Privacy-Preserving Machine Learning for IoT-Integrated Smart Grids: Recent Advances, Opportunities, and Challenges

Abstract

Ensuring the safe, reliable, and energy-efficient provision of electricity is a complex task for smart grid (SG) management applications. Internet of Things (IoT) and edge computing-based SG applications have been proposed for time-responsive monitoring and controlling tasks related to power systems. Recent studies have provided valuable insights into the potential of machine learning algorithms in SGs, covering areas such as generation, distribution, microgrids, consumer energy market, and cyber security. Integrated IoT devices directly exchange data with the SG cloud, which increases the vulnerability and security threats to the energy system. The review aims to provide a comprehensive analysis of privacy-preserving machine learning (PPML) applications in IoT-Integrated SGs, focusing on non-intrusive load monitoring, fault detection, demand forecasting, generation forecasting, energy-management systems, anomaly detection, and energy trading. The study also highlights the importance of data privacy and security when integrating these applications to enable intelligent decision-making in smart grid domains. Furthermore, the review addresses performance issues (e.g., accuracy, latency, and resource constraints) associated with PPML techniques, which may impact the security and overall performance of IoT-integrated SGs. The insights of this study will provide essential guidelines for in-depth research in the field of IoT-integrated smart grid privacy and security in the future.

1. Introduction

1.1. Background and Importance of Smart Grids (SGs)

Power systems have become essential components of daily life, supporting various activities across households and commercial and industrial sectors. As technology advances and industries transition to Industry 4.0, along with the development of digital twins, the need for a reliable and uninterrupted electricity supply has become paramount [1]. The integration of renewable energy sources, electric vehicles, and smart home systems into smart grids necessitates the installation of smart energy devices at various points in the network. Such integration aims to make the grid intelligent, resilient, scalable, secure, and robust. Additionally, information and communication technologies play a crucial role in monitoring and controlling the reliability, stability, security, and efficiency of the power grid to meet the varying demands of prosumers and distributed renewable energy generation [2].

1.2. Role of IoT in SGs: Opportunities and Challenges

Smart grids involve two-way communication to effectively balance the supply and demand for the reliable provision of power. The Internet of Things (IoT) consists of smart devices distributed across a wide area of the network, connected via the Internet. IoT devices play a crucial role in real-time data collection and facilitate communication between service providers and consumers to support various grid activities, such as monitoring energy consumption, providing tariff information, aiding in decision-making, managing grid operations, controlling power distribution, and localizing faults [3]. The digital transformation of the traditional power grid into a smart grid requires the utilization of IoT-based technologies to collect the node’s data and compute the ML algorithm for related grid tasks [4].

1.3. Need for Privacy-Preserving Machine Learning (PPML) in SGs

The integration of IoT into the power system enhances the intelligence with a risk of potential attacks that could disrupt grid operations, compromise energy trading, leak sensitive consumer information, inject false data into power consumption, and interrupt transactive energy processes [5,6]. Various studies have explored these vulnerabilities and suggested several solutions, including machine learning [7], artificial intelligence [8], blockchain technology [9], and robust authentication systems [10]. Tomin et al. [11] systematically demonstrated the applicability of machine learning techniques for power system security assessment, identifying vulnerabilities and improving decision-making processes within traditional grid infrastructures. IoT technologies have the potential to modernize traditional grids and address challenges associated with smart grids by utilizing machine learning algorithms. However, the widespread deployment of IoT devices throughout the intelligent power system exposes them to privacy and security risks. Monitoring all devices in real time presents a significant challenge and can be costly. Moreover, the big data business model enables the collection of data from edge devices at the physical layer, providing insights that facilitate monetization opportunities for utilities, third-party services, and consumers at the application and user inference layer [12].

1.4. Objectives and Contributions

Internet of Things provides innovative opportunities for power systems to sense, communicate, collect, instruct, operate, process, and make decisions based on an immense amount of data. However, privacy and security issues have become more concerning due to the large number of nodes spread across the smart grid network. Privacy-preserving machine learning (PPML) techniques have been employed in various smart systems, including smart health, smart industry, smart finance, smart cities, and smart grids. The primary aim of this comprehensive study is to explore these PPML solutions within the energy sector. This survey intends to support researchers, practitioners, energy experts and policymakers by providing valuable insights about challenges associated with integrating privacy-preserving intelligence and security within evolving smart grid ecosystems.

The existing literature includes a detailed survey on the structure, protocols, and vulnerabilities of IoT-integrated smart grids [3], while few studies primarily focused on individual PPML techniques addressing privacy concerns in specific applications [13]. Baksh, R. et al. [14] reviewed various attack types and discussed authentication and anonymization as potential mitigation approaches for smart meters, albeit with limited coverage of comprehensive PPML solutions. Cui, L. et al. [15] examined different types of false data-injection attacks that threaten data integrity, confidentiality, and authority across various data sources in power systems, emphasizing conventional machine learning and deep learning methods for anomaly detection. Mirzaee, P. H. [8] provided a broad survey on privacy and security challenges in smart grids, discussing countermeasures, including some PPML techniques analyzed in this work. Similarly, Triantafyllou, A. et al. [16] explored cryptographic and non-cryptographic techniques to safeguard consumer privacy, focusing on consumption data, billing, appliance usage, and user profiling. Existing surveys such as [3] provide a broad discussion of IoT integration in smart grids; they mainly focus on communication frameworks, general architectures, and security overviews. In contrast, this work offers a targeted review of PPML methods and their specific applications within IoT-enabled smart grids. The study systematically analyzes how emerging PPML techniques have being leveraged to safeguard user data across critical applications such as non-intrusive load monitoring, anomaly detection, and energy trading. Furthermore, the survey identifies technical challenges, provides insights into current frameworks and datasets, and highlights research gaps to guide future advancements.

The research survey provides a more holistic perspective by addressing both privacy and security threats in IoT-based smart grids. It presents a detailed review of both cryptographic and non-cryptographic PPML techniques applied across multiple smart grid domains. Furthermore, this work systematically examines technical parameters, relevant datasets, commonly used frameworks and libraries, as well as the opportunities and challenges associated with integrating PPML into IoT-driven smart grids. To ensure a comprehensive survey, the review conducted a structured literature search of the all the mentioned keywords of the study and their combinations across multiple reputable databases, including IEEE Xplore, ScienceDirect, SpringerLink, MDPI, and Wiley. It focuses on the titles and abstracts, followed by a full-text review of peer-reviewed journal articles, conference proceedings, and survey papers published between 2015 and 2025.

1.5. Paper Organization

The organization of the review paper is structured as follows: Section 2 provides an overview of the smart grid architecture and its key components, followed by a subsection on the role of IoT and data flows in IoT-based smart grids. Section 3 details the potential security and privacy threats associated with IoT-based smart grids. In contrast, Section 4 discusses privacy-preserving machine learning methods as mitigation tools for these threats. In Section 5 and Section 6, the study explores the application areas, opportunities, and challenges related to privacy-preserving machine learning in IoT-enabled smart grids. Section 7 addresses open challenges and future directions, concluding with the final section, Section 8.

2. Smart Grid Architecture

Traditional grids are limited to centralized network, one-way power flow, limited control, manual operations, and electromechanical technologies [17]. Information and communication technology (ICT) transforms it into digital technology, distributed networks, two-way communication, remote operations, pervasive control, and self-healing restoration properties.

2.1. Key Components of Smart Grids

The Internet of Things (IoT) plays a crucial role in enhancing smart grid operations, covering every aspect from electricity generation to end-user consumption and energy-storage systems. IoT technology is integral in various areas, including power generation, microgrids, transmission networks, distribution systems, energy storage, consumer interfaces, and smart meters.

• Power Generation: In the realm of energy generation, IoT aids in analyzing energy production, monitoring distributed energy resources, assessing harmful gas emissions, understanding consumption patterns, predicting energy needs, managing power connections, and coordinating large-scale storage solutions.
• Transmission and Distribution Systems: To ensure the smooth transmission of power from generators to consumers, IoT devices monitor power flow, detect faults, assess the condition of transmission towers, manage substations, and oversee equipment services. At the distribution end, IoT significantly contributes to distributed energy forecasting, load management, demand response, electric vehicle (EV) integration, and enhancing energy efficiency.
• Prosumer End: Energy-storage systems help balance power supply and demand during periods of intermittent renewable energy generation. IoT facilitates user interaction in bidirectional grid operations, allowing smart meters to collect data, encourage demand-side participation, manage EV charging schedules, and integrate distributed energy resources (DERs) such as solar power and battery storage at the consumer level.

