Review of Cyber-Physical Attacks and Counter Defense

Mechanisms for Advanced Metering Infrastructure in Smart Grid

Longfei Wei, Luis Puche Rondon, Amir Moghadasi, and Arif I. Sarwat
Department of Electrical and Computer Engineering, Florida International University, Miami, Florida, USA,
Emails: {lwei004, lpuch002, amogh004, asarwat}@fiu.edu

Abstract—The Advanced Metering Infrastructure (AMI) is a

vital element in the current development of the smart grid. AMI
technologies provide electric utilities with an effective way of con-
tinuous monitoring and remote control of smart grid components.
However, owing to its increasing scale and cyber-physical nature,
the AMI has been faced with security threats in both cyber and
physical domains. This paper provides a comprehensive review of
the crucial cyber-physical attacks and counter defense mechanisms
in the AMI. First, two attack surfaces are surveyed in the AMI
including the communication network and smart meters. The
potential cyber-physical attacks are then reviewed for each attack
surface. Next, the attack models and their cyber and physical Fig. 1: The AMI network model and its main components.
impacts on the smart grid are studied for comparison. Counter
defense mechanisms that help mitigate these security threats are traffic on the network. A malicious attack targetting smart
discussed. Finally, several mathematical tools which may help in meters is introduced in [10], where an attacker can alter the
analysis and implementation of security solutions are summarized. meter measurement data. A cyber attack scenario of an attacker
Index Terms—AMI, Attack Surface, Cyber-Physical Security,
hacking the AMI communication network and performing DoS
Defense Mechanism, Smart Grid
attacks is simulated in [11].
I. I NTRODUCTION This paper intends to provide a systematic summary of the
The smart grid is a complex cyber-physical system (CPS) critical cyber-physical attacks and counter defense mechanisms
incorporating various spatially distributed subsystems including in the AMI, and survey main mathematical tools for analyzing
sensors, actuators, and controllers, which is expected to be a these attack-defense scenarios. In particular, this paper has three
critical technological infrastructure for our nation [1]. The AMI main objectives listed as follows:
is one important element of the smart grid being implemented 1) Survey the two main attack surfaces in the AMI and the
allowing for bi-directional communication between electric util- potential cyber-physical attacks for each attack surface.
ity companies and customers [2]–[4]. As shown in Fig. 1, the 2) Study the attack models and their cyber and physical
AMI mainly integrates the information/communication network, impacts on the smart grid.
smart meters, and meter data management system (MDMS). 3) Summary countermeasure approaches and analytical
The communication network of the AMI is primarily comprised frameworks which can help in analyzing the AMI attack-
of three important areas including home area network (HAN), defense scenarios and devising proper defense strategies.
wide area network (WAN), and the utility system. Smart meters
are the main customer-side installed electronic devices in the II. C YBER -P HYSICAL S ECURITY T HREATS IN AMI
AMI, which forward the customers’ electricity consumption As a critical point between electric utilities and customers,
information to the electric utility. The utility then integrates the security of AMI is an important area for the smart grid mon-
these information to generate electricity bills, enable demand itoring and operation and the customers’ privacy. For example,
response, predict user electricity consumption patterns, and a malicious attacker can manually compromise smart meters
update pricing in real time. and change the meter measurements, affecting the integrity of
Due to its increasing scale and cyber-physical nature, the reported data. Moreover, the information and communication
security issues of the AMI have become a recent area of technologies (ICTs) integrated with the AMI opens window
interest [5]–[11]. According to the 2014 McAfee report [7], for potential hackers, where cyber attacks can compromise
80% of the surveyed electric utilities have faced at least one electronic devices, and insert bad data into the communication
large-scale Denial of Service (DoS) attack to their communica- network. Owing to the expansive deployment of the AMI
tion networks, and 85% of the utilities have suffered network devices, these cyber-physical attacks can have the potential to
infiltrations. Potential cyber security threats and vulnerabilities disconnect electricity from end consumers, even leading the
existing in the AMI are analyzed in [8]. For a specific DoS cascading failures in smart grid and other connected critical
attack targeted at the AMI communication network, the attack infrastructures such as transportation and telecommunications.
model and its physical impact are proposed in [9], where an In this section, we will review two main attack surfaces in the
attacker may compromise the AMI devices and disrupt data AMI including the smart meter and the communication network,

978-1-5386-5583-2/18/$31.00 ©2018 del

Authorized licensed use limited to: Universidad IEEE
Valle. Downloaded on September 17,2025 at 20:05:10 UTC from IEEE Xplore. Restrictions apply.
