1 Introduction

The smart grid is one of the fastest growing, most complex, and vitally important cyber-physical systems in the world. Smart grid is envisioned to fully integrate high-speed and two-way communication technologies into millions of power equipment to establish a dynamic and interactive infrastructure with new energy management capabilities, such as advanced metering infrastructure (AMI) and demand response [1]. At the same time, smart grids heavily rely on information and communication technology to achieve efficient and reliable operation. The reliable operation of smart grids depend on the security and robustness of their information infrastructure against attacks and failures [2, 3]. With the incorporation of information technology, the smart grids would be exposed to potential cyber attacks. These attacks target the availability, integrity, and confidentiality of smart grids’ functionalities such as monitoring and control systems [4].

This paper addresses false data injection (FDI) attack, which is the most well-known and critical data integrity vulnerability in smart grids. Successful detection of FDI attacks is essential for ensuring secure operation of smart grids. Recent works focused on FDI attacks have demonstrated how an opponent can bias measurements and bypass residual-based bad data detection (BDD) systems [5]. This type of attack is called undetectable FDI [6]. State of the art studies have shown that FDI attacks could be unobservable in presence of an intruder who coordinately controls a small number of smart meters. In other words, there is no defense mechanism against these malicious attacks in the existing state estimation processes. An adversary can perform a man-in-middle attack on the communication channel between the control center and measurement units and send malicious false data. The only step that might detect the attack during the state estimation process is using a BDD system.

The BDD is typically used to ensure the integrity of state estimation and filter faulty measurements introduced by device malfunctions or malicious attacks. But almost all bad data detectors are unable to detect a certain type of attack, which is known as the undetectable FDI attack. Experimental results on the supervisory control and data acquisition (SCADA) systems under FDI attack demonstrate that the attack is successful at least \( 50\% \) of the time without alerting the BDD system [7]. Therefore, it is important to understand that FDI attacks can circumvent BDD and insert bias into the value of the estimated state stealthily and affect the system’s stability [8]. Biased estimates could directly lead to serious social and economic consequences and even manipulate the electricity price in the power market [9], and even result in widespread blackouts.

The main contributions of this paper are:

  1. 1)

    Optimal protection problem in smart grids is modeled as a Steiner tree problem, taking into account the practical concerns of critical bus importance and financial considerations regarding the growth strategy.

  2. 2)

    We determine the critical nodes in the smart grid using social network metrics and use these nodes as terminals in a weighted Steiner tree to find the optimal protection strategy.

  3. 3)

    Since Steiner tree problem might be solved faster and simpler in planar graphs, we test the planarity of the smart grid network. We also use a maximal edge planar subgraph detection algorithm to extend our algorithm for solving Steiner tree problem in planar graphs to a heuristic algorithm for non-planar smart grid graphs.

  4. 4)

    We propose an efficient heuristic algorithm to find the minimum Steiner tree and its corresponding optimal protection set which outperforms existing heuristic algorithms for this purpose.

  5. 5)

    To guarantee the quality of the protection set, we propose two approaches: an exact but slow algorithm that finds the optimal solution and an approximation algorithm which guarantees that the cost of its solution is at most 1.39 times the optimal solution, but is much faster than the exact algorithm.

The rest of the paper is organized as follows. Section 2 discusses the related work. In Section 3, we describe the system model that is used throughout the paper. Section 4 presents the smart grid graph and explains the graph-based state estimation problem. In Section 5, we propose our approaches for determining the protection set of measurements. In Section 6, we evaluate the proposed approaches and provide simulation results. Finally, some concluding remarks and directions of future research are presented in Section 7.

2 Related work

A wide range of studies are related to the security challenges in smart grids. In this section, we briefly cover two lines of research that their results are mostly related to our work. At first we survey important types of FDI attacks that are proposed in the literature. Then, we focus on protection mechanisms and attack detection methods in smart grids.

2.1 FDI attacks in smart grids

FDI attacks on smart grids were first introduced in 2009 by [5] and expanded in [10]. Following this work, many researchers tried to come up with more realistic attacks on smart grid state estimation. In [11], a comprehensive review of state of the art in FDI attacks against modern power systems is presented. In [12], authors proposed an attack strategy for smart grid state estimation and considered two regimes of attacks: the strong attack regime where the adversary attacks a sufficient number of meters so that the attack becomes unobservable by the control center and the weak attack regime where the adversary controls only a small number of meters. The problem is investigated from a decision theoretic perspective for both the control center and the adversary.

In [13], authors point out that a realistic FDI attack is essentially an attack with incomplete information due to the attacker’s lack of real-time knowledge with respect to various grid parameters and attributes such as the position of circuit breaker switches and transformer tap changers, and also because of the attacker’s limited physical access to grid facilities. They also characterize FDI attacks mathematically with incomplete information from both the attacker’s and grid operator’s viewpoints. In [14], the case of a bi-level hierarchical state estimator that provides only partial observability to lower-tier state estimators, is considered and an attack model is proposed which presents a formulation for identifying minimal sets of additional measurements to tolerate k-measurement attacks in this hierarchical state estimator.