2.2. IoT Adaptation in Smart Grids

The adaptation of IoT technology has been widely considered at all levels of the electrical grid, including generation, distribution, and consumption. Common IoT devices include sensors, smart meters, Phasor Measurement Units (PMUs), and Advanced Metering Infrastructure (AMI), which facilitate real-time monitoring, control, and balancing of power supply and demand. These devices aid in power flow analysis, state estimation, energy pricing, energy efficiency, and anomaly detection. IoT is integral to data acquisition, processing, transmission, and storage. In smart home energy-management systems and energy markets, IoT devices communicate data to support price-based and incentive-based demand response programs.

2.3. Data Flow: From Edge to Cloud

The architecture of an IoT-based smart environment consists of four layers: physical, network, management, and application. The physical layer includes smart devices that collect data relevant to energy applications. The network layer comprises communication channels that transmit the collected data to the cloud services associated with the management layer. Finally, the cloud handles data analysis, control, and operation of energy networks, which interface with end-users in the application or service layer.

3. Types of Possible Threats in IoT-Based Smart Grids

Integrating IoT technology increases smart grid intelligence and efficiency; however, there are many security issues. The system is highly dynamic and complicated because of the interconnection of IoT devices, and even one weakness [18] might compromise the entire network. This section covers attacks on data, devices, and physical infrastructures and demonstrates how vulnerabilities in smart grids can lead to large-scale disruptions, such as power outages or grid instability, and exploitation of IoT applications.

Threats to smart grids can be classified into four groups: physical threats, network threats, environmental threats, and cyber threats. Physical threats to power systems include unauthorized threats to physical systems or accessibility, while environmental threats are caused by nature, such as extreme heat, extreme cold conditions, or natural disasters. Eavesdropping, traffic inference, and systems access gain are examples of network attacks. However, cyber threats can happen deliberately or unknowingly. Deliberate attacks aim to gain unauthorized access, cause harm, and disrupt system principles [19,20]. Attacks caused by end users who have less knowledge of cyber security issues are unconscious attacks. Usually, these users are manipulated by mal-intended attackers and cause disasters unknowingly. Based on the intent, security attacks are classified into two types: passive and active attacks. The goal of passive attacks is to acquire the transmitted data to discover the architecture, configuration, and typical behavior of the system. Since the data stay unchanged, it is challenging to identify such attacks. Active attacks alter the transmitted data to affect the system operations, which results in the CIA (confidentiality, integrity, and availability) principle [20]. These attacks are destructive and can cause massive loss of sensitive data, systems, or the organization’s reputation.

3.1. Cyber Security Threats

A smart grid consists of multiple systems, where compromising a single system can affect the whole network. The recent integration of advanced technologies into this field comes with cyber threats. Attackers can be amateurs, professionals, or upset employees, and their goals range from cyber warfare, industrial espionage, economic reasons, terrorism, etc. These attacks are classified according to their targets and impacts [20]. The grid is vulnerable to cyber attacks such as malware attacks, man-in-the-middle, and denial-of-service (DoS), as it relies on smart meters, sensors, and networked equipment. Malicious actors may target weaknesses in communication networks, protocols, and legacy systems, which lead to consumer data breaches, disrupt energy delivery [21], or even endanger national security.

The power industry has multiple attack points across its generation, transmission, and distribution systems. Attackers use generation to exploit SCADA (Supervisory Control and Data Acquisition) systems, local control networks, and numerical relays, which lead to system instability or equipment damage. Transmission systems are vulnerable to false data-injection attacks, compromised networks, and manipulated power flow in devices. Distribution systems are prone to remote disconnection, illegal data access, and tampering, which disrupt the flow of operations and customer privacy [21,22]. Comprehensive security measures are needed to eradicate these threats and strengthen the grid against changing threats.

Traditional smart grid control systems primarily relied on centralized SCADA architectures, featuring structured communication protocols and centralized monitoring with relatively fewer entry points for attackers. The integration of IoT technologies into smart grids has significantly expanded the attack surface. IoT devices introduce new vulnerabilities due to their heterogeneous hardware, wireless communications, resource constraints, and dynamic networking [23]. Attacks such as botnet infections, device spoofing, firmware tampering, and side-channel attacks have become more prevalent with the proliferation of IoT endpoints [24,25]. While several cyber attacks (e.g., MITM, DoS) are equally applicable to both SCADA and IoT environments, their frequency, ease of execution, and impact are magnified in IoT-integrated smart grids [3]. Therefore, understanding the evolution of these threats from traditional systems to modern IoT-driven architectures is critical for designing effective privacy-preserving and security-enhancing strategies.

3.1.1. Malware Attacks

Any piece of code or program designed and introduced to damage, exploit, or disrupt computer systems, networks, or devices is known as malware [26]. It can take different forms and is typically used by cybercriminals to gain unauthorized access, monitor traffic, and steal data from systems. A backdoor can be an inadvertent feature in a network, software, or system that permits illegal access or control via malware attacks. It bypasses normal authentication processes or security mechanisms, enabling a threat actor to gain privileged access to the system or its resources [27]. In a smart grid, these attacks can disrupt power generation, distribution, and consumption, impact critical infrastructure, and cause damage to grid components. Ransomware is a type of attack where threat actors infiltrate a system, encrypt critical data or control functions, and then demand a ransom payment to restore access and functionality.

The Industroyer malware, which was created to target Industrial Control Systems (ICSs), is a prime example. It was the root of a significant cyberattack on Ukraine’s power grid in 2016 [28]. Industroyer gained illegal control over circuit breakers and substation equipment by taking advantage of vulnerabilities in the grid’s communication protocols. This resulted in an extensive region of Kyiv being without electricity for nearly an hour. The incident showed how power distribution systems might be exploited by malware, resulting in blackouts and compromising grid stability [29,30]. The Colonial Pipeline Ransomware Attack in 2021 was one of the most significant cyber threats targeting critical infrastructure in the United States. A ransomware group, DarkSide, trespassed on the Colonial Pipeline and deployed ransom to encrypt files on the network. The attackers broke through the system using a Virtual Private Network (VPN) account that lacked multi-factor authentication (MFA), which opened access to the entire business IT system. To prevent the further spread and secure the critical structure, the company had to shut down its entire pipeline system [31]. Although the attack was not targeted toward the smart grid, the fragility of interconnected systems and the lack of intrusion-detection and -prevention systems (IDPSs) made it vulnerable, causing more damage to the infrastructure. To prevent such incidents, robust cybersecurity measures, including intrusion detection, network segmentation, and timely software patching, are essential in modern grids.

3.1.2. Denial of Services (DoS)

DoS is the type of attack where the attacker or a group of attackers attempt to make computer or network services unavailable for the target users. Similarly, when the attacks flood from multiple compromised resources, overwhelming the target with excessive traffic is known as a Distributed Denial-of-Service (DDoS) attack [32]. These attacks are frequently used to damage businesses and organizations, carry out cyber warfare, or extort individuals. In a smart grid, a DoS attack can cause significant disruption since it targets vital infrastructure that generates, transmits, and distributes electricity.

According to NETSCOUT Arbor’s 13th Annual Worldwide Infrastructure Security Report, DoS assaults account for 87% of the real dangers faced by service providers [33], while the 14th Annual Report in March 2019 stated it as 95%. Since smart grids rely on real-time data communication between various sensors, smart meters, and control systems, a DoS attack can overload these communication channels, causing delays or failures in grid operations. For example, if an attacker overloads the SCADA system with traffic, it might not process legitimate commands for load balancing [34] or fault detection in time. Due to delayed responses, this may result in grid instability, power outages, or even physical damage to transformers and substations. Attacking an Advanced Metering Infrastructure (AMI) could hinder utilities’ ability to manage electricity distribution remotely, causing extensive service interruptions. While not as devastating as a DDoS, a DoS attack can lead to significant downtime [35] and financial loss.

Depending on the attacker’s goal, target, and grid’s vulnerability, a DoS attack can be categorized into various sub-attacks, as shown in Figure 1. These attacks are strong enough to temporarily shut down systems or entire networks, so protecting the smart grid is crucial for smooth operation and services. However, the smart grid is different from traditional systems, which require meticulous threat analysis and management. Hence, sector-specific standards and guidelines are developed. For example, the USA’s [36] electrical industry is obliged to adhere to NERC-CIP 002-009 and the NISTIR 7628 [37] Guidelines for Smart Grid Cybersecurity that offer a framework for developing cybersecurity strategies. In threat analysis, filtering is adopted to drop the malicious packets on a network to prevent DoS attacks. Usually, filtering is done on perimeter devices such as firewalls, following security policies. When the threat is near, the filtering mechanism works well, consuming less bandwidth. Firewalls also help with network segmentation, intrusion detection, and access control. However, it is not a good option for low-end grid devices and fast events. Intrusion-Detection Systems (IDSs) are developed to alert when a false positive rate is high. The blocking method of intrusions makes IDSs into Intrusion-Prevention Systems (IPSs). The IDS mechanism has been divided into three parts—(a) signature-based detection, (b) anomaly-based detection, and (c) specification-based detection, which provide security at various levels. Furthermore, load balancing and network architecture redundancy help reduce service interruptions. Deploying deep packet inspection (DPI) can help to detect and block malicious traffic. To continuously strengthen the grid against threats, such defense measures need to be implemented at the right time.

