System distributed estimation method, device and equipment for false data attacks, and medium
By constructing a dynamic estimation model and prior constraints, and combining innovation and constraint errors to build an attack detection model, the affected sensor information is identified and discarded, thus achieving high-precision distributed state estimation under false data attacks and solving the problem of decreased estimation accuracy in existing technologies.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- TIANJIN POLYTECHNIC UNIV
- Filing Date
- 2026-04-13
- Publication Date
- 2026-07-07
AI Technical Summary
Under attacks using fake data, the accuracy of distributed state estimation in existing technologies decreases, leading to system crashes and an inability to effectively utilize prior constraint information.
The system constructs a dynamic estimation model and prior constraints, calculates predicted estimates based on the fused constraint dynamic model, obtains measurement values, constructs a measurement model, calculates innovations and constraint errors, constructs an attack detection model by combining innovations and constraint errors, determines whether there are false data injection attacks in the communication link, discards affected sensor information, and performs fused estimation based on trusted neighbor information.
By fusing prior constraint information, attack chains are identified and located, ensuring that the state estimation results meet the constraints, thus improving the accuracy of distributed state estimation under fake data injection attacks.
Smart Images

Figure CN122053255B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of distributed estimation technology, and in particular to a system distributed estimation method, apparatus, device, and medium for combating fake data attacks. Background Technology
[0002] In critical sectors such as energy, transportation, and intelligent manufacturing, the state of dynamic systems must satisfy specific constraints due to physical, mathematical, and task limitations. Incorporating these constraints as prior information into state estimation is key to improving estimation accuracy. Meanwhile, to enhance the real-time performance and system robustness of estimations, distributed state estimation architectures have become the mainstream approach, overcoming the communication bottlenecks and single-point-of-failure risks associated with centralized processing.
[0003] With the widespread adoption of the Industrial Internet of Things (IIoT), distributed estimation systems, due to their networked nature, are exposed to severe cybersecurity threats. Among these threats, spoofed data injection attacks are particularly prominent. Attackers can tamper with data transmitted between nodes or inject false signals, causing estimation results to deviate significantly from the true state, thereby leading to control decision failures or even system crashes.
[0004] However, in existing technologies, when a system is attacked by fake data injection, the accuracy of its distributed state estimation will be severely reduced, leading to serious consequences such as system crashes. Summary of the Invention
[0005] This invention provides a distributed estimation method, apparatus, device, and medium for systems subjected to false data attacks, in order to solve the technical problem that the prior art cannot effectively utilize prior constraint information, resulting in decreased estimation accuracy or even system collapse when subjected to false data attacks.
[0006] In a first aspect, embodiments of the present invention provide a system-distributed estimation method for fake data attacks, comprising:
[0007] Construct a dynamic estimation model and prior constraints for the system, and construct a fusion-constrained dynamic model based on the dynamic estimation model and prior constraints of the system.
[0008] Based on the fusion constrained dynamic model, the predicted estimates of each sensor are calculated;
[0009] Acquire the measurement values of each sensor and construct a measurement model;
[0010] Based on the predicted estimates, measurement models, and measured values, the innovation of each sensor is calculated. Based on the predicted estimates and prior constraints, the constraint error is calculated. The constraint error is a zero vector in the absence of spoofing attacks.
[0011] By combining the aforementioned new information and constraint error, a fake data injection attack detection model is constructed;
[0012] Based on the attack detection model, determine whether there is a false data injection attack in the communication links between sensors, and locate the affected sensors;
[0013] Discarding the transmission information of the affected sensors, the system distributed estimation result that satisfies the prior constraints is obtained based on the predicted estimates, measured values, and information from trusted neighbor sensors.
[0014] Secondly, embodiments of the present invention also provide a system distributed estimation apparatus for fake data attacks, comprising:
[0015] The fusion constraint dynamic model construction module is used to construct the dynamic estimation model and prior constraints of the system, and to construct the fusion constraint dynamic model based on the dynamic estimation model and prior constraints of the system.
[0016] The prediction estimation calculation module is used to calculate the prediction estimates of each sensor based on the fusion constraint dynamic model.
[0017] The measurement model building module is used to acquire the measurement values of each sensor and build the measurement model.
[0018] The constraint error calculation module is used to calculate the information of each sensor based on the predicted estimate, measurement model and measured value, and to calculate the constraint error based on the predicted estimate and prior constraint conditions.
[0019] An injection attack model construction module is used to combine the aforementioned innovation and constraint error to construct a fake data injection attack detection model;
[0020] The judgment module is used to determine whether there is a false data injection attack in the communication link between the sensors based on the attack detection model, and to locate the affected sensors.
[0021] The discard module is used to discard the transmitted information of the affected sensors and obtain a distributed estimation result that satisfies the prior constraints based on the predicted estimates, measured values and information from trusted neighbor sensors.
[0022] Thirdly, embodiments of the present invention also provide a server, comprising:
[0023] One or more processors;
[0024] Storage device for storing one or more programs;
[0025] When the one or more programs are executed by the one or more processors, the one or more processors implement the system distributed estimation method for fake data attacks as provided in the above embodiments.
[0026] Fourthly, embodiments of the present invention also provide a medium containing computer-executable instructions, which, when executed by a computer processor, are used to perform a system-distributed estimation method for fake data attacks as provided in the above embodiments.
