Detecting Intrusive Activity in the Smart Grid Communications Infrastructure Using Self-Organizing Maps

The Smart Grid Infrastructure (SGI) provides for sustainable, affordable and uninterrupted electricity supply to consumers. The communications infrastructure of the SGI is prone to several malicious attacks identified in the recent past. Customer-specific electricity readings are communicated up the SGI hierarchy from consumer devices to centralized servers through intermediary devices such as smart meters and data concentrators/aggregators. In this paper, we model the attacks against the home area network of the SGI, through definition and generation of routine device behaviors. Any observed deviation from the defined normal profile is labeled as a malicious attack. Subsequently, we propose a Self-Organizing Map (SOM)-based approach towards training and testing of centralized SGI devices to qualify them for identifying anomalies accurately. The proposed scheme is capable of detecting anomalous readings within a consumer´s household, with reasonable accuracies.