Federated Spatiotemporal Graph Learning for Passive Attack Detection in Smart Grids

TL;DR

This work tackles passive eavesdropping threats in smart grids by proposing a privacy-preserving, federated, graph-based detector. It combines a graph convolutional network with a bidirectional GRU to form a spatiotemporal encoder that operates on ego-centric star subgraphs, fusing physical-layer signals and behavioral features. Training under FedProx preserves data locality while handling non-IID grid data, achieving per-timestep accuracy of 98.32% and per-sequence accuracy of 93.35% with an exceptionally low sequence false-positive rate of 0.15% on a synthetic, standards-informed dataset. The results demonstrate that spatial context plus temporal modeling enables reliable detection of subtle passive reconnaissance while maintaining strong privacy and scalability characteristics for real-world smart-grid deployments.

Abstract

Smart grids are exposed to passive eavesdropping, where attackers listen silently to communication links. Although no data is actively altered, such reconnaissance can reveal grid topology, consumption patterns, and operational behavior, creating a gateway to more severe targeted attacks. Detecting this threat is difficult because the signals it produces are faint, short-lived, and often disappear when traffic is examined by a single node or along a single timeline. This paper introduces a graph-centric, multimodal detector that fuses physical-layer and behavioral indicators over ego-centric star subgraphs and short temporal windows to detect passive attacks. To capture stealthy perturbations, a two-stage encoder is introduced: graph convolution aggregates spatial context across ego-centric star subgraphs, while a bidirectional GRU models short-term temporal dependencies. The encoder transforms heterogeneous features into a unified spatio-temporal representation suitable for classification. Training occurs in a federated learning setup under FedProx, improving robustness to heterogeneous local raw data and contributing to the trustworthiness of decentralized training; raw measurements remain on client devices. A synthetic, standards-informed dataset is generated to emulate heterogeneous HAN/NAN/WAN communications with wireless-only passive perturbations, event co-occurrence, and leak-safe splits. The model achieves a testing accuracy of 98.32% per-timestep (F1_{attack}=0.972) and 93.35% per-sequence at 0.15% FPR using a simple decision rule with run-length m=2 and threshold $τ=0.55$. The results demonstrate that combining spatial and temporal context enables reliable detection of stealthy reconnaissance while maintaining low false-positive rates, making the approach suitable for non-IID federated smart-grid deployments.

Figures (11)

• Figure 1: Empirical distributions of the CSI amplitude, SNR, Latency, and PER under normal operation and during passive attacks.
• Figure 2: FedProx-based federated learning framework for smart grid nodes. Local GCN--GRU training is performed at each client (Smart Meter, Gateway, DER, and SCADA), and model updates are aggregated by the central server through weight averaging.
• Figure 3: Hierarchical network structure aligned with IEEE smart grid communication standards.
• Figure 4: Raster plot showing per-node passive attack occurrences over a selected time window.
• Figure 5: Proposed federated multimodal graph-centric pipeline for passive attack detection in smart grids. Features are extracted from synthetic data, encoded via GCN and GRU layers, and trained under a federated learning setup with FedProx regularization.