A Hybrid Query-Efficient Black-Box Adversarial Attack on Power System Event Classifiers

The widespread deployment of advanced sensors in power transmission systems enabled machine learning (ML) models for event detection and classification. However, recent research reveals that ML models are vulnerable to adversarial attacks, which can fool the trained classifier by adding a small pert...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:IEEE International Conference on Smart Grid Communications s. 359 - 365
Hlavní autori: Cheng, Yuanbin, Yamashita, Koji, Yu, Nanpeng, Liu, Yang
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 17.09.2024
Predmet:
Black-Box Adversarial Attack
Classification algorithms
Closed box
Estimation
Event Classification
Hybrid power systems
Phasor measurement units
Power system
Power transmission
Robustness
Sensor systems
Sensors
Smart grids
ISSN:2474-2902
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:The widespread deployment of advanced sensors in power transmission systems enabled machine learning (ML) models for event detection and classification. However, recent research reveals that ML models are vulnerable to adversarial attacks, which can fool the trained classifier by adding a small perturbation to the original data. Previous studies on adversarial attacks in power systems focused on the white-box configuration, which requires the attacker to have full access to the ML model's structure and parameters, which is unrealistic for real-world scenarios. This paper focuses on the black-box adversarial attack, where attackers only have access to the ML model's inputs and outputs. We propose a hybrid query-efficient black-box adversarial attack method that synergistically combines two types of attack algorithms: score-based and boundary-based attacks. Furthermore, within the score-based attack method of our hybrid method, we propose a query-efficient sign gradient estimation algorithm based on the binary representation of the coordinates through a batch of elaborate queries. Experimental results on a large-scale real-world PMU dataset and the state-of-the-art event classifier have validated the effectiveness of the proposed black-box adversarial attack method.
ISSN:2474-2902
DOI:10.1109/SmartGridComm60555.2024.10738066