A power grid network security analysis method, system, device and medium based on a graph database

By using a spatiotemporal evolution graph model based on a graph database and analyzing the power grid topology, the safety of power grid nodes is dynamically assessed and fault propagation paths are predicted. The optimal repair path is generated, which solves the problem of excessively long power grid fault recovery time and improves the emergency response capability and equipment availability of the power grid.

CN122364985APending Publication Date: 2026-07-10GUANGXI POWER GRID CORP

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGXI POWER GRID CORP
Filing Date
2026-03-24
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

Existing power grid fault detection and emergency response methods cannot fully assess how a fault can spread to the remaining nodes through the power grid topology, resulting in excessively long fault recovery times and affecting power grid reliability.

Method used

Based on graph database, a spatiotemporal evolution graph model of the power grid is constructed. By combining real-time operation data and external environmental influences, the node safety assessment criteria are dynamically adjusted to generate safety level data of power grid nodes. Risk assessment and fault prediction are carried out through the spatiotemporal evolution graph model, fault propagation paths are simulated, and optimal repair path solutions are generated.

Benefits of technology

It enables rapid response and effective repair of power grid faults, improves the power grid security situation awareness and emergency decision-making level, and reduces fault recovery time and repair costs.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122364985A_ABST
    Figure CN122364985A_ABST
Patent Text Reader

Abstract

The application discloses a kind of power grid network security analysis method, system, equipment and medium based on graph database, it is related to power grid security analysis technical field, including obtaining power grid topology and real-time operation data to graph database storage, establish space-time evolution graph model, with real-time operation data, outside influence constructs the security level of node, with data through space-time evolution graph model to do the risk assessment of node, obtain time series risk assessment data, according to time series risk assessment data to predict fault node, utilize topological data to expand fault propagation path, output power grid fault prediction data, according to equipment information and node state generates optimal repair path scheme.The application is by real-time assessment power grid node state, dynamically predict fault propagation, generate optimal repair path, improve power grid stability and emergency response capability.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of power grid security analysis technology, specifically to a power grid network security analysis method, system, device, and medium based on graph database. Background Technology

[0002] As the power grid continues to grow in size, its complexity also increases. Currently, power systems generally use traditional monitoring and maintenance methods, relying on data acquisition from SCADA (Supervisory Control and Data Acquisition) and EMS (Energy Management System) to monitor grid parameters in real time. These methods mostly depend on the operating status of monitoring equipment and grid parameters.

[0003] Existing power grid fault detection and emergency response methods generally suffer from the following problems: most existing technologies only focus on the state of individual nodes, without a comprehensive assessment of how the fault spreads to the remaining nodes through the power grid topology, thus failing to take timely and effective emergency response measures. Furthermore, traditional methods cannot determine the optimal repair path based on the power grid topology and node health status when a fault occurs, resulting in excessively long fault recovery times and impacting power grid reliability. Summary of the Invention

[0004] In view of the above-mentioned existing problems, the present invention provides a power grid network security analysis method, system, device and medium based on graph database, to solve the problems of the inability to take timely and effective emergency response measures and the excessively long fault recovery time in the prior art.

[0005] To address the aforementioned technical issues, a power grid network security analysis method based on graph databases is proposed, including: The system acquires and stores power grid topology data and real-time operational data in a graph database. Based on this data, a spatiotemporal evolution model of the power grid is constructed within the graph database. Using this model, and in conjunction with real-time operational data and external environmental influences, the system dynamically adjusts the safety assessment criteria for each node, generating safety level data for each node. This safety level data is then used to conduct risk assessments on each node through the spatiotemporal evolution model, outputting time-series risk assessment data. Based on this time-series risk assessment data, fault prediction is performed on fault nodes. Fault propagation analysis is conducted based on the power grid topology data to calculate fault propagation paths, outputting power grid fault prediction data. Finally, based on the fault prediction data, time-series risk assessment data, and the power grid topology data, and utilizing the equipment information and node status stored in the graph database, the optimal repair path is generated.

[0006] As a preferred embodiment of the power grid network security analysis method based on graph database described in this invention, the construction of the spatiotemporal evolution graph model of the power grid includes: based on power grid topology data, constructing a graph data structure for each power grid node in the graph database, where each power grid node represents a device in the power grid, and edges represent the power transmission relationship between devices; By combining real-time operational data with power grid topology data, the state attributes of power grid nodes and edges are dynamically updated, and a spatiotemporal evolution graph model is constructed to record the state changes of power grid nodes and edges over time.

[0007] As a preferred embodiment of the power grid network security analysis method based on graph database described in this invention, the generation of security level data for power grid nodes includes: evaluating the initial security level of nodes based on the node states and edge connection relationships in the spatiotemporal evolution graph model, combined with historical power grid fault data, real-time operation data, equipment health status data, and external environment data. For each power grid node, the initial security level is dynamically adjusted based on real-time current, real-time load, transmission constraints of connected edges, and the impact of external environmental risks to obtain the node's adjusted security level. The adjusted security level is then compared with a preset risk level threshold, and a security level is assigned to each node based on the comparison result, generating node security level data.

[0008] As a preferred embodiment of the power grid network security analysis method based on graph database described in this invention, the output time-series risk assessment data includes combining the security level data of each node with the historical state sequence of nodes recorded in the spatiotemporal evolution graph model to construct a risk assessment model. Using a risk assessment model, based on the node's current real-time operating data and external environment data, the risk level faced by each node at different points in time is assessed, and the risk level at each point in time is organized in chronological order to obtain time-series risk assessment data that reflects the dynamic changes in node risk.

