A multi-region power system load frequency safety control method, system, device and medium

CN122178362APending Publication Date: 2026-06-09GUANGDONG POWER GRID CO LTD INFORMATION CENT

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGDONG POWER GRID CO LTD INFORMATION CENT
Filing Date
2026-02-02
Publication Date
2026-06-09

Smart Images

  • Figure CN122178362A_ABST
    Figure CN122178362A_ABST
Patent Text Reader

Abstract

This invention relates to the field of power system network security and load frequency control technology, specifically a method, system, device, and medium for load frequency security control in a multi-regional power system. The method includes establishing a linearized model for load frequency control in the multi-regional power system; designing state feedback control laws for each region based on the linearized model, and introducing event triggering conditions based on system state error and dynamic thresholds to determine the sampling and update times of control commands; coordinating the adjustment of the event triggering mechanism and the operating mode of the control system based on the current attack level variable; and analyzing the closed-loop control system, including event triggering conditions, attack level, and local compensation strategies, based on Lyapunov stability theory, to derive controller gain and triggering parameters that ensure system stability and meet preset performance indicators. The beneficial effects of this invention are that it effectively improves the system's operational resilience and engineering practicality under network security threats.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of power system network security and load frequency control technology, and in particular to a method, system, equipment and medium for load frequency security control in a multi-regional power system. Background Technology

[0002] As power systems evolve towards greater digitalization and networking, load frequency control is increasingly reliant on communication networks. To address network uncertainties and resource constraints, strategies such as event-triggered control and model-based attack detection and compensation have been introduced into the field of load frequency control, aiming to improve communication efficiency and system resilience.

[0003] However, existing methods still have significant limitations when facing communication interruptions caused by DDoS attacks, which are characterized by long periods of silence: First, traditional fixed-period sampling can exacerbate network burden when attacks cause link congestion; second, the threshold design of existing event triggering mechanisms is usually independent of the real-time network attack status, making it difficult to dynamically balance control performance and communication resource consumption; third, most security control schemes fail to fully utilize the observable feature of communication silence duration to achieve online discrimination of attack severity, and also lack a systematic framework for integrated collaborative design of attack detection, communication scheduling, and local compensation control, resulting in insufficient overall resilience of the system under continuous or intermittent DDoS attacks. Summary of the Invention

[0004] To solve the above-mentioned technical problems, the present invention provides the following technical solution: In a first aspect, the present invention provides a method for load frequency security control of a multi-regional power system, including establishing a linearized model for load frequency control of a multi-regional power system, and introducing a first variable characterizing the real-time availability of communication links in each region and a second variable classifying attack levels based on the duration of communication silence in the model. Based on the linearized model of load frequency control, state feedback control laws are designed for each region, and event triggering conditions based on system state error and dynamic threshold are introduced to determine the sampling and update time of control commands. Based on the current attack level variable, the working mode of the event triggering mechanism and the control system are adjusted in a coordinated manner. The higher the attack level, the higher the update frequency of the control command, and when communication is interrupted, it switches to an autonomous compensation mode based on historical state information. Based on Lyapunov stability theory, a closed-loop control system including event triggering conditions, attack levels, and local compensation strategies is analyzed, and the controller gain and triggering parameters that ensure system stability and meet preset performance indicators are derived.

[0005] As a preferred embodiment of the multi-regional power system load frequency security control method of the present invention, the method includes: coordinating the adjustment of the event triggering mechanism and the working mode of the control system based on the current attack level variable, including: Monitor the duration of communication silence in each area and update the attack level represented by the second variable according to the preset time threshold; The dynamic threshold in the event triggering conditions is dynamically adjusted according to the attack level. When the attack level is indicated as a severe attack and the communication link is unavailable, a local compensation control policy is activated, and local frequency adjustment is performed based on the status information of the most recent successful sampling in the area.

[0006] As a preferred embodiment of the multi-regional power system load frequency security control method of the present invention, wherein: the controller gain and triggering parameters that ensure system stability and meet preset performance indicators are obtained, including, Construct a Lyapunov-Krasovskii functional that includes system state, time delay, and event-triggered error terms; Based on functional derivation, sufficient conditions are derived for the system to be stable and to satisfy the predetermined disturbance suppression performance; The sufficient conditions are transformed into a linear matrix inequality problem that can be solved numerically. By solving the linear matrix inequality problem, the gain matrix of the state feedback control law and the adjustable parameter matrix of the event triggering mechanism can be obtained in one step.

[0007] As a preferred embodiment of the multi-regional power system load frequency security control method of the present invention, the attack level is divided based on the communication silence duration, including: Set at least two incremental time thresholds; Compare the communication silence duration with a time threshold; Based on the comparison results, the attack level is divided into several discrete levels, including normal state, mild attack state, and severe attack state.

[0008] As a preferred embodiment of the multi-regional power system load frequency security control method of the present invention, wherein: dynamically adjusting the dynamic threshold in the event triggering conditions includes, Configure different threshold adjustment coefficients for different attack levels; When the attack level increases, an adjustment coefficient is used to reduce the dynamic threshold or make the event triggering conditions easier to meet. When the attack level decreases or returns to normal, an adjustment coefficient is used that increases the dynamic threshold or makes the event triggering conditions less likely to be met.

[0009] As a preferred embodiment of the multi-regional power system load frequency security control method of the present invention, wherein: enabling a local compensation control strategy includes, In autonomous compensation mode, the controller stops attempting to receive or send data through the attacked communication link; Based on the system model parameters stored in this region and the state information of the most recent successful sampling, the compensation control quantities used to stabilize the local frequency and tie-line power are calculated independently.

