An intelligent anti-theft power distribution system and method, electronic device and storage medium

By combining a multi-dimensional perception system and Bayesian network probabilistic reasoning with temperature field analysis, an intelligent anti-electricity theft distribution system was constructed. This system solves the problem of the single detection dimension in traditional distribution systems and achieves high-sensitivity identification and low false alarm rate response to complex electricity theft behaviors.

CN120955896BActive Publication Date: 2026-07-07BARCELONA ELECTRIC TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BARCELONA ELECTRIC TECH CO LTD
Filing Date
2025-08-06
Publication Date
2026-07-07

Smart Images

  • Figure CN120955896B_ABST
    Figure CN120955896B_ABST
Patent Text Reader

Abstract

An intelligent anti-theft electricity distribution system, method, electronic device and storage medium, the system comprises: a data acquisition module configured to acquire current data, power data and temperature data of a power distribution line; a data processing module configured to perform spatio-temporal alignment processing on the current data and the temperature data to obtain a current temperature data matrix, and construct a node current balance equation based on the current temperature data matrix and the power data; a confidence generation module configured to construct a Bayesian network based on a preset historical electricity theft case library, input a calculation result of the node current balance equation into the Bayesian network for time series probability inference calculation to obtain a electricity theft behavior confidence; an instruction generation module configured to match a preset risk level according to the electricity theft behavior confidence, and generate a risk disposal instruction according to the risk level; and an execution module configured to determine a target line to perform a target operation according to the risk disposal instruction. The technical solution provided by the present application can solve the technical problem of single detection dimension.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the technical field of power distribution technology, specifically to an intelligent anti-theft power distribution system, method, electronic device, and storage medium. Background Technology

[0002] With the continuous growth of electricity demand, electricity theft has become an increasingly serious problem, causing huge economic losses to power companies and users. Traditional power distribution systems lack effective anti-theft measures, making it difficult for power companies to accurately monitor and identify electricity theft activities.

[0003] Currently, common methods for preventing electricity theft mainly include the following: regularly inspecting meters and lines to detect theft; installing smart meters with remote communication capabilities to monitor electricity consumption in real time; and installing current sensors to monitor abnormal line currents. However, existing technologies generally suffer from limited detection capabilities and are insufficient to effectively combat increasingly sophisticated electricity theft methods. Summary of the Invention

[0004] To address the technical problem of limited detection dimensions, this application provides an intelligent anti-theft power distribution system, method, electronic device, and storage medium.

[0005] The first aspect of this application provides an intelligent anti-theft power distribution system:

[0006] The data acquisition module is used to acquire current data, power data, and temperature data of the power distribution lines.

[0007] The data processing module, connected to the data acquisition module, is used to perform spatiotemporal alignment processing on the current data and the temperature data to obtain a current-temperature data matrix, and to construct a node current balance equation based on the current-temperature data matrix and the electrical quantity data.

[0008] The confidence generation module is connected to the data processing module and is used to construct a Bayesian network based on a preset historical electricity theft case library. The calculation results of the node current balance equation are input into the Bayesian network to perform time-series probabilistic inference calculation to obtain the confidence of electricity theft behavior.

[0009] The instruction generation module, connected to the confidence generation module, is used to match a preset risk level based on the confidence level of the electricity theft behavior, and generate a risk handling instruction based on the risk level.

[0010] The execution module, connected to the instruction generation module, is used to determine the target route and perform the target operation based on the risk handling instruction.

[0011] By adopting the above technical solutions, a multi-dimensional sensing system integrating current, power, and temperature data is established. A dual verification mechanism combining physical constraint benchmarks and Bayesian network probabilistic inference is constructed using the node current balance equation. This accurately identifies the coupling characteristics of current anomalies, temperature rise distortions, and power fluctuations, extending single power monitoring to multi-domain collaborative analysis of electricity, heat, and time frequency, and enabling cross-dimensional capture of complex electricity theft behaviors. This completely solves the technical shortcomings of traditional anti-electricity theft technologies with their single detection dimension.

[0012] Optionally, the data processing module includes:

[0013] A spatiotemporal calibration unit is used to perform spatiotemporal alignment processing on the current data and the temperature data to obtain a current-temperature data matrix.

[0014] A dual-domain feature unit, connected to the spatiotemporal calibration unit, is used to extract time-domain fluctuation features and frequency-domain harmonic features from the current-temperature data matrix.

[0015] The physical constraint unit, connected to the dual-domain feature unit, is used to fuse the time-domain fluctuation feature, the frequency-domain harmonic feature, and the power data to obtain the corrected load current, and to construct the node current balance equation based on the corrected load current.

[0016] By adopting the above technical solutions, the spatiotemporal calibration unit timestamps and maps the spatial location of current and temperature data, eliminating sensor sampling delay and position deviation, and constructing an accurate current and temperature data matrix. The dual-domain feature unit then extracts time-domain fluctuation features (such as current jump slope) and frequency-domain harmonic features (such as 3rd / 5th harmonic distortion rate) from this matrix, breaking through the limitations of single steady-state power analysis. The physical constraint unit integrates time-frequency domain features with real-time power data, generates an anti-interference corrected load current through a load current dynamic correction algorithm (such as weighted least squares estimation), and constructs a more robust node current balance equation based on Kirchhoff's laws, thereby improving the accuracy of current anomaly detection in strong noise environments.

[0017] Optionally, the confidence generation module includes:

[0018] The network construction unit is used to construct the Bayesian network based on the current balance deviation, temperature-current coupling coefficient, and power change flag data in the historical electricity theft case database.

[0019] The confidence inference unit, connected to the network construction unit, is used to input the output of the node current balance equation into the Bayesian network, perform temporal probability inference through the conditional probability table of the Bayesian network, and calculate the initial confidence level of the electricity theft behavior.

[0020] The confidence optimization unit, connected to the confidence inference unit, is used to input the initial confidence of the electricity theft behavior into a preset sliding time window for weighted aggregation calculation to generate the confidence of the electricity theft behavior.

