Power system topological node tamper detection method based on fuzzy graph theory

Power system involves a large number of nodes and lines, and the topology is very complex. In such a complex network, node tamper detection needs to consider a variety of combinations and connection modes, which increases the complexity of the problem. Therefore, a new method of topological node tamper detection based on fuzzy graph theory is proposed. The feature difference values of topological nodes are extracted according to the node tampering feature vector. Detection of topological node similarity based on fuzzy graph-neural network. Based on this, the cost function of topological node tampering is established to obtain the Bayesian estimate of the tampering coefficient of the topological node transmission channel, and the detection of topological node tampering is completed. The experimental results show that the application time of the research method is shorter, the detection of power node tampering behavior is more comprehensive, and the tampering success rate is higher.


Introduction
The power system is one of the important infrastructures in modern society, and its stable operation is of vital significance for power supply, production and life [1].However, in some incidents at home and abroad, topological nodes of the power system are attacked, manipulated or tampered with.These malicious actions can lead to power system failure, paralysis or even catastrophic results, causing serious social and economic impact.Based on the concern and demand for the safety and reliability of power systems, it is very necessary to detect the tampering of topological nodes of power systems.As the scale of the power system increases, we also face greater pressure for security.The innovation of information technology has brought a lot of convenience to the system, but it also provides more opportunities for potential attackers.Therefore, we must continuously strengthen the security of the power system to counter these threats.Therefore, proactive measures are needed to continuously improve the safety of the power system.This includes strengthening network monitoring, implementing efficient intrusion detection and protection mechanisms, and enhancing data privacy protection.Only through effective measures and technical means can we ensure the safe operation of the power system and protect the interests of users [2][3].Therefore, in order to ensure the safe operation of the power system, preventing and detecting the tampering of topological nodes becomes an urgent problem.The goal of studying the tampering detection method of topological nodes in a power system is to provide an efficient, accurate and automated monitoring means to detect and correct tampering and abnormal behaviors of nodes in a power system [4].These methods adopt a data-driven approach to identify abnormal patterns and rules by modeling and analyzing historical data and real-time data, so as to realize the evaluation and early warning of topological node security.
An improved PageRank algorithm based system key node identification method was proposed [5].Using the Jacobian matrix, the sensitivity equations of voltage and phase Angle in the power system are reconstructed and modified.The first-order Markov chain is introduced, and the algorithm is improved to calculate the weight of power nodes and complete the detection and recognition of nodes.However, the improved PageRank algorithm needs to calculate the weight transfer and iterative calculation process between nodes, which involves a lot of matrix operations and graph traversal operations, resulting in high computational complexity.This may limit the real-time performance and efficiency of the algorithm in large-scale power systems.The identification method of power critical nodes is proposed considering the state of the power system [6].The power flow tracking technology is used to construct the node-link strength index, and the power-weighted graph of power flow is obtained according to the index to realize the identification of power nodes.However, the power flow tracking technology needs to simulate the current flow and power distribution in the power system through numerical calculation.This involves a lot of complex calculations and takes a long time, especially when involving large-scale power systems or high-precision solutions.
Therefore, a new method of topological node tamper detection based on fuzzy graph theory is proposed.This method shows several advantages in the experimental results.The application time of the method is shorter, which means that the node tamper detection of large-scale power systems can be carried out more efficiently, and the feasibility and efficiency of practical application are improved.This method can detect the tampering behavior of power nodes more comprehensively.By comprehensively considering the relationship and feature differences between topological nodes, small changes can be captured and the error rate can be reduced, which improves the accuracy and reliability of detection.This method has a higher tampering success rate.By establishing the cost function of topological node tampering and combining it with Bayesian estimation, the possibility of node tampering can be evaluated more accurately, which is helpful in discovering and dealing with security threats in time, and enhancing the security and reliability of the power system.

Feature difference value extraction of topological nodes
Extracting the feature difference values of topological nodes is the basis of detecting the similarity of topological nodes, because the degree of dissimilarity between different nodes can be quantified and measured by comparing the feature difference values, and the similarity of nodes can be evaluated accordingly.By calculating the feature difference values between different nodes, the similarity metric between nodes can be obtained [7].If the feature difference value is small, it means that the similarity between nodes is high.Otherwise, the similarity is low.By setting a specific threshold, node similarity can be judged and classified for further analysis and processing.
For a few sparse nodes, the node integration method is used to ensure coverage.The power feature vector is called A, and the relative phase offset feature vector is called B. By synthesizing the features of each node's output, we can use the following representation to describe the comprehensive feature vector of the node's output.When considering the overall performance of the node, the power eigenvector ( ) A t and the relative phase offset eigenvector ( ) B t are integrated.By weighting and combining these features, a new synthetic feature vector ( ) t ℑ is obtained.The synthetic feature vector reflects the aggregation of output information from multiple nodes to describe the features of the system more comprehensively and accurately.The node integration method can improve the node coverage in feature extraction and optimize the performance of the system.

( ) ( )
where t represents the feature duration.

