Anomaly-based Framework for Detecting Power Overloading Cyberattacks in Smart Grid AMI
Abdelaziz Amara Korba, Nouredine Tamani, Yacine Ghamri-Doudane, Nour El Islem karabadji
TL;DR
The paper tackles power overloading cyberattacks in smart grid AMI by introducing CPADF, a two-level anomaly-detection framework that models normal consumption patterns at both the neighborhood and household levels using regression decision trees. By comparing observed consumption to these reference patterns, CPADF detects deviations regardless of attacker strategy, enabling early intervention. Evaluations on a real-world Irish dataset with 500 customers show high detection rates and low false alarms, along with favorable training time and memory usage, and robust performance against simulated attack types. The work demonstrates the practical value of neighborhood-scale pattern learning for resilient AMI security and lays groundwork for broader attack coverage and advanced modeling in the future.
Abstract
The Advanced Metering Infrastructure (AMI) is one of the key components of the smart grid. It provides interactive services for managing billing and electricity consumption, but it also introduces new vectors for cyberattacks. Although, the devastating and severe impact of power overloading cyberattacks on smart grid AMI, few researches in the literature have addressed them. In the present paper, we propose a two-level anomaly detection framework based on regression decision trees. The introduced detection approach leverages the regularity and predictability of energy consumption to build reference consumption patterns for the whole neighborhood and each household within it. Using a reference consumption pattern enables detecting power overloading cyberattacks regardless of the attacker's strategy as they cause a drastic change in the consumption pattern. The continuous two-level monitoring of energy consumption load allows efficient and early detection of cyberattacks. We carried out an extensive experiment on a real-world publicly available energy consumption dataset of 500 customers in Ireland. We extracted, from the raw data, the relevant attributes for training the energy consumption patterns. The evaluation shows that our approach achieves a high detection rate, a low false alarm rate, and superior performances compared to existing solutions.