IEEE SmartGridComm 2012 Symposium - Cyber Security and Privacy
AMIDS: A Multi-Sensor Energy Theft Detection
Framework for Advanced Metering Infrastructures
Stephen McLaughlin and Brett Holbert
Computer Science and Engineering Electrical and Computer Engineering
Pennsylvania State University
{smclaugh, bdh5027}@cse.psu.edu
Abstract—The advanced metering infrastructure (AMI) is a
crucial component of the smart grid, replacing traditional analog
devices with computerized smart meters. Smart meters have not
only allowed for efficient management of many end-users, but
also have made AMI an attractive target for remote exploits and
local physical tampering with the end goal of stealing energy.
While smart meters posses multiple sensors and data sources
that can indicate energy theft, in practice, the individual methods
exhibit many false positives. In this paper, we present AMIDS, an
AMI intrusion detection system that uses information fusion to
combine the sensors and consumption data from a smart meter
to more accurately detect energy theft. AMIDS combines meter
audit logs of physical and cyber events with consumption data
to more accurately model and detect theft-related behavior. Our
experimental results on normal and anomalous load profiles show
that AMIDS can identify energy theft efforts with high accuracy.
Furthermore, AMIDS correctly identified legitimate load profile
changes that more elementary analyses classified as malicious.
I. I NTRODUCTION
The Advanced Metering Infrastructure (AMI) is changing
the way electricity is measured, consumed, and even dis-
tributed. Digital smart meters remotely report not only fine-
grained energy consumption data, but also logs of events indi-
cating malfunctions, misconfigurations, and potential physical
tampering. These monitoring capabilities, coupled with large-
scale AMI data aggregation promise to significantly mitigate
the problem of energy theft, an especially pervasive problem
in developing countries.
However, the recent nation-wide AMI deployment effort
has had quite an opposite effect by fueling concerns about
new ways to steal power, e.g., through remote smart meter
compromise. For instance, in 2009, the FBI reported a wide
and organized energy theft attempt that may have cost up
to 400 million dollars annually to a utility following an
AMI deployment [1]. Indeed, AMI significantly increases the
attack surface that utilities have to protect by introducing new
cyber threats on physically-accessible devices [18]. Penetration
testing efforts have shown vulnerabilities in smart meters that
could lead to stealthy energy fraud. Additionally, remote meter
reading eliminates the monthly visit by technicians to record
consumptions and to visually inspect meters.
As a result, the need for an efficient monitoring solution
to detect energy theft attempts in AMI has never been more
critical. In this paper, we introduce AMIDS, an integrated
cyber-physical intrusion detection system to identify malicious
energy theft attempts. AMIDS differs from previous solutions
by evaluating multiple AMI data sources under a combination
This material is based upon work supported by the Department of Energy
under Award Number DE-OE0000097.
978-1-4673-0911-0/12/$31.00 ©2012 IEEE
Saman Zonouz Robin Berthier
Information Trust Institute
University of Miami University of Illinois
s.zonouz@miami.edu rgb@illinois.edu
of techniques to detect theft-related behavior while reducing
false positives. In particular, AMIDS uses an attack graph
based information fusion technique to conceptually combine
collected evidences from three types of AMI-specific informa-
tion sources: 1) cyber-side network- and host-based intrusion
detection systems; 2) on-meter anti-tampering sensors; and 3)
power measurement-based anomalous consumption detectors
through nonintrusive load monitoring (NILM). The main con-
tributions of this paper are as follows:
• We present an information fusion solution which makes
use of an AMI-specific attack graph to identify energy
theft attempts with minimum number of false positives.
• We leverage data mining techniques to identify energy
theft through nonintrusive load monitoring. We designed
two algorithms: a supervised approach that can identify
individual appliance consumption and an unsupervised
approach that learns by clustering load events.
• We build a realistic household load simulator that we used
to evaluate the different individual detection techniques
and the information fusion solution through the injection
of realistic energy theft attacks.
II. R ELATED W ORK
Several solutions to energy theft have been proposed re-
cently [9]. A popular approach has been to apply support-
vector machine (SVM) to energy consumption profiles [8],
[20]. This approach consists of training an SVM from a
historical dataset and then testing the SVM on a different
dataset to find anomalies in the customer energy consumption.
[8] reports an accuracy of 98.4% based on a training set of
440 instances and a testing set of 220 customers. The same
authors extended their approach in [10] to leverage a hybrid
neural-network model and encoding technique in order to
automatically set the many parameters required by the model.
A different approach is shown in [4]. Here, the focus is
on identifying problematic metering installations, e.g., due to
malfunction or energy theft, through a central observer meter
in each neighborhood. Neighborhood energy use is compared
with individual customer loads using a model of N linearly
independent equations. This model is solved using matrix
inversion and recursive statistical methods, i.e., least squares.
This approach is limited by its reliance on linear independence
of equations and zero resistance of power lines.
A radically different approach is taken in [7] by using
a harmonic generator to actively deteriorate appliances of
customers who steal energy. Sensors monitor consumption
values, identify suspicious non-technical losses, disconnect
genuine customers, operate the harmonic generator for few
seconds, and reconnect everyone. An important limitation of
354

