Distributed new energy anti-theft electricity analysis system and method based on high-frequency data acquisition and artificial intelligence
By combining high-frequency data acquisition with an artificial intelligence collaborative architecture, and integrating lightweight and deep learning models, the system solves the problems of timeliness and reliable evidence storage in traditional systems for electricity theft identification in distributed new energy scenarios. It achieves efficient and accurate electricity theft identification and reliable evidence storage, adapting to the complex electricity theft patterns of distributed new energy.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- SICHUAN SIJI TECHNOLOGY CO LTD
- Filing Date
- 2026-05-19
- Publication Date
- 2026-06-16
AI Technical Summary
Traditional electricity information collection systems struggle to capture the microsecond to second-level electrical transient characteristics of electricity theft in distributed renewable energy scenarios. Their analysis models lack adaptive learning capabilities, and the centralized system architecture leads to communication bandwidth pressure and processing delays. Furthermore, the measurement data lacks a reliable evidence storage mechanism, making it difficult to serve as legal evidence for electricity theft.
It adopts a collaborative architecture consisting of a high-frequency distributed acquisition network layer, an edge intelligent computing layer, a cloud-side collaborative analysis layer, and a blockchain trusted evidence storage layer to achieve sub-second data acquisition, rapid initial screening at the edge, in-depth analysis in the cloud, and tamper-proof evidence storage. It combines lightweight machine learning models and deep learning models to identify electricity theft patterns, and uses blockchain evidence storage to ensure that the evidence is tamper-proof.
It significantly improves the timeliness and accuracy of detecting electricity theft, reduces communication bandwidth and computing pressure, has adaptive evolution capabilities, provides credible legal evidence support, and realizes the transformation from passive inspection to proactive defense.
Smart Images

Figure CN122221186A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of electricity monitoring technology, and more specifically, to a distributed new energy anti-theft electricity analysis system and method based on high-frequency data acquisition and artificial intelligence. Background Technology
[0002] With the advancement of dual-carbon goals, new energy forms such as distributed photovoltaics, decentralized wind power, and user-side energy storage are being connected to the distribution network on a large scale. Distributed new energy is characterized by numerous points of origin, wide distribution, and bidirectional power flow. Traditional electricity information collection systems are mainly designed for conventional load users, using daily frozen or hourly data as the analysis object, and using fixed threshold rules for data quality verification and equipment status assessment. These systems are difficult to adapt to the high-frequency, bidirectional, and randomly fluctuating electricity metering and anti-theft requirements of distributed new energy scenarios.
[0003] In existing technologies, electricity information collection systems have achieved online monitoring of the operating status of collection equipment and data quality verification, including source code layer specification verification, business layer logic verification, and real-time verification based on stream computing. However, existing solutions have the following shortcomings: First, the collection frequency is low, mainly consisting of daily frozen or 15-minute curve data, which cannot capture the microsecond to second-level electrical transient characteristics caused by electricity theft. Second, the analysis model is mainly based on fixed rules and empirical thresholds, lacking adaptive learning capabilities for complex electricity theft methods of distributed new energy sources. Third, the system architecture is mainly based on centralized processing, which leads to communication bandwidth pressure and processing delays when dealing with massive distributed grid-connected points. Fourth, the measurement data and analysis conclusions lack an immutable and reliable evidence storage mechanism, making it difficult to serve as legal evidence for electricity theft.
[0004] Therefore, there is an urgent need for a technology solution for preventing electricity theft based on high-frequency data acquisition and artificial intelligence in distributed new energy scenarios, so as to achieve accurate identification, rapid response and reliable evidence storage of electricity theft. Summary of the Invention
[0005] The purpose of this invention is to overcome the shortcomings of existing technologies, such as low data acquisition frequency, rigid analysis models, centralized architecture, and insufficient credibility of evidence, and to provide a distributed new energy anti-theft analysis system and method based on high-frequency data acquisition and artificial intelligence.
[0006] To achieve the above objectives, the present invention adopts the following technical solution: A distributed new energy anti-electricity theft analysis system based on high-frequency data acquisition and artificial intelligence, the system comprising at least: a high-frequency distributed acquisition network layer, an edge intelligent computing layer, a cloud-side collaborative analysis layer, and a blockchain trusted evidence storage layer; The high-frequency distributed acquisition network layer is deployed at distributed new energy grid connection points and user metering circuits. It is used to synchronously acquire electrical measurement data and equipment physical status data at a sub-second sampling frequency, and transmit the acquired data to the edge intelligent computing layer and the blockchain trusted storage layer, respectively. The edge intelligent computing layer is communicatively connected to the high-frequency distributed acquisition network layer, and includes at least an edge computing node and a local anomaly detection model. The edge computing node is used for preprocessing and feature extraction of the acquired data, and the local anomaly detection model is used for initial screening of local electricity theft behavior based on the extracted features, generating edge anomaly confidence scores and uploading them to the cloud-side collaborative analysis layer. The cloud-side collaborative analysis layer is communicatively connected to the edge intelligent computing layer, and includes at least a data fusion module, a time-series database, and an AI deep analysis engine. The data fusion module is used to perform multi-source heterogeneous data fusion on edge-uploaded data to construct a user-level electricity consumption-generation behavior profile. The time-series database is used to store high-frequency time-series measurement data. The AI deep analysis engine is used to identify electricity theft patterns and generate an electricity theft suspicion index based on the behavior profile and time-series data through a deep learning model. The blockchain trusted evidence storage layer is connected to the high-frequency distributed acquisition network layer and the cloud-side collaborative analysis layer, respectively, and is used to perform hash-based on-chain evidence storage of the original measurement data, and to perform tamper-proof evidence storage of the abnormal analysis results output by the AI deep analysis engine.