An algorithm to construct unobservable FDI attacks for an AC state estimator is proposed in [15]. In [16], the problem of finding the optimal attack strategy, i.e. a data-injection attack strategy that selects a set of meters to manipulate in order to cause the maximum damage is studied. A bi-level mixed integer linear programming (MILP) model for determining the optimal measurements set protection is presented in [17]. The stealthy deception attack in remote state estimation, which is a typical attack in cyber physical system (CPS), is investigated in [18]. A two-stage attack scheme to demonstrate the practical feasibility of unobservable FDI attacks in smart grids is described in [19].

In [20], the authors studied the general problem of blind FDI attack using the principal component analysis (PCA) approximation method without the knowledge of Jacobian matrix and assumptions on the distribution of state variables. The proposed attack is proven to be approximately stealthy. An efficient strategy for determining the optimal attack region that requires reduced network information is proposed in [21]. Reference [22] proposes an imperfect FDI attack model and its corresponding forecasting-aided implementation method against the nonlinear power system state estimation by introducing an attack vector relaxing error. An end-to-end case study of how to instantiate real FDI attacks to the AC state estimation process presented in [23]. Authors in [24] use two-stage sparse cyber-attack models for smart grid with complete and incomplete network information and then propose a novel detection mechanism based on dual optimization problem and stacked auto-encoder (SAE) typical deep learning method.

2.2 Detection and protection mechanisms against FDI

Researches focused on devising mechanism against FDI attacks can be categorized in two classes: detection mechanisms and protection mechanisms. Here we briefly survey the two categories.

2.2.1 Detection mechanisms for FDI attack

Reference [6] proposed a detection procedure with protecting a critical selected set of sensor measurements in smart grid. The problem of FDI attack detection is intended as a framework that characterizes the attack as an optimization problem through a security metric in [7]. Since distributed state estimation will become an important alternative to centralized and hierarchical solutions in smart grid, a fully distributed attack detection algorithm is introduced in [25]. In [26], the attack detection problem in the smart grid is formulated as a statistical learning problem for different attack scenarios in which the measurements are observed in batch or on-line settings and a machine learning algorithm is used to classify the measurements and detect the attack. A graph-theoretic algorithm for localizing the target of FDI attacks in large power system networks using real-time synchrophasor measurements is proposed in [27]. In [28], the problems of state estimation and attack detection in smart grids when the measurements are corrupted by colored Gaussian noise are considered.

2.2.2 Protection mechanisms against FDI

In this category, researchers try to find necessary and sufficient conditions for selecting the protection measure set and analyzing the properties of the optimal solution with minimum cost and number of measurements. Considering the typical large size of electrical grids, the selection of subsets of measurement units for protection is a highly complex combinatorial optimization problem. Defense mechanisms against false-data injection attacks for the first time investigated in [29]. A fast greedy algorithm to select a subset of measurements to be protected is presented in [30]. A protection approach based on dividing the large system to several subsystems in order to improve the sensitivity of BDD system is proposed in [31]. A relationship between the system stability indices and FDI attacks extracted in [32]. In [33], a graphical method is introduced as a defending mechanism against FDI attacks on power system. They have proven if a subset of meter measurements selected securely, no FDI attack can be launched. Also, in [34] using covert power network topological information and graph concepts, a novel defense mechanism is presented. In a practical scenario to protect smart grid against unknown attackers with unpredictable and dynamic behaviors, a novel adaptive Markov strategy (AMS) is proposed in [35].

3 System model and assumptions

In order to investigate the FDI attack in smart grid, we first describe the linear and simplified DC state estimation model that is used in our work. Let us consider the DC state estimation problem in a network with \( n+1 \) nodes. The network states are comprised of bus phase and voltage amplitude. Often voltage amplitude can be measured directly, while to obtain the phase angle, state estimation is needed [36]. In general, a network with a large number of phasor measurement units (PMUs) produces more accurate state estimations. The major part of Jacobian matrix \({\varvec{H}}\) has a linear relation with PMU observations. In other words, if the number of PMUs that are installed in the network is sufficient, such that the network is observable from these PMUs, then \( {\varvec{H}} \) is linear. In this case, linearization error is decreased significantly and thus using DC model is optimal. We assume that the attacker use linear approximation DC estimation model but the network operator uses accurate model. In DC model, voltage amplitude and phase angle estimations are calculated based on active power of transmission line and injection power into the buses [36]. An arbitrary bus with zero phase angle is selected as the reference bus and states are n-dimensional vector phase voltage angles \({\varvec{x}}=(\theta _{1},\theta _{2},\dots ,\theta _{n})^{'}\). If \( {\varvec{z}}=(z_{1},z_{2},\ldots ,z_{m})^{'}\) be the m-dimensional measurement vector, then the relation between \( {\varvec{z}} \) and \( {\varvec{x}}\) can be modeled as [36]:

$$\begin{aligned} {\varvec{z}}={\varvec{Hx}}+{\varvec{e}} \end{aligned}$$
(1)

