Professional Documents
Culture Documents
Saman Zonouz
I. I NTRODUCTION
The Advanced Metering Infrastructure (AMI) is changing
the way electricity is measured, consumed, and even distributed. Digital smart meters remotely report not only finegrained energy consumption data, but also logs of events indicating malfunctions, misconfigurations, and potential physical
tampering. These monitoring capabilities, coupled with largescale AMI data aggregation promise to significantly mitigate
the problem of energy theft, an especially pervasive problem
in developing countries.
However, the recent nation-wide AMI deployment effort
has had quite an opposite effect by fueling concerns about
new ways to steal power, e.g., through remote smart meter
compromise. For instance, in 2009, the FBI reported a wide
and organized energy theft attempt that may have cost up
to 400 million dollars annually to a utility following an
AMI deployment [1]. Indeed, AMI significantly increases the
attack surface that utilities have to protect by introducing new
cyber threats on physically-accessible devices [18]. Penetration
testing efforts have shown vulnerabilities in smart meters that
could lead to stealthy energy fraud. Additionally, remote meter
reading eliminates the monthly visit by technicians to record
consumptions and to visually inspect meters.
As a result, the need for an efficient monitoring solution
to detect energy theft attempts in AMI has never been more
critical. In this paper, we introduce AMIDS, an integrated
cyber-physical intrusion detection system to identify malicious
energy theft attempts. AMIDS differs from previous solutions
by evaluating multiple AMI data sources under a combination
This material is based upon work supported by the Department of Energy
under Award Number DE-OE0000097.
Robin Berthier
TABLE I
M APPING BETWEEN ATTACKS AND DETECTION TECHNIQUES
Id
Attack technique
Cyber
Ac1
Compromise meters through remote network exploit
Ac2
Modify the firmware/storage on meters
Ac3
Steal credentials to login to meters
Ac4
Exhaust CPU/memory
Ac5
Intercept/alter communications
Ac6
Flood the NAN bandwidth
Physical
A p1
Break into the meter
A p2
Reverse the meter
A p3
Disconnect the meter
A p4
Physically extract the password
A p5
Abuse optical port to gain access to meters
A p6
Bypass meters to remove loads from measurement
Effect on power measurements
Ad1
Stop reporting entire consumption
Ad2
Remove large applicances from measurement
Ad3
Cut the report by a given percentage
Ad4
Alter appliance load profile to hide large loads
Ad5
Report zero consumption
Ad6
Report negative consumption (act as a generator)
Observation
Observation
Observation
Observation
30
Daily Profiles
25
10000
5000
15
10
10
15
20
25
Appliances
1000
2000
3000
Minutes
4000
5000
0.4
1
Edge Magnitudes
20
Probability Density
Consumtion Report
15000
x 10
0.5
0
Fig. 1.
0.2
0.1
0
Fig. 2.
0.5
1
0.3
1000
2000
3000
Minutes
4000
5000
(1)
n
1
P(C) Pr(Fi |C),
Z
i=1
(2)
i=1
(3)
Supervised Anomaly Detection. The supervised technique
labels each on or off edge in the load profile according to
its appliance of origin. The algorithm then determines which
appliances a 2 A are missing from power measurements, i.e., if
the mode of theft bypassed some appliances around the meter.
The algorithm has two learning phases. First, a database of
appliance signatures is created and stored for use by a NonIntrusive Load Monitor (NILM). The NILM uses this database
to identify appliance usage in the home over time. Second,
AMIDS learns the daily usage frequencies of each individual
appliance using appliance data provided by the NILM. More
specifically, the power consumption time series are analyzed
and the (edges) E = (et0 , et1 , , etn ) corresponding to on/off
events are identified and recorded. Each edge magnitude
represents one or more appliance events. Figure 1 shows 1) a
sample power consumption time series of a single household
generated by our implementation that simulated turn on/off
10
12
Microwave Usage Frequency
14
16
18
20
(4)
Normal Day
30
20
10
10
15
20
25
Appliances
Normality Probability
0.8
0.6
0.4
0.2
0
10
15
20
25
Home Appliances
Corrupted Profile
30
20
10
10
15
20
25
Appliances
Normality Probability
0.5
0.4
0.3
0.2
0.1
0
10
15
Home Appliances
20
25
Pr[kW]
(4)
Pr[kW]
(3)
Pr[kW]
(2)
Pr[kW]
(1)
Pr[kW] (4)
Pr[kW] Pr[kW]
(4) Pr[kW]
(4)
(3)
Pr[kW]
Pr[kW]
(3) Pr[kW]
(3)
(2)
Pr[kW]
Pr[kW]
(2) Pr[kW]
(2)
(1)
Pr[kW]
Pr[kW]
(1)
(1)
f
.
