Power grid ids backdoor defense method and system based on automatic pruning and fine tuning optimization

Abstract

The application discloses a power grid IDS backdoor defense method and system based on automatic pruning and fine tuning optimization, which takes the number of neurons pruned from all network layers of a deep learning model of the power grid IDS except input layer and output layer, the optimizer type used for model fine tuning training, the data volume, the data batch size, the training round, and the learning rate as decision variables, designs an integer discrete coding mechanism to code the decision variables, minimizes the backdoor attack success rate of the smart grid IDS model after backdoor defense through pruning and fine tuning, and minimizes the deviation value of the intrusion detection accuracy of the IDS model before and after defense as two optimization objectives, completes the screening of Pareto optimal individuals through non-dominated sorting and crowded distance, and designs selection, crossover and mutation evolution operations for multi-objective iterative optimization, so that the pruning and fine tuning model guaranteeing the normal operation of the power grid IDS is automatically obtained, and the backdoor defense performance of the online deployment model of the power grid IDS is improved.

Description

Technical Field

[0001] This invention relates to the field of secure and reliable intrusion detection technology in the field of smart grid information security, specifically to a backdoor defense method and system for power grid IDS (Intrusion Detection System) based on automatic pruning and fine-tuning optimization. Background Technology

[0002] Modern power grids, highly integrated with advanced sensor measurement, communication, information, computer, and control technologies, effectively meet the needs of real-time state estimation, flow analysis and control, and two-way information exchange. They possess perceptive, predictive, and flexible control capabilities, effectively accommodating large-scale renewable energy sources and exhibiting highly informatized, automated, and interactive characteristics. With the rapid development of artificial intelligence technologies such as deep learning, empowering power systems through digitalization to achieve the informatization, digitalization, and intelligence of power grids has become an inevitable trend in the development of future power systems. However, while emerging technologies bring efficiency gains to modern power grids, they also bring increasingly severe security risks, making them more vulnerable to organized malicious cyberattacks compared to traditional power grids. Therefore, many researchers have focused on the field of malicious traffic intrusion detection in power grids, especially data-driven deep learning (DL), which has been widely applied in power grid intrusion detection in recent years. However, current research on intrusion detection mainly focuses on performance optimization in specific application scenarios, with little awareness of the serious problem of attackers implanting backdoors into power grid intrusion detection systems by attacking the data used to train DL models.

[0003] Backdoor attacks are an extremely stealthy attack strategy. Attackers compromise the training dataset, attaching attacker-defined triggers to some training samples and relabeling the original samples with attacker-specified target labels. The model then learns from the compromised training dataset, effectively implanting a backdoor into the intrusion detection model. A power grid intrusion detection model implanted with a malicious backdoor can maintain good detection accuracy when performing normal intrusion detection tasks. However, once an attacker adds specific triggers to the data collected by the Supervisory Control and Data Acquisition (SCADA) system, the backdoor in the intrusion detection model is triggered, causing the model to classify the data with the attacker-specified target labels. This leads to serious security risks such as intrusion detection failure and power grid system collapse.

[0004] Currently, academia and engineering primarily develop backdoor defense technologies through manual design. However, these technologies suffer from several drawbacks: they heavily rely on the designer's experience, often requiring extensive trial and error, resulting in low design efficiency; they lack adaptability to different power grid intrusion detection scenarios under various backdoor attacks; and some backdoor defense strategies are reactive, requiring further improvement in performance. For power grid intrusion detection models already implanted with backdoors by malicious attackers, research is lacking on multi-target backdoor defense technologies that can reduce the threat posed by these backdoors while maintaining the model's normal intrusion detection accuracy. Therefore, a multi-target backdoor defense method for smart grid IDS that balances backdoor defense capabilities and intrusion detection performance urgently needs to be developed. Summary of the Invention

[0005] The purpose of this invention is to address the shortcomings of existing technologies by providing a method and system for backdoor defense of power grid IDS based on automatic pruning and fine-tuning optimization.

[0006] The objective of this invention is achieved through the following technical solution: The first aspect of this invention provides a backdoor defense method for power grid IDS based on automatic pruning and fine-tuning optimization, comprising the following steps: S1: Construct a training dataset based on historical datasets collected by the smart grid monitoring and data acquisition system. D trn With the test dataset D ten For the training dataset D trn With the test dataset D ten Perform backdoor attacks separately to obtain a backdoor attack training dataset. D tr_bd Backdoor attack test dataset D te_bd ; S2: Training dataset based on backdoor attacks D tr_bd Clean deep learning model (CM) deployed in smart grid IDS IDS Train the backdoor attack to obtain the backdoor intrusion detection model BM. IDS and based on the test dataset D ten Backdoor attack test dataset D te_bd Evaluate the intrusion detection performance metrics and backdoor attack success rate of the model; S3: Set multiple first parameters to construct the optimization objective function of the automatic backdoor defense method for power grid IDS, and encode the backdoor defense schemes to be evaluated using integer discrete encoding based on the first parameters to construct a population. Pgen and the population P gen Perform initialization; S4: Based on the training dataset D trn BM backdoor intrusion detection model IDS Implement population P gen Backdoor defense scheme based on individual representations, using test dataset D ten Backdoor attack test dataset D te_bd Evaluation of Backdoor Defense Model (BDM) after implementing individual corresponding defense schemes IDS The objective function is optimized, and individuals are ranked non-dominated and their crowding distance is calculated. S5: Record the number of iterations gen The offspring population is generated by selecting, crossovering, and mutating individuals within the population. Q gen , the parent population P gen With offspring population Q gen Merge into a new population P ngen ; S6: Calculate the new population P ngen The objective function for optimizing all individuals is used to perform non-dominated ranking and crowding distance calculations on the individuals, and to select the top... NP A superior individual generates a new parent population. P gen ; S7: Determine the number of iterations gen Does it meet the requirements? gen ≥ Gen If not, set gen = gen +1, for the new parent population P gen Repeat steps S4 to S6; if so, the population... P Gen All non-dominated individuals are used as the Pareto optimal solution set PF, and the Pareto optimal individuals are selected from PF. p PO ; S8: Backdoor Intrusion Detection Model BM IDS Implementation p PO The Pareto optimal backdoor defense scheme is represented, and the optimal backdoor defense model BDM is obtained. IDS,PO BDM IDS,POOnline deployment in the power grid intrusion detection system enables real-time intrusion detection of data collected in real time by the smart grid monitoring and data acquisition system, and the evaluation model BDM is used. IDS,PO Accuracy, recall, precision F 1. Score and backdoor attack success rate.

[0007] Furthermore, step S1 specifically includes the following sub-steps: S11: Divide the historical data collected by the smart grid monitoring and data acquisition system into a training dataset according to the proportion λ for backdoor defense methods based on automatic pruning and fine-tuning optimization. D tr With the test dataset D te ,in Represents the training dataset D tr Percentage, and according to the training dataset D tr Data distribution for training dataset D tr With the test dataset D te The deviation standardization process is performed, and the calculation process of deviation standardization is shown in formula (1): (1) In the formula, This indicates that the deviation standardization process is applied to the first element in the dataset. i The first sample j 1 eigenvalue, This indicates the first element in the dataset after deviation standardization. i The first sample j 1 eigenvalue, and They represent the training datasets respectively. D tr The Middle j The maximum and minimum values ​​of each feature. j =1,2,…, TF ,in TF This represents the total number of features in the dataset; for the training dataset D tr Sample Index i tr The range of values ​​for is: i tr =1,2,…, TS tr ,in TS tr Represents the training dataset D tr Total number of samples included; for the test datasetD te Sample Index i te The range of values ​​for is: i te =1,2,…, TS te ,in TS te Represents the test dataset D te Total number of samples included; training dataset D tr and test dataset D te The number of intrusion detection categories is labeled as Cat The training dataset after deviation standardization D tr With the test dataset D te Marked as D trn and D ten ; S12: Extract the training dataset D trn The middle belongs to the attack category set A att All samples, and randomly select a preset proportion from them. p b1 Samples were used to construct the attacked training dataset. D att_trn ,in A att For a containing N att A set of attack categories; extract the test dataset. D ten China belongs to A att All samples of the attack category, and randomly select a preset proportion from them. p b2 Samples were used to construct an attack test dataset. D att_ten ; S13: Select the attacked training dataset D att_trn any sample in S att_trn,tx , tx This represents the index of a sample in the attacked training dataset. tx =1, 2, ..., TSt att_trn , TSt att_trnIndicates the attacked training dataset D att_trn The total number of samples included, and then the backdoor attack strategy shown in formula (2) is used to target the samples. S att_trn,tx Implant a backdoor trigger and, according to formula (3), insert the sample. S att_trn,tx The original tag L att_trn,tx Modify to the attack target label specified by the attacker. L target To generate backdoor attack samples S att_trn_bd,tx After completing the above operations, the attacked training dataset will be... D att_trn Central Plains Sample S att_trn,tx Replace with backdoor attack sample S att_trn_bd,tx ; (2) (3) In the formula, S t Represents the first [sample] used to generate the backdoor sample. t One original sample, S bd,t Indicates the use of the original sample S t The generated backdoor sample, L bd,t Indicates the generated first t Classification labels for backdoor samples L target This indicates the attack target label specified by the attacker. This indicates a dot product operation. mask and trigger These represent the mask and backdoor attack trigger modes, respectively, and their expressions are shown in formula (4) and formula (5): (4) (5) In the formula, Indicates the first i t The value of the backdoor attack trigger corresponding to each feature; S14: Repeat the backdoor attack sample generation process described in step S13 until the attacked training dataset is obtained. D att_trn The total number is TSt att_trnAll samples are used to generate corresponding backdoor attack samples and replace them with the original samples. The attacked training dataset that has been replaced by the above backdoor attack samples is then labeled as... D att_trn_bd ,Will D att_trn_bd With training dataset D trn Merge the datasets and label the merged datasets as backdoor attack training datasets. D tr_bd ; S15: From the attacked test dataset D att_ten Select any one sample S att_ten,ty , ty =1, 2, ..., TS att_ten , TS att_ten This indicates the attacked test dataset. D att_ten The total number of samples included, and then the backdoor attack strategy shown in formula (2) is used to target the samples. S att_ten,ty Implant a backdoor trigger and, according to formula (3), insert the sample. S att_ten,ty The original tag L att_ten,ty Modify to the attack target label specified by the attacker. L target To generate backdoor attack samples S att_trn_bd,ty and the attacked test dataset D att_ten The original sample S att_ten,ty Replace with backdoor attack sample S att_ten_bd,ty ; S16: Repeat the backdoor test sample generation process described in step S15 until the attacked test dataset is obtained. D att_ten The total number is TS att_ten All samples generate corresponding backdoor test samples and replace them with the original samples. The attacked test dataset after the backdoor attack samples are replaced is then marked as the backdoor attack test dataset. D te_bd .