[0027] The present invention provides a distributed estimation method, apparatus, device, and medium for systems subjected to false data injection attacks. The method constructs a dynamic estimation model and prior constraints for the system; based on the dynamic estimation model and prior constraints, a fusion-constrained dynamic model is constructed; based on the fusion-constrained dynamic model, predicted estimates for each sensor are calculated; measured values for each sensor are acquired, and a measurement model is constructed; based on the predicted estimates, measurement model, and measured values, innovations for each sensor are calculated; based on the predicted estimates and prior constraints, constraint errors are calculated, where the constraint error is a zero vector in the absence of false data injection attacks; combining the innovations and constraint errors, a false data injection attack detection model is constructed; based on the attack detection model, it is determined whether a false data injection attack exists in the communication links between sensors, and the affected sensors are located; the transmission information of the affected sensors is discarded; and based on the predicted estimates, measured values, and information from trusted neighbor sensors, a distributed estimation result satisfying the prior constraints is obtained. By incorporating prior constraint information into the fake data injection attack detection mechanism, the attack chain can be identified and located. Then, based on trusted neighbor information, fusion estimation is performed to ensure that the state estimation results meet the prior constraints while eliminating attack interference, thereby significantly improving the accuracy of distributed state estimation under fake data injection attacks. Attached Figure Description
[0028] The accompanying drawings, which form part of this invention, are used to provide a further understanding of the invention. The illustrative embodiments of the invention and their descriptions are used to explain the invention and do not constitute an improper limitation of the invention.
[0029] Figure 1 This is a flowchart of the system-distributed estimation method for fake data attacks provided in Embodiment 1 of the present invention;
[0030] Figure 2 This is a comparison chart of the location mean square error of the system distributed estimation method for fake data attacks provided in Embodiment 1 of the present invention;
[0031] Figure 3 This is a speed mean square error comparison chart of the system distributed estimation method for fake data attacks provided in Embodiment 1 of the present invention;
[0032] Figure 4 This is a schematic diagram of the system distributed estimation device for fake data attacks provided in Embodiment 2 of the present invention;
[0033] Figure 5This is a schematic diagram of the server structure provided in Embodiment 3 of the present invention. Detailed Implementation
[0034] The present invention will now be described in further detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and not intended to limit it. Furthermore, it should be noted that, for ease of description, the accompanying drawings show only the parts relevant to the present invention, and not all of the structures.
[0035] Example 1
[0036] Figure 1 This is a flowchart of a system distributed estimation method for fake data attacks provided in Embodiment 1 of the present invention. This embodiment is applicable to system distributed estimation scenarios with the risk of fake data injection attacks, and specifically includes the following steps:
[0037] Step 110: Construct the dynamic estimation model and prior constraints of the system, and construct a fusion-constrained dynamic model based on the dynamic estimation model and prior constraints of the system.
[0038] Dynamic estimation models are mathematical descriptions based on the evolution of a system's state over time, used to characterize the dynamic changes in the system's state along the time dimension. These models are typically presented as state-space equations, using a state transition matrix to describe the evolution of the system state from the current moment to the next, and incorporating process noise to characterize the random disturbances and uncertainties present in the actual system. The core function of dynamic estimation models is to predict the future development trend of the system's state using the system's physical laws or motion characteristics, providing prior information for subsequent state estimation. In practical applications, dynamic estimation models can adopt different mathematical forms, such as linear models, nonlinear models, or time-varying models, depending on the specific characteristics of the system, to meet the modeling needs of different scenarios.
[0039] Prior constraints are inherent limitations that a system's state must satisfy in terms of physical properties, mathematical characteristics, or task requirements. These constraints exist independently of specific measurement data and reflect the inherent laws of the system itself or the objective requirements of the application scenario. Prior constraints are usually expressed in mathematical forms such as equations or inequalities, including linear equality constraints, linear inequality constraints, or nonlinear constraints. In state estimation problems, prior constraints provide additional prior knowledge beyond measurement information, effectively narrowing the feasible region of state estimation and eliminating estimation results that do not conform to physical laws or task requirements.
[0040] For example, the dynamic estimation model of the system is used to characterize the evolution of the system state over time, and can be described by the following discrete-time state-space equation:
[0041] ,
[0042] in, It is the time step. for The system state at any given moment. It is a known process matrix. For process noise, for The system state at any given moment. Describes the system state from Time's up The dynamic evolutionary relationship at any given moment. Typically, a sequence of white noise with zero mean is assumed to have a covariance matrix of... It is used to characterize uncertainties and external disturbances in the model.
[0043] Prior constraints refer to the inherent limitations that a system's state must satisfy in terms of physical properties, mathematical properties, or task requirements. These constraints exist independently of measurement information and reflect the system's inherent objective laws. Prior constraints satisfy the following linear equality constraints:
[0044] ,
[0045] in, This is a constraint matrix used to describe... The linear constraints that must be satisfied, Let be the constraint vector, representing the known constant terms corresponding to the linear constraint relationship. and Together, they constitute the linear equality constraints on the system state. for The system state at time t is a constraint that can be derived from various prior knowledge such as physical conservation laws, geometric relationships, or task requirements. This constraint is used to limit the feasible range of the system state and ensure that the estimation results conform to objective laws.
