Data-stream-based intrusion detection system for advanced metering infrastructure in smart grid: A feasibility study

Mustafa Amir Faisal, Zeyar Aung, John R. Williams, Abel Sanchez

Research output: Contribution to journalArticlepeer-review

144 Scopus citations


As advanced metering infrastructure (AMI) is responsible for collecting, measuring, and analyzing energy usage data, as well as transmitting this information from a smart meter to a data concentrator and then to a headend system in the utility side, the security of AMI is of great concern in the deployment of smart grid. In this paper, we analyze the possibility of using data stream mining for enhancing the security of AMI through an intrusion detection system (IDS), which is a second line of defense after the primary security methods of encryption, authentication, authorization, etc. We propose a realistic and reliable IDS architecture for the whole AMI system, which consists of individual IDSs for three different levels of AMI's components: smart meter, data concentrator, and AMI headend. We also explore the performances of various existing state-of-the-art data stream mining algorithms on a publicly available IDS data set, namely, the KDD Cup 1999 data set. Then, we conduct a feasibility analysis of using these existing data stream mining algorithms, which exhibit varying levels of accuracies, memory requirements, and running times, for the distinct IDSs at AMI's three different components. Our analysis identifies different candidate algorithms for the different AMI components' IDSs, respectively.

Original languageBritish English
Article number6720175
Pages (from-to)31-44
Number of pages14
JournalIEEE Systems Journal
Issue number1
StatePublished - 1 Mar 2015


  • Advanced metering infrastructure (AMI)
  • data stream mining
  • intrusion detection system (IDS)
  • smart grid (SG)


Dive into the research topics of 'Data-stream-based intrusion detection system for advanced metering infrastructure in smart grid: A feasibility study'. Together they form a unique fingerprint.

Cite this