[0008] Further, step S2 specifically includes: Training dataset based on backdoor attacks D tr_bdClean deep learning model (CM) deployed in smart grid IDS IDS Training is performed using backdoor attacks, and the trained model is labeled as the backdoor intrusion detection model BM. IDS The backdoor defense model implementing the backdoor defense scheme is labeled as BDM. IDS Among them, the deep learning clean model CM deployed in the smart grid IDS IDS From input to output, it includes: a multi-class smart grid data input layer, En The system comprises a sub-encoder, a flattened output layer, and an intrusion detection output layer; a multi-class smart grid data input layer receives data collected from the smart grid monitoring and data acquisition system, with input data feature dimensions of [missing information]. D input Each sub-encoder contains, in sequence, the following components: Mn A multi-head attention mechanism, first residual connection and layer normalization module Fn A feedforward neural network and a second residual connection and layer normalization module; the multi-head attention mechanism internally includes: El The number of neurons is El c Parallel linear layers, An There are 1 parallel attention head, each attention head is connected to 1 neuron for An c The corresponding output layer will output the data. Cn The feature concatenation layer; the first residual connection and layer normalization module in the sub-encoder accept the output of the last multi-head attention mechanism and the original input of the sub-encoder; the feedforward neural network contains, in sequence, a number of neurons. Fc The first linear layer, the linear rectified activation function layer, and the number of neurons in layer 1 are: Fc The second linear layer of layer 2; the second residual connection and layer normalization module receives the output of the last feedforward neural network inside the sub-encoder and the output of the first residual connection and layer normalization module. The smoothing terms in the two residual connection and layer normalization layers in the sub-encoder are set to... eps The flattened output layer is located at En Following the sub-encoder, the internal layers sequentially contain a hyperbolic tangent activation function layer, a flattening layer, and a neuron count of [number missing]. Fla c The linear layer, the intrusion detection output layer is the final classification output layer; the backdoor attack training rounds are... Bepo The optimizer used and the corresponding learning rate are respectively Bopt and Blr ; Evaluate the power intrusion detection model for a clean test set D ten The intrusion detection performance metrics tested included the power intrusion detection model CM. IDSBM IDS and BDM IDS Intrusion detection performance metrics include accuracy, recall, precision, and... F 1. The corresponding calculation process is shown in formulas (6) to (9); the power intrusion detection model is evaluated on the backdoor attack test dataset. D te_bd The backdoor defense performance index is the backdoor attack success rate, and its calculation process is shown in formula (10): (6) (7) (8) (9) (10) In the formula, Accuracy Indicates accuracy rate. Recall Indicates recall rate, Precision Indicates accuracy. F1_Score express F 1 point, BASR represents the success rate of a backdoor attack. TP ic This indicates that the power intrusion detection model correctly predicted it as the first... ic The number of samples in each class TN ic This represents the number of classes correctly predicted as other by the power intrusion detection model. FP ic This indicates that the power intrusion detection model incorrectly predicted it as the first... ic The number of samples in each class FN ic This represents the number of samples that were incorrectly predicted as other classes by the power intrusion detection model.

[0009] Furthermore, the first parameter includes population size. NP Maximum number of iterations Gen Cross factor Cr Variable factors F ; The optimization objective function of the automatic backdoor defense method of the power grid IDS is shown in Equation (11): (11) In the formula, p This represents the coded individual of a power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization. obj 1( p () represents the first optimization objective function. This represents the backdoor intrusion detection model BM.IDS In implementing individual p The backdoor defense model BDM, which represents the backdoor defense scheme, is a backdoor defense model. IDS Test dataset for backdoor attacks D te_bd The success rate of the backdoor attack obtained from the evaluation is calculated using the formula shown in formula (11). obj 2( p ) represents the second optimization objective function, Acc before The model CM represents the state before implementing backdoor defense. IDS For the test dataset D ten The accuracy obtained from the evaluation, Acc after Indicates BM IDS In implementing individual p The backdoor defense model BDM, which represents the backdoor defense scheme, is a backdoor defense model. IDS For the test dataset D ten The accuracy rate obtained from the assessment is calculated using the formula shown in formula (6).

[0010] Furthermore, based on the first parameter, the backdoor defense scheme to be evaluated is encoded using integer discrete encoding to construct a population. P gen and the population P gen Initialization is performed, specifically including: population P gen Include NP Individual, that is , i d Indicates population P gen The serial number of the individual. gen Indicates the current iteration number. gen =0, 1, ..., Gen , Indicates the first gen Population at the next iteration P gen The Middle i d Individual, , Indicates the first gen In the next iteration, the individual The corresponding model BM IDS The Middle i l The number of neurons pruned in a layer of a prunable network. i l Indicates the sequence number of the prunable network layer. il =1,2,…, nl , nl Representation model BM IDS The total number of prunable network layers in the model BM, where the prunable network layers are the model BM. IDS Remove all network layers except the input and output layers, and then use BM. IDS The model after pruning is labeled as the Pruned Intrusion Detection Model BPM. IDS , Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning optimizes the amount of data. Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning training epochs, Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning optimizer learning rate Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning data batch size Indicates the first gen In the next iteration, the individual Corresponding BPM IDS The model fine-tuning optimizer type is defined by the total length of the encoding contained in each individual, denoted as [label]. D , D = nl +5; when gen When =0, , P 0 represents the initial population for offline iterative optimization of automatic backdoor defense. Indicates the initial population P 0th i d Individual, , Represents an individual The corresponding model BM IDS The Middle i l The number of neurons pruned in a layer of a prunable network. Represents an individual Corresponding BPM IDS Model fine-tuning optimizes the amount of data. Represents an individual The corresponding number of training epochs for fine-tuning the pruned model. Represents an individual Corresponding BPM IDS Model fine-tuning optimizer learning rate Represents an individual Corresponding BPM IDS Model fine-tuning data batch size Represents an individual Corresponding BPM IDS Model fine-tuning optimizer type; initial population P any individual in 0 The initialization process is as follows: , For model BM IDS The Middle i l The total number of neurons in a layer of a pruning network; Randint represents a random integer generation function. Indicates in [0, A random integer value is generated within the range of ]; It will be taken from the training dataset D trn The proportion of data selected is The data is labeled as fine-tuning data. , Per min and Per max These represent the preset lower and upper limits of the data adjustment ratio, respectively; , Epo min and Epo max They represent BPM respectively IDS The model is designed for fine-tuning data. The preset lower and upper limits for the number of fine-tuning training rounds; , Lr max BPM IDS The model is designed for fine-tuning data. The maximum integer value of the fine-tuning learning rate parameter for fine-tuning is used as the index of the integer encoding of the fine-tuning learning rate parameter. i lr , i lr =1, 2, ..., Lr max ,Will i lr The numerical value of the learning rate parameter corresponding to the encoding is denoted as ,Will The numerical value of the learning rate parameter corresponding to the encoding is denoted as ; , Bs maxThis indicates the BPM of the model after pruning. IDS For fine-tuning data The maximum value of the integer encoding of the fine-tuning data batch size parameter is used for fine-tuning. The sequence number of the integer encoding of the fine-tuning data batch size parameter is marked as... i bs , i bs =1, 2, ..., Bs max ,Will i bs The batch size parameter for the fine-tuning data corresponding to the encoding is marked as follows: ,Will The numerical value of the fine-tuning data batch size parameter corresponding to the encoding is marked as follows: ; , Opt max BPM IDS The model is designed for fine-tuning data. The maximum value of the integer encoding of the fine-tuning optimizer type parameter is used for fine-tuning. The ordinal number of the integer encoding of the fine-tuning optimizer type parameter is marked as... i opt , i opt =1, 2, ..., Opt max ,Will i opt The type of fine-tuning optimizer corresponding to the encoding is marked as ,Will The type of fine-tuning optimizer corresponding to the encoding is marked as .

[0011] Furthermore, step S4 specifically includes the following sub-steps: S41: Transfer the training dataset D trn All samples are input into the backdoor intrusion detection model BM IDS Perform model inference, obtain the average absolute activation value of all neurons in all prunable network layers, and then apply this to the model BM. IDS The Middle i l Layered Pruned Network c The activation values ​​and mean absolute activation values ​​of each neuron are labeled as follows: and , i l =1,2,…, nl , c =1,2,…, , The calculation process is shown in formula (12): (12) In the formula, Representation model BM IDS The Middle i l Layered Pruned Network c The neuron in the first i tr Activation values ​​on the sample; S42: For model BM IDS All pruning network layers perform the following operation: [The text abruptly ends here, likely due to an incomplete sentence or a formatting error.] i l In a layered pruning network, all neurons in the layer are pruned according to their mean absolute activation value. Sort the neurons in ascending order to obtain the sorted neuron index sequence. ,in Indicates the first i l Rank of average absolute activation values ​​in layered pruning networks i n The original index of the neurons in the 100-bit region will The corresponding average absolute activation value is labeled as ;if i n The value does not exceed the individual The first character represented i l Number of pruned neurons in a layered pruning network Then The corresponding neurons undergo pruning operations, thereby placing those ranked higher. The neurons are pruned, that is, from the first... i l In a layered pruning network, the top-ranked nodes are removed. The neurons, retaining other neurons, and BM IDS The pruned model is labeled as the pruned intrusion detection model. ; S43: Based on the individual In From the training dataset D trn The proportion of data selected is The data is labeled as fine-tuning data. According to the individual middle , , and The corresponding fine-tuning training round values ​​were obtained respectively. Fine-tuning the learning rate value Fine-tuning data batch size and fine-tuning optimizer type ,against For the model According to the fine-tuning parameter values , , and Training is conducted to achieve BPM. IDS The model fine-tuning operation marks the model after fine-tuning training as a backdoor defense model. ; S44: Based on the two optimization objective functions in step S3, respectively, the individual... The corresponding first and second optimization objective functions are labeled as follows: and The specific implementation process is as follows: Model Test dataset for backdoor attacks D te_bd The test was conducted, and the results were evaluated according to the calculation process shown in formulas (10) and (11). ;Model For the test dataset D ten The test was conducted, and the results were evaluated according to the calculation process shown in formulas (6) and (11). ; S45: Assess the population P gen Each individual The dominance relationship is determined, and a non-dominated ranking is performed on all individuals. The specific implementation process includes: ranking the first... gen In the next iteration of optimization, any individual that is different from the individual Individual markers are , i k The serial number representing different individuals, grouping individuals The two corresponding optimization objective functions are labeled as follows: and ,if and Then the individual Dominant Individual will be individual The set of individuals under control is labeled as , will dominate the individual The number of individuals is marked as Set the current leading edge index rto =1, and the population that satisfies... DN All individuals with a value of 0 were assigned to the first... rto The Pareto front, denoted as Ft rto Traversing the current Pareto frontier Ftrto For each individual in the index, for each individual it dominates, decrement the count of its dominant individuals by one, and move the frontier index accordingly. rto Increment by 1, that is, let rto = rto +1, adding 1 to the population currently satisfying... DN All unassigned individuals with a value of 0 are assigned to the first... rto Pareto Front Ft rto Repeat the above steps until the population... P gen All individuals are assigned to a Pareto frontier; S46: Calculate the population P gen All individuals The congestion distance specifically includes: for the first rto For any individual in a Pareto front, according to the... o The optimization objective function value obj o Sort by size from smallest to largest. o =1,2, setting the current Pareto frontier individual at the th... o The maximum and minimum fitness values ​​on the optimization objective function are respectively and , will have and The crowding distance between the two boundary individuals is set to a preset infinite value. For each individual in the current Pareto front other than the two boundary individuals, the corresponding crowding distance is calculated according to formula (13). The current step is repeated until the population... P gen The crowding distance for all individuals has been calculated: (13) In the formula, This represents the first individual in the Pareto front, excluding the two boundary individuals. w The crowding distance of each individual and These represent the first Pareto front. w +1 and the first w -1 individual in the first o The numerical values ​​on the objective function to optimize.

[0012] Furthermore, step S5 specifically includes the following sub-steps: S51: From the population P genTwo pairs of individuals are randomly selected, and a binary tournament selection operation is performed on each pair. The specific implementation of the binary tournament selection operation is as follows: if the two individuals are on the same Pareto front, the individual with the greater crowding distance is selected as the winner; if they are on different Pareto fronts, the individual with the higher ranking on the Pareto front is selected as the winner; the two winners selected after the binary tournament selection operation are marked as the first parent individual. s 1 and 2 parent individuals s 2; S52: For two parent individuals s 1 and s 2. Perform the crossover operation, where the crossover operation is a single-point crossover operator, specifically including: S52.1: Generate a random number in the range (0, 1). r c ,like r c ≤ Cross factor Cr Then in the interval [1, ... nl A random integer is generated within the range [+5-1]. cp As the intersection point, among which nl +5 represents the individual code length; S52.2: Transfer the parent individual s 1 is located at the intersection cp Subsequent encoded fragments and parent individuals s 2 is located at the intersection cp The subsequent exchange of gene segments results in two offspring individuals. q 1 and q 2. The specific implementation process is shown in formulas (14) and (15) respectively: (14) (15) In the formula, s 1(1: cp )and s 2(1: cp ) represent the parent individuals respectively s 1 and s The first to the second of 2 cp Bit encoding, s 1( cp +1: nl +5) and s 2( cp +1: nl +5) represent the parent individuals respectively. s 1 and s 2nd cp +1 to the nl+5-bit encoding; S53: For offspring individuals q 1 and q The second one d Each code performs a mutation operation. d =1, 2, ..., nl +5, will q 1 and q 2. The mutated individuals after the mutation operation are respectively labeled as and The specific implementation process is shown in formulas (16) and (17): (16) (17) In the formula, and They are mutated individuals. and The d Bit encoding, Regenerate( q d () indicates targeting an individual q No. d The mutation generation function of the bit encoding is calculated as shown in formula (18). and They represent the functions used for judgment. q 1 and q The second one d A random number generated in the range [0,1] indicates whether a mutation operation has been performed on the encoded individual. This will determine the mutated individual after the mutation operation has been completed. and Add to offspring population Q gen middle: (18) In the formula, Representation model BM IDS The Middle d The number of neurons pruned in a layered pruning network; S54: Repeat steps S51 to S53 until the offspring population is reached. Q gen The number of individuals included reaches the preset population size. NP , the parent population P gen With offspring population Q gen Merge into a new population P ngen And record the current iteration number. gen .

