Combination ofD-AHPandGreyTheory for theAssessment of the Information Security Risks of Smart Grids

As a modern power infrastructure, smart grids have great advantages over traditional power grids, but their effective operation is largely restricted by information security. Hence, a smart grid information security risk assessment (ISRA) method is proposed. (is method combinesD numbers to improve the classical analytic hierarchy process (D-AHP) independent of experts’ subjective qualitative assessment and then integrated with grey theory which does not require complete and unambiguous information. First, we establish a smart grid ISRA system according to the characteristics and development reality of smart grid technology. (e proposed system includes 5 first-level indexes as an intelligent terminal, a wireless communication channel, password security, application code and embedded system, and corresponding 13 secondary indexes. Second, a D-AHP method aimed at the uncertainty of human subjective judgment and fuzziness of language assessment is used to obtain the weight of each index. (e D-AHPmethod is then combined with the grey assessment matrix solved by grey theory, to obtain the comprehensive assessment value and corresponding risk grade. With a smart grid demonstration project in Suzhou, China, as an example, an empirical study is carried out using expert scoring. (e comprehensive assessment risk value is 3.8199, and the corresponding risk level is moderate. (e results of this work could serve as a reference for the information security protection of smart grids.


Introduction
Smart grids are regarded not only as advanced grids but also as an advanced modern power infrastructure, which occupies an important strategic position in national transmission and distribution systems [1]. e National Institute of Standards and Technology (NIST) describes a smart grid as the integration of the traditional grid in the last century and the development of information and communication technology in this century [2]. As smart grids are complex systems, they are prone to attacks [3]. erefore, smart grid information security is particularly important. e reduction of information security risks to an acceptable level directly affects the stable and efficient operation of smart grids.
us far, scholars have mainly studied information security risks in various fields and have used different methods to evaluate them. In [4], a hierarchical model of threat identification and vulnerability identification is built for information security risk. However, because the analytic hierarchy process (AHP) relies on expert scoring, subjective uncertainty easily leads to the judgment matrix not satisfying the consistency test. e research in [5,6] contends that although grey theory can compensate for missing parameters and extract valuable information, it does not consider the uncertainty of the assessment values of parameters in the assessment process. In [7,8], the AHP is combined with fuzzy theory to estimate information security risk objectively. Fuzzy theory improves the accuracy of information security risk assessment (ISRA) to a certain extent. In [9], the ordered weighted averaging operator is used to assign subjectively strong and small values to a weak position, and group decision theory is introduced to improve the accuracy and objectivity of the risk assessment. In [10,11], the Bayesian network assessment model is improved by establishing and analyzing the relationship between elements; this approach shows great advantages in dealing with uncertain information. e AHP method is often combined with the technique for order preference by similarity to ideal solution (TOPSIS). In [12], the AHP-TOPSIS method extended with Pythagorean fuzzy sets is proposed and applied to information security risk analysis. However, this method relies too much on expert experience and fails to consider the influence between risk parameters. In [13], enterprise architecture management (EAM) is conducive to information system security risk management (ISSRM) and thereby establishes the EAM-ISSRM model. However, only the framework system is formed, and the risk is not calculated.
Hence, the current work proposes a method to improve the information security risk of smart grids by combining D-AHP and grey theory. D-AHP retains the clear hierarchical logic and simple calculation of the AHP algorithm, but the AHP algorithm cannot form subjective data with nonreal number uncertainty into a paired complementary judgment matrix due to differences in expert experiences. erefore, the preference relationship of D numbers is introduced to improve the AHP algorithm. e proposed method can deal with the assessment of uncertain (degree of preference) and incomplete (experts who do not give assessment opinions) information in multiattribute group decision making, thereby replacing the paired complementary judgment matrix that must exist in real numbers.
is method has been effectively applied to the field of enterprise management and engineering [14,15]. In addition, the method itself is constantly being improved and strengthened [16]. AHP methods are often used in conjunction with multiple methods [17][18][19][20].
Although D-AHP can restore objective facts, it still relies entirely on expert scoring. e subjective component still occupies a large proportion. Hence, quantitatively reflecting on the influence of subjective factors on results remains difficult. e whitening weight function in grey theory added to the D-AHP method can transform a qualitative problem into a quantified one. In other words, the whitening weight function in grey theory can be determined according to the actual background to quantitatively describe the degree of belongingness to a certain grey class (the degree of preference for different values within the value range of the grey class). erefore, this study aims to further improve the accuracy of smart grid ISRA by combining the D-AHP method with grey theory. e risk assessment value obtained with this combined model is intuitive and could serve as a scientific reference for avoiding the information security risk of smart grids. is paper is organized as follows: Section 2 constructs the smart grid information security risk index system, Section 3 presents the model that combines D-AHP and grey theory, Section 4 reports a case study, and Section 5 concludes the paper.

