Research on Attack Identification Method and Device Method Based on Random Forest Algorithm

Because the energy storage system has the function of stabilizing the voltage and frequency of the grid, when the energy storage system is connected to the grid, it is necessary to obtain its operating status information in a timely and accurate manner. The operating status data of the energy storage system is uploaded to the higher-level dispatch center via the energy storage coordination control device. However, with the intelligence and informationization of the power grid, various cyber attack methods have emerged endlessly. There are various security risks in the way of information interaction based on the network. Attackers can analyze the communication protocols within them, or implement Eavesdropping attacks, Dos attacks, and tampering with sensitive data, etc., causing the energy storage coordination control device to obtain the wrong data sent by the dispatch center. The wrong data causes the energy storage system to output the wrong power, which may have the opposite effect when adjusting the voltage and frequency of the power grid, causing an imbalance in the voltage and frequency of the power grid, resulting in great economic losses, and even causing casualties due to equipment failure. Attackers can also gradually invade the upper-level dispatch center by using the energy storage coordination control device as a springboard. In view of the above problems, this paper uses a random forest-based network attack detection module is used to make real-time judgments on all data flows of the energy storage coordination control device. That is, when the energy storage coordination control device is subjected to a network attack, all data flows of the energy storage coordination control device pass a trained random forest attack detection model, thereby implementing attack detection on real-time data flows.