A data-driven approach to anomaly detection and vulnerability dynamic analysis for large-scale integrated energy systems

•A model-free data-driven method is proposed for vulnerability analysis.•An integrated anomalies detection method is proposed for complex IES.•A novel relationship mining method is developed for anomalies in IES.•Complex network based on data is used to model the relationship among anomalies.•A method is proposed to identify system vulnerability by bottleneck analysis. In an integrated energy system (IES), the operating state of each energy subsystem changes relatively frequently, which can seriously threaten the security of IES operation. A systematic data-driven approach is proposed for detecting anomalies and analyzing the dynamics of IES vulnerability. Firstly, an anomaly detection method is introduced to determine whether there are anomalies in the system operation. The method can be set up even if the data labels for discriminating the anomalies are unknown, often the cause in practice. Secondly, a method of complex network phase theory is proposed to model information propagation among IES nodes representative of the IES physical entities. Complex network models can then be constructed to describe the system behavior in different operating conditions and over different time horizons. The degree centrality, betweenness centrality, and closeness centrality are used as indications to analyze changes in IES vulnerability. Finally, a method is proposed to identify the critical points of the IES from the point of view of its vulnerability. The new approach is applied to analyze the vulnerability of an IES in Spain. The results show that the proposed methods allow revealing system anomalies, vulnerability and weaknesses. Outcomes from an analysis by these methods can be used by managers to take defensive measures in advance for preventing and mitigating the impact of potential factors and threats on the IES.