 Fig. 2: Typical elements of smart meter.
and provide a summary of the potential cyber-physical attacks
targeted at each one. Fig. 3: The communication network of AMI and the potential
A. Smart Meters cyber-physical attacks targeted at the network.
Smart meters are electronic devices which records consump- the link to the local HAN on the consumers’ side through WiFi,
tion and then reports this information back to the utility, often Zigbee or Z-wave protocols. The communication network then
in assigned intervals. Smart meter facilitates the dash boarding connect to the utilitys WAN, which is usually an Ethernet infras-
of smart grid system monitoring, automated operation, system tructure. Moreover, the communications network is distributed
recovery, dynamic electricity pricing, and more consumption- through an urban sector in company with the smart grid. The
based customer services, whose typical elements are shown in scale of this network can vary from a couple of hundreds to
Fig. 2. Traditional meters were already susceptible to physical thousands of smart meter data collector devices. Each collector
attacks due to their importance, but smart meters open another is capable of serving thousands of smart meters, raising the
window that cyber attackers can get access to. In design, smart number of devices to multiple thousands or millions in total.
meters are purchased in bulk (by the millions) and thus driven Therefore, the vulnerabilities of the AMI communication net-
by low cost. As a result, internal hardware and firmware may work can be exploited or disabled by attacks on the underlying
be limited. In the sense of capabilities, it means that security communication infrastructure, insertion of false user requests,
often takes a backseat when design must meet both the cost unauthorized alteration of demand side schedules and illegal
and requirements. Coupled with the vase number in deployment market manipulation; all of which can impact system operations
and limited defense resource, a series of the theoretical and and result in both power shortage, loss of trust and negative
demonstrated attacks aimed at compromising smart meters [12]– economic impacts. As illustrated in Fig. 3, the potential and
[20] are shown as follows: demonstrated attacks aimed at the communication network [6]–
• Denial of Service (DoS) Attacks compromise smart meters [11], [21]–[23] are shown as follows:
by overwhelming a network or tampering with the routing. • Distributed Denial of Service (DDoS) Attacks which target
This attack can render a meter incapable of responding to AMI communication networks’ data collector, preventing
any request from electric utilities or consumers. the normal communication between Wide Area Network
• False Data Injection Attacks (FDIAs) insert random and/or (WAN) and Neighborhood Area Network (NAN).
deliberate errors within normal smart meter traffic activity • False Data Injection Attacks (FDIAs) introduce random
to cause corrupted measurements to deliverately cause and corrupted data within standard traffic activity in order
issues in the smart grid network. to cause invalid measurements with the goal of disrupting
• De-pseudonymization Attacks compromise identity and pri- the AMI network.
vacy of smart meter data. • Physical Attacks that compromise the smart meter data
• Man-in-the-Middle Attacks where attackers can place collectors, and disrupt the communication between the
themselves between electric utilities and customers. electric utility and the end customer of power.
• Meter Spoofing and Energy Fraud Attacks can get the ID • WiFi/ZigBee Attacks in the AMI communication networks
number of smart meter through physical access. that attack the WiFi/ZigBee networks in Home Area Net-
• Authentication Attacks can authenticate hackers as a valid work (HAN).
customer via methods such as stealing a session or acquir- • Internet Attacks that compromise the software and systems
ing the authentication from memory. in electric utilities.
