Microgrid security defense method, system, medium and product based on digital twinning

By combining digital twin technology and Bayesian-Stackerberg game model, the problem of the disconnect between microgrid defense methods and physical reality is solved, achieving optimal decision-making and rapid response for microgrid security defense, and ensuring the scientific nature and effectiveness of the strategy.

CN122247759APending Publication Date: 2026-06-19ANHUI ZENITH ELECTRICITY & ELECTRONICS

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
ANHUI ZENITH ELECTRICITY & ELECTRONICS
Filing Date
2026-05-20
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing microgrid defense methods are out of touch with physical reality and lack optimal decision-making capabilities. Traditional game theory models simplify the dynamic characteristics of distributed power sources and energy storage systems, and data-driven detection methods lack scientific decision-making guidance, resulting in suboptimal and lagging defense strategies.

Method used

By combining digital twin technology with a Bayesian-Stackerberg game model, the optimal defense strategy is calculated in a high-fidelity microgrid digital twin simulation environment. The dynamic characteristics and control logic of the power generation, grid, load, storage, and charging systems are considered, and time-domain simulation and Bayesian game optimization decision-making are performed using the digital twin model.

Benefits of technology

It realizes the scientific nature and optimization of microgrid defense strategies, ensures the effectiveness and feasibility of strategies in both islanded and grid-connected modes, avoids the disconnect between defense methods and physical reality, and provides rapid and accurate attack and defense strategy evaluation and optimal decision-making.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247759A_ABST
    Figure CN122247759A_ABST
Patent Text Reader

Abstract

This invention provides a microgrid security defense method, system, medium, and product based on digital twins. The defense method includes: calculating the optimal estimated state of the microgrid at time t based on real-time measurement data; synchronously updating the digital twin model; calculating the measurement residual r and its chi-square test statistic J(r) of the measurement data; if J(r) > attack detection threshold, it is determined that an external intruder is attacking the microgrid, and the previous unattacked state of the digital twin model is extracted to trigger the defense decision-making process. All payoff / loss calculations in this invention rely on high-fidelity microgrid digital twin model simulation results, fully considering the dynamic characteristics, control logic, and mutual coupling relationships of each unit in the "source-grid-load-storage-charging" system, ensuring the feasibility and effectiveness of the final strategy in a real microgrid, thereby avoiding the disconnect between the microgrid defense method and physical reality and ensuring the scientific nature of the defense strategy.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of microgrid security technology, and in particular to a microgrid security defense method, system, medium and product based on digital twins. Background Technology

[0002] Currently, security attack defense methods for microgrids and other smart power-side systems suffer from the following drawbacks: 1. Model-based analysis methods are disconnected from actual operation: Traditional game theory-based attack and defense models, for ease of solution, often oversimplify the diverse resources in microgrids, such as distributed power sources (photovoltaics, wind power), energy storage systems (ESS), and controllable loads, ignoring their complex dynamic characteristics and control logic. This leads to theoretically optimal strategies being ineffective or causing secondary disturbances in actual microgrids (especially in islanded operation mode). 2. Data-driven detection methods lack decision-making capabilities: Existing intrusion detection systems (IDS) or anomaly detection algorithms mainly focus on detecting attacks against microgrids (such as data tampering and communication hijacking), i.e., answering the question "has it been attacked?". However, they lack scientific and quantitative decision-making guidance on how to respond, such as "should the output of energy storage be adjusted or some charging piles be disconnected to minimize losses?" Response measures often rely on the experience of operation and maintenance personnel, exhibiting lag and suboptimal results. Summary of the Invention

[0003] To address the technical problem that existing microgrid defense methods are disconnected from physical reality and lack optimal decision-making capabilities, this invention provides a microgrid security defense method, system, medium, and product based on digital twins.

