Detection and Forensics against Stealthy Data Falsification in Smart Metering Infrastructure

False power consumption data injected from compromised smart meters in Advanced Metering Infrastructure (AMI) of smart grids is a threat that negatively affects both customers and utilities. In particular, organized and stealthy adversaries can launch various types of data falsification attacks from...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on dependable and secure computing Vol. 18; no. 1; pp. 356 - 371
Main Authors Bhattacharjee, Shameek, Das, Sajal K.
Format Journal Article
LanguageEnglish
Published Washington IEEE 01.01.2021
IEEE Computer Society
Subjects
Advanced metering infrastructure
Aggregates
cyber-physical security
data falsification
Distributed generation
Electric utilities
False alarms
false data injection
Measurement
Meters
Monitors
Power consumption
Power demand
Real time
Real-time systems
Smart grid
Smart meters
Statistical anomaly detection
System identification
Online AccessGet full text

Cover

More Information
Summary:False power consumption data injected from compromised smart meters in Advanced Metering Infrastructure (AMI) of smart grids is a threat that negatively affects both customers and utilities. In particular, organized and stealthy adversaries can launch various types of data falsification attacks from multiple meters using smart or persistent strategies. In this paper, we propose a real time, two tier attack detection scheme to detect orchestrated data falsification under a sophisticated threat model in decentralized micro-grids. The first detection tier monitors whether the Harmonic to Arithmetic Mean Ratio of aggregated daily power consumption data is outside a normal range known as safe margin . To confirm whether discrepancies in the first detection tier is indeed an attack, the second detection tier monitors the sum of the residuals (difference) between the proposed ratio metric and the safe margin over a frame of multiple days. If the sum of residuals is beyond a standard limit range, the presence of a data falsification attack is confirmed. Both the 'safe margins' and the 'standard limits' are designed through a 'system identification phase', where the signature of proposed metrics under normal conditions are studied using real AMI micro-grid data sets from two different countries over multiple years. Subsequently, we show how the proposed metrics trigger unique signatures under various attacks which aids in attack reconstruction and also limit the impact of persistent attacks. Unlike metrics such as CUSUM or EWMA, the stability of the proposed metrics under normal conditions allows successful real time detection of various stealthy attacks with ultra-low false alarms.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2018.2889729