Security Risk Assessment of Cyber Physical Power System Based on Rough Set and Gene Expression Programming

Song Deng,Dong Yue,Xiong Fu,and Aihua Zhou

Security Risk Assessment of Cyber Physical Power System Based on Rough Set and Gene Expression Programming

Song Deng,Dong Yue,Xiong Fu,and Aihua Zhou

—Risk assessment is essential for the safe and reliable operation of cyber physical power system.Traditional security risk assessment methods do not take integration of cyber system and physical system of power grid into account.In order to solve this problem,security risk assessment algorithm of cyber physical power system based on rough set and gene expression programming is proposed.Firstly,fast attribution reduction based on binary search algorithm is presented.Secondly,security risk assessment function for cyber physical power system is mined based on gene expression programming.Lastly,security risk levels of cyber physical power system are predicted and analyzed by the above function model.Experimental results show that security risk assessment function model based on the proposed algorithm has high efficiency of function mining,accuracy of security risk level prediction and strong practicality.

Index Terms—Gene expression programming,function mining, security risk assessment,cyber physical power system.

I.INTRODUCTION

With the increasingly widespread application of information and communication technology,smart grid has gradually evolved into cyber physical system of deep integration between information space and physical space[1-3].

Because information system affects operation and control of physical system,all kinds of existing information systems with security risks will naturally be introduced into the physical systems.These security risks and vulnerabilities greatly increase the probability of intrusions and attacks on physical power systems from Internet[4-8].Reference[4]presents a security-oriented stochastic risk management technique,which can calculate cyber-physical security indices to measure the security level of the underlying cyber-physical setting.Reference [5-8]analyzed all kinds of attacks on power physical systems, designed countermeasures for simultaneous intrusions,modelbased attack and other network attacks(e.g.,Dos,DDos, replay attack etc).Traditional power outage is caused when safety and reliability of physical systems are destroyed.However,with the increase of complexity in smart grid,all kinds of techniques which attack physical systems through security vulnerabilities of information systems have also increased. Due to dependence of physical power system on information system and control system,vulnerability of control network and complexity of power grid,local and small disturbances of control system by network intrusion attacks can cause collapse of physical systems.Finally,a large area of blackout will be produced.The significant potential security hazard of cyber physical power system(CPPS)is that security of information space will inevitably affect security of physical space so as to form a chain reaction,and eventually lead to the collapse of the physical space[9].Iran’s“Stuxnet”virus crossed the border of information and physical space and led to serious consequences.So,the rapid development of information and communication technology not only improves control capability of power grid,but also gives physical systems to lay security hazards.Timely detection and assessment of various security risks for CPPS is essential for the effective control and solution of security risks in CPPS.

Song Deng and Dong Yue are with the Research Institute of Advanced Technology,Nanjing University of Post and Telecommunications,Nanjing 210003,China(e-mail:dengsong@njupt.edu.cn;medongy@vip.163.com).

Xiong Fu is with the School of Computer Science and Technology,Nanjing University of Post and Telecommunications,Nanjing 210003,China(e-mail: xfux@njupt.edu.cn).

Aihua Zhou is with the State Grid Smart Grid Research Institute,Beijing 102209,China(e-mail:zhouaihua@spri.sgcc.com.cn).

Risk assessment[10]is probability estimation of risks that threats and vulnerabilities cause.In recent years,risk assessment has been widely applied to many aspects of the power system[11-14].But security risk assessment for cyber physical power system is also unusual.

However,complexity and dynamic change of CPPS cause the uncertainty of risk assessment.The unsuitable risk assessment methods will greatly affect accuracy of risk assessment. Traditional assessment methods include qualitative assessment,quantitative assessment and the integration of qualitative and quantitative assessment[10].Due to the complexity,nonlinearity and uncertainty of security risk assessment, these assessment methods have some limitations,subjective arbitrariness and fuzziness.The operation of these methods is more complex and lack of ability of self-learning.So,manymethods based on artificial intelligence and machine learning are introduced into security risk assessment.Reference [15]proposed intelligent information security risk assessment based on a decision tree algorithm.Reference[16]presents risk assessment of information security based on improved wavelet neural network.Information security risk assessment based on grey-analytic network process(G-ANP)was proposed in[17].Reference[18]applied fuzzy expert system to information security risk assessment for an attendance system.Because of more security risk elements in CPPS,these methods are easy to lead to high computational load,low accuracy and complex operation of security risk assessment. The essential work in the process of security risk assessment is the construction of the risk level classification model. However,these methods can only be used to divide the risk level,which leads to the difficulty in solving the classification function model linkingrisk level and security risk factors.

