Detecting Jamming in Smart Grid Communications via Deep Learning

Abstract

Power-Line Communication (PLC) allows data transmission through existing power lines, thus avoiding the expensive deployment of ad hoc network infrastructures. However, power line networks remain vastly unattended, which allows tampering by malicious actors. In fact, an attacker can easily inject a malicious signal (jamming) with the aim of disrupting ongoing communications. In this paper, we propose a new solution to detect jamming attacks before they significantly affect the quality of the communication link, thus allowing the detection of a jammer (geographically) far away from a receiver. We consider two scenarios as a function of the receiver’s ability to know in advance the impact of the jammer on the received signal. In the first scenario (jamming-aware), we leverage a classifier based on a Convolutional Neural Network, which has been trained on both jammed and non-jammed signals. In the second scenario (jamming-unaware), we consider a one-class classifier based on autoencoders, allowing us to address the challenge of jamming detection as a classical anomaly detection problem. Our proposed solution can detect jamming attacks on PLC networks with an accuracy greater than 99% even when the jammer is 68 m away from the receiver while requiring training only on traffic acquired during the regular operation of the target PLC network.

1. Introduction

Power-Line Communication (PLC) technology has witnessed significant market growth due to its ability to utilize the existing electrical infrastructure for data transmission, offering cost-effective and reliable solutions for a range of applications. Recent market analyses estimate that the global Power-Line Communication (PLC) market will grow from approximately USD 9.8 billion in 2022 to USD 38 billion by 2032, with a compound annual growth rate (CAGR) of 14.5% [1]. This growth is driven by increasing adoption across various sectors, including Smart Grid (SG) technology, home automation, and industrial automation. Moreover, in SGs, PLC enhances operational efficiency by enabling real-time monitoring and control, playing an important role in the management of energy infrastructure. Similarly, the proliferation of Internet of Things (IoT) devices includes PLC as a valuable component in smart home networks, enabling seamless communication between devices. Industrial applications are also leveraging PLC for reliable and efficient communication in automation systems. Regionally, Europe and North America hold a significant market share, supported by investments in grid modernization and automation, while the Asia-Pacific region is emerging as a key growth area due to large-scale smart meter deployments and smart city initiatives [2].

As a matter of fact, PLC offers a reliable means of transmitting data through electrical cables since the electrical power infrastructure is already in place, thus enabling PLC technology to provide an efficient and cost-effective solution to communicate in various industrial, commercial, and residential applications [3]. Furthermore, PLC eases the deployment of many SG functions by offering real-time monitoring, load management, and fault detection within the power grid [4]. As described by the authors in [5], PLC is usually classified based on the spectrum it operates in. Ultra-Narrowband PLC (UNB-PLC) operates within a very narrow frequency band, typically below 3 kHz. Its key advantage lies in the ability to filter out significant noise, ensuring reliable communication even in high-noise environments. UNB-PLC transmits data using a single channel and, unlike its counterparts, provides data rates of tens of bits per second, relegating its applications to command-and-control scenarios. Broadband PLC (BB-PLC) operates at higher frequencies (typically between 2 MHz and 250 MHz), achieving high data rates (hundreds of Mbps). Therefore, BB-PLC deployments are more suitable for multimedia streaming and broadband internet access. Finally, an intermediate option is Narrowband PLC (NB-PLC), which operates at lower frequencies (3 kHz to 500 kHz) and is currently used in applications such as smart meters and SG management.

In the context of SG, integrating IoT devices has enhanced capabilities, such as disaster recovery, self-healing, warning systems, and overall reliability [6]. Smart buildings, homes, agriculture, and industrial systems are equipped with IoT sensors to monitor the environment and make intelligent decisions. The digital PLC modem, connected with IoT devices, facilitates data exchange between power utilities and consumers, enabling necessary actions [7].

Despite their many advantages, PLC technologies also face challenges specific to their physical medium, including high levels of background noise. The challenge stems from the inherent properties of power cables, which are designed primarily for electricity distribution rather than efficient data transmission. As the signal propagates through the cable, some of its energy is dissipated as heat due to resistance or reflections [8]. Energy dissipation causes signal attenuation, i.e., a reduction in the signal amplitude, leading to weaker received signals at the destination [9]. Noise from different sources, including Electromagnetic Interference (EMI) from other devices, switching transients, and Radio Frequency (RF) interference, also contribute to signal degradation [10]. At the same time, PLC technologies are vulnerable to traditional cyber-attacks. In this context, Denial of Service (DoS) constitutes a major challenge in PLC. It can be performed through a variety of techniques, including flooding, desynchronization, amplification, false data injection attacks, and jamming. It consists of injecting artificial noise into the communication channel in order to prevent the receiver from detecting the transmitted messages. Jamming is particularly effective since, even if a node detects the attack, reporting the jamming detection event to remote entities is challenging as all communication links should be considered disrupted under a jamming attack. Moreover, distinguishing between a noisy communication line and a jamming attack is particularly challenging due to the high level of noise that affects the PLC channel. This is particularly true for remote network management entities, which cannot easily detect ongoing jamming attacks due to the distance of their monitoring units from the monitored network. Jamming attacks against PLC systems can be detrimental to the overall infrastructure of the target organization as they can lead to disruption of energy services, unpredictable effects on Home Automation Systems (HASs), safety hazards, communication breakdowns, and ultimately negative financial consequences.

Motivation. Jamming attacks in PLC networks are particularly concerning due to their ability to degrade communication without easily distinguishable signatures, especially in noisy environments. The existing solutions, inspired by wireless and wired networks, fail to address the unique challenges posed by the PLC medium. The lack of targeted approaches for robust jamming detection leaves critical infrastructures exposed to operational disruptions and safety hazards. Our research aims to address the gap that arises when the Bit Error Rate (BER) $\approx 0$. By employing machine learning techniques, such as Convolutional Neural Networks (CNNs) and autoencoders, we aim to develop a robust jamming detection system specifically designed for PLC environments. Our solution not only addresses the limitations of the existing methods but also considers realistic deployment scenarios, including different adversarial assumptions and heterogeneous channel conditions.

Contribution. In this paper, we introduce a jamming detection technique specifically designed for PLC scenarios under different adversarial assumptions. This paper extends our previous work [11] as per the following points:

• We consider a brand new scenario that includes “jamming unawareness” during the training of the model, and we compare this scenario with the one previously proposed.
• We improve our system model by formulating the jamming detection as an anomaly detection problem.
• We compare the multi-class classification solution from our previous work with the new one-class classification (based on autoencoders).
• We expand our performance analysis considering multiple parameters, such as channel quality (Signal-to-Noise Ratio (SNR)), training metrics, the level of the Relative Jamming Power (RJP), and the distance of the receiver from the jammer.