this solution is that if on-meter harmonic sensors fail, damage
to genuine customers could make the cost of false positives
prohibitively high.
III. T HREAT M ODEL
There are a variety of known techniques for energy theft
that we assume an adversary may attempt against an AMIDS-
equipped AMI deployment. At the level of customer homes,
the most common techniques involve either tapping an external
source such as a neighbor or distribution feeder, or meter
tampering to inhibit proper recording of consumption. The
latter may be done by applying magnets to interfere with
instruments such as electromechanical rotors or solid state
current transformers, or by reversing or disconnecting meters
from their sockets. At the grid level, energy thieves usually
bypass meters by wiring power hungry appliances directly to
the grid, or connecting their entire electric system to a feeder
with a pirate transformer.
Addressing such physical tampering-related issues has been
one of the benefits of AMI. Indeed, smart meters can detect
and report certain tampering attempts, and solid-state metering
mitigates some attack techniques targeting electromechanical
meters. But, the addition of network communication and smart
devices to the grid has also brought new attack vectors. For
example, it is trivial for a customer to jam meter wireless
communications to suppress physical tampering alarms. Cyber
attack techniques against AMI have been recently studied
[16], [17] and include interrupting measurements, gaining
privileged access to the meter firmware, tampering with the
meter storage, and intercepting the meter communications to
block or alter consumption values being reported.
To summarize, we classify energy theft techniques into
three categories: 1) physical attacks, 2) cyber attacks, and
3) data attacks having an impact on power measurements.
Note that attacks in the third categories are made possible
through attacks from the first and second categories. The
different attacks are detailed in Table I. The table is used in
the following sections as a guide to ensure a comprehensive
coverage of the threats from the described detection solutions.
Moreover, we draw from these attack techniques to simulate
attack scenarios in order to evaluate AMIDS.
IV. I NDIVIDUAL E NERGY T HEFT D ETECTION
M ECHANISMS
A. Physical Tampering Detection Solutions
Smart meters are already equipped with sensors to collect
and log potential physical tampering events such as removal of
the meter cover and physical bumping of the meter. However,
a problem with some such alerts is the high rate of false
positives. For example, a heavy truck passing near a meter
can trigger the tilt alert [15]. Thus, we include such tamper
detection sensors in our solution to detect physical attacks, but
false positive are reduced by combining tampering alerts with
additional data sources covered in the following two sections.
From our threat models described in Table I, meter tamper
alerts provide the following observations:
• Observation O8 : anti-tampering alert to detect A p1
• Observation O9 : reverse rotation alert to detect A p2
• Observation O10 : disconnect alert to detect A p3
• Observation O11 : anti-tampering alert to detect A p4
355
TABLE I
M APPING BETWEEN ATTACKS AND DETECTION TECHNIQUES
Id Attack technique
Cyber
Ac1 Compromise meters through remote network exploit
Ac2 Modify the firmware/storage on meters
Ac3 Steal credentials to login to meters
Ac4 Exhaust CPU/memory
Ac5 Intercept/alter communications
Ac6 Flood the NAN bandwidth
Physical
A p1 Break into the meter
A p2 Reverse the meter
A p3 Disconnect the meter
A p4 Physically extract the password
A p5 Abuse optical port to gain access to meters
A p6 Bypass meters to remove loads from measurement
Effect on power measurements
Ad1 Stop reporting entire consumption
Ad2 Remove large applicances from measurement
Ad3 Cut the report by a given percentage
Ad4 Alter appliance load profile to hide large loads
Ad5 Report zero consumption
Ad6 Report negative consumption (act as a generator)
B. Cyber Intrusion Detection Systems
To address the challenge of detecting cyber attacks intro-
duced by AMI, AMIDS leverages two complementary intru-
sion detection systems that can be implemented and deployed
via firmware upgrade: 1) a remote cumulative attestation
kernel (CAK) in meters [13], and 2) a specification-based net-
work intrusion detection systems deployed on access points or
dedicated sensors in the local neighborhood area network [5].
A CAK is a lightweight solution for embedded systems such
as meters, which records an unbroken sequence of application
firmware upgrades. This audit log can be remotely queried by
a verifier to detect firmware tampering, e.g., due to remote ex-
ploitation. The specification-based network intrusion detection
system monitors traffic among meters and access points across
layers to ensure that devices are running in a secure state and
their operations respect a specified security policy. It does this
by constraining communications made using the ANSI C12.22
standard protocol, thus guaranteeing that all policy violations
will be detected. The soundness of these constraints can be
formally verified.
Our cyber intrusion detection system provides the follow-
ing observation capabilities to cover attacks from our threat
models described in Table I:
• Observation O1 : spec.-based network monitoring to detect Ac1
• Observation O2 : remote firmware attestation to detect Ac2
• Observation O3 : spec.-based monitoring and meter authentica-
tion logs to detect Ac3
• Observation O4 : spec.-based monitoring and meter responsive-
ness to detect Ac4
• Observation O5 : spec.-based monitoring to detect Ac5
• Observation O6 : spec.-based monitoring to detect Ac6
• Observation O7 : remote firmware attestation to detect A p5
C. Power Measurement-based Anomaly Detection
The third class of observations to detect theft-related behav-
ior leverages the fine-grained load profile data available from
smart meters. In particular, individual load profile events are
analyzed to identify appliances being turned on and off. The
results are used to create a usage profile for each household.
These profiles will be used later to detect changes in house-
hold energy consumption patterns. In particular, we introduce
 15000 30

Consumtion Report
25

Daily Profiles
20
10000 15

10

5000 5

0
5 10 15 20 25
Appliances
0
1000 2000 3000 4000 5000 0.4
Minutes

Probability Density
4 0.3
x 10
1
0.2
Edge Magnitudes

0.5 0.1

0 0
2 4 6 8 10 12 14 16 18 20
Microwave Usage Frequency

−0.5
−1
1000 2000 3000 4000 5000
Minutes
Fig. 1. A Sample 4-Day Load Profile and Identified Edges
two power measurement-based detection solutions based on
supervised and unsupervised machine learning techniques. The
algorithms are based on Naive Bayes learning that employs
the method of maximum likelihood and is known to be one
of the most effective and efficient classification algorithms in
complex real-world situations.
We review the Naive Bayes algorithm briefly, and then
discuss our two load-based energy theft detection solutions.
Formally, the probability model for a classifier is a conditional
model Pr(C|F1 , F2 , · · · , Fn ) over a dependent class variable C
that takes on a binary value, 0 (legitimate power consumer)
and 1 (anomalous power measurements). Fi represents the i-th
feature. Using a Bayes’ theorem,
Pr(C) · Pr(F1 , F2 , · · · , Fn |C)
Pr(C|F1 , F2 , · · · , Fn ) =
P(F1 , F2 , · · · , Fn )
can be derived, and given the independence assumption,
n Once the set of appliances contribution to each edge is
1
Pr(C|F1 , F2 , · · · , Fn ) = P(C) · ∏ Pr(Fi |C),
Z i=1
where Z is a constant scaling factor representing the evidence.
Given the above probability model, the Bayesian classifier
combines this model with a decision rule. In particular, the
hypothesis with the maximum a posteriori is picked:
n
C( f1 , f2 , · · · , fn ) = arg max P(C = c) · ∏ P(Fi = fi |C = c).
c∈{0,1} i=1
(3)
Supervised Anomaly Detection. The supervised technique
labels each on or off edge in the load profile according to
its appliance of origin. The algorithm then determines which
appliances a ∈ A are missing from power measurements, i.e., if
the mode of theft bypassed some appliances around the meter.
The algorithm has two learning phases. First, a database of
appliance signatures is created and stored for use by a Non-
Intrusive Load Monitor (NILM). The NILM uses this database
to identify appliance usage in the home over time. Second,
AMIDS learns the daily usage frequencies of each individual
appliance using appliance data provided by the NILM. More
specifically, the power consumption time series are analyzed
and the (edges) E = (et0 , et1 , · · · , etn ) corresponding to on/off
events are identified and recorded. Each edge magnitude
represents one or more appliance events. Figure 1 shows 1) a
sample power consumption time series of a single household
generated by our implementation that simulated turn on/off
Fig. 2. Learned Normal Appliance Usage Profiles
incidents of 25 different home appliances, and 2) the identified
edges within the same trace. The NILM works by solving the
following binary integer programming problem to determine
which devices contributed to a given edge.
min BT x
s.t. Qx ≤ eti + δ
(4)
−Qx ≤ −eti + δ
x≥0
where B = [1, 1, · · · , 1]2·|A|×1 ; Q = [Q p ; −Q p ] , in which Q p
is an |A|-dimensional vector of power appliance consumption
profiles, and [a; b] represents the concatenation of the vectors
a and b. This integer programming problem is solved to
get the 2 · |A|-dimensional binary vector x, where an element
represents whether its corresponding appliance contributed to
the edge eti . Here, δ is a small threshold value to account for
measurement noise. The objective of the optimization is to
minimize number of incidents per edge. This is a reasonable
(1)
assumption as many near-simultaneous appliance events are
unlikely [12].
(2) identified, AMIDS learns based on the daily frequency of each
appliance fa . Thus, over an n-day learning phase, a usage
profile matrix
 
fa1 ,d1 fa2 ,d1 · · · fa|A| ,d1
 fa1 ,d2 fa2 ,d2 · · · fa|A| ,d2 
 
Uhi =  . .. .. ..  (5)
 .. . . . 
fa1 ,dn fa2 ,dn · · · fa|A| ,dn
per household hi is saved. Each column is then used to
calculate the probability mass distribution Phi ,a j (v) v ∈ Z that
appliance a j is used v times per day in household hi . This
completes the profiling phase. Figure 3 shows our implemen-
tation results: 1) home appliance usage frequency reports of a
single household over 20 days (each line represents a single
day); and 2) the empirical probability mass distribution of the
microwave usage frequency per day.
The calculated profiles (distributions) are used for anomaly
detection purposes with the Bayesian classifier. The objective
is to mark a given day-long smart meter measurements as
normal or anomalous based on that household’s profile. In
particular, the prior class probability P(C) in Equation (3)
can be obtained from existing energy theft data [2], and
the conditional distributions are obtained from the learned
profiles. Here, a features Fi is the daily usage frequency of
appliance i. Figure 3 shows our evaluation results for the
supervised detection of anomalous power measurements. In

