To address the challenges of data silos, privacy sensitivity, and over-reliance on centralized infrastructure in anomaly detection for smart grids, this paper proposes a decentralized federated anomaly detection framework. The framework eliminates the central aggregator and introduces a novel dual-gossip protocol—integrating Random Walk and Epidemic mechanisms—to enable peer-to-peer collaborative model updates. Coupled with a differential privacy enhancement, it ensures strict data locality while effectively mitigating model inversion and update leakage risks. Evaluated on a real-world industrial control system dataset, the framework achieves higher detection accuracy than conventional federated learning, reduces training time by 35%, incurs lower communication overhead, and demonstrates superior robustness against node stragglers and network delays.

The increasing security and privacy concerns in the Smart Grid sector have led to a significant demand for robust intrusion detection systems within critical smart grid infrastructure. To address the challenges posed by privacy preservation and decentralized power system zones with distinct data ownership, Federated Learning (FL) has emerged as a promising privacy-preserving solution which facilitates collaborative training of attack detection models without necessitating the sharing of raw data. However, FL presents several implementation limitations in the power system domain due to its heavy reliance on a centralized aggregator and the risks of privacy leakage during model update transmission. To overcome these technical bottlenecks, this paper introduces a novel decentralized federated anomaly detection scheme based on two main gossip protocols namely Random Walk and Epidemic. Our findings indicate that the Random Walk protocol exhibits superior performance compared to the Epidemic protocol, highlighting its efficacy in decentralized federated learning environments. Experimental validation of the proposed framework utilizing publicly available industrial control systems datasets demonstrates superior attack detection accuracy while safeguarding data confidentiality and mitigating the impact of communication latency and stragglers. Furthermore, our approach yields a notable 35% improvement in training time compared to conventional FL, underscoring the efficacy and robustness of our decentralized learning method.