[0021] By adopting the above technical solution, the network construction unit constructs a Bayesian network topology based on current balance deviation, temperature-current coupling coefficient, and power change indicators from the historical electricity theft case database, enabling the model to learn multi-dimensional electricity theft characteristics. The confidence inference unit inputs the output of the node current balance equation into the network and performs dynamic temporal probability inference through a conditional probability table to capture the transient correlation of complex and concealed behaviors such as short-circuit electricity theft and phase shift. The confidence optimization unit uses a sliding time window to weight and aggregate the preliminary confidence, effectively filtering out false peaks caused by instantaneous interference such as equipment start-up and shutdown, generating stable and reliable confidence of electricity theft behavior, and finally achieving high-sensitivity identification and low false alarm warning of complex electricity theft patterns.

[0022] Optionally, the confidence optimization unit includes:

[0023] The weight configuration subunit is used to generate an exponentially decaying weight sequence based on the duration distribution of historical electricity theft cases in the historical electricity theft case database;

[0024] A confidence generation subunit, connected to the weight configuration subunit, is used to aggregate and calculate the confidence of the initial electricity theft behavior within the sliding time window based on the exponentially decaying weight sequence and a weighted average algorithm, so as to obtain the confidence of the electricity theft behavior.

[0025] By adopting the above technical solution, the confidence optimization unit generates an exponentially decaying weight sequence based on the duration distribution of historical electricity theft cases through the weight configuration subunit. This makes the weight of recent data significantly higher than that of earlier data, accurately matching the continuous characteristics of electricity theft. The confidence generation subunit uses this weight sequence to perform weighted aggregation calculation on the preliminary confidence within the sliding window, effectively suppressing the false judgment spikes caused by instantaneous interference such as equipment start-up and shutdown. At the same time, it enhances the signal continuity of long-term latent electricity theft, generating a confidence of electricity theft behavior that combines timeliness and stability. Ultimately, it improves the system's robust identification capability for complex electricity theft patterns such as intermittent short circuits and progressive magnetic interference.

[0026] Optionally, the system further includes a temperature field monitoring module, which is connected to the confidence generation module. The temperature field monitoring module includes:

[0027] A sensor array unit is used to collect spatial temperature data through multiple temperature sensors distributed inside and outside the distribution box;

[0028] A temperature field reconstruction unit, connected to the sensor array unit, is used to construct a three-dimensional temperature field distribution model based on the spatial temperature data.

[0029] The temperature rise analysis unit, connected to the temperature field reconstruction unit, is used to calculate the temperature rise rate of the target area through the three-dimensional temperature field distribution model, and generate an auxiliary electricity theft alarm signal when the temperature rise rate exceeds a preset threshold.

[0030] A confidence correction unit, connected to the temperature rise analysis unit, is used to adjust the confidence level of the electricity theft behavior based on the auxiliary electricity theft alarm signal.

[0031] By adopting the above technical solution, the temperature field monitoring module collects temperature data of the space inside and outside the distribution box through a distributed sensor array, and constructs a three-dimensional temperature field distribution model through the temperature field reconstruction unit, breaking through the limitations of traditional point temperature measurement; the temperature rise analysis unit calculates the temperature rise rate of the target area in real time, and generates an auxiliary electricity theft alarm signal when an abnormal temperature rise is detected (such as local overheating caused by short circuit electricity theft); the confidence correction unit feeds back the signal to the confidence generation module to dynamically correct the confidence of electricity theft behavior, forming a triple cross-validation mechanism of current balance equation-Bayesian network-temperature field distortion, which improves the detection rate of the system for concealed methods such as magnetic heating and currentless electricity theft, while effectively avoiding misjudgment caused by environmental temperature fluctuations.

[0032] Optionally, the instruction generation module includes:

[0033] A threshold matching unit is used to match the confidence level of the electricity theft behavior with a preset risk level to obtain the corresponding risk level;

[0034] The instruction decision unit, connected to the threshold matching unit, is used to generate risk disposal instructions by calling a preset operation protocol library according to the risk level.

[0035] The instruction encoding unit, connected to the instruction decision unit, is used to encapsulate the risk handling instruction into a communication protocol message for output.

[0036] By adopting the above technical solution, the instruction generation module dynamically compares the confidence level of electricity theft with the preset risk level threshold through the threshold matching unit, accurately mapping it to a graded risk identifier; the instruction decision unit calls the preset strategies in the operation protocol library according to the risk level (such as triggering a power outage instruction for high-risk lines and activating a remote alarm for medium-risk lines) to generate a risk handling instruction with a clear target; the instruction encoding unit encapsulates the instruction into a standard communication protocol message with a device address code and a check bit, ensuring reliable transmission of the instruction in the complex environment of the power distribution network, and finally realizing a millisecond-level closed-loop response from confidence analysis to execution terminal control, significantly improving the accuracy of electricity theft handling and the system's anti-interference capability.

[0037] Optionally, the execution module includes:

[0038] The instruction parsing unit is used to parse the device address code, operation type code, and timing parameters in the communication protocol message and generate a cooperative control signal.

[0039] An operation execution unit, connected to the instruction parsing unit, is used to determine the target line based on the cooperative control signal and the device address code, and to execute the target operation based on the cooperative control signal.

[0040] By adopting the above technical solution, the execution module accurately interprets the device address code, operation type code, and timing parameters in the communication protocol message through the instruction parsing unit, and generates a collaborative control signal containing target line location and execution logic; the operation execution unit locks the target line based on the signal, and drives the execution terminal to complete operations such as power outage isolation or alarm linkage according to the operation type code, realizing millisecond-level accurate location and collaborative handling in multi-line electricity theft scenarios, and completely avoiding the problems of target misjudgment and response delay in traditional manual operation.

[0041] A second aspect of this application provides an intelligent anti-theft power distribution method, specifically including:

[0042] Acquire current, power, and temperature data for power distribution lines;

[0043] The current data and the temperature data are spatiotemporally aligned to obtain a current-temperature data matrix. The node current balance equation is constructed based on the current-temperature data matrix and the electrical quantity data.

[0044] A Bayesian network is constructed based on a pre-set historical electricity theft case database. The calculation results of the node current balance equation are input into the Bayesian network to perform time-series probabilistic inference calculations to obtain the confidence level of electricity theft behavior.

[0045] A preset risk level is matched based on the confidence level of the electricity theft behavior, and a risk handling instruction is generated based on the risk level.