• Disaggregation Attacks attempt to profile customer energy • Data Confidentiality Attack attempts to compromise the
consumption behavior. information between electric utilities and end customers
B. AMI Communication Network by targeting the hardware within the AMI communication
The communication network is a key component of the AMI network.
that links the devices using a wireless Frequency Hopping A summary of the different types of cyber and physical
Spread Spectrum (FHSS) mesh or a similar type cellular net- attacks targeted at the AMI systems including the smart meter
work. The AMI communication network usually accomplishes and the communication network is shown in Table I.

Authorized licensed use limited to: Universidad del Valle. Downloaded on September 17,2025 at 20:05:10 UTC from IEEE Xplore. Restrictions apply.
 TABLE I: Cyber and Physical Attacks Targeted at the AMI
Attack Target
Attack Type
Smart Meter AMI Communication Network
1. Meter Manipulation
Physical 1. Physical Attack
2. Meter Spoofing and Energy Fraud Attack
Availability 1. Denial of Service (DoS) 1. Distributed Denial of Service (DDoS)
Cyber
Integrity 1. False Data Injection Attack (FDIA) 2. False Data Injection Attack (FDIA)
1. De-pseudonymization Attack
1. WiFi/ZigBee Attack
2. Man-in-the-middle Attack
Confidentiality 2. Internet Attack
3. Authentication Attack
3. Data Confidentiality Attack
4. Disaggregation Attack

III. D EFENSE M ECHANISMS IN S MART M ETERS allow visualization in a two-dimensional space. Third, anomaly
Among the cyber-physical security threats faced by the smart detection takes place in a set of data that includes the usage
meters, electricity theft is a major security challenge caused of all consumers. This means that an attacker would have
by meter manipulation and FDIA, where malicious attackers trouble reverse engineering and avoiding detection as it would
can alter consumption measurements collected by smart meters. require two things. Complete knowledge of every smart meter
According to a World Bank report [24], [25], electricity theft and all consumer information being within the communications
reaches up to 50% in some jurisdictions of developing countries. network.
The significance of security for smart meters has been a well- In [17], usage data was proved to be non-stationary and Auto
researched topic in the literature, where the focus is on ensuring Regressive Integrated Moving Average (ARIMA) forecasting
power availability at all times [13], [26]. Traditional research methods were proposed to validate readings. First, the ARMA
for detecting electricity theft has focused on implementing model is ill-suited for anomaly detection in electricity consump-
specific devices, like wireless sensors and balance meters, to tion since most customers use up their power in a non-stationary
provide a high theft detection rate [22], [23]. An anti-tampering manner. The ARIMA forecasting methods are introduced for
sensor based AMI intrusion detection mechanism was intro- validating electricity consumption readings. Second, to evaluate
duced in [22], where anti-tampering sensors were embedded the effectiveness of forecasting with ARIMA; a scenario where
into smart meters. In [23], a limited number of balanced meters smart meters were tampered with to allow electricity theft was
were installed in the smart grid distribution network, so that evaluated. Third, introducing complementary checks on factors
the system operator can detect whether abnormal smart meters such as mean and variance was found to aid in the mitigation
existing in the network. Since additional devices need to be of electricity theft by 77.56%
installed in these works, the cost of detecting the abnormal ac- In [18], CPBETF (Consumption Pattern-Based Energy Theft
tions of millions of smart meters will be significantly increases. Detector) which employs a multi-class Support Vector Machine
Moreover, all of these works cannot detect specific smart meters (SVM) for each customer was formulated. In this detection,
that being hacked. transformer meters measure the total consumption of each
A. Machine Learning for Electricity Theft Detection neighborhood. Then, the total usage reported by the smart
Recently, machine learning have been used to train a classifier meters is compared to the measurements from the transformers.
based on detailed electricity usage measurements, which aims to Users and clients will be marked as suspicious if a nontechnical
classify the normal usage versus electricity theft. The basic pro- loss (NTL) is detected at this level. A Users past data as well
cedure of this approach consists of seven parts: data collection as synthetic attack datasets are used to train a multi-class SVM
and preprocessing, feature extraction, machine learning based (support vector machine). With this, a classifier can be generated
classifier training, data classification, and suspected electricity to determine whether the recent sample is either benign or
theft generation. malicious.
