AMIDS: A Multi-Sensor Energy Theft Detection

Framework for Advanced Metering Infrastructures

Stephen McLaughlin and Brett Holbert
Computer Science and Engineering
Pennsylvania State University
{smclaugh, bdh5027}@cse.psu.edu

Saman Zonouz

Electrical and Computer Engineering

University of Miami
s.zonouz@miami.edu

AbstractThe advanced metering infrastructure (AMI) is a

crucial component of the smart grid, replacing traditional analog
devices with computerized smart meters. Smart meters have not
only allowed for efficient management of many end-users, but
also have made AMI an attractive target for remote exploits and
local physical tampering with the end goal of stealing energy.
While smart meters posses multiple sensors and data sources
that can indicate energy theft, in practice, the individual methods
exhibit many false positives. In this paper, we present AMIDS, an
AMI intrusion detection system that uses information fusion to
combine the sensors and consumption data from a smart meter
to more accurately detect energy theft. AMIDS combines meter
audit logs of physical and cyber events with consumption data
to more accurately model and detect theft-related behavior. Our
experimental results on normal and anomalous load profiles show
that AMIDS can identify energy theft efforts with high accuracy.
Furthermore, AMIDS correctly identified legitimate load profile
changes that more elementary analyses classified as malicious.

I. I NTRODUCTION
The Advanced Metering Infrastructure (AMI) is changing
the way electricity is measured, consumed, and even distributed. Digital smart meters remotely report not only finegrained energy consumption data, but also logs of events indicating malfunctions, misconfigurations, and potential physical
tampering. These monitoring capabilities, coupled with largescale AMI data aggregation promise to significantly mitigate
the problem of energy theft, an especially pervasive problem
in developing countries.
However, the recent nation-wide AMI deployment effort
has had quite an opposite effect by fueling concerns about
new ways to steal power, e.g., through remote smart meter
compromise. For instance, in 2009, the FBI reported a wide
and organized energy theft attempt that may have cost up
to 400 million dollars annually to a utility following an
AMI deployment [1]. Indeed, AMI significantly increases the
attack surface that utilities have to protect by introducing new
cyber threats on physically-accessible devices [18]. Penetration
testing efforts have shown vulnerabilities in smart meters that
could lead to stealthy energy fraud. Additionally, remote meter
reading eliminates the monthly visit by technicians to record
consumptions and to visually inspect meters.
As a result, the need for an efficient monitoring solution
to detect energy theft attempts in AMI has never been more
critical. In this paper, we introduce AMIDS, an integrated
cyber-physical intrusion detection system to identify malicious
energy theft attempts. AMIDS differs from previous solutions
by evaluating multiple AMI data sources under a combination
This material is based upon work supported by the Department of Energy
under Award Number DE-OE0000097.

Robin Berthier

Information Trust Institute

University of Illinois
rgb@illinois.edu

of techniques to detect theft-related behavior while reducing

false positives. In particular, AMIDS uses an attack graph
based information fusion technique to conceptually combine
collected evidences from three types of AMI-specific information sources: 1) cyber-side network- and host-based intrusion
detection systems; 2) on-meter anti-tampering sensors; and 3)
power measurement-based anomalous consumption detectors
through nonintrusive load monitoring (NILM). The main contributions of this paper are as follows:
We present an information fusion solution which makes
use of an AMI-specific attack graph to identify energy
theft attempts with minimum number of false positives.
We leverage data mining techniques to identify energy
theft through nonintrusive load monitoring. We designed
two algorithms: a supervised approach that can identify
individual appliance consumption and an unsupervised
approach that learns by clustering load events.
We build a realistic household load simulator that we used
to evaluate the different individual detection techniques
and the information fusion solution through the injection
of realistic energy theft attacks.
II. R ELATED W ORK
Several solutions to energy theft have been proposed recently [9]. A popular approach has been to apply supportvector machine (SVM) to energy consumption profiles [8],
[20]. This approach consists of training an SVM from a
historical dataset and then testing the SVM on a different
dataset to find anomalies in the customer energy consumption.
[8] reports an accuracy of 98.4% based on a training set of
440 instances and a testing set of 220 customers. The same
authors extended their approach in [10] to leverage a hybrid
neural-network model and encoding technique in order to
automatically set the many parameters required by the model.
A different approach is shown in [4]. Here, the focus is
on identifying problematic metering installations, e.g., due to
malfunction or energy theft, through a central observer meter
in each neighborhood. Neighborhood energy use is compared
with individual customer loads using a model of N linearly
independent equations. This model is solved using matrix
inversion and recursive statistical methods, i.e., least squares.
This approach is limited by its reliance on linear independence
of equations and zero resistance of power lines.
A radically different approach is taken in [7] by using
a harmonic generator to actively deteriorate appliances of
customers who steal energy. Sensors monitor consumption
values, identify suspicious non-technical losses, disconnect
genuine customers, operate the harmonic generator for few
seconds, and reconnect everyone. An important limitation of

TABLE I
M APPING BETWEEN ATTACKS AND DETECTION TECHNIQUES
Id
Attack technique
Cyber
Ac1
Compromise meters through remote network exploit
Ac2
Modify the firmware/storage on meters
Ac3
Steal credentials to login to meters
Ac4
Exhaust CPU/memory
Ac5
Intercept/alter communications
Ac6
Flood the NAN bandwidth
Physical
A p1
Break into the meter
A p2
Reverse the meter
A p3
Disconnect the meter
A p4
Physically extract the password
A p5
Abuse optical port to gain access to meters
A p6
Bypass meters to remove loads from measurement
Effect on power measurements
Ad1
Stop reporting entire consumption
Ad2
Remove large applicances from measurement
Ad3
Cut the report by a given percentage
Ad4
Alter appliance load profile to hide large loads
Ad5
Report zero consumption
Ad6
Report negative consumption (act as a generator)

this solution is that if on-meter harmonic sensors fail, damage

to genuine customers could make the cost of false positives
prohibitively high.
III. T HREAT M ODEL
There are a variety of known techniques for energy theft
that we assume an adversary may attempt against an AMIDSequipped AMI deployment. At the level of customer homes,
the most common techniques involve either tapping an external
source such as a neighbor or distribution feeder, or meter
tampering to inhibit proper recording of consumption. The
latter may be done by applying magnets to interfere with
instruments such as electromechanical rotors or solid state
current transformers, or by reversing or disconnecting meters
from their sockets. At the grid level, energy thieves usually
bypass meters by wiring power hungry appliances directly to
the grid, or connecting their entire electric system to a feeder
with a pirate transformer.
Addressing such physical tampering-related issues has been
one of the benefits of AMI. Indeed, smart meters can detect
and report certain tampering attempts, and solid-state metering
mitigates some attack techniques targeting electromechanical
meters. But, the addition of network communication and smart
devices to the grid has also brought new attack vectors. For
example, it is trivial for a customer to jam meter wireless
communications to suppress physical tampering alarms. Cyber
attack techniques against AMI have been recently studied
[16], [17] and include interrupting measurements, gaining
privileged access to the meter firmware, tampering with the
meter storage, and intercepting the meter communications to
block or alter consumption values being reported.
To summarize, we classify energy theft techniques into
three categories: 1) physical attacks, 2) cyber attacks, and
3) data attacks having an impact on power measurements.
Note that attacks in the third categories are made possible
through attacks from the first and second categories. The
different attacks are detailed in Table I. The table is used in
the following sections as a guide to ensure a comprehensive
coverage of the threats from the described detection solutions.
Moreover, we draw from these attack techniques to simulate
attack scenarios in order to evaluate AMIDS.
IV. I NDIVIDUAL E NERGY T HEFT D ETECTION
M ECHANISMS
A. Physical Tampering Detection Solutions
Smart meters are already equipped with sensors to collect
and log potential physical tampering events such as removal of
the meter cover and physical bumping of the meter. However,
a problem with some such alerts is the high rate of false
positives. For example, a heavy truck passing near a meter
can trigger the tilt alert [15]. Thus, we include such tamper
detection sensors in our solution to detect physical attacks, but
false positive are reduced by combining tampering alerts with
additional data sources covered in the following two sections.
From our threat models described in Table I, meter tamper
alerts provide the following observations:

