Coordinated defense method against false data injection attack in virtual power plant

By constructing a collaborative defense system of KNN classifier and graph autoencoder in the virtual power plant, combined with a blockchain evidence storage layer, accurate identification and high-fidelity reconstruction of fake data injection attacks are achieved. This solves the problems of low detection accuracy and centralized risk in virtual power plants, and improves the security and stability of the system.

CN122348858APending Publication Date: 2026-07-07STATE GRID SHANGHAI MUNICIPAL ELECTRIC POWER CO

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
STATE GRID SHANGHAI MUNICIPAL ELECTRIC POWER CO
Filing Date
2026-05-21
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Existing technologies lack effective methods to defend against fake data injection attacks on virtual power plants, resulting in low detection accuracy, poor dynamic adaptability, and the centralized architecture poses a single point of failure risk, lacks data recovery capabilities, and has security vulnerabilities.

Method used

A collaborative defense system of KNN classifier and graph autoencoder is constructed. The KNN classifier identifies abnormal data nodes and the graph autoencoder is used to reconstruct the data. Combined with the blockchain notarization layer, the immutability and traceability of the data are ensured, forming a multi-layered defense mechanism.

Benefits of technology

It achieves accurate identification and high-fidelity reconstruction of fake data injection attacks, improves the situational awareness and safe operation level of virtual power plants, achieves a detection rate of 100%, has high data reconstruction accuracy, avoids information loss, and eliminates centralized risks.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122348858A_ABST
    Figure CN122348858A_ABST
Patent Text Reader

Abstract

A virtual power station false data injection attack cooperative defense method, in the offline stage, respectively construct and train KNN classifier containing feature construction unit, distance calculation unit, near neighbor voting unit and abnormal marking unit, and graph autoencoder containing graph signal mapping unit, node mask unit, graph encoder and graph decoder, in the real-time defense stage, through the trained KNN classifier, the measured vector polluted by false data injection attack (FDIA) is classified, the abnormal data node set is obtained, and the node set is mapped into graph signal, then through the trained graph autoencoder, data reconstruction is carried out according to the graph signal.The present application can accurately locate the aggregation unit node attacked after the system is attacked, and then restore the maliciously tampered measurement data, that is, reconstruct the operation state of the virtual power plant, effectively defend the false data injection attack, and fundamentally improve the situation awareness ability, survivability and safe operation level of the virtual power plant when it is attacked by the false data injection attack.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to a technology in the field of Virtual Power Plant (VPP) security, specifically a collaborative defense method against virtual power plant spoofed data injection attacks. Background Technology

[0002] During the operation of a virtual power plant, various terminal nodes engage in high-frequency data interaction via multiple networks, including wireless and wired connections, resulting in complex authentication, authorization, encryption, and privacy protection mechanisms. Current technologies lack effective defenses against False Data Injection Attacks (FDIA), where attackers tamper with sensor data or forge control information to cause the system to receive and process false data, thereby interfering with critical aspects such as power load forecasting, distributed energy dispatching, energy storage charging and discharging strategies, and demand response execution. Summary of the Invention

[0003] This invention addresses the shortcomings of existing machine learning methods, such as their inability to adapt to the dynamic characteristics of virtual power plants, the difficulty of single-function modules in achieving effective attack defense, the single-point failure risk and lack of traceability capabilities of centralized architectures, as well as the problems of low detection accuracy, poor dynamic adaptability, lack of data recovery capabilities, and inherent security vulnerabilities in the architecture itself. It proposes a collaborative defense method against spoofing data injection attacks in virtual power plants. After the system is attacked, the method accurately locates the attacked aggregation unit node and then restores the maliciously tampered measurement data, thus reconstructing the operating state of the virtual power plant. This effectively defends against spoofing data injection attacks, fundamentally improving the situational awareness, survivability, and safe operation level of virtual power plants when subjected to such attacks.

[0004] This invention is achieved through the following technical solution:

[0005] This invention relates to a collaborative defense method against FDIA (Fake Data Injection) attacks on virtual power plants. In the offline stage, a KNN classifier and a graph autoencoder are constructed and trained respectively. In the real-time defense stage, the trained KNN classifier is used to classify the collected measurement vectors contaminated by FDIA attacks, obtain a set of abnormal data nodes, and map the node set into a graph signal. Then, the trained graph autoencoder is used to reconstruct the data based on the graph signal.

[0006] The KNN classifier includes a feature construction unit, a distance calculation unit, a nearest neighbor voting unit, and an anomaly labeling unit. Specifically: the feature construction unit extracts historical value sequences in the time dimension and current values ​​of neighboring nodes in the spatial dimension for each measurement component based on real-time collected measurement vectors and cached historical measurement data, constructing a feature vector that integrates spatiotemporal correlation to obtain a feature vector to be classified; the distance calculation unit calculates the Euclidean distance between the feature vector to be classified and pre-stored training sample feature vectors to obtain a distance ranking result; the nearest neighbor voting unit selects the K nearest training samples based on the distance ranking result and performs a majority vote based on the category labels of these K samples to obtain a classification result; and the anomaly labeling unit adds the node indices corresponding to the measurement components judged as anomalies to the anomaly data node set based on the classification result to obtain the anomaly data node set.

