Conference PaperPDF Available

Abstract and Figures

In this paper, we present a novel approach for the electricity theft detection (ETD). It comprises of two modules:(1) implementations of the six theft attacks for dealing with the data imbalanced issue and (2) a gated recurrent unit (GRU)to tackle the model’s poor performance in terms of high false positive rate (FPR) due to some non malicious reasons (i.e., drift).In order to balance the data, the synthetic theft attacks are applied on the smart grid corporation of China (SGCC) dataset. Subsequently, once the data is balanced, we pass the data to the GRU for ETD. As the GRU model stores and memorizes a huge sequence of the data by utilizing the balanced data, so it helps to detect the real thieves instead of anomaly due to drift. The proposed methodology uses electricity consumption (EC) data from SGCC dataset for solving ETD problem. The performance of the adopted GRU with respects to ETD accuracy is compared with the existing support vector machine (SVM) using variousper formance metrics. Simulation results show that SVM achieves64.33% accuracy; whereas, the adopted GRU achieves 82.65%accuracy for efficient ETD.
Content may be subject to copyright.
Synthetic Theft Attacks Implementation for Data
Balancing and a Gated Recurrent Unit based
Electricity Theft Detection in Smart Grids
Pamir1, Ashraf Ullah1, Shoaib Munawar2, Muhammad Asif1, Benish Kabir1, Nadeem Javaid1,
1Department of Computer Science, COMSATS University Islamabad, Islamabad, Pakistan
2International Islamic University Islamabad, Islamabad, Pakistan
Corresponding author:;
Abstract—In this paper, we present a novel approach for the
electricity theft detection (ETD). It comprises of two modules:
(1) implementations of the six theft attacks for dealing with the
data imbalanced issue and (2) a gated recurrent unit (GRU)
to tackle the model’s poor performance in terms of high false
positive rate (FPR) due to some non malicious reasons (i.e., drift).
In order to balance the data, the synthetic theft attacks are
applied on the smart grid corporation of China (SGCC) dataset.
Subsequently, once the data is balanced, we pass the data to the
GRU for ETD. As the GRU model stores and memorizes a huge
sequence of the data by utilizing the balanced data, so it helps
to detect the real thieves instead of anomaly due to drift. The
proposed methodology uses electricity consumption (EC) data
from SGCC dataset for solving ETD problem. The performance
of the adopted GRU with respects to ETD accuracy is compared
with the existing support vector machine (SVM) using various
performance metrics. Simulation results show that SVM achieves
64.33% accuracy; whereas, the adopted GRU achieves 82.65%
accuracy for efficient ETD.
Index Terms—Synthetic theft attack,GRU, deep learning tech-
niques, machine learning techniques, ETD, smart grids.
The detection of the electricity theft is a major issue and one
of the hot research topics in the literature. Generally, losses in
electricity are divided into two types, technical losses (TLs)
and non technical losses (NTLs) [1]. TLs happen due to the
resistance in electric transmission lines and resistance in the
distribution transformers. NTLs occur due to the energy theft
in different forms such as, meter bypassing, meter tampering,
etc. Electricity theft results in many issues such as public
safety hazards, huge revenue loss, grid’s operational ineffi-
ciency, etc. The revenue loss from electricity theft cost around
100 millions Canadian dollars yearly reported by the Canadian
electric power utility, i.e., british columbia Hydro and power
authority [2]. Moreover, monetary loss due to the NTLs
reported $96 billion per annum globally [3]. Hence, there is
an urgent requirement of efficient approach for electricity theft
detection (ETD).
Currently, the ETD based approaches are divided into three
categories: the hardware or state based ETD; game theory
based ETD; and classification based ETD. The hardware
based theft detection approaches [4]- [5], use some hardware
devices like the radio frequency identification tags and wireless
sensory devices to achieve maximum ETD accuracy. However,
these methods need extra costs such as hardware devices’
installation and maintenance costs. In the game theory based
ETD techniques, the ETD problem is formulated as the
game between the utility and the theft user [6]- [7]. These
approaches do not need extra cost. However, these approaches
are not the optimal remedy to minimize the electricity theft.
Some machine learning (ML) and deep learning (DL)
techniques are proposed in [2]- [3] and [8]- [13] to use the
electricity consumption (EC) data recorded by smart meters
(SMs) for ETD in smart grids (SGs). However, there are some
problems in existing methods which affect the model’s true
positive rate (TPR) and false positive rate (FPR) negatively.
One of the main limitations due to which the existing ML
techniques face problems of low performance in ETD is imbal-
anced data problem. It means that the number of observations
of the honest users is not equal to the number of observations
of the theft users in the dataset. The honest consumers data
is easily accessible in users’ history. Whereas, the theft users’
data is difficult to attain due to electricity theft data is rarely
collected in real world. This problem causes the model to
take biased decisions towards the majority class, i.e., normal
consumers, it leads to the high FPR. Moreover, another issue
due to which ML based classification techniques face is that
some abnormal usage of electricity can be happen due to the
non malicious intermediaries such as changes in season, family
members, electric appliances, etc.
In this paper, the synthetic six theft attacks are implemented
for data balancing and a DL based classification technique is
adopted for ETD. The adopted technique addresses the pin-
pointing the real theft instead of considering the anomalies due
to non theft factors as theft consumers. The main contributions
of this paper are stated as follows.