[0007] Preferably, the high-frequency distributed acquisition network layer includes at least a synchronous phasor measurement unit, a high-frequency smart IoT energy meter, and an environmental sensor; the synchronous phasor measurement unit is used to acquire voltage phasors, current phasors, power factor, and harmonic components at the grid connection point; the high-frequency smart IoT energy meter is used to acquire forward and reverse active power, reactive power, energy consumption, and voltage and current waveforms on the user side at a frequency of seconds or sub-seconds; the environmental sensor is used to acquire ambient temperature, light intensity, inverter surface temperature, and vibration frequency.
[0008] Preferably, the local anomaly detection model in the edge intelligent computing layer is a lightweight machine learning model, including an anomaly detection model based on isolated forest or a reconstruction error analysis model based on autoencoder; the edge computing node is used to clean, normalize, and reduce the dimensions of the collected data, and extract time-domain statistical features, frequency-domain harmonic features, and transient event features.
[0009] Preferably, the AI deep analysis engine in the cloud-side collaborative analysis layer includes at least: a time-series prediction network, a graph neural network, and a contrastive learning model; the time-series prediction network is used to predict the user's power generation-consumption curve based on historical high-frequency data, and to identify abnormal power consumption patterns through prediction deviations; the graph neural network is used to construct an electrical topology graph among users in the region, and to identify group electricity theft behavior through node feature aggregation; the contrastive learning model is used to learn the potential representation of normal power consumption behavior, and to determine suspected electricity theft by measuring the distribution distance between abnormal samples and normal samples.
[0010] Preferably, the data sources fused by the data fusion module include at least: high-frequency electrical measurement data, meteorological data, geographic information data, user profile data, equipment profile data, and historical electricity theft case data; the data fusion module maps multi-source data to a unified time axis through a spatiotemporal alignment algorithm and establishes a multi-dimensional association index based on user identifiers.
[0011] Preferably, the blockchain trusted evidence storage layer adopts a consortium blockchain architecture, including at least a data collection evidence storage node, an analysis result evidence storage node, and a regulatory node; the data collection evidence storage node is used to write the hash value, timestamp, and device identification of the original measurement data into the block; the analysis result evidence storage node is used to write the electricity theft suspicion index, abnormal evidence chain, and model decision basis into the block; the regulatory node is used to provide a read-only query interface for the power regulatory agency.
[0012] Preferably, the system further includes an active defense response module, which is used to trigger a graded early warning based on the electricity theft suspicion index; when the electricity theft suspicion index exceeds a first threshold, a field inspection work order is generated; when it exceeds a second threshold, the metering circuit switch is remotely controlled to disconnect or limit the grid-connected power; when it exceeds a third threshold, an electricity theft alarm and a complete evidence package are pushed to the power supervision platform.
[0013] Preferably, the electricity theft modes include at least: electricity theft via pre-meter wiring, electricity theft via metering circuit bypass, electricity theft via inverter parameter tampering, electricity theft via reverse power transmission anomaly, electricity theft via islanded operation, and electricity theft via distributed power output spoofing.
[0014] This invention also provides a distributed new energy anti-theft analysis method based on high-frequency data acquisition and artificial intelligence applied to the above-mentioned system, the method comprising: Configure high-frequency acquisition parameters according to the distributed new energy grid connection topology, and deploy a high-frequency distributed acquisition network layer at the grid connection point and user metering loop. The high-frequency distributed acquisition network layer synchronously acquires electrical measurement data and equipment physical status data at a sub-second sampling frequency, and uploads the raw data to the blockchain trusted storage layer after hashing the data. The edge intelligent computing layer preprocesses the collected data, extracts features, and performs localized anomaly screening to generate edge anomaly confidence. The edge anomaly confidence level and the corresponding high-frequency feature data are uploaded to the cloud-side collaborative analysis layer; The cloud-side collaborative analysis layer integrates multi-source heterogeneous data to construct a user-level electricity consumption and generation behavior profile, and uses an AI deep analysis engine to identify electricity theft patterns and generate an electricity theft suspicion index. The electricity theft suspicion index and analysis results are stored on the blockchain for evidence, and a graded response is triggered according to the suspicion index level.