356
 where B = [1, 1, · · · , 1]2·|A|×1 ; Q = [Q p ; −Q p ]1 , in which Q p
0.2

Pr[kW] (1)
0.1
is an |A|-dimensional vector that represent power consump-
[Q p ; −Q p ]1 , Consequently,
0.2

(1)
whereprofiles
tion B = [1,of1, ·individual
· · , 1]2·|A|×1home ; Q = appliances. in which Q p 0
0 10 20 30 40 50 60 70 80

Pr[kW]
0.1
is anabove
the |A|-dimensional vector thatisrepresent topower consump- kW (cluster 1)
B =integer · ·programming solved 1 get in the 2 · |A|- 0.2

(1)
where
tion profiles [1,of1, ·individual
, 1]2·|A|×1home ; Q = appliances. [Q p ; −Q p ] , Consequently, which Qp 0
0 10 20 30 40 50 60 70 80
dimensional binary vector x, in which each element represents

Pr[kW]
0.1
is an vector that represent power consump- kW (cluster 1)
30

the above |A|-dimensional

integer programming is solved to 1 get theedge 2 · |A|- 0.5

(2)
whether B a=particular · · , appliance has = contributed
[Q p ; −Q p ] ,to inthe which Qetpi
0.2

(1)
Normal Day

where [1,of1, ·individual 1]2·|A|×1home ; Q

20
0
tion profiles
dimensional binary vector x,isina which appliances.
each element Consequently,
represents
0 10 20 30 40 50 60 70 80

Pr[kW]
(2) Pr[kW]
δ
10

through on/off incidents. comparatively small threshold

0.1 kW (cluster 1)
is anabove
the |A|-dimensional
integer programming vector thatisrepresent solved topower get consump-
the 2 · |A|- 0.5

(2)
whether thata particular appliance has contributed to the edge eti
0
0 5 10 15 20 25
00
value
tion profiles accounts
of individual for thex,possible
home measurement
appliances. noise.
Consequently, The
Appliances
00 10 20 30 40 50 60 70 80
dimensional binary vector in which each element represents

Pr[kW]
10 20 30 40 50 60 70 80

δ
1

through on/off incidents. is a comparatively small threshold kW

kW (cluster
(cluster 2)
1)
Normality Probability

objectiveaboveaofparticular
the optimization ishas tois contributed
minimize
solved tonumber of2 ·inci-
0.8

the integer programming get theedge

0.5
whether
0.6

appliance to the |A|-

et 0
value
dents that edge.
per accounts
0.4
for
Thisvector is the possible
aδreasonable measurement
assumption noise. The
because thei
0 10 20 30 40 50 60 70 80

Pr[kW]
dimensional
through on/off
0.2
binary
incidents. x,isina which comparatively each element small represents
threshold kW (cluster 2)
objective of the optimization is to minimize number of inci- 0.4

(3)
0
0.5
probability that manyfor appliances hasgetcontributed
turned on/off simultane-

(2)
0 5 10 15 20 25

whether
value thata edge.
particular
accounts appliance to the edgeThe e 0

is the possible measurement noise.

Home Appliances

theti
0 10 20 30 40 50 60 70 80
dents per ThisFurthermore, a reasonable assumption because

Pr[kW]
(3) Pr[kW]
30
0.2
ously
through is very
on/off low.
incidents. δ is a according
comparatively to our
small empirical
threshold
kW (cluster 2)
Corrupted Profile

objective ofthat the many optimization is togetminimize number of inci- 0.4

(3)
20

probability
observations, lack appliances turnedusually on/off simultane- 00

value per that edge.

accounts Thisof forissuch the minimization
possible measurement resultsThe
noise. in 00 10
10 20
20 30
30 40
40 50
50 60
60 70
70 80
80

Pr[kW]
dents a reasonable assumption because the
10
0.2
ously
many is very
possible low.
large Furthermore,
appliance according
combinations to
for our
a empirical
given edge
kW
kW (cluster
(cluster 3)
2)
objective of the optimization is to minimize number of inci-
0
0 5 10 15 20 25 0.4
probability
observations, thatlack many of appliances
Appliances

such minimization get turnedusually on/off simultane-results in

0
0 10 20 30 40 50 60 70 80
magnitude.

Pr[kW]
0.5

dents
ously per edge.low. ThisFurthermore,
is a reasonable assumption because the
0.2
Normality Probability

kW (cluster 3)
is very according to
forour empirical
0.4

many possible large appliance combinations a given edge 0.2

(4)
0.3
0.4

(3)
Once
observations, the
probability thatlack0.2
set of
many ofappliances
appliances
such contribution
minimization get turnedusually to each
on/off simultane- edge
results is
in
0
0 10 20 30 40 50 60 70 80

Pr[kW]
magnitude.AMIDS creates a daily basis profile of each house-

(4) Pr[kW]
0.1 0.1
0.2
identified,
ously
many is very
possible low. Furthermore, according to our empirical
kW (cluster 3)

the setlarge appliance combinations for a given edge

0
0.2

(4)
0 5 10 15 20 25

Once of number
appliances contribution to each edge fisa
Home Appliances
00
hold and
observations, 3. calculates lackDay ofProfile such of times
minimization each appliance usually is used in
results
0 10 20 30 40 50 60 70 80

Pr[kW] Pr[kW]
0.1 0 10 20 30 40 50 60 70 80
magnitude.
Fig.
identified, Normal
AMIDS creates a and
daily Classification
basis profile Probability
of each house-
kW
kW (cluster
(cluster 4)
3)
during
many Once individual
possible
the setlarge days. Over an
appliance combinations
of number
appliances n-day
contribution learning for phase,
to each a given a usage
edge
0.2

is edge forfisa
0
hold
particular,
profile andthe calculates
matrixfirst and second of times
graphs show each aappliance normal trace used Fig. 4. Unsupervised Learning of kW
Basline (solid), Legitimate (dashed), and
0 10 20 30 40 50 60 70 80

magnitude.
0.1
identified, AMIDS creates a daily basis profile of each house- Fig.0.21. Unsupervised Learning of Basline, Legitimate,
(cluster 4) and Malicious Profiles
during
a single individualover
household days.a Over day and an n-day the posteriorlearning  phase, a usage
to distribution
Malicious × Profiles.

Pr[kW] (4)
Once the set ofnumber appliances contribution eachis edge used fisa
0
hold
profile
for individual and calculates
matrix appliances. fa1 ,dAs 1
of
fa2times
shown ,d1 in · each
· · thefappliance
athird
|A| ,d1 and fourth
0 10 20 30 40

Fig. 1. Unsupervised Learning of Basline,

50

Legitimate,
kW (cluster 4)
60 70

and Malicious Profiles

80
0.1
identified,
during AMIDSdays.
individual creates Over
 fa1 ,d2 fa2 ,dtracea daily
an n-daybasis profile
learning of
phase,each ahouse-
usage marks 0 has the HVAC bypassing the meter. As can be seen, the
graphs, aandcorrupted 
measurement · · ·leads fa|A|to ,d2 a 
significant
hold
profile calculates
matrix  fa1 ,d1 of
number fa2times ,d1 · each
2 · · fappliancea|A| ,d1  is used(5) f cFig. ∈ 1.C . Unsupervised
clustering
0
The
10
of the average
20
malicious silhouette
30
of test measure
40
case
50
4)differs is andused
60
significantlyto over
70
an
from
80

reduction U =  .. distribution .. ..(indicating that a

 Learning Basline, Legitimate, Malicious Profiles
duringinindividualthe posterior .values kW (cluster
hi
days.

 f Over f an n-day . . learning
f phase,

 a usage entire
the baselineclustering to determine
and legitimate testthe optimal number of clusters
cases.
the reported measurements  a1.,d

,dare
a2.,d2
fless ,d1 likely
· · ·
· · · tofabe . ,dnormal).