[0004] In a first aspect, this invention proposes a microgrid security defense method based on digital twins, which includes: calculating the optimal estimated state of the microgrid at time t based on real-time measurement data of the microgrid. ;use The digital twin model is updated synchronously. The measurement residual r of the measurement data and its chi-square test statistic J(r) are calculated; if J(r) > attack detection threshold... If an external intruder attacks the microgrid, the state of the digital twin model at the previous moment when it was not attacked is extracted to trigger the defense decision process. The defense decision-making process includes: applying the attack actions of an external intruder to the digital twin model, performing time-domain simulations of the microgrid's defense actions, and then extracting physical and economic indicators from the simulation results to calculate the microgrid's losses, L. D (d m , a i ) and the benefits of external intruders U A (d m , a i , θ k(Among them, the m-th defensive action d of the fixed microgrid in the digital twin model). m After iterating through the attack actions and types of external intruders, the k-th type θ is obtained. k Optimal attack action for external intruders And calculate d m Expected loss E(L) D (d m )):

[0005] In the formula, P(θ) k ) is θ k The prior probability; To perform d m Then, the attack action that maximizes the benefits for the external intruder. To perform d m and The resulting losses. The defensive action that minimizes expected losses is selected as the final defensive action. The microgrid is used to execute final defense actions. The subsequent observations o are used to update the posterior probability P(θ) of the external intruder type. k |o). The posterior probability P(θ) k |o) as P(θ) in the next round of defense decision k And generate new Until the microgrid executes It then returned to normal.

[0006] Secondly, this invention proposes a microgrid security defense system based on digital twins and Bayesian-Stackerberg game theory, which utilizes the digital twin-based microgrid security defense method described in the first aspect. The microgrid security defense system includes: a twin synchronization module, an attack detection module, and a defense decision module.

[0007] The twin synchronization module is used to calculate the optimal estimated state of the microgrid at time t based on the real-time measurement data of the microgrid. . use The digital twin model is updated synchronously. The attack detection module is used to calculate the measurement residual r of the measurement data and its chi-square test statistic J(r). If J(r) > attack detection threshold... If an external intruder attacks the microgrid, the system determines that an attack has occurred and extracts the previous state of the digital twin model before the attack to trigger the defense decision-making process. The defense decision-making module is used to perform time-domain simulation after applying the external intruder's attack actions and the microgrid's defense actions to the digital twin model. Physical and economic indicators are extracted from the simulation results, and these are used to calculate the microgrid's loss L. D (d m , ai ) and the benefits of external intruders U A (d m , a i , θ k (Among them, the m-th defensive action d of the fixed microgrid in the digital twin model). m After iterating through the attack actions and types of external intruders, the k-th type θ is obtained. k Optimal attack action for external intruders And calculate d m Expected loss E(L) D (d m )):

[0008] In the formula, P(θ) k ) is θ k The prior probability; To perform d m The attack action that maximizes the benefits for external intruders; To perform d m and The resulting losses. The defensive action that minimizes expected losses is selected as the final defensive action. The microgrid is used to execute final defense actions. The subsequent observations o are used to update the posterior probability P(θ) of the external intruder type. k |o). The posterior probability P(θ) k |o) as P(θ) in the next round of defense decision k And generate new Until the microgrid executes It then returned to normal.

[0009] Thirdly, the present invention proposes a computer-readable storage medium storing a computer program / instructions. When the computer program / instructions are executed by a processor, they implement the steps of the microgrid security defense method based on digital twins in the first aspect.

[0010] Fourthly, the present invention provides a computer program product comprising a computer program / instructions. This computer program / instructions is used to cause a computer to perform the steps of the digital twin-based microgrid security defense method described in the first aspect.

[0011] The beneficial effects of this invention are as follows: This invention transforms the microgrid defense decision-making problem into a mathematical optimization problem of minimizing expected loss by using a Bayesian-Stackberg game model. Furthermore, the payoff / loss calculations for all games rely on the simulation results of a high-fidelity microgrid digital twin model, fully considering the dynamic characteristics, control logic, and mutual coupling relationships of each unit in the "source-grid-load-storage-charge" system. This ensures the feasibility and effectiveness of the final strategy in real microgrids (including grid-connected and islanded modes), thereby avoiding the disconnect between microgrid defense methods and physical reality and ensuring the scientific and optimal nature of the defense strategy. Attached Figure Description

[0012] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0013] Figure 1 This is a flowchart of a microgrid security defense method based on digital twins and Bayesian-Stackberg game. Detailed Implementation

[0014] The technical solutions in the embodiments of the present invention will be clearly and completely described below. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0015] It should be noted that when a component is said to be "installed on" another component, it can be directly on the other component or it may be in a component that is centered on it. When a component is said to be "set on" another component, it can be directly set on the other component or it may also be in a component that is centered on it. When a component is said to be "fixed to" another component, it can be directly fixed to the other component or it may also be in a component that is centered on it.