[0010] As a preferred embodiment of the multi-regional power system load frequency security control method of the present invention, the control objective of the method in the autonomous compensation mode is: During a complete interruption of external communications, priority should be given to suppressing frequency deviations in this area from exceeding safety limits. At the same time, local information should be used as much as possible to mitigate power fluctuations in tie lines between adjacent areas.

[0011] Secondly, the present invention provides a multi-regional power system load frequency security control system, comprising: an establishment module for establishing a linearization model of load frequency control of a multi-regional power system, and introducing a first variable characterizing the real-time availability of communication links in each region and a second variable classifying attack levels based on communication silence duration into the model; The determination module is used to design state feedback control laws for each region based on the load frequency control linearization model, and introduces event triggering conditions based on system state error and dynamic threshold to determine the sampling and update time of control commands. The adjustment module is used to coordinate the operation mode of the event triggering mechanism and the control system based on the current attack level variable. The higher the attack level, the higher the update frequency of the control command, and when communication is interrupted, it switches to the autonomous compensation mode based on historical state information. The analysis module is used to analyze closed-loop control systems, including event triggering conditions, attack levels, and local compensation strategies, based on Lyapunov stability theory, and to derive controller gain and triggering parameters that ensure system stability and meet preset performance indicators.

[0012] Thirdly, the present invention provides a computer device, including a memory and a processor, wherein the memory stores a computer program, and the processor executes the computer program to implement the steps of the method described above.

[0013] Fourthly, the present invention provides a computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the method described above.

[0014] Compared with existing technologies, the beneficial effects of this invention are as follows: By constructing a networked load frequency control model that considers DDoS attacks, and introducing link availability indicators and attack level variables based on communication silence duration, a deep integration of attack perception and security control is achieved; an event-triggered sampling mechanism is embedded in the state feedback structure, significantly reducing the communication load under normal operating conditions; a hierarchical protection system from normal to severe attacks is proposed, utilizing silence duration for attack classification detection and dynamically adjusting the trigger threshold, ensuring that frequency stability can still be maintained by switching to local autonomous mode when some links fail; a unified stability analysis framework is established based on Lyapunov–Krasovskii functionals, providing a theoretical basis for the selection of control parameters. Simulation verification also shows that this method effectively balances frequency regulation performance and communication resource efficiency under DDoS attacks, significantly improving the network security resilience and engineering applicability of power systems. Attached Figure Description

[0015] To more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the following description of the embodiments will be briefly introduced. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0016] Figure 1 A flowchart illustrating the load frequency security control method for multi-regional power systems.

[0017] Figure 2 This is a comparison graph of the system state norm x(t) changing with time under three operating conditions: no attack, DDoS attack without detection and compensation, and DDoS attack with detection and local compensation. The gray shaded area represents the DDoS attack range. Figure 3 This is a schematic diagram showing the change of the event trigger sampling interval over time under a DDoS attack in Example 2 without attack detection and local compensation. Figure 4 This is a schematic diagram illustrating the change of the event triggering sampling interval over time when an attack detection and local compensation mechanism is used under the influence of a DDoS attack in Example 2. Figure 5 This is a graph showing the evolution of DDoS attack level over time, output by the attack detection module in Example 2. The attack level is used to represent the normal state, the mild attack state, and the severe attack state. Figure 6 This is a dynamic response curve of each state variable in region 1 under DDoS attack in Example 2 without attack detection and local compensation. Figure 7This is a dynamic response curve of each state variable in region 1 under DDoS attack using an attack detection and local compensation mechanism in Example 2. Figure 8 This is a dynamic response curve of each state variable in region 2 under DDoS attack without attack detection and local compensation in Example 2. Figure 9 This is a dynamic response curve of each state variable in region 2 of Example 2 when an attack detection and local compensation mechanism is used under the DDoS attack. Detailed Implementation

[0018] To make the above-mentioned objects, features, and advantages of the present invention more apparent and understandable, specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, and not all of them. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the protection scope of the present invention.

[0019] Example 1, referring to Figure 1 This is the first embodiment of the present invention, which provides a method for load frequency security control in a multi-regional power system, comprising: S100: Establish a linearized model for load frequency control in a multi-regional power system, and introduce a first variable characterizing the real-time availability of communication links in each region and a second variable classifying attack levels based on the duration of communication silence into the model. S200: Based on the linearization model of load frequency control, state feedback control laws are designed for each region, and event triggering conditions based on system state error and dynamic threshold are introduced to determine the sampling and update time of control commands. S300: Based on the current attack level variable, it coordinates the operation mode of the event triggering mechanism and the control system. The higher the attack level, the higher the update frequency of the control command, and it switches to the autonomous compensation mode based on historical state information when communication is interrupted. S400: Based on Lyapunov stability theory, this paper analyzes a closed-loop control system that includes event triggering conditions, attack levels, and local compensation strategies, and derives controller gain and triggering parameters that ensure system stability and meet preset performance indicators.

[0020] It should be noted that, in response to the problems existing in the prior art, this method constructs an attack-aware multi-area networked load frequency control model through steps S100-S400 to characterize communication silence and data loss characteristics; designs an event-triggered sampling mechanism based on dynamic thresholds to achieve adaptive adjustment of the control update frequency; establishes an attack classification detection method driven by communication silence duration, and coordinates the adjustment of trigger thresholds and the activation of local compensation control according to the attack level to form a classification protection strategy; finally, through Lyapunov stability analysis, it provides parameter design conditions for the stable operation of the closed-loop system and the satisfaction of performance indicators, achieving a synergistic improvement in frequency stability, communication efficiency, and network security resilience under DDoS attacks.