[0013] Furthermore, step S6 specifically includes the following sub-steps: S61: Parental population P gen With offspring population Q gen Merge to form a new population P ngen ,in P ngen = P gen ∪ Q gen The total number of individuals in the new population is 2. NP And calculate the new population. P ngen The objective function for optimizing all individuals in the process; S62: For new populations P ngen Perform the non-dominated sorting operation described in step S4 on all individuals to obtain the hierarchical Pareto front set { }, i p =1, 2, ..., Fn , Indicates the first i p Pareto front, Fn Let be the total number of Pareto front layers obtained from non-dominated sorting, and for any i p1 < i p2 , No. i p1 The non-dominated rank of individuals in the frontier of the layer is higher than that of the first layer. i p2 Individuals in the frontier of the layer, the first i p Pareto Front The number of individuals in ; S63: For new populations P ngen All individuals in the process perform the crowding distance calculation described in step S4, and those located in the... i p Pareto Frontier i w The crowding distance of each individual is marked as , i w =1, 2, ..., ; S64: From the hierarchical Pareto front set { Individuals are selected sequentially to construct a new parent population. Pgen,new .

[0014] Furthermore, step S64 specifically includes the following sub-steps: S64.1: Initialize the selected individual n sel =0, initialize the current leading index. pr =1, initialize a new parent population. P gen,new = ; S64.2: Determine the current frontier Number of individuals and remaining candidate slots NP - n sel Relationship: If ≤ NP - n sel Then the frontier All individuals join P gen,new ,renew n sel = n sel + ,make i p = i p +1, return to step S64.2; if > NP - n sel Then proceed to step S64.3; S64.3: On the frontier All individuals, according to crowding level distance Sort in descending order and select the group with the largest crowding distance. NP - n sel Individuals join P gen,new ; S64.4: Order P gen = P gen,new Complete the training of the new generation of parent populations P gen Update.

[0015] A second aspect of this invention provides a power grid IDS backdoor defense system based on automatic pruning and fine-tuning optimization, which incorporates the aforementioned power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization. The system includes: The data preprocessing module is used to construct a training dataset based on historical datasets collected by the smart grid SCADA system. D trn With the test dataset D ten ; The backdoor attack sample generation module is used to generate samples from the training dataset. D trn With the test dataset D ten Perform backdoor attacks separately to obtain a backdoor attack training dataset. D tr_bd Backdoor attack test dataset D te_bd ; The backdoor attack training and evaluation module is used to train and evaluate backdoor attack datasets. D tr_bd Clean deep learning model (CM) deployed in smart grid IDS IDS Train the backdoor attack to obtain the backdoor intrusion detection model BM. IDS and based on the test dataset D ten Backdoor attack test dataset D te_bd Evaluate the intrusion detection performance metrics and backdoor attack success rate of the model; The population initialization module is used to set multiple first parameters, construct the optimization objective function of the automatic backdoor defense method for power grid IDS, and encode the backdoor defense scheme to be evaluated using integer discrete encoding based on the first parameters to construct the population. P gen and the population P gen Perform initialization; Population evaluation module, used for evaluating populations based on the training dataset. D trn BM backdoor intrusion detection model IDS Implement population P gen Backdoor defense scheme based on individual representations, using test dataset D ten Backdoor attack test dataset D te_bd Evaluation of Backdoor Defense Model (BDM) after implementing individual corresponding defense schemes IDS The objective function is optimized, and individuals are ranked non-dominated and their crowding distance is calculated. The offspring population generation module is used to record the number of iterations. gen The offspring population is generated by selecting, crossovering, and mutating individuals within the population. Qgen , the parent population P gen With offspring population Q gen Merge into a new population P ngen ; The parent population update module is used to calculate the new population. P ngen The objective function for optimizing all individuals is used to perform non-dominated ranking and crowding distance calculations on the individuals, and to select the top... NP A superior individual generates a new parent population. P gen ; The Pareto optimal individual selection module is used to determine the number of iterations. gen Does it meet the requirements? gen ≥ Gen If not, set gen = gen +1, for the new parent population P gen Repeat steps S4 to S6; if so, the population... P Gen All non-dominated individuals are used as the Pareto optimal solution set PF, and the Pareto optimal individuals are selected from PF. p PO The backdoor defense scheme represented by this individual encoding is taken as the optimal power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization. The backdoor defense implementation module is used to implement the backdoor intrusion detection model BM. IDS Implementation p PO The Pareto optimal backdoor defense scheme is represented, and the optimal backdoor defense model BDM is obtained. IDS,PO BDM IDS,PO It is deployed online into the power grid intrusion detection system to perform real-time intrusion detection on data collected in real time by the smart grid monitoring and data acquisition system.

[0016] Compared with the prior art, the beneficial effects of the present invention are: (1) This invention proposes an automatic backdoor defense method for power grid IDS that integrates model pruning and fine-tuning. That is, in the design stage of power grid IDS, normal data is used to obtain the suspiciousness score of neurons in the model, and multi-objective optimization technology is used to automatically optimize the model pruning and fine-tuning defense scheme offline. Compared with the existing defense technology that heavily relies on expert experience, the multi-objective automatic backdoor defense technology proposed in this invention can quickly adapt to different intrusion detection scenarios of the power grid and improve the intelligent design level of the power grid security and trustworthy IDS. By removing suspicious neurons in the model, the threat of backdoors in the model is reduced. After model pruning is completed, some normal data is extracted to fine-tune the smart grid IDS model to restore some intrusion detection accuracy.

[0017] (2) The optimal backdoor defense model obtained by the present invention through multi-objective automatic offline optimization is deployed online in the power grid IDS; the optimized pruning strategy will remove suspicious neurons in the model, thereby reducing the threat of backdoors in the model; and further extract some normal data, and fine-tune the pruned IDS model according to the optimized model fine-tuning parameters, so as to restore the intrusion detection accuracy of the model as much as possible; compared with the prior art, the present invention greatly reduces the success rate of backdoor attacks while ensuring high performance of normal intrusion detection, and achieves the removal of backdoors in the model to a greater extent. Attached Figure Description

[0018] Figure 1 This is a flowchart of the power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization of the present invention; Figure 2 This invention relates to a deep learning clean model CM deployed in a smart grid IDS. IDS Architecture diagram; Figure 3 This invention relates to the original deep learning clean model CM deployed in smart grid IDS. IDS and backdoor intrusion detection model BM IDS A comparison chart of intrusion detection performance metrics and backdoor attack success rates; Figure 4 This is an example diagram of the individual encoding and decoding of a typical power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization generated in step S4 of the present invention into a specific backdoor defense scheme; Figure 5 This is an example diagram of the binary tournament selection, crossover, and mutation operations of an individual power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization in step S6 of the present invention. Figure 6 This is the Pareto front diagram of two objectives obtained through iterative optimization search in this invention; Figure 7This is the optimal backdoor defense model BDM after implementing the Pareto optimal power grid IDS backdoor defense scheme in this invention. IDS,PO Architecture diagram; Figure 8 The backdoor intrusion detection model BM in this invention IDS And the optimal backdoor defense model BDM IDS,PO A comparison chart of intrusion detection performance metrics and backdoor attack success rates; Figure 9 The backdoor intrusion detection model BM of this invention IDS Compared with the optimal power grid IDS backdoor defense scheme implemented by the present invention, the backdoor defense model BDM is compared with the existing backdoor defense technology and the technology of the present invention. IDS A comparison chart of backdoor attack success rates; Figure 10 This is a schematic diagram of a power grid IDS backdoor defense system based on automatic pruning and fine-tuning optimization according to the present invention. Detailed Implementation

[0019] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0020] See Figure 1 The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization of the present invention specifically includes the following steps: S1: Construct a training dataset based on historical datasets collected by the Supervisory Control and Data Acquisition (SCADA) system. D trn With the test dataset D ten For the training dataset D trn With the test dataset D ten Perform backdoor attacks separately to obtain a backdoor attack training dataset. D tr_bd Backdoor attack test dataset D te_bd Specifically, it includes the following sub-steps: S11: Divide the historical data collected by the smart grid SCADA system into training datasets based on the proportion λ for backdoor defense methods optimized by automatic pruning and fine-tuning. D trWith the test dataset D te ,in Represents the training dataset D tr Percentage, and according to the training dataset D tr Data distribution for training dataset D tr With the test dataset D te The deviation standardization process is performed, and the calculation process of deviation standardization is shown in formula (1): (1) In the formula, This indicates that the deviation standardization process is applied to the first element in the dataset. i The first sample j 1 eigenvalue, This indicates the first element in the dataset after deviation standardization. i The first sample j 1 eigenvalue, and They represent the training datasets respectively. D tr The Middle j The maximum and minimum values ​​of each feature. j =1,2,…, TF ,in TF This represents the total number of features in the dataset; for the training dataset D tr Sample Index i tr The range of values ​​for is: i tr =1,2,…, TS tr ,in TS tr Represents the training dataset D tr Total number of samples included; for the test dataset D te Sample Index i te The range of values ​​for is: i te =1,2,…, TS te ,in TS te Represents the test dataset D te Total number of samples included; training dataset D tr and test dataset Dte The number of intrusion detection categories is labeled as Cat The training dataset after deviation standardization D tr With the test dataset D te Marked as D trn and D ten .

[0021] S12: Extract the training dataset D trn The middle belongs to the attack category set A att All samples, and randomly select a preset proportion from them. p b1 Samples were used to construct the attacked training dataset. D att_trn ,in A att For a containing N att A set of attack categories; extract the test dataset. D ten China belongs to A att All samples of the attack category, and randomly select a preset proportion from them. p b2 Samples were used to construct an attack test dataset. D att_ten .

[0022] S13: Select the attacked training dataset D att_trn any sample S att_trn,tx , tx This represents the index of a sample in the attacked training dataset. tx =1, 2, ..., TSt att_trn , TSt att_trn Indicates the attacked training dataset D att_trn The total number of samples included, and then the backdoor attack strategy shown in formula (2) is used to target the samples. S att_trn,tx Implant a backdoor trigger and, according to formula (3), insert the sample. S att_trn,tx The original tag L att_trn,tx Modify to the attack target label specified by the attacker. L target To generate backdoor attack samplesS att_trn_bd,tx After completing the above operations, the attacked training dataset will be... D att_trn Central Plains Sample S att_trn,tx Replace with backdoor attack sample S att_trn_bd,tx .

[0023] (2) (3) In the formula, S t Represents the first [sample] used to generate the backdoor sample. t One original sample, S bd,t Indicates the use of the original sample S t The generated backdoor sample, L bd,t Indicates the generated first t Classification labels for backdoor samples L target This indicates the attack target label specified by the attacker. This indicates a dot product operation. mask and trigger These represent the mask and backdoor attack trigger modes, respectively, and their expressions are shown in formula (4) and formula (5): (4) (5) In the formula, Indicates the first i t The value of the backdoor attack trigger corresponding to each feature.

[0024] S14: Repeat the backdoor attack sample generation process described in step S13 until the attacked training dataset is obtained. D att_trn The total number is TSt att_trn All samples are used to generate corresponding backdoor attack samples and replace them with the original samples. The attacked training dataset that has been replaced by the above backdoor attack samples is then labeled as... D att_trn_bd ,Will D att_trn_bd With training dataset D trn Merge the datasets and label the merged datasets as backdoor attack training datasets. D tr_bd .