In order to better solve these problems,combining with attribution reduction and function mining,security risk assessment of cyber physical power system based on rough set and gene expression programming(SRACPPS-RGEP)is proposed in this paper.

This paper makes the following contributions:1)it presents fast attribution reduction based on binary search algorithm; 2)it proposes SRACPPS-RGEP and 3)it describes simulated experiments that have been done and provides performance analysis results.

The content of this paper is organized as follows.Section II provides fast attribution reduction based on binary search algorithm.Section III introduces SRACPPS-RGEP.Section IV represents experiments and analysis.Finally,conclusions are given in Section V.

II.FAST ATTRIBUTION REDUCTION BASED ON BINARY SEARCH ALGORITHM

A.Security Risk Element of CPPS

For security risk assessment of CPPS,the first thing to do is to analyze security risks of information and physical systems. For the physical systems,[1,19]noted that security risks include matching degree of local power supply,natural disasters, load changes of zone,transmission line fault,supply reliability of zone,small signal stability,transient stability,voltage stability,protection equipment failures,power communication equipment failures etc.For the information systems,[19] noted that security risks of cyber systems include hardware and software failures,physical environment impact,malicious code,cyber-attack,physical attack,leakage,misrepresentation, repudiation,operational error,poor management,unauthorized use and abuse etc.

In order to better describe security risk element for CPPS, security risk elements’set is defined as follows.

Definition 1(Security risk elements’set).Let the sets be defined asP={〈p1,v1〉,...,〈pk,vk〉,...,〈pn,vn〉},k∈[1, n],I={〈i1,v1〉,...,〈ij,vj〉,...,〈im,vm〉},j∈[1,m],S={I,P,D},whereIrepresents collection of security riskiof information systems in CPPS and the corresponding risk valuesv,Prepresents collection of security riskpof physical systems in CPPS andv,andDrepresents risk level of CPPS.Sis called security risk elements’set(SRES)of CPPS.

Definition 2(Security risk decision table).Let decision table beT=〈U,C∪D,V,f〉,whereU,C∪D=R,C=〈I,P〉,C={c1,c2,...,cn},D={d1,d2,...,dm}, andV=∪vr,r∈Rrespectively represent data collection, all cyber and physical security risk collection,risk level collection,risk value and risk level value collection of SRES.f:U×R→Vrepresents information function.?r∈R,x∈U,f(x,r)∈vr.Tis called security risk decision table.

An example is shown as Table I.

B.FAR-BSA

For complex and high-dimensional data sets,direct analysis is very difficult.So,the dimension reduction is necessary.Existing methods on dimension reduction include principal component analysis(PCA),singular value decomposition(SVD) and rough set(RS)etc.,where PCA and SVD inevitably result in the loss of part of the decision information.Dimension reduction based on RS does not change the decision rules of original data[20-21].Due to unique and equivalence of the optimal reduction,we just need to solve any optimal reduction. So,fast attribution reduction based on binary search algorithm (FAR-BSA)is proposed in this paper.

Firstly,related definitions of FAR-BSA are given as follows[22].

Definition 3.Let security risk decision table beT=〈U,C∪D,V,f〉,where?P?R,andx,y∈U.?r∈P,if and only iff(x,r)=f(y,r),thenxandyare indiscernible,and denoted byU/RorI N D(P)={(x,y)∈U|?r∈P,f(x,r) =f(y,r)}.

Definition 4.Let security risk decision table beT=〈U,C∪D,V,f〉,the positive region P O SC(D)=∪{Yi?U/C: Yi?D}.