In [16], Principal Component Analysis (PCA) based theft Apart from the above techniques many other classification
detection was proposed to detect abnormalities in electricity methods exist for detection of energy theft. Methods such as,
consumption behavior. A method is proposed which leverages fuzzy logic classification and neural networks are also feasible.
the Density-Based Spatial Clustering of Applications with Noise However, these works ignore the attack models of potential
(DBSCAN) algorithm, and this procedure is shown to properly thieves and the effectiveness of anomaly detector was only
detect abnormalities in consumption behavior when used with evaluated based on given datasets of attack examples.
PCA. There are three advantages with the use of this method. B. Game Theory for Electricity Theft Detection
First, the researchers could calculate the consumption trends Game theoretic theft detection schemes have been proposed
which repeat over time by extracting principal components recently and provide another angle on solving the electricity
which retain the maximum amount of variance in the data. theft issues [12], [19]. To solve the problem of theft detection,
Components that belong in the lower variance are filtered out a single leader, multi-follower Stackelberg game can be formu-
as noise in usage behavior. Second, to process the massive lated between the utility and thieves to characterize strategic
amount of data, the two principal components are noted to interactions between the two [12]. In this game, the utility

Authorized licensed use limited to: Universidad del Valle. Downloaded on September 17,2025 at 20:05:10 UTC from IEEE Xplore. Restrictions apply.
 TABLE II: Different Application Techniques for Electricity Theft Detection
Electricity Theft Detection Techniques Advantage Disadvantage
Traditional Method Anti-tampering Sensor [22] 1. Not identify specific meters being compromised
1. Reduce risks due to non-billed electricity
[22-26] 2. Increase the cost of deploying and operating
Trusted Balanced Meter [23]
PCA based detection [16] 1. Implement of Meter Data Management System 1. Ignore the attack models of potential thieves
Machine Learning
2. Train a classifier based on usage data 2. Evaluate effectiveness only on given attack example
[16-18] ARIMA based Detection [17] 3. Increase effectiveness of theft detection 3. Ignore the privacy of customer consumption
SVM based Detection [18]
1. Propose interactions between utility and thieves
Game Theory [12] Stackelberg Game [12] 2. Consider the worst case of electricity theft 1. Ignore coordination between the electricity thieves
3. Consider the privacy of customer consumption

intended to maximize the detection probability and minimize TABLE III: Game Theoretic Applications
the investment in monitoring fraud. On the other hand, each
electricity thief was to steal a certain amount of power and Game Theoretic Applicaitons Game Features
minimize the probability being uncovered. Based on the Nash 1. Noncooperative
equilibrium of the formulated game, the optimal strategies for Defending AMI communication network 2. Static
against data confidentiality attacks [28] 3. Two-player
the defender are derived for selecting the sample rate and the 4. Nash equilibrium
optimal tariff. 1. Noncooperative
However, these works assume all electricity thieves as a Protecting AMI communication network 2. Stackerlberg
player, and the competition between thieves was ignored in the against data confidentiality attacks [29] 3. Two-player
4. Stackerlberg equilibrium
model. If thieves add high loads to the distribution networks and
steal electricity at the same time, the resulting power surges and 1. Noncooperative
Protecting AMI communication network 2. Bayesian
electrical system failures can cause power outages, raising the against DDoS attacks [31] 3. Multiple-player
possibility of thefts being detected. A summary of the different 4. Nash equilibrium
applications for electricity theft in the AMI is shown in Table II. P
which is subject to a budget constraint i si ≤ S ≤ N, ∀i.