[0007] The graph autoencoder includes a graph signal mapping unit, a node masking unit, a graph encoder, and a graph decoder. Specifically: the graph signal mapping unit maps the measurement values ​​of each node to a graph node feature matrix based on real-time measurement vectors and the power grid topology, obtaining the original graph signal; the node masking unit sets the feature values ​​of the corresponding abnormal node positions in the original graph signal to zero based on the abnormal data node set, obtaining a masked graph signal containing unknown information; the graph encoder performs feature aggregation and dimensionality reduction using a multi-layer graph convolutional network based on the masked graph signal and a preset adjacency matrix, obtaining a low-dimensional latent representation matrix; and the graph decoder performs feature reconstruction using a symmetric multi-layer graph convolutional network based on the low-dimensional latent representation matrix, outputting the reconstructed complete node feature matrix.

[0008] Technical effect

[0009] This invention constructs a spatiotemporal feature vector that integrates historical value sequences in the time dimension and current values ​​of neighboring nodes in the spatial dimension. While performing point-by-point attack localization on virtual power plant measurement data based on the KNN nonparametric classification algorithm, it formally models the virtual power plant measurement network as an attribute graph. Utilizing the power grid physical topology as prior knowledge, it constructs a graph autoencoder, learns the system's normal operation mode through a graph convolutional network, and deploys a blockchain notarization layer between the terminal resource layer and the aggregation operation layer. The original measurement data is hashed and stored on the blockchain, constructing an immutable trust anchor point from the source of the data lifecycle. Compared with existing technologies, this invention can accurately identify multi-point collaborative attacks with strong concealment and small attack amplitude; achieve high-fidelity topology-aware reconstruction of contaminated node data; and achieve a 100% detection rate for multi-node covert collaborative attacks. It effectively solves the problem of missed detection caused by threshold limitations in traditional BDD methods and avoids the loss of measurement information caused by simply removing abnormal data, maintaining a detection rate of over 90% under different attack intensities and coverage ranges. Attached Figure Description

[0010] Figure 1 This is a flowchart of the present invention;

[0011] Figure 2 This is a schematic diagram of the VPP system model;

[0012] Figure 3 Flowchart of a collaborative defense strategy integrating blockchain and KNN-GAE;

[0013] Figure 4 This is a diagram of the overall architecture of the simulation test system;

[0014] Figure 5 This is a comparison diagram of the voltage amplitude status of node 21 under four scenarios. Detailed Implementation

[0015] like Figure 1 As shown in this embodiment, a collaborative defense method against FDIA (Fake Data Injection) attacks in a virtual power plant is proposed. In the offline phase, a KNN classifier and a graph autoencoder are constructed and trained. In the real-time defense phase, the trained KNN classifier classifies the collected measurement vectors contaminated by FDIA attacks, obtaining a set of abnormal data nodes. After mapping the node set to a graph signal, the trained graph autoencoder reconstructs the data based on the graph signal. Specifically, this includes:

[0016] Step 1: Formal modeling of the attack targets and operating environment in this embodiment: By establishing a VPP system architecture model, a state estimation model, and an FDIA attack model, the mechanism of fake data injection attacks, their stealth principles, and their harmful consequences on system state estimation are clarified. This provides problem definition, data foundation, and verification scenarios for the subsequent design of KNN-GAE defense strategies, specifically including:

[0017] 1.1 Establish as follows Figure 2 The diagram illustrates a VPP system model comprising a terminal resource layer, a blockchain evidence storage layer, an aggregation operation layer, and a power grid control layer. Energy flows bidirectionally between the terminal resource layer and the physical power grid. Data flows from the terminal resource layer, is stored on the blockchain through the evidence storage layer, flows into the aggregation operation layer for processing, and is finally uploaded to the power grid control layer. Value and trust flows are integrated throughout the system via smart contracts and consensus mechanisms in the blockchain evidence storage layer. This architecture achieves tight coupling and efficient collaboration between the information space, physical space, and trust space, providing fundamental support for the safe and reliable operation of the virtual power plant.

[0018] The terminal resource layer is the physical foundation of the entire system, consisting of massive, geographically widespread distributed energy resources, including electric vehicles and their charging piles, distributed photovoltaics, energy storage systems, and controllable loads. This layer is not only the end point for executing physical processes such as energy production and consumption, but also the source of the system's raw data, responsible for real-time sensing and collection of operational data from various resources, such as the state of charge (SoC) of electric vehicles' batteries, the output power of photovoltaic inverters, and the charging and discharging status of energy storage.