In this study, we tackle the class imbalanced problem by
generation of the theft samples using the six theft attacks
We used an efficient ETD model using the gated recurrent
unit (GRU). The GRU model classifies the usage patterns
in which the anomaly exists due to the non malicious
activities (i.e., drift) as normal class.
The efficiency of the adopted model is compared and
evaluated with the existing model considering the accu-
racy, AUC, precision, recall, and F1-score metrics using
the SGCC dataset.
The rest of the paper is organized as follows. Section 2
discusses the literature review. Problem statement is given in
Section 3. Section 4 describes the proposed system model.
Section 5 provides the simulation results and discussion while
Section 6 concludes the paper.
The existing works related to ETD are classified into four
categories: hyperparameters tuning, class imbalance problem,
privacy preservation and curse of dimensionality. The first
category discusses the research papers that focus on hyperpa-
rameter tuning. In [1]- [3] and [8]- [11], the authors focused on
ML and DL models’ hyperparameters tuning. In [1], authors
targeted the high dimensionality issue and extracted the most
effective features, so that it can solve the generalization issue
as well as achieved better performance with respect to FPR.
The optimal settings of the proposed model’s parameters
values are also done. Furthermore, the authors in [2] focused
on detecting electricity theft by employing both 1-D and 2-D
data for training and testing. The hyperparameters tuning is
performed manually.
In order to correctly identify and detect the EC patterns
that caused due to the NTL, the work in [3] is presented.
The model generalization issue is also addressed in this paper.
Furthermore, hyperparameters tuning and class imbalanced
issues are considered by the authors in [8], [9], and [10].
Similarly, in [8] the data imbalanced and theft attack problems
are addressed In addition, customers’ privacy maintenance is
also addressed in this article.
The authors in [9] focused on the data processing for the
improvement of theft detection performance (i.e., TPR). The
data imbalanced problem is also tackled in this paper. Simi-
larly, the authors in [10] addressed data imbalance problem and
the classification of the data samples that are very close to the
hyperplane of support vector machine (SVM). Furthermore,
the unavailability of the theft data is resolved.
In [11] the authors focused on anomaly detection problem
in the SMs’ data of the commercial and industrial customers.
Furthermore, the huge volume of data and consumers’ privacy
preservation problems are also considered. In addition, the hy-
perparameters tuning is also done using grid search technique.
The second category consists of the research papers that
consider class imbalanced problem in SM data. In [12] and
[14]- [18], the authors focused on class imbalance issue. In
[12], authors considered the class imbalance issue as the
model is biased towards the majority class (i.e., normal con-
sumers). To solve data imbalance issue, an improved SMOTE
is proposed. Similarly, authors in [14], addressed the issues of
imbalance dataset, extraction of the important features from
the excessive dimensional time series data, and utilizing of
the suitable performance parameters. Moreover, the authors in
[15] tackled the problem of class imbalance ratio in the dataset
using SMOTE.
Furthermore, the authors in [16], focused on helping Multan
electric power company (MEPCO) in Pakistan to identify the
electricity thieves with the high value of TPR and low value
of FPR.
Moreover, in the existing literature, many methodologies are
proposed for detection of NTL. Most of the literature have only
considered and focused on detection of the NTL only, however,
noticing the anomalies or abnormalities in customer’s daily
activities are overlooked. Therefore, in [17], authors consid-
ered both types of the aforementioned anomalies. Furthermore,
the authors in [18] addressed the imbalance data issue using
generating the synthetic patterns of the minority class using
the GAN.
The third category consists of the research articles that con-
sider consumers’ privacy preservation using the SM data. In
[13] and [19]- [22], the authors focused on solving customers’
privacy preservation issue.
In [13], the authors considered the consumers’ privacy
preservation, feature extraction, and model overfitting prob-
lem. Moreover, in [19], consumers’ privacy is maintained
using functional encryption method. Furthermore, the class
imbalanced issue is also addressed in this paper. Moreover,
in [20] the privacy is considered and preserved in consumers’
consumption data using the homomorphic encryption. In the
similar way, in [21] the authors focused on privacy preser-
vation of consumers. The encrypted small-sized timeslots
consumption data is used for ETD. Furthermore, in [22],
multiple linear regression model is proposed for NTL detection
in SGs. A significant benefit of this method is that it tries to
detect electricity thefts by comparing data recorded by the SM
and the collector without violating the customers’ privacy.
The final and fourth category consists of the research articles
deals with the curse of dimensionality issue by different
feature generation, feature selection, and feature extraction
strategies. The authors in [23] considered the feature gen-
eration based on the random features generation such as,
maximum, minimum, mean, and standard deviation values
from the existing features.
A framework of the practical feature engineering is pro-
posed in [24]. Feature generation from the existing features to
improve prediction accuracy is performed. Furthermore, the
authors in [25] focused on the important features selection for
pinpointing the anomalous consumers. Moreover, the authors
in [26] also focused on the feature extraction. In addition, the
authors in [27] also considered feature extraction using CNN.
The concept of drift is considered in [28]. Input features
extraction is also done for dealing with higher dimensionality.
Furthermore, extreme gradient boosting (XGBoost) model is
proposed in [29]. This model uses regularization and out-of-
core computing for solving the model overfitting and model
memory complexity problems, respectively. In addition, the
authors in [30] tackled the unavailability of the labeled
datasets as well as non sequential information, using combined
maximum information coefficient (MIC) and an unsupervised
technique fast search and find of density peaks (CFSFDP).
