CN113392429A - Block chain-based power distribution Internet of things data safety protection method and device - Google Patents
Block chain-based power distribution Internet of things data safety protection method and device Download PDFInfo
- Publication number
- CN113392429A CN113392429A CN202110578512.6A CN202110578512A CN113392429A CN 113392429 A CN113392429 A CN 113392429A CN 202110578512 A CN202110578512 A CN 202110578512A CN 113392429 A CN113392429 A CN 113392429A
- Authority
- CN
- China
- Prior art keywords
- power distribution
- node
- things
- attack detection
- internet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 33
- 238000001514 detection method Methods 0.000 claims abstract description 74
- 230000004927 fusion Effects 0.000 claims abstract description 11
- 239000003795 chemical substances by application Substances 0.000 claims description 56
- 238000012549 training Methods 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 13
- 230000000116 mitigating effect Effects 0.000 claims description 7
- 238000013135 deep learning Methods 0.000 claims description 6
- 238000011156 evaluation Methods 0.000 claims description 6
- 238000013136 deep learning model Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 5
- 239000011159 matrix material Substances 0.000 claims description 4
- 230000008447 perception Effects 0.000 claims description 4
- 230000006870 function Effects 0.000 claims description 3
- 238000011478 gradient descent method Methods 0.000 claims description 3
- 230000006855 networking Effects 0.000 claims 1
- 238000005516 engineering process Methods 0.000 abstract description 6
- 101000900767 Homo sapiens Protein cornichon homolog 1 Proteins 0.000 description 2
- 102100022049 Protein cornichon homolog 1 Human genes 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013145 classification model Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007499 fusion processing Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000001915 proofreading effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/21—Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
- G06F18/214—Generating training patterns; Bootstrap methods, e.g. bagging or boosting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y10/00—Economic sectors
- G16Y10/35—Utilities, e.g. electricity, gas or water
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/10—Detection; Monitoring
-
- G—PHYSICS
- G16—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR SPECIFIC APPLICATION FIELDS
- G16Y—INFORMATION AND COMMUNICATION TECHNOLOGY SPECIALLY ADAPTED FOR THE INTERNET OF THINGS [IoT]
- G16Y40/00—IoT characterised by the purpose of the information processing
- G16Y40/50—Safety; Security of things, users, data or systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Bioethics (AREA)
- Business, Economics & Management (AREA)
- Health & Medical Sciences (AREA)
- Development Economics (AREA)
- Economics (AREA)
- General Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a block chain-based power distribution Internet of things data safety protection method and device, wherein the method comprises the following steps: acquiring data information in a power distribution Internet of things and transmitting the data information to a power distribution edge proxy device; calculating a trust value of the node according to the generation of the node and an information list sent to the outside, and determining whether the node is a consensus node or not based on the trust value; verifying the data information pre-submitted by the power distribution edge agent device with other nodes to determine a consensus node; and each power distribution edge agent device trains an original attack detection model, and the power distribution cloud master station fuses the original attack detection models to obtain a fusion attack detection model for attack detection. By adopting the technical scheme, the distributed attack detection model based on the block chain technology is generated according to the monitored data information, and the attack detection modules are fused to perform optimal detection of network attack, so that the protection capability of different types of data of the distributed network is improved, and the detection efficiency and the protection strength of the network are enhanced.
Description
Technical Field
The invention relates to the technical field of power distribution networks, in particular to a block chain-based power distribution internet of things data security protection method and device.
Background
With the development of information and communication technologies and the popularization of sensor technologies, the internet of things has been widely applied to various fields such as medical treatment, smart cities, smart power grids and the like. In recent years, with the construction promotion of the distribution internet of things and the enhancement of the source-load randomness of the distribution network, the structure of a novel intelligent distribution network is obviously optimized, but the operation environment of the distribution network is complex, the ubiquitous internet of things and the panoramic perception are realized based on the internet of things technology, and the problems of dynamic change of the distribution network structure and increase of data security risks caused by the flexible and various access environments and modes of the internet of things and the large number of terminals are faced. Due to the above reasons, the authenticity of the access node is difficult to identify by the power distribution internet of things, and the power distribution internet of things is easy to be attacked from the outside.
Disclosure of Invention
The purpose of the invention is as follows: the invention aims to provide a block chain-based power distribution Internet of things data security protection method and device.