. ,dnormal).
a2.,d2
2
2
|A|
B a1.,d
the reported
measurements
fless
tofabe
,dare
,d1 likely
,d1 C
1
|A|
profile matrix
Uh = B ffaa1.,d
(5)
C
.. ,d
faa22..,d
.. sidefaasmart
n
n
nA
1.NILMs
|A|
We note that thei use@
of
along
meters has
B
fa1.,d2 fa2.,d2 . fa|A|. ,d2 C
0
1
B
C
f
f
f
asaved.
raised
concerns
shown
that(5)
1.,d1 Recent
2.,d1 studies
Uhi =
|A|
perprivacy
household
hi Bisf[21].
is1n C
then
used
to
.. ,d
faaEach
.column
. faahave
,d
1.,dn
2.,dn
|A|
@
A
B faaoccupant
C
. fa[14],
f
.
.
.
NILMs
can reveal
home
behaviors
[19].
While
,d
a
,d
,d
1
2
2
2
2
calculate
the probability
mass
distribution
P
(v)
v
2N
|A|
hiC
,a j
B
Uthe
per household
hiprobability
saved.
Each
isn C
then
toc
Bisfprivacy-preserving
fathat
.column
. appliance
fa|A|.. ,d
hi =
.
we defer
the design
of
protocols
for(5)
2..,dn the
that
denotes
a j [23]
is used
used
@ a1..,dn mass
. practical
. distribution
. PhiA
calculate
the
probability
(v)
v
2
N
,a
our scheme
to
future
work,
we
mention
a
measure
to
j
times
per day in hhousehold
hi . Each
Calculation
theisaforementioned
per
isfasaved.
thenisused
iprobability
fathat
column
consumption
appliance
fa|A| ,d
,dn
,dn the
that household
denotes
the
used toc
n a j patterns.
1the
2users
mitigate
leaks
ofcompletes
most
legitimate
distribution
profiling
phase.
calculate
the in
probability
mass
distribution
Paforementioned
hi ,a j (v) v 2 N
per
day
household
hiload-based
. Calculation
the
Finetimes
grained
data
for
usage
by
detection
schemes
The
calculated
profiles
(distributions)
are
used
anomaly
per
household
hiprobability
is saved.
Eachthecolumn
is then
used to
that
denotes
the
that
appliance
afor
j is used c
distribution
completes
the
profiling
phase.classifier
can be
released
only
after
physical
or
cyber
tampering
alarms
detection
purposes
using
the
Bayesian
algorithm.
calculate
the
probability
mass
distribution
P
(v)
v2N
h
,a
times
per
day
in
household
h
.
Calculation
the
aforementioned
i j
i
The
calculated
profiles
(distributions)
are used
for anomaly
haveThe
been
raised.
objective
here
is to
mark
a given
day-long
meterc
that
denotes
the
probability
that
thephase.
appliance
asmart
j is used
distribution
completes
the
profiling
detection purposes
using ortheanomalous
Bayesian based
classifier
algorithm.
measurements
as
normal
on
the
profiles
times
per
day
in
household
h
.
Calculation
the
aforementioned
i
The
calculated
profiles
(distributions)
are
used for anomaly
Unsupervised
Anomaly
Detection.
Theday-long
unsupervised
deThe
objective
here
is to
mark
aparticular,
given
meter
for
that
particular
household.
In Bayesian
the priorsmart
class
probdistribution
completes
the profiling
phase.clusters
detection
purposes
using
the
classifier
algorithm.
tector
groups
individual
load
events
into
based
on
measurements
as
normal
or
anomalous
based
on
the
profiles
P(C) inmagnitude.
Equation
(3)
can
be
obtained
from
statistical
The
calculated
profiles
(distributions)
are used
for
anomaly
The
objective
here
is to mark
aparticular,
given
day-long
smart
meter
theirability
real-power
Thus,
appliances
with
similar
for
that
particular
household.
In
the
prior
class
probabout
energy
theft
[?],
and
the cluster.
conditional
detection
purposes
using
theanomalous
Bayesian
classifier
algorithm.
measurements
normal
orthe
based
ondistributions
the
profiles
loadreports
sizes will
in (3)
same
The
resulting
ability
P(C) be
inasplaced
Equation
can
be obtained
from
statistical
are
obtained
from
the
learned
profiles.