[0046] The control terminal performs corresponding operations according to the risk handling instructions.

[0047] A third aspect of this application provides an electronic device including a processor, a memory, a user interface, and a network interface, wherein the memory is used to store instructions, the user interface and the network interface are both used to communicate with other devices, and the processor is used to execute the instructions stored in the memory to cause the electronic device to perform the method as described in any of the foregoing.

[0048] A fourth aspect of this application provides a computer-readable storage medium storing instructions that, when executed, perform the method described in any of the preceding descriptions.

[0049] In summary, one or more technical solutions provided in the embodiments of this application have at least the following technical effects or advantages:

[0050] This application utilizes a multi-dimensional sensing system that integrates current, power, and temperature data. It combines a physical constraint benchmark constructed using node current balance equations with a dual verification mechanism of Bayesian network probabilistic inference, and introduces temperature field temperature rise rate analysis to form a triple cross-validation. This accurately captures the coupling characteristics of current anomalies, temperature rise distortions, and power abrupt changes, extending single power monitoring to multi-domain collaborative analysis of electricity, heat, and time frequency. This effectively solves the blind spots of traditional technologies in identifying complex electricity theft behaviors (such as intermittent short circuits and magnetic interference). At the same time, it suppresses false positives due to instantaneous interference based on a confidence dynamic optimization mechanism using exponentially decaying weight sequences, and achieves millisecond-level accurate response through risk grading strategies and standardized instruction encapsulation. This significantly improves the system's ability to detect covert electricity theft and its anti-interference performance, completely overcoming the problems of high false alarm rates and delayed response caused by a single detection dimension. Attached Figure Description

[0051] Figure 1 This is a schematic diagram of the system architecture of an embodiment of an intelligent anti-theft power distribution method or system applying this application;

[0052] Figure 2 This is a schematic diagram of a module of an intelligent anti-theft power distribution system disclosed in an embodiment of this application;

[0053] Figure 3 This is a flowchart illustrating an intelligent anti-theft power distribution method disclosed in an embodiment of this application;

[0054] Figure 4 This is a schematic diagram of the structure of an electronic device disclosed in an embodiment of this application.

[0055] Explanation of reference numerals in the attached figures: 100, System architecture; 101, First terminal device; 102, Second terminal device; 103, Third terminal device; 104, Network; 105, Server; 201, Data acquisition module; 202, Data processing module; 203, Confidence generation module; 204, Instruction generation module; 205, Execution module; 206, Temperature field monitoring module; 401, Processor; 402, Communication bus; 403, User interface; 404, Network interface; 405, Memory. Detailed Implementation

[0056] To enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments.

[0057] In the description of the embodiments of this application, the words "for example" or "for instance" are used to indicate examples, illustrations, or explanations. Any embodiment or design that is described as "for example" or "for instance" in the embodiments of this application should not be construed as being more preferred or advantageous than other embodiments or design options. Rather, the use of the words "for example" or "for instance" is intended to present the relevant concepts in a specific manner.

[0058] In the description of the embodiments of this application, the term "multiple" means two or more. For example, multiple systems means two or more systems, and multiple screen terminals means two or more screen terminals. Furthermore, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the indicated technical features. Thus, a feature defined with "first" or "second" may explicitly or implicitly include one or more of that feature. The terms "comprising," "including," "having," and variations thereof all mean "including but not limited to," unless otherwise specifically emphasized.

[0059] like Figure 1 As shown, system architecture 100 may include terminal devices 101, 102, and 103, a network 104, and a server 105. Network 104 serves as the medium for providing communication links between terminal devices 101, 102, and 103 and server 105. Network 104 may include various connection types, such as wired or wireless communication links, or fiber optic cables, etc.

[0060] Users can use terminal devices 101, 102, and 103 to interact with server 105 via network 104 to receive or send messages, etc. Various communication client applications can be installed on terminal devices 101, 102, and 103, such as model training applications, video recognition applications, web browser applications, social platform software, etc.

[0061] Terminal devices 101, 102, and 103 can be either hardware or software. When terminal devices 101, 102, and 103 are hardware, they can be various electronic devices with displays, including but not limited to smartphones, tablets, e-book readers, MP3 (Moving Picture Experts Group Audio Layer III) players, MP4 (Moving Picture Experts Group Audio Layer IV) players, laptops, and desktop computers, etc. When terminal devices 101, 102, and 103 are software, they can be installed in the aforementioned electronic devices. They can be implemented as multiple software programs or software modules (e.g., multiple software programs or software modules used to provide distributed services) or as a single software program or software module. No specific limitations are imposed here.

[0062] This embodiment also discloses an intelligent anti-theft power distribution system, which is installed inside a power distribution box. Figure 2 This is a schematic diagram of a module of an intelligent anti-theft power distribution system disclosed in an embodiment of this application, as shown below. Figure 2 As shown, the system includes a data acquisition module 201, a data processing module 202, a confidence generation module 203, an instruction generation module 204, and an execution module 205.

[0063] The data acquisition module 201 is used to acquire current data, power data and temperature data of the power distribution line.

[0064] Specifically, the data acquisition module 201 acquires current data in real time by deploying Rogowski coil sensors on the power distribution line, acquires power data periodically by using smart meters, and acquires temperature data by installing digital temperature sensors at preset locations inside and outside the power distribution box. All sensors transmit current data, power data, and temperature data to the edge gateway via an RS-485 bus to complete the raw data acquisition process.

[0065] The data processing module 202, connected to the data acquisition module 201, is used to perform spatiotemporal alignment processing on the current data and the temperature data to obtain a current-temperature data matrix, and to construct a node current balance equation based on the current-temperature data matrix and the electrical quantity data.

[0066] Specifically, the data processing module 202 includes a spatiotemporal calibration unit, which performs spatiotemporal alignment processing on current and temperature data to obtain a current-temperature data matrix. The spatiotemporal calibration unit performs spatiotemporal alignment processing on the current and temperature data acquired by the data acquisition module 201. Regarding time axis synchronization, high-precision timestamp calibration with an accuracy ≤1ms is used to map the raw data from the 5kHz sampling frequency current sensor and the 1kHz sampling frequency temperature sensor to a unified time axis. For example, linear interpolation is used to supplement missing time point data for temperature data, ensuring consistent time granularity for both, with one data point every 200μs. Regarding spatial coordinate mapping, based on the power distribution network topology, the physical installation location of each sensor is bound to a preset node number, establishing a three-dimensional index table of "time-space-physical quantity." For example, node number N12 corresponds to the monitoring data of phase A current sensor S1, temperature sensor T3, and smart meter M5. This processing generates a current-temperature data matrix; taking a 10-minute monitoring cycle as an example, the matrix size is 3×10⁻⁶. 5 Rows (time points) × 8 columns (4 current channels + 4 temperature channels).