[0019] The aforementioned blockchain evidence storage layer is a critical infrastructure for ensuring the trustworthiness of data sources, deployed between the terminal resource layer and the aggregation operation layer. This layer consists of blockchain nodes distributed across various aggregators and key nodes, forming a decentralized trust network. Before entering the aggregation layer, the raw measurement data collected by the terminal resource layer undergoes hash calculation, and the hash value is stored on the blockchain as evidence, ensuring the integrity, authenticity, and immutability of the data. This layer provides data traceability and verification services for upper-layer applications, blocking the possibility of attackers forging or tampering with data from the source of the data lifecycle.

[0020] The aforementioned aggregation operation layer is a crucial hub connecting the underlying terminals and the upper-level control, typically operated by various resource aggregators. It aggregates distributed energy resources within its jurisdiction, receives trusted data verified by the blockchain storage layer, performs regional resource optimization and scheduling management, and packages dispersed heterogeneous resources into a unified, dispatchable virtual power plant aggregate. This layer simultaneously transmits aggregated operational information upwards and conveys electricity price signals and regional control commands downwards.

[0021] The aforementioned power grid control layer, located at the top of the architecture as the power grid control center, monitors the operational status of the entire power system from a global perspective. This layer is responsible for formulating top-level control strategies, such as system-level economic dispatch, reserve capacity arrangement, and safety verification, and for issuing global control commands and guidance signals to the aggregation operation layer based on the real-time needs of the power grid.

[0022] 1.2 Construct the state estimation model (CPSVG), specifically as follows: , where: state vector , This state vector includes the distribution network Voltage amplitude at key nodes (buses) and phase angle , It is the measurement Jacobian matrix, whose matrix structure and element values ​​are uniquely determined by the distribution network topology and line parameters. For the real-time measurement data collected, vector The measurement noise is represented by a random vector that follows a zero-mean Gaussian distribution, i.e. , It is the covariance matrix of the measurement error.

[0023] 1.3 Establish the FDIA model of the VPP system, specifically: the pollution measurement vector. ,in: To the true measurement vector An attack vector injected into a system is a vector deliberately constructed by the attacker to achieve a specific purpose. Its design directly determines the stealth and harmfulness of the attack.

[0024] For example, an attacker can construct an attack vector. So that it lies entirely within the matrix Within the space spanned by the column vectors. The most typical construction method is: ,in: This is a non-zero vector arbitrarily chosen by the attacker, representing the offset the attacker hopes to introduce into the system state estimation results. Once this attack vector is injected into the system, the corrupted measurement vector becomes: The control center is based on The result of performing state estimation will be At this point, the calculated measurement residual is: That is, the residual after the attack is almost no different from the noise level under normal operating conditions, therefore It will be much smaller than the detection threshold. .

[0025] Step 2, Offline Stage: Construct and train the KNN classifier and graph autoencoder respectively, specifically including:

[0026] 2.1 Construction and Training of KNN Classifier

[0027] 2.2.1 Construction of Spatiotemporal Feature Vectors

[0028] Adjacent node set Construction: Determining a node based on the power grid topology. The set of directly adjacent nodes is sorted in ascending order by neighbor node index, and the first M neighbor nodes are selected. If the actual number of neighbors is less than M, the end is padded with 0 values ​​to reach dimension M. This step ensures that the total dimension of all spatiotemporal feature vectors is consistent, which facilitates the distance calculation in section 2.2.2.

[0029] Construct feature vectors that simultaneously capture the spatiotemporal correlation of node measurement data. Node At any moment spatiotemporal feature vectors for: Where: the first set of square brackets represents the time characteristic, from the past The measurements are composed of values ​​from each time period; the second set of brackets represents spatial features, consisting of sets of adjacent nodes. The internal measurement values ​​consist of...

[0030] 2.2.2 Distance Calculation

[0031] Define two spatiotemporal feature vectors , Distance between for: ,in: It is the total dimension of the spatiotemporal feature vector.

[0032] 2.2.3 Neighbor Voting

[0033] A large number of cleaned and blockchain-verified normal measurement data samples were extracted from the historical normal operation database of the VPP system and all were marked with label 0 (normal). Based on the established FDIA attack model, attack vectors were superimposed on the above normal historical data. The simulation generates abnormal samples, all labeled with tag 1 (abnormal / attacked). This yields a training dataset containing both normal and abnormal classes. For each sample in the training dataset, spatiotemporal feature vectors are extracted, and all spatiotemporal feature vectors and their corresponding tags (0 or 1) are stored in the training sample library. This completes the offline construction of the KNN classifier.

[0034] When any measurement data Constructed spatiotemporal eigenvectors When classifying using the KNN classifier, first calculate Find the K nearest neighbors by calculating the distance to all spatiotemporal feature vectors, and then vote based on the labels of these K neighbors. If a majority (e.g., 3 or more out of K=5 are considered anomalies) is reached, a decision is made. This indicates an anomaly (being attacked by FDIA). If most values ​​are normal, it is considered normal.