To
clarify,
the
features
The
objective
here
is
to
mark
a
given
day-long
smart
meter
for
that
particular
household.
In
particular,
the
prior
class
probindividual
clusters
are more
sensitive
to load
changes
than
the
reports
about
energy
theft
[?],
and
the
conditional
distributions
F
essentially
the
daily (3)
usage
frequency
of individual
home
i areFor
measurements
asEquation
normal
or
anomalous
based
on the
profiles
ability
P(C)
in
can
be
obtained
from
statistical
net load.
example,
bypassing
a
single
appliance
will
have
are
obtained
from
the
learned
profiles.
To
clarify,
the
features
appliances,
i.e.,
one
feature
per
appliance.
for
that about
particular
household.
Inand
particular,
the the
priordistributions
class probreports
energy
theft
[?],
the conditional
a noticeable
effect
on
the
containing
appliance,
Fi 2)
are Unsupervised
essentially
theAnomaly
dailycluster
usage
frequency
of individual
home
Detection:
Unlike
the
supervised
ability
P(C)
in
Equation
(3)
can
be
obtained
from
statistical
are
obtained
from
the
learned
profiles.
To
clarify,
the
features
evenappliances,
if the change
netfeature
load isper
very
small. The unsupervised
i.e.,inone
appliance.
anomaly
detection
algorithm,
the
unsupervised
detector
does
reports
about
energy
theft
[?],
and
the
conditional
distributions
Fi 2)
arealgorithm
essentiallyproceeds
theAnomaly
dailyasusage
frequency
of
individual
home
learning
follows.
Edge
detection
is first
Unsupervised
Detection:
Unlike
thethe
supervised
not
have
appliance
labels
for
events
in
the
load
profile.
Instead,
are
obtained
from
the
learned
profiles.
To
clarify,
features
oneevents
featuref1 ,per
usedappliances,
to extractdetection
ai.e.,
set of
f2the
,appliance.
. . unsupervised
. , fn (positive detector
or negative
anomaly
algorithm,
does
it
groups
different
load
by clustering
on supervised
their home
realFi 2)
are
essentially
dailyevents
usage
frequency
of individual
Unsupervised
Anomaly
Detection:
Unlike
the
edges)
from
the
loadthe
profile.
K-means
clustering
is
then
done
not
have
appliance
labels
for
events
in
the
load
profile.
Instead,
power
magnitude.
The
intuition
here
is
that
each
cluster
appliances,
i.e.,
one
feature
per
appliance.
anomaly
detection
algorithm,
thebyunsupervised
detector
based
individual
resulting on
in their
a set does
of
it on
groups
differentevent
load magnitudes,
events
clustering
realis
an
equivalency
class
of
appliances,
and
the
of
such
2)
Unsupervised
Anomaly
Detection:
Unlike
theset
supervised
not
have
appliance
labels
for
events
in
the
load
profile.
Instead,
clusters
C
with
c
=
{
f
,
f
,
...,
f
}
for
all
clusters
c
2
C
.
1
2
power magnitude.
The intuition
each
cluster
|c| here is that
classes
defines
a fingerprint
for
for
a their
particular
anomaly
detection
algorithm,
theconsumption
detector
does
it
groups
different
load
events
byunsupervised
clustering
on
realThe residence.
of
clusters
|C|
is
determined
by
maximizing
the
isnumber
an equivalency
class
of
appliances,
and
the
set
of
such
Of course,
common
energy
theft
scenarios
should
not
have
appliance
labels
for
events
in the
profile.
Instead,
power
magnitude.
The
intuition
here
isload
that
each
cluster
average
silhouette
s across
allconsumption
clusters.
classes
defines value
a fingerprint
for
for
a particular
deviate
significantly
from
this
fingerprint.
For
example,
while
it
groups
different
load
events
by
clustering
on
their
realis
an
equivalency
class
of
appliances,
and
the
set
of
such
residence. aOflarge
course,
common
energy
theft scenarios
should
bypassing
appliance
around
thea(
meter
might
not
affect
power magnitude.
The
intuition
here
isf ) that
each
cluster
1
1
b(
f
)
classes
defines
a
fingerprint
for
consumption
for
a
particular
deviate
significantly
from
this fingerprint.