[0046] A fusion-constrained dynamic model is constructed based on the system's dynamic estimation model and prior constraints. The core idea is to directly embed the prior constraints into the time evolution of the system state, thereby ensuring that the system state obtained from the model satisfies the constraints. The mathematical expression of this fusion-constrained dynamic model is as follows:
[0047] ,
[0048] in, The constraint projection matrix is used to project any state vector onto a plane that satisfies the constraints. In the radiative subspace, ensure that the state does not deviate from the constraints during dynamic propagation. For the constraint compensation term coefficient, and Combination This term is used to compensate for the offset introduced by the projection operation, so that the model can accurately satisfy the right-hand side of the equality constraints. It is a known process matrix. for The system state at any given moment. For process noise, For the constraint matrix, For constraint vectors, yes transpose, for The covariance matrix of the time-series noise is used to characterize random perturbations in the model. The identity matrix is used. The fusion constraint dynamic model organically combines the original dynamic model with prior constraints through projection transformation, so that the state prediction process itself is the process of constraint satisfaction.
[0049] Step 120: Calculate the predicted estimates for each sensor based on the fusion constrained dynamic model.
[0050] A distributed network topology refers to a network architecture formed by multiple sensors interconnected through communication links, used to describe the information interaction relationships between nodes. In this topology, each sensor represents an independent estimation unit, and the directed or undirected edges between nodes represent the direction of communication link establishment, i.e., the allowed path for information transmission. For example, the topology can be represented by a graph. Definition, where For a set of nodes, Let it be the set of edges. If the edges Information can be represented from nodes Flow to Node Then it is called a node. For nodes The incoming neighbors, all those that can send to the node The nodes that send information constitute their in-neighbor set. .
[0051] Predictive estimates refer to the advance calculations of a system's future state based on existing historical information and mathematical models describing the system's evolution. In state estimation problems, predictive estimates utilize the continuity or correlation of system state changes over time, recursively extrapolating past state information through known dynamic relationships to obtain a priori estimates of the future state. Predictive estimates are typically generated before actual measurement data is obtained, providing an initial basis for subsequent data fusion and state updates. For example, calculating the predictive estimates for each sensor means that each sensor uses the constructed fusion-constrained dynamic model to advance the system state at the current moment based on the estimation results from the previous moment, obtaining corresponding uncertainty metrics. Optionally, sensor i in... The predicted estimate for time is:
[0052] ,
[0053] in, The predicted estimate for sensor i. For sensor i at time... The distributed estimation results for the system differ from the predicted estimates. The distributed estimation results utilize the system's evolutionary patterns and further refine the predictions using measurement data. Therefore, the distributed estimation results have higher accuracy than the predicted estimates, representing the sensor's optimal understanding of the system state. Meanwhile, the covariance matrix of the predicted estimates is:
[0054] ,
[0055] in, Let be the covariance of the predicted estimate of sensor i. For process matrix, For sensor i at time... The covariance matrix of the distributed estimation results, for The transpose of the covariance matrix quantifies the uncertainty of the prediction. It should be noted that, due to... and The calculated predicted values satisfy the prior constraints. This characteristic allows each sensor to have a predictive result that conforms to physical laws or task requirements even before it has obtained the measurement data at the current moment.
[0056] Step 130: Obtain the measurement values of each sensor and construct the measurement model.
[0057] A measurement model is a mathematical expression describing how sensors observe the state of a system; it establishes a mapping relationship between the system state and sensor measurements. In practical applications, sensors cannot directly obtain precise values of the system state; instead, they acquire observational data containing a certain degree of error through physical measurement methods. The core function of a measurement model is to quantify this observation process and clarify the functional relationship between the measured values and the true state of the system.
[0058] Optionally, acquiring the measurement values from various sensors can be achieved in various ways, depending on the sensor type, installation method, and application scenario. Taking target tracking as an example, radar sensors deployed along roads emit electromagnetic waves and receive reflected signals to measure the distance, azimuth, and radial velocity of a target vehicle relative to the sensor. After signal processing, these measurements are converted into digital measurement data. Visual sensors, such as cameras, capture target images in real time via image acquisition cards. Target detection and localization algorithms extract the target's position information in the pixel coordinate system from the image and convert it into actual physical coordinates using camera calibration parameters. In industrial process monitoring scenarios, temperature sensors, pressure sensors, or flow meters convert continuous physical signals into discrete digital quantities via analog-to-digital converters, which are then transmitted to the data acquisition system via fieldbus or industrial Ethernet.
[0059] For example, based on the measured values of each sensor, a known measurement matrix is set. Establish the mapping relationship between system state and sensor measurement values, that is, construct the measurement model. The measurement model of sensor i can be constructed as follows:
[0060] ,
[0061] Among them, the measurement model is the core model that characterizes the mathematical correspondence between the system state and the sensor measurement values. The measured value of sensor i, Given a measurement matrix, used to represent the system state Mapped to the measurement space of sensor i, The covariance matrix of the zero-mean white noise is: It is used to characterize the uncertainty caused by the sensor's own accuracy and environmental interference. for The system state at time t is given, and N is the total number of sensors. This measurement model establishes a mathematical relationship between the system state and sensor measurements, serving as a crucial basis for subsequent information calculations, attack detection, and state estimation updates.
[0062] Step 140: Calculate the information of each sensor based on the predicted estimate, measurement model and measured value, and calculate the constraint error based on the predicted estimate and prior constraints. The constraint error is a zero vector in the absence of a fake data injection attack.
[0063] Innovation refers to the difference between the actual measured value obtained by the sensor and the predicted estimate obtained based on historical information and system evolution. This deviation signal has two functions in the system. On the one hand, it serves as the basis for correction and calibration. If the innovation is small, it indicates that the prediction is relatively accurate. If the innovation is large, this deviation needs to be used to adjust the prediction model so that the theoretical results are closer to the actual situation. On the other hand, it is also a clue to whether the system is abnormal. Under normal circumstances, the innovation usually remains within a stable fluctuation range. If the innovation suddenly shows a drastic and persistent anomaly, it often means that the system has been subjected to external interference, such as a spoofed data attack.