The technical scheme is as follows: the invention provides a block chain-based power distribution Internet of things data security protection method, which comprises the following steps:
the data information of lines and equipment in the power distribution Internet of things is acquired through a sensing unit arranged on a power distribution intelligent terminal and is transmitted to a power distribution edge proxy device;
according to the generation of the nodes and an information list sent to the outside, the trust model calculates the trust value of the power distribution cloud master station for each node, and determines whether the node is a consensus node in the power distribution internet of things or not based on the trust value; wherein the node comprises a power distribution edge proxy device;
in an attack relieving stage, verifying data information pre-submitted to a power distribution cloud master station by a power distribution edge agent device with other power distribution edge agent devices and a power distribution internet of things, and determining a consensus node in the power distribution internet of things;
and each power distribution edge agent device trains an original attack detection model according to the data information of the sensing unit, and the power distribution cloud master station fuses the original attack detection models to obtain a fused attack detection model which is applied to attack detection.
Specifically, the trust model is used for detecting sybil attack and is carried out in each node participating in consensus, and according to the generation of the node, the node S after the t-th round of consensusiHas a trust value of Ri(t), then Ri(t +1) is:
wherein alpha is more than 0 and less than 1;
according to the list of messages, R, sent externally by the nodei(t +1) is:
wherein beta is more than 0 and less than alpha is less than 1;
and if the trust value is 0, deleting the corresponding node from the power distribution internet of things.
Specifically, the service broadcast is initiated by the power distribution intelligent terminal and the sensing unit, the power distribution cloud master station receives the service broadcast and verifies the service broadcast, if the service broadcast is invalid, the service broadcast is deleted from the power distribution internet of things, and if the service broadcast is valid, the service broadcast is reserved and a block head is generated to be packed into a block.
Specifically, the power distribution cloud master station broadcasts preparation information to each power distribution edge agent device, wherein the preparation information comprises block height, a timestamp, a block header abstract, a current node ID and a consensus node information list; the power distribution edge agent device receives the preparation message and forwards the preparation message to other nodes after verification; the power distribution edge agent device receives preparation messages sent by other power distribution edge agent devices, if the trust value of the power distribution edge agent device sending the preparation messages is larger than a threshold value, the power distribution edge agent device is used as a consensus node and updates a local consensus state, and pre-submitted data information is sent to a power distribution cloud master station; and the power distribution cloud master station compares the received pre-submitted data information, updates the trust value and the consensus node information list of each node according to the trust model, and feeds back the trust value and the consensus node information list to the power distribution intelligent terminal, the sensing unit and the power distribution edge agent device.
Specifically, the power distribution cloud master station drives attack detection through specified data, and the power distribution edge agent device trains an original attack detection model through local data information; the method comprises the steps of storing service data information of the power distribution internet of things in a scattered mode, and recording parameters of an original attack detection model in a hash value mode; and after the training of the original attack detection model is finished, issuing the original attack detection model to a checking agent device, performing offline evaluation on the checking agent device, and fusing the power distribution cloud master station according to an evaluation result.
Specifically, the attack detection task is determined as a deep learning classification, and a data set a is { a1, a2, …, an };
in the deep learning model, the output of a first hidden layer is used as the input of a next hidden layer and is used for training network parameters;
in the deep learning training process, the network parameters are updated by a gradient descent method, which is described as follows:
wherein, sigma and b represent network parameters, L and epsilon represent the maximum iteration times and the learning rate of the standard gradient descent algorithm respectively, and J represents a loss function.
Specifically, the characteristics of each original attack detection model are used for training and fusing the models;
extracting the last hidden layer g of m original attack detection modelsNThe feature vector (f) in (1)1,f2,…,fk,…,fm);
The feature vector f of the kth modelkCascading to obtain cascading characteristic vector fc;
Calculating a weighted sum of the concatenated eigenvectors to obtain a magnitude of
A hidden layer of (a); wherein | ckI is the number of label categories in the kth model;
fully connected weight matrix omega1And ω2Respectively for calculating the i-th hidden layer output HiAnd the j-th final output Y in the corresponding d-layeriWherein the hidden layer output is:
calculating the final output Y using the softmax functioni:
The invention also provides a block chain-based power distribution internet of things data safety protection device, which comprises: perception layer, edge layer and cloud layer, wherein: the sensing layer comprises a power distribution intelligent terminal and a sensing unit, the edge layer comprises a power distribution edge agent device, and the cloud layer comprises a power distribution cloud master station; the sensing layer acquires data information of lines and equipment in the power distribution Internet of things through a sensing unit arranged on the power distribution intelligent terminal and transmits the data information to the power distribution edge proxy device; the edge layer calculates a trust value of the power distribution cloud master station for each node according to the generation of the node and an information list sent to the outside, and determines whether the node is a consensus node in the power distribution internet of things or not based on the trust value; wherein the node comprises a power distribution edge proxy device; in an attack relieving stage, the edge layer verifies data information pre-submitted to a power distribution cloud master station by the power distribution edge agent device, other power distribution edge agent devices and the power distribution internet of things, and determines a consensus node in the power distribution internet of things; and each power distribution edge agent device of the edge layer trains an original attack detection model according to the data information of the sensing unit, and the cloud power distribution cloud master station fuses each original attack detection model to obtain a fusion attack detection model for attack detection.