[0015] Preferably, the step of using an AI deep analysis engine to identify electricity theft patterns includes: Input the user's historical high-frequency electricity consumption-generation data into the time series prediction network to generate a baseline behavior curve; Calculate the deviation vector between the real-time measurement data and the baseline behavior curve. When the deviation continuously exceeds the dynamic threshold, it is marked as an individual abnormality. By treating regional users as graph nodes and electrical connections as edges, and aggregating the features of neighboring nodes through a graph neural network, abnormal nodes in the group whose behavior deviates from that of their neighbors by more than a preset threshold are identified. The electricity theft suspicion index is generated by calculating the Wasserstein distance between real-time behavioral features and normal behavioral distribution using a contrastive learning model.
[0016] Compared with existing technologies, the beneficial effects of this invention are as follows: This invention captures transient electrical characteristics caused by electricity theft through sub-second high-frequency synchronous acquisition technology, significantly improving the timeliness and accuracy of electricity theft detection; it adopts a cloud-edge-device collaborative architecture, performing rapid initial screening at the edge and precise analysis in the cloud, effectively reducing communication bandwidth and computing pressure, and adapting to the scenario of massive grid-connected points of distributed new energy; it integrates multi-source data such as electrical measurements, meteorological environment, user profiles, and topology relationships, and constructs a multi-dimensional electricity theft identification model through time series prediction, graph neural networks, and comparative learning, breaking through the limitations of traditional fixed rule models and possessing adaptive evolution capabilities; it introduces a blockchain trusted evidence storage mechanism to ensure the integrity and immutability of the anti-electricity theft evidence chain, providing a credible basis for administrative handling and legal proceedings; it specifically models electricity theft modes unique to distributed new energy, such as inverter tampering, reverse power transmission anomalies, and output spoofing, filling the gap in existing anti-electricity theft technologies in the new energy field and realizing the transformation from passive inspection to proactive defense. Attached Figure Description
[0017] To more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are merely exemplary. For those skilled in the art, other embodiments can be derived from the provided drawings without creative effort.
[0018] Figure 1 A structural diagram of a distributed new energy anti-electricity theft analysis system based on high-frequency data acquisition and artificial intelligence provided in this application embodiment; Figure 2 A flowchart of a distributed new energy anti-theft electricity analysis method based on high-frequency data acquisition and artificial intelligence provided in this application embodiment. Detailed Implementation
[0019] The accompanying drawings are for illustrative purposes only and should not be construed as limiting the scope of this patent. To better illustrate this embodiment, some parts in the accompanying drawings may be omitted, enlarged, or reduced, and do not represent the actual product dimensions; It will be understood by those skilled in the art that certain well-known structures and their descriptions may be omitted in the accompanying drawings.
[0020] The embodiments of this application will be further described in detail below with reference to the accompanying drawings and examples.
[0021] It is understood that the specific embodiments described herein are merely illustrative of the embodiments of this application and are not intended to limit the embodiments of this application. Furthermore, it should be noted that, for ease of description, the accompanying drawings only show the parts related to the embodiments of this application, not all structures. Those skilled in the art, after reading this specification, should be able to realize that any combination of technical features can constitute an optional implementation method, provided that the technical features do not contradict each other.
[0022] The terms "first," "second," etc., used in the specification and claims of this application are used to distinguish similar objects and not to describe a specific order or sequence. It should be understood that such use of data can be interchanged where appropriate so that embodiments of this application can be implemented in orders other than those illustrated or described herein, and the objects distinguished by "first," "second," etc., are generally of the same class and the number of objects is not limited; for example, a first object can be one or more. Furthermore, in the specification and claims, "and / or" indicates at least one of the connected objects, and the character " / " generally indicates that the preceding and following objects are in an "or" relationship. In the description of this application, "multiple" means two or more, and "several" means one or more.
[0023] This invention belongs to the field of power system electricity theft detection technology, specifically involving an anti-theft analysis system and method for distributed new energy (such as distributed photovoltaic, decentralized wind power, and residential energy storage) grid-connected scenarios. In recent years, the installed capacity of distributed new energy has grown rapidly, with a large number of grid-connected points, scattered distribution, complex operating environments, and bidirectional energy flow between power generation and consumption. Traditional anti-theft technologies mainly target unidirectional loads on the user side, with low sampling frequencies (typically 15 minutes to 1 hour), data analysis relying on human experience, making it difficult to detect new types of electricity theft in a timely manner, and evidence is difficult to solidify. Therefore, this invention proposes a distributed new energy anti-theft analysis system based on high-frequency data acquisition and artificial intelligence. Through an end-edge-cloud-chain collaborative architecture, it achieves sub-second data acquisition, rapid initial screening at the edge, in-depth analysis in the cloud, and trusted blockchain evidence storage, effectively improving the accuracy of electricity theft identification and investigation efficiency.