Roadmap. This paper is organized as follows. Section 2 reviews the related work, Section 3 describes the considered scenarios, Section 4 discusses the preliminary notions, Section 5 includes the adversary model and provides the details of our solution, and Section 6 presents the evaluation results. Finally, Section 7 comprises the conclusion.

2. Related Work

PLC has paramount importance for communication in power systems, providing a cost-effective and reliable communication solution for SG applications. The possibility to use PLC for indoor and outdoor networks allows it to be used in a wider range of applications. However, its broadcast nature and ease of access to the power grid expose legitimate communicating devices, making them susceptible to malicious attacks and eavesdropping.

PLC networks face unique security challenges due to their dual role in power delivery and communication. These networks are particularly vulnerable to physical-layer attacks due to (i) the widespread accessibility of the power infrastructure, (ii) the difficulty in distinguishing between natural noise and malicious interference [12], (iii) the resource constraints of PLC devices [13], and (iv) the critical nature of SG communications [14]. As SGs usually include resource-constrained devices, traditional cryptographic systems may not be a feasible solution for all devices, thus creating an opportunity for physical-layer security solutions. The topic is not novel for PLC and has undergone thorough examination in numerous research papers [15,16,17,18].

Jamming Detection: Jamming detection has been extensively studied in wireless and other networked domains. Sciancalepore et al. [19] proposed BloodHound+, a technique for early jamming detection on drones leveraging autoencoders. This early detection allows the user to take the necessary actions before the communication link drops. In SG environments, DoS attacks typically manifest as either flooding or jamming. As for flooding attacks, Asri et al. [20] and Jin et al. [21] focused on transport-layer vulnerabilities, while Groat et al. [22] and Zhang et al. [23] addressed network-layer attacks and application-layer attacks, respectively. In contrast, our work focuses on physical-layer data, specifically addressing jamming attacks that manipulate the communication medium itself rather than affecting quality metrics associated with higher protocols. As for jamming attacks in wireless domains, Chatfield et al. [24] implemented anomaly detection systems, while Temple et al. [25] explored geometric delay mechanisms. Further contributions by Husheng [26] and Pelechrinis et al. [27] expanded the background knowledge on wireless jamming characteristics. However, our work addresses the fundamentally different challenge of jamming in PLC networks, where the attack surface and signal propagation characteristics differ significantly from wireless environments. Liu et al. [28] used packet delivery ratio (PDR), received signal strength (RSSI), and Start-of-Frame Delimiter (SFD) features to identify and detect jamming using threshold-based statistics.

Machine Learning for Network Security: Singh et al. [29] proposed the jamming attack detection technique (JADT) to detect jamming for opportunistic networks, which uses PDR and the decryption of acknowledgment sent by the sender; once jamming is detected, it requests the sender to re-transmit the message through a different channel. Katsuri et al. [30] used an ML-based technique to detect and classify the types of jamming attacks. They validated the results through a simulation study considering reactive, random, and constant jamming interference. Another study [31] used the BER and bad packet ratio and an energy statistic to detect the jamming for the automatic dependent surveillance-broadcast (ADS-B) system. Supervised machine learning algorithms such as support vector machine (SVM), k-nearest neighbor (kNN), artificial neural network (ANN), and decision tree were employed. The ANN outperformed with the given set of features.

In [32], the author proposed the detection of jamming considering shallow neural networks aided by dimensionality reduction at the gateway level of the network, considering three different types of jamming signals, namely constant, random, and reactive. Upadhyaya et al. [33] used an ML-based approach to detect jamming in a wireless IoT network by collecting the signal strength indication received from five anchor nodes at minimal communication cost.

In the context of anomaly detection in an Industrial Control System (ICS), the authors of [34] used autoencoders to encode normal profile data and then detect anomalies based on the reconstruction error. Lu et al. [35] devised a genetic-algorithm-based Cumulative Sum (CUSUM) approach to the real-time detection of jamming attacks in distributed and centralized Cyber–Physical Systems (CPSs).

Radio Frequency Fingerprinting: Radio Frequency Fingerprinting (RFF) leverages the unique hardware imperfections inherent in radio frequency front ends to enable device authentication. RFF-based solutions have emerged as a highly promising alternative to traditional cryptographic and localization-based methods for device identification and authentication [36]. Beyond authentication, RFF techniques have found applications in intrusion detection systems, device tracking, autonomous vehicles, and unmanned aerial vehicles (UAVs) [37]. Ross et al. [38] employed Multiple Discriminant Analysis and Maximum Likelihood (MDA/ML) classifiers to differentiate among six PLC devices, achieving an intrusion detection accuracy of 90%. Their approach utilized physical-layer features extracted from X10 protocol-based devices. In another study, Timothy et al. [39] demonstrated that augmenting the physical layer with Constellation-Based Distinct Native Attribute (CB-DNA) features derived from unintentional Ethernet cable emissions can significantly enhance network security, achieving Rogue Reject Rates between 85.2% and 93.1% at SNR levels above 26.0 dB.

Research Gap in PLC Jamming Detection: As shown in Table 1, the existing jamming detection approaches span various domains, and none of them address the task of detecting jamming attacks to PLC networks at the physical layer, particularly under low-BER scenarios. Some of the proposed solutions already exploit physical-layer information but consider different communication media, e.g., wireless networks [19,30,32]. Other solutions consider the SG scenario but resort to higher-layer metrics, e.g., PDR, thus being able to detect the presence of the jammer when it already affects the quality of the link [35]. Finally, as highlighted in Table 1, we stress that our analysis is the first one to (i) consider different assumptions at the receiver side, i.e., the receiver might or might not be exposed before (during training) to the presence of the jammer, (ii) estimate the performance of the jamming detection as a function of the distance between the jammer and the receiver, and, finally, (iii) evaluate the performance of the detection as a function of the jamming power.

In our previous work [11], we formulated jamming detection as a classification problem under the assumption that the model has been trained on jamming signals; i.e., the receiver is aware of the shape of the jammed signals and, therefore, trains the model on both jammed and non-jammed samples. In real-world scenarios, this might be difficult. Therefore, in this work, we assume that we have access to only clear signals transmitted and received in the presence of noise typical of the PLC medium. Therefore, we only train our model on clear samples (non-jammed signals) and compare the performance with the previously proposed solution. To the best of our knowledge, no previous work focused on the detection of jamming in PLC infrastructures under a low-BER regime.

Table 1. Comparison of jamming detection approaches in different domains with respect to scenarios, techniques, and performance metrics.