For itexample,
while
s Of
= enough
(6)
the
load
to
appear
suspicious,
class
is
annetequivalency
of
appliances,
and
thewill
set cause
ofshould
sucha
residence.
course,
common
energy
theft
scenarios
|
C
|
|c|
max{b(
f
),
a(
f
)}
bypassing
a
large
appliance
around
the
meter
might
not
affect
f
2c
c2
C
noticeable
reduction
in
the
size
of
at
least
one
cluster.
classes
defines
a
fingerprint
for
consumption
for
a
particular
deviate
this fingerprint.
For itexample,
whilea
theThe
net significantly
load enoughfrom
to appear
suspicious,
will
cause
learning
algorithm
proceeds
asnot
follows.
residence.
course,
common
energy
theft
should
aOf
large
appliance
around
theleast
meter
might
affect
Here,bypassing
b( f ) unsupervised
is the
Euclidean
distance
between
f scenarios
and
all
events
noticeable
reduction
in
the
size
of
at
one
cluster.
Edge
detection
is first
to extract
a set
of itevents
(positive
deviate
significantly
this
fingerprint.
For
example,
while
theThe
net
load enough
suspicious,
will
cause
in other
clusters,
and
a(from
f used
)toisappear
the
distance
between
f and
all a
unsupervised
learning
algorithm
proceeds
as
follows.
or
negative
edges)
from
the
load
profile.
K-means
clustering
is
bypassing
a
large
appliance
around
the
meter
might
not
affect
noticeable
reduction
in
the
size
of
at
least
one
cluster.
events
in
its
own
cluster.
Given
an
optimal
clustering,
the
Edgedone
detection
ison
first
used to extract
a set of events
(positive
first
based
individual
event
magnitudes,
resulting
theand
netlower
load
enough
toeach
appear
suspicious,
it and
will
causetoina
The
unsupervised
learning
algorithm
proceeds
as
follows.
upper
bounds
on
cluster
are
found
used
negative
edges)Cfrom
thec load
K-means
clustering
is
aor
set
of clusters
with
= extract
{ of
fprofile.
f2 ,least
} events
for
all (positive
clusters
noticeable
reduction
inused
theoperation.
size
cluster.
1 , at
Edge
detection
first
to
a...,setf|c|one
of
bucket
during
normal
classification
firstevents
done
basedison
individual
event Bayesian
magnitudes,
resulting
in
The
unsupervised
learning algorithm
proceeds
as follows.
or
negative
edges)
from
K-means
clustering
is then
done
over
the Cdistribution
bucketed
data
against
theis
a 1set
ofrepresents
clusters
withthec load
= of
{offprofile.
} for
all clusters
1 , fvectors
2 , ..., fa
|c|of
[a;done
b]detection
the
concatenation
the
andevents
b. resulting
Edge
is
first
used
to
extract
a
set
(positive
first
based
on
individual
event
magnitudes,
in
clustering of the training data.
negative
edges)Cfrom
the
load
profile.
K-means
clustering
is
a example
of
clusters
with
c
=
{
f
,
f
,
...,
f
}
for
all
clusters
1set
Anor
clustering
of
three
datasets
is
shown
in
Figure
4
1
2
|c|
[a; b] represents the concatenation of the vectors a and b.
first
done
based
on
individual
event
magnitudes,
resulting
in
with four clusters formed from each dataset. The three datasets
a 1follows.
set
clusters
with line
c =shows
{ fthe
, ...,probability
f|c|
} for
clusters
1 , fvectors
2the
[a; b]ofrepresents
theCconcatenation
of
a and
b. alldensity
are as
(1) The
solid
function
(pdf)
of
events
per
day
in
each
of
four
clusters
from
1
b] represents
the concatenation
of the
a and
training[a;data.
(2) The
dashed line
is vectors
the pdf
of b.events in a
clustering of the same scenario with an HVAC system that
is 30% more efficient than the baseline. (3) The line with
0.2
0.1
0.2
0
0.1
0.2
0
0.1
0.2
0.2
50
60
70
80
10
20
30
50
60
70
80
50
60
70
80
40
40
50
50
60
60
70
70
80
80
40
50
60
70
80
50
60
70
80
40
40
50
50
60
60
70
70
80
80
40
50
60
70
80
50
60
70
80
40
40
50
50
60
60
70
70
80
80
40
50
60
70
80
40
10
20
30
40
kW (cluster 1)
10
10
20
20
30
30
10
20
30
kW
kW (cluster
(cluster 2)
1)
10
20
30
40
kW (cluster 2)
10
10
20
20
30
30
10
20
30
kW
kW (cluster
(cluster 3)
2)
kW (cluster 3)
0.2
0.4
0
0
0.1
0.2
0.2
00
0
0.1 0
0.2
0
40
kW (cluster 2)
0.4
00
00
0.2
0.4
0
30
kW (cluster 1)
0
0.1
0.5
00
00
0.4
0.5
0
20
kW (cluster 1)
0.5
0.2
0
0.5
0
10
10
20
30
40
kW (cluster 3)
10
10
20
20
30
30
10
20
30
kW
kW (cluster
(cluster 4)
3)
0.1
Fig.