In [1], the authors proposed SSDAE for NTL detection in
SGs. The main challenges, they focused on: high FPR due to
non malicious factors and low generalization of classifiers due
to high dimensionality of data. The consumption pattern based
ETD (CPBETD) model is proposed in [8]. Data imbalanced
problem is resolved using the synthetic attacks dataset gener-
ation. They proposed multiclass SVM based CPBETD model
utilizing transformer meters as well as consumers’ meters data
for ETD solution. Hence, motivated from [1] and [8], we
also started working on detecting anomalies due to non-theft
activities (i.e., drift concept) and tackling class imbalanced
In [2] and [3], the authors proposed a wide and deep
CNN and a hybrid LSTM-MLP model for ETD, respectively.
However, the classes imbalanced issue is not tackled that
causes the model’s biasness towards the majority class which
results in high FPR. Moreover, high FPR due to non malicious
factors are also ignored by the above referred papers.
The proposed system model is divided into three main parts:
(1) preprocessing of the data, (2) theft attacks implementation
for data balancing , and (3) smart meter data analysis using
the adopted GRU and the benchmark SVM techniques. All of
these parts are discussed in detail in subsequent subsections.
The graphical representation of our proposed system model is
given in Figure 2.
A. Preprocessing of the smart meter’s data
The EC data recorded by the SM sometimes contains
outliers or missing values due to different reasons such as
faulty meters, unreliable and untrustworthy dispatching of the
EC data, storage problems, etc., [2]. We employed the simple
imputer method to replace missing or empty values by taking
the average of the previous EC data and next EC data [31].
Outlier affects the performance of a classifier and increases
the FPR, therefore, it needs to be mitigated. So we employ
three sigma rule of thumb method using the Equation.1 to
remove the outlier values from the dataset.
f(xi,s) =
avg(X)+2(X), xi,s > avg(X)+2(X),
xi,s, Otherwise,
where, X shows a vector that is made of multiple xi,s
values. The term avg(X)and σ(X)represent the average and
standard deviation of the X, respectively.
As we have dealt with the outliers and NaN values, Now, we
should normalize the dataset because DL models are sensitive
to data diversity. We employ the min-max technique to scale
the data. Normalization is done using the Equation 2.
f(xi,s) = xi,s min(X)
Where, max(X) and min(X) are the maximum and minimum
values of the vector X, respectively.
Fig. 1: Synthetic theft attack patterns
B. Theft attacks generation for data balancing
Theft attacks are applied in order to balance the SGCC
dataset. There are total six theft attacks that are introduced
in [8] and a modified version of these attacks are given in
[23]. We have chosen the latest and updated theft attacks to
generate more practical theft patterns to balance EC data. If
the real EC of a consumer is etand (t[0,1034]). In our
case, SGCC dataset has total 1035 days of EC data, the six
theft attacks’ equations are given below.
t1(xt) = xtrandom(0.1,0.9),(3)
t2(xt) = xtrt(rt=random(0.1,1)),(4)
t3(xt) = xtrandom[0,1],(5)
t4(xt) = mean(X)random(0.1,1),(6)
t5(xt) = mean(X),(7)
t6(xt) = x1034t,(8)
where, X={x1, x2, ..., x1034}. We have applied these theft
attacks on the honest consumers’ data to balance the number of
honest and theft consumers in the SGCC dataset. The dataset
has an imbalanced nature that contains 3615 theft and 38757
honest records out of 42372 consumers’ record. The 3615 real
theft records that are already available in the dataset is kept
the same; however, other theft data is generated by applying
theft attacks on the honest data that is started from 3615 to
21182 records. These six attacks are implemented in the order
of attack 1, attack2, attack 3, attack4, attack 5, and attack 6
on the honest instances of the considered dataset from 3615-
6534, 6543-9470, 9471-12398, 12399-15326, 15327-18254,
SGCC dataset
Simple imputer to fill the
missing values
Three sigma rule of thumb
for mitigating outliers
Min-max normalization to
scale the data
Preprocessing the raw data
Balancing the data
Final resuls
Limitations (L) addressed
L.1 Imbalance data
L.2 Ignoring drift concept
Solutions (S) proposed
S.1 Synthetic theft attacks implementations
Theft attacks
Fig. 2: Proposed system model
and 18255-21182, respectively. The theft attack patterns are
shown in Figure 1, the theft attacks are applied on all the 1035
days data; however, in this figure we have just presented theft
attack patterns for only 30 days as a sample. The remaining
data from 21183-42366 are the honest consumers’s EC data.
Hence, the dataset is balanced and used for training the GRU
C. Smart meters’ data analysis techniques
We have used the GRU model for ETD in SGs. Secondly,
the benchmark model is selected in order to evaluate the
adopted model’s performance, so SVM is selected as the
benchmark model. Both of these models are discussed in detail
in the subsequent subsections.
1) Gated recurrent unit: GRU is introduced for the first
time in 2014 [33]. It is faster in training process in comparison
with its previous versions LSTM and recurrent neural network
(RNN). GRU is very commonly used in other domains; how-
ever, it is rarely used and investigated in the SGs domain for
ETD. Hence, there is still a big room for research to investigate
GRU for solving ETD problem in SGs. The performance of
GRU is compared with a very popular benchmark model, i.e.,
SVM and it is clearly shown in the simulations section that
GRU outperforms the traditional benchmark SVM model in
various performance parameters for ETD in SGs.