[0009] As a preferred embodiment of the power grid network security analysis method based on graph database described in this invention, the output power grid fault prediction data includes fusing time-series risk assessment data with node security level data to construct a prediction model for identifying potential fault nodes. By analyzing the risk evolution trend and current security status of nodes through predictive models, the probability of node failure is calculated, and nodes with a failure probability exceeding a set threshold are marked as potential failure nodes. Based on power grid topology data, starting from the marked potential fault nodes, a graph traversal method is used to simulate the process of fault propagation to adjacent nodes along the power transmission relationship, determine the sequence of nodes through which the fault passes, and obtain the fault propagation path. Based on potential fault nodes and fault propagation paths, generate power grid fault prediction data that includes fault location, propagation path, and set of affected nodes; The process of obtaining the fault propagation path includes reading the topology information of the power grid from the graph database, clarifying the connection relationship between nodes and the attributes of edges, and for each potential fault node, using a graph search method to traverse adjacent nodes to simulate the fault propagation process. During the traversal, the possibility of the fault propagating to each adjacent node is evaluated based on the load carrying capacity between adjacent nodes, the health status of equipment operation, and the capacity of the power transmission channel, thereby obtaining the fault propagation probability.

[0010] As a preferred embodiment of the power grid network security analysis method based on graph database described in this invention, the method of obtaining the fault propagation probability includes generating candidate propagation paths for each potential fault node based on the connection relationship between nodes and the power flow direction, and calculating the overall propagation risk of the current path for each candidate propagation path by combining the propagation probability of each segment of the path and the bottleneck capacity of the transmission channel. For the same affected node, if there are multiple arrival paths, the path with the greatest overall propagation risk is selected as the main propagation path, and all affected nodes whose overall propagation risk exceeds a preset threshold and their corresponding main propagation paths constitute the fault impact range of the current potential fault node.

[0011] As a preferred embodiment of the power grid network security analysis method based on graph database described in this invention, the method for generating the optimal repair path includes: analyzing the scope of fault impact and recovery conditions based on power grid fault prediction data, power grid topology data, and the current status of equipment, and generating a preliminary repair path connecting the faulty node and available backup resources. Based on equipment availability, estimated repair time, repair cost, and operational safety, the initial repair path is adjusted using optimization methods to obtain an optimized repair path. Based on the device load capacity, health status, and node risk level stored in the graph database, the urgency of repairing each affected node is calculated, and the repair priority is determined. The repair priority is combined with the optimized repair path to arrange the repair order and form an optimal repair path scheme that includes specific repair nodes, operation order and resource allocation; Determining the repair priority includes reading the equipment load capacity, operating status, and current risk level of the affected nodes from the graph database, calculating the repair priority value for each node, and sorting all affected nodes from high to low according to their repair priority values, and adjusting the access order of the repair path nodes.

[0012] The beneficial effects of this preferred technical solution are as follows: by using the power grid topology and real-time data in the graph database to construct a spatiotemporal evolution graph model, a closed-loop analysis can be achieved from node security rating to fault propagation prediction and then to the generation of the optimal repair path, thereby improving the power grid security situation awareness and emergency decision-making level.

[0013] As a preferred embodiment of the power grid network security analysis system based on graph database described in this invention, it is characterized by including a data acquisition and storage module, a spatiotemporal evolution graph model construction module, a security risk assessment and fault prediction module, and a repair decision and path optimization module.

[0014] The data acquisition and storage module is used to acquire power grid topology data and real-time operation data, using physical devices in the power grid as nodes in the graph database and power transmission relationships as edges, and verifying the association of synchronized topology information.

[0015] The spatiotemporal evolution graph model construction module is used to add time labels to each node and edge based on the power grid data in the graph database, construct a spatiotemporal evolution graph model that reflects the changes in power grid operation, record the sequence of equipment status changes over time, link the static topology with the real-time operating status, and observe the changes in the electrical quantities, health status, and connections of nodes.

[0016] The safety risk assessment and fault prediction module is used to identify nodes with faults by utilizing historical faults, real-time operating parameters, equipment health status, changes in the external environment, and classification of nodes in the spatiotemporal evolution diagram model. It simulates the spread of faults along power transmission lines, analyzes the path of fault propagation and the area of ​​impact, and produces time-series risk assessment information and fault prediction data.

[0017] The repair decision and path optimization module is used to calculate the repair work required to restore the affected area caused by the fault after completing fault calculation and risk assessment, combined with the power grid topology and equipment status. It uses optimization algorithms to obtain preliminary repair paths and determines the repair sequence and the optimal path scheme for resource allocation according to the importance and urgency of nodes.

[0018] A computer device includes a memory and a processor, the memory storing a computer program, the processor executing the computer program to implement the steps of a method for power grid network security analysis based on a graph database.

[0019] A computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of a method for power grid network security analysis based on a graph database.

[0020] The beneficial effects of this invention are as follows: This invention determines the safety and probability of failure of each node in the power grid by real-time observation of the power grid status and spatiotemporal evolution graph model, and predicts the impact of a faulty node on the remaining nodes in the power grid by simulating the fault propagation path; it simulates the propagation path of the fault from the potential faulty node to the remaining nodes through graph algorithms and power grid topology, generates complete fault propagation paths, and calculates their priority order; based on power grid fault prediction data, time-series risk assessment, and power grid topology, it calculates the optimal repair path scheme through optimization algorithms, saving fault recovery time, reducing repair costs, and improving the availability of power grid equipment while ensuring safety. Attached Figure Description

[0021] To more clearly illustrate the technical solutions of the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0022] Figure 1 This is a flowchart illustrating a graph database-based power grid network security analysis method according to an embodiment of the present invention.