Paper	Jamming Signal	Technique	Scenario		Signal Representation	Application	Jamming Detection in Regime	Adversary Proximity	Jamming
			Jamming-Pattern-Aware	Jamming-Pattern-Unaware
Our	AWGN	Spare Autoencoders/CNN	✓	✓	I−Q Samples	PLC	No-BER	✓	✓
[40]	Sine, Gauss	CNN	✓	✗	I−Q Samples	Wireless Network	BER	✓	✓
[19]	Sine and Gaussian	Sparse Autoencoder	✗	✓	I−Q samples	Drone	BER	✓	✓
[35]	AWGN	Gentic CUSUM	✓	✗	-	Smart Grid	-	✗	✗
[29]	Random	Statistical Process Control	✓	✗	PDR	Opputnistic Network	Low PDR	✗	✗
[30]	Constant, Reactive, random	Gradient Boosting Algorithm	✓	✗	PDR and RSS	Ad hoc network	Low PDR	✓	✓
[32]	Constant, Reactive, random	Shallow Neural Network	✓	✗	PDR	Wireless Network	Low PDR	✗	✓
[33]	Random	Random Forest	✓	✗	RSSI	Wireless Network	-	-	-
[20]	Gaussian	Euclidean Distance	✓	✗	RSSI and Packet Loss Rate	AMI	Packet Loss Rate	✗	✗
[34]	-	Autoencoder	✗	✓	Time series data	ICS	-	-	-

Table 1. Comparison of jamming detection approaches in different domains with respect to scenarios, techniques, and performance metrics.

Paper	Jamming Signal	Technique	Scenario		Signal Representation	Application	Jamming Detection in Regime	Adversary Proximity	Jamming
			Jamming-Pattern-Aware	Jamming-Pattern-Unaware
Our	AWGN	Spare Autoencoders/CNN	✓	✓	I−Q Samples	PLC	No-BER	✓	✓
[40]	Sine, Gauss	CNN	✓	✗	I−Q Samples	Wireless Network	BER	✓	✓
[19]	Sine and Gaussian	Sparse Autoencoder	✗	✓	I−Q samples	Drone	BER	✓	✓
[35]	AWGN	Gentic CUSUM	✓	✗	-	Smart Grid	-	✗	✗
[29]	Random	Statistical Process Control	✓	✗	PDR	Opputnistic Network	Low PDR	✗	✗
[30]	Constant, Reactive, random	Gradient Boosting Algorithm	✓	✗	PDR and RSS	Ad hoc network	Low PDR	✓	✓
[32]	Constant, Reactive, random	Shallow Neural Network	✓	✗	PDR	Wireless Network	Low PDR	✗	✓
[33]	Random	Random Forest	✓	✗	RSSI	Wireless Network	-	-	-
[20]	Gaussian	Euclidean Distance	✓	✗	RSSI and Packet Loss Rate	AMI	Packet Loss Rate	✗	✗
[34]	-	Autoencoder	✗	✓	Time series data	ICS	-	-	-

3. Scenario and Adversary Model

In our reference PLC network shown in Figure 1, there are three main entities: Alice ($\mathcal{A}$), Bob ($\mathcal{B}$), and Eve ($\mathcal{E}$). $\mathcal{A}$ and $\mathcal{B}$ are legitimate parties within either a home area network or local area network, communicating over the PLC in the presence of an adversary, $\mathcal{E}$. $\mathcal{E}$ aims to disrupt the communication between $\mathcal{A}$ and $\mathcal{B}$. At the receiver side ($\mathcal{B}$), the signal can be represented as

$$Y_{\mathcal{B}}\left(t\right)=h_{\mathcal{A}-\mathcal{B}}{X}_{\mathcal{A}}\left(t\right)+h_{\mathcal{E}-\mathcal{B}}{J}_{\mathcal{E}}\left(t\right)+n\left(t\right)$$

(1)

where $X_{\mathcal{A}}\left(t\right)$ represents $\mathcal{A}$’s legitimate signal with complex channel gain $h_{\mathcal{A}-\mathcal{B}}$, $J_{\mathcal{E}}\left(t\right)$ denotes $\mathcal{E}$’s jamming signal with complex channel gain $h_{\mathcal{A}-\mathcal{B}}$, and $n\left(t\right)$ is the external noise component.

Detecting the presence of the jammer component ($h_{\mathcal{E}-\mathcal{B}}{J}_{\mathcal{E}}\left(t\right)$) in a link affected by noise $n\left(t\right)$ is a challenging task. There are two assumptions we can make before going ahead with our analysis: (i) the receiver is aware of the shape of jammed signals, and, therefore, it had the opportunity to collect and analyze jammed samples before the actual detection process starts, or (ii) the receiver is not aware of the shape of jammed signals, and, therefore, it has never been exposed to jammed samples before the detection process is initiated.

Scenario 1: Awareness of Jammed Signals. In the first scenario, we consider the case where both jammed and non-jammed data samples are available, enabling a supervised learning approach. The detection system utilizes labeled training data from both classes—“jammed signal” and “non-jammed signal” (see Section 5)—to develop a robust binary classification model for jamming detection. While this approach effectively identifies known attack patterns, it faces several significant challenges. First, collecting and maintaining representative jamming samples requires substantial effort, particularly as $\mathcal{E}$’s jamming techniques evolve over time. Second, the system must accurately differentiate between intentional jamming attacks and the noise due to the communication link. Finally, maintaining a balanced dataset between clear and jammed samples is crucial for maximizing the classification performance.

Scenario 2: Unawareness of Jammed Signals. The second scenario presents a more realistic case where only clear (non-jammed) samples are available for training. This scenario employs an unsupervised learning approach, where the system builds a profile exclusively from clear (legitimate) data to detect anomalies. During the training phase, the model is exposed only to “non-jammed” signals, learning to characterize normal behavior patterns and identify potential attacks as deviations from these patterns. The detection mechanism relies on establishing appropriate thresholds to distinguish between normal operations and potential anomalies. This approach is characterized by the following challenges: determining the best threshold values that balance detection sensitivity with false alarm rates, discriminating between new attack patterns and legitimate signal variations, and adapting to changes in normal operating conditions.

4. Background

In this section, we introduce background concepts about (a) digital modulation (Section 4.1), (b) Convolutional Neural Networks (CNNs) (Section 4.2), and (c) autoencoders (Section 4.3), which are preparatory for the subsequent analysis.

4.1. Digital Modulation

Digital modulation schemes are widely adopted in communication systems independently of the medium, i.e., wired or wireless, to exchange signals at high frequencies [41]. There are several modulation techniques available for transmitting information from a source to a receiver device, such as Amplitude Modulation (AM), Frequency Modulation (FM), and Phase Modulation (PM). Each of these techniques has advantages and disadvantages; for example, FM is used for simple data communication links, but it does not provide good spectral efficiency [42].