where \( {\varvec{e}}\sim N(0,{\varvec{R}}) \) is the measurement Gaussian noise with covariance matrix \({\varvec{R}}\) and zero mean. In a fully observable system equipped with PMUs, the matrix \( {\varvec{H}} \) in the control center is complete and has no linearization error. But in practice and especially from the attacker’s perspective, the system is partially observable, i.e. \( {\varvec{H}}=[{\varvec{H}}_{1},{\varvec{H}}_{2}] \), where \( {\varvec{H}}_{1} \) is an exact linear model for the observable part that obtained from PMUs and \( {\varvec{H}}_{2} \) is a linear approximation for the unobservable part. If \( {\varvec{H}} \) is full rank (i.e. \( rank({\varvec{H}})=n\)), then the weighted linear square (WLS) estimate \( \hat{{\varvec{x}}} \) is given by [29]:

$$\begin{aligned} \hat{{\varvec{x}}}=({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{z}} \end{aligned}$$
(2)

Since \( rank({\varvec{H}})\le m \), at least n measurements are required to extract the optimal state estimation and \( n-m \) measurement units should be used to enhance resilience against errors.

3.1 FDI attack model

The BDD algorithm in SCADA systems compares the norm-2 residuals (i.e. \( \parallel {\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}}\parallel \)) with a predefined threshold \( \tau \) to make decisions [33]:

$$\begin{aligned} \parallel {\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}}\parallel < \tau \end{aligned}$$
(3)

It has been proven that if an attacker use cleverly driven attack vector \( {\varvec{a}}={\varvec{Hc}} \), where \( {\varvec{c}}=[c_{1},c_{2},\ldots ,c_{n}]^{\mathrm {T}}\) is a non-zero vector that the attacker designed to cheat the BDD and launch an undetectable attack as follows [5]:

$$\begin{aligned} \parallel {\varvec{z}}+{\varvec{a}}-{\varvec{H}}(\hat{{\varvec{x}}}+{\varvec{c}})\parallel&= \parallel {\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}}+({\varvec{a}}-{\varvec{Hc}})\parallel \nonumber \\&=\parallel {\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}}\parallel \le \tau \end{aligned}$$
(4)

Then the estimated state is given by:

$$\begin{aligned} \hat{{\varvec{x}}}_{{\varvec{a}}}&=({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}({\varvec{z}}+{\varvec{a}}) \nonumber \\&= ({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}({\varvec{z}}+{\varvec{Hc}}) \nonumber \\&=\hat{{\varvec{x}}}+{\varvec{c}} \end{aligned}$$
(5)

But, it is impossible for the attacker to obtain exact \({\varvec{H}} \) in practice, which in turn makes it impossible to approximate \( {\varvec{a}}={\varvec{Hc}} \). Therefore, if we assume that attacker can deceive the BDD system based on residual norm-2, then the attacker should be able to perform the attack by computing \( \epsilon =\parallel {\varvec{a}}-{\varvec{Hc}}\parallel \le \tau - ||{\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}} ||\), and then \( ||{\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}} ||\le \tau \). In an attack scenario that utilizes \( {\varvec{z}}_{{\varvec{a}}}={\varvec{z}}+{\varvec{a}} \), the estimated state vector is \( \hat{{\varvec{x}}}_{FDI}=\hat{{\varvec{x}}}+{\varvec{c}} \). Therefore, residual norm-2 in the BDD system is given by:

$$\begin{aligned} ||{\varvec{z}}_{{\varvec{a}}}-{\varvec{H}}\hat{{\varvec{x}}}_{FDI} ||&= ||{\varvec{z}}+{\varvec{a}}-{\varvec{H}}(\hat{{\varvec{x}}}+{\varvec{c}})||\nonumber \\&\le ||{\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}}||+||{\varvec{a}}-{\varvec{Hc}}||\end{aligned}$$
(6)

As a result we always have \( ||{\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}}_{FDI}||\le \tau \) and the attack is undetectable until \( \epsilon \le \tau -||{\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}}||\). The full attack vector assumption in [5, 6, 29, 33, 34] is a special case where \( \epsilon =0 \).

In practice, attackers are unable to access the exact Jacobian matrix \({\varvec{H}} \), because of limited access to operational information and restricted physical access to the network. In other words, the attacker’s information about the system is incomplete and can be modeled using an error matrix \( {\varvec{\delta }} \): \( {\varvec{H}}\longrightarrow {\varvec{H}}+{\varvec{\delta }} \). Thus the attack vector produced by the attacker is \( {\varvec{a}}=({\varvec{H}}+{\varvec{\delta }}){\varvec{c}}={\varvec{Hc}}+{\varvec{\delta }}{\varvec{c}} \). In this situation, estimated state vector given by:

$$\begin{aligned} {\hat{\varvec{x}}}_{{\varvec{a}}}&=({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}({\varvec{z}}+{\varvec{a}}) \nonumber \\&= ({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}({\varvec{z}}+{\varvec{Hc}}+{\varvec{\delta c}}) \nonumber \\&=({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{z}} \nonumber \\&\quad +({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}({\varvec{Hc}}) \nonumber \\&\quad +({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}({\varvec{\delta c}}) \nonumber \\&={\hat{\varvec{x}}}+{\varvec{c}}+{\varvec{A\delta c}} \end{aligned}$$
(7)