Specifically, the trust model is used for detecting sybil attack and is carried out in each node participating in consensus, and according to the generation of the node, the node S after the t-th round of consensusiHas a trust value of Ri(t), then Ri(t +1) is:
wherein alpha is more than 0 and less than 1;
according to an information list externally sent by a node, Ri (t +1) is:
wherein beta is more than 0 and less than alpha is less than 1;
and if the trust value is 0, deleting the corresponding node from the power distribution internet of things.
Specifically, the service broadcast is initiated by the power distribution intelligent terminal and the sensing unit, the power distribution cloud master station receives the service broadcast and verifies the service broadcast, if the service broadcast is invalid, the service broadcast is deleted from the power distribution internet of things, and if the service broadcast is valid, the service broadcast is reserved and a block head is generated to be packed into a block.
Has the advantages that: compared with the prior art, the invention has the following remarkable advantages: a block chain is formed by a plurality of power distribution edge proxy devices of the edge layer, data information is stored, on one hand, external attacks can be responded, data loss is avoided, and on the other hand, an attack detection model can be trained.
Drawings
FIG. 1 is a schematic view of a safety protection structure provided by the present invention;
FIG. 2 is a block chain-based attack detection architecture provided by the present invention;
fig. 3 is a schematic diagram of an attack model fusion process provided by the present invention.
Detailed Description
The technical scheme of the invention is further explained by combining the attached drawings.
Referring to fig. 1, the invention provides a block chain-based power distribution internet of things data security protection method, which includes a distributed security protection model, wherein each power distribution edge agent device has its own attack detection model and shares the model with other nodes and a power distribution cloud master station server; according to the characteristic of self-adaptive dynamic management data of an SDN (software defined network) in the model, flow data of the whole network are continuously monitored and analyzed through a sensing unit arranged on a power distribution intelligent terminal (an Internet of things terminal).
In specific implementation, a distributed attack detection model based on a block chain technology is generated according to monitored network traffic data, and the original attack detection models are fused to perform optimal detection of network attack by using early fusion; attack mitigation is performed at the power distribution edge proxy device and a pre-commit phase is added.
In a specific implementation, the decentralized security model includes three levels: a sensing layer, an edge layer and a cloud layer. The sensing layer consists of a plurality of power distribution intelligent terminals and sensing units widely distributed, can monitor various electric quantity and state quantity data of power distribution network lines and equipment, and forwards the data to the edge layer; the edge layer is composed of power distribution edge Agent devices, each power distribution edge Agent device is provided with a low-power-consumption high-performance SDN aggregator, each SDN aggregator is connected with a plurality of local power distribution intelligent terminals and sensors and processes and analyzes flow data from the power distribution intelligent terminals and the sensors, the primarily processed data are transmitted to Agent Core (AC) controllers of power distribution cloud master stations of the cloud layer, each AC controller is associated with an SDN aggregator cluster and is responsible for analyzing the processed data to identify abnormal flow, based on the identified abnormal flow, the AC controllers update and manage flow rules flowing to the respective SDN aggregators, and indicate the SDN aggregators to detect attacks with low delay.
The sybil attack under the block chain network architecture can seriously consume the calculation cost of each node in the network and influence the resource sharing of the nodes in the network, so the detection of the sybil attack is realized by adopting a trust model.
The trust model can be executed in each node participating in consensus, the set trust value is a real number from 0 to 1, and the greater the trust value is, the higher the credibility is. The consensus node is a trusted node in the power distribution internet of things and can safely transmit data information, and the consensus action is a action process for determining whether the node is the consensus node in the power distribution internet of things. The initial trust value of the newly-added consensus node is usually set to 0.5, and according to different consensus behaviors between the distribution cloud master station and the nodes, the following 2 cases can be discussed:
(1) in the t rounds of consensus establishing procedures, the generated nodes (new blocks) increase the trust value of the power distribution cloud master station, and the speed of increasing the trust value is reduced along with the increase of the rounds of consensus, but the maximum value is smaller than 1. Otherwise, if no new block is generated, the power distribution cloud master station trust value is reduced, and the reduction speed is determined by a coefficient alpha (alpha is more than 0 and less than 1).