[0035] 2.2.4 Anomaly Marking Unit

[0036] When any measurement data Constructed spatiotemporal eigenvectors If the measurement data is identified as an anomaly (label 1) after passing through the KNN classifier, then the measurement data is considered an anomaly. The index will be added to an abnormal index set. In the middle. After traversing all measurement data, the final index set is formed. It will be passed to the graph autoencoder module, which will be given the precise target for the data reconstruction that needs to be performed.

[0037] 2.3 Construction and Training of Graph Autoencoders

[0038] 2.3.1 Graph Signal Mapping

[0039] The graph signal mapping unit maps the measured values ​​of each node to the graph model based on a predefined power grid topology. Above, specifically: the nodes in the diagram ( A node is defined as the set of all critical measurement entities in the system. Each edge corresponds uniquely to a physical location, such as a power grid bus, the grid connection point of a V2G charging station, or the data aggregation point of a vehicle aggregator. () is defined as the set of physical electrical connections between nodes. If nodes and If there is a direct power line between them, then the edge These connections are encoded into a static adjacency matrix. As a structured input to the graph, when nodes and If connected, then Otherwise, it is 0. Node features ( The characteristic matrix is ​​defined as the set of all node measurements at a specific time t. It is a dynamic characteristic matrix. , of which The value of a row is a node. Real-time measurement values .

[0040] 2.3.2 Node Mask

[0041] The node mask unit is not used in the offline phase; it is only defined here. The node mask unit receives the original graph signal output by the graph signal mapping unit. and the comprehensive set of anomalous data nodes output by the KNN attack classifier. Based on the set of abnormal node indices, in the original graph node feature matrix The positions of all nodes marked as abnormal are located in the middle, and the entire row of feature vectors corresponding to these positions are set to zero to obtain the mask image signal containing unknown information.

[0042] 2.3.3 Training of Graph Encoder and Graph Decoder

[0043] A graph autoencoder consists of an encoder and a decoder. The graph encoder uses several stacked graph convolutional networks (GCNs) as input, taking the original node feature matrix X and adjacency matrix A as input, and finally outputting a low-dimensional latent representation matrix. (in ),Right now The graph decoder is implemented using a graph convolutional network that is symmetrical to the encoder structure, based on the encoder's output. Mapping back to the original feature space yields the reconstructed node feature matrix. When the input data is healthy and attack-free, the reconstructed data will be... Should be consistent with the original input Highly similar.

[0044] The graph convolutional network described above starts from the first... layer to the first Layer Node Feature Propagation Rules ,in: It is the first All layers The feature matrix of each node That is, the original node feature matrix as input. . It is an adjacency matrix with self-loops. Adding self-loops is to ensure that nodes retain their own feature information during information aggregation. yes The degree matrix is ​​a diagonal matrix. It is a symmetric normalization operation performed on the adjacency matrix, which aims to solve the gradient problem caused by uneven node degrees and make model training more stable. It is the first The weight matrix that a layer needs to learn is the trainable parameters of the neural network. It is a non-linear activation function, such as ReLU (Rectified Linear Unit).

[0045] During the offline phase, a graph signal dataset containing only historical normal operation data of the VPP system is used. To minimize the original node features With reconstruction features The square of the Frobenius norm between the two matrices is used as the optimization objective for unsupervised training, enabling the model to learn the normal operation mode under the constraints of the power grid topology. The loss function is obtained by calculating the square of the Frobenius norm of the difference between the two matrices, specifically: Where: T is the total number of time steps for the training samples. N is the total number of nodes in the virtual power plant measurement network.

[0046] A trained graph autoencoder can convert raw node features Mapping to reconstructed features .

[0047] Step 3, Real-time Defense Phase: The trained KNN attack classifier classifies the collected measurement vectors contaminated by False Data Injection (FDIA) attacks, obtaining a set of anomalous data nodes. After mapping the node set to a graph signal, the trained graph autoencoder reconstructs the data based on the graph signal, specifically including:

[0048] 3.1 Data Input and Uploading

[0049] The control center received the pollution measurement vector. They will upload it to the blockchain for evidence storage.

[0050] 3.2 Attack Location

[0051] First, the measurement vector of pollution. Construct spatiotemporal feature vectors according to the method described in 2.2.1 Afterwards, The input is fed into the KNN classifier constructed in 2.2.3 and nearest neighbor voting is performed. Then, the anomaly index set is output as described in 2.2.4. .

[0052] 3.3 Data Reconstruction

[0053] 3.3.1 Graph Signal Construction: Following the method described in 2.3.1, the pollution measurement vector is constructed. Mapped to the feature matrix of graph nodes at the current time step .

