PCA-Based Method for Detecting Integrity Attacks on Advanced Metering Infrastructure

  • Varun Badrinath Krishna
  • Gabriel A. WeaverEmail author
  • William H. Sanders
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9259)


Electric utilities are in the process of installing millions of smart meters around the world, to help improve their power delivery service. Although many of these meters come equipped with encrypted communications, they may potentially be vulnerable to cyber intrusion attempts. These attempts may be aimed at stealing electricity, or destabilizing the electricity market system. Therefore, there is a need for an additional layer of verification to detect these intrusion attempts. In this paper, we propose an anomaly detection method that uniquely combines Principal Component Analysis (PCA) and Density-Based Spatial Clustering of Applications with Noise (DBSCAN) to verify the integrity of the smart meter measurements. Anomalies are deviations from the normal electricity consumption behavior. This behavior is modeled using a large, open database of smart meter readings obtained from a real deployment. We provide quantitative arguments that describe design choices for this method and use false-data injections to quantitatively compare this method with another method described in related work.


Smart Meter Grid Anomaly Detection Principal Component Analysis Data Cyber-physical AMI PCA SVD DBSCAN Electricity Theft Energy Computer Communication Network Security 



This material is based upon work supported by the Department of Energy under Award Number DE-OE0000097. The smart meter data used in this paper is accessed via the Irish Social Science Data Archive - The providers of this data, the Commission for Energy Regulation, bear no responsibility for the further analysis or interpretation of it. We thank Shweta Ramdas, Jeremy Jones and Tim Yardley for their support.


  1. 1.
    Ankerst, M., Breunig, M.M., Kriegel, H.P., Sander, J.: OPTICS: ordering points to identify the clustering structure. ACM SIGMOD Rec. 28(2), 49–60 (1999)CrossRefGoogle Scholar
  2. 2.
  3. 3.
    Berthier, R., Sanders, W.H., Khurana, H.: Intrusion detection for advanced metering infrastructures: requirements and architectural directions. In: Proceedings of IEEE SmartGridComm 2010, pp. 350–355. IEEE (2010)Google Scholar
  4. 4.
    Brauckhoff, D., Salamatian, K., May, M.: Applying PCA for traffic anomaly detection: problems and solutions. In: Proceedings of IEEE INFOCOMM 2009 (2009)Google Scholar
  5. 5.
  6. 6.
    Cyber Intelligence Section: Smart grid electric meters altered to steal electricity, May 2010.
  7. 7.
    Ester, M., Kriegel, H.P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of KDD 1996. vol. 96, pp. 226–231 (1996)Google Scholar
  8. 8.
    HP Security Research: Cyber Risk Report 2015 (2015)Google Scholar
  9. 9.
    Jiang, R., Lu, R., Wang, L., Luo, J., Changxiang, S., Xuemin, S.: Energy-theft detection issues for advanced metering infrastructure in smart grid. Tsinghua Sci. Technol. 19(2), 105–120 (2014)CrossRefGoogle Scholar
  10. 10.
    Jung, D., Badrinath Krishna, V., Temple, W.G., Yau, D.K.: Data-driven evaluation of building demand response capacity. In: Proceedings of IEEE SmartGridComm 2014, pp. 547–553. IEEE (2014)Google Scholar
  11. 11.
    Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: Proceedings of ACM SIGCOMM 2004. ACM, New York (2004)Google Scholar
  12. 12.
    Mashima, D., Cárdenas, A.A.: Evaluating electricity theft detectors in smart grid networks. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 210–229. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  13. 13.
    McLaughlin, S., Holbert, B., Zonouz, S., Berthier, R.: AMIDS: A multi-sensor energy theft detection framework for advanced metering infrastructures. In: Proceedings of SmartGridComm 2012. pp. 354–359, November 2012Google Scholar
  14. 14.
    McLaughlin, S., Podkuiko, D., Miadzvezhanka, S., Delozier, A., McDaniel, P.: Multi-vendor penetration testing in the advanced metering infrastructure. In: Proceedings of ACSAC 2010, pp. 107–116. ACM, New York (2010)Google Scholar
  15. 15.
    Pearson, K.: LIII. on lines and planes of closest fit to systems of points in space. Philos. Mag. 2(11), 559–572 (1901). Series 6CrossRefGoogle Scholar
  16. 16.
    Rousseeuw, P.J., Croux, C.: Alternatives to the median absolute deviation. J. Am. Stat. Assoc. 88(424), 1273–1283 (1993)CrossRefMathSciNetzbMATHGoogle Scholar
  17. 17.
    Sarwar, B., Karypis, G., Konstan, J., Riedl, J.: Incremental singular value decomposition algorithms for highly scalable recommender systems. In: Fifth International Conference on Computer and Information Science. Citeseer (2002)Google Scholar
  18. 18.
    Shyu, M.L., Chen, S.C., Sarinnapakorn, K., Chang, L.: A Novel Anomaly Detection Scheme Based on Principal Component Classifier, DTIC (ADA465712) (2003)Google Scholar
  19. 19.
    Shyu, M.L., Chen, S.C., Sarinnapakorn, K., Chang, L.: Principal component-based anomaly detection scheme (2006)Google Scholar
  20. 20.
    Tan, R., Badrinath Krishna, V., Yau, D.K., Kalbarczyk, Z.: Impact of integrity attacks on real-time pricing in smart grids. In: Proceedings of ACM CCS 2013, pp. 439–450. ACM, New York (2013)Google Scholar
  21. 21.
    Vellaithurai, C., Srivastava, A., Zonouz, S., Berthier, R.: CPIndex: cyber-physical vulnerability assessment for power-grid infrastructures. IEEE Trans. Smart Grid 6(2), 566–575 (2015). doi: 10.1109/TSG.2014.2372315 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Varun Badrinath Krishna
    • 1
  • Gabriel A. Weaver
    • 1
    Email author
  • William H. Sanders
    • 1
  1. 1.Information Trust Institute, Department of Electrical and Computer EngineeringUniversity of Illinois at Urbana-ChampaignUrbanaUSA

Personalised recommendations