Uh =  ffaa1.,d ,d1  1.Csummary,
2 2
profile matrix
|A|
cFig. ∈follows..Unsupervised
The average silhouette measure is andused to over an
We note that thei use of
1
1.NILMs
faa22..,d along ·.·. ·sidefaasmart |A|.. ,d 
meters has
(5) as In the power-measurement
Learning of Basline, Legitimate, monitoring
Malicious system
Profiles

 fa1.,d2 fa2.,d2 · · ·. fa|A|. ,d2 
n n |A| n
 entire clustering to determine the optimal number of clusters
 f f f  provides C . The
cas∈follows. the following
average observation capabilities to cover attacks
raised
perprivacyhousehold concerns
Uhi = hi isf[21]. 1.,d1 Recent
asaved. 2.,d1 studies
faaEach
· · ·
·. · faahave
·.column is1n 
.. ,d shown
then usedthat(5)
to 1 silhouette 1 measure
b( f Table
) − a( isf )used to over an
∑ ∑ max{b(
|A|
NILMs can reveal home  1.,dn
 faaoccupant
. f 2.,dn
. behaviors· · . fa[14],
· |A|
.
,d 
 [19]. While from entireour threat
clustering s =models
to determine described the in
optimal I:
number of clusters(6)
calculate the probability  ,d mass a ,d distribution P
,d hi (v) v ∈N C . The average |C: |supervised f ),is a( fused
C |c| )} to over
1 2 2 2 2
Uthe
|A| ,a j cas•∈follows.
Observation O12 1 c∈ silhouette
1 f ∈cand measure
unsupervised
b( f ) − a( f ) anomaly an
systems
per household
we defer the design hi = hiprobability
isfprivacy-preserving
of saved.
. Each
fathat
2..,dn the
·.column fa|A|.. ,d
protocols
·. ·appliance isn  then
a j [23]is used for(5)
toc
that
calculate
our scheme
denotes
to the
future
 a1..,dn mass
probability
work, we mention . distribution a. practical . Phi measure
(v)
used
v to
∈ N entire to detect
clustering s
A p6 to determine
= ∑
|C |utility-side ∑ the optimal number of clusters
max{b( f ),thea( f )}
(6)
times per day in hhousehold hi . EachCalculation theisaforementioned Where b( f ) is O the c∈C |c|
131:dissimilarity between f ) eventtof detect and all
,a Observation
per
that household isfasaved. fathat ·column fa|A| ,d
j
thenisused used toc as• follows. 1 f ∈c report b( ffreq.
) − a( checkers Ad1
mitigate
calculate
denotes
leaks
distribution the in
the
ofcompletes
most iprobability
probability
legitimate,dn
1the profiling
mass
,dn the
2user’s
·consumption
·appliance
phase.
distribution
n a j patterns.
Paforementioned
hi ,a j (v) v ∈ N
other events sin=Oother
• Observation
Where b(f f and
) is all the
14 : ∑ clusters,
supervised
|C:dissimilarity ∑
|c| f ∈c max{b(
and
anomaly
between
a( f is
system
)
f ),the
the
a( f )}
to dissimilarity
detect Ad2(6)
f ) event f andAd3 all
Finetimes
grained per day
data for household
usage by hiload-based
. Calculation the
detection schemes • Observation O15 | aggregated monthly
per
that The calculated
household
denotes the profiles
hiprobability
is saved. (distributions)
Eachthecolumn
that are
appliance used
is then afor anomaly
used to
j is used c
between 1otherc∈C events
1 in its
b( fown) −changescluster.
a( toAdetect
silhouette
can bedistribution
released
detection
calculate
times per the
day
completes
only
purposes after
probability
in using
household
the
physicalprofiling
the
mass
h .
or
Bayesian phase.classifier
cyber
distribution
Calculation
tampering
the P (v) alarms
algorithm.
aforementioned
h ,a v∈N
other
closer
Where
events
• Observation
• Observation
to 1
b(f f and
sin=Oother
indicates
) is all the
O17 |Cother ∑ clusters,
16 : supervised
a better
:dissimilarity
| unsupervised ∑
|c| f ∈c in
and a( f system
anomaly
clustering.
max{b(
between
anomaly
) isGiven
f ),cluster.
a(
the
theto dissimilarity
f )}
system event
detect
an Ad4(6)
optimal
f and Aall
to silhouette
detect
haveThe The
been calculated
raised.
objective here profiles
is to (distributions)
mark
i
a given are used
day-long
i j
for anomaly between
clustering of the unlabelledc∈C events
training itsdata,
own the upper A and alert
lower d5
that denotes
distribution the
completes probability the that
profiling thephase. appliance asmart
j is used meterc other events
Observation in Oother : clusters,
utility-side and
negativea( f ) is the
consumption dissimilarity to
detection purposes using ortheanomalous Bayesian based classifier algorithm. closer
bounds
• to 1
onfAf and indicates
each
18
cluster a better
are found clustering.
andown used Given an optimal
measurements
times
Unsupervised
The per day as
in
Anomaly
calculated normal
household
profiles h
Detection. . Calculation
(distributions)
i Theday-long
are the
unsupervised on the
aforementioned
used for anomaly profiles
de- Where
betweendetect b( )d6 is all
the dissimilarity
other events in between
its thetoevent
cluster. bucketA f sample
and all
silhouette
The objective here is to mark aparticular,
given the priorsmart meter clustering
data. of theclassification
unlabelled training data, over the upper and lower
for
tector that
distribution
groups
detection particular
completes
individual
purposes household.
using the profiling
load the In Bayesian
events phase.clusters
into classifier class
based prob-
algorithm. on other Bayesian
closer events
toon1each in other aclusters,
indicates better is then and done a( f ) isGiven
clustering. thethedissimilarity
distribution
an optimal
measurements as normal or anomalous based on the profiles of bounds
bucketed V. M data
ULTI cluster
-S
against OURCE are
the found
I
clustering
NFORMATION and used of the toFtraining
bucket
USION sample
data.
theirability
The
for
The
real-powerP(C) inmagnitude.
calculated
objective
that particular
Equation
here profiles
is to mark
household.
(3)Thus,can
(distributions)
In
be obtained
appliances
aparticular,
given are used
day-long
the
from
with
prior
for
smart statistical
class
anomaly
similar
meter
prob-
between
clustering
data.
An Bayesian
f
example
and all other
of theclassification
clustering
events
unlabelled training
of isthree
in its
then datasets
own
data, over
done
cluster.
the upper
is the
shown
A silhouette
and lower
distribution
in Fig-
loadreports
detection
measurements
sizes will
ability
about
P(C) be
energy
purposes
inasplacednormal
Equation
theft
using [?],
orthe
in (3) and
theanomalous
can same the cluster.
Bayesian conditional
be obtained
classifier
based ondistributions
The
from thealgorithm.
profiles
resulting
statistical ure
closer
ofAlerts
bounds
bucketed
1.
toon
The
from1each indicates
each
data
solid
of
cluster
against
line
a are
the better
security
the
represents found clustering.
clustering
the
sensors
and pdf used
of of
Given
discussed
the to bucket
training
events
aninoptimal
per
Section
sample
data.
day in
are obtained from the learned profiles. To clarify, the features clustering of the unlabelled
The
for
individual
reports
objective
that particular
clusters
about
here
are more
energy
is
household. to
theft
mark
sensitive
[?], In and
a given
particular,
to load
the
day-long
the
conditional changes prior smart
class
than
distributions
meter
prob-
the IVeach indicate
data.
AnBayesian
ofexample
four individual
classification
clusters
clustering attack
from oftraining
issteps
then against
training
three data,
done
data. over
datasets the
The isupper
AMI. the
dashed
shown andin
However, lower
distribution
lineFig-isas
F i areFor
measurements
ability
net load. essentially
P(C) in
example, the
asEquation
normal daily (3)
bypassing usage
or anomalous
can a frequency
be
single obtainedbased of individual