GRU is introduced to solve the gradient vanishing problem
that exists in RNN. GRU is very close to the LSTM in terms of
architecture. However, it merges both input and forget gates of
LSTM to a single gate called update gate. Moreover, the GRU
also merges the hidden and cell states. A GRU comprises of
a cell that contains numerous operations. GRU comprises of
the reset gate, update gate, and a current memory data. Using
these gates, the GRU is capable of storing values in its storage
for specific time for the purpose of using these stored values
to pass the information to the next gate. The update gate is
responsible for addressing the gradient vanishing issue because
in this step, model learns that how much quantity of the
information to carry towards the subsequent stage. Reset gate
is responsible to decide the quantity of the previous historical
information to forget. The third gate is the current memory
content that is responsible to carry only the well suited and
relevant information.
As GRU stores the previous information in its memory, so
it is very significant for looking and analyzing at the previous
historical information and take decision for the future. Due
to this property, the GRU is capable of differentiating the
anomaly due to the non malicious reasons from the anomaly
due to the malicious reasons. That is why we adopt GRU for
theft classification.
2) Support vector machine: SVM is a popular ML tech-
nique that is used as a basic and benchmark classifier by many
articles in the literature, as in [8] and [34], respectively. the
SVM is used as a benchmark model for comparison of their
proposed model to solve ETD problem. We have also chosen
SVM as a benchmark model for performance comparison with
the GRU. The SVM model draws a hyperplane that increases
TABLE I: Dataset description
Dataset description Values
Data acquisition interval 2014-2016
Number of theft consumers before data balancing 3615
Number of non-theft consumers before data balancing 38752
Number of theft consumers after data balancing 21183
Number of non theft consumers after data balancing 21184
Total consumers before data preprocessing 42372
Total consumers after data preprocessing 42367
the margin between the theft and honest classes in order to
more clearly classify theft and normal consumers. The radial
basis function (RBF) kernel is used for non linearly separable
data in SVM. Finally, the values of the hyperparameters of
SVM, i.e., γand C parameters are chosen by default. The
γis the parameter of the non linear SVM that decides the
curvature and curliness of the decision boundary. Whereas, C
controls the misclassification error.
The simulations results are provided in this section. The
description of the dataset as well as the performance metrics
adopted in this paper are also described. The EC data of the
SGCC dataset is used for validation of our selected model
with respect to the different performance parameters. The data
available in SGCC dataset is imbalanced. The total number of
consumers’ data is 42372 in which 38752 are the normal users
values and 3615 records are theft users. More details about the
dataset is given in Table I.
Since the original data of SGCC is imbalanced, the F1-
score, precision, and recall measures are quite suitable metrics
for evaluating the models’ performance using imbalanced data
[34]. In such cases, the accuracy is not a suitable performance
measure [35]. However, in our scenario, the SGCC data is
balanced using synthetic six theft attacks implementation;
therefore, the accuracy is also considered along with the other
performance measures for performance comparison and eval-
uation of the selected and benchmark models. The common
formulas for computation of these performance metrics are
taken from [34] and [36].
Figure 4 depicts the performance comparison of the adopted
GRU over the existing SVM model with respect to the different
performance metrics. The accuracy, AUC, precision, recall,
and F1-score for the SVM are 0.6433, 0.6423, 0.4678, 0.7162,
and 0.5659, respectively. Whereas, the accuracy, AUC, preci-
sion, recall, and F1-score values for GRU are 0.8265, 0.7552,
0.8355, 0.7176, and 0.7720 respectively. Hence, it is proved
that GRU outperforms the SVM in all of the performance
evaluation metrics considered in this paper. SVM performs
poorly due to it can not deal with the large time series data
that leads to the overfitting problem. Conversely, the GRU can
easily handle the large time series data and solve the overfitting
problem. That is why GRU outperforms the SVM with respect
to all of the performance metrics.
The FPR is another very necessary performance measure
for ML models where the honest consumers are considered
and classified as dishonest. If the FPR value is high, so the
cost for on site inspection is also high and vice versa. There
Fig. 3: ROC curve based on SVM and GRU
Fig. 4: Performance comparison between SVM and GRU
are so many ways to decrease FPR. However, in this research
article, we have only considered the two ways for minimizing
FPR. The first way is to balance the imbalanced data while the
second way is to correctly classify the anomalies that occur
in EC data because of the non-malicious activities. This paper
adopts GRU because it has a property that analyzes the long
and historical relationship between EC patterns. Therefore,
GRU automatically learns and identifies anomalies that occur
in data due to non theft factors and classify these anomalies
as the honest ones instead of theft ones. The FPR values for
SVM and GRU are 2242 and 693, respectively. It is clear from
these numeric results that our adopted GRU has much more
smaller FPR value than SVM. AUC metric is also an important
measure in order to evaluate our model’s performance for
differentiating between the normal and abnormal patterns. The
AUC for the SVM and GRU is shown in Figure 3. From
the figure, the AUC of the adopted GRU is better than the
AUC of SVM. The reason is that AUC of GRU implies that
the receiver operating characteristic (ROC) curve lies on the
diagonal line of the curve (red dotted lines). It also means
that the ROC curve on the diagonal line has no discriminatory
ability. Whereas, the ROC curve above the diagonal line has
discriminatory ability to classify electricity theft.