[0054] 3.3.2 Node Mask: Following the method described in 2.3.2, based on the anomaly index set... In the feature matrix The system locates all nodes deemed abnormal. It then sets the feature values ​​of these nodes to 0, forming a feature matrix containing unknown information. .

[0055] 3.3.3 Topology-aware reconstruction: reconstructing graph signals containing unknown information. The input is fed into the graph encoder constructed in Section 2.3.3. Although some node features are lost, the graph encoder can still infer the system's operating state from a large number of healthy nodes and their neighbor relationships, and generate a reasonable latent representation. Then, the graph decoder uses this latent representation This simulates numerical values ​​that conform to global physical laws and neighborhood states for those masked nodes, outputting a complete and reconstructed feature matrix. .

[0056] 3.3.4 Data Output and On-Chain: Using a Reconstructed Matrix Chinese correspondence Replace the original contaminated vector with the value at the index position. The corresponding values ​​in the data will be recorded and the reconstructed data will be stored on the blockchain for evidence, while the remaining health data will remain unchanged.

[0057] Through practical application experiments, the effectiveness, accuracy, and robustness of the proposed collaborative defense method for virtual power plant spoofing data injection attacks, which integrates blockchain and KNN-GAE, were verified using Python simulations. The simulation used an IEEE 33-node distribution network as the physical backbone, connecting four types of electric vehicle aggregators (two public charging types and two residential V2G types), constructing a test system with 67 monitoring nodes. One year of operational data (365×288 samples) was generated. Various spoofing data injection attack modes, including single-point attacks and collaborative attacks, were designed. Four comparative scenarios were set up: no defense, traditional BDD detection, location-only removal, and the proposed KNN-GAE (integrated with blockchain). Detection rate (DR) and root mean square error (RMSE) were used as core evaluation indicators to verify the superiority of the proposed method in attack location, data reconstruction, and system state estimation.

[0058] Table 1 EV Aggregator Topology Information

[0059] This experiment sets up the following four different scenarios for comparative analysis, including:

[0060] No defense scenario: The system does not deploy any detection or defense mechanisms. The VPP state estimator directly uses the measurement vectors contaminated by the False Data Injection Attack (FDIA) for calculation. This scenario demonstrates the maximum harm that FDIA can cause to system state estimation.

[0061] BBD detection mechanism scenario: The traditional Bad Data Detection (BDD) method based on state estimation residuals in power systems is used to determine whether there is abnormal data.

[0062] Only locate and remove, do not reconstruct the scene: The system uses the KNN module to locate the attacked measurement data. The location system removes the identified abnormal data from the measurement vector and uses the remaining measurement data for state estimation.

[0063] KNN-GAE method scenario: First, the KNN-based localization module is used to locate the contaminated measurement data. Then, the GAE-based reconstruction module uses the power grid topology information to reconstruct the contaminated data. Finally, the reconstructed measurement vector is sent to the state estimator.

[0064] 1) Attack location performance verification: To verify the ability of this invention to identify covert and multi-node collaborative attacks, a collaborative attack scenario of distribution network node + aggregator sub-node was designed: false power data was injected simultaneously into node 21 of the IEEE 33-node system (connected to a large public charging aggregator) and two charging island sub-nodes under aggregator A3. The detection results of the traditional BDD detection method and the KNN location module of this invention were compared, as shown in Table 3.

[0065] Table 2 Comparison of attack location results for each method in four scenarios

[0066] Table 2 shows the attack localization capabilities of different defense strategies. It can be seen that the traditional BDD method (Scenario 2), due to its detection threshold limitation, only identifies the abnormal injection power of node 21, which has the largest attack amplitude, while missing the two aggregator sub-nodes A3-2 and A3-5, which have relatively smaller attack amplitudes and are more covert. In contrast, this invention (shared with Scenario 3 and Scenario 4) successfully and accurately identifies all three attacked nodes, demonstrating its superior sensitivity and accuracy in dealing with complex attack patterns.

[0067] 2) Data reconstruction and contaminated data processing performance verification: Under the above collaborative attack scenario, the processing methods and data reconstruction effects of contaminated data in the four test scenarios are compared to verify the high fidelity of the topology-aware data reconstruction module based on GAE of this invention. The results are shown in Table 3.

[0068] Table 3 Comparison of pollution data processing and reconstruction results in four scenarios (unit: MW)

[0069] As shown in Table 3, Scenario 1 (no defense) directly uses the tampered attack value. Scenario 2 (BDD), although it locates and removes the anomaly of node 21, retains the attack values ​​of two other nodes due to missed detection, resulting in distorted data sent to the state estimator. Scenario 3 (locating and removing only) identifies and removes all contaminated data, but causes the loss of key information. Scenario 4 (the KNN-GAE method of this invention), after accurate location, performs high-fidelity reconstruction of all contaminated data, and the reconstructed values ​​are extremely close to the true values, providing the most accurate and complete data input for subsequent state estimation.