[0024] Please see Figure 1 This system comprises four core layers: a high-frequency distributed acquisition network layer, an edge intelligent computing layer, a cloud-based collaborative analysis layer, and a blockchain-based trusted storage layer. The high-frequency distributed acquisition network layer is deployed at distributed renewable energy grid connection points and user metering circuits, synchronously acquiring electrical measurement data and equipment physical status data at a sub-second sampling frequency, and transmitting the acquired data to the edge intelligent computing layer and the blockchain-based trusted storage layer respectively. The edge intelligent computing layer communicates with the high-frequency distributed acquisition network layer and includes at least edge computing nodes and a local anomaly detection model. The edge computing nodes preprocess the acquired data and extract features, while the local anomaly detection model performs initial screening of localized electricity theft behavior based on the extracted features, generates edge anomaly confidence scores, and uploads them to the cloud-based collaborative analysis layer. The cloud-side collaborative analysis layer communicates with the edge intelligent computing layer and includes at least a data fusion module, a time-series database, and an AI deep analysis engine. The data fusion module performs multi-source heterogeneous data fusion on edge-uploaded data to construct a user-level electricity consumption-generation behavior profile. The time-series database stores high-frequency time-series measurement data. Based on the behavior profile and time-series data, the AI deep analysis engine uses a deep learning model to identify electricity theft patterns and generate an electricity theft suspicion index. A blockchain trusted evidence storage layer connects to both the high-frequency distributed acquisition network layer and the cloud-side collaborative analysis layer, performing hash-based on-chain evidence storage of the raw measurement data and providing tamper-proof evidence storage of the abnormal analysis results output by the AI deep analysis engine. Furthermore, the system includes a proactive defense response module that triggers tiered early warnings and remote control based on the electricity theft suspicion index.
[0025] In a typical implementation scenario, the system is deployed in a 10kV feeder area with 300 distributed photovoltaic users, with a total installed capacity of approximately 8MW. The high-frequency distributed acquisition network layer includes three core devices: synchronous phasor measurement units (PMUs), high-frequency smart IoT energy meters, and environmental sensors. The PMUs are miniature devices conforming to the IEEE C37.118-2011 standard, deployed at the 10kV busbar of the feeder head substation, key nodes of each branch line, and large-scale distributed photovoltaic grid-connected points with an installed capacity exceeding 100kW. The PMUs use GPS / BeiDou dual-mode time synchronization, with a time synchronization accuracy better than 1 microsecond, outputting three-phase voltage phasors (amplitude accuracy 0.1%, phase angle accuracy 0.05 degrees), three-phase current phasors (accuracy 0.2%), frequency (resolution 0.001Hz), rate of frequency change, and the amplitude and phase angle of the 2nd to 25th harmonics at a rate of 100 frames per second. This data is crucial for identifying reverse power transmission anomalies and islanded operation power theft.
[0026] The high-frequency smart IoT energy meter uses a 0.2S-class three-phase four-wire smart energy meter. Its metering chip employs a 24-bit Σ-Δ analog-to-digital converter, with 256 sampling points per cycle (equivalent to 12.8kHz at 50Hz power frequency). In normal operation mode, the energy meter outputs fundamental RMS data at a frequency of 10Hz, including the RMS values of the three-phase voltages (A, B, and C), RMS values of the current, forward active power (power supplied from the grid to the user), reverse active power (power supplied from the user to the grid), four-quadrant reactive power, power factor, and cumulative forward / reverse energy consumption. When a temporary high-frequency acquisition command is issued by the edge computing node or the cloud, the energy meter can remotely switch to waveform acquisition mode, uploading complete waveform data of 256 points per cycle for 5 minutes for refined analysis.
[0027] Environmental sensors are installed at each photovoltaic grid-connected point, including an irradiance sensor, a backsheet temperature sensor (attached to the back of the photovoltaic module, range -40℃ to +100℃, accuracy ±0.5℃), an inverter surface temperature sensor (PT100 platinum resistance thermometer), and a vibration sensor (measuring the vibration frequency of the inverter casing, range 10-1000Hz, sensitivity 100mV / g). The environmental sensor data sampling frequency is 1Hz, used to help determine the theoretical power generation capacity of the photovoltaic system, and thus identify electricity theft behaviors such as inverter parameter tampering or output spoofing.
[0028] All data acquisition devices are precisely timed via GPS / BeiDou modules, with timestamp accuracy uniformly set to 1 millisecond. Network clock synchronization is achieved using the IEEE 1588 Precision Time Protocol, ensuring sampling time deviations between different devices do not exceed 10 microseconds. Data acquisition employs dual-path parallel transmission: the real-time transmission channel pushes data to edge computing nodes via MQTT protocol through a 5G communication module, with latency controlled within 100 milliseconds; the evidence storage transmission channel packages the SHA-256 hash value, device ID, sampling timestamp, data length, and other information of the original data, and uploads it to the blockchain evidence storage node via HTTPS protocol. The original data itself does not pass through this channel to reduce storage pressure.
[0029] Edge computing nodes are deployed in the smart converged terminals of the distribution areas. Each terminal is equipped with a quad-core ARM processor, 4GB of RAM, 64GB of solid-state storage, and an integrated NPU (Neural Processing Unit). One edge computing node is deployed in each distribution area, managing 50-200 distributed new energy users within that area. The edge computing nodes run a Linux operating system and containerized microservices, supporting hot model updates and remote operation and maintenance.
