Robust Cyber Threat Intelligence Sharing Using Federated Learning for Smart Grids

Given the escalating diversity, sophistication, and frequency of cyber attacks, it is imperative for critical infrastructure entities, e.g. smart grids, to recognize the inherent risks of operating in isolation. Sharing cyber threat intelligence (CTI) helps them stand together and build a collective cyber defense by knowledge, skills, and experience encompassing information related to identifying and evaluating cyber and physical threats. The present studies lack on robust CTI sharing strategies in smart grid systems. To address the critical need for secure and effective CTI sharing in smart grid systems, this article proposes a novel approach. Our solution leverages encrypted federated learning (FL) with integrated malicious client detection mechanisms. This approach facilitates collaborative learning of a threat detection model while preserving the privacy of raw CTI data. Employing real-world, heterogeneous smart grid datasets, we rigorously evaluated our approach under two distinct attack scenarios. The results demonstrate resilience against both man-in-the-middle attacks and malicious clients, exceeding the performance typically observed in traditional FL models.