[0016] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains. The terminology used herein in the specification of this invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. The term "or / and" as used herein includes any and all combinations of one or more of the associated listed items.

[0017] This invention proposes a microgrid security defense method that deeply couples a high-fidelity microgrid digital twin simulation environment with a Bayesian-Stackerberg game model. This method can quickly and accurately deduce the physical consequences (such as frequency stability, voltage quality, and operating costs) under different combinations of attack and defense strategies when a microgrid comprising "source, grid, load, storage, and charging" is subjected to an attack with unclear intent, and calculate the optimal defense strategy that minimizes its expected losses. Specifically, please refer to... Figure 1 The microgrid security defense method based on digital twins and Bayesian-Stackberg game in this embodiment includes the following steps: S1. System state definition and digital twin model are constructed simultaneously.

[0018] Define the true state vector X(t) of the microgrid at time t, which includes: voltage amplitude at each node, node phase angle, output of distributed generation, charging and discharging power of the energy storage system, state of charge (SOC) of the energy storage system, tie-line power flow, controllable load connection status, aggregated power of charging piles, status of critical switches, and microgrid operating mode. Real-time measurement data of the microgrid is collected through PMU (Phasor Measurement Unit), smart meters, protection and control devices, energy storage converter PCS, charging pile controllers, and environmental sensors. This real-time measurement data includes: voltage, current, power, frequency, circuit breaker status, SOC, and load status of the actual microgrid.

[0019] A digital twin model corresponding one-to-one with the real microgrid is constructed. This digital twin model can utilize existing models and includes functions such as measurement data access, time synchronization and data cleaning, parameter identification, and a physical simulation engine. The optimal estimated state of the microgrid at time t is calculated based on the real-time measurement data of the microgrid. and utilize The digital twin model is updated synchronously. Specifically, real-time measurement data uploaded from different devices or sensors is preprocessed, including timestamp alignment, missing value compensation, and outlier removal, to form the measurement vector Z(t) at time t. This measurement vector Z(t) satisfies: Z(t) = h(X(t)) + e(t), where h(·) is the nonlinear measurement mapping function of the microgrid, and e(t) is the measurement error vector. Then, the optimal estimated state of the microgrid at time t-1 is used... The optimal estimated state at time t Given initial values, solve the following weighted least squares problem:

[0020] In the formula, Y is the domain, y is a value in Y, and R is the measurement error covariance matrix. The Newton-Raphson method is used for iteration. When two consecutive iterations satisfy: When the estimated state converges, the optimal estimated state at time t is obtained. . For the l-th iteration . A smaller value can be taken, such as =10 -4 After obtaining the optimal estimated state Subsequently, the digital twin model is updated using this information, including the topology model, equipment operating points, energy storage SOC, load connection status, and grid-connected / off-grid operation modes. If a change in tie-line status is detected, the grid-connected or islanded model of the digital twin model is switched synchronously to ensure that subsequent simulations are consistent with the actual microgrid operating conditions.

[0021] S2, Attack Detection.

[0022] After obtaining the optimal estimated state Simultaneously, the measurement residual r is calculated:

[0023] Further calculate the chi-square test statistic J(r) of the measurement residual r:

[0024] If J(r) > attack detection threshold If the current measurement data is inconsistent with the physical model, it is determined that there is a possibility of external intruders attacking the microgrid, such as spurious data injection, control command tampering, or communication anomalies. In this case, the digital twin model synchronization at time t (i.e., the current time) is stopped, and the unattacked state of the digital twin model at time t-1 (i.e., the previous time) is extracted and entered into the defense decision-making process. If J(r) < attack detection threshold... If no significant anomaly is found, then the optimal estimated state at time t is used. The digital twin model is updated synchronously, and regular scheduling is maintained.

[0025] S3. Construct a Bayesian-Stackberg game model based on digital twin inference, and solve for the attacker's optimal response based on digital twin inference.