[0064] For example, the innovation of each sensor can be calculated based on the predicted estimate, the measurement model, and the measured value. The calculation process is as follows: first, based on sensor i's... Measurement of time Given measurement matrix and the predicted estimate of that node. The expression for defining the new information is:
[0065] ,
[0066] in, The measured value of sensor i, Given the measurement matrix, The predicted estimate for sensor i. For information about sensor i, this expression intuitively reflects the difference between measured data and predicted estimates.
[0067] Furthermore, the measurement model of sensor i constructed in step 130 can be... Substituting into the new information expression, we get:
[0068] ,
[0069] in, Given the measurement matrix, for The system state at any given moment. The predicted estimate for sensor i. Zero-mean white noise This is the information for sensor i. This expanded form reveals two components of the information: one is the state estimation error. The deterministic bias arises from the mapping of the measurement matrix, and the second is from measurement noise. The introduction of random perturbations. The calculation of the innovation not only provides a basis for subsequent state corrections, but also serves as an important input for attack detection mechanisms.
[0070] Constraint error is a quantitative indicator used to measure whether a predicted estimate satisfies the constraints. Specifically, constraint error is calculated by combining the current predicted estimate with known prior constraints to assess the degree to which the predicted estimate meets the constraints. When the predicted estimate exactly satisfies all prior constraints, the constraint error is a zero vector, meaning that the predicted state of the system fully conforms to objective laws or task requirements. Conversely, if the constraint error is non-zero, it indicates that the predicted state has deviated from the expected constraint relationship and requires attention.
[0071] For example, the constraint error calculation formula for sensor i is as follows:
[0072] ,
[0073] in, The constraint error of sensor i, For the constraint matrix, These constraint vectors together constitute the linear equality constraints that the system state must satisfy. , Let be the predicted estimate of sensor i. This formula is derived by substituting the predicted estimate into the constraint equation. In, and with constraint terms The comparison quantifies the degree to which the predicted estimates satisfy the prior constraints. Under the condition that the system is operating normally and the predicted estimates accurately satisfy the constraints, Constraint error The zero vector is used. Conversely, if the predicted estimate is attacked and altered, deviating from the constraint, the constraint error is a non-zero value.
[0074] Step 150: Combine the aforementioned information and constraint error to construct a fake data injection attack detection model.
[0075] The covariance of a new information is a statistic that measures the range and uncertainty of the new information's fluctuations. It can be understood as a normalization measure for this biased signal. For example, the formula for calculating the covariance of the new information of sensor i is as follows:
[0076] ,
[0077] in, Given a measurement matrix, it is used to map the uncertainty in the state space to the measurement space. Let be the covariance of the predicted estimate of sensor i, which characterizes the degree of uncertainty of the predicted estimate. yes transpose, for The covariance reflects the measurement accuracy of the sensor itself. The physical meaning of this formula is that the overall uncertainty of the innovation is composed of two superimposed parts, the first part... It is the result of the prediction uncertainty being transmitted to the measurement space, Part Two This is an inherent random disturbance in the measurement process itself. Since the state estimation error and measurement noise are independent, the covariance of the innovation is the sum of the two. In the attack detection mechanism, this covariance matrix is used to normalize the innovation, enabling deviation signals of different dimensions and magnitudes to be compared on a uniform scale. Simultaneously, it also serves as a statistical benchmark for setting the detection threshold; when the actual deviation of the innovation significantly exceeds the normal fluctuation range described by its theoretical covariance, it can be determined that the system may be abnormal.
[0078] For example, a fake data injection attack detection model can be constructed by combining the innovation, the covariance of the innovation, and the constraint error. The core idea of this detection model is to simultaneously evaluate the security of the communication link using two dimensions: innovation and constraint error. By introducing a random threshold mechanism, the robustness of the detection is improved, preventing attackers from determining a fixed detection threshold through trial and error.
[0079] In the distributed network mentioned in step 120, sensor i receives information from neighbor node j, including news. and predicted estimates However, when the communication link When subjected to a fake data injection attack, the attacker injects fake data into the transmitted information. This makes the information actually received by node i become:
[0080] and ,
[0081] in This is a binary variable. Correspondingly, the constraint error calculated based on the received predicted state is... In the absence of attack, The received information is the true information, and since the predicted estimate satisfies the prior constraints, the constraint error... The value is 0. However, when an attack occurs, both the innovation and constraint error will deviate from their theoretical values, and the constraint error will exhibit a non-zero vector.
[0082] Based on the above characteristics, the detection model combines the received information into a detection vector. And construct the detection function as follows:
[0083] ,
[0084] in, , yes The inverse matrix, It is an exponential function. Is sensor j at time... A positive definite symmetric matrix, This is a scaling factor used to normalize the detection vector. is a parameter used to adjust the response of the detection function to abnormal deviations. Therefore, the constructed fake data injection attack detection model is:
[0085] ,
[0086] in, For the detection function, For random threshold variables, For parameters, For combined detection vectors, for transpose, For sensor i to receive new information from sensor j, For the constraint error received by sensor i from sensor j, For the predicted estimate received by sensor i from sensor j, Let j be the predicted estimate. It is a binary variable. This is false data. , yes The inverse matrix, It is an exponential function. It is the covariance of the information received by sensor i from sensor j. Is sensor j at time... A positive definite symmetric matrix, This is the scaling factor.