Construction of Smart Grid Information
Security Risk Index System 2.1. Smart Grid Concept. Smart grids are aimed at fully satisfying user demand for power and optimizing resource allocation. ey also help ensure the security, reliability, and economy of power supply while satisfying environmental protection constraints. Moreover, they are useful in ensuring power quality and adapting to the development of the power market. In sum, smart grids are used to realize reliable, economic, clean, and interactive power supply and valueadded services for users. Each country maintain its own definition of smart grids, as presented in Table 1.

Challenges of Smart Grids.
Changing from traditional power base to smart grid will bring great social and technical benefits [3]. It also changes from the single energy flow of traditional power grid to the bidirectional energy flow and information flow of smart grid ( Figure 1). Unlike traditional power grids, smart grids can maximize energy demand distribution, improve efficiency, minimize losses, and make large-scale renewable energy (such as solar and wind energy deployments) a reality [2]. Enhanced multi-energy transmission management and the intervention of intelligent management improve system recovery capabilities [24,25]. New areas of development often coexist with challenges. Smart grids are highly dependent on information and communication technology and are interconnected with the Internet. Hence, network security and privacy issues are inevitable. Each network layer and technology used may become possible targets, and thus, smart grids have a huge attack surface. For example, threats can use the network to access smart appliances through smart meters to steal user data.

Information Security Risk Index of Smart Grid.
On the basis of previous research [24,[26][27][28][29], we evaluate the concept of smart grids; select 5 first-level indexes and 13 second-level indexes of a smart terminal, wireless communication channel, password security, application code, and embedded system; and establish the information security risk indexes of smart grids ( Table 2). [30] is an improvement of D-S evidence theory [31] as it breaks through the deficiency of D-S evidence theory in expressing certain types of information. D numbers theory is based on the advantage of D-S evidence theory in dealing with uncertain information. It is no longer subject to the two conditions of a recognition framework; that is, it must be a mutually exclusive, holistic, and detailed set; and the sum of all propositions is equal to 1 ( Figure 2).

D Numbers eory. D numbers theory
In Figure 2, the lines in the graph represent the recognition framework (referred to as domain in D numbers), and the maximum length of a straight line is expressed as 1.
e length of the lines occupied by A, B, and C denotes the weight of the elements in the set. is uncertainty information representation method is defined as follows.
Definition 1 (see [31]). Let Ω be a finite nonempty set with mapping D formulated by where ∅ is an empty set and B is a subset of Ω. e elements in Ω need not be mutually exclusive; if B⊆Ω D(B) � 1, then the information in Ω is considered complete; if B⊆Ω D(B) ≠ 1, then the information in Ω is considered missing. By integrating new technologies of renewable energy, new material, new equipment, and advanced sensors; information technology; control technology; and energy storage, smart grids comprise a new-generation electric power system based upon the traditional power system. Smart grids have distinctive features, including highly interactive, informationized, and automized properties, which help to ensure the safe, reliable, economic, and efficient operation of the power grid. 2 e NIST defines a smart grid as the integration of the last century power grid with the current century development in information and communication technologies. 3 A smart grid is an upgraded electricity network to which two-way digital communication between suppliers and consumers, intelligent metering, and monitoring systems have been added. 4 Smart grids are electricity networks that can efficiently integrate the behavior and actions of all users connected to them, so as to effectively provide sustainable economic and safe electricity. 5 US Department of Energy Grid 2030: A smart grid is a fully automated power transmission network that can monitor and control each user and network node, thus ensuring the bidirectional flow of information and energy between all nodes in the transmission and distribution processes from power plants to end users.

