ARIMA-based modeling and validation of consumption readings in power grids

Varun Badrinath Krishna, Ravishankar K. Iyer, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Smart meters are increasingly being deployed to measure electricity consumption of residential as well as non-residential consumers. The readings reported by these meters form a time series, which is stored at electric utility servers for billing purposes. Invalid readings may be reported because of malicious compromise of the smart meters themselves, or of the network infrastructure that supports their communications. Although many of these meters come equipped with encrypted communications, they may potentially be vulnerable to cyber intrusions. Therefore, there is a need for an additional layer of validation to detect these intrusion attempts. In this paper, we make three contributions. First, we show that the ARMA model proposed in the anomaly detection literature is unsuitable for electricity consumption as most consumers exhibit non-stationary consumption behavior. We use automated model fitting methods from the literature to show that first-order differencing of these non-stationary readings makes them weakly stationary. Thus, we propose the use of ARIMA forecasting methods for validating consumption readings. Second, we evaluate the effectiveness of ARIMA forecasting in the context of a specific attack model, where smart meter readings are modified to steal electricity. Third, we propose additional checks on mean and variance that can mitigate the total amount of electricity that can be stolen by an attacker by 77.46%. Our evaluation is based on a real, open dataset of readings obtained from 450 consumer meters.

Original languageEnglish (US)
Title of host publicationCritical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers
EditorsStephen D. Wolthusen, Stephen D. Wolthusen, Marianthi Theocharidou, Erich Rome
PublisherSpringer-Verlag
Pages199-210
Number of pages12
ISBN (Print)9783319333304
DOIs
StatePublished - Jan 1 2016
Event10th International Conference on Critical Information Infrastructures Security, CRITIS 2015 - Berlin, Germany
Duration: Oct 5 2015Oct 7 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9578
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th International Conference on Critical Information Infrastructures Security, CRITIS 2015
CountryGermany
CityBerlin
Period10/5/1510/7/15

Fingerprint

ARIMA
Smart meters
Electricity
Grid
Modeling
Forecasting
ARMA Model
Model Fitting
Communication
Anomaly Detection
Electric utilities
Time series
Servers
Server
Infrastructure
Attack
First-order
Evaluate
Evaluation

Keywords

  • ARIMA
  • ARMA
  • Anomaly
  • Attack
  • Auto
  • Average
  • Critical
  • Cyberphysical
  • Detection
  • Electricity
  • Forecasting
  • Infrastructure
  • Integrated
  • Measurements
  • Meter
  • Moving
  • Regressive
  • Security
  • Smart
  • Theft

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Krishna, V. B., Iyer, R. K., & Sanders, W. H. (2016). ARIMA-based modeling and validation of consumption readings in power grids. In S. D. Wolthusen, S. D. Wolthusen, M. Theocharidou, & E. Rome (Eds.), Critical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers (pp. 199-210). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9578). Springer-Verlag. https://doi.org/10.1007/978-3-319-33331-1_16

ARIMA-based modeling and validation of consumption readings in power grids. / Krishna, Varun Badrinath; Iyer, Ravishankar K.; Sanders, William H.

Critical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers. ed. / Stephen D. Wolthusen; Stephen D. Wolthusen; Marianthi Theocharidou; Erich Rome. Springer-Verlag, 2016. p. 199-210 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9578).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Krishna, VB, Iyer, RK & Sanders, WH 2016, ARIMA-based modeling and validation of consumption readings in power grids. in SD Wolthusen, SD Wolthusen, M Theocharidou & E Rome (eds), Critical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9578, Springer-Verlag, pp. 199-210, 10th International Conference on Critical Information Infrastructures Security, CRITIS 2015, Berlin, Germany, 10/5/15. https://doi.org/10.1007/978-3-319-33331-1_16
Krishna VB, Iyer RK, Sanders WH. ARIMA-based modeling and validation of consumption readings in power grids. In Wolthusen SD, Wolthusen SD, Theocharidou M, Rome E, editors, Critical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers. Springer-Verlag. 2016. p. 199-210. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-33331-1_16
Krishna, Varun Badrinath ; Iyer, Ravishankar K. ; Sanders, William H. / ARIMA-based modeling and validation of consumption readings in power grids. Critical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers. editor / Stephen D. Wolthusen ; Stephen D. Wolthusen ; Marianthi Theocharidou ; Erich Rome. Springer-Verlag, 2016. pp. 199-210 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{cb38891478bb428f95ace47c2a2a1f3c,
title = "ARIMA-based modeling and validation of consumption readings in power grids",
abstract = "Smart meters are increasingly being deployed to measure electricity consumption of residential as well as non-residential consumers. The readings reported by these meters form a time series, which is stored at electric utility servers for billing purposes. Invalid readings may be reported because of malicious compromise of the smart meters themselves, or of the network infrastructure that supports their communications. Although many of these meters come equipped with encrypted communications, they may potentially be vulnerable to cyber intrusions. Therefore, there is a need for an additional layer of validation to detect these intrusion attempts. In this paper, we make three contributions. First, we show that the ARMA model proposed in the anomaly detection literature is unsuitable for electricity consumption as most consumers exhibit non-stationary consumption behavior. We use automated model fitting methods from the literature to show that first-order differencing of these non-stationary readings makes them weakly stationary. Thus, we propose the use of ARIMA forecasting methods for validating consumption readings. Second, we evaluate the effectiveness of ARIMA forecasting in the context of a specific attack model, where smart meter readings are modified to steal electricity. Third, we propose additional checks on mean and variance that can mitigate the total amount of electricity that can be stolen by an attacker by 77.46{\%}. Our evaluation is based on a real, open dataset of readings obtained from 450 consumer meters.",
keywords = "ARIMA, ARMA, Anomaly, Attack, Auto, Average, Critical, Cyberphysical, Detection, Electricity, Forecasting, Infrastructure, Integrated, Measurements, Meter, Moving, Regressive, Security, Smart, Theft",
author = "Krishna, {Varun Badrinath} and Iyer, {Ravishankar K.} and Sanders, {William H.}",
year = "2016",
month = "1",
day = "1",
doi = "10.1007/978-3-319-33331-1_16",
language = "English (US)",
isbn = "9783319333304",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
pages = "199--210",
editor = "Wolthusen, {Stephen D.} and Wolthusen, {Stephen D.} and Marianthi Theocharidou and Erich Rome",
booktitle = "Critical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers",