appliance on the
from will home
profiles
statistical
have proved
the bounds
ure 1. in
of bucketed
pdf Theon each
ofpractice,
events
solid cluster
data line inthese
against are
the
arepresents found
sensors
clustering clustering
the and
report
of pdf used
theofof fairly
the
same to bucket
large
training
events scenario sample
pernumbers
data.
daywith in
are obtained
appliances, from
i.e., one the learned
feature per profiles.
appliance. To clarify, the features data. Bayesian classification isthree
thenmiss done over
for
reports
a noticeable that about
particular
effect energy onhousehold.
theft
the [?], Inand particular,
the conditional the the priordistributions
class prob- ofan each HVAC
An
false ofexample system
four
positives clusters that
and is
clustering from30% more
oftraining
sometimes efficient
data.intrusions;
datasets The is the
than dashed
shown distribution
the baseline.
inlineFig-
therefore, is
Fi 2)are Unsupervised
essentially dailycluster
theAnomaly usage Detection:
containing
frequency Unlike of individual the
appliance, home
supervised Finally,
the
ure pdf
1. The
of bucketed the
of line
datawith
events
solid in ×arepresents
line
against clustering
marks isbased
the clustering thetheofsame the
pdf ofsame
scenario
of theevents scenario
with
training per day
thedata.with
HVAC in
ability
are P(C)
obtained
evenappliances,
if the change in
from Equation
the learned (3) canprofiles.be obtained
To clarify, from the statistical
features reporting energy theft solely on individual alerts will
anomaly i.e.,inone
detection
netfeatureload isper
algorithm,
very
the
small. The unsupervised
appliance.
unsupervised detector does an
each
bypassingHVAC
An ofexample system
four
the clusters
meter. that
As is
clustering from
can 30% be more
oftraining
seen,
three the efficient
data.
clustering
datasets The than
is To of
shownthe
dashed baseline.
inline
the malicious Fig- is
reports
Fi 2)
learning about
arealgorithm energy
essentiallyproceeds theft
theAnomaly
dailyasusage [?], and
follows. the
frequency conditional
Edge of distributions
individual
detection home
is first result in many costly physical inspections. improve the
not Unsupervised
have appliance labels for Detection:
events in the Unlike
load thethe
profile. supervised
Instead, testFinally,
the case
ure pdf
1. The the
of
differslinesignificantly
events
solid with in ×arepresents
line clustering
marks from is the theof
the same thescenario
baseline
pdf ofsame and with
events scenario
legitimate
the day
per with
HVACtest
in
are obtained
usedappliances,
to extractdetection from
ai.e.,
set of the
oneevents learned
featuref1 ,per profiles.
f2the ,appliance. To clarify,
. , fn (positive detector
. . unsupervised or negativefeatures overall
an
cases. HVAC
bypassing accuracy,
system
the meter. AMIDS
that
As is can30% makes morethe
betraining
seen, use of
efficient a
clustering novel
than of model-based
the
the baseline.
malicious
anomaly
it groups different algorithm,
load does each of four clusters from data. The dashed line is
edges)Fi 2)are
from essentially
Unsupervised
the loadthe dailyevents
Anomaly
profile. usage Detection:
K-means by clustering
frequencyclustering Unlikeof individual on supervised
the
is their home
then donereal- solution
Finally,
test
the casepdf to the correlate
differs
of events in alerts
line significantly
with ×a marks and
from
clustering is the provides
theof baseline
same operators
thescenario
same and with with
legitimate
scenario the HVACcon-
test
with
not
power have
appliances, appliance
magnitude.
i.e., one labels
The
feature for events
intuition
per in
here
appliance. the isload that profile.
each Instead,
cluster
based anomaly detection algorithm, thebyunsupervised detectora set does cases.
textual
bypassing
an HVAC information.
III.the
system
M meter. As
that
-S InOURCE
is particular,
can30% be seen,
Imore AMIDS
the clustering
efficient leverages
than of the
F USIONS a set of
the baseline.
malicious
it on
is groups
an
individual
differentevent
equivalency load magnitudes,
class ofeventsappliances,
resulting on
clusteringand the
in their of
real- ULTI NFORMATION
not
clusters 2) C Unsupervised
have appliance
with c = Anomaly
labels
{ f , f for
, ..., Detection:
events
f } in
for the Unlike
all load clusters theset
profile. c
of
supervised
∈
such
C
Instead, . commontest
Finally,case the
We present
differs
energy line significantly
anULTI
with ×
theft
attack
marks
attack
graph-based
from is the
paths, thesame baseline
i.e.,
information
scenario
the and with
different
fusion
legitimate
the
ways
algorithm
HVACtest
that
to
power magnitude.
classes defines The intuition
a fingerprint1 2
for |c| here is that each cluster cases. III. M -S OURCE Ioccur, F USIONS
anomaly
it groups
The residence. detection
different algorithm,
load events theconsumption
byunsupervised
clustering foron a their
detector particular
does
real- bypassing
ancombine energy the
theft
evidences
meter.
attack
about
As can
could be seen,
on-going
the to
NFORMATION
attacks
clustering
from reduce
multiple
offalse
the malicious
positives
sources, i.e.,
isnumber of
an equivalency clusters
Of course,
|C|
class common
is
of determined
appliances,
energy
by
and
theft
maximizing
the
scenarios set of the
such
should test case differs significantly from the baseline and legitimate test
not
power
average have appliance
magnitude.
silhouette labels
The for events
intuition in the
here isload that profile.
each Instead,
cluster due
detection
Weto individual
algorithms.
present anULTI false
attack Figure alarms.
2 shows information
graph-based a simplified fusion attack graph algorithm for anto
classes
deviate defines value
significantly a fingerprint s across
from this for allconsumption
clusters.
fingerprint. For for
example, a particular
while cases. III. M -S OURCE I NFORMATION F USIONS
it
is groups
an different
equivalency load
class events
of appliances, by clusteringand the on settheirof real-
such AMI combine
AMIDS smart meter
evidences
uses anwith
about
attack the end malicious
on-going
graph-based attacks from goalmultiple
information being asources, successful
fusion i.e.,
algo-
residence. aOflarge
bypassing course, appliance common around energy the theft scenarios
meter might not should
affect energy
detection
We presenttheft. The
algorithms. attack
an attack Figuregraph is a state-based
2 shows
graph-based a simplified
information directed
attack graph
fusion graph which
algorithm for anto
power magnitude.
classes defines 1 a The
fingerprint1 intuitionfor b( f here
consumption
) − a( isf ) that for each
a cluster
particular rithm to combine
III. M ULTI evidence
-Spaths of on-going
Imalicious attacks from
F USIONS multiple
∑class to ∑
deviate significantly from this fingerprint. For itexample, while models
AMI
combine smartvarious meter
evidences attackwith
about OURCE
the end
on-going NFORMATION
starting attacks from from the
goal initial
being
multiple state
asources,s0 and
successfuli.e.,
the
is
residence. s Of
annetequivalency
load= enough
course, common appear
of appliances, suspicious,
energy and
theft thewill
scenarios set cause (6)
sucha
ofshould sources. Figure 5attack
shows a 2end
simplified energy theft attack graph
bypassing
noticeable a |
largeC
reduction
| appliance
c∈ C in
|c| thef max{b(
around
