Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

An Adversarial Approach to Evaluating the Robustness of Event Identification Models

Obai Bahwal, Oliver Kosut, Lalitha Sankar

TL;DR

This work tackles the robustness of PMU-based event identification against adversarial perturbations in power systems with DERs. It uses physics-based modal decomposition to generate interpretable features fed to logistic regression and gradient boosting classifiers to distinguish generation loss and load loss, and evaluates resilience under white-box and gray-box adversarial attacks on a synthetic South Carolina 500-bus system. Results show that the simpler logistic regression model is more susceptible to adversarial manipulation than gradient boosting, especially under white-box conditions, highlighting the need for attack-aware and robust detection strategies in real-time grid monitoring. The findings inform design choices for secure, interpretable event identification in DER-rich grids and motivate future defense-oriented research.

Abstract

Intelligent machine learning approaches are finding active use for event detection and identification that allow real-time situational awareness. Yet, such machine learning algorithms have been shown to be susceptible to adversarial attacks on the incoming telemetry data. This paper considers a physics-based modal decomposition method to extract features for event classification and focuses on interpretable classifiers including logistic regression and gradient boosting to distinguish two types of events: load loss and generation loss. The resulting classifiers are then tested against an adversarial algorithm to evaluate their robustness. The adversarial attack is tested in two settings: the white box setting, wherein the attacker knows exactly the classification model; and the gray box setting, wherein the attacker has access to historical data from the same network as was used to train the classifier, but does not know the classification model. Thorough experiments on the synthetic South Carolina 500-bus system highlight that a relatively simpler model such as logistic regression is more susceptible to adversarial attacks than gradient boosting.

An Adversarial Approach to Evaluating the Robustness of Event Identification Models

TL;DR

This work tackles the robustness of PMU-based event identification against adversarial perturbations in power systems with DERs. It uses physics-based modal decomposition to generate interpretable features fed to logistic regression and gradient boosting classifiers to distinguish generation loss and load loss, and evaluates resilience under white-box and gray-box adversarial attacks on a synthetic South Carolina 500-bus system. Results show that the simpler logistic regression model is more susceptible to adversarial manipulation than gradient boosting, especially under white-box conditions, highlighting the need for attack-aware and robust detection strategies in real-time grid monitoring. The findings inform design choices for secure, interpretable event identification in DER-rich grids and motivate future defense-oriented research.

Abstract

Intelligent machine learning approaches are finding active use for event detection and identification that allow real-time situational awareness. Yet, such machine learning algorithms have been shown to be susceptible to adversarial attacks on the incoming telemetry data. This paper considers a physics-based modal decomposition method to extract features for event classification and focuses on interpretable classifiers including logistic regression and gradient boosting to distinguish two types of events: load loss and generation loss. The resulting classifiers are then tested against an adversarial algorithm to evaluate their robustness. The adversarial attack is tested in two settings: the white box setting, wherein the attacker knows exactly the classification model; and the gray box setting, wherein the attacker has access to historical data from the same network as was used to train the classifier, but does not know the classification model. Thorough experiments on the synthetic South Carolina 500-bus system highlight that a relatively simpler model such as logistic regression is more susceptible to adversarial attacks than gradient boosting.
Paper Structure (12 sections, 9 equations, 4 figures, 1 algorithm)

This paper contains 12 sections, 9 equations, 4 figures, 1 algorithm.

Table of Contents

  1. Introduction
  2. Setup
  3. Event Identification Framework
  4. Classification Models
  5. Threat Models
  6. Targeted Adversarial Example Generation
  7. Designing $\tau$
  8. Numerical Results
  9. Dataset
  10. Evaluation of Base Cases
  11. Generation and Evaluation of Adversarial Examples
  12. Conclusion

Figures (4)

  • Figure 1: Attack algorithm using perturbation vector $\tau$ on subset of targeted PMUs $\mathcal{S}_{M^\text{atk}}$ to generate adversarial PMU data $x^{\text{atk}}$. The function $g$ is a signal energy boosting function, $h$ is a modal decomposition conversion function to extract features, $f$ is the classifier, and $\mathcal{A}$ is the feasible set of feature values.
  • Figure 2: Base case (untampered) performance of LR and GB classification models evaluated on the testing set.
  • Figure 3: AUC scores as a function of the number of tampered PMUs for white (blue curve) and gray (red curve) box attacks for the logistic regression (LR) classifier.
  • Figure 4: AUC scores as a function of the number of tampered PMUs for white (red curve) and gray (blue curve) box attacks for the gradient boosting (GB) classifier.