In this paper, we implemented the six theft attacks for
synthetic theft data generation in order to address the data
imbalance issue. Subsequently, a novel DL classifier, i.e.,
GRU is utilized for ETD in SGs. GRU is compared with
the other existing SVM classifier. It is clearly visible in the
simulations section that GRU outperforms the SVM in terms
of accuracy, AUC, precision, recall, and F1-score. Simulations
are conducted on a real SGCC dataset that comprises of the
three years of the data of 42372 consumers from 2014 to 2016
[1] Huang, Yifan, and Qifeng Xu. ”Electricity theft detection based on
stacked sparse denoising autoencoder.” International Journal of Electrical
Power & Energy Systems 125 (2021): 106448.
[2] Zheng, Zibin, Yatao Yang, Xiangdong Niu, Hong-Ning Dai, and Yuren
Zhou. ”Wide and deep convolutional neural networks for electricity-
theft detection to secure smart grids.” IEEE Transactions on Industrial
Informatics 14, no. 4 (2017): 1606-1615.
[3] Buzau, Madalina-Mihaela, Javier Tejedor-Aguilera, Pedro Cruz-Romero,
and Antonio G´
osito. ”Hybrid deep neural networks for detec-
tion of non-technical losses in electricity smart meters.” IEEE Transac-
tions on Power Systems 35, no. 2 (2019): 1254-1263.
[4] Khoo, Benjamin, and Ye Cheng. ”Using RFID for anti-theft in a Chinese
electrical supply company: A cost-benefit analysis.” In 2011 Wireless
Telecommunications Symposium (WTS), pp. 1-6. IEEE, 2011.
[5] McLaughlin, Stephen, Brett Holbert, Ahmed Fawaz, Robin Berthier, and
Saman Zonouz. ”A multi-sensor energy theft detection framework for
advanced metering infrastructures.” IEEE Journal on Selected Areas in
Communications 31, no. 7 (2013): 1319-1330.
[6] C´
ardenas, Alvaro A., Saurabh Amin, Galina Schwartz, Roy Dong, and
Shankar Sastry. ”A game theory model for electricity theft detection and
privacy-aware control in AMI systems.” In 2012 50th Annual Allerton
Conference on Communication, Control, and Computing (Allerton), pp.
1830-1837. IEEE, 2012.
[7] Amin, Saurabh, Galina A. Schwartz, and Hamidou Tembine. ”Incentives
and security in electricity distribution networks.” In International Confer-
ence on Decision and Game Theory for Security, pp. 264-280. Springer,
Berlin, Heidelberg, 2012.
[8] Jokar, Paria, Nasim Arianpoo, and Victor CM Leung. ”Electricity theft
detection in AMI using customers’ consumption patterns.” IEEE Trans-
actions on Smart Grid 7, no. 1 (2015): 216-226.
[9] Gunturi, Sravan Kumar, and Dipu Sarkar. ”Ensemble machine learning
models for the detection of energy theft.” Electric Power Systems Re-
search 192 (2021): 106904.
[10] Kong, Xiangyu, Xin Zhao, Chao Liu, Qiushuo Li, DeLong Dong, and Ye
Li. ”Electricity theft detection in low-voltage stations based on similarity
measure and DT-KSVM.” International Journal of Electrical Power &
Energy Systems 125 (2021): 106544.
[11] Buzau, Madalina Mihaela, Javier Tejedor-Aguilera, Pedro Cruz-Romero,
and Antonio G´
osito. ”Detection of non-technical losses using
smart meter data and supervised learning.” IEEE Transactions on Smart
Grid 10, no. 3 (2018): 2661-2670.
[12] Qu, Zhengwei, Hongwen Li, Yunjing Wang, Jiaxi Zhang, Ahmed Abu-
Siada, and Yunxiao Yao. ”Detection of electricity theft behavior based on
improved synthetic minority oversampling technique and random forest
classifier.” Energies 13, no. 8 (2020): 2039.
[13] Lu, Xiaoquan, Yu Zhou, Zhongdong Wang, Yongxian Yi, Longji Feng,
and Fei Wang. ”Knowledge embedded semi-supervised deep learning for
detecting non-technical losses in the smart grid.” Energies 12, no. 18
(2019): 3452.
[14] Avila, Nelson Fabian, Gerardo Figueroa, and Chia-Chi Chu. ”NTL
detection in electric distribution systems using the maximal overlap
discrete wavelet-packet transform and random undersampling boosting.
IEEE Transactions on Power Systems 33, no. 6 (2018): 7171-7180.
[15] Hasan, Md, Rafia Nishat Toma, Abdullah-Al Nahid, M. M. Islam, and
Jong-Myon Kim. ”Electricity theft detection in smart grid systems: A
CNN-LSTM based approach.” Energies 12, no. 17 (2019): 3310.
[16] Saeed, Muhammad Salman, Mohd Wazir Mustafa, Usman Ullah Sheikh,
Touqeer Ahmed Jumani, and Nayyar Hussain Mirjat. ”Ensemble bagged
tree based classification for reducing non-technical losses in multan
electric power company of Pakistan.” Electronics 8, no. 8 (2019): 860.
[17] Wang, Xinlin, Insoon Yang, and Sung-Hoon Ahn. ”Sample efficient
home power anomaly detection in real time using semi-supervised learn-
ing.” IEEE Access 7 (2019): 139712-139725.
[18] Liu, Haiqing, Zhiqiao Li, and Yuancheng Li. ”Noise reduction power
stealing detection model based on self-balanced data set.” Energies 13,
no. 7 (2020): 1763.
