PDF(2370 KB)
PDF(2370 KB)
PDF(2370 KB)
基于自注意力与多模态融合的电力系统攻防协同模型
Power System Attack-Defense Collaborative Model Based on Self-Attention and Multi-Modal Fusion
【目的】针对新型电力系统数据驱动算法对抗攻击风险及攻防协同性不足的问题,搭建对抗攻击与防御协同优化理论框架,提升攻击靶向性、防御鲁棒性及复杂攻击特征辨识能力,建立攻防协同进化的闭环优化机制。【方法】在对抗攻击生成模块中,通过自注意力机制量化节点特征贡献度并结合Top-K策略筛选关键节点;利用编解码器与强化学习动态优化扰动策略,经过滤器保留关键节点扰动以提升攻击效率。在对抗防御模型中,采用栈式自编码器提取静态结构特征,卷积神经网络-长短期记忆网络融合时空特征,通过动态权重策略整合多模态特征后,经支持向量机分类器实现攻击样本与正常样本的辨识。【结果】相较于随机节点攻击、快速梯度符号法及投影梯度下降攻击方法,所提攻击方法在维持较高成功率的同时,其全攻击强度范围内的鲁棒性更贴合电力系统对抗攻击实际需求,且扰动可集中于关键节点,由此验证了攻击靶向性优势;防御层面,融合模型性能显著优于单一模型,凸显多模态特征融合对复杂攻击模式的强辨识能力。【结论】攻击侧融合自注意力与强化学习,实现了关键节点的靶向扰动;防御侧采用多模态特征融合,提升了复杂攻击的辨识能力;并通过闭环反馈机制,实现了攻防策略的动态协同进化。
[Objective] Aiming at the problems of adversarial attack risks and insufficient offensive-defense coordination of data-driven algorithms in new power systems, a theoretical framework for co-optimization of adversarial attacks and defense is established. This framework aims to enhance attack targeting, defense robustness, and the capability to identify complex attack features, thereby establishing a closed-loop optimization mechanism for offensive-defense co-evolution. [Methods] In the adversarial attack generation module, a self-attention mechanism is utilized to quantify node feature contributions, and a Top-K strategy is combined to screen key nodes. An encoder-decoder architecture and reinforcement learning are employed to dynamically optimize perturbation strategies, and a filter retains perturbations on key nodes to improve attack efficiency. In the adversarial defense model, a stacked autoencoder extracts static structural features, while a convolutional neural network-long short-term memory network fuses spatiotemporal features. These multi-modal features are then integrated via a dynamic weighting strategy and fed into a support vector machine classifier to distinguish attack samples from normal samples. [Results] Compared with random node attacks, the fast gradient sign method, and projected gradient descent attacks, the proposed attack method maintains a high success rate while demonstrating robustness across the entire attack intensity range that better aligns with the practical requirements of power system adversarial attacks. Furthermore, perturbations can be concentrated on key nodes, verifying the advantage of attack targeting. On the defense side, the fusion model's performance significantly surpasses that of single models, highlighting the strong identification capability of multi-modal feature fusion for complex attack patterns. [Conclusions] On the attack side, the integration of self-attention and reinforcement learning achieves targeted perturbation on key nodes. On the defense side, the adoption of multi-modal feature fusion enhances the identification capability for complex attacks. Furthermore, a dynamic co-evolution of offensive and defensive strategies is realized through a closed-loop feedback mechanism.
对抗攻击 / 数据驱动算法 / 电力信息物理系统 / 攻击向量注入 / 攻击防御
adversarial attack / data-driven algorithm / power cyber-physical systems / attack vector injection / attack defense
| [1] |
汤奕, 崔晗, 李峰, 等. 人工智能在电力系统暂态问题中的应用综述[J]. 中国电机工程学报, 2019, 39(1): 2-13, 315.
|
| [2] |
李峰, 王琦, 胡健雄, 等. 数据与知识联合驱动方法研究进展及其在电力系统中应用展望[J]. 中国电机工程学报, 2021, 41(13): 4377-4389.
|
| [3] |
张怡, 张恒旭, 李常刚, 等. 深度学习在电力系统频率分析与控制中的应用综述[J]. 中国电机工程学报, 2021, 41(10): 3392-3406.
|
| [4] |
和敬涵, 罗国敏, 程梦晓, 等. 新一代人工智能在电力系统故障分析及定位中的研究综述[J]. 中国电机工程学报, 2020, 40(17): 5506-5516.
|
| [5] |
冯双, 崔昊, 陈佳宁, 等. 人工智能在电力系统宽频振荡中的应用与挑战[J]. 中国电机工程学报, 2021, 41(23): 7889-7904.
|
| [6] |
朱卫平, 汤奕, 魏兴慎, 等. 针对电力CPS数据驱动算法对抗攻击的防御方法[J]. 中国电力, 2024, 57(9): 32-43.
|
| [7] |
王新宇, 张明月. 基于改进PSO优化RBF神经网络的新型电力系统虚假数据攻击检测研究[J]. 山东电力技术, 2025, 52(5): 50-56.