3.1.3. Man-in-the-Middle

This type of cybersecurity breach happens when the intruder positions itself between two communication parties, monitoring and potentially altering their data transmission secretly. In the context of a smart grid as detailed in

Table 1. Comparison of various intrusion-detection schemes for man-in-the-middle attacks, depending on the attack scenario.

Features and Capabilities of IDSs	Intrusion-Detection Schemes
	[38]	[39]	[40,41]	[42]	[43]	[44,45]	[46]	[47]	[48]	[49]	[50]
Identify Two-way/One-way MITM attacks	–	–	◯	–	–	–	◯	◯	◯	◯	◯
Identify ARP poisoning-based MITM attacks	◯	–	–	–	–	–	–	–	◯	◯	–
Identify eavesdropped packets	–	–	–	–	–	–	–	–	◯	◯	–
Identify MITM while intercepting	–	◯	◯	◯	◯	◯	◯	◯	◯	◯	◯
Identify attack victims	–	–	–	–	–	–	–	–	–	◯	–
Consider customer privacy	–	–	◯	–	–	–	◯	◯	–	◯	–

, this could happen when an attacker inserts themselves between communication channels, such as smart meters and control centers, exploiting vulnerabilities in the network protocols or wireless transmissions. While the transmission seems normal, the intruder can perform false data-injection (FDI) and false command-injection (FCI) attacks that can hinder grid operations. Such attacks result in the injection of erroneous data, power outages, ineffective distribution, and compromised system security, which set off management failures and increase the grid’s resilience to future attacks.

Using secure communication protocols and robust encryption constitutes one of the primary defenses against MITM attacks. Unauthorized parties cannot intercept or alter data if end-to-end encryption is implemented using techniques such as AES-256 [51] or secure transmission protocols like TLS 1.3 and IPsec. In addition, to minimize the threat of spoofing or session hijacking, mutual authentication techniques such as digital signatures or certificate-based authentication (PKI) ensure that both communicating parties are validated prior to data exchange. Installing intrusion-detection and -prevention systems to monitor anomalies in network traffic is another essential step [49]. Machine learning (ML) methods can be applied to these systems and identify suspicious patterns that indicate MITM attacks, such as data replay or packet injection. Anomaly detection and real-time monitoring facilitate the early identification and mitigation of security issues before they escalate into serious breaches.

Enforcing robust identity and access management (IAM) procedures will further improve security. Role-based access control (RBAC) and multi-factor authentication (MFA) for distant users and grid operators can prevent illegal access to sensitive grid components. Secure key management, utilizing hardware security modules (HSMs) or trusted platform modules (TPMs) for cryptographic key management and fault-tolerance [52], shields against key compromise for encryption methods. Finally, to prevent hardware-based MITM attacks, smart grid components such as communication hubs, substations, and smart meters must be physically protected. The risk of physical compromises turning into cyberattacks decreases by implementing tamper-resistant hardware and conducting frequent security audits. By combining these security measures, smart grid operators can guarantee the security and durability of the power grid while also drastically reducing the possibility of MITM attacks.

3.2. Data-Oriented Threats

In contrast with traditional power grids, which function based on predefined schedules and manual controls, smart grids collect massive amounts of data using sensors, AMI, and IoT devices from energy-management systems, smart meters, and substations. These data are then analyzed using AI and ML to predict demand patterns, prevent outages, and enhance grid efficiency. For example, smart grids dynamically adjust power distribution based on real-time load monitoring, which assures stability and reduces energy waste. Data-driven automation is also used to detect faults, reroute electricity, and integrate renewable energy sources like solar and wind. Since the grid relies on data too much [53,54], protecting data security, availability, and integrity is essential to avoid cyber threats and operational disruptions.

3.2.1. Data Breaches and Leakage

Unauthorized access to sensitive, confidential, or protected data causes a breach. A data breach in a smart grid could expose critical operational details, raising security threats and causing system failures. Since smart grids depend on real-time data sharing between substations, control centers, and smart meters, any security flaw might give hackers the opportunity to intercept, alter, or steal private data [55]. Breaches can occur due to weak authentication methods, lack of encryption, insider threats, or cyberattacks such as malware and phishing. Attackers might target AMI to alter energy consumption records, disrupt billing systems, or cause power outages [56,57].

The Ukraine power grid cyberattack in 2015 gives a practical illustration of a smart grid data breach. Here, attackers infiltrated the network of multiple power distribution companies using phishing emails. They targeted human operators by sending emails; once the employees opened the attachments, malware known as BlackEnergy infected the network and allowed remote access to the attackers [58]. The attackers used stolen credentials to log into SCADA systems remotely and manually operated the Industrial Control Systems (ICSs) to disconnect power. This led to power outages affecting 230,000 people for several hours. This not only demonstrated how grids could be compromised but also highlighted the importance of network segmentation, robust authentication methods, continuous monitoring, and employee cybersecurity awareness in preventing such attacks. The attack impact might have been reduced if the utilities had implemented MFA, sophisticated intrusion-detection systems, and network isolation [59] into place.

Data leakage can happen due to the unauthorized or unintended transmission of sensitive data to an external party. Unlike a data breach, which involves an active attack, data leakage takes place due to misconfigurations, insider negligence, or malware infections. Cloud storage vulnerabilities, email misdelivery, weak authentication, or physical device theft can also cause data leakage [60]. One common risk is insecure communication channels, where energy consumption data are transmitted without proper encryption, allowing attackers to intercept it. This can compromise both consumer privacy and grid security. Smart grids rely on continuous data exchange between smart meters, substations, and control centers, making them vulnerable to leaks if security measures are weak.

The smart meter data leakage incident in 2017 that severely impacted several utilities and customers occurred at Pacific Gas and Electric Company (PG&E) in California. A third-party vendor that provided cloud-based data storage and analytics services for the utilities’ Advanced Metering Infrastructure (AMI) systems was associated with the incident [61]. These systems collect and manage data from smart meters deployed across residential and commercial locations. The exposed data included detailed energy consumption patterns, which, if compromised, could have led to serious privacy concerns. Utilities involved in this incident were forced to review their security protocols and enhance data encryption and access control mechanisms to prevent similar incidents from occurring in the future. This also contributed to increased regulatory scrutiny on data privacy and security within the smart grid industry.

3.2.2. Data Poisoning

Data poisoning falls into the category of cyberattacks, where malicious actors deliberately introduce incorrect or misleading data into a system. Information gathered from sensors, smart meters, and other connected devices is essential for predicting demand, maximizing energy use, and preserving system stability. If attackers gain access to the data streams or sensors, they could inject false readings or manipulate sensor data. This could result in inaccurate readings of energy consumption, grid loads, or environmental factors such as temperature and humidity, which are essential for optimizing energy flow and responding to real-time conditions. An example of a data poisoning incident in the smart grid occurred in 2020 when Russian hackers launched a cyberattack targeting the USA energy sector. The Russian hacking group, known as APT29 or Cozy Bear, used sophisticated spear-phishing emails to gain initial access to the networks of several USA utility companies. The attackers used advanced malware to exploit vulnerabilities in these companies’ systems. The goal was not just to steal data but to potentially manipulate or disrupt critical systems [62]. While the attack did not directly result in widespread damages, it certainly exposed the vulnerabilities in the way that critical infrastructure data are handled in the organization. This incident showed the importance of strong security measures and the need for data integrity management in the smart grid system.

3.3. Physical Layer Attacks

In a smart grid, physical layer attacks target the power system’s hardware, including sensors, substations, smart meters, and communication infrastructure. These attacks directly modify, destroy, or interfere with physical devices, in contrast to cyberattacks that use software vulnerabilities. Attackers may physically alter smart meters, cut power lines, or jam signals the tools to disrupt the grid operation [63]. Physical layer attacks can occur through various methods, each affecting the grid differently. One common form of attack involves tampering with smart meters, where attackers alter readings to manipulate billing information, leading to energy theft and financial losses for utilities. Another common attack is signal jamming, where malicious actors use radio frequency (RF) jammers to disrupt wireless communication between smart meters, sensors, and control centers [64]. This interference can cause delays in data transmission or lead to a complete loss of communication, impacting real-time grid monitoring and control.