Binary Phase-Shift Keying (BPSK) is the simplest and most noise-robust phase modulation technique, and it is largely used in PLC networks [43,44]. According to this technique, the phase is shifted (modulated) at $0^{\circ }$ and ${180}^{\circ }$ to transmit bits with values 0 and 1, respectively. Figure 2 shows a schematic representation of BPSK, highlighting the main components. BPSK modulates two symbols $\{0,1\}$ by changing the phase of the reference carrier; i.e., when $b=1$, the phase $\varphi$ becomes $\varphi =\pi \mathrm{rad}$ and $\varphi =0$ when bit $b=0$ is being transmitted, as defined by Equation (2).

$$x\left(t\right)=cos\left(2\pi f_{c}t+\varphi \right),$$

(2)

where $f_c$ is the carrier frequency of the signal, and $x\left(t\right)$ represents the modulated PLC signal to be transmitted. The transmitted stream is translated into two orthogonal components, I (real) and Q (imaginary), represented as complex values $I+jQ$. These orthogonal components are assembled at the receiver to recover the transmitted bit stream. A typical representation of the real and imaginary components of the signal is by resorting to the I−Q plane. We show an example of such a representation from real data in Figure 3, where the red crosses show the ideal values of the I−Q samples and the clouds of black dots represent the actual positions of the I−Q samples. The actual received samples are mapped to different positions due to internal (hardware) and external (environment) noise. At the receiver end, I−Q samples are converted into expected symbols (0 or 1) based on a decision threshold. Both external and internal noise factors are important for communication. Noise affects the received I−Q samples, and, thus, the chances of data corruption increase as noise increases (↑ BER). In contrast, in this work, we exploit the displacement of the I−Q samples introduced by the hardware imperfections at the transmitter side to evaluate the feasibility of performing Radio Frequency Fingerprinting of the PLC channel.

4.2. Convolutional Neural Networks

A category of Deep Learning (DL) models known as CNN recently brought a paradigm shift in the domains of computer vision and image processing. Neural networks possess the ability to learn and extrapolate data, making them indispensable assets in an extensive spectrum of applications, including, but not limited to, object detection [45,46], medical imaging [47,48], as well as face detection and recognition [49,50,51,52].

CNNs consist of neurons that refine their performance through the learning process. Each neuron receives an input and executes operations, such as a scalar product, followed by a nonlinear function. Typically, a CNN architecture is defined as a sequence of convolutional layers, pooling layers, and fully connected layers primarily dedicated to pattern recognition in images. A typical representation of a CNN is provided in Figure 4, where the input layer serves as the model’s input, and the output layer provides class predictions.

The primary role of the convolutional layer is to extract features. In contrast, the pooling layer conducts down-sampling to enhance computational efficiency and broaden the receptive field. Fully connected layers are commonly used in the later stages of a CNN, following convolutional and pooling layers, to perform advanced feature extraction and ultimately generate predictions. A convolutional layer has a kernel, also called a filter, that is convoluted with the input to the layer to generate a new feature map.

Activation functions are used to introduce nonlinearity to CNNs; some common activation functions are the Rectified Linear Unit (ReLU) [53], sigmoid, and tanh [54], to name a few. The activation value of a feature map $z_{i,j,k}^l$ of the layer l at location (i,j) is passed to obtain the corresponding feature map’s activation value. Finally, the pooling layers are introduced to reduce the dimensionality of the data while simultaneously facilitating the extraction of critical features from the local neighborhood. These operations serve to diminish the susceptibility of the model to overfitting and provide the desirable property of shift invariance.

4.3. Autoencoders

Autoencoders use a dimensionality reduction process to detect anomalies in the data. They assume that data are correlated and can be compressed into a lower-dimensional subspace where regular and anomalous data appear significantly different. An autoencoder tries to find the encoder that reduces the input dimension d to p, $A:{\mathbb{R}}^d⟶{\mathbb{R}}^p$. Then, a decoder maps the latent representation of the encoder p to the original input space d, $B:{\mathbb{R}}^p⟶{\mathbb{R}}^d$, which satisfies Equation (3).

$$arg\underset{A,B}{min}\mathrm{E}[\Delta (x,B\circ A\left(x\right)],$$

(3)

where E represents the expected distribution of the input data x, and $\Delta$ is the reconstruction loss function to measure the distance between the input and the output of the decoder [55]. In our case, the loss function $\Delta$ is the Mean Squared Error (MSE) function, in line with other relevant scientific research such as [19,55,56], and defined as per Equation (4) on distributions x and y.

$$MSE(x,y)={\displaystyle \frac{1}{d}}·{\displaystyle \left|\right|x-{y\left|\right|}_2^2},\forall x,y\in {\mathbb{R}}^d,$$

(4)

Different variants of autoencoders are available, including regularized autoencoders, variational autoencoders, and sparse autoencoders [57]. Even when the bottleneck consists of a single node, overfitting remains a concern if the encoder and decoder capacities are sufficiently large to encode each sample into an index. Autoencoders involve a crucial trade-off between minimizing the reconstruction error for effective input reconstruction and ensuring that the low-dimensional representation generalizes meaningfully.

Historically, autoencoders have primarily found application in image generation, specifically in generating image sets that resemble the input data. However, security researchers take advantage of autoencoders, especially for anomaly detection, i.e., to detect the occurrence of abnormal events beyond the usual ones. For example, assume that an autoencoder $ae$ is trained with a probability distribution P of clear samples, and Q is the distribution of malicious samples not used during the training process. Then, any unseen test sample with the same statistical distribution of P exhibits a smaller reconstruction error (calculated using Equation (4)). This reconstruction error is used to set a threshold to classify the testing dataset as either an anomaly or regular.

5. Theoretical Framework and Methodology

This section describes the methodology we followed to design and test our solution. Our approach aims to detect jamming attacks when standard techniques fail because they rely on higher-layer link-quality estimation techniques, e.g., BER. Detecting jamming attacks when BER is affected might be too late since the communication link might be broken. In contrast, our solution can identify jamming attacks when the communication link quality is still high (BER close to zero). Indeed, while we assume that the communication parties in close proximity to the jammer cannot communicate (raising alarms about the presence of the jammer), our solution allows the detection of the jamming source further away with respect to standard solutions, i.e., from a larger (geographical) distance between the jammer and the receiver where communication between the parties is still possible, thus allowing to raise an alarm about the presence of the jammer.

5.1. Theoretical Framework

As previously described regarding the two scenarios in Section 3, this section develops the theoretical framework for our reference scenario model. We consider a standard BB-PLC network deployed in a residential environment, as illustrated in Figure 5.