[0087] Step 160: Based on the attack detection model, determine whether there is a false data injection attack in the communication links between the sensors, and locate the affected sensors.
[0088] False data refers to information that is artificially forged or tampered with and injected into a system, and that does not conform to the actual situation. Its purpose is to mislead the system's perception of the current state, causing it to make incorrect judgments or decisions. This type of data may manifest as abnormal values or carefully constructed signals. Once the system mistakenly identifies it as genuine input, the bias will gradually accumulate, eventually leading to a significant deviation of the system's judgment from the actual state. Therefore, identifying and eliminating false data is a crucial step in ensuring the safe operation of a system.
[0089] For example, the attack detection model targets each pair of communication links. Output an attack flag Its judgment rule adopts a random threshold mechanism, which first generates a random threshold variable that follows a uniform distribution. ,like If this is the case, then the communication link is determined to be under attack, and... Otherwise, it is deemed safe, and... .when At this time, it represents the communication link between sensor i and node j. If an attack occurs, node j is identified as the affected sensor, and all information transmitted by it is deemed untrustworthy. Information from sensor j will be discarded and will not participate in the distributed estimation and fusion process of node i. Conversely, when... When the link is secure, the information of node j can be used as trusted neighbor information in the fusion process. This detection mechanism effectively improves the sensitivity and reliability of attack detection by simultaneously utilizing two complementary metrics, innovation and constraint error, providing secure and reliable neighbor information for distributed estimation.
[0090] Step 170: Discard the transmission information of the affected sensors, and obtain the system distributed estimation result that satisfies the prior constraints based on the sensor's predicted estimate, measured value and information of trusted neighbor sensors.
[0091] For example, discarding the transmitted information of affected sensors, the system distributed estimation result that satisfies prior constraints is obtained based on the sensor's predicted estimates, measured values, and information from trusted neighbor sensors. The core of this step is that, after removing sensor information identified as affected by the attack detection mechanism, each sensor utilizes only its own predicted information, its own measured information, and information provided by trusted neighbor nodes to design a distributed estimator that satisfies prior constraints, thereby achieving the optimal estimation of the system state. For example, the distributed estimation result for sensor i... The calculation formula is expressed as follows:
[0092] ,
[0093] in, For sensor i at time... For the distributed estimation results of the system, The predicted estimate for sensor i. It is the predicted estimate received by sensor i from sensor j. It is to enter the neighborhood set. It is the measured value of sensor i. It is a known measurement matrix. These are weighting coefficients. This is the number of trusted neighbor sensors used by sensor i. Here is the gain matrix. Let be the covariance of the predicted estimate of sensor i. For the weighted cross-variance term, Let be the covariance matrix of the new information. yes transpose, yes covariance, For the attack detection model results, For sensor i and sensor j in The cross-covariance matrix of the predicted estimates at time 10:00. It is a known process matrix. Is it sensor i and sensor j in Distributed estimation of the cross-covariance matrix at time t. for The covariance matrix of the time-series noise. To constrain the projection matrix.
[0094] The formula consists of three parts, the first term... Let be the predicted estimate of sensor i, representing prior knowledge of the current state based on historical information. The second term... For measurement correction items, through Gain incorporates the difference between the actual and predicted measurements into the estimation process, thereby correcting the predicted estimates. (Third term) For neighbor consistency correction items, where The output of the attack detection model discards neighbor information when an attack is detected on the link. When the link is secure, node i will fuse the predicted information of trusted neighbor j, using weighting coefficients. and projection matrix Achieve consistency constraints. Meanwhile, sensor i at time... The covariance matrix of the distributed estimation results is:
[0095] ,
[0096] in, for transpose, For false data The covariance matrix, These are weighting coefficients. The covariance matrix of the distributed estimation results measures the distributed estimation results of sensor i. Due to the uncertainty, the formula consists of three parts, the first term The second term represents the covariance of the predicted estimate of sensor i. This is a measurement correction term, reflecting the effect of measurement information on reducing uncertainty. (The third term...) For the neighbor information fusion term, it is ensured that relevant information is not repeatedly calculated during the fusion process. Throughout the above estimation process, projection transformation is always performed using a constrained projection matrix to ensure that the final estimation result and its covariance satisfy the prior constraints. This allows for the elimination of attack interference while obtaining system state estimation results that conform to physical laws and accurate uncertainty measurement.
[0097] To verify the performance of the attack detection method constructed in this embodiment, the mean square error of position and the mean square error of velocity are used as evaluation metrics, such as... Figure 2 Here is a comparison chart of the mean square error of the positions of sensor 1 and sensor 2 with and without attack detection, as shown in the example. Figure 3 The figure shows a comparison of the mean square error of velocity between sensor 1 and sensor 2 with and without attack detection. As can be seen from the figure, compared with not using attack detection, the position estimation error and velocity estimation error are significantly reduced after using attack detection in this embodiment.
[0098] This embodiment constructs a dynamic estimation model and prior constraints for the system, and then builds a fusion-constrained dynamic model based on these models. Based on this fusion-constrained dynamic model, the predicted estimates for each sensor are calculated. Measurement values from each sensor are acquired, and a measurement model is constructed. Based on the predicted estimates, the measurement model, and the measured values, innovations for each sensor are calculated. Constraint errors are calculated based on the predicted estimates and prior constraints; these constraints are zero vectors in the absence of spoofing attacks. A spoofing attack detection model is constructed by combining the innovations and constraint errors. Based on this detection model, it is determined whether spoofing attacks exist in the communication links between sensors, and the affected sensors are located. The transmission information of the affected sensors is discarded, and the system distributed estimation result satisfying the prior constraints is obtained based on the predicted estimates, measured values, and information from trusted neighbor sensors. By integrating the system's prior constraint information into the spoofing attack detection mechanism, the identification and location of attack links are achieved. Furthermore, fusion estimation based on trusted neighbor information ensures that the state estimation result satisfies the prior constraints while eliminating attack interference, thus significantly improving the accuracy of distributed state estimation under spoofing attacks.