[0026] In this step, the microgrid is considered the defender, and external intruders with different attack intentions are considered the attackers. Since the attackers' intentions are unknown, a Bayesian game theory framework is introduced. Specifically, the defender and the attacker are modeled separately: 1. Defender model.

[0027] The defensive action set A of the defender D ={d0,d1,…,d m , …,d M}. Where d0 represents maintaining the current control strategy unchanged. m>0. Defensive actions include: adjusting the active / reactive power support strategy of the energy storage system, cutting off non-critical interruptible loads, limiting the output power of charging pile groups, switching local areas to islanded operation, activating backup communication channels, increasing the primary frequency regulation / droop control coefficient, and requesting power support from the main grid, etc. The defender's loss L D (d m , a i This represents the comprehensive loss suffered by the microgrid when the defender takes defensive actions and the attacker takes offensive actions under the current digital twin model. This comprehensive loss is not directly given by experience, but is extracted through time-domain simulation of the strategies of both parties using the digital twin model. Specifically, defensive actions are first injected into the control layer of the digital twin model, and offensive actions are injected into the communication or control layer. Within a preset simulation time domain, response curves for microgrid frequency, voltage, power flow, energy storage SOC, load power supply status, curtailment of solar and wind power, purchased power, and recovery time are calculated. Furthermore, physical and economic indicators C1, C2, ..., C are calculated based on these simulation parameters. q , …,C Q Therefore, the defender's loss L is calculated. D (d m , a i ): L D (d m , a i = α1C1 + α2C2 + … + α q C q ,+ α Q C Q Among them, physical and economic indicators C q This includes, but is not limited to: load shedding loss, calculated from the power and duration of the shelved load; frequency deviation loss, calculated from the maximum frequency deviation, the duration of frequency overrun, or the integral of the frequency deviation; voltage quality loss, calculated from the magnitude and duration of node voltage overrun; economic operation loss, consisting of electricity purchase cost, curtailment cost of solar and wind power, auxiliary regulation cost, and default cost; system recovery time penalty; and energy storage lifespan reduction, calculated from the depth of charge / discharge, number of cycles, or equivalent aging amount. α1~α Q These are the weighting coefficients for various losses, used to reflect the operational objectives and priorities of the microgrid.

[0028] 2. Attacker model.

[0029] The set of attacker types is θ = {θ1, θ2, ..., θ}. k ,…, θ K}, θ kLet represent the k-th type of attacker. Different types correspond to different attack tendencies, such as: destructive attackers aiming to cause frequency instability or voltage collapse; economic attackers aiming to increase settlement costs or induce misscheduling; and disturbance attackers aiming to reduce renewable energy absorption or power quality. The prior probability P(θ) of the attacker type is also given. k The sum of the distributions is 1, which satisfies:

[0030] For each type of attacker, define their set of attack actions A. D (θ k ), where attack action type A I ={a0,a1,…,a i , …,a I The attack actions include, but are not limited to: tampering with the power setting value of the energy storage PCS; forging frequency or voltage sampling values; tampering with the aggregated power measurement value of the load or charging pile; delaying, replaying, or blocking dispatch control commands; and tampering with tie-line status variables or grid connection / disconnection switching signals. The attacker's gain U A (d m , a i , θ k Similarly, the results are calculated from simulations using a digital twin model, and different types of attackers choose appropriate gain weights β. kj And based on this, physical and economic indicators C1, C2, ..., C q , …,C Q The weighted fusion yields a return U. A (d m , a i , θ k ): U A (d m , a i , θ k )= β k1 C1+β k2 C2+…+β kj C q ,+ β kJ C Q Based on the defender's model and the attacker's model, the simulation process of this digital twin model is as follows: a. Attack Injection: Simulating the effects of attack actions within a digital twin model. This depends on the type of attacker (θ). kDisturbances can be injected into the digital twin model, such as: tampering with the power command of the energy storage PCS (modifying the power setpoint of the energy storage model), sending false frequency signals (modifying the frequency input of the control model), tampering with load data (modifying the power value of the load-side model), disconnecting critical lines (modifying the topology switch status of the network model), etc.

[0031] b. Defense Application: Simultaneously apply the effects of defense actions in the digital twin model, such as: forcing the energy storage system to discharge at a specified power (modifying the power setting value of the energy storage PCS), disconnecting a specified charging pile (changing the charging pile model status to offline), reducing the controllable load power (modifying the power limit of the load-side model), switching between grid connection and off-grid status (modifying the operating mode of the control model), etc.