TABLE I AN EXAMPLE OF SECURITY RISK DECISION TABLE

Definition 5.Let security risk decision table be T=〈U, C∪D,V,f〉.Dependence degree between condition attribution C and decision attribution D is denoted by rC(D),if rC(D)= card(P O SC(D))/card(U)=1,then T is consistent,where card(U)represents the number of elements in collection U.

Definition 6.Let security risk decision table T=〈U, C∪D,V,f〉be consistent.For c?C,if P O SC(D)= P O SC-{c}(D),then condition attribution c is reducible.

Property 1.Let security risk decision table T=〈U, C∪D,V,f〉be consistent.For c?C,if P O SC(D)= P O SC-{c}(D),then T′=〈U,C-{c}∪D,V,f〉,which reduces condition attribution c to be consistent.

Proof.From Definition 5,for security risk decision table T =〈U,C∪D,V,f〉,

as P O SC(D)=P O SC-{c}(D),(2)holds:

From(1)and(2),rC-{c}(D)equals to 1.It means that T′=〈U,C-{c}∪D,V,f〉is consistent.□

Definition 7.Let condition attribution set C′be a reduction of security risk decision table T.Reduction which contains the least condition attribution in C′is called the optimal reduction of T.

Lemma 1.Let security risk decision table T=〈U,C∪D, V,f〉be consistent.S?C,if S is not reduction of T,then?S′?S is not reduction too.

Proof.Supposing that?S′?S?C is a reduction,then from Property 1,T is still consistent after condition attribution set C removes S′.And because of S′?S,then(C-S)?(C-S′).From Definition 6 and known conditions,we know that security risk decision table T must be consistent after condition attribution set C removes S.Then from Property 1, for S?C,S is reducible too.This conclusion is inconsistent with the known conditions.So the original proposition is right.□

The basic steps of FAR-BSA are shown as follows.

Algorithm 1.FAR-BSA(T)

Input.T=〈U,C∪D,V,f〉,C={x1,x2,...,xn};

Output.bestReduction;

Step 1.int m=n/2;

Step 2.Looping through all reduction for including m conditional attribution in C.If finding a reduction according to coordination of security risk decision table T,then going to Step 3 until finding the optimal reduction,or going to Step 4;

Step 3.If m equals to 1,then the reduction is the bestReduction.If m equals to n,then bestReduction equals to C. Otherwise,let m equals to m/2,and go to Step 2;

Step 4.If conditional attribution subset is not a reduction when m equals to n/2,then let m equals to(m+n)/2,and go to Step 2;

Step 5.return bestReduction.

III.SRACPPS-RGEP

Essentially,the risk assessment is to build a nonlinear function among system assets,threats and asset vulnerabilities[16]. In terms of function mining,risk assessment can be seen as a process which mines function model among factors affecting system security and risk level,and determines risk level of the current system based on the function model.Traditional function mining algorithms include regression methods,genetic programming(GP)and gene expression programming (GEP)etc.Regression methods assume that function type is known in advance,then estimate parameters by means of the least squares method[23]or the improved methods,and finally, obtain the function model.These methods depend on a priori knowledge and a lot of subjective factors so that the complex function model is not easy to be built.Moreover,these algorithms have high time complexity and low computation efficiency for complex high-dimensional data.To solve these problems,[24]used GP for mathematical modeling,obtained good experimental results,and avoided the defect of traditional statistical methods.However,the efficiency of function model mined by GP was low.So,a new algorithm which was called GEP was proposed in[25].Compared with GP,efficiency of complex function mined by GEP was improved by 4-6 times.

Meanwhile,due to complexity of cyber physical power system,factors that affect security of CPPS are massive, complex and diverse.Risk assessment function model directly mined by GEP will lead to higher time complexity.In this paper,security risk assessment for CPPS based on rough set and gene expression programming(SRACPPS-RGEP)is proposed.Firstly,risk factors which affect security of CPPS are reduced by calling Algorithm 1.And then,function model among security risk factors in CPPS is mined by improved GEP.

