Adversarial Attacks and Defense Methods for Power Quality Recognition
This addresses security threats in power quality recognition, an incremental improvement in applying adversarial ML to a specific domain.
The paper tackles the vulnerability of machine learning methods in power systems to adversarial attacks by proposing signal-specific and signal-agnostic attack methods, and uses adversarial training for defense, showing reduced perturbation and improved robustness.
Vulnerability of various machine learning methods to adversarial examples has been recently explored in the literature. Power systems which use these vulnerable methods face a huge threat against adversarial examples. To this end, we first propose a signal-specific method and a universal signal-agnostic method to attack power systems using generated adversarial examples. Black-box attacks based on transferable characteristics and the above two methods are also proposed and evaluated. We then adopt adversarial training to defend systems against adversarial attacks. Experimental analyses demonstrate that our signal-specific attack method provides less perturbation compared to the FGSM (Fast Gradient Sign Method), and our signal-agnostic attack method can generate perturbations fooling most natural signals with high probability. What's more, the attack method based on the universal signal-agnostic algorithm has a higher transfer rate of black-box attacks than the attack method based on the signal-specific algorithm. In addition, the results show that the proposed adversarial training improves robustness of power systems to adversarial examples.