[0099] Example 2
[0100] Figure 4 This is a schematic diagram of the structure of the distributed estimation device for fake data attacks provided in Embodiment 2 of the present invention, as shown below. Figure 4 As shown, the device includes:
[0101] The fusion constraint dynamic model construction module 210 is used to construct the dynamic estimation model and prior constraints of the system, and to construct the fusion constraint dynamic model based on the dynamic estimation model and prior constraints of the system.
[0102] The prediction estimation calculation module 220 is used to calculate the prediction estimates of each sensor based on the fusion constraint dynamic model.
[0103] Measurement model building module 230 is used to acquire the measurement values of each sensor and build a measurement model;
[0104] The constraint error calculation module 240 is used to calculate the information of each sensor based on the predicted estimate, the measurement model and the measured value, and to calculate the constraint error based on the predicted estimate and the prior constraint conditions.
[0105] Injection attack model construction module 250 is used to combine the innovation and constraint error to construct a fake data injection attack detection model;
[0106] The judgment module 260 is used to determine whether there is a false data injection attack in the communication link between the sensors based on the attack detection model, and to locate the affected sensors.
[0107] The discard module 270 is used to discard the transmission information of the affected sensors and obtain a distributed estimation result that satisfies the prior constraints based on the sensor's predicted estimate, measured value and information of trusted neighbor sensors.
[0108] The distributed estimation device for spoofing attacks provided in this embodiment constructs a dynamic estimation model and prior constraints for the system, and then constructs a fusion-constrained dynamic model based on the dynamic estimation model and prior constraints. Based on the fusion-constrained dynamic model, it calculates the predicted estimates of each sensor; acquires the measured values of each sensor and constructs a measurement model; calculates the innovation of each sensor based on the predicted estimates, the measurement model, and the measured values; calculates the constraint error based on the predicted estimates and prior constraints, where the constraint error is a zero vector in the absence of spoofing attacks; combines the innovation and the constraint error to construct a spoofing attack detection model; determines whether a spoofing attack exists in the communication links between sensors based on the attack detection model, and locates the affected sensors; discards the transmission information of the affected sensors; and obtains the distributed estimation result of the system satisfying the prior constraints based on the predicted estimates, measured values, and information from trusted neighbor sensors. By incorporating prior constraint information into the fake data injection attack detection mechanism, the attack chain can be identified and located. Then, based on trusted neighbor information, fusion estimation is performed to ensure that the state estimation results meet the prior constraints while eliminating attack interference, thereby significantly improving the accuracy of distributed state estimation under fake data injection attacks.
[0109] The system distributed estimation device for fake data attacks provided in the embodiments of the present invention can execute the system distributed estimation method for fake data attacks provided in any embodiment of the present invention, and has the corresponding functional modules and beneficial effects of the method execution.
[0110] Example 3
[0111] Figure 5 This is a schematic diagram of the structure of a server provided in Embodiment 3 of the present invention. Figure 5 A block diagram of an exemplary server 12 suitable for implementing embodiments of the present invention is shown. Figure 5 The server 12 shown is merely an example and should not impose any limitations on the functionality and scope of use of the embodiments of the present invention.
[0112] like Figure 5 As shown, server 12 is presented in the form of a general-purpose computing server. The components of server 12 may include, but are not limited to: one or more processors or processing units 16, system memory 28, and bus 18 connecting different system components (including system memory 28 and processing unit 16).
[0113] Bus 18 represents one or more of several bus architectures, including a memory bus or memory controller, a peripheral bus, a graphics acceleration port, a processor, or a local bus using any of the various bus architectures. For example, these architectures include, but are not limited to, the Industry Standard Architecture (ISA) bus, the Micro Channel Architecture (MAC) bus, the Enhanced ISA bus, the Video Electronics Standards Association (VESA) local bus, and the Peripheral Component Interconnect (PCI) bus.
[0114] Server 12 typically includes a variety of computer system readable media. These media can be any available media that can be accessed by server 12, including volatile and non-volatile media, removable and non-removable media.
[0115] System memory 28 may include computer system readable media in the form of volatile memory, such as RAM 30 and / or cache 32. Server 12 may further include other removable / non-removable, volatile / non-volatile computer system media. By way of example only, storage system 34 may be used to read and write non-removable, non-volatile magnetic media (… Figure 5 Not shown; usually referred to as a "hard drive"). Although Figure 5Not shown, a disk drive for reading and writing to a removable non-volatile disk (e.g., a "floppy disk") and an optical disc drive for reading and writing to a removable non-volatile optical disc (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 via one or more data media interfaces. System memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to perform the functions of the embodiments of the present invention.
[0116] A program / utility 40 having a set (at least one) of program modules 42 may be stored, for example, in system memory 28. Such program modules 42 include, but are not limited to, an operating system, one or more application programs, other program modules, and program data. Each or some combination of these examples may include an implementation of a network environment. Program modules 42 typically perform the functions and / or methods described in the embodiments of the present invention.
