Parameter Analysis and Performance Evaluation of Cluster-Enhanced Constrained Adversarial Attacks for Electricity Theft Detection in Smart Grids

In recent years, deep learning techniques have significantly progressed in electricity theft detection, especially in automated monitoring and behavioral analysis. However, as these technologies are increasingly applied, public concerns about model credibility have been growing, particularly because deep learning models are susceptible to small perturbations. Previous studies indicate that deep learning models are vulnerable to subtle perturbations imperceptible to human surveillance, allowing an attacker to manipulate the model into making incorrect judgments or failing by introducing these minor changes. Considering that these vulnerabilities can be exploited by malicious attackers, potentially destroying the security and stability of the system, this study proposes an attack method based on cluster-enhanced constraints from the attacker’s perspective. By introducing global geometric constraints on the data distribution into adversarial generation, the resulting examples better embed in the target-class data manifold and exhibit high stealthiness and strong robustness against advanced defenses in electricity-theft detection. This study investigates the effects of various parameter settings by assessing the impact of varied learning rates, perturbation boundaries, and step sizes on success rate, stealthiness, and stability of adversarial attacks. To validate the proposed attack method, white-box and gray-box tests are conducted on six types of power theft detectors. In addition, this study combines two defense strategies, adversarial training and defensive distillation, to conduct the attack robustness experiment. The experimental results manifest that the accuracy of the proposed attack method increases by 16.26% and 9.87% after adversarial training and defense distillation, respectively. These improvements are remarkably lower than those of other attack categories, demonstrating stronger adaptability and attack effectiveness.