|
| [8] |
|
| [9] |
|
| [10] |
|
| [11] |
|
| [12] |
陈洪, 陈惠文, 冯良坤, 等. 面向恶意攻击与级联失效的电力调度数据网络鲁棒性增强方法[J]. 广东电力, 2025, 38(2): 28-37.
|
| [13] |
|
| [14] |
常颢, 徐俊俊, 王晓兵, 等. 基于对抗性自动编码器的城市配电网虚假数据注入攻击检测[J]. 山东电力技术, 2024, 51(3): 18-26.
|
| [15] |
陶磊, 罗萍萍, 林济铿. 基于深度学习的直流微电网虚假数据注入攻击二阶段检测方法[J]. 中国电力, 2024, 57(9): 11-19.
|
| [16] |
刘增稷, 王琦, 薛彤, 等. 电力系统中数据驱动算法安全威胁分析及应对方法研究[J]. 中国电机工程学报, 2023, 43(12): 4538-4553.
|
| [17] |
黄冬梅, 丁仲辉, 胡安铎, 等. 低成本对抗性隐蔽虚假数据注入攻击及其检测方法[J]. 电网技术, 2023, 47(4): 1531-1540.
|
| [18] |
|
| [19] |
|
| [20] |
赵玉明, 顾慎凯. 融合残差密集块自注意力机制和生成对抗网络的对抗攻击防御模型[J]. 计算机应用, 2022, 42(3): 921-929.
神经网络在图像分类任务上表现优异,但它极易受添加微小扰动的对抗样本的影响,输出错误的分类结果;而目前防御方法存在图像特征提取能力不足、对图像关键区域特征关注较少的问题。针对这些问题,提出了一种融合残差密集块(RDB)自注意力机制和生成对抗网络(GAN)的攻击防御模型——RD-SA-DefGAN。该模型将GAN和投影梯度下降(PGD)攻击算法相结合,吸收PGD攻击算法生成的对抗样本进入训练样本扩充训练集,辅以条件约束稳定模型的训练过程。该模型添加了残差密集块和自注意力机制,在充分提取特征的同时,增大了关键区域特征对分类任务的贡献度。在CIFAR10、STL10和ImageNet20数据集上的实验结果表明,RD-SA-DefGAN能对对抗攻击实施有效防御,在抵御PGD对抗攻击上优于Adv.Training、Adv-BNN、Rob-GAN等防御方法。相较于结构最近似的Rob-GAN,在CIFAR10数据集上,RD-SA-DefGAN在扰动阈值为0.015~0.070时,防御成功率提升了5.0~9.1个百分点。
Neural network has outstanding performance on image classification tasks. However, it is vulnerable to adversarial examples generated by adding small perturbations, which makes it output incorrect classification results. The current defense methods have the problems of insufficient image feature extraction ability and less attention to the features of key areas of the image. To address these issues, a Defense model that fuses Residual Dense Block (RDB) Self-Attention mechanism and Generative Adversarial Network (GAN), namely RD-SA-DefGAN, was proposed. GAN was combined with Projected Gradient Descent (PGD) attacking algorithm. The adversarial samples generated by PGD attacking algorithm were input to the training sample set, and the training process of model was stabilized by conditional constraints. The model also introduced RDB and self-attention mechanism, fully extracted features from the image, and enhanced the contribution of features from the key areas of the image. Experimental results on CIFAR10, STL10, and ImageNet20 datasets show that RD-SA-DefGAN can effectively defend from adversarial attacks, and outperforms Adv.Training, Adv-BNN, and Rob-GAN methods on defending PGD adversarial attacks. Compared to the most similar algorithm Rob-GAN, RD-SA-DefGAN improved the defense success rate by 5.0 percentage points to 9.1 percentage points on affected images in CIFAR10 dataset, with the disturbance threshold ranged from 0.015 to 0.070. |
| [21] |
|
| [22] |
|
| [23] |
In reinforcement learning, importance sampling is a widely used method for evaluating an expectation under the distribution of data of one policy when the data has in fact been generated by a different policy. Importance sampling requires computing the likelihood ratio between the action probabilities of a target policy and those of the data-producing behavior policy. In this article, we study importance sampling where the behavior policy action probabilities are replaced by their maximum likelihood estimate of these probabilities under the observed data. We show this general technique reduces variance due to sampling error in Monte Carlo style estimators. We introduce two novel estimators that use this technique to estimate expected values that arise in the RL literature. We find that these general estimators reduce the variance of Monte Carlo sampling methods, leading to faster learning for policy gradient algorithms and more accurate off-policy policy evaluation. We also provide theoretical analysis showing that our new estimators are consistent and have asymptotically lower variance than Monte Carlo estimators.
|
| [24] |
|
| [25] |
张海洋, 张斌. 结合堆栈自编码器和FSVM的入侵检测方法[J]. 桂林电子科技大学学报, 2024, 44(6): 621-627.
|
| [26] |
何俊鹏, 罗蕾, 肖堃, 等. 基于特征值分布和人工智能的网络入侵检测系统的研究与实现[J]. 计算机应用研究, 2021, 38(9): 2746-2751.
|
| [27] |
|
| [28] |
|
| [29] |
|
| [30] |
|
利益冲突声明(Conflict of Interests) 所有作者声明不存在利益冲突。
AI小编
/
| 〈 |
|
〉 |
AI 导读