[0032] c. Time-domain simulation execution: After applying attack and defense actions, the digital twin model performs a time-domain simulation of electromagnetic or electromechanical transients for a set duration. To meet real-time requirements, the time-domain simulation of the digital twin model can be rapidly extrapolated by a pre-trained offline deep learning proxy model (based on LSTM) to simulate the dynamic response process of the microgrid under this strategy pair (a strategy pair consisting of an attack action and a corresponding defense action).

[0033] d. Simulation parameter extraction: Extract key simulation parameters from the simulation results, including but not limited to: maximum and integral values ​​of frequency deviation, voltage over-limit amplitude and duration at each node, total load shedding power, incremental operating costs, and renewable energy curtailment.

[0034] e. Loss / Gain Calculation: Substitute the extracted simulation parameters into the defender's model and attacker's model to calculate the microgrid's loss L. D (d m , a i ) and the benefits of external intruders U A (d m , a i , θ k ).

[0035] Based on this digital twin model, the m-th defensive action d of the microgrid is fixed in the digital twin model. m The process iterates through all attack actions and types of external intruders, executing the aforementioned digital twin model simulation process one by one. Based on the rational agent assumption, the k-th type θ is obtained. k The optimal response of the attacker to the defensive action is:

[0036] To perform d m The attack action that maximizes the attacker's gain is then selected, i.e., the attack action that maximizes the attacker's gain U.A (d m , a i , θ k The largest attack action is taken as the optimal response.

[0037] S4. Solve for the optimal defense strategy.

[0038] After fully anticipating the optimal response from all types of attackers, the defender selects its own defensive action d. m To minimize its expected loss. For any defensive action d m Its expected loss E(L) D (d m The calculation is as follows:

[0039] To perform d m and The resulting losses. Ultimately, the defensive action that minimizes expected losses is selected as the final defensive action. That is, the optimal defense strategy:

[0040] S5, Strategy Deployment and Bayesian Probability Update.

[0041] Final defensive action Output to the human-machine interface for operation and maintenance personnel to confirm, or directly to the energy storage converter, load controller, grid-connected / off-grid switching device and charging pile controller for execution under preset authorization conditions.

[0042] In the final defensive action After execution, the microgrid will perform its final defensive actions. The subsequent operational observation results o. These operational observation results o include, but are not limited to: frequency recovery status, whether voltage over-limit issues have been resolved, changes in energy storage power, whether charging piles have successfully reduced load, changes in tie-line power flow, and abnormal alarm information. The posterior probability P(θ) of the attacker type is updated according to Bayes' theorem. k |o):

[0043] Wherein, P(o|θ) k ) indicates that the external intruder is of type θ k The likelihood probability of the observed result o occurring under given conditions. P(o|θ) h ) indicates that the external intruder is of type θ hThe likelihood probability of the observed outcome 'o' occurring under given conditions. This likelihood probability can be provided by an offline-built "policy-consequence-probability" knowledge base. This knowledge base can be obtained through extensive digital twin scenario simulations, Monte Carlo sampling, or training with surrogate models. θ h Let h represent the h-th type of external intruder. h∈[1,H]. P(θ) h ) represents θ h The prior probability. The updated posterior probability P(θ) k |o) is the prior probability P(θ) in the next round of defense decision-making. k ), and generate new Until the microgrid executes It then returns to normal, enabling continuous learning and adaptive defense against attackers' intentions.

[0044] In summary, the microgrid security defense method based on digital twin proposed in this invention takes the strategy combination of the defender and multiple types of attackers as input, utilizes the microgrid digital twin model containing a complex dynamic model of "source, grid, load, storage, and charging" to calculate the corresponding physical results (such as frequency, voltage, and operating costs), and uses these results as the basis for calculating the payoff / loss function in the Bayesian-Stackberg game model. Based on this, the optimal response of different types of attackers to each defense action is solved, and the expected loss of each defense action is calculated according to the prior probability. Finally, the defense action with the minimum expected loss is selected as the final defense action.