[0023] Figure 2 The present invention provides a system scheme flowchart for a power grid network security analysis system based on a graph database, as an embodiment of the present invention. Detailed Implementation

[0024] To make the above-mentioned objects, features, and advantages of the present invention more apparent and understandable, specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present invention, and not all of them. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the protection scope of the present invention.

[0025] Example 1, referring to Figure 1 As one embodiment of the present invention, a power grid network security analysis method based on graph database is provided, comprising: S100: Acquire power grid topology data and real-time operation data, and store them in the graph database. Based on the power grid topology data and real-time operation data, construct a spatiotemporal evolution graph model of the power grid in the graph database.

[0026] S200: Based on the spatiotemporal evolution graph model, combined with the real-time operation data of nodes and the influence of the external environment, the safety assessment criteria of each node are dynamically adjusted to generate safety level data of power grid nodes. Using the safety level data, the spatiotemporal evolution graph model is used to conduct risk assessment of each node of the power grid and output time-series risk assessment data.

[0027] S300: Based on time-series risk assessment data, it predicts fault nodes, performs fault propagation analysis based on power grid topology data, calculates fault propagation paths, outputs power grid fault prediction data, and generates the optimal repair path scheme based on power grid fault prediction data, time-series risk assessment data, power grid topology data, and equipment information and node status stored in the graph database.

[0028] It should be noted that the graph database combines the power grid topology and real-time operation data to form a spatiotemporal evolution graph model, which dynamically depicts the power grid's operating status. Based on historical fault data and external environmental factors, it classifies the safety status of nodes, identifies nodes that may fail by combining risk assessment, simulates fault propagation paths and impact ranges, obtains the optimal repair path scheme, and improves the power grid's safety situation awareness, fault early warning capabilities, and emergency repair decision-making capabilities.

[0029] Example 2, refer to Figure 1 This is a second embodiment of the present invention, which provides a power grid network security analysis method based on a graph database, including: In step S100, the construction of the spatiotemporal evolution model of the power grid includes steps S101 to S106: S101: Obtain power grid topology data and real-time operation data from power monitoring systems (SCADA systems, EMS systems, sensors and automation equipment).

[0030] The power grid topology data includes equipment information (node ​​ID, equipment type, equipment capacity, operating status, health status) for each node in the power grid, power transmission relationships between devices (connection relationships, transmission capacity, transmission direction), node location data (latitude and longitude coordinates), and node load capacity (maximum load capacity); real-time operation data includes real-time current and voltage values ​​of nodes, real-time load data, equipment health status (temperature, vibration, fault alarms), external environment (wind speed, temperature, humidity), and fault alarms.

[0031] S102: Convert and validate the acquired data, and store it in the graph database.

[0032] The Neo4j graph database is used to map each power grid device (substation, transmission line, generator, load center) as a node, and the power transmission relationship between devices is mapped as an edge.

[0033] The node attributes include the device's static data and real-time data (current, voltage, load), while the edge attributes include transmission capacity, transmission direction, and load capacity.

[0034] To ensure data consistency and integrity, data updates are required regularly. When new topology data or real-time data is collected, it is compared with existing nodes and edges in the graph database. When the state changes, the corresponding attributes are updated and the timestamp is recorded. When the real-time data is updated frequently (i.e., once per minute), the topology data is updated according to the power grid maintenance cycle.

[0035] S103: Combines real-time operational data with power grid topology data to dynamically update the state attributes of power grid nodes and edges.

[0036] In the graph database, create a node for each device in the power grid. The node's attributes include id, type, location, function, and health. Create edges connecting devices for power transmission relationships. The edge attributes include power transmission capacity, transmission direction, and load capacity. Each edge corresponds to a starting and ending power grid node, representing the power flow relationship between devices.

[0037] S104: Combine real-time operation data with power grid topology data in the graph database, and update the state attributes of the corresponding power grid nodes and edges in the graph database based on the real-time operation data.

[0038] Each node (current, voltage, load) and edge (power flow, load transmission capacity) is updated as real-time data is updated. For example, when the substation current changes, the current attribute of the current node is updated; when the load of the current transmission line exceeds the warning line, the load attribute of the current edge is updated, and the current node is marked.

[0039] Timely updates to the status of power grid nodes and edges ensure that the nodes and edges in the graph database reflect the operational status of the power grid. Regular or incremental updates promptly reflect new real-time operational data in the graph database, guaranteeing data timeliness and accuracy. Setting a 10-minute interval for acquiring real-time power grid operational data will automatically update the status of corresponding nodes and edges in the graph database, such as updating substation loads and transmission line status.

[0040] S105: The spatiotemporal evolution graph model records the temporal changes of nodes and edges in the power grid. The time dimension is added based on the power grid topology data and real-time operation data in the graph database. The spatiotemporal evolution graph records the static information of the power grid topology and equipment operation status, as well as the changes of nodes and edges. The relationship between the changes of each node and edge and the timestamp reflects the temporal evolution of the power grid.

[0041] The spatiotemporal evolution graph model uses timestamps to add nodes and edges. The state attributes in the spatiotemporal evolution graph model realize the recording of state changes in time series data, retain the node and edge states corresponding to the current real-time data, and reflect the time evolution process of the power grid.

[0042] The state changes of each node and edge in the spatiotemporal evolution graph model are represented by time series data, which includes the historical states (current, voltage, load) of nodes and edges and the trend of each state change. The state changes at each point in time reflect the time evolution process of the power grid.

[0043] S106: Compare the spatiotemporal evolution diagram model with the actual power grid operation data to check the consistency between the state changes of nodes and edges in the spatiotemporal evolution diagram model and the actual data, and ensure that the spatiotemporal evolution diagram model correctly reflects the power grid operation status. If deviations occur, the spatiotemporal evolution diagram model needs to be modified.