[0067] Furthermore, the data processing module 202 includes a dual-domain feature unit connected to the spatiotemporal calibration unit. This dual-domain feature unit extracts time-domain fluctuation features and frequency-domain harmonic features from the current-temperature data matrix. The extraction of time-domain fluctuation features uses a sliding window (window size 1s, step size 0.5s) and includes the instantaneous current change rate (ΔI / Δt, unit: A / ms) and the temperature-current correlation coefficient (stable at 0 under normal load). The data includes 0.6±0.1) and cumulative power deviation (unit: kWh); frequency domain harmonic feature extraction performs Fast Fourier Transform (FFT) on the current data in each window to extract the 3rd and 5th harmonic distortion rates (THD3, THD5, ≤5% under normal operating conditions, THD3 will suddenly increase to more than 15% when the clamp meter shunts the current for theft) and the fundamental phase offset (unit: °, phase tampering theft will cause the offset to exceed ±10°), and finally generates a feature matrix with the dimension of [number of windows × (6 time domain features + 3 frequency domain features)].

[0068] Furthermore, the data processing module 202 also includes a physical constraint unit, which is connected to the dual-domain feature unit. This physical constraint unit is used to fuse the time-domain fluctuation characteristics, the frequency-domain harmonic characteristics, and the electrical data to obtain a corrected load current. Based on the corrected load current, the node current balance equation is constructed. The physical constraint unit fuses the aforementioned time-domain fluctuation characteristics, frequency-domain harmonic characteristics, and electrical data to obtain the corrected load current. Specifically, a weighted least squares algorithm is used, with the current mutation rate in the time-domain fluctuation characteristics and the harmonic distortion rate in the frequency-domain characteristics as weighting coefficients (abnormal feature weights are increased by 2 times), to correct the original load current. The correction formula is as follows: I_raw refers to the raw load current, which is the unprocessed load current data directly collected by the current sensor on the distribution line. I_corr refers to the corrected load current, where α and β are correction coefficients obtained through training with historical data (α=0.3, β=0.02). Then, based on the corrected load current, node current balance equations are constructed. Based on Kirchhoff's current law, equations are constructed for each node:

[0069]

[0070] in For the corrected load current flowing into the node, The corrected load current for the outflow node is defined as follows: i is the sequence number of the i-th current branch flowing into the node, n is the total number of branches flowing into the node (such as the total number of inflow paths including upstream lines and parallel lines), j is the sequence number of the j-th current branch flowing out of the node, m is the total number of branches flowing out of the node (such as the total number of outflow paths including downstream user lines and branch circuits), and ΔI_error is the current balance deviation (under normal operating conditions, |ΔI_error|≤0.5A; electricity theft will cause this value to increase significantly, such as when short-circuiting for electricity theft, it can reach more than 30% of the rated current).

[0071] The confidence generation module 203 is connected to the data processing module 202 and is used to construct a Bayesian network based on a preset historical electricity theft case library. The calculation results of the node current balance equation are input into the Bayesian network to perform time-series probabilistic inference calculation to obtain the confidence of electricity theft behavior.

[0072] Specifically, the confidence generation module 203 includes a network construction unit, which is used to construct the Bayesian network based on the current balance deviation, temperature-current coupling coefficient and power change flag data in the historical electricity theft case database. The network construction unit extracts key data from the preset historical electricity theft case database, including the current balance deviation of each case (such as ΔI_error calculated by the node current balance equation), temperature-current coupling coefficient (the ratio of temperature change to current change), and power change flag (such as marking 1 when the power drops by more than 10% within 5 minutes). Based on these data, the topology of the Bayesian network is constructed. Specifically, by analyzing the correlation between various data points and electricity theft in the case studies, the network nodes are identified as current balance deviation, temperature-current coupling coefficient, electricity surge flag, and electricity theft. Dependencies between nodes are established (e.g., abnormal current balance deviation directly affects the determination of electricity theft). At the same time, the frequency of each node combination in the case studies is statistically analyzed to generate a conditional probability table for the Bayesian network. For example, when the current balance deviation is >5A, the temperature-current coupling coefficient is <0.3℃ / A, and the electricity surge flag is =1, the conditional probability of "short-circuit electricity theft" is 0.92.

[0073] Furthermore, the confidence generation module 203 includes a confidence inference unit connected to the network construction unit. This unit inputs the output of the node current balance equation into the Bayesian network, performs temporal probability inference using the conditional probability table of the Bayesian network, and calculates the initial confidence level of the electricity theft behavior. The confidence inference unit receives the calculation results of the node current balance equation (mainly the current balance deviation ΔI_error) output by the data processing module 202, and simultaneously obtains the temperature-current coupling coefficient (calculated from the current-temperature data matrix) and the power fluctuation flag (determined in real-time based on power data) for the same period. These data are then input into the constructed Bayesian network. By calling the conditional probability table of the Bayesian network and employing a temporal probability inference method (such as variable elimination), combined with the input data from the current and previous times, the initial confidence level of the electricity theft behavior at each time step is calculated. For example, when ΔI_error = 6.8A, the temperature-current coupling coefficient = 0.27℃ / A, and the power fluctuation flag = 1 at a certain time step, the initial confidence level at that time step is inferred to be 0.88.