The network comprises various devices engaged in communication through the power-line medium. Our work focuses on the detection of denial of service attacks (jamming) to the communication between $\mathcal{A}$ and $\mathcal{B}$ by a malicious entity ($\mathcal{E}$). In the reference scenario, the adversary ($\mathcal{E}$) strategically uses a jamming attack, injecting a disruptive signal into the PLC network with the explicit goal of disrupting the communication between $\mathcal{A}$ and $\mathcal{B}$. Within the framework of the PLC channel model (depicted in Figure 6), the parameters $h_{\mathcal{A}-\mathcal{B}}$ and $h_{\mathcal{E}-\mathcal{B}}$ model the intricate channel gains characterizing the $\mathcal{A}$–$\mathcal{B}$ and $\mathcal{E}$–$\mathcal{B}$ links, respectively. The inclusion of Additive White Gaussian Noise (AWGN), denoted as $n\mathcal{B}$, further underscores the complexities inherent in the communication channels under consideration. This comprehensive analysis improves our understanding of the disruptive mechanisms orchestrated by the adversary within the PLC network. Consequently, we can model the instantaneous Signal-to-Noise Ratio (SNR) at $\mathcal{B}$ as per Equation (5).

$$\begin{array}{cc}\hfill {\gamma }_{\mathcal{A}-\mathcal{B}}& ={\displaystyle \frac{P_T{H}_{\mathcal{A}-\mathcal{B}}}{P_J{H}_{\mathcal{E}-\mathcal{B}}+N_{\mathcal{B}}}},\hfill \end{array}$$

(5)

where $P_T$ represents the transmit signal power, $P_J$ denotes the jamming signal power, $H_{X-\mathcal{B}}$ is the squared magnitude of the complex channel gain $h_{X-\mathcal{B}}$ (where $X\in \{\mathcal{A},\mathcal{E}\}$), and $N_{\mathcal{B}}$ is the corresponding noise power. We model the PLC channels as Rayleigh-fading channels, in line with the existing literature [58,59,60], with the Probability Density Function (PDF) expressed as follows

$$f_{H_{X-\mathcal{B}}}\left(x\right)={\displaystyle \frac{1}{{\overline{H}}_{X-\mathcal{B}}(F_C,d_{X-\mathcal{B}})}}exp\left({\displaystyle \frac{-x}{{\overline{H}}_{X-\mathcal{B}}(F_C,d_{X-\mathcal{B}})}}\right),$$

(6)

where ${\overline{H}}_{X-\mathcal{B}}(F_C,d_{X-\mathcal{B}})$ denotes the mean of $H_{X-\mathcal{B}}$, representing the average frequency–distance-dependent PLC channel attenuation. $F_C$ is the carrier frequency, and $d_{X-\mathcal{B}}$ is the distance associated with the $X-\mathcal{B}$ link. According to [60], ${\overline{H}}_{X-\mathcal{B}}(F_C,d_{X-\mathcal{B}})$ is expressed as per Equation (7).

$${\overline{H}}_{X-\mathcal{B}}(F_C,d_{X-\mathcal{B}})=exp\left(-2\left[a_0+a_1{F}_C^{a_2}\right]d_{X-\mathcal{B}}\right),$$

(7)

Here, $a_0$, $a_1$, and $a_2$ denote PLC signal attenuation parameters pertinent to the PLC environment.

Table 2. Notations, descriptions, and considered values.

Parameter	Notation	Value
Transmit Power [dB$\mathrm{\mu }$V]	$P_{\mathrm{T}}$	120
Noise Power [dB$\mathrm{\mu }$V]	$P_N$	70
Number of SC per OFDM Symbol	$N_{SC}$	512
FFT Size	$N_{FFT}$	512
Carrier Frequency [Hz]	$F_c$	20 × ${10}^6$
Sub-Carrier Spacing [Hz]	${\Delta }_f$	15 × ${10}^3$
OFDM Symbols per Frame	$N_{Symb}^{Frm}$	20
Sampling Time [s]	$T_{samp}$	$1/(2\times F_c)$
OFDM Symbol Duration [s]	$T_{Symb}$	$N_{FFT}\times T_{samp}$
Frame Duration [s]	$T_{Frame}$	$N_{Symb}^{Frm}\times T_{Symb}$
Number of Frames	$N_{Frame}$	$\lceil T_{Sim}/T_{Frame}\rceil$
Number of OFDM Symbols	$N_{Symb}$	$N_{Frame}\times N_{Symb}^{Frm}$
Distance $\mathcal{A}$–$\mathcal{B}$ [m]	$d_{\mathcal{A}-\mathcal{B}}$	30
Distance $\mathcal{E}$–$\mathcal{B}$ [m]	$d_{\mathcal{E}-\mathcal{B}}$	≥60
Simulation time [s]	$T_{Sim}$	2

provides a comprehensive overview of the primary notation utilized in this manuscript, along with the corresponding parameter values used later for evaluation purposes.

The PLC system employs Orthogonal Frequency Division Multiplexing (OFDM) with $N_{SC}$ sub-carriers per OFDM symbol. The Fast Fourier Transform (FFT) of size $N_{FFT}$ is used for OFDM modulation and demodulation, with sub-carrier spacing ${\Delta }_f$ between adjacent frequencies. Each frame consists of $N_{Symb}^{Frm}$ OFDM symbols, and, for our total simulation time $T_{Sim}$, we use $N_{Frame}$ frames, resulting in a total of $N_{Symb}$ OFDM symbols transmitted during the experiment.

In the remainder of this section, we will discuss the main tasks performed by the receiver to identify the presence of a jammer in the network; recall Figure 1. A preliminary phase in our methodology involves generating images from the collected I−Q samples. This phase is not mandatory, but it has been demonstrated that it helps to mitigate the impact of noise, thereby helping the classifier to isolate and identify consistent patterns, i.e., the features of the jammer [11,56]. Subsequently, we treat the jamming detection problem as an image classification problem: depending on the scenario, the classifier is challenged to classify the image as consisting of jammed samples (Scenario 1) or as an anomaly with respect to a baseline composed of non-jammed samples (Scenario 2).

Generation of Images. A baseline solution to detect the presence of a jammer might involve the use of I−Q samples (as they are) as the input of the classifier. This methodology has been proven to be prone to (not negligible) misclassifications in the context of wireless communications [61] due to the presence of the physiological noise already present in the communication link, which hides the features of the phenomenon to be detected. In the following, we resort to a pre-processing technique, which turned out to be effective in mitigating the impact of the noise, thus being able to maximize the performance of the classifier. Such a technique involves translating I−Q samples into images while resorting to the computation of the bi-variate histogram and mapping the output into an image.

Figure 7 provides details on the pre-processing stage of our solution and, in particular, how I−Q samples are translated into images. The dataset is created using the reference model discussed in Section 5.1.

