Detection of Demand Manipulation Attacks on a Power Grid

An increased usage in IoT devices across the globe has posed a threat to the power grid. When an attacker has access to multiple IoT devices within the same geographical location, they can possibly disrupt the power grid by regulating a botnet of high-wattage IoT devices. Anomaly detection comes handy to inform the power operator of an anomalous behavior during such an attack. However, it is difficult to detect anomalies when attacks take place obscurely and for prolonged time periods. To effectively detect such attacks, we propose a novel dynamic thresholding mechanism that is used with prediction-based anomaly score techniques. We compare our detection rates to predefined thresholding mechanisms and commercial detection methods and observe that our method improves the detection rate up to 97% across different attacks that we generate.