Observation
Observation
Observation
Observation

O8 : anti-tampering alert to detect A p1

O9 : reverse rotation alert to detect A p2
O10 : disconnect alert to detect A p3
O11 : anti-tampering alert to detect A p4

B. Cyber Intrusion Detection Systems

To address the challenge of detecting cyber attacks introduced by AMI, AMIDS leverages two complementary intrusion detection systems that can be implemented and deployed
via firmware upgrade: 1) a remote cumulative attestation
kernel (CAK) in meters [13], and 2) a specification-based network intrusion detection systems deployed on access points or
dedicated sensors in the local neighborhood area network [5].
A CAK is a lightweight solution for embedded systems such
as meters, which records an unbroken sequence of application
firmware upgrades. This audit log can be remotely queried by
a verifier to detect firmware tampering, e.g., due to remote exploitation. The specification-based network intrusion detection
system monitors traffic among meters and access points across
layers to ensure that devices are running in a secure state and
their operations respect a specified security policy. It does this
by constraining communications made using the ANSI C12.22
standard protocol, thus guaranteeing that all policy violations
will be detected. The soundness of these constraints can be
formally verified.
Our cyber intrusion detection system provides the following observation capabilities to cover attacks from our threat
models described in Table I:

Observation O1 : spec.-based network monitoring to detect Ac1

Observation O2 : remote firmware attestation to detect Ac2
Observation O3 : spec.-based monitoring and meter authentication logs to detect Ac3
Observation O4 : spec.-based monitoring and meter responsiveness to detect Ac4
Observation O5 : spec.-based monitoring to detect Ac5
Observation O6 : spec.-based monitoring to detect Ac6
Observation O7 : remote firmware attestation to detect A p5

C. Power Measurement-based Anomaly Detection

The third class of observations to detect theft-related behavior leverages the fine-grained load profile data available from
smart meters. In particular, individual load profile events are
analyzed to identify appliances being turned on and off. The
results are used to create a usage profile for each household.
These profiles will be used later to detect changes in household energy consumption patterns. In particular, we introduce

30

Daily Profiles

25

10000

5000

15
10

10

15

20

25

Appliances

1000

2000

3000
Minutes

4000

5000

0.4

1
Edge Magnitudes

20

Probability Density

Consumtion Report

15000

x 10

0.5
0

Fig. 1.

0.2
0.1
0

Fig. 2.

0.5
1

0.3

1000

2000

3000
Minutes

4000

5000

A Sample 4-Day Load Profile and Identified Edges

two power measurement-based detection solutions based on

supervised and unsupervised machine learning techniques. The
algorithms are based on Naive Bayes learning that employs
the method of maximum likelihood and is known to be one
of the most effective and efficient classification algorithms in
complex real-world situations.
We review the Naive Bayes algorithm briefly, and then
discuss our two load-based energy theft detection solutions.
Formally, the probability model for a classifier is a conditional
model Pr(C|F1 , F2 , , Fn ) over a dependent class variable C
that takes on a binary value, 0 (legitimate power consumer)
and 1 (anomalous power measurements). Fi represents the i-th
feature. Using a Bayes theorem,
Pr(C|F1 , F2 , , Fn ) =

Pr(C) Pr(F1 , F2 , , Fn |C)

P(F1 , F2 , , Fn )

(1)

n
1
P(C) Pr(Fi |C),
Z
i=1

(2)

can be derived, and given the independence assumption,

Pr(C|F1 , F2 , , Fn ) =

where Z is a constant scaling factor representing the evidence.

Given the above probability model, the Bayesian classifier
combines this model with a decision rule. In particular, the
hypothesis with the maximum a posteriori is picked:
n

C( f1 , f2 , , fn ) = arg max P(C = c) P(Fi = fi |C = c).

c2{0,1}

i=1

(3)
Supervised Anomaly Detection. The supervised technique
labels each on or off edge in the load profile according to
its appliance of origin. The algorithm then determines which
appliances a 2 A are missing from power measurements, i.e., if
the mode of theft bypassed some appliances around the meter.
The algorithm has two learning phases. First, a database of
appliance signatures is created and stored for use by a NonIntrusive Load Monitor (NILM). The NILM uses this database
to identify appliance usage in the home over time. Second,
AMIDS learns the daily usage frequencies of each individual
appliance using appliance data provided by the NILM. More
specifically, the power consumption time series are analyzed
and the (edges) E = (et0 , et1 , , etn ) corresponding to on/off
events are identified and recorded. Each edge magnitude
represents one or more appliance events. Figure 1 shows 1) a
sample power consumption time series of a single household
generated by our implementation that simulated turn on/off

10
12
Microwave Usage Frequency

14

16

18

20

Learned Normal Appliance Usage Profiles

incidents of 25 different home appliances, and 2) the identified

edges within the same trace. The NILM works by solving the
following binary integer programming problem to determine
which devices contributed to a given edge.
min BT x
s.t. Qx eti + d
Qx eti + d
x 0

(4)

where B = [1, 1, , 1]2|A|1 ; Q = [Q p ; Q p ] , in which Q p

is an |A|-dimensional vector of power appliance consumption
profiles, and [a; b] represents the concatenation of the vectors
a and b. This integer programming problem is solved to
get the 2 |A|-dimensional binary vector x, where an element
represents whether its corresponding appliance contributed to
the edge eti . Here, d is a small threshold value to account for
measurement noise. The objective of the optimization is to
minimize number of incidents per edge. This is a reasonable
assumption as many near-simultaneous appliance events are
unlikely [12].
Once the set of appliances contribution to each edge is
identified, AMIDS learns based on the daily frequency of each
appliance fa . Thus, over an n-day learning phase, a usage
profile matrix
0
1
fa1 ,d1 fa2 ,d1 fa|A| ,d1
B fa1 ,d2 fa2 ,d2 fa|A| ,d2 C
B
C
Uhi = B .
(5)
..
.. C
..
@ ..
.
.
. A
fa1 ,dn fa2 ,dn fa|A| ,dn

per household hi is saved. Each column is then used to

calculate the probability mass distribution Phi ,a j (v) v 2 Z that
appliance a j is used v times per day in household hi . This
completes the profiling phase. Figure 3 shows our implementation results: 1) home appliance usage frequency reports of a
single household over 20 days (each line represents a single
day); and 2) the empirical probability mass distribution of the
microwave usage frequency per day.
The calculated profiles (distributions) are used for anomaly
detection purposes with the Bayesian classifier. The objective
is to mark a given day-long smart meter measurements as
normal or anomalous based on that households profile. In
particular, the prior class probability P(C) in Equation (3)
can be obtained from existing energy theft data [2], and
the conditional distributions are obtained from the learned
profiles. Here, a features Fi is the daily usage frequency of
appliance i. Figure 3 shows our evaluation results for the
supervised detection of anomalous power measurements. In