where \( {\varvec{A}}= ({\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}{\varvec{H}})^{-1}{\varvec{H}}^{\mathrm {T}}{\varvec{R}}^{-1}\). Due to the incomplete information, the attack vector amplitude is changed to \( \bar{{\varvec{c}}}={\varvec{c}}+{\varvec{A\delta c}} \) which increases the attack detection probability. In this case, norm-2 of measurement residuals in the BDD system is given by:

$$\begin{aligned} {\varvec{r_{a}}}={\varvec{z_{a}}}-{\varvec{H}}{\hat{{\varvec{x}}}{_{a}}}&={\varvec{z_a}}-{\varvec{H}}(\hat{{\varvec{x}}}+\bar{{\varvec{c}}})\nonumber \\&={\varvec{z}}-{\varvec{H}}\hat{{\varvec{x}}}+{\varvec{a}}-{\varvec{H}}\bar{{\varvec{c}}} \nonumber \\&={\varvec{r}}+{\varvec{a}}-{\varvec{H}}\bar{{\varvec{c}}} \nonumber \\&={\varvec{r}}+({\varvec{Hc}}+{\varvec{\delta c}}) -{\varvec{H}}({\varvec{c}}+{\varvec{A\delta c}}) \nonumber \\&={\varvec{r}}+({\varvec{I}}-{\varvec{HA}}){\varvec{\delta c}} \nonumber \\&={\varvec{r}}+{\varvec{B\delta c}} \end{aligned}$$
(8)

where \( {\varvec{B}}={\varvec{I}}-{\varvec{HA}} \). Therefore the attack is undetectable if:

$$\begin{aligned} \epsilon&=||{\varvec{a}}-{\varvec{H}}\bar{{\varvec{c}}}||= ||({\varvec{Hc}}+{\varvec{\delta c}})-{\varvec{H}}({\varvec{c}}+{\varvec{A\delta c}})||\nonumber \\&=||{\varvec{I}}-{\varvec{HA}}||||{\varvec{\delta c}} ||\nonumber \\&\le \tau - ||{\varvec{\delta z}}-{\varvec{H}}\hat{{\varvec{x}}}||\end{aligned}$$
(9)

Upper bound on \( {\varvec{\delta c}} \) indicates the trade-off between the achievable information accuracy and the attack amplitude.

4 Smart grid graph and state estimation protection

In general, system operators try to make sure that it is impossible to launch undetectable attacks to falsify a certain set of state variables \( D \subseteq I \), where I is the set of unknown estimated states. The system operators can decrease the rate of undetectable FDI attacks using secure measurements [9, 29, 34, 37]. In fact the probability of an undetectable attack will be negligible if and only if the set of secure measurements P protects state variables D such that [29]:

$$\begin{aligned} rank({\varvec{H}}_{{P},*})=rank({\varvec{H}}_{{P},{I\backslash D}})+|D|\end{aligned}$$
(10)

where \( {\varvec{H}}_{{P},*} \) is a sub-matrix of \({\varvec{H}}\) that contains rows corresponding to P and \( {\varvec{H}}_{{P},{I\backslash D}} \) is a sub-matrix of \( {\varvec{H}}_{{P},*} \) that contains the columns corresponding to D. We need to minimize the protection cost of state variables D:

$$\begin{aligned} {\left\{ \begin{array}{ll} \underset{P\subseteq M}{\text {min}} |P|\\ {\text {s.t.}} \quad rank({\varvec{H}}_{{P},*})=rank({\varvec{H}}_{{P},{I\backslash D}})+|D|\end{array}\right. } \end{aligned}$$
(11)

where M is a meters set. It has been proved that solving (11) is an NP-hard problem [33]. Note that in order to simplify the problem, we have assumed for each measurement the cost of labor and monitoring systems installation is fixed.

4.1 Observability and state variable protection

In this section, we first introduce graph-theoretical specifications of the power network and then explain the equivalence relationship between the observability and the state estimation protection. Next, we use graph theory to formulate the state estimation protection (11).

Power networks can be modeled as an undirected graph where vertices and edges correspond to buses and transmission lines, respectively. For each edge \( e_{i} \), the head and tail vertices are denoted as \( e_{i}^{h} \) and \( e_{i}^{t} \), respectively. We use \( N_{j} \) to represent the set of edges connected to vertex \( v_{j} \). The power network observability analysis investigates whether it is possible to find a unique estimation from the unknown state variables or not [38]. In [39], the concept of network observability is extended to the state variable observability. Based on the results of [29], the state variables set \( D \subseteq I \) is observable from the measurements set \( P\subseteq M \) if and only if the unique estimation of D can be obtained using the vector measurements of P. In other words for each arbitrary measurement \( {\varvec{z}}_{P} \) and two different vectors \( \bar{{\varvec{\theta }}}\ne {\varvec{\theta }}\) we always have:

$$\begin{aligned} {\varvec{H}}_{{ P},*}\bar{{\varvec{\theta }}}={\varvec{H}}_{{ P},*}{\varvec{\theta }}={\varvec{z}}_{P}\Longrightarrow \bar{{\varvec{\theta }}}={\varvec{\theta }}\quad \quad \forall k\in I \end{aligned}$$
(12)

