*4.2. DC State Estimation*

By using the generated data, the DC state estimation, which was made by applying the DC assumptions, was implemented for the detection of simple and stealth attacks. For the simulations, the attacks were done according to a certain method, and that method was adopted in the whole manuscript wherever the attacks were made. For a complete day, 25% of the measurement vectors were considered as attacks, i.e., the attacks were made in the measurement vectors at six different instances. The choice of instances was made randomly to make it generalized. In 50% of the measurement vectors chosen for attacks, simple attacks were done. However, stealth attacks were made in the remaining 50% of the measurement vectors that were randomly chosen to be attacked. To create the simple attacks, the attack vector was constructed in such a way that at a particular instant, any value of power was randomly chosen between 0.5% of the maximum value and 0.5% of the minimum value of power at that instant. In the case of stealth attacks, the Jacobian matrix was first constructed and then the Jacobian matrix was multiplied with a vector **c** to make the attack vector. The values of vector c were selected randomly between −1 and 1 such that it had zero mean and a variance of 2. The attack vector was added to the measurement vector to make the attack. The results of the DC state estimation are shown in Figures 2 and 3. Three types of measurements are shown in Figure 2, namely, safe measurements, simple attack measurements, and the measurements for a stealth attack. A safe zone based on the threshold is also shown in the figure. The measurements outside the safe zone are considered as attacked. The results show that the safe measurement points were present in the safe zone and points of simple attacks were outside the zone. However, measurements affected by stealth attacks are also found in the safe zone, i.e., they are declared as safe by the DC state estimation. They should have to appear outside the safe zone. Therefore, DC SE is not capable of detecting stealth FDI attacks. Similarly, Figure 3 also shows the results of DC state estimation in the form of a bar graph. The residue was calculated for every measurement and the difference of that residue from the threshold is plotted along the vertical axis. For a safe measurement, the value of the difference should be positive, as the residue of that measurement should be less than the threshold. In the graph, the safe measurements are labeled with 1, measurements of simple attacks are labeled with 0, and stealth-attacked measurements are labeled with −1. The results show that the safe measurements and stealth-attacked measurements had positive values of difference. However, the value of the difference was negative for simple attacks. This means that the simple-attacked measurements were termed as attacked by the DC state estimation but measurements having stealth attacks were considered safe. Therefore, simple attacks were detected by the DC state estimation, but stealth attacks bypassed detection.

**Figure 2.** Categorization of safe measurements, simple attacks, and stealth attacks based on the threshold in a DC SE.

**Figure 3.** The results of a DC SE for simple and stealth attacks in the form of a bar graph.