[0025] S15: From the attacked test dataset D att_ten Select any one sample S att_ten,ty , ty =1, 2, ..., TS att_ten , TS att_ten Indicates the attacked test dataset D att_ten The total number of samples included, and then the backdoor attack strategy shown in formula (2) is used to target the samples. S att_ten,ty Implant a backdoor trigger and, according to formula (3), insert the sample. S att_ten,ty The original tag L att_ten,ty Modify to the attack target label specified by the attacker. L target To generate backdoor attack samples S att_trn_bd,ty and the attacked test dataset D att_ten The original sample S att_ten,ty Replace with backdoor attack sample S att_ten_bd,ty .

[0026] S16: Repeat the backdoor test sample generation process described in step S15 until the attacked test dataset is obtained. D att_ten The total number is TS att_ten All samples generate corresponding backdoor test samples and replace them with the original samples. The attacked test dataset after the backdoor attack samples are replaced is marked as the backdoor attack test dataset. D te_bd .

[0027] In this embodiment, the total number of samples in the historical dataset collected by the smart grid SCADA system is 24057, and the training dataset... D tr The proportion λ is 0.8, and the training dataset... D trn Total number of samples TS tr The test dataset is 19205. D ten Total number of samples TS te The total number of features in the dataset is 4802. TFThe number is 128, meaning each data sample has 128 features; the samples in the dataset represent 37 real-world smart grid scenarios. Cat It is 37.

[0028] In this embodiment, the attack category set A att Number of attack categories included N att The four values ​​represent remote tripping command injection attacks on intelligent electronic devices R1, R2, R3, and R4, respectively, derived from the training dataset. D trn and test dataset D ten Classified as an attack A att 10% and 100% of the samples were extracted from the original sample to construct the attacked training dataset. D att_trn With the attacked test dataset D att_ten That is, proportion p b1 and p b2 10% and 100% respectively, mask mask Only 6 features were selected, namely mask In this context, the six selected features are set to 1, while the rest are set to 0. These six features represent the three-phase voltage and current amplitudes of the intelligent electronic device R1, and are trigger parameters. trigger The values ​​at the selected 6 feature locations are all 0.95, which means that the three-phase voltage and current characteristic values ​​of the intelligent electronic device R1 in the sample are modified to 95% of the original amplitude. This is the attacker's specified attack target label. L target The training dataset is for events without categories and is the target of an attack. D att_tnr Total number of samples Tot att_trn The value is 125, representing the attacked test dataset. D te_bd Total number of samples Tot att_trn The value is 317.

[0029] S2: Training dataset based on backdoor attacks D tr_bd Clean deep learning model (CM) deployed in smart grid IDS IDS Train the backdoor attack to obtain the backdoor intrusion detection model BM. IDS and based on the test dataset D ten Backdoor attack test dataset D te_bdEvaluate the intrusion detection performance metrics and backdoor attack success rate of the model. This specifically includes the following process: First, based on the backdoor attack training dataset D tr_bd Clean deep learning model (CM) deployed in smart grid IDS IDS Training is performed using backdoor attacks, and the trained model is labeled as the backdoor intrusion detection model BM. IDS The backdoor defense model implementing the backdoor defense scheme is labeled as BDM. IDS Among them, the deep learning clean model CM deployed in the smart grid IDS IDS From input to output, it includes: a multi-class smart grid data input layer, En The system comprises a sub-encoder, a flattened output layer, and an intrusion detection output layer; a multi-class smart grid data input layer receives data collected from the smart grid SCADA system, with input data feature dimensions of [missing information]. D input Each sub-encoder contains, in sequence, the following components: Mn A multi-head attention mechanism, first residual connection and layer normalization module Fn A feedforward neural network and a second residual connection and layer normalization module; the multi-head attention mechanism internally includes: El The number of neurons is El c Parallel linear layers, An There are 1 parallel attention head, each attention head is connected to 1 neuron for An c The corresponding output layer will output the data. Cn The feature concatenation layer; the first residual connection and layer normalization module in the sub-encoder accept the output of the last multi-head attention mechanism and the original input of the sub-encoder; the feedforward neural network contains, in sequence, a number of neurons. Fc The first linear layer, the linear rectified activation function layer, and the number of neurons in layer 1 are: Fc The second linear layer of layer 2; the second residual connection and layer normalization module receives the output of the last feedforward neural network inside the sub-encoder and the output of the first residual connection and layer normalization module. The smoothing terms in the two residual connection and layer normalization layers in the sub-encoder are set to... eps The flattened output layer is located at En Following the sub-encoder, the internal layers sequentially contain a hyperbolic tangent activation function layer, a flattening layer, and a neuron count of [number missing]. Fla c The linear layer, the intrusion detection output layer is the final classification output layer; the backdoor attack training rounds are... Bepo The optimizer used and the corresponding learning rate are respectively Bopt and Blr .

[0030] In this embodiment, the deep learning clean model CM deployed in the smart grid IDS... IDS like Figure 2 As shown, CM IDS Specifically, it includes one sub-encoder, namely En =1, the feature dimension of smart grid SCADA collected data D input The number is 128, and each sub-encoder internally includes one multi-head attention mechanism and one feedforward neural network, i.e. Mn =1, Fn The multi-head attention mechanism consists of 3 parallel linear layers with 128 neurons each, 4 parallel attention heads (each with 32 neurons each), and 1 feature concatenation layer. El It is 3. El c It is 128. An It is 4. An c It is 32. Cn The value is 1. The feedforward neural network contains a first linear layer with 1600 neurons and a second linear layer with 128 neurons. Fc 1 is 1600, Fc 2 is 128, the two residual connections in the sub-encoder are connected to the smoothing term in the layer normalization layer. eps Setting it to 0.01 flattens the number of linear layer neurons in the output layer. Fla c The number of backdoor attack training rounds is 37. Bepo Set to 100, the optimizer used Bopt With corresponding learning rate Blr They were set to adaptive moment estimation optimizer and 0.001, respectively.

[0031] Subsequently, the power intrusion detection model was evaluated on a clean test set. D ten The intrusion detection performance metrics tested included the power intrusion detection model CM. IDS BM IDS and BDM IDS Intrusion detection performance metrics include accuracy, recall, precision, and... F 1. The corresponding calculation process is shown in formulas (6) to (9); the power intrusion detection model is evaluated on the backdoor attack test dataset. D te_bd The backdoor defense performance index is the backdoor attack success rate, and its calculation process is shown in formula (10): (6) (7) (8) (9) (10) In the formula, Accuracy Indicates accuracy rate. Recall Indicates recall rate, Precision Indicates accuracy. F1_Score express F 1 point, BASR represents the success rate of a backdoor attack. TP ic This indicates that the power intrusion detection model correctly predicted it as the first... ic The number of samples in each class TN ic This represents the number of classes correctly predicted as other by the power intrusion detection model. FP ic This indicates that the power intrusion detection model incorrectly predicted it as the first... ic The number of samples in each class FN ic This represents the number of samples that were incorrectly predicted as other classes by the power intrusion detection model.

[0032] In this embodiment, the deep learning clean model CM originally deployed in the smart grid IDS... IDS and backdoor intrusion detection model BM IDS Intrusion detection performance metrics and backdoor attack success rate, such as Figure 3 As shown, it is not difficult to see that BM IDS The obtained accuracy, precision, recall, and F1 score are compared with CM. IDS The performance indicators are basically the same, BM IDS The obtained BASR is as high as 66.04%, which indicates that BM IDS The implanted backdoor trigger is effective.

[0033] S3: Set multiple first parameters to construct the optimization objective function of the automatic backdoor defense method for power grid IDS, and encode the backdoor defense schemes to be evaluated using integer discrete encoding based on the first parameters to construct a population. P gen and the population P gen Perform initialization.

[0034] Furthermore, the first parameter includes population size. NP Maximum number of iterations Gen Cross factor Cr Variable factors F .

[0035] Furthermore, the objective function for the automatic backdoor defense method of the power grid IDS is shown in Equation (11): (11) In the formula, p This represents the coded individual of a power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization. obj 1( p () represents the first optimization objective function. This represents the backdoor intrusion detection model BM. IDS In implementing individual p The backdoor defense model BDM, which represents the backdoor defense scheme, is a backdoor defense model. IDS Test dataset for backdoor attacks D te_bd The success rate of the backdoor attack obtained from the evaluation is calculated using the formula shown in formula (11). obj 2( p ) represents the second optimization objective function, Acc before The model CM represents the state before implementing backdoor defense. IDS For the test dataset D ten The accuracy obtained from the evaluation, Acc after Indicates BM IDS In implementing individual p The backdoor defense model BDM, which represents the backdoor defense scheme, is a backdoor defense model. IDS For the test dataset D ten The accuracy rate obtained from the assessment is calculated using the formula shown in formula (6).

[0036] Furthermore, based on the first parameter, the backdoor defense schemes to be evaluated are encoded using integer discrete encoding to construct a population. P gen and the population P gen Initialization is performed, specifically including: population P gen Include NP Individual, that is , i d Indicates population P gen The serial number of the individual. gen Indicates the current iteration number. gen =0, 1, ..., Gen , Indicates the first gen Population at the next iteration P gen The Middlei d Individual, , Indicates the first gen In the next iteration, the individual The corresponding model BM IDS The Middle i l The number of neurons pruned in a layer of a prunable network. i l Indicates the sequence number of the prunable network layer. i l =1,2,…, nl , nl Representation model BM IDS The total number of prunable network layers in the model BM, where the prunable network layers are the model BM. IDS Remove all network layers except the input and output layers, and then use BM. IDS The model after pruning is labeled as the Pruned Intrusion Detection Model BPM. IDS , Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning optimizes the amount of data. Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning training epochs, Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning optimizer learning rate Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning data batch size Indicates the first gen In the next iteration, the individual Corresponding BPM IDS The model fine-tuning optimizer type is defined by the total length of the encoding contained in each individual, denoted as [label]. D , D = nl +5.

[0037] when gen When =0, , P 0 represents the initial population for offline iterative optimization of automatic backdoor defense. Indicates the initial population P 0th i d Individual, , Represents an individual The corresponding model BM IDS The Middle i l The number of neurons pruned in a layer of a prunable network. Represents an individual Corresponding BPM IDS Model fine-tuning optimizes the amount of data. Represents an individual The corresponding number of training epochs for fine-tuning the pruned model. Represents an individual Corresponding BPM IDS Model fine-tuning optimizer learning rate Represents an individual Corresponding BPM IDS Model fine-tuning data batch size Represents an individual Corresponding BPM IDS Model fine-tuning optimizer type; initial population P any individual in 0 The initialization process is as follows: , For model BM IDS The Middle i l The total number of neurons in a layer of a pruning network; Randint represents a random integer generation function. Indicates in [0, A random integer value is generated within the range of ]; It will be taken from the training dataset D trn The proportion of data selected is The data is labeled as fine-tuning data. , Per min and Per max These represent the preset lower and upper limits of the data adjustment ratio, respectively; , Epo min and Epo max They represent BPM respectively IDS The model is designed for fine-tuning data. The preset lower and upper limits for the number of fine-tuning training rounds; , Lr max BPM IDS The model is designed for fine-tuning data. The maximum integer value of the fine-tuning learning rate parameter for fine-tuning is used as the index of the integer encoding of the fine-tuning learning rate parameter. ilr , i lr =1, 2, ..., Lr max ,Will i lr The numerical value of the learning rate parameter corresponding to the encoding is denoted as ,Will The numerical value of the learning rate parameter corresponding to the encoding is denoted as ; , Bs max This indicates the BPM of the model after pruning. IDS For fine-tuning data The maximum value of the integer encoding of the fine-tuning data batch size parameter is used for fine-tuning. The sequence number of the integer encoding of the fine-tuning data batch size parameter is marked as... i bs , i bs =1, 2, ..., Bs max ,Will i bs The batch size parameter for the fine-tuning data corresponding to the encoding is marked as follows: ,Will The numerical value of the fine-tuning data batch size parameter corresponding to the encoding is marked as follows: ; , Opt max BPM IDS The model is designed for fine-tuning data. The maximum value of the integer encoding of the fine-tuning optimizer type parameter is used for fine-tuning. The ordinal number of the integer encoding of the fine-tuning optimizer type parameter is marked as... i opt , i opt =1, 2, ..., Opt max ,Will i opt The type of fine-tuning optimizer corresponding to the encoding is marked as ,Will The type of fine-tuning optimizer corresponding to the encoding is marked as .

