基于事件触发的微网分布式经济调度策略

针对传统微网系统分布式控制中通讯负荷重和有功功率经济分配问题,文中提出了一种基于事件触发的有功功率控制策略.各分布式电源在传统一致性算法的基础上采用事件触发方式,有效地减轻了通讯负担.各分布式电源通过事件触发控制器与邻居通信并相互交换有功功率信息,经事件触发控制算法得到最优有功功率值,实现成本最小化下功率经济分配.最后...     

基于事件触发的微网分布式经济调度策略

针对传统微网系统分布式控制中通讯负荷重和有功功率经济分配问题,文中提出了一种基于事件触发的有功功率控制策略。各分布式电源在传统一致性算法的基础上采用事件触发方式,有效地减轻了通讯负担。各分布式电源通过事件触发控制器与邻居通信并相互交换有功功率信息,经事件触发控制算法得到最优有功功率值,实现成本最小化下功率经济分配。最后通过MATLAB/Simulink平台搭建微网系统模型,仿真验证了控制策略的有效性。     

含风电的多区域互联电力系统负荷频率控制

针对含风电的互联电力系统运用粒子群优化的滑模变控制(PSOSMC)算法进行负荷频率控制,风力发电作为负的负荷与常规火电机组和水电机组都参与到负荷频率控制中。PSOSMC控制火电和水电状态变量,维持各项参数的稳定。对常规粒子群算法进行改进,并用改进的粒子群算法优化滑模变结构控制算法中不确定参数的设计。同时,考虑电力系统的非线性问题,以四区域互联电力系统为例,在系统存在阶跃负荷扰动的情况下,验证了滑模变结构方法和改进的粒子群算法的有效性。     

基于TTP可靠通信的电机监控系统

针对一般单通道通信系统存在信道堵塞和通信失败后仍继续工作造成的系统可靠性低的问题,设计一种基于TTP通信的三节点控制通信模型,采用双通道冗余传输,主要目的是防止数据堆积冲突、因通道损坏导致的数据丢失问题。将LabVIEW作为系统的上位机开发平台,对电机进行监测和控制。STM32作为系统的控制器,各节点之间的信息交换通过基于时间触发的通信系统完成,排除了事件触发的资源共享冲突问题,为系统提供了良好的安全性保证机制,使系统的可靠性和实时性得到保障。     

基于事件触发和量化的非线性系统稳定性研究

针对非线性系统的数据采样稳定性问题,文中设计了基于事件触发机制和数据量化机制的神经网络控制器。采样器时刻监测非线性系统,采样信号经事件触发机制检测,满足阈值后由量化器量化传入控制器,经所设计的控制器输出反馈给非线性系统。为降低系统保守性,选取了新颖的分段Lyapunov-Krasovskii泛函,针对系统中所包含的传输时滞,采用时滞分析法将同步控制器求解问题转化为所对应时滞系统的稳定性问题,并结合Jensen不等式,给出了非线性系统稳定性条件。最后通过数值仿真验证了所提出方法的有效性。     

有向通信拓扑下基于分布式触发控制的微电网二次控制方法

为实现微电网的灵活运行,分布式协同控制技术以其良好的灵活性、可靠性和可扩展性常被用于管控分布式可再生能源。然而,传统基于时间触发的分布式控制策略极大地浪费了分布式电源本地控制器的通信资源,降低了系统运行效率。基于此,该文提出了有向通信拓扑下基于分布式触发控制的微电网2次控制方法。通过为有功功率分配控制设计有向通信拓扑下的分布式触发机制以及为频率恢复设计本地控制器,在实现微电网2次控制目标的同时降低了系统对通信资源的需求。理论证明表明了所设计控制方法不存在芝诺现象。仿真实验结果表明了所提出的频率2次控制方法的有效性和优越性。     

事件触发下的多无人机时变编队控制

针对二阶多无人机系统时变编队控制问题,借助事件触发函数,设计了一致性分布式控制器,使其形成时变编队。结合Laplacian矩阵的特殊性质,对其分解,将编队问题化简为低阶系统渐近稳定性问题。给出控制器设计算法,利用线性矩阵不等式(LMI)和Lyapunov函数证明了在给定事件触发函数下算法的有效性,并证明了所给事件触发函数时间序列不存在Zeno现象。对多无人机系统的运动在三维空间进行仿真,结果表明无人机在所设计的控制器作用下形成期望的时变编队,有效地节约了通信带宽和计算资源。     