[0070] like Figure 5As shown, the true value curve fluctuates smoothly within the normal range; in the undefended scenario, false data causes the estimated voltage amplitude to drop rapidly, with a large deviation from the true value; in the traditional BDD detection scenario, due to missed attack data, the estimated result still deviates significantly from the true value; in the scenario of only locating and eliminating attacks, the estimated result is improved but still has deviations due to the lack of key measurement information; while in the scenario of this invention, the voltage amplitude estimated curve almost overlaps with the true value curve, indicating that this invention effectively eliminates the interference of false data injection attacks on system state estimation through precise attack location and high-fidelity data reconstruction, ensuring the accuracy of state estimation and providing reliable data support for the scheduling decision of virtual power plants.

[0071] This invention integrates blockchain and the KNN-GAE algorithm to construct a collaborative defense system against virtual power plant spoofed data injection attacks. It comprehensively optimizes existing virtual power plant FDIA defense technologies for their core shortcomings, including low detection accuracy, poor dynamic adaptability, lack of data recovery capabilities, and security vulnerabilities inherent in centralized architecture. Compared to the closest existing technology, it possesses the following significant advantages:

[0072] 1) High attack location accuracy and significantly reduced false negative rate: By adopting the KNN nonparametric algorithm and constructing a feature vector that integrates spatiotemporal correlation, no prior assumptions about the data distribution are required. It can deeply mine the spatiotemporal coupling pattern of virtual power plant measurement data, effectively distinguishing between normal distributed resource output fluctuations and malicious fake data injection. Especially for multi-point covert attacks with small attack amplitude and strong coordination, the detection rate can reach 100%, solving the problems of traditional BDD methods missing covert attacks due to threshold limitations and poor adaptability of static feature extraction by single machine learning methods.

[0073] 2) Strong dynamic adaptability and significantly improved robustness: The KNN-GAE defense framework is designed for the characteristics of strong randomness, high volatility, and multimodal distribution of resources such as distributed photovoltaic, electric vehicles, and energy storage in virtual power plants. The KNN algorithm is adapted to nonlinear and non-Gaussian distributed measurement data. The GAE module combines the physical topology of the power grid as prior knowledge to learn the normal operation mode of the system. Under different attack intensities and different attack coverage, the detection rate remains above 90%, and the data reconstruction RMSE is always at a low level. Compared with existing machine learning methods that rely on static features, the generalization ability of virtual power plant dynamic operating environment is greatly improved.

[0074] 3) Combining attack detection and data reconstruction capabilities to ensure continuous system operation: Breaking through the limitations of existing technologies that only focus on attack detection, a two-stage defense mechanism of "KNN positioning + GAE reconstruction" is constructed. After accurately locating the attacked node, the topology awareness capability of GAE is used to restore the contaminated data with high fidelity. The reconstructed value is highly consistent with the real value, avoiding the problem of missing measurement information caused by simply removing abnormal data. It provides a complete and accurate data source for upper-level applications such as system state estimation, economic scheduling, and security control, ensuring that the virtual power plant can continue to operate stably after being attacked.

[0075] 4) Decentralized architecture enables trusted data traceability and eliminates single point of failure risk: The blockchain evidence storage layer constructs a decentralized trust network. Raw measurement data collected by the terminal undergoes hash calculations before being uploaded to the blockchain, and the hash values ​​are stored as evidence, ensuring the immutability and traceability of data throughout its entire lifecycle. Simultaneously, the blockchain evidence storage layer provides initial data verification for attack detection; suspicious data that fails hash comparison is directly marked, forming a double-layer protection with KNN-GAE. Compared to existing centralized data processing architectures, this completely eliminates the problem of global data credibility collapse caused by the breach of central nodes, while providing reliable evidence support for attack tracing and post-incident accountability.

[0076] 5) Multi-mechanism collaborative protection, more complete defense system: It realizes the whole process of collaborative defense of "on-chain evidence storage + algorithm detection + data reconstruction". The blockchain evidence storage layer ensures authenticity from the source of data, the KNN module realizes accurate location of attack nodes, and the GAE module completes high-fidelity recovery of contaminated data. Each module has its own division of labor and data communication, forming a closed-loop protection from data collection, attack detection and data repair and trusted evidence storage. Compared with the existing single defense mechanism, it has a qualitative improvement in the defense capability against FDIA and comprehensively protects the security of the virtual power plant cyber-physical system.

[0077] The above-described specific implementations can be partially adjusted by those skilled in the art in different ways without departing from the principles and purpose of the present invention. The scope of protection of the present invention is defined by the claims and is not limited to the above-described specific implementations. All implementation schemes within the scope of the claims are bound by the present invention.

