Table of Contents
Fetching ...

Decentralized Multi-Agent Swarms for Autonomous Grid Security in Industrial IoT: A Consensus-based Approach

Samaresh Kumar Singh, Joyjit Roy

TL;DR

This work addresses the latency, resilience, and bandwidth challenges of traditional centralized IIoT security by introducing DMAS, a decentralized swarm of edge-enabled AI agents that perform real-time threat detection and mitigation. Central to DMAS is the Consensus-based Threat Validation (CVT) protocol, a lightweight, Byzantine-tolerant consensus mechanism that leverages weighted peer voting and proximity awareness to achieve sub-millisecond consensus. In a 2000-device testbed, DMAS delivers 0.85 ms response times and 97.3% detection accuracy (87% for zero-day), while reducing network bandwidth by 89% and tolerating up to 30% Byzantine agents; these results significantly surpass cloud-based and single-edge baselines. The approach offers practical deployment advantages, scalability, and robust security for Industry 4.0, with open-source availability and potential applicability to broader domains such as smart grids and smart cities.

Abstract

As Industrial Internet of Things (IIoT) environments expand to include tens of thousands of connected devices. The centralization of security monitoring architectures creates serious latency issues that savvy attackers can exploit to compromise an entire manufacturing ecosystem. This paper outlines a new, decentralized multi-agent swarm (DMAS) architecture that includes autonomous artificial intelligence (AI) agents at each edge gateway, functioning as a distributed digital "immune system" for IIoT networks. Instead of using a traditional static firewall approach, the DMAS agents communicate via a lightweight peer-to-peer protocol to cooperatively detect anomalous behavior across the IIoT network without sending data to a cloud infrastructure. The authors also outline a consensus-based threat validation (CVT) process in which agents vote on the threat level of an identified threat, enabling instant quarantine of a compromised node or nodes. The authors conducted experiments on a testbed that simulated an innovative factory environment with 2000 IIoT devices and found that the DMAS demonstrated sub-millisecond response times (average of 0.85ms), 97.3% accuracy in detecting malicious activity under high load, and 87% accuracy in detecting zero-day attacks. All significantly higher than baseline values for both centralized and edge computing. Additionally, the proposed architecture can prevent real-time cascading failures in industrial control systems and reduce network bandwidth use by 89% compared to cloud-based solutions.

Decentralized Multi-Agent Swarms for Autonomous Grid Security in Industrial IoT: A Consensus-based Approach

TL;DR

This work addresses the latency, resilience, and bandwidth challenges of traditional centralized IIoT security by introducing DMAS, a decentralized swarm of edge-enabled AI agents that perform real-time threat detection and mitigation. Central to DMAS is the Consensus-based Threat Validation (CVT) protocol, a lightweight, Byzantine-tolerant consensus mechanism that leverages weighted peer voting and proximity awareness to achieve sub-millisecond consensus. In a 2000-device testbed, DMAS delivers 0.85 ms response times and 97.3% detection accuracy (87% for zero-day), while reducing network bandwidth by 89% and tolerating up to 30% Byzantine agents; these results significantly surpass cloud-based and single-edge baselines. The approach offers practical deployment advantages, scalability, and robust security for Industry 4.0, with open-source availability and potential applicability to broader domains such as smart grids and smart cities.

Abstract

As Industrial Internet of Things (IIoT) environments expand to include tens of thousands of connected devices. The centralization of security monitoring architectures creates serious latency issues that savvy attackers can exploit to compromise an entire manufacturing ecosystem. This paper outlines a new, decentralized multi-agent swarm (DMAS) architecture that includes autonomous artificial intelligence (AI) agents at each edge gateway, functioning as a distributed digital "immune system" for IIoT networks. Instead of using a traditional static firewall approach, the DMAS agents communicate via a lightweight peer-to-peer protocol to cooperatively detect anomalous behavior across the IIoT network without sending data to a cloud infrastructure. The authors also outline a consensus-based threat validation (CVT) process in which agents vote on the threat level of an identified threat, enabling instant quarantine of a compromised node or nodes. The authors conducted experiments on a testbed that simulated an innovative factory environment with 2000 IIoT devices and found that the DMAS demonstrated sub-millisecond response times (average of 0.85ms), 97.3% accuracy in detecting malicious activity under high load, and 87% accuracy in detecting zero-day attacks. All significantly higher than baseline values for both centralized and edge computing. Additionally, the proposed architecture can prevent real-time cascading failures in industrial control systems and reduce network bandwidth use by 89% compared to cloud-based solutions.
Paper Structure (55 sections, 2 theorems, 8 equations, 8 figures, 3 tables)

This paper contains 55 sections, 2 theorems, 8 equations, 8 figures, 3 tables.

Key Result

Theorem 1

When assuming all agents communicate synchronously, with $n > 3f$, where $f$ is the number of Byzantine agents in the system, CVT will reach agreement in a fixed number of messages ($O(1)$).

Figures (8)

  • Figure 1: DMAS three-layer architecture: (1) Optional Cloud Infrastructure for threat intelligence and model updates; (2) Decentralized AI Agent Layer with edge gateways containing monitoring, scoring, consensus, and response modules; (3) IIoT Device Layer with PLCs, SCADA, cameras, and sensors. Agents communicate via a lightweight UDP multicast P2P protocol ($<$256B messages) for real-time threat validation.
  • Figure 2: Flow chart of CVT, which illustrates the 4 phases of the protocol: Detection; Voting; Aggregation; Response Execution. Agents achieve consensus using a Weighted-Voting mechanism to determine their threat score and Historical Accuracy.
  • Figure 3: Comparison of average response times across various architectures. DMAS has average response times of under 1 millisecond (0.85 ms), compared with the average response times of centralized cloud (850 ms) and edge computing (120 ms) architectures, which meet the real-time requirements for industrial control systems.
  • Figure 4: (a) Network Load vs. Detection Accuracy & (b) False Positive Rate of Detection. DMAS can maintain both high detection accuracy (97.3%) and a low false-positive rate (3.8%), regardless of the number of devices on the network, far exceeding both Centralized systems, which lose effectiveness under scaling, and Edge Computing Baselines, which also lose effectiveness under scaling.
  • Figure 5: Consensus Convergence Time vs. Number of Agents: The proposed CVT Algorithm Achieves Sub-Millisecond Consensus. The CVT algorithm achieves sub-millisecond consensus (0.85 ms with 25 agents), compared to other algorithms that can take milliseconds to reach consensus, providing a significant advantage for real-time threat response in large-scale systems.
  • ...and 3 more figures

Theorems & Definitions (4)

  • Theorem 1
  • proof
  • Theorem 2
  • proof : Proof Sketch