Node S after t-th round consensusiHas a trust value of Ri(t), then Ri(t +1) is:
(2) in the t round consensus process, if the power distribution edge proxy devices send the same message lists to other nodes and verify that the voting results (the verification results of the message lists of the power distribution edge proxy devices) of all the nodes are consistent, the trust value of the power distribution edge proxy devices is increased. However, if the power distribution edge agent device does not participate in the consensus process, the trust value will decrease, and the rate of decrease is determined by α. If the power distribution edge agent device participates in the consensus process, but the voting results of all nodes are not consistent, the trust value of the power distribution edge agent device is also reduced, and the reduction speed is determined by a coefficient beta (0 < beta < alpha < 1). If a certain common identification node sends different message lists, the common identification node is judged to be a sybil (Sybil attack) node, the trust value is reduced to 0, the common identification node is deleted from the power distribution Internet of things, and then R is obtainedi(t +1) is:
in the embodiment of the present invention, the attack mitigation process of sybil nodes in the detection block chain is evaluated by the trust value as follows:
(1) and the intelligent power distribution terminal and the sensing unit initiate a service tra and broadcast the service tra. The power distribution cloud master station 0 receives the service and firstly verifies the service; if not, deleting directly, if valid, reserving and generating block head BheadTo be packed into blocks.
(2) The power distribution cloud master station 0 broadcasts a PRE-preparation message to each power distribution edge agent device, and the content is < PRE-PREPARE, h, kappa, t, P0,CNIL0>δ0,BheadWhere h is the block height, t is the timestamp, k is BheadSummary of (1), P0Is the current node ID, CNIL0Is power distributionAnd (4) a list of consensus node information of the cloud master station 0.
(3) The power distribution edge agent devices 1 and 2 receive the information broadcast by the power distribution cloud master station 0, and also firstly carry out validity verification, and then forward the accurate information to other nodes after verification, wherein the contents are < PREPARE, h, k, t, Pi,CNILi>δi,Bhead>。
(4) The preparation messages received by the power distribution edge proxy devices 1 and 2 come from other power distribution edge proxy devices, and nodes sending the messages have different trust values. The method comprises the steps that firstly, a power distribution edge proxy device calculates the trust value of a node which sends a message to the power distribution edge proxy device currently, if the trust value is larger than a trust value threshold value, the consensus state of local service information is updated, and the sending content is < PRE-COMMIT, h, kappa, t, Pi>δi,<CNIL>δiPre-commit information for > is provided.
(5) The distribution cloud master station compares the pre-submitted information, updates each node trust value and the consensus node information list according to the trust model, simultaneously feeds back results to the distribution intelligent terminal, the sensing unit and the distribution edge proxy device, and the distribution edge proxy device sends the submitted information with the content < COMMIT, h, k, t, P0>δ0,<CNIL>δ0>。
In specific implementation, through a pre-submission process of the attack mitigation stage of the power distribution edge proxy device, a trusted node in a network is updated, and the condition that an attack directly reaches a power distribution cloud master station is avoided.
In the embodiment of the invention, the attack detection based on the block chain comprises two entities, namely a power distribution cloud master station and a power distribution edge agent device. The power distribution cloud master server defines data-driven tasks for attack detection, provides test data sets and describes the accuracy of the estimates to validate the attack detection model from each power distribution edge agent device. The distribution edge proxy device is the entity responsible for handling the decentralized attack detection model.
In a specific implementation, all participants of the power distribution internet of things perform data traffic interaction through a blockchain. First, the power distribution cloud master server starts an attack detection process by specifying a data-driven task for which a processing agent (power distribution edge agent device) prepares an original attack detection model by performing machine learning training on its local data. Meanwhile, the power distribution network service files are stored in a scattered mode, and parameters of the attack detection model are recorded in a hash value mode. And then, releasing the prepared attack detection to a checking agent, once the checking agent receives the broadcasted attack detection model, starting to carry out down-link evaluation on the model, and announcing an evaluation result through a distributed application program. And finally, the power distribution cloud master station server can fuse all the original attack detection models by using the same strategy adopted by the proofreading agent, so that a fusion attack detection model is obtained.
Referring to FIG. 2, in an implementation, early fusion is employed for fusion of attack detection models. In the attack detection model based on early fusion, assuming that the attack detection task is deep learning classification, each processing agent designs a classification model according to the attack detection task given by the power distribution cloud master station server, and gives a deep learning model AkIs marked as a ═ a1,a2,…,anIn the deep learning model, the first hidden layer g1The output is the next hidden layer g2For training the network parameters sigma and b. Repeating the training process until the Nth hidden layer g is givenNTraining network parameter sigmaN。gNIs a model AkAnd extracting features of the Nth layer. For convenience of explanation, [ σ ] is used1,σ2,…,σN]And b ═ b1,b2,…,bn]Representative deep learning model AkThe network parameters (weight matrix and bias vector) of the nth hidden layer.