A.Code of SRACPPS-RGEP

Gene code is an important expression form of SRACPPSGEP and described as follows.

Definition 8.Let function set be F={+,-,?,/},terminal set be T={d1,d2,...,di,...,dm},where m represents the number of security risk elements in CPPS.Then gene which is built according to rules and symbol in[25]is called risk assessment gene(RA-Gene),where head of RA-Gene h is composed of elements of F and T,and tail of RA-Gene t iscomposed of elements of T.Moreover,the lengths of h and t follow the equation:

where n represents the maximum number of arguments of operator in the gene head.

SRACPPS-RGEP adopts linear code of fixed length[26]to represent an individual which is called a chromosome.In the meantime,a chromosome is composed of one or more RAGenes.

B.Population of SRACPPS-RGEP

In evolution computation,diversity of population directly decides whether the optimal or suboptimal solutions can be obtained.At present,random method is applied to initial population in GEP.But diversity of population is limited.Reference [27]used gene space balance strategy to initialize population and enlarged diversity of initial population.However,the gene space balance strategy cannot dynamically increase diversity of population during the local convergence of GEP.Reference[28]used diversity-guided grading evolution strategy to change diversity of GEP population.But implementation of the algorithm was very complex.In[29],authors dynamically adjusted population size by self-adaptive coefficient.However, the algorithm cannot accurately reflect diversity of the current population.To solve these problems,adjustment of dynamic population based on variable-step(ADP-VS)is proposed in this paper.ADP-VS dynamically adjusts population size of GEP by variable step so as to better increase diversity of the current population and probability of searching the optimal solution.

The basic steps of ADP-VS are shown as follows:

Algorithm 2.ADP-VS

Input.maximum generation Gmax,maximum step Smax, maximum fitness Fmax;

Output.NewPopulation;

Begin{

1.PopSize=500;//size of initial population

2.θ=0;α=0.01;β=0.05;//setting the initial value of related parameters

3.for(i=1;i＜=Gmax;i++){

4.if(i%10==0){

5.if(maximum fitness value of population does not change in 10 generations){

6.Δ=(Fmax-Fmax[i])/Fmax;//computing error between the largest fitness value of current population and the real maximum fitness value

7.if(Δ＞β){θ=200;PopSize+=θ;}

8.else if(α＜Δ＜β) {θ=100;PopSize+=θ;}

9.else{θ=0;}

}}}}

End.

In Algorithm 2,θ represents step when population size changes,α and β represent upper limit and lower limit of error between the maximum fitness value of current population and the real maximum fitness value respectively.

C.Description of SRACPPS-RGEP

To better describe SRACPPS-RGEP,the related concepts are given before risk assessment function mining algorithm is introduced.

Definition 9.Let risk elements’set of CPPS be S={〈I, V〉,〈P,V〉,D},and then D=f(C1,...,Ck,...,Cn+m),C =I∪P is called risk assessment function(RA-Function).

Definition 10.Let Foptimalbe the optimal fitness value of risk assessment function based on GEP,Fmaxbe maximum fitness value,then Foptimal/Fmax×100%is called risk assessment function mining success ratio(RAFMSR).

Definition 11.In SRACPPS-RGEP,fitness function f(i)of the i-th individual is expressed by(3).

where M is threshold of absolute error and is con firmed by empiric value,Vijrepresents the value predicted by the i-th individual program for fitness case j,Tjis the target value for fitness case j.

Meanwhile,genetic operation of function mining based on GEP includes selection based on elitism,mutation,IS/RIS/-Gene transposition,one-point/two-point/gene recombination etc.

The process of SRACPPS-RGEP is shown as follows.

Algorithm 3.SRACPPS-RGEP

Input.T=〈U,C∪D,V,f〉,population size PopSize, maximum iterations MaxGen,maximum fitness value MaxFitness,mutation probability Pm,transposition probability Pt, recombination probability Pr;

Output.the optimal risk assessment function BestRiskAss-Fun.