[0074] Furthermore, the confidence generation module 203 includes a confidence optimization unit, which is connected to the confidence inference unit. The confidence optimization unit is used to input the initial confidence of the electricity theft behavior into a preset sliding time window for weighted aggregation calculation to generate the confidence of the electricity theft behavior. The confidence optimization unit also includes a weight configuration subunit, which is used to generate an exponentially decaying weight sequence based on the duration distribution of historical electricity theft cases in the historical electricity theft case library. The weight configuration subunit of the confidence optimization unit performs statistical analysis on the cases in the historical electricity theft case library, analyzes the duration distribution of historical electricity theft behavior (e.g., most cases last 20-40 minutes), and generates an exponentially decaying weight sequence based on this distribution. Specifically, the weight of recent moments in the sequence is higher than that of earlier moments. The weight value decays exponentially with the increase of time interval. For example, if the decay coefficient is set to 0.9, and the sliding time window contains 30 time points (one point every 10 seconds), then the weight of the first point (the latest data) is 1, the weight of the second point is 0.9, the weight of the third point is 0.81, and so on, to ensure that the recent data has a greater impact on the final result.

[0075] Furthermore, the confidence generation subunit of the confidence optimization unit is connected to the weight configuration subunit. It is used to aggregate and calculate the initial confidence scores of the electricity theft behavior within the sliding time window based on the exponentially decaying weight sequence using a weighted average algorithm. The exponentially decaying weight sequence generated by the weight configuration subunit is applied to a preset sliding time window (e.g., a window size of 5 minutes containing 30 initial confidence scores of electricity theft behavior), and the initial confidence scores within the window are aggregated and calculated using a weighted average algorithm. During calculation, each initial confidence score is multiplied by its corresponding weight, summed, and then divided by the total weights to obtain the final confidence score of the electricity theft behavior. For example, if the weighted sum of the 30 initial confidence scores within the window is 25.3 and the total weight sum is 15.2, then the final confidence score of the electricity theft behavior is 25.3 ÷ 15.2 ≈ 1.66 (normalized to the 0-1 range, which is 0.89), thereby filtering out outliers caused by transient interference and improving the stability of the confidence score.

[0076] Optionally, the system further includes a temperature field monitoring module 206, which is connected to the confidence generation module 203.

[0077] Specifically, the temperature field monitoring module 206 includes a sensor array unit for collecting spatial temperature data through multiple temperature sensors distributed inside and outside the distribution box. Inside the distribution box, nine digital temperature sensors (model DS18B20, measurement range -55℃ to 125℃, accuracy ±0.5℃) are installed in a 3×3 matrix layout, deployed in key areas such as the incoming terminal, outgoing terminal, and the middle of the box. Outside the distribution box, four infrared temperature sensors (sampling frequency 1Hz) are arranged at 0.5-meter intervals along the wiring route, covering the box surface and a 0.5-meter radius around it. All sensors are connected to the edge computing gateway via an RS-485 bus, collecting spatial temperature data every 100ms. The data format includes the sensor ID, collection timestamp, and temperature value (retaining two decimal places), ensuring coverage of key heat points of the power distribution equipment and the surrounding environmental temperature field.

[0078] Furthermore, the temperature field monitoring module 206 includes a temperature field reconstruction unit, which is connected to the sensor array unit. This unit is used to construct a three-dimensional temperature field distribution model based on the spatial temperature data. After receiving the spatial temperature data transmitted by the sensor array unit, the temperature field reconstruction unit first preprocesses outliers (e.g., removing invalid data exceeding the range of -40℃ to 150℃, and using linear interpolation to fill missing values ​​caused by temporary communication interruptions). Then, using the Kriging interpolation algorithm, the three-dimensional space is divided into 1cm×1cm×1cm grid cells. Based on the spatial coordinates of each sensor (preset in the system's three-dimensional coordinate system, with the origin at the lower left corner of the distribution box) and the corresponding temperature value, the estimated temperature of each grid point is calculated, generating a three-dimensional temperature field distribution model containing 100×80×50 grid points (X-axis is the box width, Y-axis is the depth, and Z-axis is the height). The model maintains a real-time performance of 1 second / frame, and the temperature field distribution heatmap can be dynamically displayed through a visual interface.

[0079] Furthermore, the temperature field monitoring module 206 includes a temperature rise analysis unit connected to the temperature field reconstruction unit. This unit calculates the temperature rise rate of the target area using the three-dimensional temperature field distribution model. When the temperature rise rate exceeds a preset threshold, an auxiliary electricity theft alarm signal is generated. The temperature rise analysis unit pre-sets the target area as the incoming terminal group (three-dimensional coordinate range X: 10-20cm, Y: 5-15cm, Z: 5-10cm) and outgoing cable joints (X: 30-40cm, Y: 5-15cm, Z: 5-10cm) within the distribution box. Temperature data for all grid points within this area are extracted using the three-dimensional temperature field distribution model. The average temperature rise rate of this area is calculated using a sliding time window (window size 5 seconds, step size 1 second): ΔT / Δt (unit: ℃ / min), where ΔT is the difference between the maximum and minimum temperature values ​​within the window, and Δt is the window duration. The preset threshold is determined based on historical electricity theft cases (e.g., the temperature rise rate usually exceeds 8℃ / min during short-circuit electricity theft). When the calculated value exceeds the threshold for three consecutive windows, an auxiliary electricity theft alarm signal is generated, which includes the target area coordinates, the current temperature rise rate, and the duration.

[0080] Furthermore, the temperature field monitoring module 206 also includes a confidence correction unit, which is connected to the temperature rise analysis unit. This unit adjusts the confidence level of the electricity theft behavior based on the auxiliary electricity theft alarm signal. Upon receiving the auxiliary electricity theft alarm signal, the confidence correction unit analyzes the temperature rise rate value in the signal and adjusts the confidence level of the electricity theft behavior according to a preset correction rule. For example, when the temperature rise rate is 10℃ / min (exceeding the threshold of 8℃ / min), the correction coefficient is set to 1.2; if the temperature rise rate is 15℃ / min, the correction coefficient is increased to 1.5. The correction method involves multiplying the current confidence level of the electricity theft behavior by the correction coefficient (with an upper limit of 1.0). For example, if the original confidence level is 0.7, the corrected level is 0.7 × 1.2 = 0.84. Simultaneously, if no alarm signal is received for 5 consecutive minutes, the correction coefficient is automatically reduced back to 1.0 to ensure the timeliness and rationality of the confidence level adjustment, forming a cross-validation mechanism between temperature field data and current and power consumption data.

[0081] The instruction generation module 204 is connected to the confidence generation module 203 and is used to match a preset risk level according to the confidence level of the electricity theft behavior, and generate a risk handling instruction according to the risk level.