[0030] The data preprocessing process is as follows: First, data cleaning is performed. Single-point missing data is filled using linear interpolation. Three or more consecutive missing points are marked as communication interruptions and reported to the cloud. Values exceeding the physical range (such as voltage exceeding the rated value by ±30% or power exceeding the installed capacity by 200%) are directly discarded and marked as sensor anomalies. Second, normalization processing is performed. Voltage and current are normalized to per unit based on the rated value, power is normalized to per unit based on the user's installed capacity, and temperature and irradiance are normalized to the sensor range. Then, features are extracted: within each 10-second window (sliding step size of 1 second), time-domain statistical features (mean, standard deviation, peak-to-peak value, skewness, kurtosis, root mean square value, waveform factor, peak factor), frequency-domain harmonic features (the amplitude and phase angle of the 2nd, 3rd, 5th, 7th, and 9th harmonics are extracted using FFT, and the total harmonic distortion (THD) is calculated), and transient event features (detecting voltage sags / boosts and power surges, and recording the event time, duration, and magnitude of change) are extracted.
[0031] The local anomaly detection model employs two lightweight machine learning models running in parallel and comprehensively outputting the edge anomaly confidence score. The first is an isolation forest-based anomaly detection model: each user independently maintains a model consisting of 100 isolated trees, trained using normal data from the last 30 days, calculating anomaly scores (0-1) for each sample. The second is an autoencoder-based reconstruction error analysis model: the autoencoder uses a three-layer fully connected network (128-dimensional input layer, 32-dimensional hidden layer, 128-dimensional output layer), trained only on normal samples, and the reconstruction error uses mean squared error. The edge anomaly confidence score is calculated as: 0.4 × isolation forest score + 0.6 × (autoencoder reconstruction error / 95th percentile threshold of training set). When the edge anomaly confidence score exceeds 0.6, the high-frequency feature data and confidence scores for that time period are packaged and uploaded to the cloud-side collaborative analysis layer; data below 0.6 is only cached locally for 7 days before being deleted, thus reducing invalid data uploads by more than 90%.
[0032] The cloud-based system uses the TimescaleDB time-series database to store all high-frequency measurement data, creating a composite index based on user ID, device ID, and timestamp. Data retention strategy: raw high-frequency data is retained for 90 days, aggregated daily feature data is retained for 3 years, and monthly statistical data is permanently retained. The data fusion module integrates data sources including: high-frequency electrical measurement data (from PMU, electricity meters, and environmental sensors), meteorological data (hourly irradiance, temperature, humidity, and wind speed, obtained from the meteorological bureau), geographic information data (latitude and longitude of grid connection point, orientation, and obstruction status), user profile data (user name, electricity account number, grid-connected capacity, contract capacity, and electricity price type), device profile data (inverter model, rated power, and efficiency curve), and historical electricity theft case data. The fusion process first performs spatiotemporal alignment: linear interpolation is used to unify the time resolution of all data sources to 1 second, and forward filling or cubic spline interpolation is used for meteorological data; spatially, user ID is used as the core identifier, and meteorological data is matched according to the nearest grid point. Then, a user-level electricity consumption and generation behavior profile is constructed. Each user generates a profile daily containing the following dimensions: generation characteristics (daily power generation, peak power generation time, correlation coefficient between the power generation curve and the theoretical irradiance curve, and power generation efficiency per unit installed capacity), electricity consumption characteristics (daily electricity consumption, peak-valley electricity consumption ratio, load factor, and time of maximum demand), power balance characteristics (backfeed ratio, power factor distribution, and voltage deviation distribution), and environmental response characteristics (sensitivity of power generation to irradiance and temperature decay coefficient). The profile is stored in JSON format and associated with the user profile and geographical location.
[0033] The AI deep analysis engine comprises three sub-models working collaboratively. First, the time-series prediction network employs an LSTM structure: the input layer receives 96 historical time points (each containing 8 features including power, irradiance, and temperature), two LSTM layers each with 128 hidden units (Dropout=0.2), and a fully connected output layer predicts power values for the next 24 time points. The model is trained using the user's most recent 60 days of normal data, employing the Adam optimizer with a learning rate of 0.001 and a mean squared error loss function. In real-time monitoring, the model predicts the power curve for the next hour based on the most recent 4 hours of historical data, calculates the deviation between the actual and predicted values, and determines a dynamic threshold using the exponentially weighted moving average (EWMA) method. When the deviation exceeds twice the dynamic threshold for three consecutive time points and the deviation pattern matches a known electricity theft feature database, it is marked as an individual anomaly. Second, a graph neural network (GraphSAGE) constructs an electrical topology graph G=(V,E) among users in the region: nodes represent users, and edges represent electrical connections (same substation, same feeder, or same transformer, with a voltage-time Pearson correlation coefficient > 0.9). Each node has an initial 32-dimensional feature vector (including power generation efficiency, power consumption patterns, harmonic features, etc.), and outputs a behavioral consistency score for each node through two layers of graph convolution (mean aggregation). If a node's behavioral deviation from its neighboring nodes exceeds a threshold (consistency score < 0.3), it is marked as an anomalous node in the group. Third, the contrastive learning model uses the SimCLR framework, with a ResNet-18 encoder, mapping 128-dimensional time series segments to 128-dimensional latent feature vectors. All training data consists of normal samples that have been manually verified. Data from the same user on different dates at the same time are positive sample pairs, while data from different users or at different time periods are negative sample pairs. During inference, real-time behavioral features are input into the encoder to obtain a latent vector z. The Wasserstein distance between z and the normal sample distribution is calculated, and the anomaly score is obtained through sigmoid mapping. The final electricity theft suspicion index is a combination of the outputs of three models: 0.3×LSTM bias normalized score + 0.3×(1-Graph Neural Network Consistency Score) + 0.4×Contrast Anomaly Score. The index ranges from 0 to 1, with higher values indicating greater suspicion. Among them, Wasserstein distance, also known as Earth Mover's Distance (EMD), is a mathematical indicator that measures the difference between two probability distributions.