面向网络攻击和隐私保护的多智能体系统分布式共识算法

为解决网络攻击与信息窃听环境下的多智能体系统分布式共识问题，提出一种能有效抵御网络拒绝服务（Do S）攻击和保护节点状态隐私的平均共识算法。首先，结合网络化控制系统中DoS攻击的特性，构建与时间相关的周期性Do S攻击模型。其次，利用邻居节点间的信息交互给出一种基于差分隐私的分布式网络节点信息处理机制，并将其引入平均共识算法。再次，结合事件触发机制，提出一种适用于DoS攻击下无向通信网络的分布式共识算法，并分别对其收敛性和隐私保护性能进行了严格的数学分析。最后，通过数值仿真实验和硬件实验验证了所提算法的有效性。     

TD-SCDMA集群通信系统负荷控制算法研究

文章目的是研究适合于TD-SCDMA集群通信系统的负荷控制算法。文章研究了TD-SCDMA集群通信系统负荷控制原理,研究了TD-SCDMA集群通信系统下行负荷估计方法,提出了一种基于AMR语音速率的负荷控制算法,仿真了不同过载门限情况下算法的触发概率以及采用和不采用负荷控制算法时群组的Eb/N0。结论是采用文中提出的负...     

基于ICA的电力系统稳定器系统设计

传统电力系统稳定器由于缺乏协调功能,使得其控制能力较弱,难以在互联电力系统中得到有效应用。为提升电力系统稳定器整定与控制功能的性能,文中设计分数阶PID控制器进行反馈控制,开发基于帝国竞争算法电力系统稳定器系统,并在励磁控制系统中对所设计的系统性能进行验证。仿真结果表明,基于ICA的电力系统稳定器系统能够较好地对电力系统的低频振荡进行抑制;同时,对目标进行控制时具有较好的灵敏度,控制低频振荡的控制效果与鲁棒性良好。     

SDN跨层回环攻击的检测与防御

软件定义网络（Software Define Network,SDN）将控制层和数据层进行分离,给网络带来灵活性、开放性以及可编程性.然而,分离引入了新的网络安全问题.我们发现通过构造特定规则可以构造跨层回环攻击,使得数据包在控制器和交换机之间不断循环转发.跨层回环会造成控制器拥塞,并导致控制器无法正常工作.现有的策略一致性检测方案并不能检测跨层回环攻击.为此,本文提出了一种实时检测和防御跨层回环的方法.通过构造基于Packet-out的转发图分析规则路径,从而快速检测和防御回环.我们在开源控制器Floodlight上实现了我们提出的回环检测和防御方案,并在Mininet仿真器上对其性能进行了评估,结果表明本方案能够实时检测并有效防御跨层回环攻击.     

离散时滞随机系统的一种均方有界事件驱动控制策略

针对状态时滞随机系统,应用事件驱动近似二次性能指标和随机均方有界理论,同时考虑控制输入和事件决策,设计了反馈控制器和相应的事件驱动控制策略.基于状态反馈的事件驱动策略同时使用当前状态和时滞状态进行事件的触发,并利用近似二次性能指标进行约束;基于输出反馈的事件驱动策略使用当前状态进行事件的触发.最后,通过实验进行了仿真,对事件驱动性能指标进行量化,并与相关文献进行对比,验证了所提出方案可以在保证系统性能的前提下有效减少通信传输,延长无线传感网络的使用寿命.     

Impact of Denial of Service Attacks on Ad Hoc Networks

Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? In this paper, we design and study DoS attacks in order to assess the damage that difficult-to-detect attackers can cause. The first attack we study, called the JellyFish attack, is targeted against closed-loop flows such as TCP; although protocol compliant, it has devastating effects. The second is the Black Hole attack, which has effects similar to the JellyFish, but on open-loop flows. We quantify via simulations and analytical modeling the scalability of DoS attacks as a function of key performance parameters such as mobility, system size, node density, and counter-DoS strategy. One perhaps surprising result is that such DoS attacks can increase the capacity of ad hoc networks, as they starve multi-hop flows and only allow one-hop communication, a capacity-maximizing, yet clearly undesirable situation.      

Denial of service detection using dynamic time warping

With the rapid growth of security threats in computer networks, the need for developing efficient security-warning systems is substantially increasing. Distributed denial-of-service (DDoS) and DoS attacks are still among the most effective and dreadful attacks that require robust detection. In this work, we propose a new method to detect TCP DoS/DDoS attacks. Since analyzing network traffic is a promising approach, our proposed method utilizes network traffic by decomposing the TCP traffic into control and data planes and exploiting the dynamic time warping (DTW) algorithm for aligning these two planes with respect to the minimum Euclidean distance. By demonstrating that the distance between the control and data planes is considerably small for benign traffic, we exploit this characteristic for detecting attacks as outliers. An adaptive thresholding scheme is implemented by adjusting the value of the threshold in accordance with the local statistics of the median absolute deviation (MAD) of the distances between the two planes. We demonstrate the efficacy of the proposed method for detecting DoS/DDoS attacks by analyzing traffic data obtained from publicly available datasets.     