Normal Day

30

20

10

10

15

20

25

Appliances

Normality Probability

0.8
0.6
0.4
0.2
0

10

15

20

25

Home Appliances

Corrupted Profile

30

20

10

10

15

20

25

Appliances

Normality Probability

0.5
0.4
0.3
0.2
0.1
0

10

15

Home Appliances

20

25

Pr[kW]
(4)
Pr[kW]
(3)
Pr[kW]
(2)
Pr[kW]
(1)
Pr[kW] (4)
Pr[kW] Pr[kW]
(4) Pr[kW]
(4)
(3)
Pr[kW]
Pr[kW]
(3) Pr[kW]
(3)
(2)
Pr[kW]
Pr[kW]
(2) Pr[kW]
(2)
(1)
Pr[kW]
Pr[kW]
(1)
(1)

where B = [1, 1, , 1]2|A|1 ; Q = [Q p ; Q p ]1 , in which Q p

is an |A|-dimensional vector that represent power
consumpwhereprofiles
B = [1,of1, individual
, 1]2|A|1home
; Q = appliances.
[Q p ; Q p ]1 , Consequently,
in which Q p
tion
is anabove
|A|-dimensional
vector thatisrepresent
consumpthe
solved
topower
2 |A|1 get
where
B =integer
[1,of1, individual
programming
, 1]2|A|1home
; Q = appliances.
[Q
in the
which
Qp
p ; Q p ] , Consequently,
tion profiles
dimensional
binary
vector
x,
in
which
each
element
represents
is
an
|A|-dimensional
vector
that
represent
power
consumpthe above
integer programming
is solved to 1 get
theedge
2 |A|whether
has
where
B a=particular
[1,of1, individual
, appliance
1]2|A|1home
; Q
= contributed
[Q p ; Q p ] ,to
inthe
which Qetpi
tion
profiles
appliances.
Consequently,
dimensional
binary
vector
x,isina which
each element
represents
through
on/off
incidents.
d
comparatively
small
threshold
is anabove
|A|-dimensional
vector thatisrepresent
consumpthe
integer programming
solved topower
get
the
2 |A|whether
appliance
has contributed
to the
edge
eti
value
thata particular
accounts
for
thex,possible
measurement
noise.
The
tion
profiles
of individual
home
appliances.
Consequently,
dimensional
binary
vector
in
which
each
element
represents
through
on/off
incidents.
d
is
a
comparatively
small
threshold
objective
the optimization
ishas
tois contributed
minimize
of2 incithe
aboveaofparticular
integer
programming
solved tonumber
get
theedge
|A|whether
appliance
to the
et
value
that edge.
accounts
for
possible
measurement
noise. The
dents
per
Thisvector
is the
adreasonable
assumption
because
thei
dimensional
binary
x,isina which
each element
represents
through
on/off
incidents.
comparatively
small
threshold
objective
of
the
optimization
is
to
minimize
number
of
inciprobability
that manyfor
appliances
turned on/off
simultanewhether
particular
appliance
hasgetcontributed
to the
edgeThe
e
value
thata edge.
accounts
possible
measurement
noise.
dents per
ThisFurthermore,
is the
a reasonable
assumption
because
theti
ously
is
very
low.
according
to
our
empirical
through
on/off
incidents.
d
is
a
comparatively
small
threshold
objective ofthat
the many
optimization
is togetminimize
number
of inciprobability
appliances
turnedusually
on/off
simultaneobservations,
lack
minimization
resultsThe
in
value per
that edge.
accounts
for
the
possible
measurement
noise.
dents
Thisof
issuch
a reasonable
assumption
because
the
ously
is
very
low.
Furthermore,
according
to
our
empirical
many
possible
large
appliance
combinations
for
a
given
edge
objective
of
the
optimization
is
to
minimize
number
of
inciprobability
thatlack
many
get turnedusually
on/off simultaneobservations,
of appliances
such minimization
results in
magnitude.
dents
edge.low.
ThisFurthermore,
is a reasonable
assumption
because
the
ously per
is very
according
to
empirical
many
possible
large
appliance
combinations
forour
a given
edge
Once
the
set
of
appliances
contribution
to
each
edge
is
probability thatlack
many
appliances
get turnedusually
on/off simultaneobservations,
of
such
minimization
results
in
magnitude.AMIDS creates a daily basis profile of each houseidentified,
ously
is
very
low.
Furthermore,
according
to
our
empirical
many
possible
appliance combinations
for
a given
edge
Once
the setlarge
of number
appliances
contribution
to each
edge
hold
and
times
each appliance
used in
fisa
observations,
lackDay
ofProfile
such of
minimization
usually is
results
Fig.
3. calculates
Normal
and
Classification
Probability
magnitude.
identified,
AMIDS
creates
a
daily
basis
profile
of
each
houseduring
individual
days.
Over
an
n-day
learning
phase,
a
usage
many
possible
appliance combinations
for
a given
edge
Once
the
setlarge
of number
appliances
contribution
to each
hold
and
calculates
of times
each aappliance
is edge
used
particular,
the
first
and
second
graphs
show
normal
trace
forfisa
profile
matrix
magnitude.
identified,
AMIDS
creates
a
daily
basis
profile
of
each
houseduring
individualover
days.a Over
an n-day
learning 1
phase, a usage
a single
household
day and
the posterior
Once
the
set of0number
appliances
contribution
to distribution
eachis edge
hold
and
calculates
of
used fisa
fa1 ,dAs
fa2times
each
thefappliance
,d1 in
athird
profile
matrix
1
for individual
appliances.
shown
|A| ,d1 and fourth
identified,
AMIDSdays.
creates
a
daily
basis
profile
of
each
houseduring
individual
Over
an
n-day
learning
phase,
a
usage
B
C
0 fa1 ,d2 fa2 ,dtrace
1significant
leads
fa|A|to
,d2 a
graphs,
aand
corrupted
measurement
2
B
fa1 ,d1 of
fa2times
fappliance
hold
calculates
number
is used(5)
f
,d1 each
a|A| ,d1 C
profile
matrix
U
=
B
C
hi
.. distribution
..
..(indicating that a
.values
reduction
the posterior
.
duringinindividual
days.
Over
an
n-day
learning
phase,
a
usage
@
A
B
C
0
1
f
f

f
.
. ,dnormal).
a2.,d2
2
2
|A|
B a1.,d
the reported
measurements
fless
tofabe
,dare
,d1 likely
,d1 C
1
|A|
profile matrix
Uh = B ffaa1.,d
(5)
C
.. ,d
faa22..,d
.. sidefaasmart
n
n
nA
1.NILMs
|A|
We note that thei use@
of
along
meters has
B
fa1.,d2 fa2.,d2 . fa|A|. ,d2 C
0
1
B
C
f
f

f
asaved.
raised
concerns
shown
that(5)
1.,d1 Recent
2.,d1 studies
Uhi =
|A|
perprivacy
household
hi Bisf[21].
is1n C
then
used
to
.. ,d
faaEach
.column
. faahave
,d
1.,dn
2.,dn
|A|
@
A
B faaoccupant
C
. fa[14],
f

