Clustering and Ensemble Based Approach for Securing Electricity Theft Detectors Against Evasion Attacks

In smart power grids, electricity theft causes huge economic losses to electrical utility companies. Machine learning (ML), especially deep neural network (DNN) models hold state-of-the-art performance in detecting electricity theft cyberattacks. However, DNN models are vulnerable to adversarial attacks, i.e., evasion attacks. In this work, we, first, study the vulnerability of the DNN-based electricity theft detectors against evasion attacks and the influence of the model's regularization (generalization) and transferability on robustness. Then, we cluster the power consumers and train a detector for each cluster, and compare the performance and robustness of this detector to a global detector that is trained on all the consumers' data. The results indicate that the cluster-based detector is not only more robust against evasion attacks but also enhances normal classification accuracy because its training data has more consumption pattern similarity compared to the training data of the global detector which requires higher level of regularization. Then, we develop a cluster-based parallel-ensemble electricity theft detector to achieve high robustness against evasion attacks and high detection accuracy. The proposed detector has two levels of defense, including clustering and ensemble, where clustering decreases regularization and improves robustness, and the ensemble of diverse decision models improves robustness against transferability. We evaluate the detector on different threat models, including Blackbox and Graybox with different knowledge about defense strategy, model architecture, and training dataset. The evaluation results indicate that unlike the existing solutions that sacrifice the normal accuracy of the model to improve the robustness against evasion attacks, the proposed detector outperforms the benchmark defenses in terms of robustness and normal classification accuracy.