Begin{

1.Call FAR-BSA(T);//reduce security risk decision table

2.Initialization of Population S;//initial population according to reduced decision table T

3.gen=0;

4.While(f itness＜M axF itness)or(gen＜M axGen)

{

5.GeneticOpertion(S);//selection,mutation,transposition,and recombination operators are done

6.Calculating fitness value of every individual in population;

7.Keeping the best individuals;

8.f itness=B estf itness;

9.gen++;}

10.return BestRiskAss-Fun.

D.Application Analysis of SRACPPS-RGEP

From introduction,it is known that security assessment or vulnerability assessment is considered from the point of physical system or information system in CPPS.SRACPPSRGEP takes information system and physical system as a whole to consider security risk assessment.It is vital to safe and reliable operation of CPPS.Meanwhile,massive security risk logs obtained from CPPS are stored in existing power security defense system.Security risk model is extracted from these security risk logs by SRACPPS-RGEP.Finally,the model can be a basis of decision-making in safe and reliable operation of CPPS.

In order to better apply SRACPPS-RGEP to power security defense system,firstly,interface of security risk logs in CPPS is given;secondly,SRACPPS-RGEP analyzes security risk logs in CPPS by the interface,moreover,analysis and computing will be transplanted to distributed computing platform (such as cloud computing,etc.);lastly,results will be returned to power security defense system as a basis for adjustment of operation control strategy.The whole process is shown in Fig.1.

Fig.1.Application process of SRACPPS-RGEP.

In Fig.1,SRACPPS-RGEP is deployed on the private cloud computing platform in power grid.The algorithm can analyze security risk log of CPPS in parallel by interface and return results to power security defense system.

IV.EXPERIMENTS AND ANALYSIS

In order to better verify the feasibility and effectiveness of the algorithms in this paper,simulation experiments are done in a laboratory environment.Two experiments are given on the following platform:Intel i5 2.3 GHz+2 G+Win7+Java etc.

The experimental data is mainly from China Southern Grid Provincial Power Company.Firstly,security risks of cyber and physical system in the power company are analyzed. Then the corresponding security risk elements’set is obtained. Lastly,security risk decision table is built by the security risk elements’set.In the decision table,the number of condition attribution and decision attribution is 21 and 5,respectively. Decision attribution value includes higher,high,medium,low and lower.The number of data set is 20.After quantification and normalization,training data is composed of top 15 elements,and the remaining data is test data.

Experiment 1.For the known security risk decision table for CPPS,change of the number of condition attribution based on FAR-BSA is shown in Table II.The optimal attribution reduction based on FAR-BSA,PCA,SVD,attribution reduction algorithm based on positive region(AR-PR),attribution reduction algorithm based on discernable matrix(AR-DM), GEP-ARRS[26]and TS-ARRS[30]is shown in Table III.Fig.2 shows comparison of time-consumption in which the optimal attribution reduction is obtained respectively based on FARBSA,PCA,SVD,AR-PR,AR-DM,GEP-ARRS and TSARRS under the condition that the algorithm runs 5 times.

TABLE II CHANGED OF THE NUMBER OF CONDITION ATTRIBUTION BASED ON FAR-BSA

TABLE III COMPARISON OF AND OPTIMAL REDUCTION BASED ON SEVEN ATTRIBUTION REDUCTION ALGORITHMS

It is well known that the optimal attribution reduction is not unique for invariant condition attributions.From Table II, we know that FAR-BSA is effective for solving an optimal attribution reduction.After reduction,the number of condition attribution reduces to about 76.19%.In all condition attribution,only five condition attributions including local power matching degree,small signal stability,voltage stability, operational error,and unauthorized use and abuse are retained so that complexity of function mining by GEP will be greatly reduced.Meanwhile,according to rough set theory,attribution reduction does not change the ability to decide risk level of CPPS.

From Table III,an optimal reduction based on FAR-BSA, AR-PR,AR-DM,GEP-ARRS and TS-ARRS includes five condition attributions.An optimal reduction based on PCAand SVD includes respectively seven and eight condition attributions,where the optimal reduction based on FAR-BSA, AR-PR,AR-DM,GEP-ARRS and TS-ARRS does not result in loss of the original decision information.While attribution reduction based on PCA and SVD will inevitably result in partial loss of the original decision information.