Mathematical Problems in Engineering
If the discrete set is Definition 2 (see [31]).
where b i ∈ R, v i > 0, and n i�1 v i ≤ 1.
Example 1. Assume 10 experts scoring the two schemes. Of the 10 experts, 7 think that the probability of scheme 1 is Wireless communication protocol as self-security mechanism

Contactless interception
Enhanced security attributes of communication channels Security enhancement attributes (e.g., private, encrypted, and trusted) Password security [27] Password strength assessment Effectiveness of guessing or violent cracking Password usage mechanism assessment Cryptographic algorithm, protection mechanism, etc. Key distribution assessment Not accessed by others, regularly updated, etc.
Application code [28] Application code design Single responsibility principle, Liskov substitution principle, etc.
Application code development Sustainability, streamlining, timely bug correction, etc. Application code test Controllability, visibility, simplicity, etc.
Embedded system [29] Software layer Memory chip, software code, etc. Hardware layer Reliability, speed, processing power, etc.  Mathematical Problems in Engineering better than that of scheme 2 at 0.75, and 3 experts think that the probability of scheme 1 is better than that of scheme 2 at 0.8. e D numbers are expressed as

D Numbers Preference Relation.
Fuzzy preference relation is a commonly used method to compare and assign assessment samples. e decision matrix constructed can reflect the preference degree of assessment experts for specific schemes.
Definition 3 (see [32]). Suppose that set A consists of n assessment indexes. Set A � A 1 , A 2 , . . . , A n . Its fuzzy preference relation is as follows: If the cardinality of index A is small, then the fuzzy preference relationship can be expressed by matrix R � [r ij ] n×n , that is, where (a) r ij ≥ 0; However, the fuzzy preference relationship is not able to construct a reasonable preference matrix due to the incomplete or uncertain assessment information of experts.
e D preference relation proposed by [30] is an extension of fuzzy preference relation based on D numbers theory; it can solve the restriction of the use conditions of fuzzy preference relation and expand its application to the field of uncertain information. e corresponding matrix is called D numbers preference matrix or simply the D matrix.
Definition 4 (see [31]). Let set A � A 1 , A 2 , . . . , A n of assessment indexes exist, and let the preference relation of D number exist in the form of a matrix expressed as Take Example 1 as an example; it can be expressed as follows according to (10):

Constructing the Assessment Matrix.
According to the established assessment index system of information security risk in smart grids, the expert scoring method is used to organize n experts to refer to the assessment grade vector V to score each assessment index.
, and t is the number of risk levels; d (k) ij is the assessment value of the kth expert for the j th second-level index of the ith first-level index. e sample matrix D is as follows: Mathematical Problems in Engineering

Determining the Whitening Weight Function.
Whitening weight functions have three types that are used to construct the grey assessment matrix in grey statistics. e details are shown in Table 3.

Constructing the Grey Assessment
Matrix. Assume E grey classes according to the described problem. Let us determine the whitening weight function f e . For the secondlevel assessment index, the grey assessment coefficient of the grey class of the e (e � 1, 2, . . ., E) assessment is I (e) ij � n k�1 f e (d k ij ), the total assessment coefficient of the assessment grey is I ij � E e�1 I (e) ij , and the grey assessment weight vector of each assessment grey class is λ (e) ij � I (e) ij /I ij . In this way, the grey assessment weight matrix Λ of each secondary assessment index can be obtained.

Weight Calculation Model Based on D-AHP and Grey Theory
D numbers theory has been widely used in practical multiattribute group decision making because it can effectively describe and process uncertain information and integrate various expert assessment information into group assessment. Aiming toward the grey characteristics of smart grid ISRA with unclear connotation and extension and the assessment language with uncertain language and minimal data, we propose a weight calculation method that combines D-AHP and grey theory. e specific steps are as follows.
Step 1. Organize 10 review experts as an example. According to the smart grid ISRA indexes shown in Table 2, compare the importance and support of each index in terms of the D numbers preference relationship, and establish the D numbers preference matrix R D .
Step 2. Convert the D numbers preference matrix R D into a crisp matrix R C according to formula (4).
Step 3. Construct a probability matrix R P on the crisp matrix R C to represent the preference probability of the pairwise comparison index. e elements in the matrix are recorded as c ij , and the elements in the matrix R P are represented as p ij � Pr(A i ≻ A j ), ∀i, j ∈ 1, 2, . . . (iii) c ij + c ji < 1, c ij < 0.5, and c ji < 0.5; the unallocated preference is c up � 1 − (c ij + c ji ). e probability that one index is better than the other is Step 4. Calculate the sum of each row in the R P matrix, adjust the order of the row and column in R P according to the order of the sum of each row, and obtain the triangulation matrix R T P . Calculate whether the consistency ratio I.D. � n i�1 R T P (i, j), j < i/n(n − 1)/2 is within the acceptable range.
Step 5. e real number matrix R C is triangulated according to the triangulation matrix R T P , and the real number matrix R T C is obtained. If the elements in R T C meet the requirements of R T C (i, j) + R T C (j, i) < 1 (incomplete information), then R T C should be standardized further to obtain the normalized matrix R T C′ . e calculation formula is as follows: Step 6. Calculate the weight of each index according to the R T C (or R T C ′ ) matrix. λ refers to the credibility of the information invited by experts and is related to the cognition degree of experts in the field of problem assessment. e larger the value of λ is, the higher the credibility of the expert is. e specific value is as follows [33]: λ � ⌈ λ⌉ High information credibility, n Medium information credibility, n 2 2 Low information credibility.
Step 7. Determine the risk assessment grade vector V, invite experts to grade the second-level indexes, and construct the sample assessment matrix.
Step 8. Define the whitening weight function according to the assessment level, and calculate the total grey statistics of all secondary indexes and the weight vector of the grey assessment matrix.
Step 9. Calculate the comprehensive assessment vector H, H � W (weight vector obtained by D-AHP) × (grey assessment matrix obtained by grey statistics method), and the risk assessment value of smart grid information security Risk � H × V T .
According to the first scoring in Table 2, the expert establishes the D matrix represented by D numbers. Complete and incomplete information need to be subjected to the first five steps. e weight vector W of the D-AHP method is obtained in Step 6. e expert scores for the second time, performs Steps 7 and 8, and obtains the grey assessment matrix Λ of the grey method.
Step 9 is the fusion of the two methods to obtain the final smart grid ISRA value Risk. e overall flow chart of D-AHP and the grey method is shown in Figure 3.