[0082] Specifically, the instruction generation module 204 includes a threshold matching unit. The threshold matching unit is used to match the confidence level of the electricity theft behavior with a preset risk level to obtain the corresponding risk level. The threshold matching unit pre-stores the preset risk level classification standard, where low risk level corresponds to a confidence level of 0-0.3 for electricity theft behavior, medium risk level corresponds to 0.3-0.7, and high risk level corresponds to 0.7-1.0. When the confidence level of the electricity theft behavior output by the confidence level generation module is received, the corresponding risk level is determined by numerical comparison. For example, if the current confidence level is 0.65, the matching result is medium risk; if the confidence level is 0.82, the matching result is high risk.

[0083] Furthermore, the instruction generation module 204 also includes an instruction decision unit, which is connected to the threshold matching unit. The instruction decision unit is used to generate risk handling instructions by calling a preset operation protocol library according to the risk level. The preset operation protocol library is stored internally. The protocol library contains standard operation procedures corresponding to each risk level. Among them, the low risk level corresponds to the "remote early warning instruction" (triggering a pop-up prompt in the power monitoring center system and recording logs), the medium risk level corresponds to the "on-site verification instruction" (sending a verification task containing the location of the target line to the area inspection terminal), and the high risk level corresponds to the "emergency power outage instruction" (cutting off the power supply to the target line and locking the distribution switch). When the risk level is obtained, the corresponding operation procedure in the protocol library is called to generate the initial risk handling instruction.

[0084] Furthermore, the instruction generation module 204 also includes an instruction encoding unit, which is connected to the instruction decision unit and is used to encapsulate the risk handling instruction into a communication protocol message for output. The instruction encoding unit receives the initial risk handling instruction generated by the instruction decision unit, encapsulates it according to the DL / T645 communication protocol commonly used in power distribution systems, and converts the instruction content into a protocol message containing a device address code (6 bytes, identifying the power distribution equipment corresponding to the target line), an operation type code (1 byte, such as 0x03 representing a warning and 0x05 representing a power outage), and timing parameters (2 bytes, such as the power outage execution delay time). A CRC check bit is added to ensure the integrity of data transmission, and finally the encapsulated message is output to the execution module through the communication interface.

[0085] The execution module 205, connected to the instruction generation module 204, is used to determine the target line and perform the target operation according to the risk handling instruction.

[0086] Specifically, the execution module 205 includes an instruction parsing unit. The instruction parsing unit is used to parse the device address code, operation type code, and timing parameters in the communication protocol message and generate a cooperative control signal. After receiving the communication protocol message output by the instruction generation module 204, the instruction parsing unit decomposes the message using a preset DL / T645 protocol parsing algorithm. First, it extracts the 6-byte device address code (e.g., address code 0x0012A3 corresponds to the B-phase outgoing line in the power distribution network) to determine the physical location of the target line. Then, it parses the 1-byte operation type code (0x01 represents remote alarm, 0x02 represents on-site audible and visual alarm, and 0x03 represents emergency power outage) to clarify the operation type. Finally, it extracts the 2-byte timing parameters (e.g., 0x0003 indicates a 3-second delay before execution) and converts this information into a cooperative control signal containing the target line ID, operation instruction code, and execution timestamp (the signal format is a binary data stream, and CRC16 verification is used to ensure integrity).

[0087] Furthermore, the execution module 205 also includes an operation execution unit connected to the instruction parsing unit. This unit is used to determine the target line based on the cooperative control signal and the device address code, and to execute the target operation according to the cooperative control signal. After receiving the cooperative control signal, it uses an internal line mapping table (which stores the correspondence between device address codes and actual lines) to quickly locate the target line based on the device address code (e.g., address code 0x0012A3 corresponds to line number 5 of phase B). Then, it executes the target operation based on the operation type code and timing parameters in the cooperative control signal: if it is a remote... If a line alarm (0x01) is triggered, a data packet containing the line ID and alarm level is sent to the power monitoring platform. If it is a field audible and visual alarm (0x02), the audible and visual alarm of the distribution box corresponding to the target line is activated, emitting an audible and visual prompt at a frequency of 1Hz for 5 minutes. If it is an emergency power outage (0x03), the intelligent circuit breaker of the target line is triggered to trip after a delay time (e.g., 3 seconds), and a locking command is sent to the circuit breaker (locking time is 30 minutes, during which manual closing is prohibited). At the same time, the operation log (including execution time and line status changes) is recorded and fed back to the instruction generation module 204.

[0088] This embodiment discloses an intelligent anti-theft power distribution method. Figure 3 This is a flowchart illustrating an intelligent anti-theft power distribution method disclosed in an embodiment of this application, as shown below. Figure 3 As shown, the method includes the following steps:

[0089] S301. Obtain current data, power data, and temperature data of the power distribution line.

[0090] S302. Perform spatiotemporal alignment processing on the current data and the temperature data to obtain a current-temperature data matrix, and construct a node current balance equation based on the current-temperature data matrix and the electrical quantity data.

[0091] S303. Construct a Bayesian network based on a preset historical electricity theft case library, and input the calculation results of the node current balance equation into the Bayesian network to perform time-series probabilistic inference calculation to obtain the confidence level of electricity theft behavior.

[0092] S304. Match a preset risk level to the confidence level of the electricity theft behavior, and generate a risk handling instruction based on the risk level.

[0093] S305. Determine the target route and execute the target operation according to the risk handling instruction.

[0094] Optionally, the current data and the temperature data are spatiotemporally aligned to obtain a current-temperature data matrix. The node current balance equation is constructed based on the current-temperature data matrix and the electrical quantity data, including:

[0095] The current data and the temperature data are spatiotemporally aligned to obtain a current-temperature data matrix.

[0096] Extract time-domain fluctuation features and frequency-domain harmonic features from the current-temperature data matrix;

[0097] The time-domain fluctuation characteristics, the frequency-domain harmonic characteristics, and the power data are fused to obtain the corrected load current, and the node current balance equation is constructed based on the corrected load current.

