A Hybrid Query-Efficient Black-Box Adversarial Attack on Power System Event Classifiers

The widespread deployment of advanced sensors in power transmission systems enabled machine learning (ML) models for event detection and classification. However, recent research reveals that ML models are vulnerable to adversarial attacks, which can fool the trained classifier by adding a small pert...

Full description

Saved in:
Bibliographic Details
Published in:IEEE International Conference on Smart Grid Communications pp. 359 - 365
Main Authors: Cheng, Yuanbin, Yamashita, Koji, Yu, Nanpeng, Liu, Yang
Format: Conference Proceeding
Language:English
Published: IEEE 17.09.2024
Subjects:
Black-Box Adversarial Attack
Classification algorithms
Closed box
Estimation
Event Classification
Hybrid power systems
Phasor measurement units
Power system
Power transmission
Robustness
Sensor systems
Sensors
Smart grids
ISSN:2474-2902
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The widespread deployment of advanced sensors in power transmission systems enabled machine learning (ML) models for event detection and classification. However, recent research reveals that ML models are vulnerable to adversarial attacks, which can fool the trained classifier by adding a small perturbation to the original data. Previous studies on adversarial attacks in power systems focused on the white-box configuration, which requires the attacker to have full access to the ML model's structure and parameters, which is unrealistic for real-world scenarios. This paper focuses on the black-box adversarial attack, where attackers only have access to the ML model's inputs and outputs. We propose a hybrid query-efficient black-box adversarial attack method that synergistically combines two types of attack algorithms: score-based and boundary-based attacks. Furthermore, within the score-based attack method of our hybrid method, we propose a query-efficient sign gradient estimation algorithm based on the binary representation of the coordinates through a batch of elaborate queries. Experimental results on a large-scale real-world PMU dataset and the state-of-the-art event classifier have validated the effectiveness of the proposed black-box adversarial attack method.
ISSN:2474-2902
DOI:10.1109/SmartGridComm60555.2024.10738066