Risk Assessment of Distributed Energy System Based on Fuzzy Analytic Hierarchy Process

Risk assessment of distributed energy system often has uncertainty and subjective problems. The problems will have some impact on the results. To solve the problems, a method of improved fuzzy analytic hierarchy process is proposed. By using the fuzzy analytic hierarchy process method, a hierarchical analysis model is established. And then according to the given judgment matrix of each index layer, we calculate whether it meets the consistency condition. And then if the judgment matrix does not meet the consistency condition, the problem will be solved by the improving of particle swarm optimization (PSO) with Kalman filter. The practice in the distributed energy system shows that the method can not only fully reflect the fuzziness of assessment elements and process, but also reduce the influence of individual subjective factors and better evaluation results can be achieved.


Introduction
The development of computer systems and the application of computer technology on different occasions have gradually increased, and more and more attacks have followed. Traditional protection methods take corresponding measures after the system is attacked, including passive protection methods such as firewalls, intrusion detection or white listing, and cannot detect and deal with the hazards in time. Therefore, effective risk assessment methods are used to dis-cover the existence of the system in advance. For vulnerabilities and threats, it is very important to formulate scientific and effective security strategies and actively adopt security defenses. There is a certain amount of research on information security risk assessment at home and abroad. The standard policies, technical methods and organizational structure related to risk assessment require the establishment of national security agencies and authoritative institutions to ensure the credibility of the assessment process and assessment results.
Risk assessment is a scientific security assessment method. Through detailed assessment of assets, threats, and vulnerabilities, and assigning values to different degrees of security threats and vulnerabilities, the risk value is finally calculated, allowing users to intuitively understand the current security status of the system and take effective protective measures afterward. This method has been widely used in different industries and is the first and critical step to assess its security status. In the energy Internet environment, more information security issues are exposed, including certain risks in all aspects of production, transmission, and communication. To take scientific and effective protective measures, it appears to be an information security risk assessment for distributed energy systems. It is very necessary. The information system in the distributed energy network system architecture is a key link to ensure the correct transmission and message transmission. The risk assessment team established by the State Information Office has also formulated the "Information Security Risk Assessment Specification" [1] and "Information Security Risk Management "Guide" [2] provides standards and basis for my country's information security risk assessment work.
According to the principles of evaluation, it can be divided into evaluation methods based on mathematical knowledge, evaluation methods based on game theory, and evaluation methods based on machine learning. For the special evaluation object of the distributed energy system, any threat that exists may become the target of attackers and cause a certain range of power system failures, which will seriously affect people's lives.
In the process of risk assessment, the assessment object should be analyzed from multiple angles. To reduce the possible impact of subjective factors or other irrelevant factors on the assignment of indicators, Yu et al. [3] used gray theory to calculate the risk matrix, and then used the network analysis method to calculate each risk factor and calculates its weight. This method reduces the influence of subjective factors of experts. Huang et al. [4] used fuzzy sets to improve traditional evidence theory and solved the BPA function to reduce the influence of subjective factors. The difficulty brought by Zhang et al. [5] used rough set theory to reduce the complexity of analysis, grasped key nodes in the evaluation process, eliminated factors that did not affect the evaluation results, discovered possible combination threats, and automatically Generate an evaluation model.
To comprehensively evaluate the safety of the evaluation object from multiple angles, Han Xia et al. [6] used the analytic hierarchy process in the safety evaluation of the operation of the power system, by constructing an indicator system and calculating the weight of each indicator to assess the safety status of the system. With a clear understanding, Ren Qiujie et al. [7] used a combination of fuzzy hierarchy method and attack tree method to carry out an effective security assessment of the information system. The AHP method is widely used when dealing with multi-attribute decision-making problems by decomposing the final goal into multiple levels to calculate the weights respectively. However, because the judgment matrix is prone to unreasonable consistency, it is impossible to accurately obtain the weight of each indicator. The particle swarm method is often used to solve the problem of parameter optimization and multi-objective solution. Shang Wenli et al. optimized the parameters of the support vector machine by using the particle swarm optimization method and established a support vector machine anomaly detection model [8]. The KPSO method has a better improvement in convergence speed and accuracy based on the standard particle swarm method. Dai Shaowu et al. [9] used the improved KPSO method to obtain better results in acceleration calibration.
There are many kinds of swarm intelligence algorithms, including Ant Colony Optimization, Particle Swarm Optimization, Artificial Bee Colony Algorithm and and so on. The common features between them include the independence between individuals, using local and global information to interact.
As an earlier proposed algorithm, the PSO has the advantages of fast convergence, simple and low complexity in calculation. Compared with other swarm intelligence algorithms, it can be used to solve more problems and it is more applicable to the content of this article.
Therefore, the paper uses the improved particle swarm method to modify the judgment matrix that has not passed the consistency test and obtains the judgment matrix that best fits the actual situation and conforms to the consistency test. And then combines the analytic hierarchy process to obtain the final risk of the distributed energy system. The experiment proves that the revised result can better reflect the true weight of the indicator, which provides a reliable basis for the application of risk assessment.