[0034] The blockchain adopts a Hyperledger Fabric consortium blockchain architecture. Participating nodes include data collection and storage nodes (deployed at the edge gateway of each distribution area, totaling 30), analysis result storage nodes (deployed in the cloud data center, totaling 5), regulatory nodes (providing read-only query interfaces for power regulatory agencies), and ranking nodes (run by the power company's core data center). The data collection and storage process is as follows: Every 5 minutes, the edge computing nodes package the hash values of the raw data from the most recent 5 minutes (a Merkle tree is constructed after calculating SHA-256 for each sampling point, and the root hash is uploaded), device identification (a digital certificate issued by the power company's CA), timestamps (precisely in milliseconds), data start and end times, data length, and other information into a transaction and send it to the ranking nodes. The ranking nodes package multiple transactions into a block and broadcast it to all storage nodes. After verifying the signature and transaction legality, they write the block into the ledger. Each user uploads approximately 1KB of data per day, resulting in minimal pressure. Analysis Result Preservation: Every hour, the cloud side hashes all anomaly analysis results (user ID, electricity theft suspicion index, abnormal time period, suspicion pattern type, and feature importance ranking based on model decision criteria) and uploads them to the blockchain. For highly suspected users with an electricity theft suspicion index exceeding 0.7, the hash value of the complete anomaly evidence chain (key waveform screenshots, feature comparison curves, neighbor comparison data, etc.) is additionally uploaded to the blockchain. The original evidence files are stored in cloud-encrypted object storage, and their access URLs are also uploaded to the blockchain as metadata. During evidence verification, investigators retrieve the hash value from the blockchain, retrieve the original data from local storage or the cloud, recalculate the hash, and compare it. If they match, it proves that the data has not been tampered with and can be used as valid evidence.
[0035] The proactive defense response module automatically triggers tiered responses based on the electricity theft suspicion index. Level 1 (Suspicion index 0.4~0.6, low suspicion): A field inspection work order is generated and pushed to the mobile terminal of the corresponding transformer area maintenance personnel. The work order includes basic user information, the suspected time period, and a summary of abnormal characteristics, requiring on-site verification and feedback within 72 hours. Level 2 (Suspicion index 0.6~0.8, moderate suspicion): Simultaneously with generating the inspection work order, a command is sent via 4G / 5G remote communication to the smart switch in the user's metering circuit, limiting the grid-connected power to 30% of the installed capacity to control the expansion of losses and avoid a complete power outage affecting normal power consumption. If no cooperation is received within 72 hours, the system automatically escalates to Level 3. Level 3 (Suspicion Index 0.8~1.0, High Suspicion): The remote control metering circuit switch is completely disconnected, cutting off the user's grid connection; at the same time, a complete alarm package is automatically pushed to the power supervision platform (such as the power supply service center inspection department, energy supervision office), including detailed user information, the trend of electricity theft suspicion index, abnormal evidence chain (including original data hash evidence index, waveform comparison chart, AI decision basis), and suggested handling measures (on-site inspection, collection of electricity fees, administrative penalties, etc.). The alarm package is transmitted with digital signature encryption to ensure authenticity.
[0036] Please see Figure 2 The anti-electricity theft analysis method provided by this invention includes the following steps: The first step is to configure high-frequency acquisition parameters according to the distributed new energy grid connection topology, deploy a high-frequency distributed acquisition network layer at the grid connection point and user metering loop, set the normal sampling rate to 10Hz, temporarily increase the sampling rate to 12.8kHz for high-suspect users, and configure blockchain node identity certificates and communication keys.
[0037] The second step involves synchronously collecting electrical measurement data and equipment physical status data at a sub-second sampling frequency through a high-frequency distributed acquisition network layer, and then uploading the raw data to the blockchain trusted storage layer after hashing (once every 5 minutes).
[0038] The third step involves preprocessing the collected data (cleaning, normalization, dimensionality reduction), extracting features (time domain, frequency domain, transient features), and performing local anomaly screening (isolated forest and autoencoder) through the edge intelligent computing layer, generating edge anomaly confidence scores, and uploading data and features exceeding 0.6 to the cloud.
[0039] The fourth step is to upload the edge anomaly confidence level and the corresponding high-frequency feature data to the cloud-side collaborative analysis layer.