The I−Q samples are generated by simulating the physical layer of a PLC channel and then translating the samples acquired from such a channel into images. Our approach is in line with some other pre-processing techniques of I−Q-samples [40,56,61]. However, such techniques have never been applied to wired channels, and not even in (very noisy) PLC networks. We conducted an empirical study to choose the number of I−Q samples required to create a bi-variate histogram h. Each value of the bi-variate histogram should be ≤$3\ast 256-1=767$, and therefore 634,880 samples are required for each image. We also consider that some I−Q samples fall away from the ideal positions $b=0\to \{Q=0,I=1\}$ and $b=1\to \{Q=0,I=-1\}$ due to the noise of the communication link. We filter out such samples by taking the 95 quantile of the I component and the 95 quantile of the Q component. We computed the minimum and maximum values of the I and Q components and used them as the range for the x-axis and y-axis, respectively. Then, we find the bi-variate histogram h by dividing the plane into $N\times M$ linearly spaced tiles. Finally, we use the following rule to map each tile to the corresponding pixel value of the specific channel of the RGB image.

• For values of $h(i,j)$ such that $0\le h(i,j)\le 255$, the corresponding channel’s pixel values are $p_R(i,j)=h(i,j),p_G(i,j)=0,p_B(i,j)=0$.
• When the range $(256\le h(i,j)\le 511)$, pixel values are set according to the following mapping: $p_R(i,j)=255,p_G(i,j)=h(i,j)-255,p_B(i,j)=0$.
• When $h(i,j)>511$, the pixel values are $p_R(i,j)=255,p_G(i,j)=255,p_B(i,j)=h(i,j)-510$.

Table 3. Dataset description: we consider various image sizes and a total of 750 images for both jammed and non-jammed signals while reporting the I−Q samples required to generate the images.

Image Resolution	No. of Samples	No Jamming [Images]	Jamming [Images]
$224\times 224\times 3$	655,360	750	750
$192\times 192\times 3$	471,040	750	750
$156\times 156\times 3$	317,440	750	750
$128\times 128\times 3$	204,800	750	750

summarizes our dataset configuration. We consider different configurations with the aim of obtaining balanced datasets of jammed and non-jammed samples that can be compared; i.e., all the configurations resort to 750 images. As discussed before, translating I−Q samples into images is an important step propaedeutical to the classification process. Therefore, we consider different image resolutions, as depicted in Table 3. In order to achieve uniform dataset sizes when applying different image resolutions, we considered a consistent number of samples, i.e., bit streams of different lengths. Finally, each dataset is composed of 1500 images (750 for $X_{NJ}$ and $X_J$ each). During the training process, we randomly split $X_{NJ}$ into training set $\mathcal{T}$ ($60\%\approx 450$) and validation set $\mathcal{V}$ ($40\%\approx 300$). From $X_J$, we only selected the $40\%$ set of data to avoid the class imbalance problem for evaluation.

Multi-Class Classification. This methodology is considered when assuming Scenario 1 (jamming awareness); i.e., the model has previously been exposed to images generated from jammed signals. In fact, we consider two datasets, $X_J$ and $X_{NJ}$, representing the jammed and non-jammed datasets, respectively. Each $X_y$ (where $y\in J,NJ$) is divided into three subsets, namely $\mathcal{T}$, $\mathcal{V}$, and $\mathcal{S}$, each of which constitutes ($60\%\approx 450\times 2\left(\mathrm{classes}\right)\approx 900$), ($20\%\approx 150\times 2\approx 300$), and ($20\%\approx 150\times 2\approx 300$) of the original dataset, respectively. We employ state-of-the-art CNN classifiers, specifically a CNN based on Residual Network (Resnet-18 and Resnet-50) and Inception-v3, implemented in MatLab2023b. Neural network models are pre-trained using the ImageNet database [62]. The input layers are adjusted to accommodate the output of the bi-variate histogram (image size), set at $224\times 224$, while the output layer is modified to match the two classes of our problem, namely jammed and non-jammed.

Jamming Detection. In this case, we consider Scenario 2, where we assume that the receiver has never been jammed before and has to detect the presence of the jammer by only considering a dataset consisting of images generated from non-jammed signals. Under this assumption, we address the problem of jamming detection by considering sparse autoencoders. The typical architecture of autoencoders is shown in Figure 8. The encoder processes input images of size $N\times M\times 3$. The input is compressed into its corresponding latent space representation via multiple hidden units. In the latter stage, compressed features (latent representation) are decoded into $N\times M\times 3$ neurons with the help of a decoder. We stress that, since we assume Scenario 2 during the training process, only $X_{NJ}$ (images generated from non-jammed signals) are considered and passed to the autoencoders. The training phase of the autoencoder is shown in Figure 9, where we highlight that only $X_{NJ}$ is fed to the model.

To fine-tune the configuration of the key parameters in the autoencoder for Scenario 2, we use a subset of the data not used during the training process, namely the validation set. We use the reconstruction MSE of the training and validation sets to calculate a threshold value $\tau$. If a sample image has a reconstruction MSE greater than $\tau$, it is classified as an anomaly; otherwise, it is considered a legitimate sample. The threshold value should be chosen taking into account the sensitivity to minimal anomalies and false positives, i.e., wrong classification of legitimate events on the channel as jamming. If the threshold is too large, anomalies whose MSE value is close to the model cannot be detected. If the threshold is too small, legitimate channel samples could be mistaken for anomalies. We opted for an empirical selection of the threshold computation technique defined in [63] and formalized in Equation (8).

$$\tau =mean\left(MS{E}_{train}\right)+3\times std\left(MS{E}_{train}\right),$$

(8)

where $MS{E}_{train}$ is the MSE of the training set, $mean$ is the statistical average, and $std$ is the standard deviation. As demonstrated by the authors in [63], this choice increases the chances of detecting anomalous channel conditions due to jamming. As an example, Figure 10 shows the threshold calculation for three scenarios, with the receiver located at 65 m, 70 m, and 75 m from the jammer (the jammer uses the same transmission power of the transmitter, i.e., RJP = 1). In Figure 10a,b, the jammed samples (test dataset) are characterized by MSE values that are distinct from the non-jammed ones (training and validation sets). In fact, the distribution of the samples collected in the presence of the jammer exhibits higher MSE values than those collected without the presence of the jammer. In contrast, Figure 10c shows a situation where the two distributions (testing and validation sets) are very close to each other; i.e., the jammer is far from the receiver, and its impact cannot be clearly distinguished from the background noise. As a result, the threshold computed with the criteria mentioned above cannot distinguish between anomalous and regular data.

5.2. Hyperparameter Tuning and Statistical Validation

To identify an optimal and statistically justifiable configuration for our autoencoder model, we performed a comprehensive hyperparameter grid search using a controlled and efficient training setup. Specifically, we reduced the number of training epochs to 50 and utilized only 25% of the full dataset for each of the training, validation, and test sets. The subsets of images for training, validation, and testing significantly reduce computation time while still enabling meaningful statistical analysis.