Distributed Energy System Structure
Natural gas distributed energy, as the current vigorous development direction, has the particularity of the interconnection and interoperability of energy, electricity, water and heat, and the network, making its risk assessment need to be more comprehensive and detailed. From the distributed energy system architecture shown in Figure 1, a complete distributed energy system includes six parts: energy supply, power transformation system, thermal energy conversion system, energy storage system, energy management system, and load side, which make full use of the area The various energy resources inside and the power system, the thermal system cooperate with the operation, and the intelligent management.

Hierarchical Analysis Model
After identifying the elements of the system, a risk assessment index system was established according to the analytic hierarchy process, and assets, threats, vulnerabilities, and existing security measures were taken as four first-level indicators [10]. The assessment of assets is carried out from the three aspects of the three elements of information security. The assessment indicators of threats are carried out in two categories: environmental factors and human factors. The assessment of vulnerabilities mainly starts from the two perspectives of technology and management. Measures are evaluated in terms of preventive measures and protective measures. In summary, the evaluation index system established in this article has 3 first-level indicators, 7 second-level indicators, and 14 third-level indicators, as shown in Figure 2.
Risk assessment evaluates assets from three aspects: whether the data is leaked, whether it has been tampered with, and whether it can be used normally. The indicators that affect threats include environmental and human factors. Environmental factors refer to threats caused by force majeure and system environmental problems. Human factors mainly refer to potential threats such as man-made malicious manipulation of virus implantation. The impact indicators on vulnerability are developed from two aspects: technology and management. Specifically, it refers to the design flaws of the system itself or the lack of advanced technology, and there may also be problems in the establishment and implementation of management regulations.

AHP Method
Analysis of Hierarchy Process (AHP) [11] as an effective evaluation method, its main analysis principle is to divide the problem to be analyzed into multiple levels, before each level according to the form of two-to-two comparison, Get the weight of each element on the layer, and finally sort them in a certain additive manner to get the total weight. The main steps are as follows: 1) Build a hierarchical model The overall hierarchical structure model established in this paper is divided into four levels from top to bottom, and the indicators of each layer are related to the indicators of the previous layer. First, set up the general target problem to be solved, then put forward several aspects of the problem, and finally propose specific measures to solve each small problem.
2) Construct a judgment matrix The judgment matrix reflects the importance of the elements at each level and is arranged in order, using the nine-point method for assignment. The judgment matrix can be as follows, where: Then calculate the value of CI, , we think that the consistency of the matrix is better, otherwise you have to adjust the matrix with the following step (3) and step (4).

3) Hierarchical single sort
Find the eigenvector W of the matrix, and then normalize to get the weight value, as shown below.
( ) 4) Hierarchical total order Calculate the weights from the top layer in order, and finally get the weight of the bottom layer compared to the top layer.

AHP Method Based on Fuzzy Theory
The analytic hierarchy process is prone to problems when there are many rating indicators. Therefore, this paper uses the fuzzy hierarchy method to solve the problem of consistency. The specific steps and processes are shown in Figure 3.
1) Establish a hierarchical structure: establish an evaluation hierarchy according to the risk assessment model and analytic hierarchy method, and then establish a corresponding analytic hierarchy model for assets, threats, and vulnerabilities.
2) Establish fuzzy complementary matrix: The construction of fuzzy complementary matrix is produced by comparison between elements. 3) Fuzzy weight calculation of single-level factors: Calculate the number of