}

TY - GEN

T1 - ARIMA-based modeling and validation of consumption readings in power grids

AU - Krishna, Varun Badrinath

AU - Iyer, Ravishankar K.

AU - Sanders, William H.

PY - 2016/1/1

Y1 - 2016/1/1

N2 - Smart meters are increasingly being deployed to measure electricity consumption of residential as well as non-residential consumers. The readings reported by these meters form a time series, which is stored at electric utility servers for billing purposes. Invalid readings may be reported because of malicious compromise of the smart meters themselves, or of the network infrastructure that supports their communications. Although many of these meters come equipped with encrypted communications, they may potentially be vulnerable to cyber intrusions. Therefore, there is a need for an additional layer of validation to detect these intrusion attempts. In this paper, we make three contributions. First, we show that the ARMA model proposed in the anomaly detection literature is unsuitable for electricity consumption as most consumers exhibit non-stationary consumption behavior. We use automated model fitting methods from the literature to show that first-order differencing of these non-stationary readings makes them weakly stationary. Thus, we propose the use of ARIMA forecasting methods for validating consumption readings. Second, we evaluate the effectiveness of ARIMA forecasting in the context of a specific attack model, where smart meter readings are modified to steal electricity. Third, we propose additional checks on mean and variance that can mitigate the total amount of electricity that can be stolen by an attacker by 77.46%. Our evaluation is based on a real, open dataset of readings obtained from 450 consumer meters.

AB - Smart meters are increasingly being deployed to measure electricity consumption of residential as well as non-residential consumers. The readings reported by these meters form a time series, which is stored at electric utility servers for billing purposes. Invalid readings may be reported because of malicious compromise of the smart meters themselves, or of the network infrastructure that supports their communications. Although many of these meters come equipped with encrypted communications, they may potentially be vulnerable to cyber intrusions. Therefore, there is a need for an additional layer of validation to detect these intrusion attempts. In this paper, we make three contributions. First, we show that the ARMA model proposed in the anomaly detection literature is unsuitable for electricity consumption as most consumers exhibit non-stationary consumption behavior. We use automated model fitting methods from the literature to show that first-order differencing of these non-stationary readings makes them weakly stationary. Thus, we propose the use of ARIMA forecasting methods for validating consumption readings. Second, we evaluate the effectiveness of ARIMA forecasting in the context of a specific attack model, where smart meter readings are modified to steal electricity. Third, we propose additional checks on mean and variance that can mitigate the total amount of electricity that can be stolen by an attacker by 77.46%. Our evaluation is based on a real, open dataset of readings obtained from 450 consumer meters.

KW - ARIMA

KW - ARMA

KW - Anomaly

KW - Attack

KW - Auto

KW - Average

KW - Critical

KW - Cyberphysical

KW - Detection

KW - Electricity

KW - Forecasting

KW - Infrastructure

KW - Integrated

KW - Measurements

KW - Meter

KW - Moving

KW - Regressive

KW - Security

KW - Smart

KW - Theft

UR - http://www.scopus.com/inward/record.url?scp=84978646744&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84978646744&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-33331-1_16

DO - 10.1007/978-3-319-33331-1_16

M3 - Conference contribution

AN - SCOPUS:84978646744

SN - 9783319333304

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 199

EP - 210

BT - Critical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers

A2 - Wolthusen, Stephen D.

A2 - Wolthusen, Stephen D.

A2 - Theocharidou, Marianthi

A2 - Rome, Erich

PB - Springer-Verlag

ER -