[0045] In another embodiment, a microgrid security defense method based on digital twins and Bayesian-Stackerberg games is proposed. It employs the same method as the embodiments described above, and provides a more specific example: The microgrids targeted for defense include: photovoltaic arrays, energy storage systems, grid interconnection lines, controllable air conditioning loads, electric vehicle charging pile groups, and smart circuit breakers. The security defense methods can be executed by the central controller of the corresponding microgrid.

[0046] In the defense decision-making process, the set of defense actions is set as A. D ={d0,d1,d2,d3,d4}. Where: d0: Maintain the existing control strategy. d1: Force the energy storage system to discharge 50kW to participate in frequency support. d2: Disconnect charging station No. 3 and limit the total power of the remaining charging piles. d3: Reduce the overall air conditioning load of the office building by 20%. d4: Switch the local area to islanded operation and activate the backup communication link.

[0047] Type of attacker θ kThere are three types of attackers. θ1 is a disruptive attacker, aiming to cause frequency instability. θ2 is an economic attacker, aiming to induce incorrect electricity purchases and settlements. θ3 is a disturbance attacker, aiming to reduce the absorption of renewable energy and deteriorate operational quality. The attack actions for these three types of attackers are as follows: θ1: {Tampering with the active power command of the energy storage PCS and forging frequency sampling values}.

[0048] θ2: {Tampering with reported load values, tampering with power purchase instructions for tie lines}.

[0049] θ3: {Tamper with the estimated available output of photovoltaic power and disturb the power allocation command of charging piles}.

[0050] The three types of prior probabilities can be set based on historical threat intelligence: P(θ1)=0.5; P(θ2)=0.3; P(θ3)=0.2.

[0051] For any policy pair (d) m , a i The digital twin model derives simulation parameters, and the physical and economic indicators calculated based on these simulation parameters include: the maximum frequency deviation Δ. Frequency deviation integral Total voltage exceeding limits Total load shedding Total amount of abandoned light Electricity purchase cost Energy storage lifespan depreciation cost Recovery time .

[0052] Therefore, the defender's loss L can be calculated. D (d m , a i )for:

[0053] For the destructive attacker θ1, the benefit is:

[0054] For the economic attacker θ2, the payoff is:

[0055] For the disruptive attacker θ3, the payoff is:

[0056] This is used to determine the attacker's optimal response and the defender's optimal defense strategy. If the final defensive action in the solution... If the value is d1, a forced discharge power command is sent to the energy storage PCS, and primary frequency regulation parameters are coordinated. If the final defense action... If the value is d2, then power limiting will be applied to non-critical charging stations. If the final defensive action... If the value is d4, a partial island handover is performed and a backup communication link is activated. After the strategy is executed, based on the operational observation results o, such as "the frequency recovers to within 50 ± 0.05 Hz within 2 seconds" or "charging station No. 3 successfully went offline but the power purchase is still abnormally high", the posterior probability of the attacker type is updated according to Bayes' theorem. The updated posterior probability will be used as the prior probability for the next round of defense decisions, realizing dynamic learning of continuous attack events.

[0057] In another embodiment, a microgrid security defense system based on digital twins and Bayesian-Stackerberg game is proposed, which uses the microgrid security defense method described in the above embodiments. This microgrid security defense method includes: a twin synchronization module, an attack detection module, and a defense decision module. The twin synchronization module is used to calculate the optimal estimated state of the microgrid at time t based on real-time measurement data of the microgrid. . use The digital twin model is updated synchronously. The attack detection module is used to calculate the measurement residual r of the measurement data and its chi-square test statistic J(r). If J(r) > attack detection threshold... If an external intruder attacks the microgrid, the system determines that an attack has occurred and extracts the previous state of the digital twin model before the attack to trigger the defense decision-making process. The defense decision-making module is used to perform time-domain simulation after applying the external intruder's attack actions and the microgrid's defense actions to the digital twin model. Physical and economic indicators are extracted from the simulation results, and these are used to calculate the microgrid's loss L. D (d m , a i ) and the benefits of external intruders U A (d m , a i , θ k (Among them, the m-th defensive action d of the fixed microgrid in the digital twin model). m After iterating through the attack actions and types of external intruders, the k-th type θ is obtained. k Optimal attack action for external intruders And calculate d m Expected loss E(L) D (d m )):

[0058] In the formula, P(θ) k ) is θ k The prior probability. To perform d m The attack action that maximizes the benefits for external intruders; To perform d m and The losses that followed.