[19] Ibrahem, Mohamed I., Mahmoud Nabil, Mostafa M. Fouda, Mohamed
MEA Mahmoud, Waleed Alasmary, and Fawaz Alsolami. ”Efficient
Privacy-Preserving Electricity Theft Detection with Dynamic Billing and
Load Monitoring for AMI Networks.” IEEE Internet of Things Journal
8, no. 2 (2020): 1243-1258.
[20] Yao, Donghuan, Mi Wen, Xiaohui Liang, Zipeng Fu, Kai Zhang, and
Baojia Yang. ”Energy theft detection with energy privacy preservation in
the smart grid.” IEEE Internet of Things Journal 6, no. 5 (2019): 7659-
[21] Nabil, Mahmoud, Muhammad Ismail, Mohamed MEA Mahmoud,
Waleed Alasmary, and Erchin Serpedin. ”PPETD: Privacy-preserving
electricity theft detection scheme with load monitoring and billing for
AMI networks.” IEEE Access 7 (2019): 96334-96348.
[22] Micheli, Giovanni, Emiliano Soda, Maria Teresa Vespucci, Marco
Gobbi, and Alessandro Bertani. ”Big data analytics: an aid to detection
of non-technical losses in power utilities.” Computational Management
Science 16, no. 1 (2019): 329-343.
[23] Punmiya, Rajiv, and Sangho Choe. ”Energy theft detection using gradi-
ent boosting theft detector with feature engineering-based preprocessing.”
IEEE Transactions on Smart Grid 10, no. 2 (2019): 2326-2329.
[24] Razavi, Rouzbeh, Amin Gharipour, Martin Fleury, and Ikpe Justice
Akpan. ”A practical feature-engineering framework for electricity theft
detection in smart grids.” Applied energy 238 (2019): 481-494.
[25] Ramos, Caio CO, Douglas Rodrigues, Andr´
e N. de Souza, and Jo˜
ao P.
Papa. ”On the study of commercial losses in Brazil: a binary black hole
algorithm for theft characterization.” IEEE Transactions on Smart Grid
9, no. 2 (2016): 676-683.
[26] Ghasemi, Ali Akbar, and Mohsen Gitizadeh. ”Detection of illegal con-
sumers using pattern classification approach combined with Levenberg-
Marquardt method in smart grid.” International Journal of Electrical
Power & Energy Systems 99 (2018): 363-375.
[27] Ismail, Muhammad, Mostafa F. Shaaban, Mahesh Naidu, and Erchin
Serpedin. ”Deep learning detection of electricity theft cyber-attacks in
renewable distributed generation.” IEEE Transactions on Smart Grid 11,
no. 4 (2020): 3428-3437.
[28] Fenza, Giuseppe, Mariacristina Gallo, and Vincenzo Loia. ”Drift-aware
methodology for anomaly detection in smart grid.” IEEE Access 7 (2019):
[29] Yan, Zhongzong, and He Wen. ”Electricity theft detection base on
extreme gradient boosting in AMI.” IEEE Transactions on Instrumentation
and Measurement 70 (2021): 1-9.
[30] Zheng, Kedi, Qixin Chen, Yi Wang, Chongqing Kang, and Qing Xia.
”A novel combined data-driven approach for electricity theft detection.
IEEE Transactions on Industrial Informatics 15, no. 3 (2018): 1809-1819.
[31] Li, Shuan, Yinghua Han, Xu Yao, Song Yingchen, Jinkuan Wang, and
Qiang Zhao. ”Electricity theft detection in power grids with deep learning
and random forests.” Journal of Electrical and Computer Engineering
2019 (2019).
[32] Hochreiter, Sepp, and J¨
urgen Schmidhuber. ”Long short-term memory.”
Neural computation 9, no. 8 (1997): 1735-1780.
[33] Chung, Junyoung, Caglar Gulcehre, KyungHyun Cho, and Yoshua Ben-
gio. ”Empirical evaluation of gated recurrent neural networks on sequence
modeling.” arXiv preprint arXiv:1412.3555 (2014). Ac-
cessed 17 April 2021
[34] Adil, Muhammad, Nadeem Javaid, Umar Qasim, Ibrar Ullah, Muham-
mad Shafiq, and Jin-Ghoo Choi. ”LSTM and bat-based RUSBoost ap-
proach for electricity theft detection.” Applied Sciences 10, no. 12 (2020):
[35] Accessed 17 April 2021
[36] Gul, Hira, Nadeem Javaid, Ibrar Ullah, Ali Mustafa Qamar, Muhammad
Khalil Afzal, and Gyanendra Prasad Joshi. ”Detection of non-technical
losses using SOSTLink and bidirectional gated recurrent unit to secure
smart meters.” Applied Sciences 10, no. 9 (2020): 3151.
... This paper presents the extended version of the work already published in [17]. This work uses six theft attacks (TAs) to produce theft data samples for balancing the data. ...
Full-text available
Electricity theft is one of the challenging problems in smart grids. The power utilities around the globe face huge economic loss due to ET. The traditional electricity theft detection (ETD) models confront several challenges, such as highly imbalance distribution of electricity consumption data, curse of dimensionality and inevitable effects of non-malicious factors. To cope with the aforementioned concerns, this paper presents a novel ETD strategy for smart grids based on theft attacks, long short-term memory (LSTM) and gated recurrent unit (GRU) called TLGRU. It includes three subunits: (1) synthetic theft attacks based data balancing, (2) LSTM based feature extraction, and (3) GRU based theft classification. GRU is used for drift identification. It stores and extracts the long-term dependency in the power consumption data. It is beneficial for drift identification. In this way, a minimum false positive rate (FPR) is obtained. Moreover, dropout regularization and Adam optimizer are added in GRU for tackling overfitting and trapping model in the local minima, respectively. The proposed TLGRU model uses the realistic EC profiles of the Chinese power utility state grid corporation of China for analysis and to solve the ETD problem. From the simulation results, it is exhibited that 1% FPR, 97.96% precision, 91.56% accuracy, and 91.68% area under curve for ETD are obtained by the proposed model. The proposed model outperforms the existing models in terms of ETD.