[0044] In step S200, generating the security level data of the power grid nodes includes steps S201 to S203: S201: Based on the node states and edge connections in the spatiotemporal evolution graph model, combined with historical power grid fault data, real-time operation data, equipment health status data, and external environment data, assess the initial safety level of the nodes.

[0045] For each power grid node, historical fault data, real-time operation data, equipment health status data, external environment data, and transmission capacity data of edges directly connected to the node are read from the graph database. Historical fault factor, load factor, voltage deviation rate, equipment health anomaly factor, and environmental risk factor are calculated respectively. Each factor is restricted to the interval [0, 1], and a weighted summation method is used to calculate the initial security score of the current node i, expressed by the formula: in, Assign an initial security score to the current node i. Let be the historical failure factor of the i-th node. Let i be the load rate of the i-th node. Let be the voltage deviation rate of the i-th node. Let i be the device health anomaly factor for the i-th node. Let be the environmental risk factor for the i-th node, and let a, b, c, d, and e be the weighting coefficients, which are pre-set based on the statistical results of historical failure data.

[0046] It should be noted that the historical fault factor is calculated by statistically analyzing the number of times the current node experiences a fault within a preset historical period, which is used as the fault frequency; statistically analyzing the number of nodes or the area affected by historical faults of the current node, which is used as the fault impact range; and distinguishing the severity of faults based on fault type. The fault frequency, fault impact range, and fault type weights are normalized according to preset statistical ranges, and the normalized results are then combined. Furthermore, by reading the real-time load value of the current node and the maximum load capacity corresponding to the current node, the current real-time load value is compared with the maximum load capacity to obtain the ratio of the current load to the maximum load capacity, and this ratio is used as the load factor.

[0047] It should be further explained that the voltage deviation rate calculation includes reading the real-time voltage value and the rated voltage value of the current node, calculating the degree of deviation between the real-time voltage value and the rated voltage value, and the greater the deviation, the greater the corresponding voltage deviation rate; the equipment health anomaly factor is obtained by reading the health indicators of temperature, vibration and fault alarm in the current node equipment health status, judging whether each health indicator exceeds the normal range, calculating the degree of abnormality of each indicator, and comprehensively obtaining the degree of abnormality of each indicator. When the equipment has a fault alarm or multiple health indicators are abnormal at the same time, the equipment health anomaly factor increases; the environmental risk factor is obtained by reading the external environmental data of wind speed, ambient temperature and humidity corresponding to the current node, judging whether each environmental data exceeds the normal range, calculating the degree of abnormality of each environmental data, and comprehensively obtaining the degree of abnormality of each indicator. The closer the external environment is to or exceeds the preset risk conditions, the greater the environmental risk factor.

[0048] S202: For each grid node, the initial safety level is dynamically corrected based on real-time current, real-time load, transmission constraints of connected sides, and the impact of external environmental risks, to obtain the corrected safety level of the node.

[0049] The calculation node's current high current factor, edge transmission limitation factor, and external environment enhancement factor are used. The high current factor is the ratio of the current real-time current to the rated current; the edge transmission limitation factor is the maximum ratio of the real-time transmission volume of the edge adjacent to the current node to its corresponding transmission capacity; and the external environment enhancement factor is the environmental risk factor in S201. Based on the relationship between these factors and their corresponding preset thresholds, the node's dynamic correction amount is calculated, expressed by the following formula: in, This represents the dynamic adjustment amount for the current node i. The current is too high threshold. The load factor threshold For edge transmission restricted threshold, As an environmental risk threshold, This represents the current current overshoot factor for node i. Let be the edge transmission constraint factor for the current node i. The external environment enhancement factor for the current node i. , , and To correct the weights, the threshold and correction weights are preset based on the statistical results of historical fault data.

[0050] The adjusted safety score is calculated using the following expression: in, The adjusted safety score for node i is determined by the dynamic correction amount when node i's real-time current, real-time load, connected edge transmission limitations, or external environmental risks increase. Increase the node's adjusted security score; dynamically adjust the amount of adjustment when all indicators do not exceed the corresponding thresholds. If the score is 0, the node retains its initial security score.

[0051] S203: Compare the revised security level with the preset risk level threshold, assign a security level to each node based on the comparison result, and generate security level data for the node.

[0052] Based on the adjusted security score, a security level is assigned to each power grid node. The security level is determined by comparing the adjusted security score with the preset first-level threshold and second-level threshold, thus generating the node's security level data.

[0053] It should be noted that when When the risk level is less than the first-level threshold, the current node's security level is determined to be low-risk; when... When the threshold is greater than or equal to the first threshold and less than the second threshold, the current node's security level is determined to be medium risk; when... If the threshold is greater than or equal to the second-level threshold, the current node is determined to be at high risk.

[0054] The historical safety scores of the historical samples are sorted from smallest to largest. The median value between the largest score in the low-risk samples and the smallest score in the medium-risk samples is taken as the first-level threshold, and the median value between the largest score in the medium-risk samples and the smallest score in the high-risk samples is taken as the second-level threshold. When the score ranges of different risk samples overlap, the score value that minimizes the number of classification errors in the historical samples is taken as the corresponding level threshold.

[0055] Furthermore, the security level data of each node is stored in the graph database to ensure data queryability and real-time performance. The security level value of each node includes the current level (low, medium, high) and the update time, reflecting the current security status of the node. The security level data of each node is updated regularly based on the dynamic updates of the power grid status, environmental changes, and node status. The automatic update time of the security level of each node (every hour or every load change) ensures that the security level of each node conforms to the actual operating status.

