UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Detection of malicious activities against advanced metering infrastructure in smart grid Jokar, Paria


In this thesis we investigate security challenges in smart grid and propose several algorithms for detecting malicious activities against AMI. Our work includes two parts. In the first part, we focus on the problem of intrusion detection in ZigBee HANs. We study the requirements and challenges of designing intrusion detection systems for HANs, and suggest application of model based intrusion detection and automatic intrusion prevention techniques. Accordingly we design algorithms for detecting and preventing spoofing attacks as an important attack type against wireless networks. We extend this work to design an intrusion detection and prevention system for ZigBee HANs, HANIDPS, which is able to detect and automatically stop various attack types. Through extensive experiments and analysis we show that the proposed method is able to detect and stop the attacks with high precision, low cost and short delay, which makes it suitable for HANs. Considering that in HANIDPS the prevention operation is performed automatically, costs of false positives are low and limited to some network overhead. Also the delay in stopping the attacks is significantly shortened compared to when human intervention is required. This reduces the damages caused by possible attacks. In the next part, we focus on detection of cyber intrusions that affect the load curve. We suggest that by monitoring abnormalities in customers' consumption pattern these attacks are detectable. We introduce a consumption pattern based electricity theft detector, CPBETD, which unlike previous techniques is robust against nonmalicious changes in consumption pattern and provides a high and adjustable performance without jeopardizing customers' privacy. Extensive experiments on real dataset of 5000 customers show the effectiveness of our approach. We also introduce instantaneous anomaly detector, IAD, which by monitoring the usage patterns effectively detects attacks against direct and indirect load control which are some of the major concerns in AMI.

Item Media

Item Citations and Data


Attribution-NonCommercial-NoDerivs 2.5 Canada