Preventing physical layer attacks requires a combination of security measures, including physical protection, real-time monitoring, and advanced communication security. One of the first steps is enhancing physical security at critical infrastructure sites. This can be achieved by installing surveillance cameras, motion detectors, and access control systems to restrict unauthorized entry. Smart meters and communication devices should also be housed in tamper-proof enclosures to prevent direct manipulation or theft. Anomaly detection and continuous monitoring play an important role in identifying potential threats before they escalate. It can analyze unusual patterns of physical activity, alerting operators to potential threats [64]. Additionally, redundant communication networks should be implemented to ensure grid stability in case of jamming or disruption. Techniques such as frequency hopping and spread spectrum communication can make it difficult for attackers to interfere with smart grid signals. In order to reduce physical dangers, security awareness and training are equally crucial. Grid operators and utility workers should be trained to react properly in the event of an incident and educated on the dangers of physical attacks. The grid’s resilience can be further increased by conducting regular security audits, vulnerability assessments, and emergency response drills. Smart grid operators can promise a more secure and stable energy network and significantly reduce the danger of physical layer attacks by using these preventive measures.

4. Privacy-Preserving Machine Learning Techniques

This section provides a comprehensive survey of privacy-preserving machine learning approaches, specifically in the context of smart grids for possible attacks discussed in Table 2. The study examined eight techniques recognized by various governing bodies worldwide, as highlighted in the privacy-related reports from the USA (https://catalog.data.gov/dataset/national-strategy-to-advance-privacy-preserving-data-sharing-and-analytics, accessed on 15 March 2025), UK (https://royalsociety.org/news-resources/projects/privacy-enhancing-technologies/, accessed on 15 March 2025), Europe (https://cros.ec.europa.eu/PET4OS, accessed on 20 March 2025), and the OECD (https://www.oecd.org/en/publications/emerging-privacy-enhancing-technologies_bf121be4-en.html, accessed on 20 March 2025). The techniques covered are as follows:

• Anonymization
• Differential privacy (DP)
• Synthetic data (SD)
• Secure multiparty computation (SMPC)
• Homomorphic encryption (HE)
• Zero-knowledge proof (ZKP)
• Trusted execution environment (TEE)
• Federated learning (FL)

Table 2. A summary of existing research papers related to smart grid attacks.

Mentioned Attacks	Target Systems	Vulnerability	Countermeasure
CIA Triad Attacks [10,21]	Customer Information Systems (CIS), SCADA, Smart Meters, and Cloud Storage	Privacy breaches, incorrect energy distribution, communication blockage, inaccessible resources, and causes financial loss	Intrusion-Detection and -Prevention Systems, data masking and anonymization, and access control mechanisms
Ransom Attacks [31,65]	Communication networks, Automation, and Centralized control systems	Widespread power outages and operational disruptions leading to infrastructure damage and financial loss	Multi-Factor Authentication, ID&PS, and robust access control
Data Breach and Leakage [58]	SCADA, Smart meters, Cloud storage systems	Privacy violations and grid operation disruptions leading to financial loss and reputation damage	Strong encryption, access control, regular security audits, and monitoring of data-sharing protocols
DoS/DDoS [66,67]	SCADA, Advance Metering Infrastructure (AMI)	Communication overload, flow disruption, and incorrect data transfer	State-of-the-art security protocols to provide secure communication
Single Point of Failure [68,69]	Critical Substations and Transformers, Communication Hubs, and Cloud-based Grid Management Platforms	Complete system crash, communication breakdown, de-sync operations, and could impose cyberattacks	Adopting distributed control architecture, blockchain for authentication, and robust anomaly detection
Man-in-the-Middle [48,66]	Communication network, SCADA, Energy-management system (EMS)	Misconfigurations, energy blackouts, incorrect billing, and damaged infrastructure	Cryptographic security measures, network-monitoring and -protecting techniques
False Data Injection, Meter Spoofing [70,71]	Smart meters, State estimation systems, Distributed Energy Resource (DER) management	Compromised meter unresponsive to critical grid operations and utility requests	Enhanced meter security with data integrity and validation methods to secure physical access
Data Manipulation, Identity theft attacks [72]	Customer Information Systems, SCADA, DER Management	Detect identity-based security vulnerabilities in the system, leads to data tampering and privacy breach	Strong data encryption methods, blockchain-based identification, and authentication methods to prevent identity theft and impersonating
Malicious Energy Traders [73]	Demand Response Systems, AMI, Billing and Payment Infrastructure	Energy theft and fraud, billing chaos, and exploit demand-response systems to destabilize the power grid	Real-Time Monitoring and Alerts system, blockchain for transactions and AI-Powered Fraud Detections

Table 2. A summary of existing research papers related to smart grid attacks.

Mentioned Attacks	Target Systems	Vulnerability	Countermeasure
CIA Triad Attacks [10,21]	Customer Information Systems (CIS), SCADA, Smart Meters, and Cloud Storage	Privacy breaches, incorrect energy distribution, communication blockage, inaccessible resources, and causes financial loss	Intrusion-Detection and -Prevention Systems, data masking and anonymization, and access control mechanisms
Ransom Attacks [31,65]	Communication networks, Automation, and Centralized control systems	Widespread power outages and operational disruptions leading to infrastructure damage and financial loss	Multi-Factor Authentication, ID&PS, and robust access control
Data Breach and Leakage [58]	SCADA, Smart meters, Cloud storage systems	Privacy violations and grid operation disruptions leading to financial loss and reputation damage	Strong encryption, access control, regular security audits, and monitoring of data-sharing protocols
DoS/DDoS [66,67]	SCADA, Advance Metering Infrastructure (AMI)	Communication overload, flow disruption, and incorrect data transfer	State-of-the-art security protocols to provide secure communication
Single Point of Failure [68,69]	Critical Substations and Transformers, Communication Hubs, and Cloud-based Grid Management Platforms	Complete system crash, communication breakdown, de-sync operations, and could impose cyberattacks	Adopting distributed control architecture, blockchain for authentication, and robust anomaly detection
Man-in-the-Middle [48,66]	Communication network, SCADA, Energy-management system (EMS)	Misconfigurations, energy blackouts, incorrect billing, and damaged infrastructure	Cryptographic security measures, network-monitoring and -protecting techniques
False Data Injection, Meter Spoofing [70,71]	Smart meters, State estimation systems, Distributed Energy Resource (DER) management	Compromised meter unresponsive to critical grid operations and utility requests	Enhanced meter security with data integrity and validation methods to secure physical access
Data Manipulation, Identity theft attacks [72]	Customer Information Systems, SCADA, DER Management	Detect identity-based security vulnerabilities in the system, leads to data tampering and privacy breach	Strong data encryption methods, blockchain-based identification, and authentication methods to prevent identity theft and impersonating
Malicious Energy Traders [73]	Demand Response Systems, AMI, Billing and Payment Infrastructure	Energy theft and fraud, billing chaos, and exploit demand-response systems to destabilize the power grid	Real-Time Monitoring and Alerts system, blockchain for transactions and AI-Powered Fraud Detections

4.1. Anonymization

In smart grid systems, attackers can cleverly disguise themselves within critical infrastructure, thereby evading cybersecurity measures such as firewalls, data diodes, and intrusion-detection or anomaly-detection systems. Deceptive devices installed at various communication points in smart grids and industrial control systems signal the system when these protective mechanisms are breached. The K-anonymous smokescreen configuration of indistinguishable Intelligent Electronic Devices (IEDs) at substations undermines attackers and highlights the potential threat of honeypots within the IEC 62351 standard topology [74].

Distribution systems have been upgraded with digital communication technology involving devices in consumer households, like smart meters. Distributed energy resource management incorporates different nodes for load aggregation based on the location and type of load associated with substations, segments, feeders, consumer services, and more. Each associated point is susceptible to privacy breaches of personally identifiable information (PII), which can be anonymized via a generalization hierarchy [75] allowing for the grouping of transformers, segments, and Distributed Energy Resources (DERs) using the K-anonymity approach. Similarly, a continuous $K_s$-anonymization approach [76] modifies the grouping of smart meter data streams with equivalence classes (EQ) that comprise at least k unique individuals.

Despite the anonymization technique helps protect personally identifiable information (PII) from direct identification, it remains vulnerable to privacy leakage due to data mining approaches. Quasi-identifier (QI) attributes, such as timestamps and the locations of smart meters, can indirectly reveal energy usage patterns, habits, and living standards of individual households. A hybrid framework [77] that integrates K-anonymity data generalization with differential privacy in the preprocessing of energy data provides better protection for user privacy than using individual anonymization techniques.

