Decentralized Multi-Agent Swarms for Autonomous Grid Security in Industrial IoT: A Consensus-based Approach
Samaresh Kumar Singh, Joyjit Roy
TL;DR
This work addresses the latency, resilience, and bandwidth challenges of traditional centralized IIoT security by introducing DMAS, a decentralized swarm of edge-enabled AI agents that perform real-time threat detection and mitigation. Central to DMAS is the Consensus-based Threat Validation (CVT) protocol, a lightweight, Byzantine-tolerant consensus mechanism that leverages weighted peer voting and proximity awareness to achieve sub-millisecond consensus. In a 2000-device testbed, DMAS delivers 0.85 ms response times and 97.3% detection accuracy (87% for zero-day), while reducing network bandwidth by 89% and tolerating up to 30% Byzantine agents; these results significantly surpass cloud-based and single-edge baselines. The approach offers practical deployment advantages, scalability, and robust security for Industry 4.0, with open-source availability and potential applicability to broader domains such as smart grids and smart cities.
Abstract
As Industrial Internet of Things (IIoT) environments expand to include tens of thousands of connected devices. The centralization of security monitoring architectures creates serious latency issues that savvy attackers can exploit to compromise an entire manufacturing ecosystem. This paper outlines a new, decentralized multi-agent swarm (DMAS) architecture that includes autonomous artificial intelligence (AI) agents at each edge gateway, functioning as a distributed digital "immune system" for IIoT networks. Instead of using a traditional static firewall approach, the DMAS agents communicate via a lightweight peer-to-peer protocol to cooperatively detect anomalous behavior across the IIoT network without sending data to a cloud infrastructure. The authors also outline a consensus-based threat validation (CVT) process in which agents vote on the threat level of an identified threat, enabling instant quarantine of a compromised node or nodes. The authors conducted experiments on a testbed that simulated an innovative factory environment with 2000 IIoT devices and found that the DMAS demonstrated sub-millisecond response times (average of 0.85ms), 97.3% accuracy in detecting malicious activity under high load, and 87% accuracy in detecting zero-day attacks. All significantly higher than baseline values for both centralized and edge computing. Additionally, the proposed architecture can prevent real-time cascading failures in industrial control systems and reduce network bandwidth use by 89% compared to cloud-based solutions.
