Decentralized Federated Anomaly Detection in Smart Grids: A P2P Gossip Approach

TL;DR

This work tackles privacy and scalability challenges in Smart Grid intrusion detection by replacing centralized Federated Learning with a decentralised gossip-based Federated Learning (DFL) framework. It combines two gossip protocols, Random Walk and Epidemic, with a Transformer-Autoencoder (TAE) detector and DP-SIGNSGD gradient quantization to enable privacy-preserving, bandwidth-efficient learning across $K$ grid regions. Empirical evaluation on the MSU-ORNL PSA dataset shows a peak anomaly detection accuracy of about $0.942$ and a roughly $35\%$ reduction in training time compared to conventional FL, with Random Walk consistently outperforming Epidemic. The approach offers a scalable, robust pathway for collaborative SG security that mitigates central bottlenecks and adapts to network latency and stragglers, while maintaining data confidentiality.

Abstract

The increasing security and privacy concerns in the Smart Grid sector have led to a significant demand for robust intrusion detection systems within critical smart grid infrastructure. To address the challenges posed by privacy preservation and decentralized power system zones with distinct data ownership, Federated Learning (FL) has emerged as a promising privacy-preserving solution which facilitates collaborative training of attack detection models without necessitating the sharing of raw data. However, FL presents several implementation limitations in the power system domain due to its heavy reliance on a centralized aggregator and the risks of privacy leakage during model update transmission. To overcome these technical bottlenecks, this paper introduces a novel decentralized federated anomaly detection scheme based on two main gossip protocols namely Random Walk and Epidemic. Our findings indicate that the Random Walk protocol exhibits superior performance compared to the Epidemic protocol, highlighting its efficacy in decentralized federated learning environments. Experimental validation of the proposed framework utilizing publicly available industrial control systems datasets demonstrates superior attack detection accuracy while safeguarding data confidentiality and mitigating the impact of communication latency and stragglers. Furthermore, our approach yields a notable 35% improvement in training time compared to conventional FL, underscoring the efficacy and robustness of our decentralized learning method.

Figures (6)

• Figure 1: An illustrative comparison between conventional Federated Learning (FL) and Decentralized Federated Learning (DFL) provides insight into their fundamental differences and operational paradigms.
• Figure 2: A visual representation of our proposed DFL-based anomaly detection power system model. An intuitive workflow of our proposed framework is as follows: 1) Model initialization on each participating node. 2) Local training of models on each node. 3) After training, each node sends its local model updates to peers throughout the network. 4) After receiving model updates from its peers, each node aggregates these updates with its own local model parameters. 5) The steps 2-4 are repeated until model maturity is achieved.
• Figure 3: An overview of our anomaly detection module accompanied by an illustration of an input vector undergoing the anomaly detection process. It consists of three elements: 1) encoding phase, 2) latent representation phase and 3) decoding phase.
• Figure 4: Comparison of confusion matrices for Epidemic (above) and RandomWalk (below) pertaining to a single data file evaluated using our proposed DFL approach. Upon analyzing the occurrences of false positives and false negatives, it becomes evident that Random Walk gossip DFL outperforms Epidemic gossip DFL approach.
• Figure 5: Comparative Analysis of the performance of our two proposed gossip-based DFL approaches against a conventional FL solution over the 15 data files of the MSU-ORNL dataset. Notably, the results indicate the superiority of Random Walk Gossip-based DFL solution against other setups.