Evaluation Data Collection
To prove the effectiveness of the improved method for risk assessment, this paper establishes a small gas distributed energy system, and scans its assets, existing threats, and vulnerabilities through vulnerability scanning software and assessment tools, and uses this as a basis. Combine the relevant indicators of national risk assessment to construct an assessment data set. Using vulnerability scanning software to scan the host, it can be seen that there are many vulnerabilities in the system as shown in Figure 4, and the detailed information of the host is displayed at the same time. This also shows that there are many potential threats in the control system host. Key attention should be given to indicators when assigning values.
Besides, through the analysis and processing of 274,628 raw data in the natural gas control system data set, that is, the data set itself is divided into normal behavior data and abnormal behavior data using the label value. And data with a label value of 0 is divided into normal behavior data, data with a label value of 1 is classified as NMRI, data with a label value of 2 is classified as CMRI, data with a label value of 3 is classified as MSCI, data with a label value of 4 is classified as MPCI, and data with a label value of 5 is classified as MFCI, the data with a label value of 6 is classified as DoS, and the data with a label value of 7 is classified as reconnaissance, and then the database is used to perform statistics on various behavioral data. Including 214,580 normal behavior data and 60,048 abnormal behavior data, accounting for 78.13% and 21.87% of the total data volume respectively. The data is centralized. The specific percentages of various types of attacks are shown in Figure 5. It can be seen from Figure 5 that there are many different types of attack data in the natural gas control system. These attack behaviors will cause great harm to the security of the system, especially malicious parameter command injection attacks and complex malicious response injection attacks. It should be focused on during the evaluation process.
Then use the security risk assessment software to scan the system and calculate the corresponding evaluation index weights. As a simple assistant software  of AHP, Yaahp [12], it can be used to make simple model construction and calculation of the system as a reference basis. Figure 6 shows the evaluation indicators and corresponding weight values of the system. From the figure, it can be seen that the weight value of vulnerability accounts for the ratio is the highest, and attention should be strengthened in this regard.
To analyze the relationship between the indicators in more detail, a sensitivity analysis can be performed on the indicators. Through sensitivity analysis, it is possible to determine how the weight of each alternative will be affected when the weight of a certain element changes, to decide a higher level. To perform sensitivity analysis, first, complete the calculation of the ranking weight, and then obtain different sensitivity analysis tables based on different elements on the left structure tree generated by the hierarchical model structure. The curve in the table represents the change process of each index weight with the selected elements. It shows the sensitivity analysis of threat indicators during the assessment process. It can be seen that the weights of some indicators decrease with the increase of threats, and the weights of some indicators increase with the increase of threats, which can be more accurate Determine where safety protection measures need to be strengthened.

Consistency Check
According to the risk assessment process, we must first classify the system and construct a judgment matrix. The construction of the judgment matrix refers to the relevant data collected in the previous section and analyzed. Due to a large number of evaluation indicators in this article, there are a large number of discriminant matrices to be constructed, so this section only shows the judgment matrix related to threat indicators. The judgment matrix based on assets and vulnerability is also constructed in the same way as a pairwise comparison. Refer to the assignment of indicators. The influence of each index is quantified by the nine scaling index. The meaning of the nine scaling index is shown in Table 1 Construct the judgment matrix according to Formula 1, and refer to Table 1 to assign the judgment matrix. The judgment matrix for the second-level threat indicators is shown in Table 2. It is believed that the impact of human factors on the threat indicators is slightly greater than that of environmental factors. Therefore, the ratio of the importance of human factors to environmental factors is assigned a value of 3 in the judgment matrix. Table 3 and Table 4 show the different judgment matrices on human factors and environmental factors for the third-level indicators for illegally obtaining access rights, network attacks, leaks, Trojan horses, and illegally obtaining control information.
After constructing the judgment matrix, it is necessary to calculate its eigenvalues and whether it meets the consistency conditions, correct the unsatisfied judgment matrix to obtain a new matrix, and then calculate the index weights. Journal of Computer and Communications  characteristic value of the environmental factor judgment matrix is 5.692, CR = 0.154 > 0.1, and the consistency condition needs to be corrected. The Kalman particle swarm method is used to correct the matrix that does not meet the consistency. The specific correction process is shown in Figure 7. The particle swarm method can be used to find the optimal solution and modify the value of the judgment matrix. Since the larger the population, the better the convergence, but it will also affect the speed, so the maximum population is set to 20; to ensure the stability of the solution and reduce the calculation time, the number of iterations is set to 200; The inertia weight reflects the global optimization ability of the particle swarm, generally 0.5 -1, this article sets it to 0.7 ω = ; the value of the learning factor will affect the convergence of the population, and it is set to 1 1.5 c = , 2 1.6 c = based on experience. The parameter values of the revised judgment matrix can be shown in Figure  8, and it can be seen from the figure that the revised parameter values are significantly improved compared with the previous ones. In particular, there is an obvious gap between the 4 th and 10 th parameters. Therefore, the initial judgment matrix setting has a strong subjectivity problem, which leads to inconsistencies in the subsequent calculation process. After the particle swarm method and the improved particle swarm method optimize the parameter values, this problem is Journal of Computer and Communications  effectively improved, so that the revised judgment matrix does not have the problem of failing the consistency check. Calculate whether the revised judgment matrix meets the consistency condition, and the results are shown in Table 5. The revised CR is all less than 0.1.