IV. D EFENSE M ECHANISMS IN AMI C OMMUNICATION The attacker and defender’s utility functions are determined by
N ETWORK the data value or security asset Wi for each node i. Take a
In this section, we first study the model of the AMI commu- case where the defender and attacker know everything about a
nication network. Then, we survey two specific game-theoretic system. In this case the Nash equilibrium by definition is the
models for defending the communication network against data optimal arrangement which provides the most utility to each
confidentiality attacks and distributed DoS attacks, respectively. player from the actions of other players [28], [29]. In the end,
Consider the AMI communication network as a tree-pattern The Nash equilibrium can derive the behavior to be expected
architecture T with one root node, where nodes represent the from both attacker and defender.
AMI devices. Let N = {1, 2, ..., N } denote the set of nodes in However, assume the attacker chooses their strategy based
T , where N is the total number of nodes, and the root node on based on security techniques deployed in the target system.
is referred as 1. Each node i ∈ N \ {1} records data from its Therefore, the interactions between the two can be formulated
children nodes Ch(i), combines this data as a whole, and finally by a Stackelberg game [30]. In this game, the defender acts
sends it to its respective parent node f (i). Assume that a total as a leader which attempts to compose encryption rates. The
of N aggregation levels existing in T , and let Ni denote the set defenders purpose is to adjust encryption rates to protect the
of nodes belonging to the i-th aggregation level. In the attack- security of the most amount of data possible. The method
defense scenario, the attacker can select each node for attacking. which the Stackelberg games solve the problem is backwards
Therefore, game theory provides a way for the defender to find induction, producing a solution known as Stackelberg Equilib-
the optimal defense mechanism. rium (SE) [29]. In this game, the defender may anticipate the
A. Defense Mechanisms for Data Confidentiality Attacks attackers actions, find an efficient defense budget, and create
In [27], the data confidentiality attacks in the AMI commu- the optimal encryption rate on each device in the AMI with the
nication network are analyzed. In this attack-defense scenario, help of the SE in order to mitigate attacks.
the attacker aims to compromise the AMI data by attacking the B. Defense Mechanisms for Distributed DoS Attacks
nodes of the communication network T without being detected. In [31], the honeypot based defense mechanism is imple-
Correspondingly, out of a set, the defender may pick one secu- mented for countering distributed DoS attacks in the AMI com-
rity mode available for each node. A two-player noncooperative munication network, where honeypots are defined as defense
game is formulated to model the interaction between the two. resources that help lure, discover, and gather attack information.
In this game, the attacker’s strategy is defined as the probability A Bayesian honeypot game model is formulated between benign
p
P i of attacking node i, which is subject to a budget limitation, users and malicious ones. The equilibrium in conditions can be
i pi ≤ P ≤ 1, ∀i. In contrast, the defender’s strategy is achieved for deriving the strategies in use of honeypots and
defined as the encryption rate si of the packets at node i, anti-honeypots.

Authorized licensed use limited to: Universidad del Valle. Downloaded on September 17,2025 at 20:05:10 UTC from IEEE Xplore. Restrictions apply.
 The Bayesian game is defined as follows: G1 as G1 , [7] S. Baker, N. Filipiak, and K. Timlin, “In the dark: Crucial industries
{{Z, W}, {FZ , FW }, {JZ , JW }}, where Z , {Z1 , Z2 , Z3 } confront cyber attacks,” 2014.
[8] E. Naone, “Hacking the smart grid,” 2010.
usually represent an array of services such as: honeypots, real [9] P. Yi, T. Zhu, Q. Zhang, Y. Wu, and J. Li, “A denial of service attack
communications, and anti-honeypots. As provided by the smart in advanced metering infrastructure network,” in 2014 IEEE International
grid; W , {W1 , W2 } is the set of unique visitors: in this Conference on Communications (ICC), June 2014, pp. 1029–1034.