ICEEPS-2023 Journal of Physics: Conference Series 2728 (2024) 012077
The calculation results of the grid distributed feature extraction model based on topological node tamper detection show that, after the design, we need to arrange topological node tamper detection nodes, and use Formula (2) to calculate the activity of nodes.
Based on the research, combining topological node tamper detection and grid distributed feature extraction model, we can determine how to arrange topological node tamper detection nodes according to the calculation results.In order to accurately measure the activity of nodes and consider more factors, a new Formula ( 2) is proposed, which can evaluate the activity of nodes more comprehensively.In this way, the strategy of node placement can be optimized to further strengthen the security and stability of the system.
( ) ( ) where ( ) t ℜ represents the activity of the node at t time; T is the calculation period of activity; χ represents the activity coefficient.
Due to the influence of the network environment in the process of node tampering detection, there is inevitable noise interference.The main reasons are: ① Unreliability of signal transmission: In a real communication environment, signal transmission between nodes may be affected by noise, interference, or attenuation.These interference sources may include electromagnetic radiation, interference with power equipment, deterioration of transmission media, etc.These factors will affect the quality of the signal, resulting in error or distortion.
② Errors in data processing and transmission: The processing and transmission of node signals may also introduce some errors.This can be caused by signal sampling, data encoding and decoding, transmission delay and so on.Even under ideal conditions, data synchronization and integrity between individual nodes can be subject to minor errors or offsets.
③ Node characteristics and environmental changes: Nodes may introduce some interference due to their own characteristics or changes in the environment.For example, factors, such as hardware failure or software failure of a node, power fluctuations, temperature changes, small shifts in physical position, etc., can have an impact on the output of a node, thereby introducing noise interference.
Because of the existence of these noise interferences, the node tamper detection system may be affected in signal processing and feature extraction.Therefore, when designing the node tamper detection algorithm or system, it is necessary to take these noise disturbances into account, and take corresponding methods to reduce their impact on the detection results, so as to improve the accuracy and reliability of the system.
It is assumed that the noise interference in the detection process is ( ) h t , and then the output topological node tampering feature vector is: where 0 t represents the delay of feature vector extraction.
Since there may be repeated detection nodes and redundant nodes in the detection process, the output feature vector is further optimized based on the above feature vector extraction results.The optimization process is as follows: ( ) ( ) where R represents the mutual information entropy of topological nodes The extracted feature difference values are shown in Figure 1.

Topological node similarity detection based on fuzzy graph-neural network
Before detecting the tampering of topological nodes in the power system, it is necessary to detect the similarity of topological nodes in order to ensure the security and reliability of the power system.In a power system, topological nodes represent individual wiring points or switching points in a power network.The correctness of topological nodes is very important for the operation and management of a power system.However, in the case of malicious attacks or deliberate manipulation, topological nodes may be tampered with, resulting in grid failure, paralysis or security risks.Therefore, before any operation, the similarity detection of topological nodes can effectively ensure the stability and reliability of the power system.Fuzzy graph theory is an extension of graph theory based on fuzzy mathematics, which plays an important role in dealing with uncertainty and fuzziness problems.Unlike traditional graph theory, fuzzy graph theory allows the relationships between nodes to be fuzzy and diverse [8].There are several reasons why fuzzy graph theory combined with neural networks can bring better application results.Firstly, neural networks have excellent performance when dealing with nonlinear, non-convex problems.It can be learned and trained to extract key features from input data and perform tasks such as pattern recognition and classification.Fuzzy graph theory provides a more flexible and adaptable framework for representing and dealing with uncertain and fuzzy information.By combining the two, we can better deal with the fuzzy problems that are prevalent in the real world and improve the accuracy of classification and decision making.Secondly, the combination of neural networks and fuzzy graph theory can also enhance the robustness and interpretability of the model.The power of a neural network is that it can automatically adjust the network parameters to different input data and is able to handle noise and change.Fuzzy graph theory can provide the ability to model and quantify the uncertainty, so that the model has better fault tolerance for incomplete and inaccurate data.In addition, by combining neural networks and fuzzy graph theory, the interpretability of the model can be improved, that is, by explaining the relationship between network outputs and inputs, making the decision-making process of the model more transparent and understandable.Finally, the combination of neural networks and fuzzy graph theory can extend the application range of the model.Neural networks have been successfully applied in many fields such as image processing, speech recognition and natural language processing.Fuzzy graph theory is also widely used in decision support systems, risk assessment, logistics optimization and so on.By combining the two, we can combine the powerful learning ability of neural networks with the ability of fuzzy graph theory to deal with uncertain problems, and expand the application of the model in more fields.The topology structure of the fuzzy graph neural network is shown in Figure 2 and the structure of topology node similarity detection module is shown in Figure 3:

Topological node Tamper Detection in the power system
Detecting the similarity of topology nodes can be achieved by comparing the difference between the expected topology and the actual topology.In this way, the operation and maintenance personnel or automated system can quickly detect and correct the tampering of topology nodes.Detecting the similarity of topological nodes can also help detect potential incorrect connections, disconnections, or data anomalies, thereby helping to detect node faults or errors early and avoiding further impact.
Based on the similarity detection results of the above topological nodes, the tamper detection of topological nodes is carried out in the power system environment according to the matching results of the above information.Referring to the node transmission signal of each branch of the topology node in the power system, O indicates the detected node transmission channel.When the fading state of the channel meets the transmission demand of the node, the cost function is determined by combining the monitoring value of the node and the mutual information entropy of the target node.The obtained cost function of topological node tampering is: where θ Δ represents the distribution feature vector of the tampered node in the topology node.
Based on the above calculation function, when the value of the topological node tampering cost function reaches 1, it indicates that the integrity of the node is damaged during the detection period and the node tampering event is confirmed.The system will immediately start the early warning mechanism, and send the corresponding tampering instructions to the central processing system, as well as relevant alarm information.Through this mechanism, it is possible to respond quickly and take the necessary actions to deal with hazards and security risks.In the case of node integrity damage, in addition to triggering the early warning mechanism, the system will also determine the transmission path and location of the tampered node by comparing the feature vector.By locating the tampered node, information transmission can be interrupted in time to prevent further data leakage or interference.In this way, the system can complete the comprehensive inspection process and ensure that the security of nodes and information is fully guaranteed.In order to further improve the security and adjustment ability of the system, the algorithm will be continuously optimized and other advanced security mechanisms will be introduced to continuously improve the anti-attack ability and accuracy of the system.Through these measures, we can better protect the stability of the network and the integrity of the data, and meet the challenges from a variety of potential threats.
By referring to the average measured value of tampered nodes of each detection node in the power system, the Bayesian estimate ( ) of the tampering coefficient of the transmission channel of topological nodes can be obtained as follows: The higher the Bayesian estimate is, the stronger the node tampering capability of the channel is.

Experimental Research
The public data source of this experiment is the power system dataset RTS-GMLC of the U.S. Department of Energy, which can provide real data on the power system and serve as the basis for verifying the experiment.The power IEEE33 node is selected as the test topology environment, and the specific structure is shown in Figure 4.In order to verify the effectiveness of the topological node tamper detection method proposed in this paper, the proposed method is compared with the power node detection method based on the improved PageRank algorithm proposed in [5] and the power node detection method based on comprehensive power flow tracking proposed in [6].The time-consuming test results of power node tampering detection by different methods are shown in Figure 5: As can be seen from Figure 5, the proposed method has a better time-consuming performance, because the method based on fuzzy graph theory in this paper can use fuzzy reasoning and fuzzy set theory to deal with imprecise and fuzzy data, reducing the calculation and processing that require high accuracy.Compared with traditional detection methods, this method can reduce the computational complexity and time consumption when dealing with large-scale and complex power system nodes.
Statistics are performed every 50 nodes, and the detection times of tampering by different methods are compared as shown in Table 1  Because the method in this paper extracts the feature difference values of topological nodes and uses fuzzy graph-neural network technology for similarity detection, the method can comprehensively consider the relationship and features between topological nodes, refine the comparison and discrimination of nodes, and realize the comprehensive detection of node tampering behavior.Compared with simple feature matching or traditional statistical methods, this method can better capture the small differences between nodes and improve the accuracy and reliability of detection.
The tampering success rate is calculated as follows: ICEEPS-2023 Journal of Physics: Conference Series 2728 (2024) 012077 where T is the success rate of tampering, M is the number of successful tampering, and F is the number of detected tampering attempts.The experimental results of the tampering success rate obtained are shown  2, the application success rate of the proposed method is higher than that of the comparison method.This is because the cost function of topological node tampering is established and the tampering coefficient of topological node transmission channel is obtained.This method can evaluate the possibility of node tampering by combining the specific cost weight and transmission channel characteristics.Such comprehensive evaluation can improve the success rate of detection and reduce false positives and missed positives.

Conclusion
In this paper, a method of topological node tamper detection based on fuzzy graph theory is proposed.By extracting the feature vector of node tampering and calculating the feature difference of topological nodes, the method uses fuzzy graph neural network technology to detect the similarity of topological nodes, establishes the cost function of topological node tampering, and obtains the Bayesian estimate of tampering coefficient of the transmission channel.Thus, rapid, comprehensive and high success rate detection of power system topological node tampering is realized.
The proposed method has broad research prospects.Future research can further analyze and optimize feature extraction and similarity calculation methods, introduce more deep learning techniques to process more complex power system data, and enhance the design of security mechanisms to address evolving security threats.In addition, the method can also be combined with other safety detection technologies to build a more comprehensive power system safety protection system and promote the sustainable development of intelligent power systems.

Figure 1 .
Figure 1.Extraction process of feature difference values.

Figure 5 .
Figure 5. Test results of detection time.

Table 1 .
below: Detection results of tampering behavior.

Table 2 below : Table 2 .
Detection results of tampering behavior.