size of atthef ), a(
meter
least
f )}
one might
cluster. not affect continues
energy
detection
We present untilThe
theft.
algorithms.the
an malicious
attack Figuregraph
graph-based is goal
shows aissimplified
a state-based achieved
information (represented
directed
attack
fusion graph
algorithmby the
which
for an
to
classes
deviate defines a fingerprint ∈c for consumption for a particular for a state
smart meter. The attack graph is a state-based directed
theThe net significantly
load enoughfrom this fingerprint.
to appear suspicious, For itexample, will whilea
cause goalmodels
AMI
combine smart sg )meter
various
evidences thatattack
iswithenergy
about paths
the theft
starting
end
on-going in this
malicious
attacks from case.
from the
goal At each state
initial
being
multiple time instant,
asources,s0 i.e.,
successfuland
b( f ) unsupervised
residence.
Here,bypassing
noticeable aOf
is the course,
Euclidean
large
reduction
learning
appliance
in
common
thedistance
around
size
algorithm
energy
of between
attheleast proceeds
theft
meter onef scenarios
and
might asnot
all
cluster.
follows.
should
events
affect the
graph security
continues
energy
detection which state
until
theft. Thetheof
models
algorithms. the
malicious
attack smart
Figuregraph
various meter
2end is goal
shows aattackdevice
state-based (except
aissimplified
achieved
paths directed the goal
(represented
starting
attack graph state)
fromby
forthe
which is
the
an
Edge
deviate detection
significantly is firsta(fromf used to extract
this fingerprint. a set Forof itevents
example, (positive
while identified
goal
AMI state
models smart by ) the
sgsmeter
various that following
iscontinues
attack energythe two
paths theft binary
starting in this subvectors:
from case. theAt 1) the
each
ofinitial time
state attacker’s
instant,
s0 sand
theThe
in other net load enough
clusters,
unsupervised and )toisappear
learning the suspicious,
distance
algorithm between
proceeds will f and
as cause all a
follows. initial state 0 and with end malicious
until the goalgoal being
theft a(state
successful g ) is
or negative
bypassing a edges)
large from
appliance the load
around profile.
the K-means
meter might clustering
not affect is current
the
energysecurity
continues privilege
theft. state
until Thetheover
of thethe
malicious
attack meter
smart
graph is that
meter
end goal captures
device
is achieved
a state-based what
(except
directed the goal
the
(represented attacker
graph state)
by can
the
which is
eventsnoticeable
in
Edgedone its
detection reduction
own cluster.
ison first in the
Given size
used to extract of
an at least
optimal one
a set of events cluster.
clustering, the
(positive reached.
do instate Atby
sg each
thevarious
future node,
and thetwo
is paths
either security
none state
orcase.
the ofAt the 1)smart meter is
first
theand netlower based
load enough individual
toeach appear event magnitudes,
suspicious, it and resulting
will causetoina identified
goal
models ) the
that following
is energy
attack theft
starting in ∅
binary thisfrom theadministrative
subvectors: each
initial the
time
state saccess
attacker’s
instant,
0 and
upper The unsupervised
bounds learning
on algorithm
cluster are proceeds
found as follows.
used identified
M according
current
the security by
privilege the following
totheover
state configuration
of thethe meter
smart two binary
ofthat
meter the values.
isexisting
captures
device (except 1)the
commercial
what theThe attacker’s
meters;
attacker
goal by can
state) is
aor negative
set
noticeable
Edge detection
edges)Cfrom
of clusters
reduction with
inused
thec load
theoperation.
size
= extract{ offprofile.
f2 ,least
1 , at
K-means
a...,setf|c|one for
} events clustering
all (positive
cluster. clusters is continues until malicious end goal achieved (represented the
bucketfirstevents
done basedison
during first
normalindividual to event Bayesian magnitudes, of classification
resulting in current
and goalin2)
do
identified privilege
the
the
state ssecurity
future
by thatand
g ) the in
followingthe
isconsequencesmeter:
is either
energy two none
theft this
that∅
binary
in this captures
captures
orcase. thewhat
the administrative
subvectors: At set the
1)
each ofthemalicious
time attacker
access
attacker’s
instant,
or The
negativeunsupervised
edges) from learning algorithm proceeds as follows. actions
M according
current thethe attacker
inprivilege to over has
configuration
the already
meter accomplished
ofthat the existing
captures ∅ what such
orcommercial
the as a modified
meters;
attacker can
is then
a 1set done over
ofrepresents
clusters withthec load
the Cdistribution = of {offprofile.
bucketed
1 , fvectors
K-means
2 , ..., fa
data} for clustering
against
all clusterstheis can the do
meter
and
security
2) firmware
the
future,
state
security or
of the and
exhausted
smart
consequences
is either
meter
CPU on
that
none
device
the
(except
meter.
captures the
thethe
set
administrator
goal
of
state)
malicious
is
Edge
first b]detection
[a;done based
clustering of the training data. is
theonfirst used
concatenation
individual to extract
the
event a set
magnitudes,
|c|of
andevents b. resulting (positive in do in
identified
privilege the M.future
by the
2) and
following
The is either
security two none
binary ∅
consequences or the
subvectors: administrative
of 1)
attackerthe access
attacker’s
actions:
actions
M according
current the attacker
privilege has
to configuration thealready
meterofthat accomplished
thecaptures
existingwhat suchtheas attacker
commercial a modified
meters;
Anor negative
a example
1set of edges)Cfrom
clusters
clustering with
of the c
three load
=
[a; b] represents the concatenation of the vectors a and b.
{ fprofile.
datasets
1 , f 2 , is
...,K-means
f
shown
|c| } for inclustering
all
Figureclusters
4 is this meter
and
do in captures
2)firmware
thefuture
the theorover
security set
and isofeither
exhausted actions
consequences CPUnone the
on∅the
that attacker
or meter.
captures hassetaccomplished
the
the administrative of malicious
can
access
first done based on individual
with four clusters formed from each dataset. The three datasets event magnitudes, resulting in such actions as athemodifiedattacker meter
has firmware
already or exhausted such asCPU on the
M according to configuration of accomplished
the existing commercial a modified
meters;
are asa 1follows.
set
[a; b]ofrepresents
clusters
(1) The theCconcatenation
with line
solid c =shows { fthe
of 1 , fvectors
2the f|c|
, ...,probability
a and } for b. alldensity clusters meter.meter
and 2)firmwarethe security or exhausted
consequences CPU that on the meter.the set of malicious
captures
function (pdf) of events per day in each of four clusters from actions
As shown the attacker
in the figure, has already thereaccomplished
are specific alerts such asand a modified
intrusion
1 b] represents the concatenation of the meter firmware or exhausted CPU each on themalicious
meter.
training[a;data. (2) The dashed line is vectors
the pdf a and of b.events in a detection methods to identify action needed
clustering of the same scenario with an HVAC system that to proceed through the graph. Because these individual alerts
is 30% more efficient than the baseline. (3) The line with × are subject to false positives, AMIDS makes use of the