Claims

1. A collaborative defense method for virtual power plant spoofing data injection attacks, characterized in that, In the offline phase, a KNN classifier containing a feature construction unit, a distance calculation unit, a nearest neighbor voting unit, and an anomaly labeling unit, and a graph autoencoder containing a graph signal mapping unit, a node masking unit, a graph encoder, and a graph decoder are constructed and trained respectively. In the real-time defense phase, the trained KNN classifier is used to classify the collected measurement vectors that have been contaminated by false data injection attacks (FDIA), obtain the set of abnormal data nodes, and map the node set into a graph signal. Then, the trained graph autoencoder is used to reconstruct the data based on the graph signal.

2. The collaborative defense method against virtual power plant fake data injection attacks according to claim 1, characterized in that, The feature construction unit extracts the historical value sequence in the time dimension and the current value of the neighboring nodes in the spatial dimension for each measurement component based on the real-time collected measurement vector and the cached historical measurement data, and constructs a feature vector that integrates spatiotemporal correlation to obtain the feature vector to be classified; the distance calculation unit calculates the Euclidean distance between the feature vector to be classified and the pre-stored training sample feature vector based on the feature vector to be classified, and obtains the distance ranking result; the nearest neighbor voting unit selects the K nearest training samples based on the distance ranking result, and performs a majority vote based on the category labels of the K samples to obtain the classification result; Based on the classification result, the anomaly marking unit adds the node index corresponding to the measurement component that is determined to be abnormal to the abnormal data node set, thereby obtaining the abnormal data node set.

3. The collaborative defense method against virtual power plant fake data injection attacks according to claim 1, characterized in that, The graph signal mapping unit maps the measurement values ​​of each node to a graph node feature matrix based on the real-time measurement vector and the power grid topology, obtaining the original graph signal. The node masking unit sets the feature values ​​of the corresponding abnormal node positions in the original graph signal to zero based on the abnormal data node set, obtaining a masked graph signal containing unknown information. The graph encoder performs feature aggregation and dimensionality reduction through a multi-layer graph convolutional network based on the masked graph signal and a preset adjacency matrix, obtaining a low-dimensional latent representation matrix. The graph decoder performs feature reconstruction through a symmetric multi-layer graph convolutional network based on the low-dimensional latent representation matrix, outputting the reconstructed complete node feature matrix.

4. The collaborative defense method against virtual power plant fake data injection attacks according to any one of claims 1-3, characterized in that, specifically... include: Step 1: Establish the VPP system architecture model, state estimation model, and FDIA attack model; Step 2: Construct and train the KNN classifier and graph autoencoder respectively, specifically including: 2.1 Construction and training of the KNN classifier, specifically including: 2.2.1 Spatiotemporal Feature Vector Construction: Neighbor Node Set Construction: Determining a node based on the power grid topology. The set of directly adjacent nodes is sorted in ascending order by the neighbor node index, and the first M neighbor nodes are taken; if the actual number of neighbors is less than M, the end is padded with 0 values ​​up to the M dimension. Construct feature vectors that simultaneously capture the spatiotemporal correlation of node measurement data, i.e., node... At any moment spatiotemporal feature vectors Where: the first set of square brackets represents the time characteristic, from the past The measurements are composed of values ​​from each time period; the second set of brackets represents spatial features, consisting of sets of adjacent nodes. The composition of the internal measurement values; 2.2.2 Calculate two spatiotemporal eigenvectors , Distance between ,in: It is the total dimension of the spatiotemporal feature vector; 2.2.3 Construct a training sample library containing training datasets of two classes, normal and abnormal, and train the KNN classifier; 2.2.4 Anomaly Marker: When any measurement data... Constructed spatiotemporal eigenvectors If the measurement data is identified as an anomaly (label 1) after passing through the KNN classifier, then the measurement data is considered an anomaly. The index will be added to an abnormal index set. In the process, after traversing all the measurement data, the final index set is formed. It will be passed to the graph autoencoder module, which will be given the precise target for the data reconstruction that needs to be performed; 2.3 Construction and training of graph autoencoders, specifically including: 2.3.1 Graph Signal Mapping: Based on a predefined power grid topology, the measured values ​​of each node are mapped one-to-one to the graph model. superior; 2.3.2 Construct node masking units to receive the original graph signal output by the graph signal mapping unit. and the comprehensive set of anomalous data nodes output by the KNN attack classifier. Based on the set of abnormal node indices, in the original graph node feature matrix The positions of all nodes marked as abnormal are located in the middle, and the entire row of feature vectors corresponding to these positions are set to zero to obtain the mask image signal containing unknown information; 2.3.3 Construct and train a graph encoder and a graph decoder, and use the trained graph autoencoder to process the original node features. Mapping to reconstructed features ; Step 3, Real-time Defense Phase: The collected measurement vectors contaminated by False Data Injection (FDIA) attacks are classified by the trained KNN attack classifier to obtain a set of abnormal data nodes. After mapping the node set to a graph signal, the trained graph autoencoder reconstructs the data based on the graph signal.

