Research on risk prevention and control strategy of power grid CPS system based on intrusion tolerance

In this paper, an information-physical risk prevention and control framework based on intrusion tolerance technology is proposed, which is a multi-stage in-depth defense system for the risk interaction mechanism and evolution process in the power information-physical fusion system, the aim of this paper is to improve the survivability of the system under attack and minimize the loss caused by the risk through multi-phase defense strategy. At the same time, according to the phase characteristics of risk propagation in CPS, a safe operation state transition model considering intrusion tolerance is established. In order to contain the critical failure events in the risk evolution process of the information-physics fusion system, according to the risk development characteristics of the information-physics system under attack, this paper presents a self-organized critical state identification method, which integrates the characteristics of physical network power flow and information network traffic flow, in order to identify the critical nides that make CPS system enter the self-organized critical state under network attack. Finally, according to the characteristics of CPS dependent network structure and the self-organized critical characteristics of risk evolution, the protection strategies of strengthening the protection of key nodes, adjusting the coupling state of dependent edges and adding autonomous nodes are formulated, by considering the decision-making model of risk prevention and control strategy in the game of attack and defense, the current defense resources are reasonably allocated.


Introduction
The informatization of physical power grids not only improves the level of power automation, improves social production efficiency, and improves user experience, but also brings many hidden dangers to the security of smart grids, especially the cascading failures that alternately propagate between the information network and the physical power grid. Threaten the safe operation of the power system [1][2][3][4].
Literature [5] proposed a framework for panoramic security defense of large power grids driven by information with information flow control energy flow as the core, and described in detail the concepts, construction goals, etc., but did not elaborate on the formulation and selection of specific defense strategies. Literature [6] proposed a method of using game method to defend against malicious attacks, EEEP 2020 IOP Conf. Series: Earth and Environmental Science 675 (2021) 012156 IOP Publishing doi: 10.1088/1755-1315/675/1/012156 2 but due to the computational complexity of the algorithm, there is still a certain gap between its practicality. Literature [7] uses countermeasure theory to construct a defense model under the condition that the accident status information of each stage of the grid cascading failure cannot be accurately obtained. Because the information-physical fusion system may lose the monitoring of a certain stage or a certain part of information under a network attack, it has certain reference value for the security defense of CPS. Literature [8] proposed a fraudulent data defense model for power system state estimation based on historical database. From the perspective of state estimation, the countermeasures against false data injection attacks are discussed.
However, the above documents mostly focus solely on the discussion of the defense strategy on the information side or the physical side before the risk occurs. The cross-space risk prevention and control for the actual power grid information-physical system is not completely applicable, because there is no perfect defense system. To withstand the ever-changing cyber attacks, it is urgent to propose a risk prevention and control system that can effectively improve the survivability of the power CPS system under cyber attacks.

Analysis of self-organized critical state of power information-physical fusion system
Since the power grid CPS system is an extensive dissipative system, such a system will gradually evolve to a self-organized critical state. Self-organized criticality means that the formation of this state is mainly caused by the interaction between the internal organizations of the system, rather than being controlled or dominated by any external factors [9]. When a self-organizing system is in a critical state, small local changes can be continuously amplified and extended to the entire system. In a critical state, the relationship between the magnitude of the impact of events in the system and its frequency is a power function relationship, which is its most significant feature [10].
The imbalance of the physical network is measured by the power flow entropy. The calculation method of the power flow entropy is as follows: Define the load rate of the line: Then k  is the probability that the physical side line is in the interval of different load rates.
The formula for calculating the power flow entropy of the physical network is as follows: The imbalance of the information-side network is measured by the entropy of the information service flow, where the service flow is the flow of communication services between the centers of two information nodes.
Define the bandwidth utilization rate of the communication line per unit time as: , and the ratio of the number of information line service flows at   1 , k k V V  to the number of all information side network lines is: Then k  is the probability that the information line is in different bandwidth utilization intervals.
Similarly, the formula for calculating the entropy value of the service flow of the information side network in the above formula is as follows: Drawing lessons from the concept of joint source in information theory, the unbalanced situation of the information side and the physical side is combined to construct a joint source of informationphysical system.
The separate probability distributions of information and physical sources are as follows: Convert it into a joint source: Further transformed into the following formula: In the above formula, X refers to the power flow load rate on the physical side,   P X is the probability of being in the load interval, that is, k  ; Y refers to the bandwidth utilization rate of the service flow on the information side, and   P Y load rate is the bandwidth utilization rate. The probability is k  .
Finally, the calculation formula of the joint entropy that characterizes the CPS fusion system is as follows:

Key node protection strategy
The key node protection strategy is based on the analysis of game theory, through strengthening the security management measures to increase the use of information equipment to reduce the failure probability of information nodes after being attacked. This section proposes a key node protection strategy that considers the structural characteristics of the node and the importance of the node in the self-organized critical state, and can be selected according to the attack strategy of the network attacker. Comprehensively considering the role of nodes in the critical state of the system, the critical indicators of the current CPS system nodes are as follows: 1 2 (11) Among them, 1  and 2  are the vulnerability weight of the node and the critical weight of the node in the self-organized critical state, respectively. The weight can be dynamically assigned according to the network attack mode and strategy.
The calculation formula for the protection ratio of key nodes is as follows: Among them, n  is the number of nodes with additional protection measures; sum n is the number of nodes in the network.

Risk prevention and control strategy decision-making model considering offensive and defensive games
The game process between the cyber attacker and the risk defender is as follows: Based on the state determined by the power grid CPS security state transition model based on the principle of intrusion tolerance, the state set of the system is set to Define the elements of the attacker: Construct that when the attacker is in the system state i S , the attacker's strategy set is: where G   means that the attacker does not initiate an attack.
When the attacker's system state is at i S , the revenue collection of the attack behavior is: Defining the elements of the defender: The defense strategy set of the defender when the system state is i S is: where i F   means that the defender does not adopt any defense strategy.
When the defender's system status is i S , the defender's revenue collection is The above profit of the attacker and the defender is calculated using the load loss of the power information-physical fusion system. When the system is in state i S , the profit of the game between the cyber attacker and the power CPS operation defender is as follows: Attacker's revenue matrix: The matrix element A xy r represents: when the attacker selects strategy A x g and the defender selects strategy D y f , the attacker's revenue. x is the row index, y is the column index, and 0 , x y n   .
Defender's income matrix: The matrix element D yx l represents: the defender selects strategy D y f , and the attacker selects strategy A x g , the defender's income. y is the row index, x is the column index, and 0 , x y n   . Since the game process between the offense and defense is a non-cooperative zero-sum game, therefore: Then the system is a game state element in the game process between the two parties in the i S state: Element xy e in E is the follow-up benefit of the attacker after the system's operating state changes: x y P g f is the probability that the power information-physical fusion system will transfer from the i S state to the j S state under the risk caused by the network attack, and Then the attacker's expected revenue from the action strategy is: In the same way, the expected action strategy benefits of the defender can be obtained as: The strategy that satisfies the following formula can achieve the Nash equilibrium in the current state of the system.
The defense goal of the defender is to maximize its own revenue while minimizing the attacker's revenue, namely: The attacker's goal is to maximize its own revenue while minimizing the defense's revenue, namely: The strategy determined by the above formula is the optimal strategy A i  and D i  for both offense and defense.

Case analysis
In order to verify that the aforementioned strategy can effectively improve the power CPS system's intrusion tolerance performance under network attacks, this article uses the initial one-to-one coupling method to connect 3 machines and 9-node systems to simulate the implementation of the defense strategy described in this article. After the system is attacked Survivability changes.
First, use the method described in this article to analyze the criticality of the current system nodes and arrange them in descending order. The top 5 critical nodes are shown in Table 1: Therefore, the above methods can effectively improve the survivability of the system under network attacks. The following simulation considers the defense resource allocation process of the offensive and defensive game: The attack scenario is based on the IEEE-57 node system. According to the process described in this article, the game process between the network attacker and the power grid defender is simulated. The system is in an initial normal operating state. The known data of the attacker and the defender are as follows: See in