The Advanced Metering Infrastructure (AMI) is one of the key components of the smart grid. It provides interactive services for managing billing and electricity consumption, but it also introduces new vectors for cyberattacks. Although, the devastating and severe impact of power overloading cyberattacks on smart grid AMI, few researches in the literature have addressed them. In the present paper, we propose a two-level anomaly detection framework based on regression decision trees. The introduced detection approach leverages the regularity and predictability of energy consumption to build reference consumption patterns for the whole neighborhood and each household within it. Using a reference consumption pattern enables detecting power overloading cyberattacks regardless of the attacker's strategy as they cause a drastic change in the consumption pattern. The continuous two-level monitoring of energy consumption load allows efficient and early detection of cyberattacks. We carried out an extensive experiment on a real-world publicly available energy consumption dataset of 500 customers in Ireland. We extracted, from the raw data, the relevant attributes for training the energy consumption patterns. The evaluation shows that our approach achieves a high detection rate, a low false alarm rate, and superior performances compared to existing solutions.

翻译：高级计量架构（AMI）是智能电网的关键组成部分之一。它提供了管理计费和电力消耗的交互式服务，但同时也引入了新的网络攻击途径。尽管电力过载网络攻击对智能电网AMI具有破坏性和严重影响，但现有文献中针对此类攻击的研究较少。本文提出了一种基于回归决策树的两级异常检测框架。该检测方法利用能耗的规律性和可预测性，为整个社区及其中的每个家庭建立参考用电模式。使用参考用电模式能够检测电力过载网络攻击，无论攻击者采用何种策略，因为此类攻击会导致用电模式发生剧烈变化。持续的两级能耗负载监测可实现高效且早期的网络攻击检测。我们在爱尔兰500名用户的真实公开能耗数据集上进行了大量实验。我们从原始数据中提取了相关属性，用于训练能耗模式。评估结果表明，与现有解决方案相比，我们的方法具有高检测率、低误报率和更优的性能表现。