A data-driven correlation analysis of cyberattack on coordinated source-network-load-storage control system

In the context of “generation-network-load-storage” coordination， energy system development presents the characteristics of frequent multi-party data interaction and multi-source data fusion. With the increasing access of terminals outside the security protection zone， the diversified development of external interfaces of the system brings challenges to the traditional border-centered network protection architecture. To guarantee the safety of the coordinated source-network-load-storage control system and identify cyberattacks effectively， a data-driven correlation analysis method of cyberattack anomaly is proposed. Firstly， the system log files are analyzed to establish the anomaly sequence. Secondly， the FP-Growth algorithm is used to generate the correlation rules between anomalies and cyberattack scenarios of the system. Finally， the gray correlation analysis （GRA） is used to realize the online matching of anomalies and cyberattack scenarios and establish a correlation analysis framework for the cyberatta