基于Gnutella协议的P2P网络中DoS攻击防御机制研究

对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析，通过设置攻击容忍度和防御起点，提出了一种简单的基于特征的DoS攻击防御策略，运用基于贝叶斯推理的异常检测方法发现攻击．使系统能根据DoS攻击的强弱，自适应调整防御机制，维持网络的服务性能。仿真结果表明，本文提出的防御策略能有效防御恶意节点对网络发动的DoS攻击，使网络服务的有效性达到98％，正常请求包被丢弃的平均概率为1．83％，预防机制平均时间开销仅占网络总开销的6．5％。     

基于Gnutella协议的P2P网络中DoS攻击防御机制

对基于Gnutella协议的P2P计算网络实施DoS攻击的特征进行了详细分析,通过设置攻击容忍度和防御起点,提出了一种简单的基于特征的DoS攻击防御策略,运用基于贝叶斯推理的异常检测方法发现攻击,使系统能根据DoS攻击的强弱,自适应调整防御机制,维持网络的服务性能.仿真结果表明,本文提出的防御策略能有效的防御恶意节点对网络发动的DoS攻击,使网络服务的有效性达到98%,正常请求包被丢弃的平均概率为1.83%,预防机制平均时间开销仅占网络总开销的6.5%.     

Denial of service attacks on network-based control systems: impact and mitigation

Replacing specialized industrial networks with the Internet is a growing trend in industrial informatics, where packets are used to transmit feedback and control signals between a plant and a controller. Today, denial of service (DoS) attacks cause significant disruptions to the Internet, which will threaten the operation of network-based control systems (NBCS). In this paper, we propose two queueing models to simulate the stochastic process of packet delay jitter and loss under DoS attacks. The motivation is to quantitatively investigate how these attacks degrade the performance of NBCS. The example control system consists of a proportional integral controller, a second-order plant, and two one-way delay vectors induced by attacks. The simulation results indicate that Model I attack (local network DoS attack) impairs the performance because a large number of NBCS packets are lost. Model II attack (nonlocal network DoS attack) deteriorates the performance or even destabilizes the system. In this case, the traffic for NBCS exhibits strong autocorrelation of delay jitter and packet loss. Mitigating measures based on packet filtering are discussed and shown to be capable of ameliorating the performance degradation.     

Design and analysis of a denial-of-service-resistant quality-of-service signaling protocol for MANETs

Quality-of-service (QoS) signaling protocols for mobile ad hoc networks (MANETs) are highly vulnerable to attacks. In particular, a class of denial-of-service (DoS) attacks can severely cripple network performance with relatively little effort expended by the attacker. A distributed QoS signaling protocol that is resistant to a class of DoS attacks on signaling is proposed. The signaling protocol provides QoS for real-time traffic and employs mechanisms at the medium access control (MAC) layer, which serve to avoid potential attacks on network resource usage. The key MAC layer mechanisms that provide support for the QoS signaling scheme include sensing of available bandwidth, traffic policing, and rate monitoring, all of which are performed in a distributed manner by the mobile nodes. The proposed signaling scheme achieves a compromise between signaling protocols that require the maintenance of per-flow state and those that are completely stateless. The signaling scheme scales gracefully in terms of the number of nodes and/or traffic flows in the MANET. The authors analyze the security properties of the protocol and present simulation results to demonstrate its resistance to DoS attacks.     

TPAAD: Two-phase authentication system for denial of service attack detection and mitigation using machine learning in software-defined network

Software-defined networking (SDN) has received considerable attention and adoption owing to its inherent advantages, such as enhanced scalability, increased adaptability, and the ability to exercise centralized control. However, the control plane of the system is vulnerable to denial-of-service (DoS) attacks, which are a primary focus for attackers. These attacks have the potential to result in substantial delays and packet loss. In this study, we present a novel system called Two-Phase Authentication for Attack Detection that aims to enhance the security of SDN by mitigating DoS attacks. The methodology utilized in our study involves the implementation of packet filtration and machine learning classification techniques, which are subsequently followed by the targeted restriction of malevolent network traffic. Instead of completely deactivating the host, the emphasis lies on preventing harmful communication. Support vector machine and K-nearest neighbours algorithms were utilized for efficient detection on the CICDoS 2017 dataset. The deployed model was utilized within an environment designed for the identification of threats in SDN. Based on the observations of the banned queue, our system allows a host to reconnect when it is no longer contributing to malicious traffic. The experiments were run on a VMware Ubuntu, and an SDN environment was created using Mininet and the RYU controller. The results of the tests demonstrated enhanced performance in various aspects, including the reduction of false positives, the minimization of central processing unit utilization and control channel bandwidth consumption, the improvement of packet delivery ratio, and the decrease in the number of flow requests submitted to the controller. These results confirm that our Two-Phase Authentication for Attack Detection architecture identifies and mitigates SDN DoS attacks with low overhead.