4.
Unsupervised Learning of kW
Basline
(solid),
Legitimate
(dashed), and
(cluster
4)
Fig.0.21. Unsupervised Learning of Basline,
Legitimate,
and Malicious Profiles
Malicious
Profiles.
0
0
10
20
30
40
50
60
70
80
kW (cluster
4)
Fig. 1. Unsupervised Learning of Basline,
Legitimate,
and Malicious Profiles
0.1
marks
0 has the HVAC bypassing the meter. As can be seen, the
0
10
20
30
40
50
60
70
80
cFig.
2 1.C . Unsupervised
The
average
silhouette
measure
is and
used
to over
an
kW (cluster
4)differs
clustering
of the
malicious
case
significantly
from
Learning
of test
Basline,
Legitimate,
Malicious
Profiles
entire
clustering
to determine
optimal number of clusters
the
baseline
and legitimate
testthe
cases.
cFig.
2follows.
.Unsupervised
The average
silhouette
measure
is and
used
to over
an
1.Csummary,
Learning
of Basline,
Legitimate,
Malicious
Profiles
as
In
the
power-measurement
monitoring
system
entire clustering to determine the optimal number of clusters
provides
the following
observation
capabilities
to cover
attacks
cas2follows.
C . The
average
measure
isf )used
to over
an
1 silhouette
1
b(
f Table
) a(
from
threat
described
in
I:
(6)
s =models
entireour
clustering
to determine
the
optimal
number
of
clusters
max{b(
|C: |supervised
f ),is
a( fused
)} to over
cas2follows.
C . The average
silhouette
measure
an
Observation
O12
unsupervised
systems
C |c|
1 c2
1 f 2cand
b(
f ) a(
f ) anomaly
(6)
s
=
to detect
A p6 to determine
entire
clustering
the optimal number of clusters
|C |utility-side
max{b(
f ),the
a( f )}
Where
b( f ) is O
the
between
and all
Observation
checkers
Ad1
c2C |c|
131:dissimilarity
1 f 2c report
b( ffreq.
) a(
f ) eventtof detect
as follows.
other
events sin=Oother
clusters,
and
a(
f
)
is
the
dissimilarity
Observation
:
supervised
anomaly
system
to
detect
Ad2(6)
14
|C:dissimilarity
| aggregated
|c| f 2c max{b(
f ),the
a( f )}
Where
b(f f and
) is all
the
between
f andAd3
all
Observation
O15
monthly
toAdetect
c2C events
between
in
its
cluster.
silhouette
1other
1
b( fown
) changes
a(
f ) event
other
events
clusters,
and a( f system
) isGiven
theto dissimilarity
Observation
anomaly
detect
Ad4(6)
sin=Oother
16 : supervised
closer
to
1
indicates
a
better
clustering.
an
optimal
|Cother
| unsupervised
|c| f 2c in
max{b(
f ),cluster.
a(
f )}
Where
b(f f and
) is all
the
between
the
event
f and Aall
Observation
O17
:dissimilarity
anomaly
system
to silhouette
detect
c2C events
between
itsdata,
own
A
d5
clustering
of the
unlabelled
training
the
upper
and alert
lower
other
events
in
other
clusters,
and
a(
f
)
is
the
dissimilarity
Observation
O
:
utility-side
negative
consumption
to
18
closer
to
1
indicates
a
better
clustering.
Given
an
optimal
bounds
onfAf and
each
cluster
are
found
andown
used
bucket
Where
b(
)d6
is all
the
dissimilarity
between
thetoevent
f sample
and all
detect
between
other
events
in
its
cluster.
A
silhouette
clustering
of theclassification
unlabelled training
data, over
the upper
and lower
data.
is then
thedissimilarity
distribution
other Bayesian
events
in other aclusters,
and done
a( f ) isGiven
the
closer
toon1each
indicates
better
clustering.
an optimal
bounds
cluster
are
found
and used
toFtraining
bucket
sample
V.