[0021] Example 2, refer to Figures 1-9 As an embodiment of the present invention, based on the above embodiment, a method for online health monitoring of high-temperature pipelines is provided.

[0022] In this embodiment of the application, step S100 establishes a load frequency control linearization model for a multi-regional power system, and introduces a first variable characterizing the real-time availability of communication links in each region and a second variable classifying attack levels based on communication silence duration into the model, including the following steps A1-A4: A1: The nonlinear dynamics of load frequency control in a multi-regional power system are linearized to obtain a multi-regional networked load frequency control model described by state-space equations.

[0023] Specifically, for the i-th control region, its frequency regulation process can be described by the following linear differential equation: (1) In the formula: This represents the frequency deviation of the i-th region; Indicates the deviation in turbine output power; Indicates load disturbance; This indicates the output power deviation of the speed controller; This represents the power deviation of the tie line between regions i and j; This is the control input for the i-th region; It is the equivalent inertial constant; The damping coefficient; The turbine time constant; The time constant of the speed controller; This is the speed adjustment coefficient.

[0024] Furthermore, the state vector and output of the i-th region are defined as follows: In the formula Let be the control error of the i-th region. This is the combined amount of power deviation from the adjacent area tie line. Given the output matrix, the LFC dynamics of the i-th region can be expressed as: (2) In the formula: For load disturbance, , , , It is a constant matrix determined by system parameters and tie-line coupling relationships.

[0025] Furthermore, the states of each region are superimposed sequentially to obtain the overall multi-region LFC state vector: (3) Multi-area networked LFC systems can then be uniformly written as: (4) In the formula: , , , It is a block matrix.

[0026] A2: Define a link state variable for each control area in the model. The link state variable is used to indicate whether the communication channel of the corresponding area is available at a given time. When the link is available, its value is the first value, and when the link is unavailable due to congestion or attack, its value is the second value.

[0027] Understandably, to characterize the packet loss and blocking effects of communication links under DDoS attacks, a unified channel availability indicator is introduced based on the aforementioned multi-region LFC model: specifically, let... Indicates the first Regional measurement data at time Was the upload successful? This indicates that measurement data and control commands can be sent and received normally. This indicates that the link is blocked, data transmission fails, or the system remains silent for a long time due to the attack.

[0028] A3: Define an attack level variable for each control region in the model. The value of the attack level variable is dynamically determined based on the duration of continuous silence of the communication link in the corresponding region. It includes at least three discrete states to represent normal, light attack and heavy attack.

[0029] It should be noted that when a DDoS attack causes link congestion, This value will remain at 0 for a period of time, indicating a complete loss of connection between sampling information and control commands in that area. Furthermore, based on the channel's silence duration characteristics, a single attack level variable is defined for the i-th region. , where 0 represents a normal state, 1 represents a mild attack or suspicious state, and 2 represents a severe attack state.

[0030] A4: The link state variables and attack level variables are embedded as model parameters into the state space equation to form a load frequency control linearization model that can reflect the characteristics of communication interruption and data loss under DDoS attacks.

[0031] It should be noted that by embedding the aforementioned channel availability indicator and attack level variable into the multi-region LFC state space model, a networked LFC linearized model that considers the impact of DDoS attacks can be obtained, providing a unified system description basis for the integrated design of subsequent event triggering mechanisms, attack detection, and local compensation links.

[0032] In an optional implementation, the establishment of the load frequency control linearization model of the multi-region power system in step S100 can also be achieved through a distributed robust control model construction method. That is, for each control region, firstly, its independent load frequency dynamic equation is established, and the power exchange with the tie line of the adjacent region is considered as a bounded coupling disturbance. On this basis, the communication interruption caused by the DDoS attack is modeled as a multiplicative uncertainty or random switching signal acting on the input channel of each region controller, and the attack level variable is transformed into the radius or switching probability parameter of the corresponding uncertainty set. Finally, by integrating the robust models and coupling relationships of each region, a multi-region distributed robust LFC model is formed that allows each subsystem to have the maximum autonomous stability capability under communication constraints.

[0033] In another optional implementation, the establishment of the load frequency control linearization model of the multi-regional power system in step S100 can also be achieved through a data-driven dynamic linear parametric model construction method. That is, by using historical system operation data and simulation data under attack scenarios, a local linear dynamic model is directly established with regional measurable variables (such as frequency deviation and output deviation) as input and state change rate as output through subspace identification or neural network training methods. Furthermore, communication link availability variables are embedded as scheduling parameters into the model coefficients, so that the model structure can switch with the network state, and the model parameters are updated in real time through online data to capture the dynamic characteristics under attack, thereby forming a data-driven networked LFC model that can adapt to attack scenarios.

[0034] In this embodiment of the application, step S200, based on the load frequency control linearization model, designs state feedback control laws for each region and introduces event triggering conditions based on system state error and dynamic threshold to determine the sampling and update times of control commands, including the following steps B1-B4: B1: Design a state feedback control law so that the control region i at time i control input Output to its system A linear function, where The discrete moment when the control instruction is successfully updated.

[0035] Specifically, let's set This is the combined state vector of a multi-region LFC system. Since the measurement output consists of frequency deviations in each region, tie-line power deviations, and their integrals, the closed-loop control input is selected as follows: (5) In the formula: K is the feedback gain matrix that needs to be tuned. This indicates the moment when the control command is successfully updated for the kth time.