[0056] Furthermore, in step S200, the output of time-series risk assessment data includes steps S211-S213: S211: Combine the security level data of each node with the historical state sequence of the node recorded in the spatiotemporal evolution diagram model to assess the security risks of each node and device in the power grid and construct a risk assessment model.

[0057] Add an attribute field to each node to store its security level. This ensures that the state of each node in the time-space evolution graph model has information such as current and voltage at the current time, as well as its corresponding security level. Combine the current, voltage, and load time-series data of substation nodes with the current node's "low-risk" or "high-risk" security level data.

[0058] Based on the node state changes using security level data and a spatiotemporal evolution model, a security risk assessment function is defined. This function can assess the risk of each node and device in the power grid. The formula for the security risk assessment function is as follows: in, Let i be the risk assessment value at time t. This provides data on the security level of nodes over time (low risk, medium risk, high risk). This represents the real-time operating data (current, voltage) of node i at time t. The external environmental data (meteorological factors, load fluctuations) of node i at time t. This is the risk assessment function.

[0059] S212: Using a risk assessment model, assess the risk level faced by each node at different points in time based on the node's current real-time operating data and external environment data.

[0060] It should be noted that the risk assessment function is used to conduct a safety risk assessment on each node in the power grid. The load, current and voltage of the node are weighted and calculated. The safety level, real-time operating data and environmental factors of the node are evaluated. The risk assessment results of each node in each time period are generated by the risk assessment function to reflect the real-time operation status of the power grid.

[0061] S213: Organize the risk level at each point in time in chronological order to obtain time-series risk assessment data that reflects the dynamic changes in risk at each node.

[0062] The acquired real-time operational data is stored in a risk assessment function. Based on node safety level data and external environmental factors, the risk level of each node at different time points is dynamically calculated, and an update time (every minute, every hour) is set. When the substation current approaches its upper limit, the real-time data triggers the risk assessment function to dynamically calculate the node risk assessment value and update the status. External environmental factors (weather, load) dynamically adjust the risk assessment value based on real-time data (wind speed, temperature) and grid load fluctuation data (wind speed, temperature). The impact of the external environment is weighted using an environmental weighting function, making the safety assessment of grid nodes more accurate. When a storm is predicted, the risk assessment level of grid nodes is dynamically increased, including vulnerable equipment (high-altitude power lines).

[0063] It should be noted that the time-series risk assessment data is obtained by dynamically calculating the risk assessment value of each node at different time points. The time-series risk assessment data of each node represents the risk level and trend of the node at different time points, reflecting the change of the node's risk status over time, and the time-series risk assessment data is stored in the graph database.

[0064] In step S300, the output power grid fault prediction data includes steps S301 to S303: S301: Integrate time-series risk assessment data with node security level data to construct a predictive model for identifying potential faulty nodes. Use the predictive model to analyze the risk evolution trend and current security status of nodes, calculate the probability of node failure, and mark nodes with a failure probability exceeding a set threshold as potential faulty nodes.

[0065] It should be noted that constructing a predictive model to identify potential failure nodes includes defining a failure node prediction model, building the model based on time-series risk assessment data and node security level data, calculating the probability of occurrence of potential failure nodes by analyzing the risk assessment value and security level value of each node, and predicting the failure risk of nodes using a weighted average method, expressed by the formula: in, Let be the probability that node i fails at time t. The security level data for node i at time t. The time-series risk assessment data for node i at time t. The weighting coefficient for the security level. The weighting coefficients for time-series risk data are adjusted based on historical fault data and corresponding time-series risk assessment data. The model results are verified by comparing the prediction results with actual fault records to ensure the accuracy of the model.

[0066] Furthermore, by analyzing the security and risk changes of each node, it is predicted which nodes may fail at some point in the future. Based on the failure node prediction model, the failure probability of each node is calculated, and potential failure nodes are identified. When the failure probability of a node exceeds the threshold of 0.7, the current node is predicted as a potential failure node.

[0067] Among them, the probability value that minimizes the combined cost of false alarm and false alarm rates will be used as the threshold for determining potential fault nodes, i.e., the threshold for determining potential fault nodes is 0.7.

[0068] S302: Based on power grid topology data, starting from the marked potential fault nodes, a graph traversal method is used to simulate the process of fault propagation to adjacent nodes along the power transmission relationship, determine the sequence of nodes through which the fault passes, and obtain the fault propagation path.

[0069] For each potential faulty node, extract the topology information from the graph database, determine the attributes (transmission capacity, load capacity) between each node and the edges, and use the graph search method to traverse all adjacent nodes and edges starting from each faulty node.

[0070] The process of obtaining the fault propagation path includes: acquiring power grid topology information from a graph database, determining the relationships between nodes and the attributes of edges, traversing its neighboring nodes using a graph search method for each potential fault node, simulating the propagation of the fault, and calculating the probability of the fault spreading to each neighboring node based on the load between neighboring nodes, the operating status of the equipment, and the capacity of the power transmission channel, thus obtaining the fault propagation probability.

[0071] It should be noted that the graph search method for traversing adjacent nodes includes, for each adjacent node, calculating the probability of a fault propagating from the current node to the current node. The probability is obtained by combining factors such as the node's load capacity (the ratio of real-time load to maximum load), the operational health of the equipment (obtained by normalizing the equipment health status data), and the capacity of the power transmission channel (the ratio of the edge's transmission capacity to the current transmission volume). The factors are then weighted and summed to obtain the probability of fault propagation between adjacent nodes. When the probability of fault propagation between adjacent nodes reaches a set threshold of 50%, the current node is marked as a secondary fault node, and the traversal continues.