.
.
.
NILMs
can reveal
home
behaviors
[19].
While
,d
a
,d
,d
1
2
2
2
2
calculate
the probability
mass
distribution
P
(v)
v
2N
|A|
hiC
,a j
B
Uthe
per household
hiprobability
saved.
Each
isn C
then
toc
Bisfprivacy-preserving
fathat
.column
. appliance
fa|A|.. ,d
hi =
.
we defer
the design
of
protocols
for(5)
2..,dn the
that
denotes
a j [23]
is used
used
@ a1..,dn mass
. practical
. distribution
. PhiA
calculate
the
probability
(v)
v
2
N
,a
our scheme
to
future
work,
we
mention
a
measure
to
j
times
per day in hhousehold
hi . Each
Calculation
theisaforementioned
per
isfasaved.
thenisused
iprobability
fathat
column
consumption
appliance
fa|A| ,d
,dn
,dn the
that household
denotes
the
used toc
n a j patterns.
1the
2users
mitigate
leaks
ofcompletes
most
legitimate
distribution
profiling
phase.
calculate
the in
probability
mass
distribution
Paforementioned
hi ,a j (v) v 2 N
per
day
household
hiload-based
. Calculation
the
Finetimes
grained
data
for
usage
by
detection
schemes
The
calculated
profiles
(distributions)
are
used
anomaly
per
household
hiprobability
is saved.
Eachthecolumn
is then
used to
that
denotes
the
that
appliance
afor
j is used c
distribution
completes
the
profiling
phase.classifier
can be
released
only
after
physical
or
cyber
tampering
alarms
detection
purposes
using
the
Bayesian
algorithm.
calculate
the
probability
mass
distribution
P
(v)
v2N
h
,a
times
per
day
in
household
h
.
Calculation
the
aforementioned
i j
i
The
calculated
profiles
(distributions)
are used
for anomaly
haveThe
been
raised.
objective
here
is to
mark
a given
day-long
meterc
that
denotes
the
probability
that
thephase.
appliance
asmart
j is used
distribution
completes
the
profiling
detection purposes
using ortheanomalous
Bayesian based
classifier
algorithm.
measurements
as
normal
on
the
profiles
times
per
day
in
household
h
.
Calculation
the
aforementioned
i
The
calculated
profiles
(distributions)
are
used for anomaly
Unsupervised
Anomaly
Detection.
Theday-long
unsupervised
deThe
objective
here
is to
mark
aparticular,
given
meter
for
that
particular
household.
In Bayesian
the priorsmart
class
probdistribution
completes
the profiling
phase.clusters
detection
purposes
using
the
classifier
algorithm.
tector
groups
individual
load
events
into
based
on
measurements
as
normal
or
anomalous
based
on
the
profiles
P(C) inmagnitude.
Equation
(3)
can
be
obtained
from
statistical
The
calculated
profiles
(distributions)
are used
for
anomaly
The
objective
here
is to mark
aparticular,
given
day-long
smart
meter
theirability
real-power
Thus,
appliances
with
similar
for
that
particular
household.
In
the
prior
class
probabout
energy
theft
[?],
and
the cluster.
conditional
detection
purposes
using
theanomalous
Bayesian
classifier
algorithm.
measurements
normal
orthe
based
ondistributions
the
profiles
loadreports
sizes will
in (3)
same
The
resulting
ability
P(C) be
inasplaced
Equation
can
be obtained
from
statistical
are
obtained
from
the
learned
profiles.
To
clarify,
the
features
The
objective
here
is
to
mark
a
given
day-long
smart
meter
for
that
particular
household.
In
particular,
the
prior
class
probindividual
clusters
are more
sensitive
to load
changes
than
the
reports
about
energy
theft
[?],
and
the
conditional
distributions
F
essentially
the
daily (3)
usage
frequency
of individual
home
i areFor
measurements
asEquation
normal
or
anomalous
based
on the
profiles
ability
P(C)
in
can
be
obtained
from
statistical
net load.
example,
bypassing
a
single
appliance
will
have
are
obtained
from
the
learned
profiles.
To
clarify,
the
features
appliances,
i.e.,
one
feature
per
appliance.
for
that about
particular
household.
Inand
particular,
the the
priordistributions
class probreports
energy
theft
[?],
the conditional
a noticeable
effect
on
the
containing
appliance,
Fi 2)
are Unsupervised
essentially
theAnomaly
dailycluster
usage
frequency
of individual
home
Detection:
Unlike
the
supervised
ability
P(C)
in
Equation
(3)
can
be
obtained
from
statistical
are
obtained
from
the
learned
profiles.
To
clarify,
the
features
evenappliances,
if the change
netfeature
load isper
very
small. The unsupervised
i.e.,inone
appliance.
anomaly
detection
algorithm,
the
unsupervised
detector
does
reports
about
energy
theft
[?],
and
the
conditional
distributions
Fi 2)
arealgorithm
essentiallyproceeds
theAnomaly
dailyasusage
frequency
of
individual
home
learning
follows.
Edge
detection
is first
Unsupervised
Detection:
Unlike
thethe
supervised
not
have
appliance
labels
for
events
in
the
load
profile.
Instead,
are
obtained
from
the
learned
profiles.
To
clarify,
features
oneevents
featuref1 ,per
usedappliances,
to extractdetection
ai.e.,
set of
f2the
,appliance.
. . unsupervised
. , fn (positive detector
or negative
anomaly
algorithm,
does
it
groups
different
load
by clustering
on supervised
their home
realFi 2)
are
essentially
dailyevents
usage
frequency
of individual
Unsupervised
Anomaly
Detection:
Unlike
the
edges)
from
the
loadthe
profile.
K-means
clustering
is
then
done
not
have
appliance
labels
for
events
in
the
load
profile.
Instead,
power
magnitude.
The
intuition
here
is
that
each
cluster
appliances,
i.e.,
one
feature
per
appliance.
anomaly
detection
algorithm,
thebyunsupervised
detector
based
individual
resulting on
in their
a set does
of
it on
groups
differentevent
load magnitudes,
events
clustering
realis
an
equivalency
class
of
appliances,
and
the
of
such
2)
Unsupervised
Anomaly
Detection:
Unlike
theset
supervised
not
have
appliance
labels
for
events
in
the
load
profile.
Instead,
clusters
C
with
c
=
{
f
,
f
,
...,
f
}
for
all
clusters
c
2
C
.
1
2
power magnitude.
The intuition
each
cluster
|c| here is that
classes
defines
a fingerprint
for
for
a their
particular
anomaly
detection
algorithm,
theconsumption
detector
does
it
groups
different
load
events
byunsupervised
clustering
on
realThe residence.
of
clusters
|C|
is
determined
by
maximizing
the
isnumber
an equivalency
class
of
appliances,
and
the
set
of
such
Of course,
common
energy
theft
scenarios
should
not
have
appliance
labels
for
events
in the
profile.
Instead,
power
magnitude.
The
intuition
here
isload
that
each
cluster
average
silhouette
s across
allconsumption
clusters.
classes
defines value
a fingerprint
for
for
a particular
deviate
significantly
from
this
fingerprint.
For
example,
while
it
groups
different
load
events
by
clustering
on
their
realis
an
equivalency
class
of
appliances,
and
the
set
of
such
residence. aOflarge
course,
common
energy
theft scenarios
should
bypassing
appliance
around
thea(
meter
might
not
affect
power magnitude.
The
intuition
here
isf ) that
each
cluster
1
1
b(
f
)
classes
defines
a
fingerprint
for
consumption
for
a
particular
deviate
significantly
from
this fingerprint.
For itexample,
while
s Of
= enough
(6)
the
load
to
appear
suspicious,
class
is
annetequivalency
of
appliances,
and
thewill
set cause
ofshould
sucha
residence.
course,
common
energy
theft
scenarios
|
C
|
|c|
max{b(
f
),
a(
f
)}
bypassing
a
large
appliance
around
the
meter
might
not
affect
f
2c
c2
C
noticeable
reduction
in
the
size
of
at
least
one
cluster.
classes
defines
a
fingerprint
for
consumption
for
a
particular
deviate
this fingerprint.
For itexample,
whilea
theThe
net significantly
load enoughfrom
to appear
suspicious,
will
cause
learning
algorithm
proceeds
asnot
follows.
residence.
course,
common
energy
theft
should
aOf
large
appliance
around
theleast
meter
might
affect
Here,bypassing
b( f ) unsupervised
is the
Euclidean
distance
between
f scenarios
and
all
events
noticeable
reduction
in
the
size
of
at
one
cluster.
Edge
detection
is first
to extract
a set
of itevents
(positive
deviate
significantly
this
fingerprint.
For
example,
while
theThe
net
load enough
suspicious,
will
cause
in other
clusters,
and
a(from
f used
)toisappear
the
distance
between
f and
all a
unsupervised
learning
algorithm
proceeds
as
follows.
or
negative
edges)
from
the
load
profile.
K-means
clustering
is
bypassing
a
large
appliance
around
the
meter
might
not
affect
noticeable
reduction
in
the
size
of
at
least
one
cluster.
events
in
its
own
cluster.
Given
an
optimal
clustering,
the
Edgedone
detection
ison
first
used to extract
a set of events
(positive
first
based
individual
event
magnitudes,
resulting
theand
netlower
load
enough
toeach
appear
suspicious,
it and
will
causetoina
The
unsupervised
learning
algorithm
proceeds
as
follows.
upper
bounds
on
cluster
are
found
used
negative
edges)Cfrom
thec load
K-means
clustering
is
aor
set
of clusters
with
= extract
{ of
fprofile.
f2 ,least
} events
for
all (positive
clusters
noticeable
reduction
inused
theoperation.
size
cluster.
1 , at
Edge
detection
first
to
a...,setf|c|one
of
bucket
during
normal
classification
firstevents
done
basedison
individual
event Bayesian
magnitudes,
resulting
in
The
unsupervised
learning algorithm
proceeds
as follows.
or
negative
edges)
from
K-means
clustering
is then
done
over
the Cdistribution
bucketed
data
against
theis
a 1set
ofrepresents
clusters
withthec load
= of
{offprofile.
} for
all clusters
1 , fvectors
2 , ..., fa
|c|of
[a;done
b]detection
the
concatenation
the
andevents
b. resulting
Edge
is
first
used
to
extract
a
set
(positive
first
based
on
individual
event
magnitudes,
in
clustering of the training data.
negative
edges)Cfrom
the
load
profile.
K-means
clustering
is
a example
of
clusters
with
c
=
{
f
,
f
,
...,
f
}
for
all
clusters
1set
Anor
clustering
of
three
datasets
is
shown
in
Figure
4
1
2
|c|
[a; b] represents the concatenation of the vectors a and b.
first
done
based
on
individual
event
magnitudes,
resulting
in
with four clusters formed from each dataset. The three datasets
a 1follows.
set
clusters
with line
c =shows
{ fthe
, ...,probability
f|c|
} for
clusters
1 , fvectors
2the
[a; b]ofrepresents
theCconcatenation
of
a and
b. alldensity
are as
(1) The
solid
function
(pdf)
of
events
per
day
in
each
of
four
clusters
from
1
b] represents
the concatenation
of the
a and
training[a;data.
(2) The
dashed line
is vectors
the pdf
of b.events in a
clustering of the same scenario with an HVAC system that
is 30% more efficient than the baseline. (3) The line with