[0098] Optionally, the calculation results of the node current balance equation are input into the Bayesian network for time-series probabilistic inference to obtain the confidence level of the electricity theft behavior, including:

[0099] The Bayesian network is constructed based on the current balance deviation, temperature-current coupling coefficient, and power change flag data in the historical electricity theft case database.

[0100] The output of the node current balance equation is input into the Bayesian network, and temporal probability inference is performed through the conditional probability table of the Bayesian network to calculate the initial confidence level of the electricity theft behavior.

[0101] The initial confidence level of the electricity theft behavior is input into a preset sliding time window for weighted aggregation calculation to generate the confidence level of the electricity theft behavior.

[0102] Optionally, the initial confidence level of the electricity theft behavior is input into a preset sliding time window for weighted aggregation calculation to generate the confidence level of the electricity theft behavior, including:

[0103] An exponentially decaying weighted sequence is generated based on the duration distribution of historical electricity theft cases in the historical electricity theft case database;

[0104] Based on the exponentially decaying weight sequence, the confidence level of the initial electricity theft behavior within the sliding time window is aggregated and calculated using a weighted average algorithm to obtain the confidence level of the electricity theft behavior.

[0105] Optionally, the method further includes:

[0106] Space temperature data is collected by multiple temperature sensors distributed inside and outside the distribution box;

[0107] A three-dimensional temperature field distribution model is constructed based on the spatial temperature data;

[0108] The temperature rise rate of the target area is calculated using the three-dimensional temperature field distribution model. When the temperature rise rate exceeds a preset threshold, an auxiliary electricity theft alarm signal is generated.

[0109] The confidence level of the electricity theft behavior is adjusted based on the auxiliary electricity theft alarm signal.

[0110] Optionally, a preset risk level is matched based on the confidence level of the electricity theft behavior, and a risk handling instruction is generated based on the risk level, including:

[0111] The confidence level of the electricity theft behavior is matched with a preset risk level to obtain the corresponding risk level;

[0112] Based on the risk level, a preset operation protocol library is invoked to generate a risk handling instruction;

[0113] The risk handling instructions are encapsulated into communication protocol messages and output.

[0114] Optionally, determining the target line to perform the target operation according to the risk handling instruction includes:

[0115] The device address code, operation type code, and timing parameters in the communication protocol message are parsed to generate a cooperative control signal;

[0116] Based on the cooperative control signal, the target line is determined according to the device address code, and the target operation is executed according to the cooperative control signal.

[0117] It should be noted that the above embodiments of the apparatus are only illustrated by the division of the above functional modules. In practical applications, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the device can be divided into different functional modules to complete all or part of the functions described above. In addition, the apparatus and method embodiments provided in the above embodiments belong to the same concept, and the specific implementation process can be found in the method embodiments, which will not be repeated here.

[0118] This embodiment also discloses an electronic device, as shown in the reference. Figure 4 The electronic device may include: at least one processor 401, at least one communication bus 402, user interface 403, network interface 404, and at least one memory 405.

[0119] The communication bus 402 is used to enable communication between these components.

[0120] The user interface 403 may include a display screen and a camera. Optionally, the user interface 403 may also include a standard wired interface and a wireless interface.

[0121] The network interface 404 may optionally include a standard wired interface or a wireless interface (such as a Wi-Fi interface).

[0122] The processor 401 may include one or more processing cores. The processor 401 connects to various parts of the server using various interfaces and lines, and performs various server functions and processes data by running or executing instructions, programs, code sets, or instruction sets stored in memory 405, and by calling data stored in memory 405. Optionally, the processor 401 may be implemented using at least one hardware form of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), or Programmable Logic Array (PLA). The processor 401 may integrate one or a combination of several of the following: Central Processing Unit (CPU), Graphics Processing Unit (GPU), and modem. The CPU primarily handles the operating system, user interface, and applications; the GPU is responsible for rendering and drawing the content required for display; and the modem handles wireless communication. It is understood that the modem may also be implemented as a separate chip without being integrated into the processor 401.

[0123] The memory 405 may include random access memory (RAM) or read-only memory. Optionally, the memory 405 may include a non-transitory computer-readable storage medium. The memory 405 may be used to store instructions, programs, code, code sets, or instruction sets. The memory 405 may include a program storage area and a data storage area, wherein the program storage area may store instructions for implementing an operating system, instructions for at least one function (such as touch function, sound playback function, image playback function, etc.), instructions for implementing the above-described method embodiments, etc.; the data storage area may store data involved in the above-described method embodiments, etc. Optionally, the memory 405 may also be at least one storage device located remotely from the aforementioned processor 401. Figure 4 As shown, the memory 405, which serves as a computer storage medium, may include an operating system, a network communication module, a user interface module, and an application program for an intelligent anti-theft power distribution method.

[0124] exist Figure 4 In the electronic device shown, the user interface 403 is mainly used to provide an input interface for the user and to obtain the user input data; while the processor 401 can be used to call the application program of an intelligent anti-theft power distribution method stored in the memory 405. When executed by one or more processors 401, the electronic device executes one or more methods as described in the above embodiments.

[0125] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are preferred embodiments, and the actions and modules involved are not necessarily essential to this application.

[0126] In the several embodiments provided in this application, it should be understood that the disclosed apparatus can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the shown or discussed mutual couplings or direct couplings or communication connections may be through some service interfaces; indirect couplings or communication connections between apparatuses or units may be electrical or other forms.

[0127] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0128] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage device (CMD). Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a memory 405 and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods in the various embodiments of this application. The aforementioned memory 405 includes various media capable of storing program code, such as a USB flash drive, portable hard drive, magnetic disk, or optical disk.

[0129] The foregoing description is merely an exemplary embodiment of this disclosure and should not be construed as limiting the scope of this disclosure. Any equivalent changes and modifications made in accordance with the teachings of this disclosure shall still fall within the scope of this disclosure. Other embodiments of this disclosure will be readily apparent to those skilled in the art upon consideration of the disclosure in this specification. This application is intended to cover any variations, uses, or adaptations of this disclosure that follow the general principles of this disclosure and include common knowledge or customary techniques in the art not described in this disclosure. The specification and embodiments are to be considered exemplary only, and the scope and spirit of this disclosure are defined by the claims.