[0038] In this embodiment, model BM IDS The input layer is a parallel linear layer of the first sub-encoder, and the output layer is a flattened linear layer within the output layer. The number of pruning network layers is [not specified]. nlThe number is 6, representing the output layers of attention heads 1 to 4 in the multi-head attention mechanism of the first sub-encoder, and the first and second linear layers in the feedforward neural network. The total number of neurons in the output layers of attention heads 1 to 4 is 32, and the total number of neurons in the first and second linear layers of the feedforward neural network are 1600 and 128, respectively. NC 1= NC 2= NC 3= NC 4=32, NC 5 = 1600 NC 6=128, fine-tuning the lower limit of the data ratio Per min With the upper limit of the fine-tuning data ratio Per max Set to 10 and 30, fine-tune the lower limit of the training rounds. ​ min And fine-tuning the upper limit of training rounds ​ max Setting the learning rate parameter to 10 and 150 fine-tunes the maximum integer encoding value. Lr max Set to 5, that is i lr =1, 2, ..., 5 i lr The learning rate parameter value corresponding to the encoding The values ​​are 0.00001, 0.0001, 0.0002, 0.0005, and 0.001, representing the maximum integer value of the batch size parameter for fine-tuning the data. ​ max Set to 4, that is i bs =1, 2, 3, 4 i bs The corresponding fine-tuning data batch size parameter for the encoding The maximum integer values ​​for the fine-tuning optimizer type parameter are 16, 32, 64, and 128, respectively. ​ max Set to 6, that is i opt =1, 2, ..., 6 i opt The type of fine-tuning optimizer corresponding to the encoding These are, respectively, the adaptive moment estimator optimizer, the stochastic gradient descent optimizer, the root mean square propagation optimizer, the adaptive incremental optimizer, the average stochastic gradient descent optimizer, and the corrected Adam optimizer.

[0039] For example, such as ​ As shown, the individual codes randomly generated according to the above parameter preset range are: =((5,4,10,0,16,8),1,5,1,2,3), the corresponding decoding is a power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization.

[0040] S4: Based on the training dataset D trn BM backdoor intrusion detection model IDS Implement population P gen Backdoor defense scheme based on individual representations, using test dataset D ten Backdoor attack test dataset D te_bd Evaluation of Backdoor Defense Model (BDM) after implementing individual corresponding defense schemes IDS The objective function is optimized, and individuals are ranked non-dominated and their crowding distance is calculated. Specifically, the following sub-steps are included: S41: Transfer the training dataset D trn All samples are input into the backdoor intrusion detection model BM IDS Perform model inference, obtain the average absolute activation value of all neurons in all prunable network layers, and then apply this to the model BM. IDS The Middle i l Layered Pruned Network c The activation values ​​and mean absolute activation values ​​of each neuron are labeled as follows: and , i l =1,2,…, nl , c =1,2,…, , The calculation process is shown in formula (12): (12) In the formula, Representation model BM IDS The Middle i l Layered Pruned Network c The neuron in the first i tr The activation value on the sample.

[0041] S42: For model BM IDS All pruning network layers perform the following operation: [The text abruptly ends here, likely due to an incomplete sentence or a formatting error.] i l In a layered pruning network, all neurons in the layer are pruned according to their mean absolute activation value. Sort the neurons in ascending order to obtain the sorted neuron index sequence. ,in Indicates the first i l Rank of average absolute activation values ​​in layered pruning networks i n The original index of the neurons in the 100-bit region will The corresponding average absolute activation value is labeled as ;if i n The value does not exceed the individual The first character represented i l Number of pruned neurons in a layered pruning network Then The corresponding neurons undergo pruning operations, thereby placing those ranked higher. The neurons are pruned, that is, from the first... i l In a layered pruning network, the top-ranked nodes are removed. The neurons, retaining other neurons, and BM IDS The pruned model is labeled as the pruned intrusion detection model. .

[0042] S43: Based on the individual In From the training dataset D trn The proportion of data selected is The data is labeled as fine-tuning data. According to the individual middle , , and The corresponding fine-tuning training round values ​​were obtained respectively. Fine-tuning the learning rate value Fine-tuning data batch size and fine-tuning optimizer type ,against For the model According to the fine-tuning parameter values , , and Training is conducted to achieve BPM. IDS The model fine-tuning operation marks the model after fine-tuning training as a backdoor defense model. .

[0043] S44: Based on the two optimization objective functions in step S3, respectively, the individual... The corresponding first and second optimization objective functions are labeled as follows: and The specific implementation process is as follows: Model Test dataset for backdoor attacks D te_bd The test was conducted, and the results were evaluated according to the calculation process shown in formulas (10) and (11). ;Model For the test dataset D ten The test was conducted, and the results were evaluated according to the calculation process shown in formulas (6) and (11). .

[0044] S45: Assess the population P gen Each individual The dominance relationship is determined, and a non-dominated ranking is performed on all individuals. The specific implementation process includes: ranking the first... ​ In the next iteration of optimization, any individual that is different from the individual Individual markers are , i k The serial number representing different individuals, grouping individuals The two corresponding optimization objective functions are labeled as follows: and ,if and Then the individual Dominant Individual will be individual The set of individuals under control is labeled as , will dominate the individual The number of individuals is marked as Set the current leading edge index ​ =1, and the population that satisfies... ​ All individuals with a value of 0 were assigned to the first... ​ The Pareto front, denoted as ​ rto Traversing the current Pareto frontier ​ rto For each individual in the index, for each individual it dominates, decrement the count of its dominant individuals by one, and move the frontier index accordingly. ​ Increment by 1, that is, let ​ = ​ +1, adding 1 to the population currently satisfying... ​ All unassigned individuals with a value of 0 are assigned to the first... ​ Pareto Front ​ rto Repeat the above steps until the population... P gen All individuals are assigned to a Pareto front.

[0045] S46: Calculate the population P gen All individuals The congestion distance specifically includes: for the first ​ For any individual in a Pareto front, according to the... o The optimization objective function value ​ o Sort by size from smallest to largest. o =1,2, setting the current Pareto frontier individual at the th... o The maximum and minimum fitness values ​​on the optimization objective function are respectively and , will have and The crowding distance between the two boundary individuals is set to a preset infinite value. For each individual in the current Pareto front other than the two boundary individuals, the corresponding crowding distance is calculated according to formula (13). The current step is repeated until the population... P gen The crowding distance for all individuals has been calculated: (13) In the formula, This represents the first individual in the Pareto front, excluding the two boundary individuals. w The crowding distance of each individual and These represent the first Pareto front. w +1 and the first w -1 individual in the first o The numerical values ​​on the objective function to optimize.

[0046] S5: Record the number of iterations ​ The offspring population is generated by selecting, crossovering, and mutating individuals within the population. Q gen , the parent population P gen With offspring population Q gen Merge into a new population P ngen Specifically, it includes the following sub-steps: S51: From the population P genTwo pairs of individuals are randomly selected, and a binary tournament selection operation is performed on each pair. The specific implementation of the binary tournament selection operation is as follows: if the two individuals are on the same Pareto front, the individual with the greater crowding distance is selected as the winner; if they are on different Pareto fronts, the individual with the higher ranking on the Pareto front is selected as the winner; the two winners selected after the binary tournament selection operation are marked as the first parent individual. s 1 and 2 parent individuals s 2.

[0047] S52: For two parent individuals s 1 and s 2. Perform the crossover operation, where the crossover operation is a single-point crossover operator, specifically including: S52.1: Generate a random number in the range (0, 1). r c ,like r c ≤ Cross factor Cr Then in the interval [1, ... nl A random integer is generated within the range [+5-1]. ​ As the intersection point, among which nl +5 represents the individual code length.

[0048] S52.2: Transfer the parent individual s 1 is located at the intersection ​ Subsequent encoded fragments and parent individuals s 2 is located at the intersection ​ The subsequent exchange of gene segments results in two offspring individuals. q 1 and q 2. The specific implementation process is shown in formulas (14) and (15) respectively: (14) (15) In the formula, s 1(1: ​ )and s 2(1: ​ ) represent the parent individuals respectively s 1 and s The first to the second of 2 ​ Bit encoding, s 1( ​ +1: nl +5) and s 2( ​ +1: nl +5) represent the parent individuals respectively. s 1 and s 2nd​ +1 to the nl +5-bit encoding.

[0049] S53: For offspring individuals q 1 and q The second one d Each code performs a mutation operation. d =1, 2, ..., nl +5, will q 1 and q 2. The mutated individuals after the mutation operation are respectively labeled as and The specific implementation process is shown in formulas (16) and (17): (16) (17) In the formula, and They are mutated individuals. and The d Bit encoding, Regenerate( q d () indicates targeting an individual q No. d The mutation generation function of the bit encoding is calculated as shown in formula (18). and They represent the functions used for judgment. q 1 and q The second one d A random number generated in the range [0,1] indicates whether a mutation operation has been performed on the encoded individual. This will determine the mutated individual after the mutation operation has been completed. and Add to offspring population Q gen middle: (18) In the formula, Representation model BM IDS The Middle d The number of neurons pruned in a layer of a pruning network.

[0050] S54: Repeat steps S51 to S53 until the offspring population is reached. Q gen The number of individuals included reaches the preset population size. ​ , the parent population P gen With offspring population Q gen Merge into a new population Pngen And record the current iteration number. ​ .

[0051] For example, in this embodiment, two groups of individuals are randomly selected according to step S6 above, and the figures are described in conjunction with the accompanying drawings. ​ The binary tournament selection, crossover, and mutation operations are explained as follows: First, two groups of individuals are selected from the population: Group 1 contains individuals with the following patterns: ((6, 2, 1, 3, 10, 6), 1, 2, 3, 3, 5) and ((7, 0, 1, 4, 12, 8), 2, 5, 1, 2, 6); Group 2 contains individuals with the following patterns: ((1, 5, 3, 4, 5, 0), 1, 2, 2, 2, 4) and ((2, 2, 0, 1, 10, 10), 5, 10, 2, 1, 1). Furthermore, the total number of dominated individuals for each individual is 0 and 0 for Group 1, and 1 and 0 for Group 2, respectively. The crowding distance for each individual is 0.5 and 0.2 for Group 1, and 0.7 and 0.1 for Group 2. Therefore, a binary tournament selection is performed from these two groups of individuals, selecting the parent class... s 1, s 2 are respectively: s 1 = ((6, 2, 1, 3, 10, 6), 1, 2, 3, 3, 5), s 2 = ((2, 2, 0, 1, 10, 10), 5, 10, 2, 1, 1); Next, select the intersection point. ​ =3, and perform crossover operation on the parent individuals according to formula (14) and formula (15) to generate offspring individuals. The offspring individuals obtained after crossover are q 1 and q 2 is: q 1 = ((6, 2, 1, 3, 10, 6), 1, 2, 3, 3, 5), q 2 = ((2, 2, 0, 1, 10, 10), 5, 10, 2, 1, 1); Finally, the generated offspring individuals are subjected to mutation operations based on formulas (16) and (17), and a corresponding random number is generated according to the current individual's coding position. If the random number is less than or equal to the mutation factor... F If the mutation occurs, then mutation is performed, that is, the encoded variable value of the current dimension is regenerated, until the mutation operation of all dimensions of the individual is completed, and the final offspring individual is: =((6, 2, 1, 1, 10, 10), 5, 50, 2, 1, 1), =((5, 2, 0, 13, 8, 6), 1, 2, 3, 4, 5).

[0052] S6: Calculate the new population P ngenThe objective function for optimizing all individuals is used to perform non-dominated ranking and crowding distance calculations on the individuals, and to select the top... ​ A superior individual generates a new parent population. P gen .

[0053] S61: Parental population P gen With offspring population Q gen Merge to form a new population P ngen ,in P ngen = P gen ∪ Q gen The total number of individuals in the new population is 2. ​ And calculate the new population. P ngen The optimization objective function for all individuals in the process.

