A Difference-Comparison-based Approach for Malicious Meter Inspection in Neighborhood Area Smart Grids Xiaofang Xia 1,2,3 , Wei Liang 1,2 , Yang Xiao 1,2 , Meng Zheng 1,2,∗ , and Zhifeng Xiao 4 1 Key Lab of Networked Control Systems, Chinese Academy of Sciences, 110016 Shenyang, China 2 Shenyang Institute of Automation, Chinese Academy of Sciences, 110016 Shenyang, China 3 University of Chinese Academy of Sciences, 100039 Beijing, China 4 Dept. of Computer Science and Software Engineering, Pennsylvania State Erie, Erie, PA, 16563 USA {xiaxiaofang, weiliang, yangxiao, zhengmeng 6}@sia.cn, zux2@psu.edu Abstract—In this paper, we explore the malicious meter in- spection (MMI) problem in neighborhood area smart grids. By exploiting a binary inspection tree, we propose a Difference- Comparison-based Inspection (DCI) algorithm to quickly target the malicious meters. Different from existing algorithms, the DCI algorithm is designed based on three rules that are derived according to the difference comparison results in each local subtree. An attractive feature of the DCI algorithm is that it manages to skip a large number of nodes on the binary inspection tree and thus accelerates the detection of malicious nodes. Both analysis and simulation results show that DCI outperforms the existing inspection algorithms in terms of inspection speed, regardless of the ratio and permutation of malicious meters. I. I NTRODUCTION Albeit offering higher efficiency, lower cost, and more environmentally sound energy management, smart grid brings new risks and threats at the same time [1]. Electricity theft is one of the serious issues that needs to be addressed. Due to the two-way communication of the smart grid, it is possible to compromise the electricity bill almost anywhere and anytime: a) while it is recorded, b) while it is at rest in the meter, and c) while it is in flight across the network [2]. The economical loss caused by electricity theft is huge. It has been estimated that utility companies worldwide lose more than $25 billion every year due to electricity theft. For India alone, the loss is around $4.5 billion [3], $1.5 billion less than the United States [4]. Extensive studies have been done to detect the electricity theft in smart grid. Typical works either take advantage of the physical checks of tamper-evident seals by field personnel or leverage the machine learning theory-based methods to build the consumption patterns and detect the anomalies [5]-[9]. However, the tamper-evident seals can be easily defeated [10], and the machine learning-based approaches are not accurate enough to declare electricity theft only by the occurrence of deviation, since there are many other reasons, such as the dramatic change of weather and the random behavior of the * Corresponding author. electricity consumers, possibly leading to the deviation as well. On the other hand, literatures [11]-[15] developed a series of real-time comparison-based inspection algorithms, whose ba- sic idea is to monitor the discrepancy between the subscribers and their inspectors (redundant smart meters installed at the power provider end). If the discrepancy exceeds a specified threshold [12], it means that there may exist some ‘malicious’ meters 1 . However, the existing mutual inspection algorithms suffer the limitation on high deployment cost, since the mu- tual inspection strategy [12] demands one extra smart meter for each user, which may be unaffordable for the utilities, especially when the smart grid scales out. Xiao et al. employ a binary inspection tree as a logic structure for the detection of compromised meters [11]. However, the proposed algorithms in [11] only outperform the naive scanning approach when the ratio of malicious meters is low. This paper extends our previous work in [11] to utilize the binary inspection tree and proposes a new Difference- Comparison-based Inspection (DCI) algorithm that significant- ly improves the detection speed. DCI algorithm is different from the inspection algorithms in [11] mainly due to the following aspects: • First, while conducting inspection on one node, the in- spector calculates the amount of the stolen electricity of its corresponding subtree, which the algorithms in [11] neglect. The stolen amount is then used to determine which node to probe in the next step; • Furthermore, according to the difference between the amount of the stolen electricity of an internal node and that of its left child node, three rules, which allow the inspector to skip a large number of nodes in the binary inspection tree and quickly identify the dirty meters, are developed; • Finally, by adopting the pre-order traversal approach [16], 1 One meter is called malicious when its corresponding user commits the electricity theft and in this paper the two terms ‘user’ and ‘meter’ are used interchangeably. IEEE ICC 2015 SAC - Communications for the Smart Grid 978-1-4673-6432-4/15/$31.00 ©2015 IEEE 802