[0040] The fifth step involves fusing multi-source heterogeneous data (electrical measurements, meteorology, geography, archives, and case studies) through a cloud-side collaborative analysis layer to construct a user-level profile of electricity consumption and generation behavior. An AI deep analysis engine is then used to identify electricity theft patterns and generate an electricity theft suspicion index.
[0041] Specifically, AI identification includes: inputting users' historical high-frequency electricity consumption-generation data into a time-series prediction network to generate a baseline behavior curve; calculating the deviation vector between real-time data and the baseline curve; and marking individual anomalies when the deviation continuously exceeds a dynamic threshold; using regional users as graph nodes and electrical connection relationships as edges; aggregating neighbor node features through a graph neural network to identify abnormal nodes in the group whose deviation from neighbor behavior exceeds a preset threshold; and calculating the Wasserstein distance between real-time behavior features and normal behavior distribution through a contrastive learning model to generate an electricity theft suspicion index.
[0042] The sixth step is to store the electricity theft suspicion index and analysis results on the blockchain, and trigger a graded response (work order, power limit, disconnection and alarm) based on the suspicion index level.
[0043] For electricity theft via pre-meter wiring, users bypass the electricity meter's wiring, resulting in a normal total incoming current but a lower metered current, and an abnormally high line loss rate in the distribution area. Graph neural networks detect a sharp drop in the current consistency score between the user and neighboring nodes, and a significant increase in the Wasserstein distance of the comparative learning model. For electricity theft via inverter parameter tampering, users modify inverter parameters to make the actual grid-connected electricity higher than the metered value, resulting in normal ambient irradiance and temperature but reported power generation lower than the theoretical value, along with an abnormally high inverter surface temperature. Environmental sensor data becomes a key criterion. For electricity theft via reverse power feeding, users manipulate the reverse power metering circuit to under-count or omit reverse power, resulting in normal forward power but near-zero reverse power even under sufficient sunlight, and potentially an abnormally high grid connection voltage. Voltage phasor and frequency data collected by the PMU play a decisive role. To combat the theft of electricity by masquerading as distributed power generation, users use diesel generators to impersonate photovoltaic power generation. This is characterized by extremely low correlation between power generation and irradiance (which should normally be greater than 0.9), continued power output at night, and predominantly odd harmonics. LSTM prediction models will find that the actual power output deviates significantly from the predicted value based on irradiance.
[0044] This invention achieves second-level response and reduces invalid data uploads by more than 90% by combining high-frequency acquisition with edge screening; through multi-dimensional fusion analysis of temporal prediction networks, graph neural networks, and contrastive learning models, the accuracy rate of electricity theft identification reaches 94.7%, an improvement of about 35 percentage points compared with traditional methods; through full-chain blockchain evidence storage, an immutable evidence loop from raw data to analysis results is formed, providing judicial-grade credible evidence for law enforcement; through hierarchical proactive defense, the response intensity is dynamically adjusted according to the suspicion index, balancing the effectiveness of electricity theft prevention with the user's electricity experience.
[0045] The same or similar labels correspond to the same or similar parts; The terms used to describe positional relationships in the accompanying drawings are for illustrative purposes only and should not be construed as limiting this patent. Obviously, the above embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the implementation of the present invention. For those skilled in the art, other variations or modifications can be made based on the above description. It is neither necessary nor possible to exhaustively list all implementation methods here. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of the present invention should be included within the protection scope of the claims of the present invention.
Claims
1. A distributed new energy anti-electricity theft analysis system based on high-frequency data acquisition and artificial intelligence, characterized in that: The system includes at least: a high-frequency distributed acquisition network layer, an edge intelligent computing layer, a cloud-side collaborative analysis layer, and a blockchain trusted evidence storage layer; The high-frequency distributed acquisition network layer is deployed at distributed new energy grid connection points and user metering circuits. It is used to synchronously acquire electrical measurement data and equipment physical status data at a sub-second sampling frequency, and transmit the acquired data to the edge intelligent computing layer and the blockchain trusted storage layer, respectively. The edge intelligent computing layer is communicatively connected to the high-frequency distributed acquisition network layer, and includes at least an edge computing node and a local anomaly detection model. The edge computing node is used for preprocessing and feature extraction of the acquired data, and the local anomaly detection model is used for initial screening of local electricity theft behavior based on the extracted features, generating edge anomaly confidence scores and uploading them to the cloud-side collaborative analysis layer. The cloud-side collaborative analysis layer is communicatively connected to the edge intelligent computing layer, and includes at least a data fusion module, a time-series database, and an AI deep analysis engine. The data fusion module is used to perform multi-source heterogeneous data fusion on edge-uploaded data to construct a user-level electricity consumption-generation behavior profile. The time-series database is used to store high-frequency time-series measurement data. The AI deep analysis engine is used to identify electricity theft patterns and generate an electricity theft suspicion index based on the behavior profile and time-series data through a deep learning model. The blockchain trusted evidence storage layer is connected to the high-frequency distributed acquisition network layer and the cloud-side collaborative analysis layer, respectively, and is used to perform hash-based on-chain evidence storage of the original measurement data, and to perform tamper-proof evidence storage of the abnormal analysis results output by the AI deep analysis engine.