[0036] Preferably, this step clarifies the mathematical form of the control law, transforming the complex multivariable control problem into the design of the gain matrix K, providing a clear optimization objective for subsequent stability analysis and parameter tuning (step S400).

[0037] B2: Embed an event triggering mechanism in the control law. This mechanism makes a judgment by continuously comparing the error between the current system state and the state at the last triggering time with a dynamically adjusted triggering threshold.

[0038] It should be noted that, to reduce communication load and improve sensitivity to state changes, the method introduces an event-triggered mechanism to adaptively adjust the sampling and control update timing. The error signal is defined as follows: (6) Construct the weight matrix and dynamic threshold function The event triggering condition is selected as follows: (7) B3: A new update time is generated only when the error meets the event triggering condition. and based on The system output at any given time is used to recalculate the control input.

[0039] It should be noted that a new update time is generated when the above inequality holds true for the first time. And calculate the control input based on the latest measurement output. Under normal operating conditions without being attacked, It can adaptively adjust to system state deviations, thereby reducing unnecessary communication and control updates while ensuring frequency regulation performance.

[0040] Specifically, the controller signal is ultimately: (8) B4: At adjacent update times and Within the time interval between, control input The value remains as This remains constant, forming a "sample-and-hold" control structure.

[0041] Specifically, the control input remains unchanged between adjacent update times, that is... (9) That is, a typical "sample-hold" control structure is formed.

[0042] Preferably, this step ensures the segmented continuity of the control signal in time, making theoretical analysis methods based on continuous-time models (such as Lyapunov stability theory) applicable to this event-triggered discrete communication system, thus providing feasibility for the theoretical analysis of step S400.

[0043] In an optional implementation, the determination of the sampling and update time of the control command in step S200 can also be achieved through an adaptive timing sampling method. That is, a timing sampling mechanism with an online adjustable sampling period is designed, whose basic sampling interval dynamically expands and contracts according to the current attack level of the system. In normal conditions, a longer period is used to save communication resources. When the attack detection module detects an increase in the attack level, the sampling period is shortened linearly or stepwise according to the severity of the attack, thereby increasing the update frequency of the control command. At the same time, this method can be combined with an event triggering mechanism to determine whether the event triggering condition is met at the timed arrival, forming a hybrid update strategy of timing check-condition triggering. This ensures the timeliness of control during an attack while avoiding redundant communication in steady state due to simple timing sampling.

[0044] In another optional implementation, the timing of sampling and updating control commands in step S200 can also be determined by a model-based prediction triggering method. That is, each area controller uses the locally stored system model to continuously predict the estimated value of the current state based on the previous sampling state; it calculates the deviation between the actual measured value (if communication is available) or sensor reading (if communication is interrupted but local measurement is available) and the predicted value, and compares the prediction deviation with a dynamic threshold; only when the prediction deviation exceeds the threshold is it determined that the system dynamics have not evolved as expected, thereby triggering the sampling and updating of control commands. This method can trigger updates in advance before the state deviates significantly, and is especially suitable for preventive control in the early stages of an attack or under time-varying link conditions.

[0045] In this embodiment of the application, step S300, based on the current attack level variable, coordinates the working mode of the event triggering mechanism and the control system, including the following steps C1-C3: It should be noted that the higher the attack level, the higher the update frequency of control commands, and the more it switches to an autonomous compensation mode based on historical state information when communication is interrupted.

[0046] C1: Monitor the duration of communication silence in each area and update the attack level represented by the second variable according to the preset time threshold.

[0047] It should be noted that this is achieved by setting at least two incremental time thresholds and comparing the communication silence duration with the time thresholds. Based on the comparison results, the attack level is divided into several discrete levels, including normal state, mild attack state, and severe attack state.

[0048] Specifically, let the duration of silence for region i since the most recent successful update be: (10) Select two time thresholds Based on this, a single attack level variable is defined. :when season Indicates the normal state; when season This indicates a mild attack or a suspicious state; when season This indicates a state of severe attack.

[0049] Preferably, this step not only enables online, automated, and quantitative identification and classification of DDoS attacks (especially their long-term silent characteristics), but also transforms ambiguous network anomalies into clear criteria for switching control policies.

[0050] C2: Dynamically adjust the dynamic threshold in the event triggering conditions based on the attack level.

[0051] Understandably, this step is to dynamically change the sensitivity of the event triggering mechanism based on the attack level assessed in step C1, thereby intelligently adjusting the update frequency of control commands during an attack to optimize the use of limited communication resources.

[0052] Specifically, dynamically adjusting the dynamic threshold in the event triggering conditions includes the following steps C21-C23: C21: Configure different threshold adjustment coefficients for different attack levels.

[0053] It should be noted that, in order to achieve linkage between attack detection results and event triggering mechanisms and local control behaviors, the attack level is adjusted accordingly. Scaling the threshold function yields the attack detection trigger threshold: (11) In the formula: This is the scaling factor corresponding to different attack levels.

[0054] C22: When the attack level increases, an adjustment coefficient is used to reduce the dynamic threshold or make the event triggering conditions easier to meet.

[0055] For example: taking under normal conditions To reduce update frequency, and take advantage of minor attacks. Take during heavy attack By tightening the triggering conditions and increasing update opportunities, critical control commands are sent preferentially when the link is restored.