[0072] The process of obtaining the fault propagation probability includes generating candidate propagation paths for each potential fault node based on the connection relationships between nodes and the direction of power flow, and calculating the overall propagation risk of the current path for each candidate propagation path by combining the propagation probability of each segment of the path and the bottleneck capacity of the transmission channel.

[0073] It should be noted that for each potentially faulty node, the propagation path of the fault is calculated using topology data, and the propagation path of the fault from the initial node to the remaining nodes is generated by using the connection relationships of nodes and edges stored in the graph database. The priority order and path length of fault propagation are evaluated based on the weights of nodes and edges (load, equipment carrying capacity, fault impact range).

[0074] The process of obtaining the fault propagation path includes simulating the propagation process of power faults based on power grid topology data and fault propagation analysis results. During the simulation, the direction of power flow, the load capacity of equipment, and the capacity factors of transmission lines should be considered to determine the candidate paths for the fault to propagate from the potential fault node to the remaining nodes, and to determine the main propagation path and the scope of influence.

[0075] Furthermore, for each potential faulty node, a candidate propagation path is generated using breadth-first search or depth-first search based on the node connection relationships and power transmission directions of the edges in the graph database. During the traversal, visited nodes are not repeatedly expanded to avoid redundant calculations of loops. When the traversal reaches the end node, for any pair of adjacent nodes on the candidate propagation path, the fault propagation probability and the transmission capacity of the corresponding edge are read. The fault propagation probability is obtained by weighted calculation of the load, health status, and transmission capacity between adjacent nodes.

[0076] For candidate propagation paths, a segment-by-segment propagation approximation method is adopted. The failure propagation probabilities between adjacent nodes on the path are multiplied to obtain the path propagation probability of the current path. The minimum transmission capacity among the edges of the candidate propagation path is taken as the bottleneck transmission capacity of the current path. The transmission limitation coefficient of the path is calculated based on the bottleneck transmission capacity, as expressed by the formula: in, The transmission constraint factor for the path. This represents the maximum bottleneck transmission capacity among all candidate propagation paths corresponding to the same potentially faulty node. The bottleneck transmission capacity of the current path is used as the basis for calculation. The propagation risk value of the candidate propagation path is calculated by multiplying the path propagation probability and the transmission limitation coefficient. The higher the path propagation probability and the lower the bottleneck transmission capacity, the higher the propagation risk value of the current path.

[0077] For the same affected node, if there are multiple paths to reach it, the path with the highest overall propagation risk is selected as the main propagation path. When the propagation risk values ​​are the same, the path with the shortest path length is selected as the main propagation path. The propagation risk value corresponding to the main propagation path that reaches the current affected node is used as the fault propagation risk value of the current node. All affected nodes whose overall propagation risk exceeds the preset threshold and their corresponding main propagation paths constitute the fault impact range of the current potential fault node.

[0078] Based on the comparison between the propagation risk value and the preset risk threshold, the propagation path is divided into low risk, medium risk and high risk, and the corresponding propagation path, main propagation path, affected nodes and risk level are written into the graph database; among them, the risk threshold is preset based on the statistical results of historical failure data.

[0079] S303: Generate power grid fault prediction data containing fault location, propagation path and set of affected nodes based on potential fault nodes and fault propagation paths.

[0080] By integrating all potential fault nodes and their corresponding fault propagation paths and impact ranges, power grid fault prediction data is generated. The data includes the fault node ID, fault probability, fault propagation path, risk level on the path, and a list of affected nodes for each predicted fault node, forming a power grid fault prediction data report to provide specific fault prediction information for power grid operation and maintenance personnel.

[0081] Furthermore, in step S300, generating the optimal repair path scheme includes steps 311 to S314: S311: Based on power grid fault prediction data, power grid topology data, and current equipment status, analyze the fault impact range and recovery conditions, and generate a preliminary repair path connecting the faulty node with available backup resources.

[0082] It should be noted that the fault prediction data is obtained from the graph database, the fault points to be repaired first and their consequences are selected, relevant data on the power grid topology and equipment status are read in, and the recovery requirements after the fault are assessed.

[0083] Based on the recovery requirements, the shortest path algorithm (Dijkstra's algorithm) is used to start from the faulty node and find a preliminary repair path that connects to available backup equipment, backup lines or remaining repair nodes. The current path should follow the equipment connection relationships in the power grid topology.

[0084] S312: Based on equipment availability, estimated repair time, repair cost, and operational safety, the initial repair path is adjusted and optimized using optimization methods to obtain the optimized repair path.

[0085] Define an optimization objective function. Based on factors such as device availability, repair time, repair cost, and security, construct an optimization objective function for the repair path, expressed as follows: in, Let i be the repair time. The repair cost for node i, Let i be the security assessment value of node i. To correct the weighting coefficient of the time factor, To correct the weighting coefficients of cost factors, Here, i represents the weighting coefficient of the security assessment factor, and i is the node index. The total number of nodes to be repaired; the repair time is estimated by the historical average maintenance time, personnel arrival time and load switching operation time; the repair cost is estimated by labor cost, spare parts cost, vehicle dispatch cost and power outage impact cost; the safety assessment value is obtained by weighting the node risk level and the repair operation risk.

[0086] The initial repair path is optimized using optimization algorithms (genetic algorithm, particle swarm optimization, simulated annealing) to generate a repair path that satisfies the objective function minimization condition. By adjusting the path selection, the repair time and cost are optimized to ensure that the safety risks are minimized. The optimization process is based on power grid topology data and repair requirements to select the most suitable path and repair sequence.

[0087] Whether the optimized repair path can restore the normal operation of the power grid should be evaluated based on repair time, repair cost, and equipment availability. At the same time, the utilization rate and safety of backup equipment should be considered, and higher-risk nodes should be dealt with first during the repair process.

