FedPot: A Quality-Aware Collaborative and Incentivized Honeypot-Based Detector for Smart Grid Networks
Abdullatif Albaseer, Nima Abdi, Mohamed Abdallah, Marwa Qaraqe, Saif Alkuwari
TL;DR
The paper addresses secure, privacy-preserving intrusion detection in AMI by combining honeypot data with federated learning. It introduces FedPot, a quality-aware FL framework featuring data-quality metrics, two aggregation schemes (trust-based and untrust-based), a two-step verification process, and a Softmax-based reward design to incentivize high-quality contributions. Extensive experiments on BaIoT, IEC 104, and IEC MMS datasets demonstrate that FedPot outperforms traditional FedAvg, providing robust performance under both IID and non-IID conditions and in the presence of malicious participants. The work advances practical, incentive-aligned collaboration for SG security with potential applicability to other IIoT contexts.
Abstract
Honeypot technologies provide an effective defense strategy for the Industrial Internet of Things (IIoT), particularly in enhancing the Advanced Metering Infrastructure's (AMI) security by bolstering the network intrusion detection system. For this security paradigm to be fully realized, it necessitates the active participation of small-scale power suppliers (SPSs) in implementing honeypots and engaging in collaborative data sharing with traditional power retailers (TPRs). To motivate this interaction, TPRs incentivize data sharing with tangible rewards. However, without access to an SPS's confidential data, it is daunting for TPRs to validate shared data, thereby risking SPSs' privacy and increasing sharing costs due to voluminous honeypot logs. These challenges can be resolved by utilizing Federated Learning (FL), a distributed machine learning (ML) technique that allows for model training without data relocation. However, the conventional FL algorithm lacks the requisite functionality for both the security defense model and the rewards system of the AMI network. This work presents two solutions: first, an enhanced and cost-efficient FedAvg algorithm incorporating a novel data quality measure, and second, FedPot, the development of an effective security model with a fair incentives mechanism under an FL architecture. Accordingly, SPSs are limited to sharing the ML model they learn after efficiently measuring their local data quality, whereas TPRs can verify the participants' uploaded models and fairly compensate each participant for their contributions through rewards. Simulation results, drawn from realistic mircorgrid network log datasets, demonstrate that the proposed solutions outperform state-of-the-art techniques by enhancing the security model and guaranteeing fair reward distributions.