In the embodiment of the present invention, the network parameters in the deep learning training process are updated by a gradient descent method, which can be described as follows:
wherein, L and epsilon are the maximum iteration number and the learning rate of the standard gradient descent algorithm respectively, and J represents a loss function.
In a specific implementation, all attack detection models (A) are based on the extracted features1,A2,…,Ak,…,Am) Early fusion of (3) is shown in figure 3. Performing a training process for each attack detection model using the features of each model, the last hidden layer g of each modelNIs extracted from (f)1,f2,…,fk,…,fm). To fuse m shared models, first, by fitting the feature vector f of each kth modelkCascading to obtain a cascaded feature fc. Then, a cascade feature vector f is calculatedcTo obtain a weighted sum of size
A hidden layer of (b), wherein | ckI is the number of labeled classes in the kth model, the fully connected weight matrix ω1And ω2Respectively for computing hidden layer output HiAnd a final output Yi. Initially, both weight matrices are initialized randomly and the optimal values of the two matrices are obtained using a back-propagation algorithm. Wherein the hidden layer output is:
calculating the final output Y using the softmax functioni:
According to the distributed security protection model based on the block chain, the attack detection model is configured in each power distribution edge agent device, the SDN is adaptive to the characteristics of dynamic management data, the flow data of the whole network can be continuously monitored and analyzed, the problems in centralized and distributed attack detection are solved, and the data security of the power distribution Internet of things is ensured. Meanwhile, a distributed attack detection model based on a block chain technology is generated according to monitored network flow data, and the attack detection modules are fused by early fusion to optimally detect the network attack, so that the protection capability of the network on different types of data such as distributed power sources, nodes and terminals is improved, and the detection efficiency and the protection strength of the network are further enhanced.
The invention also provides a block chain-based power distribution internet of things data safety protection device, which comprises: perception layer, edge layer and cloud layer, wherein:
the sensing layer comprises a power distribution intelligent terminal and a sensing unit, the edge layer comprises a power distribution edge agent device, and the cloud layer comprises a power distribution cloud master station; the sensing layer acquires data information of lines and equipment in the power distribution Internet of things through a sensing unit arranged on the power distribution intelligent terminal and transmits the data information to the power distribution edge proxy device; the edge layer calculates a trust value of the power distribution cloud master station for each node according to the generation of the node and an information list sent to the outside, and determines whether the node is a consensus node in the power distribution internet of things or not based on the trust value; wherein the node comprises a power distribution edge proxy device; in an attack relieving stage, the edge layer verifies data information pre-submitted to a power distribution cloud master station by the power distribution edge agent device, other power distribution edge agent devices and the power distribution internet of things, and determines a consensus node in the power distribution internet of things; and each power distribution edge agent device of the edge layer trains an original attack detection model according to the data information of the sensing unit, and the cloud power distribution cloud master station fuses each original attack detection model to obtain a fusion attack detection model for attack detection.
In the embodiment of the invention, the trust model is used for detecting sybil attack, is carried out in each node participating in consensus, and is generated according to the node S after the t-th round of consensusiHas a trust value of Ri(t), then Ri(t +1) is:
wherein alpha is more than 0 and less than 1;
according to the list of messages, R, sent externally by the nodei(t +1) is:
wherein beta is more than 0 and less than alpha is less than 1;
and if the trust value is 0, deleting the corresponding node from the power distribution internet of things.
In this embodiment of the present invention, the attack mitigation stage includes: the intelligent power distribution terminal and the sensing unit initiate service broadcasting, the power distribution cloud master station receives the service broadcasting and verifies the service broadcasting, if the service broadcasting is invalid, the service broadcasting is deleted from the power distribution Internet of things, and if the service broadcasting is valid, the service broadcasting is reserved and a block head is generated to be packed into a block.
Claims (10)
1. A block chain-based power distribution Internet of things data security protection method is characterized by comprising the following steps:
the data information of lines and equipment in the power distribution Internet of things is acquired through a sensing unit arranged on a power distribution intelligent terminal and is transmitted to a power distribution edge proxy device;
according to the generation of the nodes and an information list sent to the outside, the trust model calculates the trust value of the power distribution cloud master station for each node, and determines whether the node is a consensus node in the power distribution internet of things or not based on the trust value; wherein the node comprises a power distribution edge proxy device;
in an attack relieving stage, verifying data information pre-submitted to a power distribution cloud master station by a power distribution edge agent device with other power distribution edge agent devices and a power distribution internet of things, and determining a consensus node in the power distribution internet of things;
and each power distribution edge agent device trains an original attack detection model according to the data information of the sensing unit, and the power distribution cloud master station fuses the original attack detection models to obtain a fused attack detection model which is applied to attack detection.