[0056] C23: When the attack level decreases or returns to normal, an adjustment coefficient is used that increases the dynamic threshold or makes the event triggering conditions less likely to be met.

[0057] It is understandable that, by reversing the logic of the above example, when the attack level is reduced (e.g., from 2 to 1) or restored to 0, the adjustment coefficient used will make the threshold relatively larger, the triggering conditions relatively more lenient, and the update frequency return to normal or lower levels.

[0058] C3: When the attack level is indicated as a severe attack and the communication link is unavailable, the local compensation control policy is enabled, and the local frequency is adjusted based on the status information of the most recent successful sampling in the area.

[0059] It should be noted that when a severe attack is detected and the channel remains unavailable for an extended period of time ( and When the condition persists, the method enables the local compensation control mode in the i-th region.

[0060] Specifically, enabling the local compensation control strategy includes the following steps C31-C32: C31: In autonomous compensation mode, the controller stops attempting to receive or send data through the attacked communication link.

[0061] C32: Based on the system model parameters stored in this area and the state information of the most recently successfully sampled data, independently calculate the compensation control quantities used to stabilize the local frequency and tie-line power.

[0062] It should be noted that the control objective under the autonomous compensation mode is: during a complete interruption of external communication, to prioritize suppressing frequency deviations in the local area from exceeding the safety limit, while making the most of local information to mitigate power fluctuations in the tie lines between adjacent areas.

[0063] In other words, based on the state information from the most recently successfully sampled data and the available model parameters within the region, frequency deviation and tie-line power deviation are adjusted locally to form an emergency control channel that does not rely on external communication. Through the synergistic effect of attack detection, threshold adjustment, and local compensation, the frequency and tie-line power of the multi-region LFC system can still be maintained within a safe range even in the event of deteriorated communication quality or prolonged interruption of some links.

[0064] In summary, the following state-space description is constructed: (12) In an optional implementation, the working mode of the coordinated adjustment event triggering mechanism and the control system in step S300 can also be achieved through a threshold linkage method based on state prediction. That is, a lightweight state observer is constructed to predict the frequency and power deviation trends of each region in real time during the communication interruption; the predicted state change gradient is fused with the current attack level variable to jointly determine the adjustment range of the event triggering dynamic threshold; when the prediction shows that the system dynamics are about to deteriorate, even if the current attack level has not reached the highest level, the triggering threshold is actively tightened to enhance the control effect in advance, thereby forming a forward-looking coordinated adjustment mechanism that makes an adaptive response before the attack impact is fully manifested.

[0065] In another optional implementation, the collaborative adjustment of the event triggering mechanism and the working mode of the control system in step S300 can also be achieved through multi-mode switching and weight adaptive allocation. That is, multiple control and communication working modes are predefined, each mode corresponds to a set of event triggering parameters and controller gain; the level variable output by the attack detection module no longer directly adjusts a single threshold, but serves as the decision basis for mode switching, driving the system to smoothly transition between different preset modes; at the same time, a performance index evaluator is designed to calculate the control effect of the current mode online, and fine-tune the weight parameters of event triggering in this mode accordingly, so as to realize a two-layer collaborative adjustment that combines macro-mode switching driven by attack level with micro-parameter self-tuning.

[0066] In this embodiment of the application, step S400, based on Lyapunov stability theory, analyzes the closed-loop control system including event triggering conditions, attack levels, and local compensation strategies to derive controller gain and triggering parameters that ensure system stability and meet preset performance indicators, including the following steps D1-D4: D1: Construct a Lyapunov-Krasovskii functional that includes system state, time delay, and event-triggered error terms; D2: Based on functional derivation, derive sufficient conditions for the system to be stable and satisfy the predetermined disturbance suppression performance; D3: Transform the sufficient conditions into a linear matrix inequality problem that can be solved numerically; D4: By solving the linear matrix inequality problem, the gain matrix of the state feedback control law and the adjustable parameter matrix of the event triggering mechanism are obtained in one step.

[0067] Specifically, in a closed-loop system (12) considering the impact of DDoS attacks, given a scalar Given the proportional-integral controller gain K, if a symmetric positive definite matrix exists... With symmetric matrices If the linear matrix inequalities given later hold, then the system is guaranteed to have asymptotic stability under DDoS attacks and gain perturbations, and satisfies the following conditions: Performance indicators .

[0068] (13) And meet the following conditions (14) in: .

[0069] Proof: To ensure the asymptotic stability of the system under DDoS attack conditions, the following Lyapunov-Krasovskii functionals (LKFs) are constructed: (15) Its derivative is derived as follows: (16) Therefore, when the LMIs condition in formula (13) holds, the system is in the absence of external disturbances. In the case where its LKFs derivative satisfies This ensures that the system maintains asymptotic stability even under DDoS attack conditions. Furthermore, considering the disturbance signal... For the above inequality in the interval Integrating, we get: (17) Under initial conditions The system output can be deduced to satisfy the following: And in The system gradually stabilizes. Therefore, when the LMIs conditions are met, the system not only guarantees asymptotic stability under DDoS attack conditions but also achieves preset performance targets and possesses good disturbance suppression capabilities.

[0070] Furthermore, this method also includes: in a closed-loop system (12) considering the impact of DDoS attacks, given a scalar If there exists a symmetric positive definite matrix With symmetric matrices If the linear matrix inequalities given later hold, then the system is guaranteed to have asymptotic stability under DDoS attacks and gain perturbations, and satisfies the following conditions: Performance indicators Subsequently, a controller feedback gain matrix with attack resistance can be constructed from the feasible solution. .