357
 Attack Graph’s State Notion [Privileges | Consequences]
Attacker’s Privileges
Ø: No Access/Control on the Meter
Cyber Consequences
CM/CN: Meter/End2End Confidentiality
M: Administrative Access on the Meter IM/IN: Firmware/Network Integrity
AM/AN: Meter/Network Availability
Ac5
Ac6
Ø | IN
Ø | AN
Ac2
Ac1 M|Ø
Ac4
Ø|T Ap4 Ø | TCM Ac3
Ac2
M | TCM
Ap1
Initial State
Ø|Ø Ap3 Ø|D
Ap2 Ø|R
Ap5
Ø | CM Ac3 M | CM
Ac4
Ac2
Fig. 5. A Simplified Cyber-Physical Attack Graph for AMI
attack graph to detect energy theft efforts by correlating alert
sequences denoting a complete energy theft attack, i.e., a path
from s0 to sg .
To perform information fusion online, AMIDS considers the
attack graph as a hidden Markov model (HMM) [22] and the
alerts triggered by different detection techniques as observ-
ables oi ∈ O. Formally, AMIDS considers each attack path
as a discrete-time hidden Markov process, i.e., event sequence
Y = (y0 , y1 , · · · , yn−1 ) of arbitrary lengths. yi = (si , oi ), where si
is an HMM state at the ith step of the attack and is unobserved,
and the observation oi is the set of triggered intrusion detection
alerts at that step. AMIDS’s main responsibility is to compute
Pr(st | o0:t ), that is, the probability distribution over hidden
states at each time instant, given the HMM model and the past
IDS alerts o0:t = (o0 , · · · , ot ). In particular, AMIDS makes use
of the forward-backward smoothing algorithm [22], which, in
the first pass, calculates the probability of ending up in any
particular HMM state given the first k alerts in the sequence
Pr(sk | o0:k ). In the second pass, the algorithm computes a
set of backward probabilities that provide the probability of
receiving the remaining observations given any starting point
k, i.e., Pr(ok+1:t | sk ). The two probability distributions can
then be combined to obtain the distribution over states at any
specific point in time given the entire observation sequence:
Pr(st | o0:t ) = Pr(sk | o1:k , ok+1:t ) ∝ Pr(ok+1:t | sk )·Pr(sk | o1:k ),
(7)
where the last step follows from an application of Bayes’s
rule and the conditional independence of ok+1:t and o1:k
given sk . Having solved the HMM’s smoothing problem for
Pr(st | o0:t ), AMIDS probabilistically knows about the current
state. Consequently, AMIDS picks the state with highest
probability using the Most Likely State (MLS) technique [6]
s∗ = arg maxs Pr(st | o0:t ) and triggers the energy theft alert if
s∗ = sg .
VI. E XPERIMENTAL E VALUATIONS
A. Load Profile Datasets
1) Baseline: We generate realistic load profiles based on
simulated residents and their electric device usage. Each
scenario is assigned a device profile consisting of a set of
appliances, electronic devices, lighting, and other household
items drawing power. Profiles are then created for individual
occupant types, e.g., that cook, do other chores or are noc-
turnal. These occupant types can be combined to simulate the
usage patterns of common household arrangements.
Each device consists of a usage profile with the device’s
power consumption as obtained from common device vendor
websites. Each user profile then contains the times of day,
Physical Consequences
T: Tampered with (e.g., broken into) number of uses, and durations of uses of each device. The
D: Meter Disconnected
R: Meter Terminal Inversion time of day and duration fields each have a time granularity
AD1
AD1
of one minute, giving us minute level load profiles. Previous
M | IM AD1-5 work has shown that refrigerators loads follow roughly a 70
minute cycle and power is only drawn for half of that duration
M|A AD1 Goal State (Energy Theft)
M | TCMIM AD1-5
[3]. The simulated refrigerators are assigned a cycle between
Ac4 M | TCMAM AD1 No (Zero) Consumption 60 and 70 minutes to introduce some variation into the model.
AD1
Reduced Power
Consumption Reports Power usage for the water heater is generated as a simplified
AD6 Negative Consumption version of the model used in [11]. Heat loss due to hot water
M | CMAM AD1
use for showering, miscellaneous hot water usage, and ambient
M | CMIM AD1-5
temperature difference is considered to decrease the water
temperature at a constant rate. This results in only negligible
variations in the power usage compared to the previous model.
The HVAC system is simulated using a pre-calculated load
curve for a given temperate pattern. The compressor is then
simulated to approximately meet the load curve.
2) Legitimate Changes: Two modifications are made to
the baseline load profiles: legitimate, and malicious. In the
legitimate load, the traces are perturbed to reflect legitimate
deviations from the baseline. Ideally, AMIDS will not raise any
alerts for legitimate traces. Those traces are: (Legit-Replace)
the replacement of a large appliance with a version 30% more
efficient, (Legit-Season) reduced usage of heating or cooling
appliances due to seasonal changes, and (Legit-Occupant)
modified use of all appliances due to occupancy change.
3) Malicious Changes: In the malicious scenarios, the
traces are perturbed to reflect load changes caused by common
energy theft scenarios. Ideally, AMIDS will raise an alert for
each malicious trace. The three malicious cases are: (Mal-
Bypass) the bypassing of a large appliance, e.g., HVAC, around
the meter, (Mal-Disconnect) periodic disconnection of the
meter resulting in zero usage, and (Mal-Reduction) a constant
reduction in measured power, e.g., due to magnets or meter
hacking.
We will evaluate accuracy of the individual proposed detec-
tion solutions and the integrated AMIDS approach on various
normal (baseline) and anomalous usage profiles.
B. Integrated Intrusion Detection
We implemented the proposed HMM-based solution for the
integrated energy theft detection, and evaluated its overall
detection capability in dealing with sensor inaccuracies. In
particular, AMIDS was tested against three complete and
incomplete energy theft attack attempts (see Table II). The
first attack was a 5-step energy theft attack which was reported
by the intrusion detection sensors accurately (each step was
reported by the corresponding sensor). Each row in Table II
shows the posterior distribution over the attack graph’s state
space. As expected, AMIDS can detect the energy theft attempt
accurately, i.e., P(sg |observations) = 1. During the second
attack scenario (identical steps), some alerts were not triggered
by the sensors, and hence AMIDS had to infer the steps based
on the attack graph structure. As shown in the table, after the
last step, AMIDS reports the energy theft attempt with 85%
confidence. The last incomplete attack scenario which actually
does not result in the goal state is not reported as a successful
energy theft attempt with 87% confidence.
C. Accuracy
We now evaluate the accuracy of AMIDS under a number
of attacks on a load profile for a single occupant apartment.
We are particularly interested in the accuracy gains that can be
358
 TABLE II
M ULTI - SENSOR E NERGY-T HEFT D ETECTION USING THE AMIDS F RAMEWORK
Attack Graph States ([Privilege|Consequence], as defined in Figure 5)
Step 7→ Observation ∅|∅ ∅|T ∅|TCM M|TCM M|TCM IM M|CM IM M|TCM AM ∅|AN ∅|IN M|∅ M|IM M|A ∅|D ∅|R ∅|CM M|CM M|CM AM Goal state
A p5 7→ O7 0 0.65 0 0 0 0 0 0.06 0.06 0.06 0 0 0.06 0.06 0.06 0 0 0
Attack 1