4.2. Differential Privacy

Data acquisition from smart meters to the control center through an ICT network enables a smart grid to achieve reliable, efficient, and flexible data processing for balancing power distribution and dynamically adjusting electricity prices. However, such data-sharing programs can expose energy users’ consumption habits and daily activities. Homomorphic encryption involves significant computational costs, making it unsuitable for real-time data analytics and operations. Masking, another approach, introduces random noise via a trusted third party, which is often impractical. Local Differential Privacy (LDP), on the other hand, operates directly within the smart meters and does not require a third party for local random perturbation of client energy data [78]. The privacy budget in traditional Differential Privacy (DP) increases with the streaming of data from smart meters, making it vulnerable during large time-domain events. Spectral Differential Privacy (SpDP) [79] addresses this issue by bounding noise based on the frequency domain representation of smart meter data, showing better performance than trajectory-level DP (TrDP), even over extended time periods.

Smart grids are equipped with control centers that interact, cooperate, and perform data aggregation for heterogeneous IoT-based appliances. Differential attacks from adversaries can provide insights into aggregated multi-subset and multi-dimensional energy data. Fog computing mitigates the computational, transmission, and security burdens of cloud networks by directly interacting with and aggregating data from various devices. This method employs two differential privacy techniques, using noise from geometric and Laplace distributions [80]. Additionally, the incorporation of Personalized Differential Privacy (PDP) [81] can alleviate the privacy concerns associated with fog computing by adapting the selection of non-uniform noise for individual nodes based on their proximity to the control center.

Modern power systems are integrated with Distributed Energy Resources (DERs), the Internet of Things (IoT), robust communication channels, advanced phasor measurement units, and prosumers’ management devices. The inter-connectivity, along with exposure, fragmentation, and digitization, complicates smart grid operations and makes them more fragile to cyber attacks. Smart grid operations must precisely monitor system states and matrices at central control centers, transmission nodes, and distribution points to ensure reliable electricity provision without violating system constraints. Unauthorized reconnaissance of system states can disrupt grid integrity through false data injection, leading to power outages, equipment damage, and financial losses. A collective DP defense mechanism utilizing chi-squared noise distribution [82] supports anomaly detection in power systems under false data-injection attacks while preserving the privacy of system matrices. A detailed overview of several DP methods applied in the energy sector is provided in

Table 3. Differential privacy approaches used in IoT-integrated smart grids.

DP Approach	DP Mechanism	Algorithm	Tasks	Adversaries or Attacks Types	Privacy Parameters	Task Metrics	Dataset
DDP (2021) [83]	Laplace noise	Energy aggregation	NILM	Dishonest but non-intrusive	Accumulative error/Aggregation error	Precision, Recall, F1-score	6 households real-world, Switzerland
RDP (2024) [84]	Gaussian noise	Neural Network	Classification (attack/normal)	Inference attacks	Privacy budget ($ϵ$) against accuracy	Categorical cross-entropy loss, accuracy, F1-score	UNSW-NB15, NSL-KDD, and ToN-IoT
DPML (2019) [85]	Laplace noise with peak-factor	Energy aggregation	Demand Response	Eavesdropping, curious-but-honest utility/aggregator	Privacy budget ($ϵ$)	Percentage error of kWh(%)	NREL
PPMM-DA (2023) [80]	Geometric and Laplace noise	Multidimensional energy aggregation	Load monitoring	Differential attack, collision attack, eavesdropping, active attack	Privacy budget ($ϵ$)	Relative error	Mathematical model
DP Chi-square (2024) [82]	Gaussian noise	System state estimation	Anomaly detection	Stealth attack, FDI attack, untrusted third party	Privacy budget ($ϵ,\sigma$)	Area under the ROC (AUROC)	Values from mathematical model
PDP (2021) [81]	Local DP on trusted distance	Graph Theory	Energy Prediction	Correlation, collusion attacks	Privacy budget ($ϵ$)	Root mean squared error (RMSE)	EPFL-Campus real-world

.

4.3. Synthetic Data

The modern smart grid is characterized by fine-grained generation, consumption, state estimation, and control data across various system domains, including IoT devices at central power plants, transmission networks, distribution nodes, and consumer endpoints. The dynamics of cutting-edge research in smart grids heavily rely on the availability of easily accessible and open-source data. However, challenges such as historical data scarcity, incomplete observations, device malfunctions, and privacy concerns regarding real-time energy data limit the scope of research and the application of machine learning (ML) approaches in realistic settings. Physical-based methods can simulate synthetic data to address the challenges of complex and insecure data collection, incorporating detailed information about the environment, structure, social factors, financial aspects, and behavioral properties.

ML algorithms on closed-source datasets often outperform model-driven approaches in smart grid applications, including renewable energy (RE) prediction, load forecasting, state estimation, and event detection. Privacy concerns and potential cyberattacks restrict utilities and consumers from publishing and collecting sensitive data. Generative Adversarial Networks (GANs) can learn the conditional probability of essential spatial and temporal features from real energy data by comparing the outputs of generative and discriminative models. Recurrent neural networks (RNNs) with ARIMA and Fourier transform features [86] replace the convolutional neural networks (CNNs) of image GANs for generating better-quality time series AMI data without violating the privacy regulations.

In machine learning-based Non-Intrusive Load Monitoring (NILM), the task of disaggregating energy data from low-frequency net energy meters to high-frequency appliance-level consumption necessitates diverse, interconnected smart household appliances. Malicious attacks aimed at uncovering insights into living habits, appliance types, financial status, and dynamic pricing programs discourage consumers from sharing their appliance-level data. ProfileSR-GAN [87] upscale the low-resolution smart meter data to generate high-resolution power flow or energy disaggregation data by using the GANs model. Additionally, Variational Autoencoders (VAEs) and Gaussian Mixture Models (GMMs) can assess the quality, sensitivity, and privacy of synthetic data derived from smart meters [88]. Some techniques related to synthetic data have been discussed in

Table 4. Synthetic data analytics approaches used in IoT-integrated smart grids.

Synthetic Data Approach	ML Algorithms	Energy Tasks	Evaluation Metrices	Dataset
DP-SGD (2024) [88]	Faraday algorithm	Generate smart meter energy	Quantile values, accuracy, precision	Low Carbon London (LCL)
K-Mean (2018) [89]	Generative adversarial network (GAN)	Short-term prediction	MAPE	Pecan Street
R-GAN(2019) [86]	Recurrent generative adversarial network (R-GAN)	Load generation	MAPE, MAE	UCI-Energy, Building Genome
Bayesian NN (2019) [90]	Generative adversarial network (GAN)	System state estimation	MSE	IEEE-118, Pecan Street
ProfileSR-GAN (2022) [87]	GAN-based on maximum-a-posteriori	NILM	MSE, Peak load error (PLE)	Pecan Street
PDM (2024) [91]	Physics-informed diffusion model	Load and solar generation	t-SNE, QS, MAE, RMSE	Pecan Street
SMOTEENN (2021) [92]	AlexNet and light gradient boosting (LGB)	Electricity theft detection	AUC, recall, precision, F1-score	State grid corporation of China (SGCC)

.

4.4. Secure Multiparty Computation

The Secure Multiparty Computation (SMPC) cryptographic scheme entertains multiple parties to compute a function without revealing the sensitive data of individual parties. In this scheme, a secret S is divided into n shares, and a minimum of k shares is required for the parties to reconstruct the secret S through arithmetic operations such as multiplication, addition, or both. SMPC plays a vital role in protecting data within smart grids and safeguarding the privacy of individual energy users against both internal and external threats. Tasks related to energy, such as load aggregation or billing, can only be executed by parties possessing the respective distributed shares of the secret.

Data-aggregation algorithms employ various aggregate functions—such as sum, average, minimum, maximum, and quantiles—depending on the architecture and data-sharing mechanisms in place. Overgrid acts as a graphical interface to access various grid utilities within the power system. A privacy-preserving scheme for a peer-to-peer (P2P) decentralized setup has been developed for community-based demand response programs in smart buildings [93]. This technique incorporates distributed data aggregation using a secure multiparty computation approach known as PP-Overgrid.

The advanced metering infrastructure, a subsystem of the smart grid, involves sharing information with a trusted entity to facilitate accurate and reliable billing. Distributed information sharing and cryptographic techniques ensure the confidentiality of consumers without relying on any trusted entity, particularly in cases of suspected malicious privacy breaches. The secure MPC utilizes Shamir’s secret sharing in conjunction with a distributed file system to store and protect electricity usage data, thereby enabling a secure billing process [94]. Furthermore, a clustered-based distributed MPC algorithm [95] has been employed to aggregate the energy consumption of consumers in a ring structure, utilizing both private and public keys.

Edge devices in the smart grid collect and share vast amounts of energy data with various decentralized electricity sales and transmission entities to enhance operational efficiency. The integration of blockchain technology and decentralized energy markets with real-time edge computing boosts the privacy and security of confidential data sharing through multiparty computation (MPC). BPM4SG [96] utilizes data segmentation, smart contracts, encryption, and ring signatures to establish a dual-privacy framework for both data owners and utilities. The power flow analysis (PFA) parameters of two distinct grids can be secured using the linear Newton method and a universal composability framework, which provides secure multiparty computation (SMPC) protocols for smart meters and predictive data.