M
ULTI
-S
OURCE
I
NFORMATION
USION
of
bucketed
data
against
the
clustering
of
the
data.
between
f
and
all
other
events
in
its
own
cluster.
A
silhouette
clustering
of theclassification
unlabelled training
data, over
the upper
and
lower
data.
Bayesian
isthree
then datasets
done
the
distribution
An
example
clustering
of
is
shown
in
Figcloser
toon
1each
indicates
a are
better
clustering.
Given
aninoptimal
Alerts
from
each
of
the
security
sensors
discussed
Section
bounds
cluster
found
and
used
to
bucket
sample
of
bucketed
data
against
the
clustering
of
the
training
data.
ure
1.
The
solid
line
represents
the
pdf
of
events
per
day
in
clustering
of
the
unlabelled
data,
the
andin
lower
IV
indicate
individual
attack
AMI.
However,
data.
classification
issteps
then against
done
the
distribution
each
ofexample
four
clusters
from
training
data. over
The
dashed
line
isas
AnBayesian
clustering
oftraining
three
datasets
isupper
shown
Figbounds
on
each
cluster
are
found
and
used
to
bucket
sample
proved
sensors
report
fairly
large
of bucketed
data line
against
the
clustering
the
training
data.
the
pdf
ofpractice,
events
inthese
arepresents
clustering
of pdf
theofof
same
scenario
with
ure
1. in
The
solid
the
events
pernumbers
day
in
data.
Bayesian
classification
isthree
thenmiss
done
over
distribution
HVAC
system
that
30%
more
efficient
than
the
baseline.
each
ofexample
four
clusters
from
data.intrusions;
The
dashed
is
An
clustering
oftraining
datasets
is the
shown
inline
Figofan
false
positives
and is
sometimes
therefore,
Finally,
the
line
marks
isbased
the
same
scenario
with
thedata.
HVAC
the
pdf
of
events
in arepresents
clustering
the
scenario
with
ure
1. The
solid
line
theof
pdf
ofsame
events
per
day
in
of bucketed
datawith
against
the clustering
of
the
training
reporting
energy
theft
solely
on
individual
alerts
will
bypassing
the
meter.
As is
can
be
seen,
the
clustering
of
the malicious
an
HVAC
system
that
30%
more
efficient
than
the
baseline.
each
ofexample
four
clusters
from
data.
The
dashed
is
An
clustering
oftraining
three
datasets
is To
shown
inline
Figresult
in
many
costly
physical
inspections.
improve
the
test
differs
from
the
baseline
and with
legitimate
test
Finally,
the
linesignificantly
with
marks
is the
same
the day
HVAC
the case
pdf
of
events
in arepresents
clustering
thescenario
scenario
with
ure
1. The
solid
line
theof
pdf
ofsame
events
per
in
overall
accuracy,
AMIDS
makes
use
of
a
novel
model-based
cases.
bypassing
the
meter.
As is
can30%
betraining
seen,
clustering
of
the baseline.
malicious
an
HVAC
system
that
morethe
efficient
than
the
each
of four
clusters
from
data.
The
dashed
line is
solution
correlate
and
provides
operators
with
contest
differs
from
theof
baseline
and with
legitimate
test
Finally,
the
line significantly
with
a marks
is the
same
the
HVAC
the case
pdf to
of
events
in alerts
clustering
thescenario
same
scenario
with
cases.
bypassing
meter.
As
can
be seen,
the
clustering
of the
the baseline.
malicious
an HVAC
system
that
is
30%
efficient
than
textual
information.
InOURCE
particular,
AMIDS
leverages
a set of
III.the
M
ULTI
-S
Imore
NFORMATION
F USIONS
test
case the
differs
from
thesame
baseline
and with
legitimate
test
Finally,
line significantly
with
marks
is the
scenario
the
HVAC
common
energy
theft
attack
paths,
i.e.,
the
different
ways
that
We present
anULTI
attack
graph-based
information
fusion
algorithm
to
cases.
bypassing
the
meter.
As
can
be seen,
the to
clustering
offalse
the
malicious
III.
M
-S OURCE
Ioccur,
NFORMATION
F USIONS
ancombine
energy
theft
attack
could
reduce
positives
evidences
about
on-going
attacks
from
multiple
sources,
i.e.,
test case differs significantly from the baseline and legitimate test
detection
algorithms.