Building the Index System.
To verify the scientific nature of this method in practice, we constructed an ISRA index system for smart power grids (Figure 4) according to the data in Table 2. We evaluate the information security risk of a smart grid in Suzhou, which is located in eastern China and the Pearl River Delta region ( Figure 5). e system comprises the following: intelligent terminal, wireless communication channel, password security, application code, and embedded system with five first-level indexes. e intelligent terminal has its own security, access security, data transmission security, etc.
e system is embedded with 13 second-level indexes. A total of 10 experts with relatively high credibility in scoring are invited.

Example Analysis.
Take the first-level index as an example. e weights of the intelligent terminal, wireless communication channel, password security, application code, and embedded system relative to the smart grid information security risk are calculated. Note that the indexes are all negative.
Step 1. e indexes are compared in pairs, and the D numbers preference matrix R D is established on the basis of the D numbers preference relation to represent the importance and support of each index.

(17)
Step 2. According to formula (4), D numbers preference matrix R D is transformed into a crisp matrix R C .

Mathematical Problems in Engineering
Step1: R D D matrix Step 4: R p T Triangular matrix Step 3: R p Probability matrix Step 8: Λ Grey evaluation matrix Step 6: W D-AHP weight Step 9: H and Risk Step 2: R C Crisp matrix Step 7: V Risk grade vector Yes λ value λ value Step 5: R T C Triangulared crisp matrix Step 5: R T C′ Triangulared crisp matrix  Hardware layer (C 52 ) Figure 4: Information security risk index system for smart grids.

Mathematical Problems in Engineering
Step 3. Construct probability matrix R P on the basis of R C .

(19)
Step 4. Calculate the sum of each row in the R P matrix, adjust the order of the row and column in R P according to the order of the sum of each row, and derive the triangulation matrix R T P .

(20)
Remove alternative WS. en, Remove alternative B 2 . en, Remove alternative B 1 . en, Remove alternative B 4 . en, Remove alternative B 5 . us, the ranking of alternatives is where ≻ only represents the priority of the order and has no mathematical meaning. Derive triangular matrix R T P .
Step 5. Triangulate real matrix R C according to triangulation matrixR T P , and obtain triangulation real matrix R T C . Mathematical Problems in Engineering Step 6. According to the experience of experts, determine λ, and calculate weight W. Obtain the values of W i and λ as follows: As most of the experts are university research scholars who do not have first-hand experience in professional smart grid research and given that their ability to learn and understand is higher than that of ordinary experts, taking λ � 5 information with a moderate level of credibility is appropriate. e obtained W is W 1 � 0.1892, W 2 � 0.2692, W 3 � 0.3232, W 4 � 0.1392, W 5 � 0.0792. e floating matrix ( Figure 6) is obtained. According to 17-(30), calculate the weight of each secondary index relative to the primary index, and obtain the final comprehensive weight W (Table 4). Obtain the comprehensive weight W � (0.0406, 0.0617, 0.0869, 0.1299, 0.1393, 0.1074, 0.1300, 0.0858, 0.0480, 0.0571, 0.0341, 0.0410, 0.0382), and draw the broken line statistical chart of comprehensive weight (Figure 7).
Step 7. Determine the risk assessment level vector V, invite experts to give a second score, and obtain the grey assessment matrix. According to the secondary assessment index, five experts are invited to score. e higher the score is, the higher the information security risk value of the smart grid is. 5, 4, 3, 2, and 1, respectively, represent very high, high, moderate, low, and extremely low. e scoring results are shown in Table 5. Take the secondary indexes C 11 , C 12 , and C 13 under the primary assessment index B 1 (intelligent terminal) as an example to form the sample assessment matrix D 1 .
According to the assessment level, the five whitening weight functions are defined as f 1 (x), f 2 (x), f 3 (x), f 4 (x), and f 5 (x). e function expression is as follows: Obtain the total assessment coefficient and grey assessment weight vector (Table 6), and the calculation process is shown in the supplementary material.
us, the final Risk � H × V T � 3.8199.