2. The block chain-based power distribution internet of things data security protection method according to claim 1, wherein the message is sent to the networkThe arbitrary model is used for detecting sybil attack and is carried out in each node participating in consensus, and according to the generation of the node, the node S after the t-th round of consensusiHas a trust value of Ri(t), then Ri(t +1) is:
wherein alpha is more than 0 and less than 1;
according to the list of messages, R, sent externally by the nodei(t +1) is:
wherein beta is more than 0 and less than alpha is less than 1;
and if the trust value is 0, deleting the corresponding node from the power distribution internet of things.
3. The block chain based power distribution internet of things data security protection method according to claim 2, wherein the attack mitigation stage comprises:
the intelligent power distribution terminal and the sensing unit initiate service broadcasting, the power distribution cloud master station receives the service broadcasting and verifies the service broadcasting, if the service broadcasting is invalid, the service broadcasting is deleted from the power distribution Internet of things, and if the service broadcasting is valid, the service broadcasting is reserved and a block head is generated to be packed into a block.
4. The block chain based power distribution internet of things data security protection method according to claim 3, wherein the attack mitigation stage comprises:
the power distribution cloud master station broadcasts preparation information to each power distribution edge agent device, wherein the preparation information comprises block height, a timestamp, a block head abstract, a current node ID and a consensus node information list;
the power distribution edge agent device receives the preparation message and forwards the preparation message to other nodes after verification;
the power distribution edge agent device receives preparation messages sent by other power distribution edge agent devices, if the trust value of the power distribution edge agent device sending the preparation messages is larger than a threshold value, the power distribution edge agent device is used as a consensus node and updates a local consensus state, and pre-submitted data information is sent to a power distribution cloud master station;
and the power distribution cloud master station compares the received pre-submitted data information, updates the trust value and the consensus node information list of each node according to the trust model, and feeds back the trust value and the consensus node information list to the power distribution intelligent terminal, the sensing unit and the power distribution edge agent device.
5. The block chain based power distribution internet of things data security protection method according to claim 4, comprising the following steps:
the power distribution cloud master station drives attack detection through specified data, and the power distribution edge agent device trains an original attack detection model through local data information;
the method comprises the steps of storing service data information of the power distribution internet of things in a scattered mode, and recording parameters of an original attack detection model in a hash value mode;
and after the training of the original attack detection model is finished, issuing the original attack detection model to a checking agent device, performing offline evaluation on the checking agent device, and fusing the power distribution cloud master station according to an evaluation result.
6. The block chain based power distribution internet of things data security protection method according to claim 5, comprising the following steps:
determining an attack detection task as a deep learning classification, wherein a is a data set a ═ a1,a2,…,an};
In the deep learning model, the output of a first hidden layer is used as the input of a next hidden layer and is used for training network parameters;
in the deep learning training process, the network parameters are updated by a gradient descent method, which is described as follows:
wherein, sigma and b represent network parameters, L and epsilon represent the maximum iteration times and the learning rate of the standard gradient descent algorithm respectively, and J represents a loss function.
7. The block chain based power distribution internet of things data security protection method according to claim 6, comprising the following steps:
training and fusing the models by using the characteristics of each original attack detection model;
extracting the last hidden layer g of m original attack detection modelsNThe feature vector (f) in (1)1,f2,…,fk,…,fm);
The feature vector f of the kth modelkCascading to obtain cascading characteristic vector fc;
Calculating a weighted sum of the concatenated eigenvectors to obtain a magnitude of
A hidden layer of (a); wherein | ckI is the number of label categories in the kth model;
fully connected weight matrix omega1And ω2Respectively for calculating the i-th hidden layer output HiAnd the j-th final output Y in the corresponding d-layeriWherein the hidden layer output is:
calculating the final output Y using the softmax functioni:
8. The utility model provides a distribution thing networking data safety device based on block chain which characterized in that includes: perception layer, edge layer and cloud layer, wherein:
the sensing layer comprises a power distribution intelligent terminal and a sensing unit, the edge layer comprises a power distribution edge agent device, and the cloud layer comprises a power distribution cloud master station;
the sensing layer acquires data information of lines and equipment in the power distribution Internet of things through a sensing unit arranged on the power distribution intelligent terminal and transmits the data information to the power distribution edge proxy device;
the edge layer calculates a trust value of the power distribution cloud master station for each node according to the generation of the node and an information list sent to the outside, and determines whether the node is a consensus node in the power distribution internet of things or not based on the trust value; wherein the node comprises a power distribution edge proxy device;
in an attack relieving stage, the edge layer verifies data information pre-submitted to a power distribution cloud master station by the power distribution edge agent device, other power distribution edge agent devices and the power distribution internet of things, and determines a consensus node in the power distribution internet of things;
and each power distribution edge agent device of the edge layer trains an original attack detection model according to the data information of the sensing unit, and the cloud power distribution cloud master station fuses each original attack detection model to obtain a fusion attack detection model for attack detection.
