Energy Theft Attacks On An Off-Grid Charging Station

# Energy Theft Attacks On an Off-Grid Charging Station

This repository contains a dataset described in the conference paper, called "Detecting Energy Theft Attacks On A Off-Grid Station". The primary goal of this dataset is to provide researchers working with attack detection methods with a real, measured attacked dataset to test the detection and classification algorithms.

## Description

This dataset contains power measurements collected in the testbed called the "Smart Room." The measurements represent the three-week (15-day) experiment of emulating an off-grid charging station for electric bikes under an energy theft attack.

The dataset is presented in two sets.

**1)** The one included in the folder 'raw_dataset' represents real measurements collected by the monitoring system in the Room. The data is split into 3 parts, according to the different stages of the experiment.

**Week 1.** The first folder contains measurements recorded during the first 5 days of the experiment, where the system is not attacked, and represents a charging station operating normally by charging up to 3 electric bikes at the same time.

Each .csv file contains a timestamp and a value for a recorded measurement, which are:

- batteryChargeCurrent [A], the recorded current in amperes which is charging the batteries installed in the Smart Room, using excess energy generated by the PV panel;

- batteryChargeState [%], the state of charge of batteries in the Smart Room, used for charging the bikes when PV production is not enough;

- batteryDischargeCurrent [A], the current in amperes which corresponds to the utilization of the batteries to charge the bikes when the PV production is not sufficient;

- batteryVoltage [V], the voltage of the batteries in volts;

- gridPower [W], the power consumed by the grid in watts, used for the auxiliary equipment installed in the Smart Room and not directly related to the experiment (sensors, PCs, Raspberry Pis, etc.). The negative value corresponds to the case where the excess power is being sent to the public grid.

- PVpower [W], the power produced in watts by the photovoltaic panel on the roof of the building;

- VariableChargePower [W], the power consumed by the electric programmable load, which in the case of the first week is a combination of charging profiles of 1-3 bikes.

**Week 2.** The second folder contains measurements of the second 5 days of the experiment, where the combination of the physical + FDI (False Data Injection) attack was applied to the setup. The physical attack part results in the increased real power consumption by the electric load, while the FDI attack covers this change in the monitoring system. 

The attack profile is an additional unauthorized bike charging profile that charges without interruption each day. Apart from the same data readings as for week 1, we have:

- VariableChargePower [W], the power consumed by the electric programmable load and corrupted by the FDI attack, subtracting the additional increase (4th bike);

**Week 3.** The third folder contains the data of the final 5 days of the experiment, where the attack implementation is the same as for Week 2. However, the attack model is more subtle, where the adversary charges his bike using intervals of time in order not to produce an obvious increase in power consumption. An example of such a strategy can be found in Figure 7 of the paper.

**2)** The second set of data in the folder 'processed_dataset' uses the transformed raw dataset and presents it in a complete format for the attack detection methods to be readily applied. The transformation includes:

- Fixed timestep. The data collection principle of the testbed is set up in a way that every ~60 seconds, the measurement is collected, and it is recorded only in the case where the value is different from the previously recorded one. In order to make the data more representative, the data was extended, filling the gaps between the measurements, to have a fixed timestep of exactly 60 seconds.

- Variable transformation. The data collected in a raw dataset was simplified to obtain 4 main sets of readings in watts: 

**Pload** (VariableChargePower), 

**Pbatt** (batteryVoltage*(batteryDischargeCurrent-batteryDischargeCurrent)),

**Ppv** (PVpower),

**Pgrid** (gridPower),

as well as new variables which represent the consumption-production balance errors

**Pe** (PVpower+batteryVoltage*(batteryDischargeCurrent-batteryDischargeCurrent)-VariableChargePower-gridPower-**attack**)

where 'attack' is a set of subtracted values in [W] of the VariableChargePower by FDI attack on a measurement system

**Pea** (PVpower+batteryVoltage*(batteryDischargeCurrent-batteryDischargeCurrent)-VariableChargePower-gridPower)

For the week 1 dataset called 'No_attack_dataset.csv' **Pe=Pea**.

- Fixed errors not related to the experiment, and user produced anomalies. Such as: FDI attack desync with the physical attack, where the value of the attack was subtracted by mistake, when it was not consumed by the programmable load; unintended mode change, where the operation mode of the inverter was changed and the power produnction was redirected to the grid instead of the PV+batteries.

- The label variable called 'Attack' is added to indicate at which instances of time the programmable load consumption profile was altered (corresponding to '1'), and when it was not (corresponding to '0').

- The timestamp was removed and replaced by the 'Week' and 'Day' indicators to precise which raw data was used for the processed dataset.

Finally, the completed dataset includes 3 .csv files: 'No_attack_dataset.csv', which corresponds to results of the first week, 'attacked_dataset.csv' (for weeks 2 and 3), and 'full_dataset.csv', which combines all three weeks.

Full description of the experiment as well as an example of a detection method can be found in the paper to be presented for ACM EnergySP '25 ACM SIGEnergy Workshop on Cybersecurity and Privacy of Energy Systems and published as a part of proceedings of ACM eEnergy '25 in ACM digital library.

## Support

For any questions related to the dataset as well as to the paper, the reader is welcome to contact the author by e-mail anatolii.khalin@centralesupelec.fr or anatolii.khalin@gmail.com.

## Roadmap

Future experiments performed on the described testbed are most likely to appear in this repository, including prolonged experiment time (months) with a constant power consumption using all the power production sources, including the public grid.

## Contributing

The data is in open access, all contributions are welcome. For reference, please cite the paper "Detecting Energy Theft Attacks On A Off-Grid Station".

## Authors and acknowledgment

This dataset collection was funded and supported by Direction Générale de l’Armement through CREACH LABS under the project CAMTAR, with the help and under supervision of Jean-François Lalande (jean-fracois.lalande@centralesupelec.fr) and Romain Bourdais (romain.bourdais@centralesupelec.fr).