Full-text available
In advanced metering infrastructure (AMI), smart meters (SMs) are installed at the consumer side to send fine-grained power consumption readings periodically to the system operator (SO) for load monitoring, energy management, and billing. However, fraudulent consumers launch electricity theft cyber-attacks by reporting false readings to reduce their bills illegally. These attacks do not only cause financial losses but may also degrade the grid performance because the readings are used for grid management. To identify these attackers, the existing schemes employ machine-learning models using the consumers’ fine-grained readings, which violates the consumers’ privacy by revealing their lifestyle. In this paper, we propose an efficient scheme that enables the SO to detect electricity theft, compute bills, and monitor load while preserving the consumers’ privacy. The idea is that SMs encrypt their readings using functional encryption, and the SO uses the ciphertexts to (i) compute the bills following dynamic pricing approach, (ii) monitor the grid load, and (iii) evaluate a machine-learning model to detect fraudulent consumers, without being able to learn the individual readings to preserve consumers’ privacy. We adapted a functional encryption scheme so that the encrypted readings are aggregated for billing and load monitoring and only the aggregated value is revealed to the SO. Also, we exploited the inner-product operations on encrypted readings to evaluate a machine-learning model to detect fraudulent consumers. Real dataset is used to evaluate our scheme, and our evaluations indicate that our scheme is secure and can detect fraudulent consumers accurately with low communication and computation overhead.
Full-text available
The electrical losses in power systems are divided into non-technical losses (NTLs) and technical losses (TLs). NTL is more harmful than TL because it includes electricity theft, faulty meters and billing errors. It is one of the major concerns in the power system worldwide and incurs a huge revenue loss for utility companies. Electricity theft detection (ETD) is the mechanism used by industry and academia to detect electricity theft. However, due to imbalanced data, overfitting issues and the handling of high-dimensional data, the ETD cannot be applied efficiently. Therefore, this paper proposes a solution to address the above limitations. A long short-term memory (LSTM) technique is applied to detect abnormal patterns in electricity consumption data along with the bat-based random under-sampling boosting (RUSBoost) technique for parameter optimization. Our proposed system model uses the normalization and interpolation methods to pre-process the electricity data. Afterwards, the pre-processed data are fed into the LSTM module for feature extraction. Finally, the selected features are passed to the RUSBoost module for classification. The simulation results show that the proposed solution resolves the issues of data imbalancing, overfitting and the handling of massive time series data. Additionally, the proposed method outperforms the state-of-the-art techniques; i.e., support vector machine (SVM), convolutional neural network (CNN) and logistic regression (LR). Moreover, the F1-score, precision, recall and receiver operating characteristics (ROC) curve metrics are used for the comparative analysis.
Full-text available
Energy consumption is increasing exponentially with the increase in electronic gadgets. Losses occur during generation, transmission, and distribution. The energy demand leads to increase in electricity theft (ET) in distribution side. Data analysis is the process of assessing the data using different analytical and statistical tools to extract useful information. Fluctuation in energy consumption patterns indicates electricity theft. Utilities bear losses of millions of dollar every year. Hardware-based solutions are considered to be the best; however, the deployment cost of these solutions is high. Software-based solutions are data-driven and cost-effective. We need big data for analysis and artificial intelligence and machine learning techniques. Several solutions have been proposed in existing studies; however, low detection performance and high false positive rate are the major issues. In this paper, we first time employ bidirectional Gated Recurrent Unit for ET detection for classification using real time-series data. We also propose a new scheme, which is a combination of oversampling technique Synthetic Minority Oversampling TEchnique (SMOTE) and undersampling technique Tomek Link: “Smote Over Sampling Tomik Link (SOSTLink) sampling technique”. The Kernel Principal Component Analysis is used for feature extraction. In order to evaluate the proposed model’s performance, five performance metrics are used, including precision, recall, F1-score, Root Mean Square Error (RMSE), and receiver operating characteristic curve. Experiments show that our proposed model outperforms the state-of-the-art techniques: logistic regression, decision tree, random forest, support vector machine, convolutional neural network, long short-term memory, hybrid of multilayer perceptron and convolutional neural network.
Full-text available
Effective detection of electricity theft is essential to maintain power system reliability. With the development of smart grids, traditional electricity theft detection technologies have become ineffective to deal with the increasingly complex data on the users’ side. To improve the auditing efficiency of grid enterprises, a new electricity theft detection method based on improved synthetic minority oversampling technique (SMOTE) and improve random forest (RF) method is proposed in this paper. The data of normal and electricity theft users were classified as positive data (PD) and negative data (ND), respectively. In practice, the number of ND was far less than PD, which made the dataset composed of these two types of data become unbalanced. An improved SOMTE based on K-means clustering algorithm (K-SMOTE) was firstly presented to balance the dataset. The cluster center of ND was determined by K-means method. Then, the ND were interpolated by SMOTE on the basis of the cluster center to balance the entire data. Finally, the RF classifier was trained with the balanced dataset, and the optimal number of decision trees in RF was decided according to the convergence of out-of-bag data error (OOB error). Electricity theft behaviors on the user side were detected by the trained RF classifier.