9. The blockchain-based power distribution internet of things data security protection device according to claim 8, wherein the trust model is used for detecting sybil attack and is carried out in each node participating in consensus, and according to generation of the node, the node S after the tth round of consensusiHas a trust value of Ri(t), then Ri(t +1) is:
wherein alpha is more than 0 and less than 1;
according to the list of messages, R, sent externally by the nodei(t +1) is:
wherein beta is more than 0 and less than alpha is less than 1;
and if the trust value is 0, deleting the corresponding node from the power distribution internet of things.
10. The block chain based power distribution internet of things data security protection method according to claim 9, wherein the attack mitigation stage comprises:
the intelligent power distribution terminal and the sensing unit initiate service broadcasting, the power distribution cloud master station receives the service broadcasting and verifies the service broadcasting, if the service broadcasting is invalid, the service broadcasting is deleted from the power distribution Internet of things, and if the service broadcasting is valid, the service broadcasting is reserved and a block head is generated to be packed into a block.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110578512.6A CN113392429B (en) | 2021-05-26 | 2021-05-26 | Block chain-based power distribution Internet of things data safety protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110578512.6A CN113392429B (en) | 2021-05-26 | 2021-05-26 | Block chain-based power distribution Internet of things data safety protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113392429A true CN113392429A (en) | 2021-09-14 |
| CN113392429B CN113392429B (en) | 2023-12-12 |
Family
ID=77619378
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110578512.6A Active CN113392429B (en) | 2021-05-26 | 2021-05-26 | Block chain-based power distribution Internet of things data safety protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113392429B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124522A (en) * | 2021-11-22 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Model training method, device, equipment and storage medium for multi-stage system |
| CN114205816A (en) * | 2021-12-14 | 2022-03-18 | 中国电力科学研究院有限公司 | Information security architecture of power mobile Internet of things and use method thereof |
| CN114650166A (en) * | 2022-02-07 | 2022-06-21 | 华东师范大学 | Fusion anomaly detection system for open heterogeneous network |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180007084A1 (en) * | 2016-06-29 | 2018-01-04 | Cisco Technology, Inc. | Automatic retraining of machine learning models to detect ddos attacks |
| WO2019148576A1 (en) * | 2018-02-05 | 2019-08-08 | 重庆邮电大学 | Ddos attack detection and mitigation method for industrial sdn network |
| CN110493198A (en) * | 2019-07-26 | 2019-11-22 | 北京工业大学 | A method of it is attacked based on Sybil in PBFT algorithm defence block chain is improved |
| US20200112572A1 (en) * | 2018-10-04 | 2020-04-09 | Research Foundation Of The City University Of New York | Blockchain architecture for computer security applications |
| US20200137090A1 (en) * | 2018-10-31 | 2020-04-30 | General Electric Company | Industrial asset cyber-attack detection algorithm verification using secure, distributed ledger |
| CN111565199A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network attack information processing method and device, electronic equipment and storage medium |
| EP3702951A1 (en) * | 2019-03-01 | 2020-09-02 | Siemens Aktiengesellschaft | Computer-implemented method and blockchain system for detection of attacks on a computer system or computer network |
| US20200372154A1 (en) * | 2019-05-21 | 2020-11-26 | Jaroona Chain Ou | Blockchain security |
| CN112491823A (en) * | 2020-11-13 | 2021-03-12 | 齐鲁工业大学 | DDoS attack joint defense system and method based on block chain |
-
2021
- 2021-05-26 CN CN202110578512.6A patent/CN113392429B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180007084A1 (en) * | 2016-06-29 | 2018-01-04 | Cisco Technology, Inc. | Automatic retraining of machine learning models to detect ddos attacks |
| WO2019148576A1 (en) * | 2018-02-05 | 2019-08-08 | 重庆邮电大学 | Ddos attack detection and mitigation method for industrial sdn network |
| US20200112572A1 (en) * | 2018-10-04 | 2020-04-09 | Research Foundation Of The City University Of New York | Blockchain architecture for computer security applications |
| US20200137090A1 (en) * | 2018-10-31 | 2020-04-30 | General Electric Company | Industrial asset cyber-attack detection algorithm verification using secure, distributed ledger |