Figure
2 shows information
a simplified fusion
attack graph
for an
We
present
anULTI
attack
graph-based
algorithm
to
due
to individual
false
alarms.
cases.
III.
M
-S
OURCE
I NFORMATION
F USIONS
AMI
smart
meter
the
end malicious
goalmultiple
being asources,
successful
combine
evidences
about
on-going
attacks from
i.e.,
AMIDS
uses
anwith
attack
graph-based
information
fusion
algoenergy
theft.
The
attack
graph
is a state-based
directed
detection
algorithms.
Figure
2 shows
a simplified
attack graph
graph which
for an
We present
an attack
graph-based
information
fusion
algorithm
to
rithm
to
combine
evidence
of
on-going
attacks
from
multiple
III.
M ULTI
-Spaths
OURCE
Imalicious
NFORMATION
F USIONS
models
various
attack
starting
from
the
initial
state
s0 and
AMI
smart
meter
with
the
end
goal
being
asources,
successful
combine
evidences
about
on-going
attacks
from
multiple
i.e.,
sources.
Figure
5attack
shows
a 2end
simplified
energy
theft attack
graph
continues
untilThe
the
malicious
achieved
(represented
by
the
energy
theft.
attack
graph
is goal
a state-based
directed
graph
which
detection
algorithms.
Figure
shows
aissimplified
attack
for
an
We present
an
graph-based
information
fusion
algorithm
to
for
a state
smart
meter.
The
attack
graph
is
a state-based
directed
goal
sg )meter
thatattack
iswith
energy
theft
in
this
case.
At
each state
time
instant,
models
various
paths
starting
from
the
initial
s0 i.e.,
and
AMI
smart
the
end
malicious
goal
being
asources,
successful
combine
evidences
about
on-going
attacks
from
multiple
the
security
state
the
smart
meter
device
(except
the goal
state)
is
continues
until
theof
malicious
achieved
(represented
by
energy
theft.
The
attack
graph
is goal
aattack
state-based
directed
graph
which
detection
algorithms.
Figure
2end
shows
aissimplified
attack
forthe
an
graph
which
models
various
paths
starting
from
the
identified
by
following
binary
subvectors:
1) the
attackers
goal
sgsmeter
) the
that
iscontinues
energy
theft
in this
case.
each
time
instant,
models
various
attack
paths
starting
from
theAt
state
s0 sand
AMI state
smart
the two
end
malicious
goal
being
a(state
successful
initial
state
until
the
goal
ofinitial
theft
0 and with
g ) is
current
privilege
meter
captures
what
the goal
attacker
can
the
security
state
of
thethe
smart
meter
device
(except
the
state)
is
continues
until
theover
malicious
end
goal
is achieved
(represented
by
the
energy
theft.
The
attack
graph
is that
a state-based
directed
graph
which
reached.
Atby
node,
thetwo
security
state
ofAt
the
meter
is
do
instate
thevarious
future
and
is paths
either
none
orcase.
the
identified
following
binary
subvectors:
1)smart
the
attackers
goal
sg each
) the
that
is energy
theft
in ?
this
each
time
instant,
models
attack
starting
from
theadministrative
initial
state
saccess
0 and
identified
by
the
following
two
binary
values.
1)the
The
attackers
M
according
totheover
configuration
ofthat
the
commercial
meters;
current
privilege
meter
captures
what
the
attacker
the
security
state
of
thethe
smart
meter
device
(except
goal
state)
is
continues
until
malicious
end
goal
isexisting
achieved
(represented
by can
the
and
the
that?
captures
thewhat
set the
of
do
the
future
is either
none
orcase.
the administrative
access
identified
by
following
two
binary
subvectors:
1)
attackers
current
privilege
in
the
meter:
this
captures
themalicious
attacker
goalin2)
state
ssecurity
thatand
isconsequences
energy
theft
in
this
At
each
time
instant,
g ) the
actions
thethe
attacker
has
already
accomplished
such
as
a modified
M
according
to over
configuration
ofthat
the
existing
meters;
current
the
meter
captures
the
attacker
can
the do
security
state
of the
smart
meter
device
(except
the
goal
state)
is
can
inprivilege
future,
and
is either
none
? what
orcommercial
the
administrator
meter
firmware
or
exhausted
CPU
on
the
meter.
and
2)
the
security
consequences
that
captures
the
set
of
malicious
do
in
the
future
and
is
either
none
?
or
the
administrative
access
identified
by
the
following
two
binary
subvectors:
1)
the
attackers
privilege
M.