0.2
0.1
0.2
0
0.1

0.2
0
0.1

0.2

0.2

50

60

70

80

10

20

30

50

60

70

80

50

60

70

80

40
40

50
50

60
60

70
70

80
80

40

50

60

70

80

50

60

70

80

40
40

50
50

60
60

70
70

80
80

40

50

60

70

80

50

60

70

80

40
40

50
50

60
60

70
70

80
80

40

50

60

70

80

40

10

20

30

40

kW (cluster 1)
10
10

20
20

30
30

10

20

30

kW
kW (cluster
(cluster 2)
1)

10

20

30

40

kW (cluster 2)
10
10

20
20

30
30

10

20

30

kW
kW (cluster
(cluster 3)
2)
kW (cluster 3)

0.2
0.4
0

0
0.1
0.2
0.2
00
0
0.1 0
0.2
0

40

kW (cluster 2)

0.4
00
00
0.2
0.4
0

30

kW (cluster 1)

0
0.1
0.5
00
00

0.4
0.5
0

20

kW (cluster 1)

0.5
0.2
0

0.5
0

10

10

20

30

40

kW (cluster 3)
10
10

20
20

30
30

10

20

30

kW
kW (cluster
(cluster 4)
3)

0.1
Fig.
4.
Unsupervised Learning of kW
Basline
(solid),
Legitimate
(dashed), and
(cluster
4)
Fig.0.21. Unsupervised Learning of Basline,
Legitimate,
and Malicious Profiles
Malicious
Profiles.
0
0
10
20
30
40
50
60
70
80

kW (cluster
4)
Fig. 1. Unsupervised Learning of Basline,
Legitimate,
and Malicious Profiles
0.1

marks
0 has the HVAC bypassing the meter. As can be seen, the
0
10
20
30
40
50
60
70
80
cFig.
2 1.C . Unsupervised
The
average
silhouette
measure
is and
used
to over
an
kW (cluster
4)differs
clustering
of the
malicious
case
significantly
from
Learning
of test
Basline,
Legitimate,
Malicious
Profiles
entire
clustering
to determine
optimal number of clusters
the
baseline
and legitimate
testthe
cases.
cFig.
2follows.
.Unsupervised
The average
silhouette
measure
is and
used
to over
an
1.Csummary,
Learning
of Basline,
Legitimate,
Malicious
Profiles
as
In
the
power-measurement
monitoring
system
entire clustering to determine the optimal number of clusters
provides
the following
observation
capabilities
to cover
attacks
cas2follows.
C . The
average
measure
isf )used
to over
an
1 silhouette
1
b(
f Table
) a(
from
threat
described
in
I:
(6)
s =models
entireour
clustering
to determine
the
optimal
number
of
clusters

max{b(
|C: |supervised
f ),is
a( fused
)} to over
cas2follows.
C . The average
silhouette
measure
an
Observation
O12
unsupervised
systems
C |c|
1 c2
1 f 2cand
b(
f ) a(
f ) anomaly
(6)
s
=
to detect
A p6 to determine
entire
clustering
the optimal number of clusters

|C |utility-side
max{b(
f ),the
a( f )}
Where
b( f ) is O
the
between
and all
Observation
checkers
Ad1
c2C |c|
131:dissimilarity
1 f 2c report
b( ffreq.
) a(
f ) eventtof detect
as follows.
other
events sin=Oother
clusters,
and
a(
f
)
is
the
dissimilarity
Observation
:
supervised
anomaly
system
to
detect
Ad2(6)

14
|C:dissimilarity
| aggregated
|c| f 2c max{b(
f ),the
a( f )}
Where
b(f f and
) is all
the
between
f andAd3
all
Observation
O15
monthly
toAdetect
c2C events
between
in
its
cluster.
silhouette
1other
1
b( fown
) changes
a(
f ) event
other
events
clusters,
and a( f system
) isGiven
theto dissimilarity
Observation
anomaly
detect
Ad4(6)
sin=Oother
16 : supervised

closer
to
1
indicates
a
better
clustering.
an
optimal
|Cother
| unsupervised
|c| f 2c in
max{b(
f ),cluster.
a(
f )}
Where
b(f f and
) is all
the
between
the
event
f and Aall
Observation
O17
:dissimilarity
anomaly
system
to silhouette
detect
c2C events
between
itsdata,
own
A
d5
clustering
of the
unlabelled
training
the
upper
and alert
lower
other
events
in
other
clusters,
and
a(
f
)
is
the
dissimilarity

