Federated Spatiotemporal Graph Learning for Passive Attack Detection in Smart Grids

Abstract--Smart grids are exposed to passive eavesdropping, where attackers listen silently to communication links. Although no data is actively altered, such reconnaissance can reveal grid topology, consumption patterns, and operational behavior, creating a gateway to more severe targeted attacks. Detecting this threat is difficult because the signals it produces are faint, short-lived, and often disappear when traffic is examined by a single node or along a single timeline. This paper introduces a graph-centric, multimodal detector that fuses physical-layer (Channel State Information (CSI), Signal-to-Noise Ratio (SNR)) and behavioral (latency, Packet Error Rate (PER), event context) indicators over ego-centric star subgraphs and short temporal windows to detect passive attacks. T o capture stealthy perturbations, a two-stage encoder is introduced: graph convolution aggregates spatial context across ego-centric star subgraphs, while a bidirectional GRU models short-term temporal dependencies. The encoder transforms heterogeneous features into a unified spatio-temporal representation suitable for classification. Training occurs in a federated learning setup under FedProx, improving robustness to heterogeneous local raw data and contributing to the trustworthiness of decentralized training; raw measurements remain on client devices. The model achieves a testing accuracy of 98.32% per-timestep (F1 The results demonstrate that combining spatial and temporal context enables reliable detection of stealthy reconnaissance while maintaining low false-positive rates, making the approach suitable for non-IID federated smart-grid deployments. Smart grids [1] define new energy systems constructed on the notion of bidirectional communication between consumers and utilities. They enable the management of real-time data across distributed nodes. However, this open communication exposes the grid to significant risks of passive attacks, which pose a threat to privacy, trust, and stability [2].