Table 5. Secure multi-party computation methods used in IoT-integrated smart grids.

Ref.	SG Domain	Privacy Concerns/Parameters	Contribution
(2022) [94]	Consumer billings	Routine, Appliance types and preferences	Shamir secret sharing-based SMPC with five key algorithms including setup, blinded reading generation, interpolation, and final reading calculation ensures secure energy consumption billing. The system assumes an honest-but-curious utility provider, while smart meters may be malicious, facing passive (peer or leader compromise) and active (malicious peer or leader behavior) attacks.
(2024) [97]	State estimation, optimal power flow	Measurement matrix	Efficient SMPC approach for Newton-Raphson method power flow analysis (PFA) leverages secret sharing, Cartesian formulation, and sparsity optimization. The system operates in semi-honest and malicious adversarial settings without relying on a Trusted Third Party.
(2024) [98]	Day-ahead energy forecasting	Global iteration, relative accuracy	Privacy-preserving distributed market mechanism using SMPC and the Shamir secret-sharing scheme employs the Consensus ADMM algorithm and a chance-constrained LinDistFlow model for an uncertainty-aware joint market of energy and reserves. A recovery scheme handles missing network measurements, supporting day-ahead energy balancing under a static, honest-but-curious setting.
(2021) [99]	Day-ahead energy-storage scheduling	Energy data breaches, computation and communication costs	SMPC framework for energy-storage sharing enables confidential cost-sharing and verifiable virtual net metering settlement without trusted third parties. It address risks from dishonest users, data misuse, and privacy breaches while balancing privacy protection and performance.
(2019) [100]	Transmission, Distribution fees balancing	Computation and communication costs	MPC-based protocol for secure smart metering data collection incorporates three aggregation algorithms: Naïve Aggregation (NAA), No Comparison Aggregation (NCAA), and Non-Interactive Aggregation (NIAA). It enables distribution, transmission, and balancing fee calculations using real smart metering data while considering malicious behavior from both internal and external entities, including grid operators and suppliers.
(2020) [101]	Energy market pricing	Individual profiles and incentives	Private Energy Market (PEM) ensures optimal pricing through a Nash Equilibrium-based Stackelberg game under a semi-honest adversarial model without a trusted third party. The approach maintains privacy, individual rationality, and incentive compatibility, addressing risks where local generation and demand data may reveal user consumption patterns.
(2024) [102]	Wind energy forecasts	Computation time, Spatial, and temporal patterns	Privacy-preserving ultra-short-term wind power-forecasting method using secure multiparty computation (MPC) and pwXGBoost, an encrypted variant of XGBoost operates under a semi-honest model and leverages real-world data from 27 wind farms in China, capturing nonlinear spatial and temporal correlations for improved prediction accuracy.

summarizes several secure MPC approaches along with their specific contributions.

4.5. Homomorphic Encryption

The integration of electric vehicles and renewable energy resources, combined with robust communication via IoT devices, enhances the cybersecurity of smart grids. Homomorphic encryption (HE) is a cryptographic technique that transforms plaintext into ciphertext, ensuring secure communication and facilitating aggregation tasks while protecting against eavesdropping and untrusted malicious actors. One critical issue with this highly secure cryptographic system is the communication and computational cost associated with securing the ciphertext. The Paillier homomorphic encryption scheme reduces latency and data size by encrypting only the aggregated data at intermediate upstream nodes in an end-to-end smart meter network [103].

In transactive energy, the confidentiality and privacy of electricity users are essential for a flexible power distribution policy. The ElGamal cryptosystem offers homomorphic encryption [104] to safeguard sensitive participant pricing and energy data, thus supporting secure contract clearing and auctions in local energy markets. The Diffie-Hellman assumption requires fewer computational multiplication operations to encrypt the tuple of public keys shared within the transactive energy markets. Summation and variance are two metrics mainly used to evaluate the computational performance of HE [105]. A cost-benefit analysis can be conducted using these two metrics across various trusted boundaries for service providers, third parties, and peer consumers in smart metering systems.

Intelligent devices are employed for real-time monitoring of energy consumption, facilitating an automated, reliable, efficient, and economical distribution of electricity among multiple consumers. The two-way communication between smart meters and electricity providers over a public network can expose data to adversaries who may intercept it during transmission. A symmetric homomorphic secure smart grid system maintains confidentiality and integrity against threats and malicious attacks through a forward authentication mechanism for sharing session keys. The privacy of smart meters is protected by forwarding the aggregated encrypted electricity data from the Aggregation Provider (AP) [106]. Several homomorphic encryption methods implemented in the smart grid domain are summarized in

Table 6. Homomorphic encryptions mechanism used in IoT-integrated smart grids.

HE Approach	SG Domain	ML Approach	Security Concerns	Evaluation	Dataset
Pailler-based asymmetric (2022) [94]	Distributed Grid fault localization and energy forecasting	DNN	Inference, reverse engineering, eavesdropping	Computational complexity of DNN activation function, execution time	IEEE-68 bus system
Domingo-Ferrer (2017) [107]	Cloud-based billing	Load aggregation	Data integrity, availability	Long execution time	15 min based Melbourne smart meters
CKKS-based (2023) [105]	Consumer smart meters	Load aggregation	Consumer behavior and absence event	Summation, variance, memory and time consumption	DAIAD project real-world
Elliptic curve (2018) [108]	Dynamic billing	Load aggregation	Confidentiality, integrity, authentication	Computation and communication overhead	Mathematical model
Fan-Vercauteren somewhat (2017) [109]	Energy forecasting	ANN with GMDH data imputation	Consumer behavior	performance cost in MSE, time in ms	Irish smart meter
Asymmetric (2017) [110]	Energy pricing	Fixed-point arithmetic aggregation	Consumer privacy and confidentiality	Computation time	Real-world Smart project

.

4.6. Zero-Knowledge Proof

Zero-knowledge proof (ZKP) approaches focus on verifying participants in smart grid activities, such as prosumers and EV consumers, while not concerning themselves with the sharing of information among smart grid entities. These methods address privacy issues that arise from revealing daily routines through transaction and location logs. The ZKP authentication scheme typically involves three entities: the issuer, the holder, and the verifier. A trusted service provider issues verifiable credentials for holders, such as energy users, while the verifier authenticates the users’ digital signatures provided by the issuer for the services requested by the holder. ZKP offers a secure authentication scheme for EV charging providers, protecting against replay and impersonation attacks from malicious EV users [111]. Charging stations verify the digital signatures of EV consumers against the utility service provider where users are registered, which helps reduce the risk of malicious clients.

Peer-to-peer energy-trading mechanisms have been widely adopted by consumers in electricity markets for distributed energy management and demand response. A significant challenge in peer-to-peer energy trading is the potential for privacy violations and information leakage by malicious agents [112]. Consensus with Innovation (C+I) and the Power Transfer Distribution Factor (PTDF) have been used to maximize social welfare while adhering to physical network constraints. The ZKP protocol has been implemented to evaluate various performance metrics, including convergence, line congestion management, scalability, computational efficiency, and supply chain operations. In micro-grid energy trading, the power flow takes precedence over energy prices, making the transaction history stored on servers vulnerable to malicious attacks. ZKP aids in distinguishing between benign and malicious prosumers, while the Fiat-Shamir approach ensures secure communication channels for micro-grid trading price schemes [113].

4.7. Trusted Execution Environment

The nexus of the Internet of Things (IoT) and smart grids makes the systems vulnerable, particularly to privacy and security threats, as they involve interconnections among utility companies, manufacturers, third-party operators, and various intelligent devices. A Trusted Execution Environment (TEE) offers a hardware-based solution with cryptographic functions to enhance the security of IoT-integrated systems [114]. TEE creates a secure area within the central processing unit (CPU) that isolates sensitive data and running code from malicious software, preventing unauthorized access to that data. Without such protection, malicious software could compromise the operating system of IoT-based smart grid applications, potentially gaining full control and bypassing security measures. TEEs typically utilize compact on-chip hardware systems, such as Arm TrustZone [115] and Intel Software Guard Extensions (SGX) [116], to isolate sensitive programs from the rich execution environment (REE). They store authentication or cryptographic keys, as well as sensitive data and code that rely on these keys.

Smart grid operations often depend on a cloud-based trusted party to store data or perform tasks related to energy management. Cloud service providers are generally considered semi-honest, as they may be curious about sensitive consumer data and can access personal information. SecGrid utilized a low-computation approach using Intel SGX, rather than relying on more resource-intensive cryptographic techniques like secure multi-party computation (SMPC) or homomorphic encryption (HE), to enable secure and efficient functionalities in smart grids, such as data aggregation, dynamic pricing, and load forecasting [117]. Although adversaries might have full control over the software applications and the operating system of the central utility, the certified hardware can still perform secure operations under the TEE.

