skip to main content


Title: Detection of False Data Injection Attacks in Smart Grids Based on Forecasts
The bi-directional communication capabilities that emerged into the smart power grid play a critical role in the grid's secure, reliable and efficient operation. Nevertheless, the data communication functionalities introduced to Advanced Metering Infrastructure (AMI) nodes end the grid's isolation, and expose the network into an array of cyber-security threats that jeopardize the grid's stability and availability. For instance, malware amenable to inject false data into the AMI can compromise the grid's state estimation process and lead to catastrophic power outages. In this paper, we explore several statistical spatio-temporal models for efficient diagnosis of false data injection attacks in smart grids. The proposed methods leverage the data co-linearities that naturally arise in the AMI measurements of the electric network to provide forecasts for the network's AMI observations, aiming to quickly detect the presence of “bad data”. We evaluate the proposed approaches with data tampered with stealth attacks compiled via three different attack strategies. Further, we juxtapose them against two other forecasting-aided detection methods appearing in the literature, and discuss the trade-offs of all techniques when employed on real-world power grid data, obtained from a large university campus.  more » « less
Award ID(s):
1830175
NSF-PAR ID:
10312309
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
Detection of False Data Injection Attacks in Smart Grids Based on Forecasts
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. False power consumption data injected from compromised smart meters in Advanced Metering Infrastructure (AMI) of smart grids is a threat that negatively affects both customers and utilities. In particular, organized and stealthy adversaries can launch various types of data falsification attacks from multiple meters using smart or persistent strategies. In this paper, we propose a real time, two tier attack detection scheme to detect orchestrated data falsification under a sophisticated threat model in decentralized micro-grids. The first detection tier monitors whether the Harmonic to Arithmetic Mean Ratio of aggregated daily power consumption data is outside a normal range known as safe margin. To confirm whether discrepancies in the first detection tier is indeed an attack, the second detection tier monitors the sum of the residuals (difference) between the proposed ratio metric and the safe margin over a frame of multiple days. If the sum of residuals is beyond a standard limit range, the presence of a data falsification attack is confirmed. Both the ‘safe margins’ and the ‘standard limits’ are designed through a ‘system identification phase’, where the signature of proposed metrics under normal conditions are studied using real AMI micro-grid data sets from two different countries over multiple years. Subsequently, we show how the proposed metrics trigger unique signatures under various attacks which aids in attack reconstruction and also limit the impact of persistent attacks. Unlike metrics such as CUSUM or EWMA, the stability of the proposed metrics under normal conditions allows successful real time detection of various stealthy attacks with ultra-low false alarms. 
    more » « less
  2. null (Ed.)
    Spurious power consumption data reported from compromised meters controlled by organized adversaries in the Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid’s operations. While existing research on data falsification in smart grids mostly defends against isolated electricity theft, we introduce a taxonomy of various data falsification attack types, when smart meters are compromised by organized or strategic rivals. To counter these attacks, we first propose a coarse-grained and a fine-grained anomaly-based security event detection technique that uses indicators such as deviation and directional change in the time series of the proposed anomaly detection metrics to indicate: (i) occurrence, (ii) type of attack, and (iii) attack strategy used, collectively known as attack context . Leveraging the attack context information, we propose three attack response metrics to the inferred attack context: (a) an unbiased mean indicating a robust location parameter; (b) a median absolute deviation indicating a robust scale parameter; and (c) an attack probability time ratio metric indicating the active time horizon of attacks. Subsequently, we propose a trust scoring model based on Kullback-Leibler (KL) divergence, that embeds the appropriate unbiased mean, the median absolute deviation, and the attack probability ratio metric at runtime to produce trust scores for each smart meter. These trust scores help classify compromised smart meters from the non-compromised ones. The embedding of the attack context, into the trust scoring model, facilitates accurate and rapid classification of compromised meters, even under large fractions of compromised meters, generalize across various attack strategies and margins of false data. Using real datasets collected from two different AMIs, experimental results show that our proposed framework has a high true positive detection rate, while the average false alarm and missed detection rates are much lesser than 10% for most attack combinations for two different real AMI micro-grid datasets. Finally, we also establish fundamental theoretical limits of the proposed method, which will help assess the applicability of our method to other domains. 
    more » « less
  3. Communication networks in power systems are a major part of the smart grid paradigm. It enables and facilitates the automation of power grid operation as well as self-healing in contingencies. Such dependencies on communication networks, though, create a roam for cyber-threats. An adversary can launch an attack on the communication network, which in turn reflects on power grid operation. Attacks could be in the form of false data injection into system measurements, flooding the communication channels with unnecessary data, or intercepting messages. Using machine learning-based processing on data gathered from communication networks and the power grid is a promising solution for detecting cyber threats. In this paper, a co-simulation of cyber-security for cross-layer strategy is presented. The advantage of such a framework is the augmentation of valuable data that enhances the detection as well as identification of anomalies in the operation of the power grid. The framework is implemented on the IEEE 118-bus system. The system is constructed in Mininet to simulate a communication network and obtain data for analysis. A distributed three controller software-defined networking (SDN) framework is proposed that utilizes the Open Network Operating System (ONOS) cluster. According to the findings of our suggested architecture, it outperforms a single SDN controller framework by a factor of more than ten times the throughput. This provides for a higher flow of data throughout the network while decreasing congestion caused by a single controller’s processing restrictions. Furthermore, our CECD-AS approach outperforms state-of-the-art physics and machine learning-based techniques in terms of attack classification. The performance of the framework is investigated under various types of communication attacks. 
    more » « less
  4. Advanced metering infrastructure (AMI)is a critical part of a modern smart grid that performs the bidirectional data flow of sensitive power information such as smart metering data and control commands. The real-time monitoring and control of the grid are ensured through AMI. While smart meter data helps to improve the overall performance of the grid in terms of efficient energy management, it has also made the AMI an attractive target of cyber attackers with a goal of stealing energy. This is performed through the physical or cyber tampering of the meters, as well as by manipulating the network infrastructure to alter collected data. Proper technology is required for the identification of energy fraud. In this paper, we propose a novel technique to detect fraudulent data from smart meters based on the energy consumption patterns of the consumers by utilizing deep learning techniques. We also propose a method for detecting the suspicious relay nodes in the AMI infrastructure that may manipulate the data while forwarding it to the aggregators. We present the performance of our proposed technique, which shows the correctness of the models in identifying the suspicious smart meter data. 
    more » « less
  5. The smart grid provides efficient and cost-effective management of the electric energy grid by allowing real-time monitoring, coordinating, and controlling the system using communication networks between physical components. This inherent complexity significantly increases the vulnerabilities and attack surface in the smart grid due to misconfigurations or the lack of security hardening. Therefore, it is important to ensure a secure and resilient operation of the smart grid by proactive identification of potential threats, impact assessment, and cost-efficient mitigation planning. This paper aims to achieve these goals through the development of an efficient security framework for the Energy Management System (EMS), a core smart grid component. In this paper, we present a framework that combines formal analytic with PowerWorld simulator which verifies the solution model to investigate the feasibility of false data injection attacks against contingency analysis in the power grid. We evaluate the impact of such attacks by running experiments using synthetic data on the standard IEEE test cases. 
    more » « less