| EP3702951A1 (en) * | 2019-03-01 | 2020-09-02 | Siemens Aktiengesellschaft | Computer-implemented method and blockchain system for detection of attacks on a computer system or computer network |
| US20200372154A1 (en) * | 2019-05-21 | 2020-11-26 | Jaroona Chain Ou | Blockchain security |
| CN110493198A (en) * | 2019-07-26 | 2019-11-22 | 北京工业大学 | A method of it is attacked based on Sybil in PBFT algorithm defence block chain is improved |
| CN111565199A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network attack information processing method and device, electronic equipment and storage medium |
| CN112491823A (en) * | 2020-11-13 | 2021-03-12 | 齐鲁工业大学 | DDoS attack joint defense system and method based on block chain |
Non-Patent Citations (2)
| Title |
|---|
| DEVESH SHUKLA: "Block-chain Based Energy Trading in ADN with its probable impact on Aggregated Load Profile and Available Distribution Capability", 《2020 2ND INTERNATIONAL CONFERENCE ON SMART POWER & INTERNET ENERGY SYSTEMS》, no. 2020, pages 486 - 491, XP033849354, DOI: 10.1109/SPIES48661.2020.9242977 * |
| 黄豪杰;吴晓晓;李刚强;: "基于区块链智能合约的物联网恶意节点检测和定位", 物联网学报, no. 02, pages 59 - 70 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124522A (en) * | 2021-11-22 | 2022-03-01 | 北京天融信网络安全技术有限公司 | Model training method, device, equipment and storage medium for multi-stage system |
| CN114205816A (en) * | 2021-12-14 | 2022-03-18 | 中国电力科学研究院有限公司 | Information security architecture of power mobile Internet of things and use method thereof |
| CN114205816B (en) * | 2021-12-14 | 2023-08-08 | 中国电力科学研究院有限公司 | Electric power mobile internet of things information security architecture and application method thereof |
| CN114650166A (en) * | 2022-02-07 | 2022-06-21 | 华东师范大学 | Fusion anomaly detection system for open heterogeneous network |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113392429B (en) | 2023-12-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Abbasi et al. | Intelligent workload allocation in IoT–Fog–cloud architecture towards mobile edge computing | |
| CN110610242B (en) | Method and device for setting weights of participants in federal learning | |
| CN113392429A (en) | Block chain-based power distribution Internet of things data safety protection method and device | |
| Pang et al. | A malicious node detection strategy based on fuzzy trust model and the ABC algorithm in wireless sensor network | |
| Olowononi et al. | Federated learning with differential privacy for resilient vehicular cyber physical systems | |
| Geng et al. | A fault prediction algorithm based on rough sets and back propagation neural network for vehicular networks | |
| CN114003584B (en) | Bayesian-preemption fault-tolerant consensus method based on evolution game | |
| CN108696453B (en) | Lightweight SDN service flow notification method and system | |
| Javed et al. | ODPV: An efficient protocol to mitigate data integrity attacks in intelligent transport systems | |
| US20170085481A1 (en) | Method and apparatus for transmitting and receiving data in communication system | |
| Xing et al. | Uavs-aided delay-tolerant blockchain secure offline transactions in post-disaster vehicular networks | |
| CN112929845A (en) | Vehicle networking node trust evaluation method and system based on block chain | |
| CN111181930A (en) | DDoS attack detection method, device, computer equipment and storage medium | |
| CN112149967A (en) | Power communication network vulnerability assessment method and system based on complex system theory | |
| CN114640498A (en) | Network intrusion cooperative detection method based on federal learning | |
| CN115544873B (en) | Training efficiency and personalized effect quantitative evaluation method for personalized federal learning | |
| CN113037553B (en) | IEC102 protocol communication behavior abnormity detection method and system based on IA-SVM | |
| CN113658015B (en) | Analysis method for influence information propagation of intervention information position and intervention time | |
| CN109040075B (en) | Management method, server and system for nodes in wireless mobile sensor network | |
| CN111079175A (en) | Data processing method, data processing device, computer readable storage medium and computer equipment | |
| CN112396151B (en) | Rumor event analysis method, rumor event analysis device, rumor event analysis equipment and computer readable storage medium | |
| CN112906745B (en) | Integrity intelligent network training method based on edge cooperation | |
| Zhiming et al. | 5G Intelligent Network Trust Model Based on Subjective Logic | |
| CN112396150B (en) | Rumor event analysis method, rumor event analysis device, rumor event analysis equipment and computer readable storage medium | |
| Zhang | Research on Information Dissemination Security Based on Generative Adversarial Network in Internet of Vehicle Environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |