Study and Practice of Cybersecurity Situation Evaluation Method for Smart Grid

摘要

With the in-depth application of the information communication technology (ICT) in all aspects of theelectricity generation, transmission, substation, distribution, and dispatching, the electric power flow,information flow and business flow have achieved a high degree of integration in the smart grid. As the martgrid includes a great number of information systems and equipments, many cybersecurity emergencieswould occur. In order to cope with the cybersecurity challenges, an active cybersecurity defense system ofthe smart grid needs to be built. The cybersecurity situation evaluation (CSSE) is one of the keytechnologies to build the active defense system.Basing on a large number of micro abnormal state (or event) and monitoring results, the CSSE is atechnology that could achieve the evaluation and trends prediction for overall cybersecurity. The CSSEmainly focuses on the cybersecurity situation awareness (CSSAw), the cybersecurity situation assessment(CSSAs) and the cybersecurity situation forecast (CSSF).A novel CSSE method based on the Ada-boosting algorithm has been proposed and implemented:a. With a thorough analysis of the work processes of CSSAw and CSSF, their common mathematicsnature has been attributed to the function fitting. In addition, combined with the CSSAw, CSSAs and CSSFworkflows, an integrated CSSE model has been designed, which abstracts both the CSSAw and CSSF intothe function fitting and solves them separately by using the Ada-boosting algorithm repeatedly. Theintegrated model has greatly simplified the complexity of the CSSE model.b. In order to improve the reliability of the CSSE method, accuracy, timeliness and intelligence havebeen fully taken into account: for the accuracy, the Ada-boosting algorithm is adopted as the key algorithmin function fitting, the feature of the algorithm that continuously enhanced learning of the higher calculatingerror sample would greatly improve the function fitting accuracy; for the timeliness, the core vector machine(CVM) is used as the weak learner of the Ada-boosting algorithm to significantly reduce the computing timeand space complexity; for the intelligence, all algorithms supported by the theoretical foundation ofartificial intelligence can achieve full automatic work after pre-setting the operating parameters.c. Based on the cybersecurity monitoring project of State Grid of Corporation China (SGCC), the CSSEmodel has firstly been applied to a large scale cybersecurity situation early warning system, and itspracticality has been verified by more than three years’ practices.