Therefore the measurement subnetwork \( {\bar{G}}(P)=(v^{'},\varepsilon ^{'}) \) is observable if and only if all the unknown state variables S is observable from P, i.e.

$$\begin{aligned} rank({\varvec{H}}_{{P},{S}})=|S| \end{aligned}$$
(13)

where \( S=v^{'}\backslash R \) and R is the reference bus. It is clear from (13) that while \( | D| \le | P| \), D is observable from P. Thus the set of state variables D is protected against undetectable FDI attacks using the protected measurement set P if and only if D is observable from P [33].

4.2 Optimal protection graph

Relation between network observability and spanning trees has been established in [39]. A spanning tree for a connected graph G is a tree containing all the vertices of G. The complete measurement network \( G=(v,\varepsilon ) \) is observable if and only if the graph of G contains a spanning tree where each edge of which is mapped to a meter on it or an injection meter that measures it. The measurement subnetwork \( {\bar{G}}(M)=({\bar{v}},{\bar{\varepsilon }}) \) is observable if and only if the graph defined on G(P) contains a tree that connects all vertices in \( {\bar{v}} \) and each edge is uniquely mapped to a meter in P.

It can be seen that the tree which is made of a protected meter set consists of the protected unknown state variables. Thus it is possible to formulate the optimal state protection problem as a minimum measurement Steiner tree (MMST) problem in the graph of G [34]. A minimum Steiner tree is a tree in a graph G which spans a given subset of vertices with the minimal total distance on its edges. In other words, to protect the set of state variables D with minimum cost, it is enough to find minimum weighted Steiner tree (MWST) \( T^{*}=(V^{*},\varepsilon ^{*}) \) with meter set \( P^{*}\subseteq M \) under the following conditions: \(\textcircled {1}\,V^{*} \) is a set of all vertices measured by \( P^{*} ; \textcircled {2}\,D\subset V^{*}; \textcircled {3}\) each edge in \( \varepsilon ^{*} \) is uniquely mapped to a meter in \( P^{*} \).

The measurement set \( P^{*} \) is an optimal solution of (11). We consider MWST problem instead of the spanning tree problem, because \( T^{*} \) only depends on a subgraph of the full measurement graph and all unknown state variables in \( T^{*} \) and D are observable from \( P^{*} \). The MWST problem is an NP-hard problem and all known exact algorithms for solving it have exponential time complexities with respect to \( | D| \) or \( | I| -| D| \) [40].

5 Proposed algorithms

In this section we present our approaches for solving optimal protection problem, which formulates protecting the state variables in a smart grid with minimum number of measures against FDI attacks.

5.1 Optimal state variable protection problem in a smart grid with critical buses

In real smart grids, buses have fundamental differences in terms of level of importance. In other words, the priorities of protecting different buses against undetectable FDI attacks are not the same. In node priority selection process, practical issues such as the cost of implementing protection processes and the challenges of budget limit must be considered. Therefore, we consider different priorities for buses, lines and areas in formulating the optimal protection problem based on their importance. Next, we propose a novel approach to find the protected meter set using weighted Steiner tree. In order to determine the importance of a node in the smart grid we use centrality measures.

Since we have buses with various roles and importance in a power system, the following assumptions are considered in modeling the network graph. The graph of power network is defined as \( G=(V,E) \) where V and E are the set of vertices and edges, respectively, with \(|V|=n\) and \( |E|=m \). The terminal nodes of Steiner tree denoted as \( K\subseteq V, |K|=k\). The importance of each bus in the network is modeled by a cost function \( \omega :V\longrightarrow R^{+} \). The most critical nodes have a value of 100, and the least valuable nodes have a value of 1. The criticality of a node is determined by centrality metrics as described in Section 5.3. Since we are dealing with terminal nodes of different values in the Steiner tree, our optimization problem must be modeled as a MWST problem. In other words we are formulating the state variables protection problem as a MWST \( T=(V_{T},E_{T}) \) problem with cost function \( \omega :V\longrightarrow R^{+} \) such that \( K\subseteq V_{T}\subseteq V \) and \( E_{T}\subseteq E\). The objective function is to find minimum cost Steiner tree, i.e. the tree that covers all the terminal nodes K and its total cost \(C=\sum {v\in V(T)\omega (v)}\) is minimized:

$$\begin{aligned} \underset{P\subseteq M}{\text {min}} C=\sum _{v\in V_{T}} \omega (v) \end{aligned}$$
(14)

It has been proved that solving (14) is an NP-hard problem [41].