[0117] Server 12 can also communicate with one or more external devices 14 (e.g., keyboard, pointing server, display 24, etc.), and with one or more servers that enable users to interact with server 12, and / or with any server (e.g., network card, modem, etc.) that enables server 12 to communicate with one or more other computing servers. This communication can be performed via I / O interface 22. Furthermore, server 12 can also communicate with one or more networks (e.g., local area network (LAN), wide area network (WAN), and / or public networks, such as the Internet) via network adapter 20. As shown, network adapter 20 communicates with other modules of server 12 via bus 18. It should be understood that, although not shown in the figures, other hardware and / or software modules can be used in conjunction with server 12, including but not limited to: microcode, server drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems.
[0118] The processing unit 16 executes various functional applications and data processing by running programs stored in the system memory 28, such as implementing the system distributed estimation method for fake data attacks provided in the embodiments of the present invention.
[0119] Example 4
[0120] Embodiment 4 of the present invention also provides a medium containing computer-executable instructions, which, when executed by a computer processor, are used to perform a system distributed estimation method for any of the spoofing attacks provided in the above embodiments.
[0121] The computer storage medium of this invention can be any combination of one or more computer-readable media. A computer-readable medium can be a computer-readable signal medium or a computer-readable storage medium. A computer-readable storage medium can be, for example,—but not limited to—an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of computer-readable storage media (a non-exhaustive list) include: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In this document, a computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device.
[0122] Computer-readable signal media may include data signals propagated in baseband or as part of a carrier wave, carrying computer-readable program code. Such propagated data signals may take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. Computer-readable signal media may also be any computer-readable medium other than computer-readable storage media, capable of sending, propagating, or transmitting programs for use by or in connection with an instruction execution system, apparatus, or device.
[0123] Program code contained on a computer-readable medium may be transmitted using any suitable medium, including—but not limited to—wireless, wire, optical fiber, RF, etc., or any suitable combination thereof.
[0124] Computer program code for performing the operations of this invention can be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, and C++, as well as conventional procedural programming languages such as "C" or similar programming languages. The program code can be executed entirely on the user's computer, partially on the user's computer, as a standalone software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In cases involving remote computers, the remote computer can be connected to the user's computer via any type of network—including a local area network (LAN) or a wide area network (WAN)—or can be connected to an external computer (e.g., via the Internet using an Internet service provider).
[0125] Note that the above description is merely a preferred embodiment of the present invention and the technical principles employed. Those skilled in the art will understand that the present invention is not limited to the specific embodiments described herein, and various obvious changes, readjustments, and substitutions can be made without departing from the scope of protection of the present invention. Therefore, although the present invention has been described in detail through the above embodiments, the present invention is not limited to the above embodiments, and may include many other equivalent embodiments without departing from the concept of the present invention, the scope of which is determined by the scope of the appended claims.
Claims
1. A distributed estimation method for a system of fake data attacks, characterized in that, include: A dynamic estimation model and prior constraints for the system are constructed. Based on the dynamic estimation model and prior constraints, a fusion-constrained dynamic model is constructed. The formula for the fusion-constrained dynamic model is as follows: in, To constrain the projection matrix, For the constraint compensation term coefficient, It is a known process matrix. for The system state at any given moment. For process noise, For the constraint matrix, For constraint vectors, yes transpose, Let k be the covariance matrix of the process noise at time k. It is the identity matrix; Based on the fusion constrained dynamic model, the predicted estimates of each sensor are calculated; Acquire the measurement values of each sensor and construct a measurement model; Based on the predicted estimates, measurement models, and measured values, the innovation of each sensor is calculated. Based on the predicted estimates and prior constraints, the constraint error is calculated. The constraint error is a zero vector in the absence of spoofing attacks. Combining the aforementioned innovation and constraint error, a fake data injection attack detection model is constructed. The formula for the fake data injection attack detection model is as follows: in, For the detection function, For random threshold variables, For parameters, For combined detection vectors, for transpose, For sensor i to receive new information from sensor j, For the new information of sensor j, For the constraint error received by sensor i from sensor j, For the predicted estimate received by sensor i from sensor j, Let j be the predicted estimate. It is a binary variable. This is false data. , yes The inverse matrix, It is an exponential function. It is the covariance of the information received by sensor i from sensor j. It is the positive definite symmetric matrix of sensor j at time k. This is the scaling factor; Based on the attack detection model, determine whether there is a false data injection attack in the communication links between sensors, and locate the affected sensors; Discarding the transmission information of the affected sensors, the system distributed estimation result that satisfies the prior constraints is obtained based on the predicted estimates, measured values, and transmission information of trusted neighbor sensors.
2. The system distributed estimation method for fake data attacks according to claim 1, characterized in that, The construction of the dynamic estimation model and prior constraints of the system, and the construction of a fusion-constrained dynamic model based on the dynamic estimation model and prior constraints of the system, includes: A dynamic estimation model and prior constraints for the system are constructed. The formula for the dynamic estimation model is as follows: in, It is the time step. for The system state at any given moment. It is a known process matrix. For process noise, for The system state at any given moment; The formula for the prior constraint condition is as follows: in, For the constraint matrix, For constraint vectors, for The system state at any given moment; A fusion-constrained dynamic model is constructed based on the dynamic estimation model and prior constraints of the system.
3. The system distributed estimation method for fake data attacks according to claim 2, characterized in that, The process of acquiring the measurement values from each sensor and constructing the measurement model includes: The measured values of each sensor are obtained, and a measurement model is constructed. The formula of the measurement model is as follows: in, The measured value of sensor i, Given the measurement matrix, Zero-mean white noise for The system state at time N, where N is the total number of sensors.