Observation
O
:
utility-side
negative
consumption
to
18
closer
to
1
indicates
a
better
clustering.
Given
an
optimal
bounds
onfAf and
each
cluster
are
found
andown
used
bucket
Where
b(
)d6
is all
the
dissimilarity
between
thetoevent
f sample
and all
detect
between
other
events
in
its
cluster.
A
silhouette
clustering
of theclassification
unlabelled training
data, over
the upper
and lower
data.
is then
thedissimilarity
distribution
other Bayesian
events
in other aclusters,
and done
a( f ) isGiven
the
closer
toon1each
indicates
better
clustering.
an optimal
bounds
cluster
are
found
and used
toFtraining
bucket
sample
V.
M
ULTI
-S
OURCE
I
NFORMATION
USION
of
bucketed
data
against
the
clustering
of
the
data.
between
f
and
all
other
events
in
its
own
cluster.
A
silhouette
clustering
of theclassification
unlabelled training
data, over
the upper
and
lower
data.
Bayesian
isthree
then datasets
done
the
distribution
An
example
clustering
of
is
shown
in
Figcloser
toon
1each
indicates
a are
better
clustering.
Given
aninoptimal
Alerts
from
each
of
the
security
sensors
discussed
Section
bounds
cluster
found
and
used
to
bucket
sample
of
bucketed
data
against
the
clustering
of
the
training
data.
ure
1.
The
solid
line
represents
the
pdf
of
events
per
day
in
clustering
of
the
unlabelled
data,
the
andin
lower
IV
indicate
individual
attack
AMI.
However,
data.
classification
issteps
then against
done
the
distribution
each
ofexample
four
clusters
from
training
data. over
The
dashed
line
isas
AnBayesian
clustering
oftraining
three
datasets
isupper
shown
Figbounds
on
each
cluster
are
found
and
used
to
bucket
sample
proved
sensors
report
fairly
large
of bucketed
data line
against
the
clustering
the
training
data.
the
pdf
ofpractice,
events
inthese
arepresents
clustering
of pdf
theofof
same
scenario
with
ure
1. in
The
solid
the
events
pernumbers
day
in
data.
Bayesian
classification
isthree
thenmiss
done
over
distribution
HVAC
system
that
30%
more
efficient
than
the
baseline.
each
ofexample
four
clusters
from
data.intrusions;
The
dashed
is
An
clustering
oftraining
datasets
is the
shown
inline
Figofan
false
positives
and is
sometimes
therefore,
Finally,
the
line
marks
isbased
the
same
scenario
with
thedata.
HVAC
the
pdf
of
events
in arepresents
clustering
the
scenario
with
ure
1. The
solid
line
theof
pdf
ofsame
events
per
day
in
of bucketed
datawith
against
the clustering
of
the
training
reporting
energy
theft
solely
on
individual
alerts
will
bypassing
the
meter.
As is
can
be
seen,
the
clustering
of
the malicious
an
HVAC
system
that
30%
more
efficient
than
the
baseline.
each
ofexample
four
clusters
from
data.
The
dashed
is
An
clustering
oftraining
three
datasets
is To
shown
inline
Figresult
in
many
costly
physical
inspections.
improve
the
test
differs
from
the
baseline
and with
legitimate
test
Finally,
the
linesignificantly
with
marks
is the
same
the day
HVAC
the case
pdf
of
events
in arepresents
clustering
thescenario
scenario
with
ure
1. The
solid
line
theof
pdf
ofsame
events
per
in
overall
accuracy,
AMIDS
makes
use
of
a
novel
model-based
cases.
bypassing
the
meter.
As is
can30%
betraining
seen,
clustering
of
the baseline.
malicious
an
HVAC
system
that
morethe
efficient
than
the
each
of four
clusters
from
data.
The
dashed
line is
solution
correlate
and
provides
operators
with
contest
differs
from
theof
baseline
and with
legitimate
test
Finally,
the
line significantly
with
a marks
is the
same
the
HVAC
the case
pdf to
of
events
in alerts
clustering
thescenario
same
scenario
with
cases.
bypassing
meter.
As
can
be seen,
the
clustering
of the
the baseline.
malicious
an HVAC
system
that
is
30%
efficient
than
textual
information.
InOURCE
particular,
AMIDS
leverages
a set of
III.the
M
ULTI
-S
Imore
NFORMATION
F USIONS
test
case the
differs
from
thesame
baseline
and with
legitimate
test
Finally,
line significantly
with
marks
is the
scenario
the
HVAC
common
energy
theft
attack
paths,
i.e.,
the
different
ways
that
We present
anULTI
attack
graph-based
information
fusion
algorithm
to
cases.
bypassing
the
meter.
As
can
be seen,
the to
clustering
offalse
the
malicious
III.
M
-S OURCE
Ioccur,
NFORMATION
F USIONS
ancombine
energy
theft
attack
could
reduce
positives
evidences
about
on-going
attacks
from
multiple
sources,
i.e.,
test case differs significantly from the baseline and legitimate test
detection
algorithms.
Figure
2 shows information
a simplified fusion
attack graph
for an
We
present
anULTI
attack
graph-based
algorithm
to
due
to individual
false
alarms.
cases.
III.
M
-S
OURCE
I NFORMATION
F USIONS
AMI
smart
meter
the
end malicious
goalmultiple
being asources,
successful
combine
evidences
about
on-going
attacks from
i.e.,
AMIDS
uses
anwith
attack
graph-based
information
fusion
algoenergy
theft.
The
attack
graph
is a state-based
directed
detection
algorithms.
Figure
2 shows
a simplified
attack graph
graph which
for an
We present
an attack
graph-based
information
fusion
algorithm
to
rithm
to
combine
evidence
of
on-going
attacks
from
multiple
III.
M ULTI
-Spaths
OURCE
Imalicious
NFORMATION
F USIONS
models
various
attack
starting
from
the
initial
state
s0 and
AMI
smart
meter
with
the
end
goal
being
asources,
successful
combine
evidences
about
on-going
attacks
from
multiple
i.e.,
sources.
Figure
5attack
shows
a 2end
simplified
energy
theft attack
graph
continues
untilThe
the
malicious
achieved
(represented
by
the
energy
theft.
attack
graph
is goal
a state-based
directed
graph
which
detection
algorithms.
Figure
shows
aissimplified
attack
for
an
We present
an
graph-based
information
fusion
algorithm
to
for
a state
smart
meter.
The
attack
graph
is
a state-based
directed
goal
sg )meter
thatattack
iswith
energy
theft
in
this
case.
At
each state
time
instant,
models
various
paths
starting
from
the
initial
s0 i.e.,
and
AMI
smart
the
end
malicious
goal
being
asources,
successful
combine
evidences
about
on-going
attacks
from
multiple
the
security
state
the
smart
meter
device
(except
the goal
state)
is
continues
until
theof
malicious
achieved
(represented
by
energy
theft.
The
attack
graph
is goal
aattack
state-based
directed
graph
which
detection
algorithms.
Figure
2end
shows
aissimplified
attack
forthe
an
graph
which
models
various
paths
starting
from
the
identified
by
following
binary
subvectors:
1) the
attackers
goal
sgsmeter
) the
that
iscontinues
energy
theft
in this
case.
each
time
instant,
models
various
attack
paths
starting
from
theAt
state
s0 sand
AMI state
smart
the two
end
malicious
goal
being
a(state
successful
initial
state
until
the
goal
ofinitial
theft
0 and with
g ) is
current
privilege
meter
captures
what
the goal
attacker
can
the
security
state
of
thethe
smart
meter
device
(except
the
state)
is
continues
until
theover
malicious
end
goal
is achieved
(represented
by
the
energy
theft.
The
attack
graph
is that
a state-based
directed
graph
which
reached.
Atby
node,
thetwo
security
state
ofAt
the
meter
is
do
instate
thevarious
future
and
is paths
either
none
orcase.
the
identified
following
binary
subvectors:
1)smart
the
attackers
goal
sg each
) the
that
is energy
theft
in ?
this
each
time
instant,
models
attack
starting
from
theadministrative
initial
state
saccess
0 and
identified
by
the
following
two
binary
values.
1)the
The
attackers
M
according
totheover
configuration
ofthat
the
commercial
meters;
current
privilege
meter
captures
what
the
attacker
the
security
state
of
thethe
smart
meter
device
(except
goal
state)
is
continues
until
malicious
end
goal
isexisting
achieved
(represented
by can
the
and
the
that?
captures
thewhat
set the
of
do
the
future
is either
none
orcase.
the administrative
access
identified
by
following
two
binary
subvectors:
1)
attackers
current
privilege
in
the
meter:
this
captures
themalicious
attacker
goalin2)
state
ssecurity
thatand
isconsequences
energy
theft
in
this
At
each
time
instant,
g ) the
actions
thethe
attacker
has
already
accomplished
such
as
a modified
M
according
to over
configuration
ofthat
the
existing
meters;
current
the
meter
captures
the
attacker
can
the do
security
state
of the
smart
meter
device
(except
the
goal
state)
is
can
inprivilege
future,
and
is either
none
? what
orcommercial
the
administrator
meter
firmware
or
exhausted
CPU
on
the
meter.
and
2)
the
security
consequences
that
captures
the
set
of
malicious
do
in
the
future
and
is
either
none
?
or
the
administrative
access
identified
by
the
following
two
binary
subvectors:
1)
the
attackers
privilege
M.
2)
The
security
consequences
of
attacker
actions:
actions
the attacker
has
accomplished
suchtheas attacker
a modified
M according
to configuration
thecaptures
existingwhat
commercial
meters;
current
privilege
thealready
meterofthat
can
this
captures
theorover
set
actions
the
attacker
hassetaccomplished
meter
exhausted
CPU
on?the
and
2)firmware
thefuture
security
consequences
that
captures
the
of malicious
do in
the
and
isofeither
none
or meter.
the administrative
access
such
as athemodified
meter
firmware
or exhausted
on the
actions
attacker
has
already
such asCPU
a modified
M according
to configuration
of accomplished
the existing
commercial
meters;
meter
or exhausted
CPU that
on the
meter.the set of malicious
meter.
and 2)firmware
the security
consequences
captures
actions
the attacker
has already
such asand
a modified
As shown
in the figure,
thereaccomplished
are specific alerts
intrusion
meter firmware
or exhausted
CPU each
on themalicious
meter.
detection
methods
to identify
action needed
to proceed through the graph. Because these individual alerts
are subject to false positives, AMIDS makes use of the

Attack Graphs State Notion [Privileges | Consequences]

Attackers Privileges
Cyber Consequences
: No Access/Control on the Meter
CM/CN: Meter/End2End Confidentiality
M: Administrative Access on the Meter
IM/IN: Firmware/Network Integrity
AM/AN: Meter/Network Availability
Ac6

| AN

Ac5

AD1

| IN

AD1
Ac2

Ac1

M | IM

AD1-5

M|
Ac4
|T

Ap4

| TCM

Ac3

M|A

Ac2
M | TCM

Ap3
Ap2

Reduced Power
Consumption Reports
Negative Consumption

AD6
M | CMAM

No (Zero) Consumption

AD1

M | CM
Ac2

Fig. 5.