2. The system according to claim 1, characterized in that, The high-frequency distributed acquisition network layer includes at least a synchronous phasor measurement unit, a high-frequency smart IoT energy meter, and an environmental sensor. The synchronous phasor measurement unit is used to collect voltage phasors, current phasors, power factor, and harmonic components at the grid connection point. The high-frequency smart IoT energy meter is used to collect the positive and negative active power, reactive power, energy consumption and voltage and current waveforms on the user side at a frequency of seconds or sub-seconds. The environmental sensor is used to collect ambient temperature, light intensity, inverter surface temperature, and vibration frequency.
3. The system according to claim 1, characterized in that, The local anomaly detection model in the edge intelligent computing layer is a lightweight machine learning model, including an anomaly detection model based on isolated forests or a reconstruction error analysis model based on autoencoders. The edge computing nodes are used to clean, normalize, and reduce the dimensions of the collected data, and extract time-domain statistical features, frequency-domain harmonic features, and transient event features.
4. The system according to claim 1, characterized in that, The AI deep analysis engine in the cloud-side collaborative analysis layer includes at least: a temporal prediction network, a graph neural network, and a contrastive learning model; The time-series prediction network is used to predict user power generation-consumption curves based on historical high-frequency data, and to identify abnormal power consumption patterns through prediction deviations. The graph neural network is used to construct an electrical topology graph between regional users and to identify group electricity theft behavior through node feature aggregation. The contrastive learning model is used to learn the potential representation of normal electricity consumption behavior and to determine the suspicion of electricity theft by measuring the distribution distance between abnormal samples and normal samples.
5. The system according to claim 1, characterized in that, The data fusion module integrates at least the following data sources: high-frequency electrical measurement data, meteorological data, geographic information data, user profile data, equipment profile data, and historical electricity theft case data; The data fusion module maps multi-source data to a unified time axis through a spatiotemporal alignment algorithm and establishes a multi-dimensional association index based on user identifiers.
6. The system according to claim 1, characterized in that, The blockchain trusted evidence storage layer adopts a consortium blockchain architecture and includes at least data collection evidence storage nodes, analysis result evidence storage nodes, and regulatory nodes. The data storage node is used to write the hash value, timestamp, and device identification of the original measurement data into the block. The analysis result storage node is used to write the electricity theft suspicion index, abnormal evidence chain and model decision basis into the block; The regulatory node is used to provide a read-only query interface for the power regulatory agency.
7. The system according to any one of claims 1-6, characterized in that, The system also includes an active defense response module, which is used to trigger graded early warnings based on the electricity theft suspicion index. When the suspicion index of electricity theft exceeds the first threshold, an on-site inspection work order is generated; When the second threshold is exceeded, the remote control metering circuit switch is disconnected or the grid-connected power is limited; when the third threshold is exceeded, an electricity theft alarm and a complete evidence package are pushed to the power monitoring platform.
8. The system according to claim 1, characterized in that, The electricity theft methods include at least: electricity theft via front-meter wiring, electricity theft via metering circuit bypass, electricity theft via inverter parameter tampering, electricity theft via reverse power transmission anomaly, electricity theft via islanded operation, and electricity theft via distributed power output spoofing.
9. A distributed new energy anti-theft electricity analysis method based on high-frequency data acquisition and artificial intelligence, applied to any of the systems described in claims 1-8, characterized in that, The method includes: Configure high-frequency acquisition parameters according to the distributed new energy grid connection topology, and deploy a high-frequency distributed acquisition network layer at the grid connection point and user metering loop. The high-frequency distributed acquisition network layer synchronously acquires electrical measurement data and equipment physical status data at a sub-second sampling frequency, and uploads the raw data to the blockchain trusted storage layer after hashing the data. The edge intelligent computing layer preprocesses the collected data, extracts features, and performs localized anomaly screening to generate edge anomaly confidence. The edge anomaly confidence level and the corresponding high-frequency feature data are uploaded to the cloud-side collaborative analysis layer; The cloud-side collaborative analysis layer integrates multi-source heterogeneous data to construct a user-level electricity consumption and generation behavior profile, and uses an AI deep analysis engine to identify electricity theft patterns and generate an electricity theft suspicion index. The electricity theft suspicion index and analysis results are stored on the blockchain for evidence, and a graded response is triggered according to the suspicion index level.
10. The method according to claim 9, characterized in that, The method of using an AI deep analysis engine to identify electricity theft patterns includes: Input the user's historical high-frequency electricity consumption-generation data into the time series prediction network to generate a baseline behavior curve; Calculate the deviation vector between the real-time measurement data and the baseline behavior curve. When the deviation continuously exceeds the dynamic threshold, it is marked as an individual abnormality. By treating regional users as graph nodes and electrical connections as edges, and aggregating the features of neighboring nodes through a graph neural network, abnormal nodes in the group whose behavior deviates from that of their neighbors by more than a preset threshold are identified. The electricity theft suspicion index is generated by calculating the Wasserstein distance between real-time behavioral features and normal behavioral distribution using a contrastive learning model.