Spurious power consumption data reported from compromised meters controlled by organized adversaries in the Advanced Metering Infrastructure (AMI) may have drastic consequences on a smart grid’s operations. While existing research on data falsification in smart grids mostly defends against isolated electricity theft, we introduce a taxonomy of various data falsification attack types, when smart meters are compromised by organized or strategic rivals. To counter these attacks, we first propose a coarse-grained and a fine-grained anomaly-based security event detection technique that uses indicators such as deviation and directional change in the time series of the proposed anomaly detection metrics to indicate: (i) occurrence, (ii) type of attack, and (iii) attack strategy used, collectively known as attack context . Leveraging the attack context information, we propose three attack response metrics to the inferred attack context: (a) an unbiased mean indicating a robust location parameter; (b) a median absolute deviation indicating a robust scale parameter; and (c) an attack probability time ratio metric indicating the active time horizon of attacks. Subsequently, we propose a trust scoring model based on Kullback-Leibler (KL) divergence, that embeds the appropriate unbiased mean, the median absolute deviation, and the attack probability ratio metric at runtime to produce trust scores for each smart meter. These trust scores help classify compromised smart meters from the non-compromised ones. The embedding of the attack context, into the trust scoring model, facilitates accurate and rapid classification of compromised meters, even under large fractions of compromised meters, generalize across various attack strategies and margins of false data. Using real datasets collected from two different AMIs, experimental results show that our proposed framework has a high true positive detection rate, while the average false alarm and missed detection rates are much lesser than 10% for most attack combinations for two different real AMI micro-grid datasets. Finally, we also establish fundamental theoretical limits of the proposed method, which will help assess the applicability of our method to other domains.

中文翻译：

---

智能计量基础设施中的攻击上下文嵌入式数据驱动信任诊断

由高级计量基础设施 (AMI) 中有组织的对手控制的受损仪表报告的虚假功耗数据可能会对智能电网的运营产生严重影响。虽然现有的智能电网数据篡改研究主要针对孤立的电力盗窃，但当智能电表受到有组织或战略竞争对手的入侵时，我们引入了各种数据篡改攻击类型的分类。为了应对这些攻击，我们首先提出了一个粗粒度和细粒度的基于异常的安全事件检测技术它使用所提议的异常检测指标的时间序列中的偏差和方向变化等指标来指示：(i) 发生情况，(ii) 攻击类型，以及 (iii) 使用的攻击策略，统称为攻击上下文. 利用攻击上下文信息，我们提出了三个攻击响应指标对于推断的攻击上下文：（a）表示稳健位置参数的无偏均值；(b) 中值绝对偏差表明稳健的尺度参数；(c) 攻击概率时间比率度量，指示攻击的活动时间范围。随后，我们提出了一个基于信任评分模型库尔贝克-莱布勒 (KL)散度，在运行时嵌入适当的无偏均值、中值绝对偏差和攻击概率比指标，以生成每个智能电表的信任分数。这些信任分数有助于将受损的智能电表与未受损的智能电表区分开来。将攻击上下文嵌入到信任评分模型中，有助于对受损仪表进行准确和快速的分类，即使在大部分受损仪表下，也可以概括各种攻击策略和虚假数据的边缘。使用从两个不同 AMI 收集的真实数据集，实验结果表明，我们提出的框架具有较高的真阳性检测率，而对于两种不同的真实 AMI 微-的大多数攻击组合，平均误报和漏检率远低于 10%网格数据集。最后，