Detection and Forensics against Stealthy Data Falsification in Smart Metering Infrastructure


False power consumption data injected from compromised smart meters in Advanced Metering Infrastructure (AMI) of smart grids is a threat that negatively affects both customers and utilities. In particular, organized and stealthy adversaries can launch various types of data falsification attacks from multiple meters using smart or persistent strategies. In this paper, we propose a real time, two tier attack detection scheme to detect orchestrated data falsification under a sophisticated threat model in decentralized micro-grids. The first detection tier monitors whether the Harmonic to Arithmetic Mean Ratio of aggregated daily power consumption data is outside a normal range known as safe margin. To confirm whether discrepancies in the first detection tier is indeed an attack, the second detection tier monitors the sum of the residuals (difference) between the proposed ratio metric and the safe margin over a frame of multiple days. If the sum of residuals is beyond a standard limit range, the presence of a data falsification attack is confirmed. Both the 'safe margins' and the 'standard limits' are designed through a 'system identification phase' where the signature of proposed metrics under normal conditions are studied using real AMI micro-grid data sets from two different countries over multiple years. Subsequently, we show how the proposed metrics trigger unique signatures under various attacks which aids in attack reconstruction and also limit the impact of persistent attacks. Unlike metrics such as CUSUM or EWMA, the stability of the proposed metrics under normal conditions allows successful real time detection of various stealthy attacks with ultra-low false alarms.


Computer Science

Research Center/Lab(s)

Center for High Performance Computing Research

Second Research Center/Lab

Intelligent Systems Center


The work has been supported by the following NSF grants: CNS-1818942, CNS1545037, CNS-1545050, and DGE-1433659.

Keywords and Phrases

Advanced metering infrastructures; Aggregates; Crime; Digital forensics; Electric power transmission networks; Electric power utilization; Instruments; Interactive computer systems; Measurement; Network security; Real time systems; Smart meters; Standards; Underground structures; Cyber-Physical securities; Data Falsification; False data injection; Power demands; Smart grid; Statistical anomaly detection; Smart power grids; Measurement; Meters; Real-time systems

International Standard Serial Number (ISSN)

1545-5971; 1941-0018

Document Type

Article - Journal

Document Version


File Type





© 2018 Institute of Electrical and Electronics Engineers (IEEE), All rights reserved.

Publication Date

Jan-Feb 2021