[0071] (18) And meet the following conditions (19) Proof: By definition The original LMIs criterion in formula (13) can be equivalently transformed into formula (18), which helps to improve the controller gain matrix. The calculation of the system stability determination conditions and the implementation of the transformation not only reduce the numerical complexity of the controller design, but also provide an effective way to determine the stability of the system under DDoS attack environment and solve the controller gain matrix.

[0072] In an optional implementation, the controller gain and trigger parameters obtained in step S400 that ensure system stability and meet preset performance indicators can also be optimized online based on reinforcement learning. That is, an agent is constructed with system state, attack level and historical performance as inputs and controller gain fine-tuning amount and trigger parameter correction amount as outputs; a composite reward function is designed to simultaneously penalize frequency deviation, link power fluctuation, control command update frequency and attack duration; through algorithms such as deep deterministic policy gradient, the agent continuously learns in the interaction with the environment containing DDoS attack scenarios, thereby optimizing online a set of control and communication parameter combinations that can adaptively adjust with the attack situation, without relying on offline solving of complex matrix inequalities.

[0073] In another optional implementation, the controller gain and triggering parameters obtained in step S400 to ensure system stability and meet preset performance indicators can also be achieved through parameter tuning based on frequency domain shaping and online performance evaluation. That is, firstly, an initial controller structure that meets the nominal stability margin and disturbance suppression requirements is designed in the frequency domain; then, an online performance evaluator is constructed to calculate the actual frequency domain indicators (such as bandwidth and phase margin) and time domain performance (such as overshoot and settling time) of the system under the current attack level in real time; when the evaluation result deviates from the preset indicators, a gradient search or heuristic optimization process is initiated to perform small-range, targeted iterative adjustments to the controller gain and event triggering threshold until the closed-loop performance recovers to an acceptable range, thereby achieving online self-tuning of parameters under attack conditions.

[0074] To verify the effectiveness of the proposed non-vulnerable PI-event-triggered cooperative control method for DDoS attacks, a typical two-region interconnected power system was used as the research object. A load frequency control simulation model including communication links and attack channels was built on the MATLAB / Simulink platform. The system's inertial constant, governor and valve time constants, tie-line parameters, etc., were all set with reference to the standard power system model. The main parameters of the two regions are shown in Table 1 below: Table 1 Power System Parameter Values The simulation was conducted under attack probability conditions, and the controller parameters were obtained through LMI: The system's dynamic response under three operating conditions—no attack, only DDoS attack, and DDoS attack using the detection and local compensation method of this invention—is as follows: Figures 2-9 As shown in the figure. Simulation results show that within the attack range, frequency deviation and system state norm are amplified to varying degrees. However, after adopting the attack detection and local compensation mechanism, the peak deviation within the attack range is significantly reduced, and the recovery process after the attack ends is accelerated. The control input behavior remains bounded throughout the entire process, without significant overshoot or secondary oscillation. The event triggering mechanism adaptively adjusts the sampling and control update frequency under different operating conditions, reducing unnecessary communication load under normal operating conditions and timely encrypted triggering during attacks to enhance regulation capabilities. Overall, the simulation results verify that the proposed control framework can balance control performance and communication overhead in a network attack environment.

[0075] Figure 2Three comparative curves of the state norm |x(t)| over time in a multi-region system are presented. The gray shaded area represents the duration of a DDoS attack, during which the bandwidth of the measurement and control link is occupied by malicious traffic, and some sampled data and control commands cannot be transmitted normally. It can be seen that in the case of no attack baseline, the state norm monotonically decays and converges to a steady state relatively quickly; when only a DDoS attack exists without detection and compensation, the state norm in the shaded area shows a significant increase, and the recovery time is prolonged; in the case of attack detection and local compensation, although there is still some disturbance amplification within the attack interval, the peak value is significantly reduced, the decay process is accelerated, and the system returns to the equilibrium point more quickly after the attack ends. The comparison of the three curves shows that the method of this invention can effectively mitigate the impact of DDoS attacks on frequency regulation and overall state, and improve the system's recovery capability under attack.

[0076] Figure 3 This study demonstrates the variation of the event trigger sampling interval over time under a DDoS attack without attack detection and local compensation. It can be observed that after the attack begins, due to link congestion and data loss, the trigger interval exhibits irregular changes, with excessively long control update silence intervals appearing in some segments. This indicates that without an attack detection mechanism, event triggers struggle to respond promptly to potential risks, easily leading to control update delays and thus amplifying system state deviations.

[0077] Figure 4 This demonstrates the evolution of the event-triggered sampling interval under the same DDoS attack conditions, employing both attack detection and local compensation mechanisms. Figure 3 The comparison shows that within the attack's effective range, the trigger interval is significantly shortened overall, and triggering activity is more frequent. However, once the attack ends and the system gradually stabilizes, the trigger interval lengthens again, returning to a more sparse update pattern. This indicates that the attack detection module effectively tightens the trigger threshold and increases the trigger frequency during an attack by identifying prolonged link silence and abnormal states, while automatically reducing the trigger frequency after the system stabilizes. This achieves adaptive communication scheduling of "moderate encryption during the disturbance phase and automatic sparseness during the steady-state phase."