4.8. Federated Learning

Federated learning (FL) facilitates collaborative learning among different entities within smart grids (SGs), which can include prosumers, micro-grids, smart homes, SCADA networks, Intelligent Electronic Device (IED) nodes, distributed subsystems, and generation companies. This collaboration aims to perform common tasks while ensuring the privacy of sensitive data at the edges. Deep learning (DL) techniques capture the features and patterns of smart meter data to enhance a global model without requiring the sharing of individual energy data [118]. In hierarchical smart grids, a central control system is responsible for monitoring the overall power system, which is supported by edge-based SCADA systems that collect data from IED nodes. Power systems often experience abrupt power swings during disturbances, and anomaly-detection operations can identify such swings as cybersecurity threats, such as false data injections. FedDiSC approach leverages the ability to discriminate between benign and malicious disturbances in the power system to ensure reliable and stable grid operations [119].

Synchrophasors, also known as phasor measurement units (PMUs), are widely deployed across power systems for monitoring purposes, including wide-area voltage control, damping control, and protection systems. However, PMU networks are susceptible to various cyberattacks, including denial of service, data spoofing, malicious code injection, and fault replay attacks [120]. FL addresses the challenges of multi-dimensional, non-IID data distribution and the issue of free-riding in energy trading, where some clients provide low-quality data to maximize incentives. Energy data owners (EDOs) collect information from a variety of energy users, incorporating different combinations of appliances and usage habits for both domestic and commercial purposes. A Deep Q-Network reinforcement learning model has been implemented in a federated setup to penalize free-riding users, with EDOs acting as clients and energy service providers (ESPs) aggregating the parameters [121].

Centralized machine learning (ML) for real-time anomaly detection has notable disadvantages, including connectivity issues, communication bandwidth limitations, latency, and privacy and security concerns that may violate privacy regulations. TensorFlow Federated (TFF) framework has been used to compare various DL anomaly-detection models in both federated and centralized setups, while the Flower framework established a federated testbed using a CPU workstation as the server and Raspberry Pi as energy clients [122]. Self-signed certificates for SSL/TLS protocols have been adopted to secure communication channels against eavesdropping and man-in-the-middle (MITM) attacks on model updates. Power system state owners face threats from sheath attacks that involve injecting false data to disrupt smooth operations, potentially leading to power outages. A bi-level optimization problem has been proposed to detect false data injections (FDIs) in a federated setup, incentivizing clients based on data size and quality for the measurement matrix (H) in the IEEE 32-bus system, with a single node as the attack point and 100 Monte Carlo-based scenarios [123].

Table 7. Federated learning methods used in IoT-integrated smart grids.

FL Approach	SG Task	Contribution
FedDiSa (2023) [124]	Fault and attack classification	Federated learning with secure and lightweight communication for power system state estimation and classification of disturbance and cybersecurity events in the SCADA sub-system nodes connected to IED nodes for data collection and Central control center for model aggregation.
Multi-task FL (2024) [125]	VPP energy prediction	Multi-task FL shows comparable optimization results as that of mathematical algorithms such as HBMO and TLBO in term of generation cost, while FL showed faster convergence than other mathematical ML approaches.
VMD-FK-SecureBoost (2023) [126]	Short-term load forecasting	VMD-FK-SecureBoost provides secure aggregation under distributed setup to address the data heterogeneity of highly variable energy client data. VMD extract the features of individual clients which is support by K-means clustering mechanism to aggregate the same weights of the cohort using secureboost ML forecasting algorithm.
FedUPS (2025) [127]	Anomaly detection	Centralized processing of security threat detections associated with the interconnected distribution network have the shortcoming of communication burdens, data leakage and performance degradation for real-time operations. FedUPS proposed a semi-supervised FL to dynamically aggregate the parameter with a thresold to filter the clients with poor data for a distributed power control system.
FedGrid (2023) [128]	Generation and load forecasting	Integration of both highly variable load and renewable energies make energy management a difficult task in a cyber-physical SG. FedGrid optimized the demand and supply management by predicting the corresponding load and generation of every component in the secure federated setup.
FedDRL (2023) [129]	Wind energy forecasting	FedDRL combines the deep learning with reinforcement approach to predict the ultra-short term prediction of wind farms which reluctant to share island data due to commercial liabilities.
dy-TACFL (2025) [130]	EV station energy prediction	dy-TACFL employs affinity propagation to adaptive clusters and predicts the energy of EV charging stations according to client behavior in a heterogeneous, time-varying environment.

presents the contributions of FL approaches involved in various energy-related tasks within modern power systems.

5. Applications of PPML in IoT-Integrated Smart Grids

5.1. Non-Intrusive Load Monitoring (NILM)

Energy disaggregation from smart meter consumption into household appliances can provide insights into usage patterns, financial status, and device attributes of users. Decentralized learning with Laplace noise applied to the net energy meter of consumers can help protect consumer behavior, while random permutation further strengthens privacy against NILM attacks [83]. Differentially private NILM adds Laplace noise to power usage datasets to prevent malicious entities from reconstructing exact appliance usage.

5.2. Fault Detection, Energy Theft, and Diagnostics

Non-technical losses, which include equipment failures, power outages, energy theft, cyberattacks, and faulty energy devices, can result in an annual global revenue loss of approximately USD 96 billion [131]. Federated fault detection enables real-time identification of voltage fluctuations and fraud detection across smart meters without exposing raw grid data. Homomorphic encryption (HE) protects billing verification against energy theft, while multiple grid entities can collaboratively perform secure multiparty computation (SMPC) to detect fraudulent meter readings while ensuring zero data leakage.

5.3. Demand Forecasting

The scalability and integration of microgrids require a significant number of IoT devices to be distributed across the network for bidirectional communication and information sharing among various nodes and prosumers. Generative Adversarial Networks (GANs) can extract statistical components to produce pseudo household usage data [89] and power-injection data [90] in a distributed system, addressing concerns related to device scarcity and privacy. Physics-informed diffusion models leverage data-driven machine learning along with model-driven mathematical properties for synthetic load generation of solar-integrated consumers [132].

5.4. Generation Forecasting

Smart grid insights into renewable energy generation at the prosumer level can influence electricity prices when renewable energy (RE) is not available and can also be sold data to private advertising firms. Differentially private load monitoring (DPLM), using Gaussian noise during peak hours [85], effectively protects real-time power-generation data from solar and wind resources on the consumer end, as well as information on the availability of RE for demand response and load forecasting.

5.5. Anomaly Detection

Deep learning models require a substantial amount of smart grid data, yet privacy regulations can limit data availability. Machine learning techniques can utilize HE to secure the training processes for prediction, anomaly detection, fault localization, and energy theft tasks within smart grids [133]. A cloud-based billing system connected to smart meter sensors employs a lightweight Domingo-Ferrer’s HE scheme [107] to encrypt and decrypt aggregated energy and cost data through various arithmetic operations. Similarly, household appliances within a home area network (HAN) may use lattice-based HE [134] to authenticate messages for low-computing IoT devices.

5.6. Energy Trading

Dynamic pricing of electricity facilitates consumer participation in local electricity markets for distributed energy management, allowing for the shifting of interruptible appliances to off-peak hours. An Alternating Direction Method of Multipliers (ADMM)-based multiparty computation (MPC) protocol employs Shamir secret sharing and ElGamal commitments to secure peer-to-peer trading within uncertain local electricity markets [98]. Quadratic programming and blockchain contracts provide additional security for bidirectional MPC protocols within a network-constrained P2P energy billing scheme based on Karush–Kuhn–Tucker (KKT) conditions [135].

5.7. Electric Vehicles

Electric vehicles (EVs) change the dynamics of smart grids through real-time monitoring of the vehicular energy network, facilitating energy dispatch and establishing variable energy markets for EV clients that enter and exit randomly [136]. Peer-to-peer (P2P) energy trading relies on reliable and secure network topology for sharing private energy transaction data among EVs. The location data of EVs contains sensitive information about their users, making it vulnerable to breaches by adversaries at untrusted nodes responsible for data aggregation or energy dispatching. A decentralized blockchain approach utilizing k-anonymity [137] can be adopted as an energy-trading network to secure energy transactions and protect the location privacy of EV owners.

6. Integration of PPML and IoT in Smart Grid Domains

6.1. Challenges in Integrating IoT and PPML in SGs

By the end of 2025, it has been estimated that 19 percent of 30.9 billion IoT devices will be deployed in the smart energy sector [138]. IoT devices within the smart grid vary in terms of computation and communication capabilities, leading to the use of different standards and protocols. The lack of standardized IoT protocols for smart grids compromises the security, reliability, and interoperability of these devices. Additionally, the big data collected over the extensive network of smart grids often consists of unstructured and complex patterns across different modalities, making implementing effective PPML techniques challenging. Furthermore, IoT systems utilizing PPML need to be robust and timely enough to address the concept drift problem in machine learning. This ensures that real-time data changes over time do not negatively impact tasks such as anomaly detection, fault analysis, forecasting, and status monitoring.