[0059] Select the defensive action with the minimum expected loss as the final defensive action. ; Collect data on the microgrid's final defense actions The subsequent observations o are used to update the posterior probability P(θ) of the external intruder type. k |o). The posterior probability P(θ) k |o) as P(θ) in the next round of defense decision k And generate new Until the microgrid executes It then returned to normal.

[0060] In another embodiment, a microgrid with high security performance is proposed, which uses the microgrid security defense method in the above embodiments for security defense.

[0061] In another embodiment, a computer-readable storage medium is also proposed, which stores a computer program / instructions. When the computer program / instructions are executed by a processor, the steps of the microgrid security defense method based on digital twins in the above embodiments are implemented. The computer-readable storage medium may include, but is not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof.

[0062] In another embodiment, a computer program product is also proposed, comprising a computer program / instructions. This computer program / instructions are used to cause a computer to perform the steps of the digital twin-based microgrid security defense method described in the above embodiments. The computer program / instructions may exist in a computer-readable medium in forms including, but not limited to, source files, executable files, and installation package files. Correspondingly, the computer program / instructions may be executed by the computer in ways including, but not limited to: the computer directly executing the instructions; the computer compiling the instructions and then executing the corresponding compiled program; the computer reading and executing the instructions; or the computer reading and installing the instructions and then executing the corresponding installed program.

[0063] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.

[0064] The embodiments described above are merely illustrative of several implementations of the present invention, and while the descriptions are relatively specific and detailed, they should not be construed as limiting the scope of the invention patent. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of the present invention, and these all fall within the protection scope of the present invention. Therefore, the protection scope of this invention patent should be determined by the appended claims.

Claims

1. A microgrid security defense method based on digital twins, characterized in that, It includes: The optimal estimated state of the microgrid at time t is calculated based on real-time measurement data of the microgrid. ;use The digital twin model is updated synchronously; Calculate the measurement residual r of the measurement data and its chi-square test statistic J(r); if J(r) > attack detection threshold If so, it is determined that an external intruder is attacking the microgrid, and the state of the digital twin model at the previous moment when it was not attacked is extracted to trigger the defense decision process. The defense decision-making process includes: In the time-domain simulation of the digital twin model, the m-th defensive action d of the microgrid is fixed. m After traversing the attack actions and types of external intruders, physical and economic indicators are extracted from the simulation results to calculate the microgrid loss L. D (d m , a i ) and the benefits of external intruders U A (d m , a i , θ k ), and thus obtain the kth type θ k Optimal attack action for external intruders And calculate d m Expected loss E(L) D (d m )): ; P(θ k ) is θ k The prior probability; To perform d m The attack action that maximizes the benefits for external intruders; To perform d m and The losses that followed; Select E(L) D (d m The smallest defensive action is the final defensive action. ; Collect data from the microgrid execution The subsequent observations o are used to update the posterior probability P(θ) of the external intruder type. k |o); P(θ) k |o) as P(θ) in the next round of defense decision k And generate new Until the microgrid executes It then returned to normal.

2. The microgrid security defense method based on digital twins according to claim 1, characterized in that, Obtain the optimal estimated state The methods include: The real-time measurement data is preprocessed to form the measurement vector Z(t) at time t; The optimal estimated state at time t-1 The optimal estimated state at time t The initial value is determined, and the Newton-Raphson method is used for iteration; where: ; In the formula, h(·) is the nonlinear measurement mapping function of the microgrid, Y is the domain, y is a value in Y, and R is the measurement error covariance matrix. When two consecutive iterations satisfy: When the estimated state converges, the optimal estimated state at time t is obtained. ; For the l-th iteration .

3. The microgrid security defense method based on digital twins according to claim 1, characterized in that, A set of defensive actions of microgrids D ={d0,d1,…,d m , …,d M }; where d0 indicates that the current control strategy remains unchanged; m>0; defensive actions include: adjusting the active / reactive power support strategy of the energy storage system, cutting off non-critical interruptible loads, limiting the output power of the charging pile group, switching local areas to island operation, enabling backup communication channels, increasing the primary frequency regulation / droop control coefficient, and requesting power support from the main grid.