[0088] S313: Based on the device load capacity, health status, and node risk level stored in the graph database, calculate the urgency of repairing each affected node and determine the repair priority.

[0089] The process of determining repair priorities includes: retrieving the device load capacity, operational health status, and current risk level of affected nodes from the graph database; calculating the repair priority value for each node; sorting all affected nodes according to their repair priority values ​​from highest to lowest; and adjusting the access order of nodes in the repair path based on the sorting results. The formula for calculating repair priorities is as follows: in, The repair priority for node i. Let i be the load value of node i. The health status of node i. For the risk level of node i, The weighting factor for the load value. The weighting coefficient for health status. The weighting coefficient is used to adjust the impact of various factors on the repair priority based on the node load, health status, and risk level.

[0090] S314: Combine the repair priority with the optimized repair path, arrange the repair order, and form an optimal repair path scheme that includes specific repair nodes, operation order, and resource allocation.

[0091] By integrating repair priorities and optimization paths, the system combines the information from both to ensure that repair paths can repair high-priority nodes first. The order of repair paths is adjusted according to the repair priorities of the nodes to ensure that high-priority nodes are repaired first.

[0092] The final optimal repair path is obtained based on the repair priority and optimization approach. The optimal repair path includes each repair node, repair time, repair order, and resources used. The feasibility of the repair path is guaranteed based on power grid topology data, equipment availability, and security level.

[0093] It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all such modifications or substitutions should be covered within the scope of the claims of the present invention.

[0094] Example 3, referring to Figure 2 The third embodiment of the present invention provides a power grid network security analysis system based on graph database, including a data acquisition and storage module, a spatiotemporal evolution graph model construction module, a security risk assessment and fault prediction module, and a repair decision and path optimization module.

[0095] The data acquisition and storage module is used to acquire power grid topology data and real-time operation data, using physical devices in the power grid as nodes in the graph database and power transmission relationships as edges, and verifying the association of synchronized topology information.

[0096] The spatiotemporal evolution graph model construction module is used to add time labels to each node and edge based on the power grid data in the graph database, construct a spatiotemporal evolution graph model that reflects the changes in power grid operation, record the sequence of equipment status changes over time, link the static topology with the real-time operating status, and observe the changes in the electrical quantities, health status, and connections of nodes.

[0097] The safety risk assessment and fault prediction module is used to identify nodes with faults by utilizing historical faults, real-time operating parameters, equipment health status, changes in the external environment, and classification of nodes in the spatiotemporal evolution diagram model. It simulates the spread of faults along power transmission lines, analyzes the path of fault propagation and the area of ​​impact, and produces time-series risk assessment information and fault prediction data.

[0098] The repair decision and path optimization module is used to calculate the repair work required to restore the affected area caused by the fault after completing fault calculation and risk assessment, combined with the power grid topology and equipment status. It uses optimization algorithms to obtain preliminary repair paths and determines the repair sequence and the optimal path scheme for resource allocation according to the importance and urgency of nodes.

[0099] It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all such modifications or substitutions should be covered within the scope of the claims of the present invention.

[0100] Example 4, the fourth embodiment of the present invention, differs from the previous three embodiments in that: If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this invention, essentially, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0101] The logic and / or steps represented in the flowchart or otherwise described herein, for example, can be considered as a sequenced list of executable instructions for implementing logical functions, and can be embodied in any computer-readable medium for use by, or in conjunction with, an instruction execution system, apparatus, or device (such as a computer-based system, a processor-including system, or other system that can fetch and execute instructions from, an instruction execution system, apparatus, or device). For the purposes of this specification, "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transmit programs for use by, or in conjunction with, an instruction execution system, apparatus, or device.

[0102] More specific examples of computer-readable media (a non-exhaustive list) include: electrical connections (electronic devices) having one or more wires, portable computer disk drives (magnetic devices), random access memory (RAM), read-only memory (ROM), erasable and editable read-only memory (EPROM or flash memory), fiber optic devices, and portable optical disc read-only memory (CDROM). Furthermore, computer-readable media can even be paper or other suitable media on which the program can be printed, because the program can be obtained electronically, for example, by optically scanning the paper or other medium, followed by editing, interpreting, or otherwise processing as necessary, and then stored in computer memory.

[0103] It should be understood that various parts of the present invention can be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, multiple steps or methods can be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented using any one or a combination of the following techniques known in the art: discrete logic circuits having logic gates for implementing logical functions on data signals, application-specific integrated circuits (ASICs) having suitable combinational logic gates, programmable gate arrays (PGAs), field-programmable gate arrays (FPGAs), etc.

Claims

1. A power grid network security analysis method based on graph database, characterized in that: include, Acquire power grid topology data and real-time operation data, and store them in a graph database. Based on the power grid topology data and real-time operation data, construct a spatiotemporal evolution graph model of the power grid in the graph database. Based on the spatiotemporal evolution graph model, combined with the real-time operation data of the nodes and the influence of the external environment, the safety assessment criteria of each node are dynamically adjusted to generate safety level data of the power grid nodes. Then, using the safety level data, the spatiotemporal evolution graph model is used to conduct risk assessment of each node of the power grid and output time-series risk assessment data. Based on time-series risk assessment data, fault nodes are predicted, and fault propagation analysis is performed based on power grid topology data to calculate fault propagation paths and output power grid fault prediction data. Based on the power grid fault prediction data and time-series risk assessment data, combined with power grid topology data, and utilizing the equipment information and node status stored in the graph database, the optimal repair path scheme is generated.