Table 8. Computational complexity and overhead analysis of PPML techniques for IoT-based smart grids.

PPML Technique	Computational Complexity	Communication Overhead	Suitability for IoT Devices
HE (2022/23) [139,140]	$O\left(n^d\right)$ for circuit depth d; bootstrapping $O(n^{2}logn)$	Low (encrypted inference only)	Low (due to high computation and memory requirements)
SMPC (2020) [141]	$O(m·k)$ rounds and $O(m^2·k)$ cryptographic operations	High (multiple k rounds between m parties)	Moderate to Low
FL (2025) [142]	$O(E·C·R)$ where E: epochs, C: clients, R: rounds	High (transmitting model weights $\left|w\right|$ per round)	Moderate (affected by communication and heterogeneity)
DP (2019) [85]	$O\left(N\right)$ per SGD iteration (noise affects convergence speed)	Low	High (efficient but may impact model accuracy)
ZKP (2023) [143]	Depends on protocol; typically polynomial	Moderate (interactive protocols)	Moderate

shows the computational and communication overheads involve in the different PPML approaches to intergrated with the IoT-based smart grids.

6.2. Frameworks and Libraries of PPML

PPML approaches have been widely adopted in various application areas, such as smart cities, smart healthcare, and smart finance. Several frameworks and libraries have been provided to support academic and industrial advancements in these domains. A selection of open-source platforms utilized by the PPML research studies are presented in

Table 9. Frameworks and libraries used for PPML approaches (DP: Differential Privacy; MPC: Multiparty Computation; HE: Homomorphic Encryption; FL: Federated Learning; TEE: Trusted Execution Environment).

Framework/Libraries	Description	DP	MPC	HE	FL	TEE
PySyft [144]	Open source python library supporting deep learning	✓	✓	✓	✓	-
SecretFlow [145,146,147]	Python (3.8–3.11) and C++ (14/17/20)-based libraries for privacy-preserving data intelligence and machine learning	✓	✓	✓	✓	✓
CrypTen [126]	Open source cryptographic protocol by Meta	-	✓	-	-	-
TenSEAL [148]	OpenMined privacy framework for deep learning models	-	-	✓	-	-
TensorFlow Federated [149]	Open source framework by Google Inc., for federated deep learning networks	✓	-	-	✓	-
MP-SPDZ [150]	Open source library based on SPDZ-2 with 34 MPC protocols	-	✓	-	-	-
PaddleFL [150]	Open source federated framework integrated with PaddlePaddle DL platform and other PPML techniques	✓	✓	✓	✓	-
OpenFL [151]	Open source framework to run distributed learning under Intel SGX environment	-	-	-	✓	✓

.

6.3. Performance Analysis: Accuracy, Latency, and Resource Constraints

PPML, IoT, and smart grids are three extensive areas of study, each associated with its individual set of challenges regarding implementation, analysis, and deployment. Most of the privacy and security evaluations in the PPML studies have been carried out on the energy task metrics, with few studies of HE and SMC having communication and computation costs. In contrast, for DP, the associated privacy metrics depend on the tradeoff between noise parameters and performance. There are no standard metrics for PPML mechanisms, but as cyberattacks aim to degrade the performance of the ML approach and steal information sharing, thus studies computing the energy-related task metrics with communication and computation costs may better demonstrate the realistic scenario of resource-constraint IoT devices deployment in SGs.

7. Opportunities and Open Challenges

7.1. Emerging Trends in PPML for SGs

In the realm of smart grids, two significant challenges arise within the cybersecurity domain: privacy preservation and data security. The privacy-related issue involves exposing energy consumers’ habits and routines, which can be exploited for personal attacks, advertising, and surveillance. Data security attacks generally focus on manipulating information for monetary gain and competition within energy markets. While the privacy-preserving mechanisms can enhance existing frameworks to protect user privacy and secure grid data, which also present certain trade-offs and challenges. For instance, homomorphic encryption (HE) is computationally intensive, allowing unlimited operations but necessitating an expensive bootstrapping process [152]. Homomorphic Encryption (HE) involve complex algebraic operations on ciphertexts, leading to increased computational latency and energy consumption unsuitable for resource-constrained IoT devices. Secure Multiparty Computation (MPC) protocols require multiple rounds of communication among distributed nodes, raising challenges in bandwidth-limited environments. Differential Privacy (DP) alone is insufficient for complete privacy protection and requires integration with other techniques [153]. It also introduces random noise to outputs, which, if not carefully calibrated, can degrade model accuracy and create convergence difficulties. Zero-knowledge proofs (ZKPs) facilitate anonymous authentication with relatively low overhead; however, efficiency may be compromised when relying on a trusted third party [143]. Furthermore, Federated Learning (FL) encounters obstacles, such as device heterogeneity, high communication costs, and a lack of standardized benchmarking methods [154]. Utilizing multiple techniques can offer enhanced privacy and security for user authentication, as well as data confidentiality and integrity, but this approach also increases computational and communication complexities. Addressing the such complexities while maintaining acceptable performance metrics is crucial for the practical deployment of PPML in IoT-based smart grids. Future research should aim at developing lightweight, adaptive PPML algorithms tailored for dynamic, decentralized, and computation-limited energy systems.

7.2. Addressing Scalability and Interoperability Issues

A variety of PPML techniques have been proposed to address data privacy challenges in smart grids. However, some of these techniques necessitate substantial changes to current operations, while others encounter scalability and performance limitations. The Internet of Things (IoT) devices within smart grids generate vast amounts of real-time data, which can benefit machine learning (ML) training and lead to new insights in the energy sector. The integration of interconnected IoT devices also heightens security threats by exposing potentially vulnerable nodes. Moreover, challenges enhance with multi-modalities, as the functionality of IoT devices varies according to the specific area of interest within the smart grid. Integrating LoRa (Long Range) technology with PPML techniques can mitigate privacy and security risks while maintaining low overhead to secure data and model-updates transmission, reducing the computational burden on resource-constrained devices [155]. While LoRa offers significant advantages in terms of range and power efficiency, but have limited data rate and potential susceptibility to interference may affect the scalability of PPML applications. Identifying and addressing such barriers is crucial for adoption of privacy-aware solutions in smart grids. Future research should focus on optimizing PPML algorithms for LoRa networks, considering both computational complexity and communication latency.

7.3. Future Research Directions: PPML in Decentralized Grids and Blockchain Integration

Blockchain technology features a decentralized architecture that facilitates smart contracts and certificates for peer-to-peer interactions and information sharing. It offers immutable, and transparent transaction mechanisms, which can significantly enhance the information security of energy Internet infrastructures [156]. It has been employed in energy-trading platforms to ensure smart and secure transactions. Integrating blockchain with IoT-based smart grids and efficient PPML can enhance privacy, confidentiality, authenticity, and integrity within power systems. Centralized networks tend to create bottlenecks in the computational and communication capabilities of service providers, aggregators, and control centers. The inclusion of new sub-networks, prosumers, and energy participants can be limited by these capabilities. In contrast, decentralization improves the scalability of the grid by optimizing energy tasks through peer-to-peer communication.

8. Conclusions

Smart grid digitalization supports bi-directional information and energy sharing among various grid components, including appliances, Intelligent Electronic Devices (IEDs), prosumers, operators, control centers, and energy markets. An increase in connectivity introduces cybersecurity threats, particularly with the integration of the Internet of Things (IoT), edge computing, and data-driven algorithms. To address these vulnerabilities and potential attacks within the intelligent power system, privacy-preserving machine learning (PPML) techniques have been employing. This study aims to highlight the importance of PPML approaches in the context of IoT-based smart grids. The survey explored the critical role of privacy-preserving machine learning (PPML) techniques in IoT-integrated smart grids, which are essential for enhancing both data security and operational efficiency. While the research in this field is promising, significant challenges remain for practical deployment. The review provides valuable insights into various cybersecurity threats and the mechanisms of PPML related to data-driven grid operations, including dynamic pricing, load management, demand response, fault localization, anomaly detection, state estimation, and optimal energy dispatch and scheduling. It also discussed the challenges associated with privacy, scalability, heterogeneity, and interoperability of PPML methods in IoT-based smart grids while suggesting that blockchain technology and decentralized learning may be promising directions for future research. The integration of PPML into IoT-based smart grids is a transformative step forward, but it requires a concerted effort from all stakeholders to address the challenges and seize the opportunities in this rapidly evolving domain.