4. The microgrid security defense method based on digital twins according to claim 1, characterized in that, Defensive actions are first loaded onto the synchronized digital twin model, followed by attack actions. Then, a microgrid dynamic simulation is performed within a preset simulation time domain to obtain several physical and economic indicators C1, C2, ..., C. q , …,C Q ; The physical and economic indicators C1, C2, ..., C q , …,C Q The loss L of the microgrid is obtained after weighted fusion. D (d m , a i ); The physical and economic indicators include: maximum frequency deviation, frequency deviation integral, total voltage overrun, total load shedding, total curtailment of solar power, electricity purchase cost, energy storage lifespan loss cost, and recovery time.

5. The microgrid security defense method based on digital twins according to claim 4, characterized in that, Types of external intruders θ k This includes: disruptive attackers who aim to cause frequency instability or voltage collapse; economic attackers who aim to increase settlement costs or induce incorrect scheduling; and disturbance attackers who aim to reduce the renewable energy absorption rate or reduce power supply quality. For type θ k Choose an appropriate return weight β kj And based on this, physical and economic indicators C1, C2, ..., C q , …,C Q The weighted fusion yields the external intruder's gain U. A (d m , a i , θ k ).

6. The microgrid security defense method based on digital twins according to claim 1, characterized in that, The observed data will be updated according to Bayes' theorem to determine the posterior probability P(θ) of the external intruder type. k |o): ; Wherein, P(o|θ) k ) indicates that the external intruder is of type θ k The likelihood probability of the observed result o occurring under the given conditions; θ h Represents the h-th type of external intruder; P(o|θ) h ) indicates that the external intruder is of type θ h The likelihood probability of the observed result o under the given conditions; P(θ) h ) represents θ h The prior probability; Updated posterior probability P(θ) k |o) as P(θ) in the next round of defense decision k ).

7. The microgrid security defense method based on digital twins according to claim 1, characterized in that, If J(r) < attack detection threshold Then, using the optimal estimated state at time t The digital twin model is updated synchronously, and regular scheduling is maintained.

8. A microgrid security defense system based on digital twins and Bayesian-Stackerberg game theory, characterized in that, It uses the microgrid security defense method based on digital twins as described in any one of claims 1 to 7; the microgrid security defense system includes: The twin synchronization module is used to calculate the optimal estimated state of the microgrid at time t based on real-time measurement data of the microgrid. ;use The digital twin model is updated synchronously; The attack detection module is used to calculate the measurement residual r of the measurement data and its chi-square test statistic J(r); if J(r) > attack detection threshold... If an external intruder attacks the microgrid, the state of the digital twin model at the previous moment when it was not attacked is extracted to trigger the defense decision process. The defense decision module is used to perform time-domain simulations after applying external intruder attack actions and microgrid defense actions in the digital twin model; it extracts physical and economic indicators from the simulation results and uses them to calculate the microgrid's loss L. D (d m ,a i ) and the benefits of external intruders U A (d m , a i , θ k ); where, in the digital twin model, the m-th defensive action d of the fixed microgrid m After iterating through the attack actions and types of external intruders, the k-th type θ is obtained. k Optimal attack action for external intruders And calculate d m Expected loss E(L) D (d m )): ; In the formula, P(θ) k ) is θ k The prior probability; To perform d m The attack action that maximizes the benefits for external intruders; To perform d m and The losses that followed; Select the defensive action with the minimum expected loss as the final defensive action. ; Collect data on the microgrid's final defense actions The subsequent observations o are used to update the posterior probability P(θ) of the external intruder type. k |o); the posterior probability P(θ) k |o) as P(θ) in the next round of defense decision k And generate new Until the microgrid executes It then returned to normal.

9. A computer-readable storage medium having a computer program / instructions stored thereon, characterized in that, When the computer program / instructions are executed by the processor, they implement the steps of the microgrid security defense method based on digital twins as described in any one of claims 1 to 7.

10. A computer program product comprising a computer program / instructions, characterized in that, When the computer program / instructions are executed by the processor, they implement the steps of the microgrid security defense method based on digital twins as described in any one of claims 1 to 7.