AD1

AD1

|R
Ac3

Goal State (Energy Theft)

AD1-5

M | TCMAM

|D

Ac4
| CM

AD1

M | TCMIM
Ac4

Ap1
Initial State
|

Ap5

Physical Consequences
T: Tampered with (e.g., broken into)
D: Meter Disconnected
R: Meter Terminal Inversion

M | CMIM

AD1-5

A Simplified Cyber-Physical Attack Graph for AMI

attack graph to detect energy theft efforts by correlating alert

sequences denoting a complete energy theft attack, i.e., a path
from s0 to sg .
To perform information fusion online, AMIDS considers the
attack graph as a hidden Markov model (HMM) [22] and the
alerts triggered by different detection techniques as observables oi 2 O. Formally, AMIDS considers each attack path
as a discrete-time hidden Markov process, i.e., event sequence
Y = (y0 , y1 , , yn 1 ) of arbitrary lengths. yi = (si , oi ), where si
is an HMM state at the ith step of the attack and is unobserved,
and the observation oi is the set of triggered intrusion detection
alerts at that step. AMIDSs main responsibility is to compute
Pr(st | o0:t ), that is, the probability distribution over hidden
states at each time instant, given the HMM model and the past
IDS alerts o0:t = (o0 , , ot ). In particular, AMIDS makes use
of the forward-backward smoothing algorithm [22], which, in
the first pass, calculates the probability of ending up in any
particular HMM state given the first k alerts in the sequence
Pr(sk | o0:k ). In the second pass, the algorithm computes a
set of backward probabilities that provide the probability of
receiving the remaining observations given any starting point
k, i.e., Pr(ok+1:t | sk ). The two probability distributions can
then be combined to obtain the distribution over states at any
specific point in time given the entire observation sequence:
Pr(st | o0:t ) = Pr(sk | o1:k , ok+1:t ) Pr(ok+1:t | sk )Pr(sk | o1:k ),
(7)
where the last step follows from an application of Bayess
rule and the conditional independence of ok+1:t and o1:k
given sk . Having solved the HMMs smoothing problem for
Pr(st | o0:t ), AMIDS probabilistically knows about the current
state. Consequently, AMIDS picks the state with highest
probability using the Most Likely State (MLS) technique [6]
s = arg maxs Pr(st | o0:t ) and triggers the energy theft alert if
s = sg .
VI. E XPERIMENTAL E VALUATIONS
A. Load Profile Datasets
1) Baseline: We generate realistic load profiles based on
simulated residents and their electric device usage. Each
scenario is assigned a device profile consisting of a set of
appliances, electronic devices, lighting, and other household
items drawing power. Profiles are then created for individual
occupant types, e.g., that cook, do other chores or are nocturnal. These occupant types can be combined to simulate the
usage patterns of common household arrangements.
Each device consists of a usage profile with the devices
power consumption as obtained from common device vendor
websites. Each user profile then contains the times of day,

number of uses, and durations of uses of each device. The

time of day and duration fields each have a time granularity
of one minute, giving us minute level load profiles. Previous
work has shown that refrigerators loads follow roughly a 70
minute cycle and power is only drawn for half of that duration
[3]. The simulated refrigerators are assigned a cycle between
60 and 70 minutes to introduce some variation into the model.
Power usage for the water heater is generated as a simplified
version of the model used in [11]. Heat loss due to hot water
use for showering, miscellaneous hot water usage, and ambient
temperature difference is considered to decrease the water
temperature at a constant rate. This results in only negligible
variations in the power usage compared to the previous model.
The HVAC system is simulated using a pre-calculated load
curve for a given temperate pattern. The compressor is then
simulated to approximately meet the load curve.
2) Legitimate Changes: Two modifications are made to
the baseline load profiles: legitimate, and malicious. In the
legitimate load, the traces are perturbed to reflect legitimate
deviations from the baseline. Ideally, AMIDS will not raise any
alerts for legitimate traces. Those traces are: (Legit-Replace)
the replacement of a large appliance with a version 30% more
efficient, (Legit-Season) reduced usage of heating or cooling
appliances due to seasonal changes, and (Legit-Occupant)
modified use of all appliances due to occupancy change.
3) Malicious Changes: In the malicious scenarios, the
traces are perturbed to reflect load changes caused by common
energy theft scenarios. Ideally, AMIDS will raise an alert for
each malicious trace. The three malicious cases are: (MalBypass) the bypassing of a large appliance, e.g., HVAC, around
the meter, (Mal-Disconnect) periodic disconnection of the
meter resulting in zero usage, and (Mal-Reduction) a constant
reduction in measured power, e.g., due to magnets or meter
hacking.
We will evaluate accuracy of the individual proposed detection solutions and the integrated AMIDS approach on various
normal (baseline) and anomalous usage profiles.
B. Integrated Intrusion Detection
We implemented the proposed HMM-based solution for the
integrated energy theft detection, and evaluated its overall
detection capability in dealing with sensor inaccuracies. In
particular, AMIDS was tested against three complete and
incomplete energy theft attack attempts (see Table II). The
first attack was a 5-step energy theft attack which was reported
by the intrusion detection sensors accurately (each step was
reported by the corresponding sensor). Each row in Table II
shows the posterior distribution over the attack graphs state
space. As expected, AMIDS can detect the energy theft attempt
accurately, i.e., P(sg |observations) = 1. During the second
attack scenario (identical steps), some alerts were not triggered
by the sensors, and hence AMIDS had to infer the steps based
on the attack graph structure. As shown in the table, after the
last step, AMIDS reports the energy theft attempt with 85%
confidence. The last incomplete attack scenario which actually
does not result in the goal state is not reported as a successful
energy theft attempt with 87% confidence.
C. Accuracy
We now evaluate the accuracy of AMIDS under a number
of attacks on a load profile for a single occupant apartment.
We are particularly interested in the accuracy gains that can be

Attack 3 Attack 2

Attack 1

TABLE II
M ULTI - SENSOR E NERGY-T HEFT D ETECTION USING THE AMIDS F RAMEWORK
Attack Graph States ([Privilege|Consequence], as defined
M|TCM AM ?|AN
?|IN
M|?
M|IM
0
0.06
0.06
0.06
0
0
0
0
0
0
0
0
0
0
0
0.08
0
0
0
0
0
0
0
0
0

Step 7! Observation
A p5 7! O7
A p3 7! O10
Ac3 7! O3
Ac2 7! O2
Ad2 7! O14

?|?
0
0
0
0
0

?|T
0.65
0
0
0
0

?|TCM
0
0.95
0
0
0

M|TCM
0
0
1
0
0

M|TCM IM M|CM IM
0
0
0
0
0
0
0.92
0
0
0

0
0
0

0.14
0
0

0
0.14
0

0
0
0.08

0
0
0

0
0
0.04

0
0
0

0.14
0
0

0.14
0
0

0.14
0
0

0
0.07
0

A p4 7! O11
A p5 7! O7
Ac3 7! O3

0
0
0

0.08
0
0

0
0.08
0

0
0
0.13

0
0
0

0
0
0.38

0
0
0

0.08
0
0

0.08
0
0

0.08
0
0

0
0.04
0

A p3 7! O10
Ac2 7! O2
Ad2 7! O14

TABLE III
E MPIRICAL D ETECTION R ESULTS FOR S EVERAL ATTACK S TEPS

Mal-Login (Ac3 )

