Preventive Maintenance for Advanced Metering Infrastructure Against Malware Propagation

Advanced metering infrastructure (AMI) deployment has been widely promoted in recent years to improve the accuracy of billing information as well as to facilitate implementation of demand response. Information integrity and availability of the devices is crucial to the billing information that should reflect accurately on how much the household energy is consumed. The IP-based smart metering devices may exist with unknown vulnerabilities that can introduce back-doors to enable worm propagation across AMI network. The infected devices can be attack agents that would largely disable the metering functionalities or manipulate control variables of each meter. This paper proposes an optimal frequency of on-site investigation and the number of monitoring verification to investigate potential anomalies of malware footprinting by applying the decision process framework of Markovian. The proposed method determines the best inspection strategies based on the observation from the existing anomaly detectors deployed in the network. The considerations include malware propagation characteristics, accuracy of anomaly detectors, and investigation and diagnosis costs. Four scenarios are simulated using the proposed method, demonstrating the effectiveness of investigation on potentially infected electronic meters within an AMI network.