4. The system distributed estimation method for fake data attacks according to claim 3, characterized in that, The step of calculating the information of each sensor based on the predicted estimate, measurement model, and measured value, and calculating the constraint error based on the predicted estimate and prior constraints, includes: Based on the predicted estimate and the measured value, a new expression is defined as follows: in, The measured value of sensor i, Given the measurement matrix, The predicted estimate for sensor i. For the information of sensor i; Based on the innovation expression and measurement model, the innovation is calculated as follows: in, Given the measurement matrix, for The system state at any given moment. The predicted estimate for sensor i. Zero-mean white noise For the information of sensor i; Based on the predicted estimate and prior constraints, the constraint error is calculated using the following formula: in, The constraint error of sensor i, For the constraint matrix, For constraint vectors, This is the predicted estimate for sensor i.
5. The system distributed estimation method for fake data attacks according to claim 4, characterized in that, The method for constructing a fake data injection attack detection model by combining the aforementioned innovation and constraint error includes: The covariance of the innovation is constructed, and the formula for the covariance of the innovation is as follows: in, Given the measurement matrix, Let be the covariance of the predicted estimate of sensor i. yes transpose, for covariance; By combining the aforementioned innovation, the covariance of the innovation, and the constraint error, a fake data injection attack detection model is constructed.
6. The system distributed estimation method for fake data attacks according to claim 5, characterized in that, The step of determining whether a false data injection attack exists in the communication link between sensors based on the attack detection model and locating the affected sensors includes: The communication links between the sensors are detected based on the attack detection model described above; When the attack detection result of the communication link is 0, it is determined that there is a false data injection attack on the communication link, and the sending sensor corresponding to the communication link is identified as the affected sensor.
7. The system distributed estimation method for fake data attacks according to claim 6, characterized in that, The process of discarding the transmission information of the affected sensors and obtaining a system distributed estimation result that satisfies prior constraints based on the sensor's predicted estimates, measured values, and transmission information of trusted neighbor sensors includes: Discarding the transmission information of the affected sensors, and based on the sensor's predicted estimates, measured values, and transmission information from trusted neighbor sensors, the desired result is obtained. The system distributed estimation results satisfying the prior constraints are expressed as follows: in, The distributed estimation result of sensor i for the system at time k is given. The predicted estimate for sensor i. It is the predicted estimate received by sensor i from sensor j. It is to enter the neighborhood set. It is the measured value of sensor i. It is a known measurement matrix. These are weighting coefficients. This is the number of trusted neighbor sensors used by sensor i. Here is the gain matrix. Let be the covariance of the predicted estimate of sensor i. For the weighted cross-variance term, Let be the covariance matrix of the new information. yes transpose, yes covariance, For the attack detection model results, Let be the cross-covariance matrix of the predicted estimates of sensor i and sensor j at time k. It is a known process matrix. It is the distributed estimated cross-covariance matrix of sensor i and sensor j at time k-1. Let be the covariance matrix of the process noise at time k-1. To constrain the projection matrix.
8. A distributed estimation device for a system attacking fake data, characterized in that, include: The module for constructing a fusion-constrained dynamic model is used to build a dynamic estimation model and prior constraints for the system. Based on the dynamic estimation model and prior constraints, a fusion-constrained dynamic model is constructed. The formula for the fusion-constrained dynamic model is as follows: in, To constrain the projection matrix, For the constraint compensation term coefficient, It is a known process matrix. for The system state at any given moment. For process noise, For the constraint matrix, For constraint vectors, yes transpose, Let k be the covariance matrix of the process noise at time k. It is the identity matrix; The prediction estimation calculation module is used to calculate the prediction estimates of each sensor based on the fusion constraint dynamic model. The measurement model building module is used to acquire the measurement values of each sensor and build the measurement model. The constraint error calculation module is used to calculate the information of each sensor based on the predicted estimate, measurement model and measured value, and to calculate the constraint error based on the predicted estimate and prior constraint conditions. The injection attack model construction module is used to combine the innovation and constraint error to construct a fake data injection attack detection model. The formula for the fake data injection attack detection model is as follows: in, For the detection function, For random threshold variables, For parameters, For combined detection vectors, for transpose, For sensor i to receive new information from sensor j, For the new information of sensor j, For the constraint error received by sensor i from sensor j, For the predicted estimate received by sensor i from sensor j, Let j be the predicted estimate. It is a binary variable. This is false data. , yes The inverse matrix, It is an exponential function. It is the covariance of the information received by sensor i from sensor j. It is the positive definite symmetric matrix of sensor j at time k. This is the scaling factor; The judgment module is used to determine whether there is a false data injection attack in the communication link between the sensors based on the attack detection model, and to locate the affected sensors. The discard module is used to discard the transmission information of the affected sensors and obtain a distributed estimation result that satisfies the prior constraints based on the sensor's predicted estimate, measured value and the transmission information of trusted neighbor sensors.
9. A server, characterized in that, The server includes: One or more processors; Storage device for storing one or more programs; When the one or more programs are executed by the one or more processors, the one or more processors implement the system distributed estimation method for fake data attacks as described in any one of claims 1-7.
10. A medium containing computer-executable instructions, characterized in that, The computer-executable instructions, when executed by a computer processor, are used to perform a system-distributed estimation method for fake data attacks as described in any one of claims 1-7.