Ensemble and Transfer Adversarial Attack on Smart Grid Demand-Response Mechanisms

Demand Response (DR) mechanisms aim to balance power supply and demand in smart grids by modulating consumers' demand and adjusting electric price based on power consumption patterns and forecasts. Deep Learning (DL) networks have been proved to have better detection of False Data Injection (FDI) attacks in such DR system than traditional statistical methods. Adversarial Machine Learning (AML) attacks can generate finely perturbed data that can mislead or disrupt the normal performance of a DL network and bypass DL-based attack detection in DR systems. However, existing AML attack methods in DR systems require a substitute model to generate the adversarial data and rely on the transferability of the data to attack the target DL models or the others. In this paper, a novel attack method called Ensemble and Transfer Adversarial Attack (ETAA) is proposed to improve the transferability of adversarial attacks across different DL models. This method has a general framework and is able to work with various existing gradient-based attacks. Moreover, to reduce the power company's awareness of FDI attack in the demand data, a zero-mean plane projection is applied to limit the perturbations during adversarial data generation. The evaluation results show that the proposed ETAA method can achieve higher attack success rate across different models and the zero-mean projection method can keep the final total adversarial power demand to be closer to the original normal demand.