A p3 7→ O10 0 0 0.95 0 0 0 0 0 0 0 0 0 0 0 0 0.01 0 0.03

Ac3 7→ O3 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Ac2 7→ O2 0 0 0 0 0.92 0 0.08 0 0 0 0 0 0 0 0 0 0 0
Ad2 7→ O14 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
A p3 7→ O10 0 0.14 0 0 0 0 0 0.14 0.14 0.14 0 0 0.14 0.14 0.14 0 0 0
Attack 3 Attack 2

Ac2 7→ O2 0 0 0.14 0 0 0 0 0 0 0 0.07 0.07 0 0 0 0.14 0 0.57

Ad2 7→ O14 0 0 0 0.08 0 0.04 0 0 0 0 0 0 0 0 0 0 0.04 0.85
A p4 7→ O11 0 0.08 0 0 0 0 0 0.08 0.08 0.08 0 0 0.08 0.08 0.5 0 0 0
A p5 7→ O7 0 0 0.08 0 0 0 0 0 0 0 0.04 0.04 0 0 0 0.5 0 0.33
Ac3 7→ O3 0 0 0 0.13 0 0.38 0 0 0 0 0 0 0 0 0 0 0.38 0.13

TABLE III
E MPIRICAL D ETECTION R ESULTS FOR S EVERAL ATTACK S TEPS types of energy theft attempts accurately using individually
Cyber Physical Data Modification inaccurate sensors.
Appliance Bypass (A p6 )
Meter Disconnect (A p3 )

R EFERENCES
Intercept Comm. (Ac5 )
Network Exploit (Ac1 )

Mal-Reduction (Ad3 )
Meter Breakin (A p1 )

[1] FBI: Smart Meter Hacks Likely to Spread. Available at http://

krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/.
Mal-Login (Ac3 )

Legit-Occupant
[2] Electricity thefts surge in bad times. Available at http://www.usatoday.
Legit-Replace

Detection
Cyber IDSs X X
Physical IDSs - -
Supervised - -
Unsupervised - -
AMIDS (HMM) X X
made through information fusion of (i) cyber IDS alerts, (ii)
physical tampering alerts, and (iii) load-based IDS alerts, as
compared to the accuracy of the individual methods. Table III
shows the results of running the individual IDSs as well as
the combined HMM approach on a single-occupant dwelling.
A check mark means that the correct action was taken, and
an × indicates a false positive or false negative. A dash
indicates that the experiment did not apply. As can be seen,
the combined approach eliminates the false positives of the
individual approaches. Alerting capabilities for the cyber and
physical IDSes were validated experimentally on real meters
in the TCIPG testbed [24]. In particular, we disconnected and
reversed meters and checked that alerts were generated. We
also collected a week of meter traffic in a mesh network of nine
meters and made connection attempts towards meters using a
rogue software client in order to test our implementation of
the ANSI C12.22 specification-based IDS.
Of particular instances are the three Legit cases designed to
cause false positives in the load-based approaches. Indeed, the
unsupervised learning algorithm identified two as malicious
behavior. The lack of any cyber or physical IDS alerts in these
cases resolved these false positives in the combined approach.
An additional false negative by the supervised approach was
also resolved. While additional field testing is necessary, these
results show that the HMM approach used by AMIDS is an
effective solution for combining smart meter data sources to
identify energy theft behaviors.
VII. C ONCLUSIONS
In this paper, we presented AMIDS, an integrated intrusion
detection solution to identify malicious energy theft attempts
in advanced metering infrastructures. AMIDS makes use of
different information sources to gather sufficient amount of
evidence about an on-going attack before marking an activity
as a malicious energy theft. Our experimental results show that
through an effective information fusion and using the corre-
lation among the triggered alerts, AMIDS can detect various
Legit-Season
com/money/industries/energy/2009-03-16-electricity-thefts N.htm.
[3] M. Armstrong, M.C. Swinton, H. Ribberink, I. Beausoleil-Morrison, and
J. Millette. Sythetically derived profiles for representing occupant-driven
electric loads in canadian housing. Journal of Building Performance
Simulation, 2(1):15–30, 2009.
X - - - - - - -
[4] CJ Bandim, JER Alves Jr, AV Pinto Jr, FC Souza, MRB Loureiro,
CA Magalhaes, and F. Galvez-Durand. Identification of energy theft
- X X X - - - - and tampered meters using a central observer meter: a mathematical
- - X × X X X X approach. In IEEE/PES Transmission and Distribution Conference and
- - X X X × × X Exposition, volume 1, pages 163–168, 2003.
X X X X X X X X [5] R. Berthier and W.H. Sanders. Specification-based intrusion detection
for advanced metering infrastructures. In IEEE Pacific Rim International
Symposium on Dependable Computing, pages 184–193, 2011.
[6] A. Cassandra. Exact and approximate algorithms for partially observ-
able Markov decision processes. PhD thesis, Brown University, 1998.
[7] S. Depuru, L. Wang, and V. Devabhaktuni. A conceptual design using
harmonics to reduce pilfering of electricity. In IEEE Power and Energy
Society General Meeting, pages 1–7, 2010.
[8] S. Depuru, L. Wang, and V. Devabhaktuni. Support vector machine
based data classification for detection of electricity theft. In IEEE/PES
Power Systems Conference and Exposition, pages 1–8, 2011.
[9] S.S.S.R. Depuru, L. Wang, V. Devabhaktuni, and N. Gudi. Measures
and setbacks for controlling electricity theft. In IEEE North American
Power Symposium, pages 1–8, 2010.
[10] S.S.S.R. Depuru, L. Wang, V. Devabhaktuni, and P. Nelapati. A
hybrid neural network model and encoding technique for enhanced
classification of energy consumption data. In IEEE Power and Energy
Society General Meeting, pages 1–8, 2011.
[11] C. Goh and J. Apt. Consumer strategies for controlling electric water
heaters under dynamic pricing. Carnegie Mellon Electricity Industry
Center Working Paper, 2004.
[12] G.W. Hart. Nonintrusive appliance load monitoring. Proceedings of the
IEEE, 80(12):1870–1891, 1992.
[13] M. LeMay and C. Gunter. Cumulative attestation kernels for embedded
systems. Computer Security–ESORICS 2009, pages 655–670, 2009.
[14] Mikhail A. Lisovich, Deirdre K. Mulligan, and Stephen B. Wicker.
Inferring personal information from demand-response systems. IEEE
Security and Privacy, 8(1):11–20, 2010.
[15] Betsy Loeff. Deputizing data: Using ami for revenue protection. Utility
Automation and Engineering, 2008.
[16] S. McLaughlin, D. Podkuiko, and P. McDaniel. Energy theft in the
advanced metering infrastructure. Critical Information Infrastructures
Security, pages 176–187, 2010.
[17] S. McLaughlin, D. Podkuiko, S. Miadzvezhanka, A. Delozier, and
P. McDaniel. Multi-vendor penetration testing in the advanced metering
infrastructure. In Proceedings of the Annual Computer Security Appli-
cations Conference, pages 107–116. ACM, 2010.
[18] Stephen McLaughlin, Dmitry Podkuiko, and Patrick McDaniel. Energy
theft in the advanced metering infrastructure. In Proceedings of the
international conference on Critical information infrastructures security,
pages 176–187. Springer-Verlag, 2010.
[19] A. Molina-Markham, P. Shenoy, K. Fu, E. Cecchet, and D. Irwin. Private
memoirs of a smart meter. In Proceedings of the 2nd ACM Workshop
on Embedded Sensing Systems for Energy-Efficiency in Building, pages
61–66, 2010.
[20] J. Nagi, KS Yap, SK Tiong, SK Ahmed, and AM Mohammad. Detection
of abnormalities and electricity theft using genetic support vector
machines. In IEEE TENCON Region 10 Conference, pages 1–6, 2008.
[21] E. Quinn. Smart metering and privacy: Existing law and competing
policies. A report for the Colorado Public Utilities Commission, 2009.
[22] L.R. Rabiner. A tutorial on hidden Markov models and selected
applications in speech recognition. Proceedings of the IEEE, 77(2):257–
286, 1989.
[23] Alfredo Rial and George Danezis. Privacy-Preserving Smart Metering.
Technical Report MSR-TR-2010-150, Microsoft Research, 2010.
[24] T. Yardley. Keynote address: Developing a testbed for the smart grid.
In IEEE Conference on Local Computer Networks, pages 1–1, 2010.

359