Fig.2.Time-consumption for an optimal reduction based on the seven algorithms.

Experiment 2.On the basis of Experiment 1,for security risk decision table in CPPS after reduction,performance of SRACPPS-RGEP is described in Experiment 2.Parameters of GEP are shown in Table IV.Fig.3 shows comparison of difference between optimal and maximum fitness value by GEP before and after reduction.Under the condition that SRACPPS-RGEP runs 5 times,comparison of average timeconsuming before and after reduction is shown in Fig.4.Fig.5 describes error between maximum fitness value of current population and real maximum fitness value with increase of population size.Figs.6 and 7 show respectively the comparison between model value by SRACPPS-RGEP and real value for training and test data.

Fig.3.Comparison of difference between optimal and maximum fitness value before and after reduction.

Fig.4.Comparison of average time-consumption of GEP before and after reduction.

Fig.5.Comparison of error between maximum fitness value of current population and real maximum fitness value.

Fig.6.Comparison between the values of training data and model.

Fig.7.Comparison between the values of test data and model.

From Fig.3,we know that in comparison with difference between optimal and maximum fitness value before the reduction,difference after the reduction has been maximally decreased about 89.81%.Function mining success ratio has been maximally reached about 99.86%.This means that for high-dimensional data sets,attribution reduction greatly improves success probability of function mining without changing decision capability of existing data sets.Fig.4 shows that attribution reduction greatly reduces average time-consuming of security risk assessment function model based on GEP for the same security risk decision table.Average time-consuming has been maximally dropped about 56.52%under the same GEP parameters.This is mainly because that complexity of GEP population has been drastically simplified by reduction.

Optimal risk assessment function model by SRACPPSRGEP is shown as(4).

From Fig.5,we know that with the increase of population size,error between maximum fitness value of current population and real maximum fitness value gradually declines.This is because that adjustment strategy of dynamic population based on variable-step is applied to dynamically increase population size and diversity of individual,thereby increase solution of the optimal individual.Meanwhile,degree of fitness between real value and model value of train data and test data for security risk decision table is shown respectively in Figs.6 and 7.From Fig.6,we can see that maximum error between model value and real value of security risk train data by(5) is 0.7441,and minimum error is 0.004.Fig.7 indicates that maximum error between model value and real value of test data by(5)is 0.3091,and minimum error is 0.0497.It can be seen that the model has high prediction accuracy.

TABLE IV PARAMETERS OF GEP

For security risk assessment of CPPS,the higher prediction accuracy of security risk assessment function model based on SRACPPS-RGEP is,the higher accuracy of assessment for security risk level of CPPS is.

V.CONCLUSION

With deep integration of information systems and physical systems in smart grid,various types of security risks of information systems will affect the normal operation of the physical system.Security risks of cyber physical power system need to be timely found and evaluated because handling of these security risks are essential for safe and reliable operation of cyber physical power system.In this paper,for better and faster solution of optimal attribute reduction on security risk decision table for CPPS,fast attribution reduction based on binary search algorithm(FAR-BSA)is firstly proposed.On the basis of FAR-BSA,security risk assessment algorithm for cyber physical power system based on rough set and gene expression programming(SRACPPS-RGEP)is described.Experimental results show that SRACPPS-RGEP can quickly discover optimal security risk function model,and the functionmodel has high predictive accuracy.This will provide good foundation for timely and accurate assessment and prediction of security risk in CPPS in the future.

The existing power information security defense system does not take security assessment of CPPS into account.In the future,the SRACPPS-RGEP can be used as an important part of existing power information security defense system, and provide comprehensive security situation assessment for power system of China from information region to production and control region.