Calculate the Weight of the Evaluation Index
The evaluation indicators in this article are divided into three first-level indicators and seven second-level indicators. Through the establishment of the evaluation method and evaluation system in the previous sections, this section calculates the weight of each indicator relative to the target layer. The index level for asset evaluation selects hardware facilities, software facilities, safety protection measures, and personnel; the criterion level is the three elements of confidentiality, integrity, and availability. First, the fuzzy analysis method is used to process the evaluation and scoring results of the experts, and the weight of each index relative to the asset is calculated. From Table 6, it can be seen that the usability value of the statistical assets is the highest, followed by completeness. Combining the weights of the three indicators, we can see that the asset value of security protection facilities and software facilities is higher.
The evaluation index layer for system threats selects five indicators of illegal access rights, network attacks, leaks, Trojan horses, and illegal access to control information; the criterion layer uses two indicators: environmental factors and Journal of Computer and Communications  Table 7. It can be seen from the table that for distributed energy systems, the weight of human factors is higher than that of environmental factors, and the risk of illegal access rights and leaks is relatively high. Potential threats that are prone to occur, and protective measures in this area should be strengthened. For the evaluation index layer of vulnerability, five evaluation indexes are selected: network environment, system host, physical facility, database and organization management; the criterion layer uses technical factors and management factors as evaluation indexes. The relative weight and vulnerability weight of each indicator can be shown in Table 8. It can be seen from the table that the weight of technical factors is higher than that of management factors. The weights of organizational management and network environment are higher than other indicators. The supervision of staff should be increased, relevant regulations should be revised, and network monitoring should be strengthened.
Synthesizing the weights of the indicators in Tables 5-7 can be used to obtain the total evaluation indicator weight, that is, the weight of each secondary indicator relative to the asset, threat, and vulnerability of the primary indicator, and the weight of the target layer weights.

Evaluation Result Analysis
The weight of each evaluation index calculated in the previous section can be obtained through the risk calculation formula, and it can be concluded that the information security risk level of the distributed energy system is between 3 -4 levels, and security inspections should be carried out regularly to strengthen security protection measures. This paper uses the fuzzy analytic hierarchy process to calculate the information security risk value of the small distributed energy system, and according to the security risk assignment table, it can be concluded that the security risk level is medium, which is in a relatively safe stage. However, it can be seen from the weight of each indicator that some indicators have higher risk values, and more attention should be paid to adopt targeted safety protection measures and adopt regular inspections.
For system assets, security protection measures and software facilities have a relatively high weight, which also shows that in the overall structure of the system, field equipment and various software facilities of the central control layer are mainly used to realize energy utilization and data transmission. And whether to install protective measures in the system is very important to maintain the safety and stability of the system. After weighing the threat and vulnerability indicators, it can be seen that there are many security problems in the system, including communication protocol vulnerabilities, inadequate protection measures, and database identity authentication issues. In the threat assessment, the security weight of illegal access and leaks is relatively high. In normal use, the access control of the system should be strengthened, and the identity authentication mechanism should be established. For common network attack characteristics, intrusion detection models can be established, early Find abnormalities and minimize damage. Because of the possible vulnerabilities in the system, there are some problems in the network environment and organization and management. The existence of these safety problems is a huge hidden danger to the long-term operation and operation of the system. In response to the above possible problems, some security suggestions are put forward: The control access mechanism of the system should be strengthened, and multiple user authentication methods should be adopted for systems with higher security to prevent tampering and other behaviors that may reveal key information; establish targeted Intrusion detection model, the model should in-clude the abnormal state when common various attacks occur, and the database of the intrusion detection model should be updated regularly; the on-site infrastructure should be sent to carry out regular inspections to check whether the controller of the equipment is normal To prevent accidents from being signaled and transmitted to the central controller in time; strengthen the safety protection awareness of internal staff, and write safety protection regulations and rules.

Conclusion
In this paper, the risk assessment of the distributed energy system is carried out based on the fuzzy analytic hierarchy process and a detailed evaluation index system is also established. Through the improved particle swarm optimization method, the unreasonable consistency of the judgment matrix of the analytic hierarchy method is investigated. Through the improved judgment matrix, the weight of each indicator has been corrected and obtained. And the improved particle swarm method has improved its iteration speed and accuracy. The final evaluation results show that possible problems can be effectively revealed, which provides a reference for the security protection of distributed energy stations.