5.2 Testing planarity of power network

As mentioned earlier, finding an optimal weighted Steiner tree is an NP-hard problem and there is no existing exact algorithm that solves this problem in polynomial time. But the problem of finding the minimum cost Steiner tree in a planar graph can be solved in polynomial time [42]. Therefore, we first test the planarity of power network using Boyer-Myrvold algorithm [43], to improve the performance of our proposed approaches in case of the planarity of the smart grid graph. If the graph is planar, protected node determination might be solved in polynomial time. Otherwise, we use edge-maximal planar subgraph detection algorithm to compute maximal planar subgraph [44]. The edge-maximal planar subgraph algorithm works as follows:

  1. 1)

    Compute spanning tree T on \( G=(V,E) \) and then initialize \( E(T)\longrightarrow E_{p} \).

  2. 2)

    For each \( e\in E\backslash E_{p} \) check whether \( (V,E_{p}\bigcup \{e\}) \) is planar or not.

  3. 3)

    If e exists in the new planar graph, then update \( E_{p}\bigcup \{e\} \).

  4. 4)

    Consider\( (V,E_{p}) \) as an edge-maximal planar subgraph of (VE) .

The Steiner tree obtained on this planar subgraph is a suboptimal solution for the original graph \( G=(V,E) \) [45].

5.3 Centrality criteria and weighting nodes

There are critical nodes in all networks that removing them makes the network vulnerable and may cause in cascading failure. A lot of works has been done to protect network nodes against FDI attacks so far, but considering varying node importance, which is a more realistic scenario, is not considered in any of them for determining the optimal protection strategy [8]. It is obvious that identification, monitoring and protection of critical nodes will improve the network reliability considerably. In case of having the full knowledge about the network structure, we may use social network metrics which are designed to measure the influence of different nodes in a large network [46]. The degree centrality, closeness centrality and betweenness centrality are three metrics that have been used widely in social network analysis [47]. In [48], the centrality metrics are used for power network analysis in order to determine the importance of nodes. Degree centrality is the simplest form of centrality in networks. Although this metric is simple, it is important for representing a node’s role in a network [49]. It is defined as:

$$\begin{aligned} C_{D}(k) =\frac{deg(k)}{n-1} \end{aligned}$$
(15)

where deg(k) is the degree of node k, i.e. the number of edges connected to k. Another centrality metric, which is usually used in smart grids, is electrical degree centrality which is considered as power flow in adjacent node links:

$$\begin{aligned} C_{D}^{E}(k)=\frac{\sum P_{kt}}{n-1} \end{aligned}$$
(16)

where \(P_{kt}\) is a power flow in connection line between node k and node t. Another social network centrality measure is closeness centrality, which is used as one of the most applied metrics. It is defined as the average of shortest paths between vertex k and all accessible vertices through it. It can be used to quantify the isolation of nodes in a network. In general, closeness centrality of vertex k in a network with n vertices is defined as:

$$\begin{aligned} C_{c}(k)=\frac{\sum \limits _{t\in V\backslash k}d(k,t)}{n-1} \end{aligned}$$
(17)

where d(kt) is the length of the shortest path between k and t. Some references use the inverse of the shortest path length to compute the closeness centrality [49]. In smart grids we usually define electrical closeness centrality based on the inverse shortest electrical path as follows:

$$\begin{aligned} C_{c_{Z}}(k)=\frac{n-1}{\sum \limits _{t\in V\backslash k}d_{Z}(k,t)} \end{aligned}$$
(18)

where \( d_{Z}(k,t) \) is the length of a shortest electrical path (lower impedance path) between vertices k and t. It is also common to normalize (18) as follow:

$$\begin{aligned} C_{c}^{E}(k)=\frac{1}{\sum \limits _{t\in V\backslash k}d_{i}(k,t)} \end{aligned}$$
(19)

where \( d_{i}(k,t) \) is the length of the shortest electrical path (lower impedance path) between k and all reachable vertices accessible from it. The betweenness centrality is another popular metric that is widely used in social network analysis. It shows number of the shortest paths in a network that passes through a specific node [46]. The betweenness centrality of vertex k is denoted by \( C_{B}(k) \) is computed using:

$$\begin{aligned} C_{B}(k)=\sum _{s=1}^{n}\sum _{t=1,t\ne s\ne k}^{n}\frac{\sigma _{st}(k)}{\sigma _{st}} \end{aligned}$$
(20)

where \( \sigma _{st} \) is the number of shortest paths from s to t and \( \sigma _{st}(k) \) is number of shortest paths from s to t that include k. For smart grids, betweenness centrality of vertex k is defined as follows:

$$\begin{aligned} C_{B}^{E}(k)=\sum _{s=1}^{n}\sum _{t=1,t\ne s\ne k}^{n}\frac{P_{st}(k)}{P_{st}} \end{aligned}$$
(21)

where \(P_{st} \) is the maximum power flow in the shortest path from s to t and \( P_{st}(k) \) is the maximum power flow input and output to vertex k in the shortest paths from s to t based on Kirchhoff law.

