@inproceedings{cb38891478bb428f95ace47c2a2a1f3c,
title = "ARIMA-based modeling and validation of consumption readings in power grids",
abstract = "Smart meters are increasingly being deployed to measure electricity consumption of residential as well as non-residential consumers. The readings reported by these meters form a time series, which is stored at electric utility servers for billing purposes. Invalid readings may be reported because of malicious compromise of the smart meters themselves, or of the network infrastructure that supports their communications. Although many of these meters come equipped with encrypted communications, they may potentially be vulnerable to cyber intrusions. Therefore, there is a need for an additional layer of validation to detect these intrusion attempts. In this paper, we make three contributions. First, we show that the ARMA model proposed in the anomaly detection literature is unsuitable for electricity consumption as most consumers exhibit non-stationary consumption behavior. We use automated model fitting methods from the literature to show that first-order differencing of these non-stationary readings makes them weakly stationary. Thus, we propose the use of ARIMA forecasting methods for validating consumption readings. Second, we evaluate the effectiveness of ARIMA forecasting in the context of a specific attack model, where smart meter readings are modified to steal electricity. Third, we propose additional checks on mean and variance that can mitigate the total amount of electricity that can be stolen by an attacker by 77.46%. Our evaluation is based on a real, open dataset of readings obtained from 450 consumer meters.",
keywords = "ARIMA, ARMA, Anomaly, Attack, Auto, Average, Critical, Cyberphysical, Detection, Electricity, Forecasting, Infrastructure, Integrated, Measurements, Meter, Moving, Regressive, Security, Smart, Theft",
author = "Krishna, {Varun Badrinath} and Iyer, {Ravishankar K.} and Sanders, {William H.}",
note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2016.; 10th International Conference on Critical Information Infrastructures Security, CRITIS 2015 ; Conference date: 05-10-2015 Through 07-10-2015",
year = "2016",
doi = "10.1007/978-3-319-33331-1_16",
language = "English (US)",
isbn = "9783319333304",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "199--210",
editor = "Wolthusen, {Stephen D.} and Wolthusen, {Stephen D.} and Marianthi Theocharidou and Erich Rome",
booktitle = "Critical Information Infrastructures Security - 10th International Conference, CRITIS 2015, Revised Selected Papers",
address = "Germany",
}