We evaluated the influence of each hyperparameter on classification accuracy using both one-way and N-way ANOVA. The one-way ANOVA results confirmed that the decoder transfer function ($p<0.0001$), encoder function ($p=0.0001$), sparsity proportion ($p=0.0499$), and sparsity regularization ($p=0.0039$) had a statistically significant impact on model performance. In contrast, hidden layer size and $L_2$ weight regularization did not show statistical significance ($p>0.1$), suggesting robustness to those parameters.

The N-way ANOVA revealed further interaction effects, most notably between encoder and decoder functions ($p<0.0001$), and between sparsity and $L_2$ regularization ($p=0.0113$), indicating the importance of tuning certain parameter combinations jointly rather than independently.

Table 4. Hyperparameter search spaces and selected optimal configurations.

Hyperparameter	Search Range	Optimal Configuration
Hidden Layer Size	{4, 16, 32}	32
Encoder Transfer Function	{logsig, satlin}	logsig
Decoder Transfer Function	{logsig, satlin, purelin}	satlin
Sparsity Proportion	{0.1, 0.5, 1.0}	0.1
Sparsity Regularization	{1, 5, 10}	10.0
$L_2$ Weight Regularization	{0.001, 0.01, 0.1, 0.5, 1.0}	0.1
Training Epochs	50	50

summarizes the full hyperparameter search space and highlights the optimal-performing configuration. This configuration achieved a classification accuracy of 0.9867, precision of 0.9740, recall of 1.0000, and an F1-score of 0.9868 using the following parameters: a logsig encoder, satlin decoder, hidden layer size of 32, sparsity proportion of 0.1, sparsity regularization of 10.0, and $L_2$ weight regularization of 0.1.

The ANOVA-tuned model benefits from statistically validated hyperparameters, improving generalizability and reducing the risk of overfitting. This demonstrates the effectiveness of principled hyperparameter tuning, even under reduced training budgets.

Box plots shown in Figure 11 further support the ANOVA findings, highlighting substantial accuracy variation across activation and sparsity configurations while indicating minimal sensitivity to hidden layer size and $L_2$ regularization.

6. Performance Evaluation

In this section, we analyze the performance of our proposed solution. We start by defining the metrics, and then we show that our analysis considers PLC links characterized by negligible BER, i.e., where the jammer does not affect the quality of the communication link, and, finally, we discuss performance for different scenario parameters, i.e., the distance between the jammer and the receiver, the size of the images generated from the I−Q samples, and, lastly, the relative jamming power.

6.1. Metrics

We evaluated the performance of our solution in terms of accuracy, precision, recall, and F1-score. Accuracy is defined as $acc={\displaystyle \frac{TP+TN}{TP+TN+FP+FN}}$, where $TP$ (True Positive) indicates how many samples of $X_J$ are correctly classified as jammed, $FP$ (False Positive) indicates how many samples of $X_{NJ}$ have been incorrectly classified as jammed signals, $FN$ (False Negative) indicates how many samples in $X_J$ are wrongly classified as non-jammed, and finally $TN$ (True Negative) indicates how many samples of $X_{NJ}$ are correctly classified as non-jammed. We also used the True Positive Rate (TPR) and True Negative Rate (TNR) as evaluation metrics to measure robustness against the number of false alarms (False Positive (FP)) and number of no alarms (False Negatives (FNs)) using the $TPR={\displaystyle \frac{TP}{TP+FP}}$, $TNR={\displaystyle \frac{TN}{TN+FN}}$. The precision is the ratio of the number of $TP$ to the total number of $TP$ and $FP$, defined as ${\displaystyle \frac{TP}{TP+FP}}$. Recall measures the fitness of the model to detect positive labels, defined as ${\displaystyle \frac{TP}{TP+TN}}$. Finally, the F1-score is the harmonic mean of the recall and precision, defined as ${\displaystyle \frac{2\times Precision\times Recall}{Precision+Recall}}$.

In the remainder of this work, we will consider the previously defined metrics to compare the performance of our solution while varying different parameters, such as the receiver knowledge (either Scenario 1 or 2), the distance between $\mathcal{A}$ and $\mathcal{E}$, and the RJP parameter. In particular, while the scenario choice affects the data and the associated labels considered for training the model, i.e., jammed and non-jammed for Scenario 1 and only non-jammed for Scenario 2, the testing phase is always characterized by two balanced datasets characterized by jammed and non-jammed samples.

6.2. Link Quality

Several metrics have been proposed to measure the reliability of data delivery, such as the BER, packet loss rate, latency, and jitter. In the remainder of this paper, we rely on the BER to measure the impact of the jamming signal on the receiver. We computed the BER by counting the number of corrupted bits at the receiver side with respect to the total transmitted ones. Figure 12 shows the BER as a function of the distance between the jammer and the receiver (x-axis) when varying RJP $\in \{0.1,0.35,0.6,0.85,1\}$ (different curves in Figure 12), i.e., the ratio of the power used for jamming with respect to the power of the transmitter. We consider a scenario where the transmitter and the receiver are 30 m away, and the distance between the jammer and the receiver is a parameter of the system specified in the x-axis of Figure 12. In this regard, as shown in Figure 12, we notice that the BER of the link is always quite low, and, for distances higher than 40 m, it is always zero. Thus, detecting jamming at such a distance through the analysis of the BER is simply ineffective. When the adversary moves away from the receiver, the BER drops. It should be noted that, when the jammer is at the same distance from the transmitter, i.e., 30 m, the BER cannot be greater than 15%, assuming the worst case of a jammer that equals the transmission power of the transmitter (RJP = 1). Another important result from Figure 12 is the distance according to which the BER $\approx 0$ independently of the RJP. In fact, we observe that, when the distance between the jammer and the receiver is greater than 50 m, BER $\approx 0$, recalling that the distance between the transmitter and the receiver is 30 meters.

To detect the presence of noise, whether artificial or malicious, SNR has been commonly used in prior studies to assess link quality [64,65]. The probability density function of SNR is shown in Figure 13, and it is computed using Equation (9), where $P_{rx}$ represents the received signal power and N denotes the noise power.

$${SNR|}_{dB}=P_{rx}{{|}_{dB}-N|}_{dB},$$

(9)

$${N|}_{dB}=30+10{log}_{10}E[{(\sqrt{I^2+Q^2}-\mu )}^2],$$

(10)

$$P_{rx}{|}_{dB}=30+10{log}_{10}(I^2+Q^2),$$

(11)

Here, $E\left[{(\sqrt{I^2+Q^2}-\mu )}^2\right]$ is computed over a sliding window of 10 IQ samples, and $\mu$ is the mean of the magnitude over that window. In Figure 13, the transmitter ($\mathcal{A}$) and receiver ($\mathcal{B}$) are separated by 30 m, while the jammer ($\mathcal{E}$) is placed at varying distances from the receiver, specifically at {30, 40, 50, 60, 65, 70, and 75} m with a fixed RJP of 1.0. The figure shows that, as $\mathcal{E}$ moves away from $\mathcal{B}$, the SNR increases, indicating reduced noise dominance. This results in a more challenging scenario for distinguishing jammed from non-jammed signals based purely on SNR analysis.

