Adversarial Purification for Data-Driven Power System Event Classifiers with Diffusion Models

TL;DR

This paper introduces a diffusion model-based adversarial purification technique that enhances the robustness of power system event classifiers against adversarial attacks, ensuring real-time performance and improved accuracy.

Contribution

It presents a novel diffusion model approach for adversarial purification in power system event classification, combining noise injection and neural network denoising for effective defense.

Findings

Significantly improves classifier accuracy under adversarial attacks

Reduces the impact of adversarial perturbations on PMU data

Demonstrates computational efficiency on real-world datasets

Abstract

The global deployment of the phasor measurement units (PMUs) enables real-time monitoring of the power system, which has stimulated considerable research into machine learning-based models for event detection and classification. However, recent studies reveal that machine learning-based methods are vulnerable to adversarial attacks, which can fool the event classifiers by adding small perturbations to the raw PMU data. To mitigate the threats posed by adversarial attacks, research on defense strategies is urgently needed. This paper proposes an effective adversarial purification method based on the diffusion model to counter adversarial attacks on the machine learning-based power system event classifier. The proposed method includes two steps: injecting noise into the PMU data; and utilizing a pre-trained neural network to eliminate the added noise while simultaneously removing perturbations introduced by the adversarial attacks. The proposed adversarial purification method significantly increases the accuracy of the event classifier under adversarial attacks while satisfying the requirements of real-time operations. In addition, the theoretical analysis reveals that the proposed diffusion model-based adversarial purification method decreases the distance between the original and compromised PMU data, which reduces the impacts of adversarial attacks. The empirical results on a large-scale real-world PMU dataset validate the effectiveness and computational efficiency of the proposed adversarial purification method.