[0078] Figure 5 The graph shows the change in attack level output by the attack detection module over time. The attack level uses discrete values ​​(e.g., 0 for normal, 1 for mild attack, and 2 for severe attack), clearly corresponding to the attack range marked by gray shading. When a DDoS attack begins and causes a prolonged period of silence in the monitoring and control link, the attack level rapidly increases from 0 to 1 or 2, remaining at a high level during the attack. When the attack ends and communication is restored, the detection output gradually drops back to 0. This figure demonstrates that the detection and classification method based on communication silence characteristics can accurately reflect the start and end times and intensity changes of the attack, providing a basis for... Figure 4The dynamic adjustment of the event trigger threshold and the subsequent activation of local compensation control provide reliable criteria.

[0079] Figure 6 The dynamic response curves of various state variables in Region 1 over time are presented when a DDoS attack occurs but attack detection and local compensation are not implemented. The curves correspond to frequency deviation, unit mechanical power deviation, governor valve position deviation, ACE integral, and tie-line power deviation, respectively. The gray shaded area represents the attack period. Within the attack interval, it can be observed that: the frequency deviation exhibits a significant transient shift; the unit power and valve position show large oscillation amplitudes; the ACE integral continuously accumulates; and the peak value of the tie-line power deviation is also amplified. This indicates that when communication is interrupted and no protective measures are taken, Region 1's ability to suppress load disturbances and equivalent disturbances caused by attacks is weakened, and the system recovery process is relatively slow.

[0080] Figure 7 This shows the status response curves of Region 1 after implementing attack detection and local compensation mechanisms under the same DDoS attack conditions. Figure 6 The comparison shows that the peak value of the frequency deviation is significantly reduced within the attack range, the oscillation amplitude of mechanical power and valve position is effectively suppressed, the growth rate of ACE integral is slowed down, and the overshoot of the tie line power deviation is also reduced. After the attack ends, each state variable returns to the nominal operating point more quickly, the overall damping characteristics are improved, and no obvious secondary overshoot occurs. Figure 6 and Figure 7 The comparison shows that region 1 has a stronger ability to suppress and recover from attack disturbances under the method of the present invention.

[0081] Figure 8 The dynamic response of various state variables in Region 2 is presented when a DDoS attack occurs but attack detection and local compensation are not employed. It can be seen that Region 2 also exhibits phenomena such as amplified frequency deviation, increased unit power and valve position oscillations, continuous accumulation of ACE integral, and increased peak power deviation of tie lines within the attack interval. Furthermore, due to the coupling effect of tie lines between regions, the response characteristics of Region 2 show a certain degree of synchronicity with Region 1, but the recovery time and peak magnitude of individual states differ, reflecting the coupling effect of attacks on different regions in the interconnected system.

[0082] Figure 9 This demonstrates the status response of Region 2 after employing attack detection and local compensation mechanisms under the same attack conditions. Figure 8 In comparison, Region 2 showed a significant decrease in the peak values ​​of frequency deviation, mechanical power deviation, and tie-line power deviation within the attack range. Governor valve position changes became smoother, the accumulation of ACE integral was suppressed, and all state variables returned to steady state more quickly after the attack. Combined with... Figures 6-9It can be seen that the method of the present invention can not only improve the dynamic performance of a single area under DDoS attack, but also coordinate the recovery process of each area at the level of multi-area interconnected system, reduce the impact of attack on tie line power exchange and overall frequency stability, thereby improving the robustness and operational resilience of the entire multi-area power system in the network attack environment.

[0083] In summary, the beneficial effects of this invention's multi-regional power system load frequency security control method are as follows: By constructing a networked load frequency control model that considers DDoS attacks, and introducing link availability indicators and attack level variables based on communication silence duration, a deep integration of attack perception and security control is achieved; an event-triggered sampling mechanism is embedded in the state feedback structure, significantly reducing the communication load under normal operating conditions; a hierarchical protection system from normal to severe attacks is proposed, utilizing silence duration for attack classification detection and dynamically adjusting the trigger threshold, ensuring that frequency stability can still be maintained by switching to local autonomous mode when some links fail; and a unified stability analysis framework is established based on Lyapunov–Krasovskii functionals, providing a theoretical basis for the selection of control parameters.

[0084] Example 3 illustrates a schematic scheme for a multi-regional power system load frequency security control method. It should be noted that the technical solution of this multi-regional power system load frequency security control system is based on the same concept as the aforementioned multi-regional power system load frequency security control method. Details not described in detail in this example can be found in the description of the aforementioned multi-regional power system load frequency security control method.

[0085] This embodiment also provides a multi-regional power system load frequency security control system, including: A module is established to build a linearized model of load frequency control for a multi-regional power system. The model introduces a first variable characterizing the real-time availability of communication links in each region and a second variable classifying attack levels based on the duration of communication silence. The determination module is used to design state feedback control laws for each region based on the load frequency control linearization model, and introduces event triggering conditions based on system state error and dynamic threshold to determine the sampling and update time of control commands. The adjustment module is used to coordinate the operation mode of the event triggering mechanism and the control system based on the current attack level variable. The higher the attack level, the higher the update frequency of the control command, and when communication is interrupted, it switches to the autonomous compensation mode based on historical state information. The analysis module is used to analyze closed-loop control systems, including event triggering conditions, attack levels, and local compensation strategies, based on Lyapunov stability theory, and to derive controller gain and triggering parameters that ensure system stability and meet preset performance indicators.

[0086] This embodiment also provides an electronic device suitable for load frequency safety control in high-temperature multi-regional power systems, comprising: a memory and a processor; the memory is used to store computer-executable instructions, and the processor is used to execute the computer-executable instructions to implement the multi-regional power system load frequency safety control method proposed in the above embodiment.