2. The power grid network security analysis method based on graph database as described in claim 1, characterized in that: The spatiotemporal evolution graph model for constructing the power grid includes, based on power grid topology data, constructing a graph data structure for each power grid node in a graph database, where each power grid node represents a device in the power grid and edges represent the power transmission relationship between devices; By combining real-time operational data with power grid topology data, the state attributes of power grid nodes and edges are dynamically updated, and a spatiotemporal evolution graph model is constructed to record the state changes of power grid nodes and edges over time.

3. The power grid network security analysis method based on graph database as described in claim 2, characterized in that: The security level data for generating power grid nodes includes assessing the initial security level of nodes based on the node states and edge connections in the spatiotemporal evolution graph model, combined with historical power grid fault data, real-time operation data, equipment health status data, and external environment data. For each grid node, the initial safety level is dynamically adjusted based on real-time current, real-time load, transmission constraints of connected edges, and the impact of external environmental risks to obtain the node's adjusted safety level. The revised security level is compared with the preset risk level threshold, and a security level is assigned to each node based on the comparison result, generating security level data for each node.

4. The power grid network security analysis method based on graph database as described in claim 3, characterized in that: The output time-series risk assessment data includes combining the security level data of each node with the historical state sequence of nodes recorded in the spatiotemporal evolution graph model to construct a risk assessment model; Using a risk assessment model, based on the node's current real-time operating data and external environment data, the risk level faced by each node at different points in time is assessed, and the risk level at each point in time is organized in chronological order to obtain time-series risk assessment data that reflects the dynamic changes in node risk.

5. The power grid network security analysis method based on graph database as described in claim 4, characterized in that: The output power grid fault prediction data includes the fusion of time-series risk assessment data and node security level data to construct a prediction model for identifying potential fault nodes. By analyzing the risk evolution trend and current security status of nodes through predictive models, the probability of node failure is calculated, and nodes with a failure probability exceeding a set threshold are marked as potential failure nodes. Based on power grid topology data, starting from the marked potential fault nodes, a graph traversal method is used to simulate the process of fault propagation to adjacent nodes along the power transmission relationship, determine the sequence of nodes through which the fault passes, and obtain the fault propagation path. Based on potential fault nodes and fault propagation paths, power grid fault prediction data is generated, which includes fault location, propagation path, and set of affected nodes.

6. The power grid network security analysis method based on graph database as described in claim 5, characterized in that: The method of obtaining the fault propagation probability includes generating candidate propagation paths for each potential fault node based on the connection relationship between nodes and the power flow direction, and calculating the overall propagation risk of the current path for each candidate propagation path by combining the propagation probability of each segment of the path and the bottleneck capacity of the transmission channel. For the same affected node, if there are multiple arrival paths, the path with the greatest overall propagation risk is selected as the main propagation path, and all affected nodes whose overall propagation risk exceeds a preset threshold and their corresponding main propagation paths constitute the fault impact range of the current potential fault node.

7. The power grid network security analysis method based on graph database as described in claim 6, characterized in that: The optimal repair path generation scheme includes analyzing the scope of fault impact and recovery conditions based on power grid fault prediction data, power grid topology data, and the current status of equipment, and generating a preliminary repair path connecting the faulty node with available backup resources. Based on equipment availability, estimated repair time, repair cost, and operational safety, the initial repair path is adjusted using optimization methods to obtain an optimized repair path. Based on the device load capacity, health status, and node risk level stored in the graph database, the urgency of repairing each affected node is calculated, and the repair priority is determined. The repair priority is combined with the optimized repair path to arrange the repair order and form an optimal repair path scheme that includes specific repair nodes, operation order and resource allocation; The process of determining repair priorities includes reading the device load capacity, operational health status, and current risk level of the affected nodes from the graph database, calculating the repair priority value for each node, and using a sorting method to arrange all affected nodes from high to low according to their repair priority values. The access order of nodes in the repair path is then adjusted based on the sorting results.

8. A power grid network security analysis system based on a graph database, employing the power grid network security analysis method based on a graph database as described in any one of claims 1 to 7, characterized in that, It includes a data acquisition and storage module, a spatiotemporal evolution graph model construction module, a safety risk assessment and fault prediction module, and a repair decision and path optimization module; The data acquisition and storage module is used to acquire power grid topology data and real-time operation data, using physical devices in the power grid as nodes in the graph database and power transmission relationships as edges, and verifying the association of synchronized topology information. The spatiotemporal evolution graph model construction module is used to add a time dimension to each node and edge based on the power grid data in the graph database, construct a spatiotemporal evolution graph model that reflects the changes in power grid operation, record the sequence of equipment status changes over time, combine the static topology with the real-time operating status, and observe the changes in the electrical quantity, health status, and connection relationship of the nodes. The safety risk assessment and fault prediction module is used to use a spatiotemporal evolution graph model combined with historical faults of nodes, real-time operating parameters, equipment health status, dynamic rating and classification of the external environment, and to find faulty nodes based on the risk evolution trend of nodes, simulate the spread of faults along power transmission relationships, analyze the fault propagation path and impact range, and generate time-series risk assessment data and fault prediction data. The repair decision and path optimization module is used to calculate the amount of repair required to restore the affected area based on the fault calculation and risk assessment results, combined with the power grid topology and equipment status, and generate a preliminary repair path through an optimization algorithm. Based on the importance and urgency of nodes, it generates the optimal repair path scheme in terms of repair order and resource allocation.

9. A computer device comprising a memory and a processor, wherein the memory stores a computer program, characterized in that, When the processor executes the computer program, it implements the steps of the power grid network security analysis method based on a graph database as described in any one of claims 1 to 7.

10. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the steps of the power grid network security analysis method based on a graph database as described in any one of claims 1 to 7.