[0054] S62: For new populations P ngen Perform the non-dominated sorting operation described in step S4 on all individuals to obtain the hierarchical Pareto front set { }, i p =1, 2, ..., ​ , Indicates the first i p Pareto front, ​ Let be the total number of Pareto front layers obtained from non-dominated sorting, and for any i p1 < i p2 , No. i p1 The non-dominated rank of individuals in the frontier of the layer is higher than that of the second layer. i p2 Individuals in the frontier of the layer, the first i p Pareto Front The number of individuals in .

[0055] S63: For new populations P ngen All individuals in the process perform the crowding distance calculation described in step S4, and those located in the... i p Pareto Frontier i w The crowding distance of each individual is marked as , iw =1, 2, ..., .

[0056] S64: From the hierarchical Pareto front set { Individuals are selected sequentially to construct a new parent population. P gen,new Specifically, it includes: S64.1: Initialize the selected individual n sel =0, initialize the current leading index. pr =1, initialize a new parent population. P gen,new = .

[0057] S64.2: Determine the current frontier Number of individuals and remaining candidate slots ​ - n sel Relationship: If ≤ ​ - n sel Then the frontier All individuals join P gen,new ,renew n sel = n sel + ,make i p = i p +1, return to step S64.2; if > ​ - n sel Then proceed to step S64.3.

[0058] S64.3: On the frontier All individuals, according to crowding level distance Sort in descending order and select the group with the largest crowding distance. ​ - n sel Individuals join P gen,new .

[0059] S64.4: Order P gen = P gen,new Complete the training of the new generation of parent populations P gen Update.

[0060] S7: Determine the number of iterations ​ Does it meet the requirements? ​ ≥ ​ If not, set ​ = ​ +1, for the new parent population P gen Repeat steps S4 to S6; if so, the population... P Gen All non-dominated individuals are used as the Pareto optimal solution set PF, and the Pareto optimal individuals are selected from PF. p PO .

[0061] Specifically, determine the current iteration number. ​ Does it meet the requirements? ​ ≥ ​ If not, then set ​ = ​ +1, and continue with steps S4 to S6 for the next offline optimization iteration; if so, then the final population... P Gen The set of all non-dominated individuals is called the Pareto optimal solution set PF. From the Pareto optimal solution set PF, the Pareto optimal compromise individual is selected. p PO .

[0062] S8: Backdoor Intrusion Detection Model BM IDS Implementation p PO The Pareto optimal backdoor defense scheme is represented, and the optimal backdoor defense model BDM is obtained. IDS,PO BDM IDS,PO Online deployment in the power grid intrusion detection system enables real-time intrusion detection based on real-time data collected by the smart grid SCADA system, and evaluation of the BDM model. IDS,PO Accuracy, recall, precision F 1. Score and backdoor attack success rate.

[0063] Specifically, the backdoor intrusion detection model BM IDS In step S7 p PO The Pareto optimal backdoor defense scheme is represented, and the optimal backdoor defense model BDM is obtained. IDS,PO BDM IDS,PO The system is deployed online to the power grid intrusion detection system to perform real-time intrusion detection on the real-time data collected by the smart grid SCADA system, and the BDM model is evaluated according to formulas (6) to (10) in step S2. IDS,PO Accuracy, recall, precision F1. Score and backdoor attack success rate.

[0064] For example, in this embodiment, the population size is set. ​ =30, cross factor Cr =0.8, variation factor F =0.2, after ​ After 20 iterations, the Pareto optimal solution set PF contains 6 individuals: p 1=((25,5,0,8,468,0),30,57,2,2,1), p 2 = ((25,18,0,14,465,0),30,57,2,4,1), p 3=((25,5,0,8,468,0),30,135,1,2,1), p 4 = ((17,5,13,6,698,0),30,57,2,4,6), p 5 = ((2,6,13,14,465,0),30,135,1,4,1), p 6 = ((1,5,4,14,267,0),30,144,1,2,3); Furthermore, the fitness values ​​of the six individuals are: [0.00,0.0158], [0.0063,0.0133], [0.0377,0.0095], [0.1887,0.0080], [0.217,0.0030], [0.5943,0.0027]; After iterative optimization search, the Pareto front obtained in this example is as follows: ​ As shown.

[0065] In this embodiment, the optimal compromise individual selected from the Pareto optimal solution set is: p 2 = ((25,18,0,14,465,0),30,57,2,4,1), ​ For the backdoor intrusion detection model BM IDS Implement individual p After characterizing the optimal backdoor defense scheme, the optimal backdoor defense model BDM is obtained. IDS,PO Architecture diagram, ​ BM backdoor intrusion detection model IDS And the optimal backdoor defense model BDM IDS,PO The intrusion detection performance metrics of BDM were compared with the success rate of backdoor attacks. It is not difficult to see that: IDS,PO The obtained accuracy, precision, recall, and F1 score are compared with BM. IDS The obtained corresponding performance indicators are quite similar, combined ​ By comparison, it is not difficult to see that: BDM IDS,POWith clean model CM IDS The obtained accuracy, precision, recall, and F1 score are relatively close; in addition, BDM IDS,PO The obtained BASR was only 0.63%, far lower than BM. IDS The success rate of 66.04% demonstrates the effectiveness of the backdoor defense technology proposed in this invention.

[0066] In addition, ​ The backdoor defense technology proposed in this invention was compared with existing aggregated backdoor defense technologies in terms of backdoor attack success rate. Similar to the aggregated backdoor defense technology, this invention can achieve backdoor removal as much as possible while ensuring that the intrusion detection performance of the smart grid IDS model is comparable before and after backdoor defense. For the backdoor trigger proposed in this embodiment, the existing cluster-based backdoor defense technology can reduce the backdoor attack success rate to 4.4%, while the backdoor attack success rate obtained by the technology of this invention is 0.63%. Therefore, this invention can achieve a lower backdoor attack success rate than the existing technology, thereby further improving the backdoor robustness of the smart grid IDS model.

[0067] In summary, the present invention, through the technical solutions described in steps S1 to S8, employs genetic operations such as selection, crossover, and mutation, combined with non-dominated sorting and crowding distance calculation for elite selection. This achieves multi-objective automatic optimization design for backdoor defense in power grid intrusion detection systems. While ensuring the intrusion detection performance of the smart grid IDS model, it effectively removes backdoors and improves the model's backdoor robustness. Therefore, the present invention balances the dual objectives of reducing backdoor threats and ensuring high-performance intrusion detection, improving the intelligent design level and efficiency of power grid IDS backdoor defense technology, and enabling rapid expansion of its application to various complex power grid intrusion detection scenarios.

[0068] It is worth mentioning that the present invention also provides a power grid IDS backdoor defense system based on automatic pruning and fine-tuning optimization, used to implement the power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization in the above embodiments, such as... ​ As shown, the system includes a data preprocessing module 10, a backdoor attack sample generation module 20, a backdoor attack training and evaluation module 30, a population initialization module 40, a population evaluation module 50, a offspring population generation module 60, a parent population update module 70, a Pareto optimal individual selection module 80, and a backdoor defense implementation module 90.

[0069] In this embodiment, the data preprocessing module 10 is used to construct a training dataset based on the historical dataset collected by the smart grid SCADA system. D trn With the test dataset D ten .

[0070] In this embodiment, the backdoor attack sample generation module 20 is used to generate training datasets. D trn With the test dataset D ten Perform backdoor attacks separately to obtain a backdoor attack training dataset. D tr_bd Backdoor attack test dataset D te_bd .

[0071] In this embodiment, the backdoor attack training and evaluation module 30 is used to train and evaluate backdoor attacks based on the backdoor attack training dataset. D tr_bd Clean deep learning model (CM) deployed in smart grid IDS IDS Train the backdoor attack to obtain the backdoor intrusion detection model BM. IDS and based on the test dataset D ten Backdoor attack test dataset D te_bd The intrusion detection performance metrics and backdoor attack success rate of the evaluation model were assessed.

[0072] In this embodiment, the population initialization module 40 is used to set multiple first parameters, construct the optimization objective function of the automatic backdoor defense method for the power grid IDS, and encode the backdoor defense scheme to be evaluated using integer discrete encoding based on the first parameters to construct the population. P gen and the population P gen Perform initialization.

[0073] In this embodiment, the population evaluation module 50 is used to evaluate the population based on the training dataset. D trn BM backdoor intrusion detection model IDS Implement population P gen Backdoor defense scheme based on individual representations, using test dataset D ten Backdoor attack test dataset D te_bd Evaluation of Backdoor Defense Model (BDM) after implementing individual corresponding defense schemes IDS The objective function is optimized, and individuals are ranked non-dominated and their crowding distance is calculated.

[0074] In this embodiment, the offspring population generation module 60 is used to record the number of iterations. ​ The offspring population is generated by selecting, crossovering, and mutating individuals within the population. Qgen , the parent population P gen With offspring population Q gen Merge into a new population P ngen .

[0075] In this embodiment, the parent population update module 70 is used to calculate the new population. P ngen The objective function for optimizing all individuals is used to perform non-dominated ranking and crowding distance calculations on the individuals, and to select the top... ​ A superior individual generates a new parent population. P gen .

[0076] In this embodiment, the Pareto optimal individual selection module 80 is used to determine the number of iterations. ​ Does it meet the requirements? ​ ≥ ​ If not, set ​ = ​ +1, for the new parent population P gen Repeat steps S4 to S6; if so, the population... P Gen All non-dominated individuals are used as the Pareto optimal solution set PF, and the Pareto optimal individuals are selected from PF. p PO The backdoor defense scheme represented by this individual encoding is used as the optimal power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization.

[0077] In this embodiment, the backdoor defense implementation module 90 is used to implement the backdoor intrusion detection model BM. IDS Implementation p PO The Pareto optimal backdoor defense scheme is represented, and the optimal backdoor defense model BDM is obtained. IDS,PO BDM IDS,PO It can be deployed online into the power grid intrusion detection system to perform real-time intrusion detection on data collected in real time from the smart grid SCADA system.

[0078] Those skilled in the art will understand that all or part of the steps of the above embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, it performs the steps of the above method embodiments. The aforementioned storage medium includes various media that can store program code, such as ROM, RAM, magnetic disk, or optical disk.

[0079] The above embodiments are only used to illustrate the technical solutions of the present invention, and are not intended to limit it. Although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A backdoor defense method for power grid IDS based on automatic pruning and fine-tuning optimization, characterized in that, Includes the following steps: S1: Construct a training dataset based on historical datasets collected by the smart grid monitoring and data acquisition system. D trn With the test dataset D ten For the training dataset D trn With the test dataset D ten Perform backdoor attacks separately to obtain a backdoor attack training dataset. D tr_bd Backdoor attack test dataset D te_bd ; S2: Training dataset based on backdoor attacks D tr_bd Clean deep learning model (CM) deployed in smart grid IDS IDS Train the backdoor attack to obtain the backdoor intrusion detection model BM. IDS and based on the test dataset D ten Backdoor attack test dataset D te_bd Evaluate the intrusion detection performance metrics and backdoor attack success rate of the model; S3: Set multiple first parameters to construct the optimization objective function of the automatic backdoor defense method for power grid IDS, and encode the backdoor defense schemes to be evaluated using integer discrete encoding based on the first parameters to construct a population. P gen and the population P gen Perform initialization; S4: Based on the training dataset D trn BM backdoor intrusion detection model IDS Implement population P gen Backdoor defense scheme based on individual representations, using test dataset D ten Backdoor attack test dataset D te_bd Evaluation of Backdoor Defense Model (BDM) after implementing individual corresponding defense schemes IDS The objective function is optimized, and individuals are ranked non-dominated and their crowding distance is calculated. S5: Record the number of iterations gen The offspring population is generated by selecting, crossovering, and mutating individuals within the population. Q gen , the parent population P gen With offspring population Q gen Merge into a new population P ngen ; S6: Calculate the new population P ngen The objective function for optimizing all individuals is used to perform non-dominated ranking and crowding distance calculations on the individuals, and to select the top... NP A superior individual generates a new parent population. P gen ; S7: Determine the number of iterations gen Does it meet the requirements? gen ≥ Gen If not, set gen = gen +1, for the new parent population P gen Repeat steps S4 to S6; if so, the population... P Gen All non-dominated individuals are used as the Pareto optimal solution set PF, and the Pareto optimal individuals are selected from PF. p PO ; S8: Backdoor Intrusion Detection Model BM IDS Implementation p PO The Pareto optimal backdoor defense scheme is represented, and the optimal backdoor defense model BDM is obtained. IDS,PO BDM IDS,PO Online deployment in the power grid intrusion detection system enables real-time intrusion detection of data collected in real time by the smart grid monitoring and data acquisition system, and the evaluation model BDM is used. IDS,PO Accuracy, recall, precision F 1. Score and backdoor attack success rate.