[0087] This embodiment also provides a storage medium storing a computer program that, when executed by a processor, implements the method for implementing the load frequency security control of a multi-regional power system as proposed in the above embodiments.

[0088] The storage medium proposed in this embodiment belongs to the same inventive concept as the method for realizing the safe control of load frequency in a multi-regional power system proposed in the above embodiments. Technical details not described in detail in this embodiment can be found in the above embodiments, and this embodiment has the same beneficial effects as the above embodiments.

[0089] Based on the above description of the implementation methods, those skilled in the art can clearly understand that the present invention can be implemented using software and necessary general-purpose hardware, and of course, it can also be implemented using hardware. Based on this understanding, the technical solution of the present invention, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, such as a computer floppy disk, read-only memory (ROM), random access memory (RAM), flash memory, hard disk, or optical disk, etc., including several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute the methods of the various embodiments of the present invention.

[0090] It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all such modifications or substitutions should be covered within the scope of the claims of the present invention.

Claims

1. A method for load frequency security control in a multi-regional power system, characterized in that: include, A linearized model for load frequency control of a multi-regional power system is established, and a first variable characterizing the real-time availability of communication links in each region and a second variable classifying attack levels based on communication silence duration are introduced into the model. Based on the aforementioned load frequency control linearization model, state feedback control laws are designed for each region, and event triggering conditions based on system state error and dynamic threshold are introduced to determine the sampling and update times of control commands. Based on the attack level variable, the working mode of the event triggering mechanism and the control system are adjusted in a coordinated manner. The higher the attack level, the higher the update frequency of the control command, and the autonomous compensation mode based on historical state information is switched when communication is interrupted. Based on Lyapunov stability theory, the closed-loop control system including the event triggering conditions, attack level and local compensation strategy is analyzed to obtain the controller gain and triggering parameters that ensure system stability and meet preset performance indicators.

2. The multi-regional power system load frequency security control method as described in claim 1, characterized in that: The aforementioned working mode of coordinating the adjustment of the event triggering mechanism and the control system based on the current attack level variable includes: Monitor the duration of communication silence in each area and update the attack level represented by the second variable according to a preset time threshold; The dynamic threshold in the event triggering conditions is dynamically adjusted according to the attack level. When the attack level is indicated as a severe attack and the communication link is unavailable, a local compensation control strategy is activated, and local frequency adjustment is performed based on the status information of the most recent successful sampling in the area.

3. The multi-regional power system load frequency security control method as described in claim 2, characterized in that: The controller gain and triggering parameters that ensure system stability and meet preset performance indicators are obtained. include, Construct a Lyapunov-Krasovskii functional that includes system state, time delay, and event-triggered error terms; Based on the functional derivation system, sufficient conditions are met for the system to be stable and to satisfy the predetermined disturbance suppression performance; The sufficient condition is transformed into a linear matrix inequality problem that can be solved numerically. By solving the linear matrix inequality problem, the gain matrix of the state feedback control law and the adjustable parameter matrix of the event triggering mechanism can be obtained in one step.

4. The multi-regional power system load frequency security control method as described in claim 3, characterized in that: The attack level classification based on communication silence duration includes, Set at least two incremental time thresholds; Compare the communication silence duration with the time threshold; Based on the comparison results, the attack level is divided into several discrete levels, including normal state, mild attack state, and severe attack state.

5. The multi-regional power system load frequency security control method as described in claim 2, characterized in that: The dynamic threshold in the event triggering condition is dynamically adjusted. include, Configure different threshold adjustment coefficients for different attack levels; When the attack level increases, an adjustment coefficient is used to reduce the dynamic threshold or make the event triggering conditions easier to meet. When the attack level decreases or returns to normal, an adjustment coefficient is used that increases the dynamic threshold or makes the event triggering conditions less likely to be met.

6. The multi-regional power system load frequency security control method as described in claim 5, characterized in that: The activation of the local compensation control strategy includes, In the autonomous compensation mode, the controller stops attempting to receive or send data through the attacked communication link; Based on the system model parameters stored in this region and the state information of the most recently successfully sampled data, the compensation control quantity used to stabilize the local frequency and tie-line power is calculated independently.

7. The multi-regional power system load frequency security control method as described in claim 6, characterized in that: The control objective of the method under the autonomous compensation mode is: During a complete interruption of external communications, priority should be given to suppressing frequency deviations in this area from exceeding safety limits. At the same time, local information should be used as much as possible to mitigate power fluctuations in tie lines between adjacent areas.

8. A multi-regional power system load frequency security control system, employing the method described in any one of claims 1-7, characterized in that, include: A module is established to build a linearized model of load frequency control for a multi-regional power system. The model introduces a first variable characterizing the real-time availability of communication links in each region and a second variable classifying attack levels based on the duration of communication silence. The determination module is used to design state feedback control laws for each region based on the load frequency control linearization model, and to introduce event triggering conditions based on system state error and dynamic threshold to determine the sampling and update time of control commands. The adjustment module is used to coordinate the operation mode of the event triggering mechanism and the control system based on the current attack level variable. The higher the attack level, the higher the update frequency of the control command, and the more it switches to the autonomous compensation mode based on historical state information when communication is interrupted. The analysis module is used to analyze the closed-loop control system, which includes the event triggering conditions, attack level and local compensation strategy, based on Lyapunov stability theory, and to derive the controller gain and triggering parameters that ensure system stability and meet preset performance indicators.

9. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the method according to any one of claims 1 to 7.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the steps of the method according to any one of claims 1 to 7.