A Hybrid Query-Efficient Black-Box Adversarial Attack on Power System Event Classifiers

The widespread deployment of advanced sensors in power transmission systems enabled machine learning (ML) models for event detection and classification. However, recent research reveals that ML models are vulnerable to adversarial attacks, which can fool the trained classifier by adding a small pert...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:IEEE International Conference on Smart Grid Communications s. 359 - 365
Hlavní autoři: Cheng, Yuanbin, Yamashita, Koji, Yu, Nanpeng, Liu, Yang
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 17.09.2024
Témata:
Black-Box Adversarial Attack
Classification algorithms
Closed box
Estimation
Event Classification
Hybrid power systems
Phasor measurement units
Power system
Power transmission
Robustness
Sensor systems
Sensors
Smart grids
ISSN:2474-2902
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The widespread deployment of advanced sensors in power transmission systems enabled machine learning (ML) models for event detection and classification. However, recent research reveals that ML models are vulnerable to adversarial attacks, which can fool the trained classifier by adding a small perturbation to the original data. Previous studies on adversarial attacks in power systems focused on the white-box configuration, which requires the attacker to have full access to the ML model's structure and parameters, which is unrealistic for real-world scenarios. This paper focuses on the black-box adversarial attack, where attackers only have access to the ML model's inputs and outputs. We propose a hybrid query-efficient black-box adversarial attack method that synergistically combines two types of attack algorithms: score-based and boundary-based attacks. Furthermore, within the score-based attack method of our hybrid method, we propose a query-efficient sign gradient estimation algorithm based on the binary representation of the coordinates through a batch of elaborate queries. Experimental results on a large-scale real-world PMU dataset and the state-of-the-art event classifier have validated the effectiveness of the proposed black-box adversarial attack method.
ISSN:2474-2902
DOI:10.1109/SmartGridComm60555.2024.10738066