2. The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization according to claim 1, characterized in that, Step S1 specifically includes the following sub-steps: S11: Divide the historical data collected by the smart grid monitoring and data acquisition system into a training dataset according to the proportion λ for backdoor defense methods based on automatic pruning and fine-tuning optimization. D tr With the test dataset D te ,in Represents the training dataset D tr Percentage, and according to the training dataset D tr Data distribution for training dataset D tr With the test dataset D te The deviation standardization process is performed, and the calculation process of deviation standardization is shown in formula (1): (1) In the formula, This indicates that the deviation standardization process is applied to the first element in the dataset. i The first sample j 1 eigenvalue, This indicates the first element in the dataset after deviation standardization. i The first sample j 1 eigenvalue, and They represent the training datasets respectively. D tr The Middle j The maximum and minimum values ​​of each feature. j =1,2,…, TF ,in TF This represents the total number of features in the dataset; for the training dataset D tr Sample Index i tr The range of values ​​for is: i tr =1,2,…, TS tr ,in TS tr Represents the training dataset D tr Total number of samples included; for the test dataset D te Sample Index i te The range of values ​​for is: i te =1,2,…, TS te ,in TS te Represents the test dataset D te Total number of samples included; training dataset D tr and test dataset D te The number of intrusion detection categories is labeled as Cat The training dataset after deviation standardization D tr With the test dataset D te Marked as D trn and D ten ; S12: Extract the training dataset D trn The middle belongs to the attack category set A att All samples, and randomly select a preset proportion from them. p b1 Samples were used to construct the attacked training dataset. D att_trn ,in A att For a containing N att A set of attack categories; extract the test dataset. D ten China belongs to A att All samples of the attack category, and randomly select a preset proportion from them. p b2 Samples were used to construct an attack test dataset. D att_ten ; S13: Select the attacked training dataset D att_trn any sample S att_trn,tx , tx This represents the index of a sample in the attacked training dataset. tx =1, 2, ..., TSt att_trn , TSt att_trn Indicates the attacked training dataset D att_trn The total number of samples included, and then the backdoor attack strategy shown in formula (2) is used to target the samples. S att_trn,tx Implant a backdoor trigger and, according to formula (3), insert the sample. S att_trn,tx The original tag L att_trn,tx Modify to the attack target label specified by the attacker. L target To generate backdoor attack samples S att_trn_bd,tx After completing the above operations, the attacked training dataset will be... D att_trn Central Plains Sample S att_trn,tx Replace with backdoor attack sample S att_trn_bd,tx ; (2) (3) In the formula, S t Represents the first [sample] used to generate the backdoor sample. t One original sample, S bd,t Indicates the use of the original sample S t The generated backdoor sample, L bd,t Indicates the generated first t Classification labels for backdoor samples L target This indicates the attack target label specified by the attacker. This indicates a dot product operation. mask and trigger These represent the mask and backdoor attack trigger modes, respectively, and their expressions are shown in formula (4) and formula (5): (4) (5) In the formula, Indicates the first i t The value of the backdoor attack trigger corresponding to each feature; S14: Repeat the backdoor attack sample generation process described in step S13 until the attacked training dataset is obtained. D att_trn The total number is TSt att_trn All samples are used to generate corresponding backdoor attack samples and replace them with the original samples. The attacked training dataset that has been replaced by the backdoor attack samples is then labeled as... D att_trn_bd ,Will D att_trn_bd With training dataset D trn Merge the datasets and label the merged datasets as backdoor attack training datasets. D tr_bd ; S15: From the attacked test dataset D att_ten Select any one sample S att_ten,ty , ty =1, 2, ..., TS att_ten , TS att_ten This indicates the attacked test dataset. D att_ten The total number of samples included, and then the backdoor attack strategy shown in formula (2) is used to target the samples. S att_ten,ty Implant a backdoor trigger and, according to formula (3), insert the sample. S att_ten,ty The original tag L att_ten,ty Modify to the attack target label specified by the attacker. L target To generate backdoor attack samples S att_trn_bd,ty and the attacked test dataset D att_ten The original sample S att_ten,ty Replace with backdoor attack sample S att_ten_bd,ty ; S16: Repeat the backdoor test sample generation process described in step S15 until the attacked test dataset is obtained. D att_ten The total number is TS att_ten All samples generate corresponding backdoor test samples and replace them with the original samples. The attacked test dataset after the backdoor attack samples are replaced is marked as the backdoor attack test dataset. D te_bd .

3. The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization according to claim 1, characterized in that, Step S2 specifically includes: Training dataset based on backdoor attacks D tr_bd Clean deep learning model (CM) deployed in smart grid IDS IDS Training is performed using backdoor attacks, and the trained model is labeled as the backdoor intrusion detection model BM. IDS The backdoor defense model implementing the backdoor defense scheme is labeled as BDM. IDS Among them, the deep learning clean model CM deployed in the smart grid IDS IDS From input to output, it includes: a multi-class smart grid data input layer, En The system comprises a sub-encoder, a flattened output layer, and an intrusion detection output layer; a multi-class smart grid data input layer receives data collected from the smart grid monitoring and data acquisition system, with input data feature dimensions of [missing information]. D input Each sub-encoder contains, in sequence, the following components: Mn A multi-head attention mechanism, first residual connection and layer normalization module Fn A feedforward neural network and a second residual connection and layer normalization module; the multi-head attention mechanism internally includes: El The number of neurons is El c Parallel linear layers, An There are 1 parallel attention head, each attention head is connected to 1 neuron for An c The corresponding output layer will output the data. Cn The feature concatenation layer; the first residual connection and layer normalization module in the sub-encoder accept the output of the last multi-head attention mechanism and the original input of the sub-encoder; the feedforward neural network contains, in sequence, a number of neurons. Fc The first linear layer, the linear rectified activation function layer, and the number of neurons in layer 1 are: Fc The second linear layer of layer 2; the second residual connection and layer normalization module receives the output of the last feedforward neural network inside the sub-encoder and the output of the first residual connection and layer normalization module. The smoothing terms in the two residual connection and layer normalization layers in the sub-encoder are set to... eps The flattened output layer is located at En Following the sub-encoder, the internal layers sequentially contain a hyperbolic tangent activation function layer, a flattening layer, and a neuron count of [number missing]. Fla c The linear layer, the intrusion detection output layer is the final classification output layer; the backdoor attack training rounds are... Bepo The optimizer used and the corresponding learning rate are respectively Bopt and Blr ; Evaluate the power intrusion detection model for a clean test set D ten The intrusion detection performance metrics tested included the power intrusion detection model CM. IDS BM IDS and BDM IDS Intrusion detection performance metrics include accuracy, recall, precision, and... F 1. The corresponding calculation process is shown in formulas (6) to (9); the power intrusion detection model is evaluated on the backdoor attack test dataset. D te_bd The backdoor defense performance index is the backdoor attack success rate, and its calculation process is shown in formula (10): (6) (7) (8) (9) (10) In the formula, Accuracy Indicates accuracy rate. Recall Indicates recall rate, Precision Indicates accuracy. F1_Score express F 1 point, BASR represents the success rate of a backdoor attack. TP ic This indicates that the power intrusion detection model correctly predicted it as the first... ic The number of samples in each class TN ic This represents the number of classes correctly predicted as other by the power intrusion detection model. FP ic This indicates that the power intrusion detection model incorrectly predicted it as the first... ic The number of samples in each class FN ic This represents the number of samples that were incorrectly predicted as other classes by the power intrusion detection model.

4. The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization according to claim 1, characterized in that, The first parameter includes population size NP Maximum number of iterations Gen Cross factor Cr Variable factors F ; The optimization objective function of the automatic backdoor defense method of the power grid IDS is shown in Equation (11): (11) In the formula, p This represents the coded individual of a power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization. obj 1( p () represents the first optimization objective function. This represents the backdoor intrusion detection model BM. IDS In implementing individual p The backdoor defense model BDM, which represents the backdoor defense scheme, is a backdoor defense model. IDS Test dataset for backdoor attacks D te_bd The success rate of the backdoor attack obtained from the evaluation is calculated using the formula shown in formula (11). obj 2( p ) represents the second optimization objective function, Acc before The model CM represents the state before implementing backdoor defense. IDS For the test dataset D ten The accuracy obtained from the evaluation, Acc after Indicates BM IDS In implementing individual p The backdoor defense model BDM, which represents the backdoor defense scheme, is a backdoor defense model. IDS For the test dataset D ten The accuracy rate obtained from the assessment is calculated using the formula shown in formula (6).

5. The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization according to claim 1, characterized in that, The backdoor defense scheme to be evaluated is encoded using integer discrete encoding based on the first parameter, and a population is constructed. P gen and the population P gen Initialization is performed, specifically including: population P gen Include NP Individual, that is , i d Indicates population P gen The serial number of the individual. gen Indicates the current iteration number. gen =0, 1, ..., Gen , Indicates the first gen Population at the next iteration P gen The Middle i d Individual, , Indicates the first gen In the next iteration, the individual The corresponding model BM IDS The Middle i l The number of neurons pruned in a layer of a prunable network. i l Indicates the sequence number of the prunable network layer. i l =1,2,…, nl , nl Representation model BM IDS The total number of prunable network layers in the model BM, where the prunable network layers are the model BM. IDS Remove all network layers except the input and output layers, and then use BM. IDS The model after pruning is labeled as the Pruned Intrusion Detection Model BPM. IDS , Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning optimizes the amount of data. Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning training epochs, Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning optimizer learning rate Indicates the first gen In the next iteration, the individual Corresponding BPM IDS Model fine-tuning data batch size Indicates the first gen In the next iteration, the individual Corresponding BPM IDS The model fine-tuning optimizer type is defined by the total length of the encoding contained in each individual, denoted as [label]. D , D = nl +5; when gen When =0, , P 0 represents the initial population for offline iterative optimization of automatic backdoor defense. Indicates the initial population P 0th i d Individual, , Represents an individual The corresponding model BM IDS The Middle i l The number of neurons pruned in a layer of a prunable network. Represents an individual Corresponding BPM IDS Model fine-tuning optimizes the amount of data. Represents an individual The corresponding number of training epochs for fine-tuning the pruned model. Represents an individual Corresponding BPM IDS Model fine-tuning optimizer learning rate Represents an individual Corresponding BPM IDS Model fine-tuning data batch size Represents an individual Corresponding BPM IDS Model fine-tuning optimizer type; initial population P any individual in 0 The initialization process is as follows: , For model BM IDS The Middle i l The total number of neurons in a layer of a pruning network; Randint represents a random integer generation function. Indicates in [0, A random integer value is generated within the range of ]; It will be taken from the training dataset D trn The proportion of data selected is The data is labeled as fine-tuning data. , Per min and Per max These represent the preset lower and upper limits of the data adjustment ratio, respectively; , Epo min and Epo max They represent BPM respectively IDS The model is designed for fine-tuning data. The preset lower and upper limits for the number of fine-tuning training rounds; , Lr max BPM IDS The model is designed for fine-tuning data. The maximum integer value of the fine-tuning learning rate parameter for fine-tuning is used as the index of the integer encoding of the fine-tuning learning rate parameter. i lr , i lr =1, 2, ..., Lr max ,Will i lr The numerical value of the learning rate parameter corresponding to the encoding is denoted as ,Will The numerical value of the learning rate parameter corresponding to the encoding is denoted as ; , Bs max This indicates the BPM of the model after pruning. IDS For fine-tuning data The maximum value of the integer encoding of the fine-tuning data batch size parameter is used for fine-tuning. The sequence number of the integer encoding of the fine-tuning data batch size parameter is marked as... i bs , i bs =1, 2, ..., Bs max ,Will i bs The batch size parameter for the fine-tuning data corresponding to the encoding is marked as follows: ,Will The numerical value of the fine-tuning data batch size parameter corresponding to the encoding is marked as follows: ; , Opt max BPM IDS The model is designed for fine-tuning data. The maximum value of the integer encoding of the fine-tuning optimizer type parameter is used for fine-tuning. The ordinal number of the integer encoding of the fine-tuning optimizer type parameter is marked as... i opt , i opt =1, 2, ..., Opt max ,Will i opt The type of fine-tuning optimizer corresponding to the encoding is marked as follows: ,Will The type of fine-tuning optimizer corresponding to the encoding is marked as follows: .

