets, effectively detecting more covert outliers, especially in cases of uneven data distribution. Through this method, this invention achieves accurate outlier identification, improving detection accuracy and efficiency.
[0032] Figure 1 This is a flowchart of an embodiment of the method for detecting covert attacks based on model version updates for power grid data according to the present invention.
[0033] like Figure 1 As shown, the method for detecting covert attacks on model version updates in a smart grid provided in this embodiment can be divided into three parts: S1, Model Training Stage: Each grid user trains a smart grid sub-model locally and uploads it to the central integration node of the grid for integration. After integrating all the smart grid sub-models, the central integration node distributes them to each grid user for the next training of the smart grid sub-model. S2, User Model Feature Extraction Stage: Features are extracted from the smart grid sub-models trained locally by grid users in each round. S3, User Anomaly Detection Stage: An outlier detection algorithm is used to detect whether there are grid users who have been abnormally attacked.
[0034] In this embodiment S1, the central node of the power grid randomly initializes the model and distributes it to each power grid user. The learning rate η during smart grid model training and the proportion C of the number of power grid users selected during each smart grid model update training are determined. In training round t, for each individual power grid user k, the global smart grid model parameters G are calculated. t-1 Below, gradient data calculated by grid users on local smart grid model datasets. After obtaining this gradient data, the power grid users will upload it to the central node in the power grid for aggregation. After aggregation, the central node will update the overall parameters. The aggregated model is then distributed to each grid user.
[0035] In S2 of this embodiment, feature extraction of the model involves extracting the features of each grid user after each smart grid sub-model is trained, and reserving these features as samples for outlier detection. For example... Figure 1 As shown, the feature extraction steps include four steps: S201, data collection and preparation; S202, training model version and updating sub-models; S203, applying LIME for model interpretation; and S204, feature contribution analysis.
[0036] S201 refers to the data collected by the central power grid node from each power grid user for training their smart grid sub-model. This data can be a subset of the data used by each user during training or a representative test dataset, ensuring that the selected data covers all important features and possible boundary conditions. The data is then standardized or normalized to ensure that the data characteristics of different power grid users are on the same scale. Finally, missing values, outliers, and noise are addressed to guarantee data quality.
[0037] Furthermore, in S202, each grid user trains its own model and synchronizes it with the overall model at the central grid node. The central grid node also records the model parameters and key data features of each grid user during the training process. These features may include grid operating parameters, equipment status, etc.
[0038] Furthermore, in S203, LIME is used for model interpretation, selecting the input data point x used during the training process for each grid user. Perturbation data is generated in the vicinity of x; these perturbation data points are obtained by slightly modifying x, with the aim of generating a dataset similar to x but slightly different. The goal of this step is to observe the model's behavior on these similar data points, thereby understanding the model's prediction mechanism for x. All generated perturbation data points are then aggregated into a perturbation dataset D. x This dataset contains multiple samples that closely approximate the original data point x. For the perturbed dataset D... x Using the sub-model for prediction, we obtain the model's predicted output f(D). x ). Disturb the dataset D x and its corresponding prediction result f(D) x Using the sub-model f(D) as training data, train an interpretable model g. The goal of the training process is to make the interpretable model g approximate the prediction behavior of the sub-model on the perturbed dataset as closely as possible. This means that the prediction results of g should be similar to the prediction results of the sub-model f(D) on these perturbed data points. x As similar as possible.
[0039] Furthermore, in S204, the LIME method is used to obtain the contribution or influence of each feature in the model prediction. These contributions help to understand the importance of each feature in predicting the power grid operating state. By interpreting the model, the contribution of each feature to the model's prediction on selected samples is analyzed. In the fitted interpretive model, different methods can be used to analyze the contribution of each feature to the model's prediction on selected samples. For linear models, the coefficient of a feature is its contribution. A larger coefficient indicates that the feature has a greater influence on the model output. The Shapley value for each feature can also be calculated. The Shapley value evaluates the influence of each feature on the model output by considering different permutations and combinations of features, and is suitable for interpreting models with nonlinear relationships.
[0040] In this embodiment S3, the outlier detection module uses the extracted feature values and feature weights as input each time to filter out outlier points, i.e., anomalies. For example... Figure 1 As shown, this step is mainly divided into two steps: S301, calculate the local reachability density; S302, find the local anomaly factor.