REFERENCES

[1]Zhao Jun-Hua,Wen Fu-Shuan,Xue Yu-Sheng,Li Xue,Dong Zhao-Yang.Cyber physical power systems:architecture,implementation techniques and challenges.Automation of Electric Power Systems,2010, 34(16):1-7(in Chinese)

[2]Ju Ping,Qin Chuan,Huang Hua,Wu Feng,Jin Yu-Qing.Research trends of power system modeling geared to smart grid.Automation of Electric Power Systems,2012,36(11):1-6(in Chinese)

[3]Yu Yi-Xin,Luan Wen-Peng.Basic philosophy of smart grid.Journal of Tianjin University,2011,44(5):377-384(in Chinese)

[4]Vellaithurai C,Srivastava A,Zonouz S,Berthier R.CPINDEX:cyberphysical vulnerability assessment for power-grid infrastructures.IEEE Transactions on Smart Grid,2015,6(2):566-575

[5]Hong J H,Liu C C,Govindarasu M.Integrated anomaly detection for cyber security of the substations.IEEE Transactions on Smart Grid, 2014,5(4):1643-1653

[6]Sridhar S,Govindarasu M.Model-based attack detection and mitigation for automatic generation control.IEEE Transactions on Smart Grid, 2014,5(2):580-591

[7]Zonouz S,Davis C M,Davis K R,Berthier R,Bobba R B,Sanders W H.SOCCA:a security-oriented cyber-physical contingency analysis in power infrastructures.IEEE Transactions on Smart Grid,2014,5(1):3-13

[8]Hu J K,Pota H R,Guo S.Taxonomy of attacks for agent-based smart grids.IEEE Transactions on Parallel and Distributed Systems,2014, 25(7):1886-1895

[9]Mei Sheng-Wei,Wang Ying-Ying,Chen Lai-Jun.Overviews and prospects of the cyber security of smart grid from the view of complex network theory.High Voltage Engineering,2011,37(3):672-679(in Chinese)

[10]Feng Deng-Guo,Zhang Yang,Zhang Yu-Qing.Survey of information security risk assessment.Journal of China Institute of Communications, 2004,25(7):10-18(in Chinese)

[11]Guo Chuang-Xin,Yu Bin,Guo Jia,Wen Bo-Jian,Zhang Jin-Jiang, Zhang Li,Lu Hai-Bo,Li Bo.Security risk assessment of the IEC61850-based substation automation system.Proceedings of the CSEE,2014, 34(4):685-694(in Chinese)

[12]Liu N,Zhang J H,Wu X.Asset analysis of risk assessment for IEC 61850-based power control systems,Part I:methodology.IEEE Transactions on Power Delivery,2011,26(2):869-875

[13]Liu N,Zhang J H,Wu X.Asset analysis of risk assessment for IEC 61850-based power control systems,Part II:application in substation. IEEE Transactions on Power Delivery,2011,26(2):876-881

[14]Bompard E,Gao C W,Napoli R,Russo A,Masera M,Stefanini A. Risk assessment of malicious attacks against power systems.IEEE Transactions on Systems,Man,and Cybernetics,Part A:Systems and Humans,2009,39(5):1074-1085

[15]Zhang Li,Yao Yi-Zhan,Peng Jian-Fen,Chen Hong-Bo,Du Yu-Ge. Intelligent information security risk assessment based on a decision tree algorithm.Journal of Tsinghua University(Science and Technology), 2011,51(10):1236-1239(in Chinese)

[16]Zhao Dong-Mei,Liu Jin-Xing,Ma Jian-Feng.Risk assessment of information security based on improved wavelet neural network.Computer Science,2010,37(2):90-93(in Chinese)

[17]Zhao Gang,Wu Tian-Shui.Information security risk assessment based on G-ANP.Journal of Tsinghua University(Science and Technology), 2013,53(12):1761-1767(in Chinese)

[18]Chang L Y,Lee Z J.Applying fuzzy expert system to information security risk assessment-a case study on an attendance system.In: Proceedings of the 2013 International Conference on Fuzzy Theory and Its Applications.Taipei,China:IEEE,2013.346-351

[19]Wang Bo.Research on Security Risk and Vulnerability Assessment Methods of Complicated Power System[Ph.D.dissertation],Huazhong University of Science and Technology,China,2011.(in Chinese)

