Adversarial Attacks and Defense Methods for Power Quality Recognition

We proposed signal-specific adversarial attack (SSA) and signal-agnostic adversarial attack (SAA) methods to attack learning models for classification of power quality signals by generating adversarial signals in the Smart Grid. We proposed and evaluated black-box attacks based on transferable characteristics and the above two methods. We adopted adversarial training to defend learned models against adversarial signals. Experimental results show that our proposed SSA provides less perturbation compared to the state-of-the-art FGSM which was adapted for power signal analysis, while the SAA can generate the universal perturbation that can fool learned models. The attack method based on the universal signal-agnostic algorithm has a higher transfer rate of black-box attacks than the attack method based on the signal-specific algorithm, which is a huge and practical threat for CNN based PQ classification.