2)
The
security
consequences
of
attacker
actions:
actions
the attacker
has
accomplished
suchtheas attacker
a modified
M according
to configuration
thecaptures
existingwhat
commercial
meters;
current
privilege
thealready
meterofthat
can
this
captures
theorover
set
actions
the
attacker
hassetaccomplished
meter
exhausted
CPU
on?the
and
2)firmware
thefuture
security
consequences
that
captures
the
of malicious
do in
the
and
isofeither
none
or meter.
the administrative
access
such
as athemodified
meter
firmware
or exhausted
on the
actions
attacker
has
already
such asCPU
a modified
M according
to configuration
of accomplished
the existing
commercial
meters;
meter
or exhausted
CPU that
on the
meter.the set of malicious
meter.
and 2)firmware
the security
consequences
captures
actions
the attacker
has already
such asand
a modified
As shown
in the figure,
thereaccomplished
are specific alerts
intrusion
meter firmware
or exhausted
CPU each
on themalicious
meter.
detection
methods
to identify
action needed
to proceed through the graph. Because these individual alerts
are subject to false positives, AMIDS makes use of the
| AN
Ac5
AD1
| IN
AD1
Ac2
Ac1
M | IM
AD1-5
M|
Ac4
|T
Ap4
| TCM
Ac3
M|A
Ac2
M | TCM
Ap3
Ap2
Reduced Power
Consumption Reports
Negative Consumption
AD6
M | CMAM
No (Zero) Consumption
AD1
M | CM
Ac2
Fig. 5.
AD1
AD1
|R
Ac3
AD1-5
M | TCMAM
|D
Ac4
| CM
AD1
M | TCMIM
Ac4
Ap1
Initial State
|
Ap5
Physical Consequences
T: Tampered with (e.g., broken into)
D: Meter Disconnected
R: Meter Terminal Inversion
M | CMIM
AD1-5
Attack 3 Attack 2
Attack 1
TABLE II
M ULTI - SENSOR E NERGY-T HEFT D ETECTION USING THE AMIDS F RAMEWORK
Attack Graph States ([Privilege|Consequence], as defined
M|TCM AM ?|AN
?|IN
M|?
M|IM
0
0.06
0.06
0.06
0
0
0
0
0
0
0
0
0
0
0
0.08
0
0
0
0
0
0
0
0
0
Step 7! Observation
A p5 7! O7
A p3 7! O10
Ac3 7! O3
Ac2 7! O2
Ad2 7! O14
?|?
0
0
0
0
0
?|T
0.65
0
0
0
0
?|TCM
0
0.95
0
0
0
M|TCM
0
0
1
0
0
M|TCM IM M|CM IM
0
0
0
0
0
0
0.92
0
0
0
0
0
0
0.14
0
0
0
0.14
0
0
0
0.08
0
0
0
0
0
0.04
0
0
0
0.14
0
0
0.14
0
0
0.14
0
0
0
0.07
0
A p4 7! O11
A p5 7! O7
Ac3 7! O3
0
0
0
0.08
0
0
0
0.08
0
0
0
0.13
0
0
0
0
0
0.38
0
0
0
0.08
0
0
0.08
0
0
0.08
0
0
0
0.04
0
A p3 7! O10
Ac2 7! O2
Ad2 7! O14
TABLE III
E MPIRICAL D ETECTION R ESULTS FOR S EVERAL ATTACK S TEPS
Mal-Login (Ac3 )
Meter Breakin (A p1 )
Meter Disconnect (A p3 )
Appliance Bypass (A p6 )
Legit-Replace
Legit-Season
Legit-Occupant
Mal-Reduction (Ad3 )
Data Modification
Detection
Cyber IDSs
Physical IDSs
Supervised
Unsupervised
AMIDS (HMM)
Physical
Cyber
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
in Figure
M|A
0
0
0
0
0
5)
?|D
0.06
0
0
0
0
?|R
0.06
0
0
0
0
?|CM
0.06
0
0
0
0
M|CM
0
0.01
0
0
0
M|CM AM
0
0
0
0
0
Goal state
0
0.03
0
0
1
0
0.07
0
0.14
0
0
0.14
0
0
0.14
0
0
0
0.14
0
0
0
0.04
0
0.57
0.85
0
0.04
0
0.08
0
0
0.08
0
0
0.5
0
0
0
0.5
0
0
0
0.38
0
0.33
0.13