[10] P. McDaniel and S. McLaughlin, “Security and privacy challenges in the
case non-malicious users and malicious attackers. {FZ , FW } smart grid,” IEEE Security Privacy, vol. 7, no. 3, pp. 75–77, May 2009.
denotes the set of strategies used by the attackers and honeypots [11] F. M. Cleveland, “Cyber security issues for advanced metering infrasttruc-
respectively. FZ , {Ω1 , Ω2 } denotes a binary variable. Ω1 ture (ami),” in 2008 IEEE Power and Energy Society General Meeting -
Conversion and Delivery of Electrical Energy in the 21st Century, July
represents a service which is being provided. FW , {Λ1 , Λ2 } 2008, pp. 1–5.
also represent a set of binary variables. To represent providing [12] S. Amin, G. A. Schwartz, A. A. Cardenas, and S. S. Sastry, “Game-
access: Λ1 is used. {JZ , JW } denotes player payoff, where theoretic models of electricity theft detection in smart utility networks:
Providing new capabilities with advanced metering infrastructure,” IEEE
JZ represents the real server payoffs and JW represents the Control Systems, vol. 35, no. 1, pp. 66–81, Feb 2015.
payoff for the visitors. The payoffs of legitimate users and [13] R. Jiang, R. Lu, Y. Wang, J. Luo, C. Shen, and X. S. Shen, “Energy-
attackers are analyzed via game trees. To evaluate the overall theft detection issues for advanced metering infrastructure in smart grid,”
Tsinghua Science and Technology, vol. 19, no. 2, pp. 105–120, April 2014.
performance of the proposed scheme, an AMI network testbed [14] S. McLaughlin, B. Holbert, A. Fawaz, R. Berthier, and S. Zonouz, “A
is constructed. A summary of the different game-theoretic multi-sensor energy theft detection framework for advanced metering
applications for protecting the AMI communication network is infrastructures,” IEEE Journal on Selected Areas in Communications,
vol. 31, no. 7, pp. 1319–1330, July 2013.
shown in Table III. [15] E. de Buda, “System for accurately detecting electricity theft,” Patent US
20 100 007 336 A1, January, 2010.
V. C ONCLUSION [16] V. Badrinath Krishna, G. A. Weaver, and W. H. Sanders, PCA-Based
Method for Detecting Integrity Attacks on Advanced Metering Infrastruc-
In this paper, we provide a comprehensive overview on ture. Cham: Springer International Publishing, 2015, pp. 70–85.
the potential cyber and physical attacks targeted at the AMI, [17] V. Badrinath Krishna, R. K. Iyer, and W. H. Sanders, ARIMA-Based
especially in smart meters and the communication network. Modeling and Validation of Consumption Readings in Power Grids.
Cham: Springer International Publishing, 2016, pp. 199–210.
We have identified the main security threat for smart meters: [18] P. Jokar, N. Arianpoo, and V. C. M. Leung, “Electricity theft detection in
electricity theft, and categorized three detection mechanisms ami using customers’ consumption patterns,” IEEE Transactions on Smart
including device implementation, machine learning and game Grid, vol. 7, no. 1, pp. 216–226, Jan 2016.
[19] A. A. Crdenas, S. Amin, G. Schwartz, R. Dong, and S. Sastry, “A
theory. Machine learning provides a more efficient way for game theory model for electricity theft detection and privacy-aware
theft detection than device implementation. And game theory control in ami systems,” in 2012 50th Annual Allerton Conference on
formulates the interaction model between utility and thieves Communication, Control, and Computing (Allerton), Oct 2012, pp. 1830–
1837.
for optimal detection strategies. Game theory is expected to [20] S. Amin, G. A. Schwartz, A. A. Cardenas, and S. S. Sastry, “Game-
become a key analysis tool for analyzing cyber-physical security theoretic models of electricity theft detection in smart utility networks:
issues. Therefore, for AMI communication network, we survey Providing new capabilities with advanced metering infrastructure,” IEEE
Control Systems, vol. 35, no. 1, pp. 66–81, Feb 2015.
two specific game-theoretic models for protecting the network [21] F. Milano, C. Canizares, and M. Invernizzi, “Multi-objective optimization
against data confidentiality attacks and distributed DoS attacks, for pricing system security in electricity markets,” IEEE Trans. on Power
respectively. As we have reviewed, game theory provides a way Syst., vol. 18, no. 2, pp. 596–604, 2003.