Full-text available
In recent years, various types of power theft incidents have occurred frequently, and the training of the power-stealing detection model is susceptible to the influence of the imbalanced data set and the data noise, which leads to errors in power-stealing detection. Therefore, a power-stealing detection model is proposed, which is based on Improved Conditional Generation Adversarial Network (CWGAN), Stacked Convolution Noise Reduction Autoencoder (SCDAE) and Lightweight Gradient Boosting Decision Machine (LightGBM). The model performs Generation- Adversarial operations on the original unbalanced power consumption data to achieve the balance of electricity data, and avoids the interference of the imbalanced data set on classifier training. In addition, the convolution method is used to stack the noise reduction auto-encoder to achieve dimension reduction of power consumption data, extract data features and reduce the impact of random noise. Finally, LightGBM is used for power theft detection. The experiments show that CWGAN can effectively balance the distribution of power consumption data. Comparing the detection indicators of the power-stealing model with various advanced power-stealing models on the same data set, it is finally proved that the proposed model is superior to other models in the detection of power stealing.
Full-text available
Unlike the existing research that focuses on detecting electricity theft cyber-attacks in the consumption domain, this paper investigates electricity thefts at the distributed generation (DG) domain. In this attack, malicious customers hack into the smart meters monitoring their renewable-based DG units and manipulate their readings to claim higher supplied energy to the grid and hence falsely overcharge the utility company. Deep machine learning is investigated to detect such a malicious behavior. We aim to answer three main questions in this paper: a) What are the cyber-attack functions that can be applied by malicious customers to the generation data in order to falsely overcharge the utility company? b) What sources of data can be used in order to detect these cyber-attacks by the utility company? c) Which deep machine learning-model should be used in order to detect these cyber-attacks? Our investigation revealed that integrating various data from the DG smart meters, meteorological reports, and SCADA metering points in the training of a deep convolutional-recurrent neural network offers the highest detection rate (99.3%) and lowest false alarm (0.22%).
Metering data from the advanced metering infrastructure can be used to find abnormal electricity behavior for the detection of electricity theft, which causes huge financial losses to electric companies every year. This article proposes an electricity theft detector using metering data based on extreme gradient boosting (XGBoost). The metering data are preprocessed, including recover missing and erroneous values and normalization. The classification model based on XGBoost is trained using both benign and malicious samples. Simulations are done by using the Irish Smart Energy Trails data set with six certain attack types. Compared with the support vector machine, decision tree, and other eight machine learning methods, the proposed method can detect electricity theft with either higher accuracy or lower false-positive rate. Experiment results also demonstrate that the proposed method is robust when the data are imbalanced. Our codes are available at .
The theft of electricity affects power supply quality and safety of grid operation, and non-technical losses (NTL) have become the major reason of unfair power supply and economic losses for power companies. For more effective electricity theft inspection, an electricity theft detection method based on similarity measure and decision tree combined K-Nearest Neighbor and support vector machine (DT-KSVM) is proposed in the paper. Firstly, the condensed feature set is devised based on feature selection strategy, typical power consumption characteristic curves of users are obtained based on kernel fuzzy C-means algorithm (KFCM). Next, to solve the problem of lack of stealing data and realize the reasonable use of advanced metering infrastructure (AMI). One dimensional Wasserstein generative adversarial networks (1D-WGAN) is used to generate more simulated stealing data. Then the numerical and morphological features in the similarity measurement process are comprehensively considered to conduct preliminary detection of NTL. And DT-KSVM is used to perform secondary detection and identify suspicious customers. At last, simulation experiments verify the effectiveness of the proposed method.
Advanced metering infrastructure allows the two-way sharing of information between smart meters and utilities. However, it makes smart grids more vulnerable to cyber-security threats such as energy theft. This study suggests ensemble machine learning (ML) models for the detection of energy theft in smart grids using customers’ consumption patterns. Ensemble ML models are meta-algorithms that create a pool of several ML approaches and combine them smartly into one predictive model to reduce variance and bias. A number of algorithms, including adaptive boosting, categorical boosting, extreme-boosting, light boosting, random forest, and extra trees, were tested to find their false positive and detection rates. A data pre-processing method was employed to improve detection performance. The statistical approach of minority over-sampling was also employed to tackle over-fitting. An extensive analysis based on a practical dataset of 5000 customers reveals that bagging models outperform other algorithms. The random forest and extra trees models achieve the highest area under the curve score of 0.90. The precision analysis shows that the proposed bagging methods perform better.
Inspired by the powerful feature extraction and the data reconstruction ability of autoencoder, a stacked sparse denoising autoencoder is developed for electricity theft detection in this paper. The technical route is to employ the electricity data from honest users as the training samples, and the autoencoder can learn the effective features from the data and then reconstruct the inputs as much as possible. For the anomalous behavior, since it contributes little to the autoencoder, the detector returns to a comparatively higher reconstruction error; hence the theft users can be recognized by setting an appropriate error threshold. To improve the feature extraction ability and the robustness, the sparsity and noise are introduced into the autoencoder, and the particle swarm optimization algorithm is applied to optimize these hyper-parameters. Moreover, the receiver operating characteristic curve is put forward to estimate the optimal error threshold. Finally, the proposed approach is evaluated and verified using the electricity dataset in Fujian, China.