5.4 Proposed algorithms for finding protected meter measurements

In this section we propose three algorithms with different characteristics to determine the protected meter measurements based on the structure of smart grid graph. At first, we propose an efficient heuristic algorithm to find the minimum Steiner tree and the corresponding optimal protection set, which outperforms existing heuristic algorithms that are designed for this purpose. Then, to guarantee finding the optimal protection set, we propose an exact algorithm that finds the optimal solution. Finally, we propose an approximation algorithm, which guarantees to find a solution with a cost that is at most 1.39 times the cost of the optimal solution, and is much faster than the exact algorithm. In all approaches node weight and terminal set is determined based on betweenness centrality criteria.

5.4.1 Steiner tree heuristic (STH) algorithm

As we mentioned earlier, finding the optimal protection set of buses is equivalent to a minimum Steiner tree problem in the smart grid graph. The minimum Steiner tree problem is one of the most fundamental NP-hard problems that given a weighted undirected graph and a subset of terminal nodes, find a minimum-cost tree spanning the terminals. Since minimum Steiner tree problem is NP-hard, we propose a novel and efficient heuristic algorithm to determine the protected set of nodes.

In Algorithm  1, for \( n_{num} \) times, we consider a random ordering of terminals \(S_{term} \) and find the shortest path (\(P_{path}\)) between the root vertex and next vertex in \(S_{term}\), then add the path in the resulted graph. In order to prevent using the edges of this path in the next iterations of the algorithm, we make the weight of all these edges equal to zero. In this algorithm, \(V_{res}\) and \(R_{res}\) are the vertices and edges of the resulted Steiner tree, respectively. Note that the algorithm’s performance depends on the vertex ordering in \(S_{term}\), thus considering more orderings (i.e. larger \( n_{num} \)) will improve the result of the algorithm and the probability of finding optimal solution will increase.

figure a

5.4.2 Approximation approach for finding protected set of meter measurements

Although our simulation results show that STH performs very well in practice, but since it is a heuristic algorithm and does not provide any guarantee on the cost of the output solution, we also propose using an approximation algorithm for finding a minimum Steiner tree to extract the optimal protected set. Minimum Steiner tree problem is known to be APX-complete, even when the graph is complete and all edge costs are either 1 or 2. On the other hand, the problem admits a constant factor approximation algorithm.

In general, several different techniques have been proposed to design approximation algorithms for minimum Steiner tree problem, including a greedy approach that gives a 2-approximation algorithm, a local search approach which leads to an 11/6-approximation algorithm [50] and an iterative rounding approach to make a 1.39-approximation algorithm [51]. In this paper, we use the 1.39-approximation algorithm proposed in [51] which is the best known approximation algorithm for solving the minimum Steiner tree problem at the moment. This approximation algorithm is based on linear programming (LP) and iterative randomized rounding techniques. In this method we solve an LP-relaxation of the MSTP problem, possibly obtaining a non-integer solution. Then we iteratively round some LP variables and resolve the modified LP, until obtain an approximate solution to the original problem. The cost of the algorithm’s output is at most \( {\text{ln}}(4) + \epsilon < 1.39 \) times the cost of the optimal Steiner tree. Our approximation algorithm for finding the protected set of meter measurements is as follows:

figure b

The core of Algorithm 2 is based on an LP-relaxation known as the directed-component cut relaxation (DCR). As the size of the set of all directed-components is exponential, the authors of [51] restrict it to a set of directed components that contain at most k terminals \( C_{k} \). In Algorithm 2, Steiner tree initialization stage generates the k-DCR set \( C_{k} \) and initializes the LP. In [52], in order to generate \( C_{k} \), the Dreyfus-Wagner algorithm [53] is used for finding the optimal Steiner tree on each subset. Then, Steiner tree round condition stage selects one random directed-component C with probability \( {x_{C}}/{\sum \limits _{C^{'}\in C_{k}}x_{C^{'}}}\), connects terminals of C into its root, updates the metric distances, and reinitializes \( C_{k} \) and the LP (using Steiner tree initialization). In the following Steiner tree stop condition stage checks whether the number of remaining terminals is equal to 1 or not. Finally Steiner tree set solution stage joints the sets of Steiner vertices from directed-components selected in each phase and determines the optimum protected set of buses.

5.4.3 Exact algorithm for finding optimal protected set of buses

In this section, we present an exact algorithm which guarantees to find the optimal solution for protected set of nodes in an edge weighted graph and outperforms existing exact algorithms such as SVE [33] for solving this problem.

The algorithm computes a minimum-weight tree that is equivalent to real smart grid network and contains all the terminal nodes (the buses that must be protected). In exact algorithm, we used Dijkstra-Steiner algorithm [54] as the core technique that achieves a significantly better practical performance comparing to similar exact algorithms via pruning and future costs, a generalization of a well-known concept to speed up shortest path computations [54]. The algorithm matches the best known worst-case run time and has a fast practical performance on smart grid. Let (GcK) define the space of a Steiner tree problem, where G is the graph of smart grid network, \( c:E(G)\rightarrow {R}_{\ge 0} \) is the edge cost function, and K is a subset of terminal nodes, i.e. \( K\in T\) and T is the terminal set. Our exact algorithm for finding minimum cost protected set of buses is as follows:

figure c

In Algorithm 3, \( {T_{back}} \) is backtrack function and each label (vI) represents the best found Steiner tree for \( {\{v\}}\cup I \) at the current iteration. \( J\subseteq (K\backslash \{r_{0}\})\backslash I \) and the algorithm checks whether the Steiner tree for (vI) and (vJ) could be combined to make a tree for \( (v, I \cup J ) \) which leads to a better solution than the solution found in the previous iteration. \( b(v,I)\subseteq V(G)\times 2^{K\backslash r_{0}} \) is the backtracking data which is used to construct the Steiner tree represented by each label \( (v,I)\in V(G)\times 2^{R\backslash {r_{0}}} \). Finally, the valid lower bounds in (GcK) is a function \( {\mathcal {L}}:V(G)\times 2^{K}\rightarrow {R}_{0} \) defined as [54]:

$$\begin{aligned} {\left\{ \begin{array}{ll} {\mathcal {L}}(r_{0},\{r_{0}\})=0 \\ {\mathcal {L}}(v,I) = {\mathcal {L}}(w,I^{'})+smt((I\backslash I^{'})\cup \{v,w\}) \end{array}\right. } \end{aligned}$$
(22)

where \( v,w\in V(G) \) and \( r_{0}\subseteq I^{'}\subseteq I\subseteq K \). Also smt(X) is the cost of an optimal Steiner tree for the terminal set \( X \subseteq V(G) \).

Table 1 Characteristics of IEEE test cases
Full size table

6 Evaluation

Extensive simulation is performed to examine the efficiency of our proposed approaches against the FDI attacks. We use Matpower6 package [55] to build IEEE test case graphs, MatlabBGL4.0 library [56] for graph analysis and PAAL library [52] to implement the algorithms for solving the weighted Steiner tree problem. The following results obtained on a 2 GHz Intel Core i7 machine with 8 GB RAM. To evaluate the performance of the proposed approaches, IEEE test cases that are observable with respect to measurement placements are considered. Table 1 shows the characteristics of these test cases.

Table 2 Top 10 critical nodes based on betweenness centrality metric
Full size table

6.1 Finding critical nodes using centrality metrics

Regarding budget challenges, to protect smart grid network against the FDI attack realistically, node importance and stage progress strategy should be considered. Here, we determine the critical nodes for IEEE 30-bus, IEEE 57-bus and IEEE 118-bus test cases. Since the stability of a smart grid depends on the communication between different sections control system, we use betweenness centrality as an efficient metric to determine critical nodes [57]. Table 2 shows top ten critical nodes in IEEE test case based on betweenness centrality metric. The critical nodes are considered as terminals for the Steiner tree and have larger weights in the node weighted Steiner tree problem.

Fig. 1
figure 1

Protected set time cost

Full size image

6.2 Solving optimal protection problem

We simulated our three proposed algorithms along with SVE and TPH algorithms introduced in [33] as the reference methods for comparison. Figure 1 shows the time required to find the protected node set in three test cases, using each of these algorithms. One can observe that SVE algorithm which uses a brute force mechanism to find the optimal protected set takes a significant time for networks with more than 30 buses. For example, we estimate that the required time to find the optimal protection set in IEEE 118-bus using an ordinary processor is about a year. Among heuristic algorithms, our proposed STH algorithm is faster than TPH algorithm proposed in [33], while the cost of its output solution is also less than TPH. Figure 1 also shows that our exact algorithm which is based on Dijkstra-Steiner algorithm cannot find the optimal solution for IEEE 118-bus test case in a reasonable amount of time, but unlike SVE it is capable to reach the optimal solution for IEEE 57-bus test case, and is much faster than SVE in finding the optimal solution for IEEE 30-bus test case. Finally, note that though the our 1.39-approximation algorithm does not perform very well, but since, unlike the heuristic algorithms, it can provide a guarantee on the quality of the final solution, and runs faster than the exact algorithm, it might be preferable in some cases. Table 3 shows the cost of Steiner tree found by different proposed and existing algorithms. The cost of a Steiner tree is the total weight of the Steiner tree edges. It is observed that our proposed heuristic algorithm has a cost that is less than other methods.

Table 3 Cost comparison of Steiner trees found by different algorithms
Full size table

7 Conclusion

We analyzed the structure of the smart grid graph in order to formulate the FDI attack from a realistic point of view. To find the optimal set of nodes that must be protected against FDI attack in smart grids, we mapped the problem to a minimum Steiner tree problem in the smart grid graph. We used social network criteria to determine critical nodes as the terminal set in Steiner tree problem. We proposed three different algorithms to solve the problem of finding optimal protected set: a fast heuristic algorithm, a 1.39-approximation algorithm, and an efficient exact algorithm. Thorough simulation we showed that our heuristic and exact algorithms outperform reference algorithms proposed in [33]. In future we plan to focus on two main direction for completing the proposed initiatives: \(\textcircled {1}\) definition of the proposed methods for the AC estimation model; \(\textcircled {2}\) considering the real development methods based on prize collection Steiner tree problem-solving schemes for certain cost and prize. Using this, the network protection designers can calculate the optimal plan for a real network, taking into account the actual circumstances of the budget constraints and resource schedule.