[20]Yin Lin-Zi,Yang Chun-Hua,Wang Xiao-Li,Gui Wei-Hua.An incremental algorithm for attribute reduction based on labeled discernibility matrix.Acta Automatica Sinica,2014,40(3):397-404(in Chinese)

[21]Jiang Yun-Liang,Yang Zhang-Xian,Liu Yong.Quick distribution reduction algorithm in inconsistent information system.Acta Automatica Sinica,2012,38(3):382-388(in Chinese)

[22]Pawlak Z.Rough sets.InternationalJournalofComputerandInformation Sciences,1982,11(5):341-356

[23]Zeng Qing-Hong,Lu De-Tang.Curve and surface fitting based on moving least-squares methods.Journal of Engineering Graphics,2004, 25(1):84-89(in Chinese)

[24]Koza J R.Genetic Programming II:Automatic Discovery of Reusable Programs.Cambridge:MIT Press,1994.110-199

[25]Ferreira,C.Gene expression programming:a new adaptive algorithm for solving problems.Complex Systems,2001,13(2):87-129

[26]Deng S,Wang R C,Fu X,Yang L C.Gene expression programming for attribution reduction in rough set.International Journal of Computers and Applications,2010,32(2):226-231

[27]Hu Jian-Jun,Tang Chang-Jie,Duan Lei,Zuo Jie,Peng Jing,Yuan Chang-An.The strategy for diversifying initial population of gene expression programming.Chinese Journal of Computers,2007,30(2): 305-310(in Chinese)

[28]Liu Qi-Hong,Tang Chang-Jie,Hu Jian-Jun,Zeng Tao,Liu Ying-Tian, Qiu Jiang-Tao.Gene expression programming based on diversity-guided grading evolution.Journal of Sichuan University(Engineering Science Edition),2006,38(6):108-113(in Chinese)

[29]Deng Song,Wang Ru-Chuan.Classification of distributed GEP-BP based on grid service.ActaElectronicaSinica,2009,37(11):2600-2603 (in Chinese)

[30]Header A R,Wang J,Fukushima M.Tabu search for attribute reduction in rough set theory.Soft Computing,2007,12(9):909-918

Song Deng Associate professor at the Research Institute of Advanced Technology,Nanjing University of Post and Telecommunication,China.He received the Ph.D.degree in information network from Nanjing University of Post and Telecommunication in 2009.His research interests include intelligent control theory and its application,nonlinear system analysis and optimization,and pattern recognition.

Dong Yue received the Ph.D.degree from South China University of Technology,China,in 1995.He is currently a professor of the Research Institute of Advanced Technology,Nanjing University of Posts and Telecommunications and also a Changjiang Professor with the Department of Control Science and Engineering,Huazhong University of Science and Technology.He is currently an associate editor of the IEEE Control Systems Society Conference Editorial Board and also an associate editor of the International Journal of Systems Science.Up to now,he has published more than 100 papers in international journals,domestic journals,and international conferences.His research interests include analysis and synthesis of networked control systems,multi-agent systems,optimal control of power systems,and internet of things.Corresponding author of this paper.

Xiong Fu Associate professor at the School of Computer Science and Technology,Nanjing University of Posts and Telecommunications.He received his B.Sc.and Ph.D.degree in computer science from University of Science and Technology of China, China,in 2002 and 2007,respectively.His research interests include parallel and distributed computing, and cloud computing.

Aihua Zhou Engineer at the State Grid Smart Grid Research Institute.He received the M.Sc.degree in GIS from Nanjing Normal University in 2008.His research interests include cloud computing and big data in smart grid.

t

October 10,2014;accepted April 8,2015.This work was support by National Natural Science Foundation of China(61202354, 51507084)and Nanjing University of Post and Telecommunications Science Foundation(NUPTSF)(NT214203).Recommended by Associate Editor Yilin Mo.

:Song Deng,Dong Yue,Xiong Fu,Aihua Zhou.Security risk assessment of cyber physical power system based on rough set and gene expression programming.IEEE/CAA Journal of Automatica Sinica,2015, 2(4):431-439