Meter Breakin (A p1 )

Meter Disconnect (A p3 )

Appliance Bypass (A p6 )

Legit-Replace

Legit-Season

Legit-Occupant

Mal-Reduction (Ad3 )

Data Modification

Intercept Comm. (Ac5 )

Detection
Cyber IDSs
Physical IDSs
Supervised
Unsupervised
AMIDS (HMM)

Physical

Network Exploit (Ac1 )

Cyber

X
X

X
X

X
X

X
X

X
X
X
X

X
X

X
X
X

X
X
X

made through information fusion of (i) cyber IDS alerts, (ii)

physical tampering alerts, and (iii) load-based IDS alerts, as
compared to the accuracy of the individual methods. Table III
shows the results of running the individual IDSs as well as
the combined HMM approach on a single-occupant dwelling.
A check mark means that the correct action was taken, and
an indicates a false positive or false negative. A dash
indicates that the experiment did not apply. As can be seen,
the combined approach eliminates the false positives of the
individual approaches. Alerting capabilities for the cyber and
physical IDSes were validated experimentally on real meters
in the TCIPG testbed [24]. In particular, we disconnected and
reversed meters and checked that alerts were generated. We
also collected a week of meter traffic in a mesh network of nine
meters and made connection attempts towards meters using a
rogue software client in order to test our implementation of
the ANSI C12.22 specification-based IDS.
Of particular instances are the three Legit cases designed to
cause false positives in the load-based approaches. Indeed, the
unsupervised learning algorithm identified two as malicious
behavior. The lack of any cyber or physical IDS alerts in these
cases resolved these false positives in the combined approach.
An additional false negative by the supervised approach was
also resolved. While additional field testing is necessary, these
results show that the HMM approach used by AMIDS is an
effective solution for combining smart meter data sources to
identify energy theft behaviors.
VII. C ONCLUSIONS
In this paper, we presented AMIDS, an integrated intrusion
detection solution to identify malicious energy theft attempts
in advanced metering infrastructures. AMIDS makes use of
different information sources to gather sufficient amount of
evidence about an on-going attack before marking an activity
as a malicious energy theft. Our experimental results show that
through an effective information fusion and using the correlation among the triggered alerts, AMIDS can detect various

in Figure
M|A
0
0
0
0
0

5)
?|D
0.06
0
0
0
0

?|R
0.06
0
0
0
0

?|CM
0.06
0
0
0
0

M|CM
0
0.01
0
0
0

M|CM AM
0
0
0
0
0

Goal state
0
0.03
0
0
1

0
0.07
0

0.14
0
0

0.14
0
0

0.14
0
0

0
0.14
0

0
0
0.04

0
0.57
0.85

0
0.04
0

0.08
0
0

0.08
0
0

0.5
0
0

0
0.5
0

0
0
0.38

0
0.33
0.13

types of energy theft attempts accurately using individually

inaccurate sensors.
R EFERENCES

[1] FBI: Smart Meter Hacks Likely to Spread. Available at http://

krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/.
[2] Electricity thefts surge in bad times. Available at http://www.usatoday.
com/money/industries/energy/2009-03-16-electricity-thefts N.htm.
[3] M. Armstrong, M.C. Swinton, H. Ribberink, I. Beausoleil-Morrison, and
J. Millette. Sythetically derived profiles for representing occupant-driven
electric loads in canadian housing. Journal of Building Performance
Simulation, 2(1):1530, 2009.
[4] CJ Bandim, JER Alves Jr, AV Pinto Jr, FC Souza, MRB Loureiro,
CA Magalhaes, and F. Galvez-Durand. Identification of energy theft
and tampered meters using a central observer meter: a mathematical
approach. In IEEE/PES Transmission and Distribution Conference and
Exposition, volume 1, pages 163168, 2003.
[5] R. Berthier and W.H. Sanders. Specification-based intrusion detection
for advanced metering infrastructures. In IEEE Pacific Rim International
Symposium on Dependable Computing, pages 184193, 2011.
[6] A. Cassandra. Exact and approximate algorithms for partially observable Markov decision processes. PhD thesis, Brown University, 1998.
[7] S. Depuru, L. Wang, and V. Devabhaktuni. A conceptual design using
harmonics to reduce pilfering of electricity. In IEEE Power and Energy
Society General Meeting, pages 17, 2010.
[8] S. Depuru, L. Wang, and V. Devabhaktuni. Support vector machine
based data classification for detection of electricity theft. In IEEE/PES
Power Systems Conference and Exposition, pages 18, 2011.
[9] S.S.S.R. Depuru, L. Wang, V. Devabhaktuni, and N. Gudi. Measures
and setbacks for controlling electricity theft. In IEEE North American
Power Symposium, pages 18, 2010.
[10] S.S.S.R. Depuru, L. Wang, V. Devabhaktuni, and P. Nelapati. A
hybrid neural network model and encoding technique for enhanced
classification of energy consumption data. In IEEE Power and Energy
Society General Meeting, pages 18, 2011.
[11] C. Goh and J. Apt. Consumer strategies for controlling electric water
heaters under dynamic pricing. Carnegie Mellon Electricity Industry
Center Working Paper, 2004.
[12] G.W. Hart. Nonintrusive appliance load monitoring. Proceedings of the
IEEE, 80(12):18701891, 1992.
[13] M. LeMay and C. Gunter. Cumulative attestation kernels for embedded
systems. Computer SecurityESORICS 2009, pages 655670, 2009.
[14] Mikhail A. Lisovich, Deirdre K. Mulligan, and Stephen B. Wicker.
Inferring personal information from demand-response systems. IEEE
Security and Privacy, 8(1):1120, 2010.
[15] Betsy Loeff. Deputizing data: Using ami for revenue protection. Utility
Automation and Engineering, 2008.
[16] S. McLaughlin, D. Podkuiko, and P. McDaniel. Energy theft in the
advanced metering infrastructure. Critical Information Infrastructures
Security, pages 176187, 2010.
[17] S. McLaughlin, D. Podkuiko, S. Miadzvezhanka, A. Delozier, and
P. McDaniel. Multi-vendor penetration testing in the advanced metering
infrastructure. In Proceedings of the Annual Computer Security Applications Conference, pages 107116. ACM, 2010.
[18] Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel. Energy
theft in the advanced metering infrastructure. In Proceedings of the
international conference on Critical information infrastructures security,
pages 176187. Springer-Verlag, 2010.
[19] A. Molina-Markham, P. Shenoy, K. Fu, E. Cecchet, and D. Irwin. Private
memoirs of a smart meter. In Proceedings of the 2nd ACM Workshop
on Embedded Sensing Systems for Energy-Efficiency in Building, pages
6166, 2010.
[20] J. Nagi, KS Yap, SK Tiong, SK Ahmed, and AM Mohammad. Detection
of abnormalities and electricity theft using genetic support vector
machines. In IEEE TENCON Region 10 Conference, pages 16, 2008.
[21] E. Quinn. Smart metering and privacy: Existing law and competing
policies. A report for the Colorado Public Utilities Commission, 2009.
[22] L.R. Rabiner. A tutorial on hidden Markov models and selected
applications in speech recognition. Proceedings of the IEEE, 77(2):257
286, 1989.
[23] Alfredo Rial and George Danezis. Privacy-Preserving Smart Metering.
Technical Report MSR-TR-2010-150, Microsoft Research, 2010.
[24] T. Yardley. Keynote address: Developing a testbed for the smart grid.
In IEEE Conference on Local Computer Networks, pages 11, 2010.