Claims

1. An intelligent anti-theft power distribution system, characterized in that, The system includes a data acquisition module, a data processing module, a confidence generation module, an instruction generation module, and an execution module. The data acquisition module is used to acquire current data, power data, and temperature data of the power distribution lines. The data processing module, connected to the data acquisition module, is used to perform spatiotemporal alignment processing on the current data and the temperature data to obtain a current-temperature data matrix, and to construct a node current balance equation based on the current-temperature data matrix and the electrical quantity data. The confidence generation module is connected to the data processing module and is used to construct a Bayesian network based on a preset historical electricity theft case library. The calculation results of the node current balance equation are input into the Bayesian network to perform time-series probabilistic inference calculation to obtain the confidence of electricity theft behavior. The instruction generation module, connected to the confidence generation module, is used to match a preset risk level based on the confidence level of the electricity theft behavior, and generate a risk handling instruction based on the risk level. An execution module, connected to the instruction generation module, is used to determine the target route and perform the target operation according to the risk handling instruction; The data processing module includes: A spatiotemporal calibration unit is used to perform spatiotemporal alignment processing on the current data and the temperature data to obtain a current-temperature data matrix. A dual-domain feature unit, connected to the spatiotemporal calibration unit, is used to extract time-domain fluctuation features and frequency-domain harmonic features from the current-temperature data matrix. A physical constraint unit, connected to the dual-domain feature unit, is used to fuse the time-domain fluctuation feature, the frequency-domain harmonic feature, and the power data to obtain a corrected load current, and to construct the node current balance equation based on the corrected load current. The confidence generation module includes: The network construction unit is used to construct the Bayesian network based on the current balance deviation, temperature-current coupling coefficient, and power change flag data in the historical electricity theft case database. The confidence inference unit, connected to the network construction unit, is used to input the output of the node current balance equation into the Bayesian network, perform temporal probability inference through the conditional probability table of the Bayesian network, and calculate the initial confidence level of the electricity theft behavior. A confidence optimization unit, connected to the confidence inference unit, is used to input the initial confidence of the electricity theft behavior into a preset sliding time window for weighted aggregation calculation to generate the confidence of the electricity theft behavior; The confidence optimization unit includes: The weight configuration subunit is used to generate an exponentially decaying weight sequence based on the duration distribution of historical electricity theft cases in the historical electricity theft case database; A confidence generation subunit, connected to the weight configuration subunit, is used to aggregate and calculate the confidence of the initial electricity theft behavior within the sliding time window based on the exponentially decaying weight sequence and a weighted average algorithm, so as to obtain the confidence of the electricity theft behavior.

2. The system according to claim 1, characterized in that, The system further includes a temperature field monitoring module, which is connected to the confidence generation module. The temperature field monitoring module includes: A sensor array unit is used to collect spatial temperature data through multiple temperature sensors distributed inside and outside the distribution box; A temperature field reconstruction unit, connected to the sensor array unit, is used to construct a three-dimensional temperature field distribution model based on the spatial temperature data. The temperature rise analysis unit, connected to the temperature field reconstruction unit, is used to calculate the temperature rise rate of the target area through the three-dimensional temperature field distribution model, and generate an auxiliary electricity theft alarm signal when the temperature rise rate exceeds a preset threshold. A confidence correction unit, connected to the temperature rise analysis unit, is used to adjust the confidence level of the electricity theft behavior based on the auxiliary electricity theft alarm signal.

3. The system according to claim 1, characterized in that, The instruction generation module includes: A threshold matching unit is used to match the confidence level of the electricity theft behavior with a preset risk level to obtain the corresponding risk level; The instruction decision unit, connected to the threshold matching unit, is used to generate risk disposal instructions by calling a preset operation protocol library according to the risk level. The instruction encoding unit, connected to the instruction decision unit, is used to encapsulate the risk handling instruction into a communication protocol message for output.

4. The system according to claim 3, characterized in that, The execution module includes: The instruction parsing unit is used to parse the device address code, operation type code, and timing parameters in the communication protocol message and generate a cooperative control signal. An operation execution unit, connected to the instruction parsing unit, is used to determine the target line based on the cooperative control signal and the device address code, and to execute the target operation based on the cooperative control signal.

5. A smart anti-theft power distribution method, characterized in that, Applied to a server, the method includes: Acquire current, power, and temperature data for power distribution lines; The current data and the temperature data are spatiotemporally aligned to obtain a current-temperature data matrix. The node current balance equation is constructed based on the current-temperature data matrix and the electrical quantity data. A Bayesian network is constructed based on a pre-set historical electricity theft case database. The calculation results of the node current balance equation are input into the Bayesian network to perform time-series probabilistic inference calculations to obtain the confidence level of electricity theft behavior. A preset risk level is matched based on the confidence level of the electricity theft behavior, and a risk handling instruction is generated based on the risk level. Based on the risk management instructions, determine the target route and execute the target operation; The current data and the temperature data are spatiotemporally aligned to obtain a current-temperature data matrix. Extract time-domain fluctuation features and frequency-domain harmonic features from the current-temperature data matrix; The time-domain fluctuation characteristics, the frequency-domain harmonic characteristics, and the power data are fused to obtain the corrected load current, and the node current balance equation is constructed based on the corrected load current. The Bayesian network is constructed based on the current balance deviation, temperature-current coupling coefficient, and power change flag data in the historical electricity theft case database. The output of the node current balance equation is input into the Bayesian network, and temporal probability inference is performed through the conditional probability table of the Bayesian network to calculate the initial confidence level of the electricity theft behavior. The initial confidence level of the electricity theft behavior is input into a preset sliding time window for weighted aggregation calculation to generate the confidence level of the electricity theft behavior; An exponentially decaying weighted sequence is generated based on the duration distribution of historical electricity theft cases in the historical electricity theft case database; Based on the exponentially decaying weight sequence, the confidence level of the initial electricity theft behavior within the sliding time window is aggregated and calculated using a weighted average algorithm to obtain the confidence level of the electricity theft behavior.

6. An electronic device, characterized in that, The device includes a processor, a memory, a user interface, and a network interface. The memory is used to store instructions. The user interface and the network interface are both used to communicate with other devices. The processor is used to execute the instructions stored in the memory to cause the electronic device to perform the method as described in claim 5.

7. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores instructions that, when executed, perform the method as described in claim 5.