[22] K. Xie, Y.-H. Song, J. Stonham, E. Yu, and G. Liu, “Decomposition
to predict the rational attack actions and derive the optimal model and interior point methods for optimal spot pricing of electricity
defense strategies against potential attacks. in deregulation environments,” IEEE Trans. Power Syst., vol. 15, no. 1,
pp. 39–50, 2000.
VI. ACKNOWLEDGEMENT [23] M. Esmalifalak, G. Shi, Z. Han, and L. Song, “Bad data injection attack
and defense in electricity market using game theory study,” IEEE Trans.
This work was supported by the National Science Foundation Smart Grid, vol. 4, no. 1, pp. 160–169, Mar. 2013.
under Grants CNS-1553494 (NSF) and 800006104 (DOE). [24] “EBIOS expression of needs and identification of security objectives risk
management method,,” ANSSI, Tech. Rep., January 2010.
R EFERENCES [25] L. Wei, A. H. Moghadasi, A. Sundararajan, and A. Sarwat, “Defending
mechanisms for protecting power systems against intelligent attacks,” in
[1] L. Wei, A. Sarwat, W. Saad, and S. Biswas, “Stochastic games for power Proc. IEEE 10th SoSE Conf., San Antonio, the United States, May 2015.
grid protection against coordinated cyber-physical attacks,” IEEE Trans. [26] L. Wei, A. I. Sarwat, and W. Saad, “Risk assessment of coordinated cyber-
on Smart Grid, vol. PP, no. 99, pp. 1–1, 2017. physical attacks against power grids: A stochastic game approach,” in 2016
[2] I. Parvez, A. Sundararajan, and A. Sarwat, “Frequency band for han and IEEE Industry Applications Society Annual Meeting, Oct 2016, pp. 1–7.
nan communication in smart grid,” in IEEE Symposium on Computational [27] Z. Ismail, J. Leneutre, D. Bateman, and L. Chen, “A game theoretical
Intelligence Applications in Smart Grid (CIASG), Orlando, Dec. 2014. analysis of data confidentiality attacks on smart-grid ami,” IEEE Journal
[3] A. Anzalchi and A. Sarwat, “A survey on security assessment of metering on Selected Areas in Communications, vol. 32, no. 7, pp. 1486–1499, July
infrastructure in smart grid systems,” in IEEE Southeast Conference, Fort 2014.
Lauderdale, 2015. [28] R. B. Myerson, Game Theory, Analysis of Conflict. Cambridge, MA,
[4] I. Parvez, A. I. Sarwat, L. Wei, and A. Sundararajan, “Securing metering USA: Harvard University Press, Sep. 1991.
infrastructure of smart grid: A machine learning and localization based [29] L. Shapley, “Stochastic games,” in Proc. Nat. Acad. Sci. USA, vol. 39,
key management approach,” Energies, vol. 9, no. 9, 2016. 1953, pp. 1095–1100.
[5] P.-Y. Chen, S. M. Cheng, and K.-C. Chen, “Smart attacks in smart grid [30] A. Neyman and S. Sorin, Stochastic Games and Applications. New York:
communication networks,” IEEE Commun. Mag., vol. 50, no. 8, pp. 24– Kluwer Academic, Jul. 1999.
29, 2012. [31] K. Wang, M. Du, S. Maharjan, and Y. Sun, “Strategic honeypot game
[6] S. Sridhar, A. Hahn, and M. Govindarasu, “Cyber attack-resilient control model for distributed denial of service attacks in the smart grid,” IEEE
for smart grid,” in 2012 IEEE PES Innovative Smart Grid Technologies Transactions on Smart Grid, vol. PP, no. 99, pp. 1–1, 2017.
(ISGT), Jan 2012, pp. 1–3.

Authorized licensed use limited to: Universidad del Valle. Downloaded on September 17,2025 at 20:05:10 UTC from IEEE Xplore. Restrictions apply.