Statistical Security Incident Forensics against Data Falsification in Smart Grid Advanced Metering Infrastructure


Compromised smart meters reporting false power consumption data in Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid's operations. Most existing works only deal with electricity theft from customers. However, several other types of data falsification attacks are possible, when meters are compromised by organized rivals. In this paper, we first propose a taxonomy of possible data falsification strategies such as additive, deductive, camouflage and conflict, in AMI micro-grids. Then, we devise a statistical anomaly detection technique to identify the incidence of proposed attack types, by studying their impact on the observed data. Subsequently, a trust model based on Kullback-Leibler divergence is proposed to identify compromised smart meters for additive and deductive attacks. The resultant detection rates and false alarms are minimized through a robust aggregate measure that is calculated based on the detected attack type and successfully discriminating legitimate changes from malicious ones. For conflict and camouflage attacks, a generalized linear model and Weibull function based kernel trick is used over the trust score to facilitate more accurate classification. Using real data sets collected from AMI, we investigate several trade-offs that occur between attacker's revenue and costs, as well as the margin of false data and fraction of compromised nodes. Experimental results show that our model has a high true positive detection rate, while the average false alarm rate is just 8%, for most practical attack strategies, without depending on the expensive hardware based monitoring.

Meeting Name

7th ACM Conference on Data and Application Security and Privacy, CODASPY 2017 (2017: Mar. 22-24, Scottsdale, AZ)


Computer Science

Research Center/Lab(s)

Center for High Performance Computing Research


The work is partially supported by the NSF grants under award numbers CNS-1545037, CNS- 1545050 and DGE-1433659.

Keywords and Phrases

Advanced metering infrastructures; Crime; Data privacy; Economic and social effects; Electric power transmission networks; Errors; Information theory; Smart meters; Weibull distribution; Advanced metering; Data falsification; Relative entropy; Security incident; Smart grid; Statistical anomaly detection; Trust models; Smart power grids; Security incident forensics; Supervised learning

International Standard Book Number (ISBN)


Document Type

Article - Conference proceedings

Document Version


File Type





© 2017 Association for Computing Machinery (ACM), All rights reserved.

Publication Date

01 Mar 2017