Result Analysis.
According to the broken line statistical chart of comprehensive weights obtained by D-AHP, we can intuitively conclude that C 13 -C 33 has a high weight value and a centralized distribution range. Hence, the risk value of this index is high under the information risk of the Suzhou smart grid in China. e indexes in this range are mostly related to wireless channels and passwords. is result shows that the Internet brings convenience but also increases the threat of information leakage and dangerous invasion. Network link channels and network security have become the fourth battlefield, following the battlefields in sea, land, and air. However, the risk values of the intelligent terminal, application code, and embedded system are relatively low. erefore, the hardware and software equipment is mature relative to the password and wireless channels in the research and development process. Moreover, the risk value is relatively low. e fusion of grey theory makes full use of limited information resources in the process of assessment and effectively avoids the phenomenon of information loss. From the five values of the grey assessment weight vector, we observe that the probability of the C 13 -C 33 index interval falling to 5 and 4 is significantly higher than that for the other indexes (except C 22 ). is outcome is basically consistent with the result of D-AHP and proves the scientificity of the D-AHP method.
Step 9 combines the D-AHP method with grey theory and obtains the comprehensive assessment vector H � (0.2956, 0.3281, 0.2803, 0.0928, 0.0032). By multiplying the comprehensive assessment vector H and V � (1, 2, 3, 4, 5) T , the final ISRA value of the Suzhou smart grid in China is obtained; that

Conclusions
e Internet has gradually penetrated the field of smart grids, but it has also brought new challenges to the information security of smart grids. To obtain the threat factors of information security in the field of smart grids, we established a smart grid ISRA system. e Suzhou smart grid project in China was taken as an example. Using grey theory and D-AHP, we conclude that a wireless communication channel B 2 and password security B 3 are important risk factors leading to the security of smart grid information.
e authentication mechanism, password security, and other factors are important indicators that affect the information security of smart grids. In guaranteeing smart grid information security so as to achieve safe and reliable smart grids, the following measures should be implemented: (i) Improve smart grid users' awareness about information security protection. Smart grid users are more diverse than the users of traditional power grids. Irregular smart grid use might lead to the leakage of users' personal information and threaten the smart devices in power systems. (ii) Strengthen the information security protection measures of smart grid users. e smart grid not only transmits electricity prices but also serves as a channel for buying and selling electricity. Hacker attacks on smart grids have greater economic benefits than those done on traditional grids. Forward-looking security encryption measures should be taken. (iii) Improve the safety supervision mechanism of smart grid information by relevant departments. Regulatory authorities should also consider working with the state grid, the government, and other collaborators to formulate strategies and further form a standard set of guidelines.
In this work, the D-AHP method, which does not rely on the subjective experience of experts, is combined with the grey method, which does not rely on complete information, to avoid the disadvantages of other methods that cannot express uncertain and insufficient information. e combination of the two methods not only retains their advantages but also verifies the results based on practical examples. e combination of the D-AHP method and grey theory method can be effectively used to evaluate the information security risk level of smart grids and improve the accuracy of dealing with problems. In the future, we can study the fusion of D-AHP and other methods and the consistency ratio I.D. problem in D-AHP.

Data Availability
e data used to support the findings of this study are included within the article.

Conflicts of Interest
e authors declare no conflicts of interest.

Authors' Contributions
Hua Dong was responsible for conceptualization, methodology, software, formal analysis, investigation, resources, data curation, writing-original draft preparation, and visualization. Hua Dong, Jun Zhao, and Kun Yang performed validation. Jun Zhao and Xiaoyu Yang performed reviewed and edited the article. Jun Zhao and Kun Yang supervised the study. Jun Zhao was responsible for project administration and funding acquisition. All authors have read and agreed to the published version of the manuscript.