6.3. Distance Between the Jammer and the Receiver

For this experiment, we consider $\mathcal{E}$ features the same transmission power as $\mathcal{A}$, i.e., $RJP=1$, and we vary the distance between $\mathcal{E}$ and $\mathcal{B}$ while setting the distance $\mathcal{A}$–$\mathcal{B}$ to 30 m. We consider the two reference use cases introduced in Section 5.1.

Scenario 1. We trained our model by limiting the number of epochs to 15. Figure 14a shows the accuracy of three reference CNNs! (CNNs!), i.e., resnet-18, resnet-50, and inceptionv3, as a function of the distance between $\mathcal{E}$ and $\mathcal{B}$. We observe that all three networks are characterized by the same behavior, and the accuracy decreases when the distance $\mathcal{E}$–$\mathcal{B}$ reaches 76 m: CNN cannot detect the presence of a jammer (more than a random guess) when the distance $\mathcal{E}$–$\mathcal{B}$ is greater than 90 m (assuming the distance $\mathcal{A}$–$\mathcal{B}$ equals 30 m).

Recalling Figure 12, we highlight the importance of this finding. In fact, the jammer can be identified when its position is far enough not to affect the quality of the link. In fact, BER $\approx 0$ when the distance $\mathcal{B}$-$\mathcal{E}$ is between 50 and 76 m.

We also report the average training time for each network in Figure 14b. We recall that the networks have been pre-trained on the ImageNet dataset and designed for the classification of 1000 labels in such a dataset. As previously discussed, we re-trained the network to expose them to images representing I−Q samples. Moreover, we adapted the output layers to the number of classes of our problem, i.e., jammed and non-jammed.

Scenario 2. We evaluated the effectiveness of our solution by selecting the optimal parameters, as discussed in Section 5.2. Specifically, we selected the logsig and satlin functions as encoder and decoder transfer functions, respectively, with a sparsity regularization of 10, a sparsity proportion of $0.5$, and a weight regularization of $L_2$ [66]. We also set the number of epochs to 100, the number of hidden units to 32, and used the K-fold cross-validation with $K=5$.

Figure 14c shows the performance of the classifier (autoencoders) when the jammer ($\mathcal{E}$) is moved away from the receiver. We found that the maximum distance where a jammer can be detected is about 68 m. It should be noted that this distance is much less than the one experienced for Scenario 1, i.e., 76 m. In fact, we recall that Scenario 1 assumes the a priori knowledge of jammed signals; i.e., the CNN models have been trained with jammed signals, thus making the model more sensitive to the jamming phenomenon and being able to detect the presence of the jammer further away from the jammer itself.

We also consider the analysis associated with the TP! (TP!) and the TNR, as shown in Figure 14d. We observe that the decrease in accuracy at 70 m (Figure 14c) is justified by the drop in TPR in Figure 14d. In fact, as expected, the TNR is not affected by the distance since the actual challenge is to detect the presence of the jammer at large distances between $\mathcal{E}$ and $\mathcal{B}$ (TPR). We also evaluated the effectiveness of different combinations of hyperparameters, as discussed in Appendix A.

6.4. Image Size

An important parameter that affects the performance of the classifier is the size of the images considered as the input to the classifier itself. In this section, we investigate the impact of image size on the performance of the classifier. In particular, we only focus on Scenario 2, i.e., jamming detection via autoencoders without prior knowledge of jammed signals. We do not apply our analysis to Scenario 1 since changing the input size for CNN involves significant changes in the input layers of the network, thus making the comparison unfair between the cases considered.

Figure 15a shows the accuracy of the autoencoder as a function of distance $\mathcal{E}$–$\mathcal{B}$ while considering different image sizes. We observe that image size affects the performance of the classifier: larger images ($224\times 224$) allow for the detection of the jammer at longer distances, i.e., 68 m with respect to 66 m when considering images of size $128\times 128$. Our analysis also considers the training time as a function of the image size, as shown in Figure 15b. While performances are slightly affected by the size of the image (about 6%), the training time increases from about 37.7 s to 112 s (about +300%). Thus, system administrators should consider the trade-off between performance (accuracy) and training time when choosing the image size to be used at deployment time.

6.5. Relative Jamming Power (RJP)

We investigate the impact of the jamming power by fixing the distance between $\mathcal{E}$ and $\mathcal{B}$ at 65 m and varying the power of the signal injected by the jammer, i.e., the RJP. As previously conducted, we evaluate the performance of our solution in the settings of Scenario 1 using the networks resnet18, resnet50, and inceptionv3, while we use the autoencoder for Scenario 2.

Scenario 1. Figure 16a shows the accuracy of the CNN as a function of the RJP. We observe that an RJP equal to 0.1 is enough to guarantee an accuracy of about 1. This result should be compared with Figure 14a, where RJP was set to 1. In fact, we highlight that the jammer can be detected with overwhelming probability even when transmitting at a negligible fraction of the power, i.e., RJP = 1.

Scenario 2. Finally, we consider the performance of the autoencoder by varying the RJP. Figure 16b shows the accuracy, precision, recall, and F1-score as a function of the RJP while setting the $\mathcal{E}$–$\mathcal{B}$ distance to 65 m. We observe that the autoencoder requires the jammer to use a higher RJP (0.5) compared to the previous case (Figure 16a) to work effectively for anomaly detection. As discussed for the distance analysis, CNNs are trained on jammed signals, making them more sensitive and capable of detecting the presence of the jammer, even in the presence of lower RJP.

7. Conclusions

This work has presented a solution to detect jamming attacks in PLC networks by considering CNNs and autoencoders as a function of the type of data considered for training the neural network model, i.e., with or without the presence of the jammer. We highlighted the trade-off between CNNs and autoencoders in detecting the presence of a jammer in the network: while autoencoders are less sensitive, thus requiring closer positioning of the jammer to the receiver, they do not require signals affected by jamming for training. Finally, we highlight that our jamming detection techniques are successful with overwhelming probability, even when the jammer is far away from the receiver, thus not affecting the quality of the link. To further strengthen the model’s robustness and generalizability, we conducted a comprehensive hyperparameter tuning process validated through ANOVA statistical tests. We also analyzed the SNR trends and BER behavior as a function of jammer distance, offering insight into the physical-layer limitations and detection boundaries. In the future, we will investigate the additional jamming types under a real-world scenario.