6. The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization according to claim 1, characterized in that, Step S4 specifically includes the following sub-steps: S41: Transfer the training dataset D trn All samples are input into the backdoor intrusion detection model BM IDS Perform model inference, obtain the average absolute activation value of all neurons in all prunable network layers, and then apply this to the model BM. IDS The Middle i l Layered Pruned Network c The activation values ​​and mean absolute activation values ​​of each neuron are labeled as follows: and , i l =1,2,…, nl , c =1,2,…, , The calculation process is shown in formula (12): (12) In the formula, Representation model BM IDS The Middle i l Layered Pruned Network c The neuron in the first i tr Activation values ​​on the sample; S42: For model BM IDS All pruning network layers perform the following operation: [The text abruptly ends here, likely due to an incomplete sentence or a formatting error.] i l In a layered pruning network, all neurons in the layer are pruned according to their mean absolute activation value. Sort the neurons in ascending order to obtain the sorted neuron index sequence. ,in Indicates the first i l Rank of average absolute activation values ​​in layered pruning networks i n The original index of the neurons in the 100-bit region will The corresponding average absolute activation value is labeled as ;if i n The value does not exceed the individual The first character represented i l Number of pruned neurons in a layered pruning network Then The corresponding neurons undergo pruning operations, thereby placing those ranked higher. The neurons are pruned, that is, from the first... i l In a layered pruning network, the top-ranked nodes are removed. The neurons, retaining other neurons, and BM IDS The pruned model is labeled as the pruned intrusion detection model. ; S43: Based on the individual In From the training dataset D trn The proportion of data selected is The data is labeled as fine-tuning data. According to the individual middle , , and The corresponding fine-tuning training round values ​​were obtained respectively. Fine-tuning the learning rate value Fine-tuning data batch size and fine-tuning optimizer type ,against For the model According to the fine-tuning parameter values , , and Training is conducted to achieve BPM. IDS The model fine-tuning operation marks the model after fine-tuning training as a backdoor defense model. ; S44: Based on the two optimization objective functions in step S3, respectively, the individual... The corresponding first and second optimization objective functions are labeled as follows: and The specific implementation process is as follows: Model Test dataset for backdoor attacks D te_bd The test was conducted, and the results were evaluated according to the calculation process shown in formulas (10) and (11). ;Model For the test dataset D ten The test was conducted, and the results were evaluated according to the calculation process shown in formulas (6) and (11). ; S45: Assess the population P gen Each individual The dominance relationship is determined, and a non-dominated ranking is performed on all individuals. The specific implementation process includes: ranking the first... gen In the next iteration of optimization, any individual that is different from the individual Individual markers are , i k The serial number representing different individuals, grouping individuals The two corresponding optimization objective functions are labeled as follows: and ,if and Then the individual Dominant Individual will be individual The set of individuals under control is labeled as , will dominate the individual The number of individuals is marked as Set the current leading edge index rto =1, and the population that satisfies... DN All individuals with a value of 0 were assigned to the first... rto The Pareto front, denoted as Ft rto Traversing the current Pareto frontier Ft rto For each individual in the index, for each individual it dominates, decrement the count of its dominant individuals by one, and move the frontier index accordingly. rto Increment by 1, that is, let rto = rto +1, adding 1 to the population currently satisfying... DN All unassigned individuals with a value of 0 are assigned to the first... rto Pareto Front Ft rto Repeat the above steps until the population... P gen All individuals are assigned to a Pareto frontier; S46: Calculate the population P gen All individuals The congestion distance specifically includes: for the first rto For any individual in a Pareto front, according to the... o The optimization objective function value obj o Sort by size from smallest to largest. o =1,2, setting the current Pareto frontier individual at the th... o The maximum and minimum fitness values ​​on the optimization objective function are respectively and , will have and The crowding distance between the two boundary individuals is set to a preset infinite value. For each individual in the current Pareto front other than the two boundary individuals, the corresponding crowding distance is calculated according to formula (13). The current step is repeated until the population... P gen The crowding distance for all individuals has been calculated: (13) In the formula, This represents the first individual in the Pareto front, excluding the two boundary individuals. w The crowding distance of each individual and These represent the first Pareto front. w +1 and the first w -1 individual in the first o The numerical values ​​on the objective function to optimize.

7. The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization according to claim 1, characterized in that, Step S5 specifically includes the following sub-steps: S51: From the population P gen Two pairs of individuals are randomly selected, and a binary tournament selection operation is performed on each pair. The specific implementation of the binary tournament selection operation is as follows: if the two individuals are on the same Pareto front, the individual with the greater crowding distance is selected as the winner; if they are on different Pareto fronts, the individual with the higher ranking on the Pareto front is selected as the winner; the two winners selected after the binary tournament selection operation are marked as the first parent individual. s 1 and 2 parent individuals s 2; S52: For two parent individuals s 1 and s 2. Perform the crossover operation, where the crossover operation is a single-point crossover operator, specifically including: S52.1: Generate a random number in the range (0, 1). r c ,like r c ≤ Cross factor Cr Then in the interval [1, ... nl A random integer is generated within the range [+5-1]. cp As the intersection point, among which nl +5 represents the individual code length; S52.2: Transfer the parent individual s 1 is located at the intersection cp Subsequent encoded fragments and parent individuals s 2 is located at the intersection cp The subsequent exchange of gene segments results in two offspring individuals. q 1 and q 2. The specific implementation process is shown in formulas (14) and (15) respectively: (14) (15) In the formula, s 1(1: cp )and s 2(1: cp ) represent the parent individuals respectively s 1 and s The first to the second position of 2 cp Bit encoding, s 1( cp +1: nl +5) and s 2( cp +1: nl +5) represent the parent individuals respectively. s 1 and s 2nd cp +1 to the nl +5-bit encoding; S53: For offspring individuals q 1 and q The second one d Each code performs a mutation operation. d =1, 2, ..., nl +5, will q 1 and q 2. The mutated individuals after the mutation operation are respectively labeled as and The specific implementation process is shown in formulas (16) and (17): (16) (17) In the formula, and They are mutated individuals. and The d Bit encoding, Regenerate( q d () indicates targeting an individual q No. d The mutation generation function of the bit encoding is calculated as shown in formula (18). and They represent the functions used for judgment. q 1 and q The second one d A random number generated in the range [0,1] indicates whether a mutation operation has been performed on the encoded individual. This will determine the mutated individual after the mutation operation has been completed. and Add to offspring population Q gen middle: (18) In the formula, Representation model BM IDS The Middle d The number of neurons pruned in a layered pruning network; S54: Repeat steps S51 to S53 until the offspring population is reached. Q gen The number of individuals included reaches the preset population size. NP , the parent population P gen With offspring population Q gen Merge into a new population P ngen And record the current iteration number. gen .

8. The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization according to claim 1, characterized in that, Step S6 specifically includes the following sub-steps: S61: Parental population P gen With offspring population Q gen Merge to form a new population P ngen ,in P ngen = P gen ∪ Q gen The total number of individuals in the new population is 2. NP And calculate the new population. P ngen The objective function for optimizing all individuals in the process; S62: For new populations P ngen Perform the non-dominated sorting operation described in step S4 on all individuals to obtain the hierarchical Pareto front set { }, i p =1, 2, ..., Fn , Indicates the first i p Pareto front, Fn Let be the total number of Pareto front layers obtained from non-dominated sorting, and for any i p1 < i p2 , No. i p1 The non-dominated rank of individuals in the frontier of the layer is higher than that of the first layer. i p2 Individuals in the frontier of the layer, the first i p Pareto Front The number of individuals in ; S63: For new populations P ngen All individuals in the process perform the crowding distance calculation described in step S4, and those located in the... i p Pareto Frontier i w The crowding distance of each individual is marked as , i w =1, 2, ..., ; S64: From the hierarchical Pareto front set { Individuals are selected sequentially to construct a new parent population. P gen,new .

9. The power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization according to claim 8, characterized in that, Step S64 specifically includes the following sub-steps: S64.1: Initialize the selected individual n sel =0, initialize the current leading index. pr =1, initialize a new parent population. P gen,new = ; S64.2: Determine the current frontier Number of individuals and remaining candidate slots NP - n sel Relationship: If ≤ NP - n sel Then the frontier All individuals join P gen,new ,renew n sel = n sel + ,make i p = i p +1, return to step S64.2; if > NP - n sel Then proceed to step S64.3; S64.3: On the frontier All individuals, according to crowding level distance Sort in descending order and select the group with the largest crowding distance. NP - n sel Individuals join P gen,new ; S 64.4: Order P gen = P gen,new Complete the training of the new generation of parent populations P gen Update.

10. A power grid IDS backdoor defense system based on automatic pruning and fine-tuning optimization, comprising the power grid IDS backdoor defense method based on automatic pruning and fine-tuning optimization as described in any one of claims 1-9, characterized in that, The system includes: The data preprocessing module is used to construct a training dataset based on historical datasets collected by the smart grid SCADA system. D trn With the test dataset D ten ; The backdoor attack sample generation module is used to generate samples from the training dataset. D trn With the test dataset D ten Perform backdoor attacks separately to obtain a backdoor attack training dataset. D tr_bd Backdoor attack test dataset D te_bd ; The backdoor attack training and evaluation module is used to train and evaluate backdoor attack datasets. D tr_bd Clean deep learning model (CM) deployed in smart grid IDS IDS Train the backdoor attack to obtain the backdoor intrusion detection model BM. IDS and based on the test dataset D ten Backdoor attack test dataset D te_bd Evaluate the intrusion detection performance metrics and backdoor attack success rate of the model; The population initialization module is used to set multiple first parameters, construct the optimization objective function of the automatic backdoor defense method for power grid IDS, and encode the backdoor defense scheme to be evaluated using integer discrete encoding based on the first parameters to construct the population. P gen and the population P gen Perform initialization; Population evaluation module, used for evaluating populations based on the training dataset. D trn BM backdoor intrusion detection model IDS Implement population P gen Backdoor defense scheme based on individual representations, using test dataset D ten Backdoor attack test dataset D te_bd Evaluation of Backdoor Defense Model (BDM) after implementing individual corresponding defense schemes IDS The objective function is optimized, and individuals are ranked non-dominated and their crowding distance is calculated. The offspring population generation module is used to record the number of iterations. gen The offspring population is generated by selecting, crossovering, and mutating individuals within the population. Q gen , the parent population P gen With offspring population Q gen Merge into a new population P ngen ; The parent population update module is used to calculate the new population. P ngen The objective function for optimizing all individuals is used to perform non-dominated ranking and crowding distance calculations on the individuals, and to select the top... NP A superior individual generates a new parent population. P gen ; The Pareto optimal individual selection module is used to determine the number of iterations. gen Does it meet the requirements? gen ≥ Gen If not, set gen = gen +1, for the new parent population P gen Repeat steps S4 to S6; if so, the population... P Gen All non-dominated individuals are used as the Pareto optimal solution set PF, and the Pareto optimal individuals are selected from PF. p PO The backdoor defense scheme represented by this individual encoding is taken as the optimal power grid IDS backdoor defense scheme based on automatic pruning and fine-tuning optimization. The backdoor defense implementation module is used to implement the backdoor intrusion detection model BM. IDS Implementation p PO The Pareto optimal backdoor defense scheme is represented, and the optimal backdoor defense model BDM is obtained. IDS,PO BDM IDS,PO It is deployed online into the power grid intrusion detection system to perform real-time intrusion detection on data collected in real time by the smart grid monitoring and data acquisition system.

Images