5. The collaborative defense method against virtual power plant fake data injection attacks according to claim 4, characterized in that, The training dataset was constructed as follows: a large number of cleaned and blockchain-verified normal measurement data samples were extracted from the historical normal operation database of the VPP system, and all were labeled with tag 0; according to the established FDIA attack model, attack vectors were superimposed on the above normal historical data. The simulation generates abnormal samples, all of which are labeled as label 1 (abnormal / attacked). For each sample in the training dataset, the spatiotemporal feature vector is extracted, and all spatiotemporal feature vectors and their corresponding labels are stored in the training sample library.

6. The collaborative defense method against virtual power plant fake data injection attacks according to claim 4, characterized in that, Training the KNN classifier as described above refers to: when any measurement data Constructed spatiotemporal eigenvectors When classifying using the KNN classifier, first calculate Find the K nearest neighbors by calculating the distance to all spatiotemporal feature vectors, and vote based on the labels of these K neighbors. When an anomaly is detected, a decision is made. If it is abnormal, it means that it has been attacked by FDIA; otherwise, it is considered normal.

7. The collaborative defense method against virtual power plant fake data injection attacks according to claim 4, characterized in that, The aforementioned graph signal mapping specifically refers to: nodes in the graph. For each node, it is the set of all key measurement entities in the system. Each edge uniquely corresponds to a physical location. It is the set of physical electrical connections between nodes, when the node and If there is a direct power line between them, then the edge These connections are encoded into a static adjacency matrix. As a structured input to the graph, when nodes and If connected, then Otherwise, it is 0, node features Let be the set of all node measurements at a specific time t and , its first The value of a row is a node. Real-time measurement values .

8. The collaborative defense method against virtual power plant fake data injection attacks according to claim 4, characterized in that, The graph autoencoder comprises an encoder and a decoder, wherein the graph encoder uses several stacked graph convolutional networks to take the original node feature matrix X and adjacency matrix A as input, and finally outputs a low-dimensional latent representation matrix. (in ),Right now The graph decoder is implemented using a graph convolutional network that is symmetrical to the encoder structure, based on the data generated by the encoder. Mapping back to the original feature space yields the reconstructed node feature matrix. .

9. The collaborative defense method against virtual power plant fake data injection attacks according to claim 4, characterized in that, The aforementioned training of the graph encoder and graph decoder refers to: the graph convolutional network starting from the first... layer to the first Layer Node Feature Propagation Rules ,in: It is the first All layers The feature matrix of each node That is, the original node feature matrix as input. , It's an adjacency matrix with self-loops. Adding self-loops ensures that nodes retain their own characteristic information during information aggregation. yes The degree matrix, It is a symmetric normalization operation performed on the adjacency matrix. It is the first The weight matrix that the layer needs to learn. It is a non-linear activation function; During the offline phase, a graph signal dataset containing only historical normal operation data of the VPP system is used. To minimize the original node features With reconstruction features The square of the Frobenius norm between the two matrices is used as the optimization objective. Unsupervised training is performed to enable the model to learn the normal operation mode under the power grid topology constraints. The loss function is obtained by calculating the square of the Frobenius norm of the difference between the two matrices, specifically: Where: T is the total number of time steps of the training samples, and N is the total number of nodes in the virtual power plant measurement network.

10. The collaborative defense method against virtual power plant fake data injection attacks according to claim 4, characterized in that, Step 3 specifically includes: 3.1 Data Input and Uplink: The control center receives the pollution measurement vector. Upload it to the blockchain for evidence storage; 3.2 Attack Location: First, analyze the contaminated measurement vectors. Constructing spatiotemporal feature vectors Afterwards, The input is fed into the KNN classifier constructed in section 2.2.3, and nearest neighbor voting is performed to predict the anomaly index set. ; 3.3 Data reconstruction, specifically including: 3.3.1 Graph Signal Construction: Constructing the pollution measurement vector Mapped to the feature matrix of graph nodes at the current time step ; 3.3.2 Node Mask: Based on the anomaly index set In the feature matrix The system locates all nodes deemed abnormal and sets their feature values ​​to 0, forming a feature matrix containing unknown information. ; 3.3.3 Topology-aware reconstruction: reconstructing graph signals containing unknown information. In the graph encoder constructed from the input, the operating state of the system is inferred and a latent representation is generated. Then, the graph decoder utilizes the latent representation The simulation produces numerical values ​​that conform to global physical laws and neighborhood states, and outputs a complete, reconstructed feature matrix. ; 3.3.4 Data Output and On-Chain: Using a Reconstructed Matrix Chinese correspondence Replace the original contaminated vector with the value at the index position. The corresponding values ​​in the data will be recorded and the reconstructed data will be stored on the blockchain for evidence, while the remaining health data will remain unchanged.