[0041] Where S301 is the reciprocal of the average reachable distance from point P to points in its k-neighborhood (“local”), and O is a locally reachable point of P. The specific formula is as follows:
[0042]
[0043] The significance of taking the reciprocal: It allows for a cognitive consistency between distance and density: the greater the distance, the lower the density.
[0044] k-distance neighborhood: Among the points closest to data point P, the distance between the k-th nearest point and point P is called the k-nearest neighbor distance of point P, denoted as k-distance(p). This defines the concept of "local" in the local anomaly factor algorithm. A circle is drawn with point P as the center and the k-nearest neighbor distance as the radius; the area within this circle is the k-distance neighborhood.
[0045] In S302, based on the definition of local reachability density, if a data point has a similar average density to its surrounding data points (for now, let's only consider density and temporarily forget about distance to avoid confusion), then their ratio should approach 1. Therefore, the LOF algorithm measures the anomaly of a data point not by its absolute local density, but by its relative density to its neighboring points, i.e., the concept of a ratio. Thus, the local anomaly factor is defined using local density. The local anomaly factor of data point P is the ratio of the average local reachability density of points in the k-neighborhood of point P to the local reachability density of point P itself, as shown in the following formula.
[0046]
Claims
1. A method for detecting covert attacks based on model version updates targeting power grid data, characterized in that, include: Model training phase: Each grid user trains a smart grid sub-model locally and uploads it to the central integration node of the grid for integration. After the central integration node integrates all smart grid sub-models, it updates the global model and distributes the updated global model to each grid user for use in the next training and optimization of the smart grid sub-model. User model feature extraction stage: Using the Locally Interpretable Model-Relevant Interpretation (LIME) method, features are extracted from the smart grid sub-models trained locally by grid users in each round, and the contribution of each feature to the model prediction is calculated; specifically including: S201, Data Collection and Preparation: Collect data from each grid user for training the sub-model; S202, Training the Smart Grid Sub-Model: Each grid user trains its own model. During the training process, the prediction behavior of each sub-model on local data is recorded. This prediction behavior includes the prediction results and the corresponding input features. S203, Applying LIME for model interpretation: S2031 selects the input data point 𝑥 used in the training process for each power grid user; S2032 generates perturbation data near point 𝑥, constructing the perturbation dataset D. x ; S2033 perturbation dataset 𝐷 𝑥 Using the sub-model for prediction, we obtain the predicted output 𝑓(D) x According to the perturbation dataset D x The prediction result of the sub-model is 𝑓(D) x Train an interpretable model g; S204, Feature Contribution Analysis: Analyze the contribution of each feature to the prediction of the model g on selected samples; User anomaly detection phase: Based on the extracted features and their contribution, the Local Outlier Factor (LOF) outlier detection algorithm is used to screen power grid users and identify those under covert attacks. Specifically, for all power grid users, their local neighborhood density in the feature space is calculated. The formula for the local reachability density of point P is as follows: O is a locally reachable point of P; The formula for the local anomaly factor at point P is: 。 2. The method for detecting covert attacks based on model version updates targeting power grid data according to claim 1, characterized in that, The model training phase specifically includes: The central integration node of the power grid randomly initializes the smart grid model and distributes it to each power grid user; Determine the learning rate during smart grid model training And the proportion C of the number of grid users selected during each round of smart grid model update training to all grid users; For each grid user k, based on the global model parameters Calculate local gradient data t represents the number of training iterations, and the data is uploaded to the central integration node of the power grid. The central integration node of the power grid updates the global model parameters based on the uploaded gradient data. The updated global model parameters are then distributed to each grid user.
3. The method for detecting covert attacks based on model version updates targeting power grid data according to claim 2, characterized in that, S201, Data Collection and Preparation: Collect data from each power grid user for training the sub-model, specifically: First, select a set of input data points for interpretation. This could be a portion of the data used by each power grid user during training, or a representative test dataset. Ensure that the selected data covers all important features and possible boundary cases. Then, the data is standardized or normalized to ensure that the data characteristics of different power grid users are on the same scale; Finally, missing values, outliers, and noise are handled to ensure data quality.
4. The method for detecting covert attacks based on model version updates targeting power grid data according to claim 3, characterized in that, The representative test dataset includes normal data and possible anomalous data, and it is necessary to ensure that the selected data covers all important features and possible boundary cases.