Poisoning Attack against Event Classification in Distribution Synchrophasor Measurements

Distribution-level phasor measurement units (D-PMUs), a.k.a., micro-PMUs, have received a growing attention in recent years to support various applications in power distribution systems. Many of the applications of micro-PMUs work based on the analysis of events in the stream of synchrophasor measurements to achieve situational awareness. A key step in almost every event-based method in this emerging field is to classify the type of the event, where classification can be done with respect to various factors. However, if the task of event classification is compromised, then an adversary can highly affect the perception of the utility operator and undermine any event-based application that makes use of the event classification results. In this paper, we explore a new cyber-threat against data-driven event classification in micro-PMU measurements. In particular, we model the poisoning attack against support vector machine (SVM) as the method of event classification; which has been used in practice to study distribution synchrophasors. We apply the new attack model to an event classifier that uses real-world micro-PMU data. In addition to conducting vulnerability analysis, we also propose a novel attack detection method which can detect and evaluate the changes in the decision boundary of the SVM due to the poisoning attack. The proposed attack detection method is also able to identify the number of poisoned data points in the training dataset.