Federated Learning Detection of Cyberattacks on Virtual Synchronous Machines Under Grid-Forming Control Using Physics-Informed LSTM

Abstract

The global shift toward clean production, like using renewable energy, has significantly decreased the use of synchronous machines (SMs), which help maintain stability and control, causing serious frequency stability issues in power systems with low inertia. Fractional order controller-based virtual synchronous machines (FOC-VSMs) have become a promising option, but they rely on communication networks to work together in real time, causing them to be at risk of cyberattacks, especially from false data injection attacks (FDIAs). This paper suggests a new way to detect FDI attacks using a federated physics-informed long short-term memory (PI-LSTM) network. Each FOC-VSM uses its data to train a PI-LSTM, which keeps the information private but still helps it learn from a common model that understands various operating conditions. The PI-LSTM incorporates physical constraints derived from the FOC-VSM swing equation, facilitating residual-based anomaly detection that is sensitive to minor deviations in control dynamics, such as altered inertia or falsified frequency signals. Unlike traditional LSTMs, the physics-informed architecture minimizes false positives arising from benign disturbances. We assessed the proposed method on an IEEE 9-bus test system featuring two FOC-VSMs. The results show that our method can successfully detect FDI attacks while handling regular changes, proving it could be a strong solution.

1. Introduction

As power systems move to using renewable energy sources that rely on converters, the decrease in SMs takes away important sources of inertia and damping, which can put frequency stability at risk [1,2,3,4]. Virtual synchronous machines (VSMs) mimic the behavior of SMs and have become important for keeping stability [5,6]. However, they depend on real-time communication networks to share power settings, configuration details, and synchronization information, which creates serious cybersecurity risks [7,8,9,10]. FDIAs is one type of cyberattack that targets these control signals [11], which depend on communication and can disturb local operations and threaten the overall stability of the system. This study aims to develop a scalable, physics-aware, and privacy-preserving mechanism for detecting FDIAs against FOC-VSMs. Existing solutions often ignore the physical behavior of FOC-VSMs or require centralized data access, limiting scalability, adaptability, and robustness in distributed grid environments. We suggest using a federated physics-informed LSTM that takes advantage of local inverter data and includes swing-equation dynamics, providing strong and adaptable detection in various operating conditions.

Many control methods mimic the behavior of SMs in power systems that heavily utilize inverter-based resources (IBRs). Among these, droop control is popular because it is simple and behaves like SMs in terms of frequency and power [12]. To provide even better support during changes, VSM control not only mimics frequency droop but also simulates inertia and damping, leading to better performance in systems with low inertia [13,14,15]. Matching control techniques help inverters work more like synchronous machines by taking advantage of their similar structures, which leads to better synchronization and stronger performance [16,17,18]. Other alternatives, such as virtual oscillator control (VOC), aim for global synchronization by mimicking nonlinear oscillatory systems. In addition, dispatchable VOC (dVOC) helps achieve synchronization while meeting steady-state power flow equations, improving on some of the shortcomings of VOC [19]. With the increasing deployment of grid-forming inverters, their reliance on communication networks for real-time data exchange has created new cyber-physical vulnerabilities. These inverters typically exchange control parameters, synchronization signals, and power setpoints, making them susceptible to cyberattacks. Researchers have looked into FDIAs and denial-of-service (DoS) attacks as serious risks to the stability and reliability of VSM-based systems [20,21]. FDIAs can change control signals or sensor data to trick the inverter into responding incorrectly, which can mess up voltage and frequency control [20,21]. VSMs are especially at risk because their simulated swing behavior relies on accurate frequency and power feedback, which attackers can fake or change by inserting false ω or p* values [22,23,24]. More invasive attacks also target setpoints or control parameters to degrade the power quality or destabilize the system [25,26].

Researchers have proposed various defense mechanisms to address these risks. One method involves using control systems based on trust and confidence, where each inverter gives a score to its neighbors and changes its settings based on that score [27]. Another method uses the weighted mean subsequent reduction (WMSR) algorithm to filter out unusual data shared over the network by looking at connection limits in the communication graph [28]. Intermittent communication protocols also contribute to cyber-resilience by verifying the timing of data exchanges. If communication links deviate from expected behavior, the affected controllers are isolated to prevent the propagation of corrupted information [29]. Although previous studies address cybersecurity in microgrids, only a few explore robust detection methods tailored for inverter-based microgrids, particularly those using VSM control. Reference [30] applies a long short-term memory (LSTM) network to monitor microgrid cybersecurity. Researchers propose observer-based techniques, such as Luenberger observers and augmented Kalman filters, to estimate signals under false data injection (FDI) attacks [31,32]. Artificial neural networks (ANNs) are used for detecting and mitigating DoS and FDI attacks in Volt-VAR control systems [33] and DC microgrid inverters [34]. LSTM is further used to detect and estimate anomalies in power measurements [35], and stacked autoencoders combined with LSTM architectures identify electricity theft [36]. An LSTM-based framework is also developed to detect cyberattacks on photovoltaic farms [37]. In addition to these, researchers have proposed model-based, data-driven, and metric-based techniques to identify attacks on inverter-based energy resources (IBERs). Model-based methods rely on control-theoretic tools such as state-space estimation [38], while data-driven methods use learning architectures like LSTM and convolutional neural networks (CNNs) [39]. Metric-based techniques utilize signal processing features and thresholds for anomaly detection [40]. However, model-based methods depend on accurate modeling of nonlinear systems, data-driven methods often suffer from false positives, and metric-based approaches are vulnerable to threshold manipulation. Despite recent progress in cyberattack detection for inverter-based resources, existing approaches exhibit several critical limitations that restrict their effectiveness in VSM-controlled, grid-forming environments:

• Lack of physical system integration: Most data-driven detection approaches, such as those utilizing LSTM and convolutional neural networks, view inverter behavior as a mystery and fail to integrate the physical dynamics of virtual synchronous machines (VSMs). As a result, these models lack interpretability and struggle to differentiate between legitimate system disturbances and cyber-induced anomalies [39].
• Centralized learning dependency: Many existing detection frameworks rely on centralized data collection for model training and inference, which poses significant privacy concerns and limits deployment scalability in distributed, site-specific inverter environments [39,40].
• Poor generalization and high false alarms: Detection techniques that rely on model approximations [40] or metric-based thresholds [40] often fail to generalize across different operating conditions. They are particularly prone to false positives when normal variations in load, voltage, or frequency occur (creating reliability concerns in practical applications).

This study addresses the limitations of existing cyberattack detection methods in VSM-controlled power systems by making the following key objectives and contributions:

1

Physics-informed detection framework: We develop a PI-LSTM model that incorporates the swing equation of the VSM as a physical constraint in the training process. By embedding domain-specific dynamics, the model enables residual-based anomaly detection that is highly sensitive to subtle deviations in frequency, power, or control behavior (typical signatures of false data injection attacks) while maintaining robustness to normal operational disturbances.

2

Federated learning for distributed VSM security: We implement a federated learning (FL) architecture that allows each VSM-enabled inverter to train its local PI-LSTM model using site-specific measurements (e.g., frequency, active power, and dc-link voltage) without sharing raw data. This distributed learning framework addresses privacy concerns, accommodates diverse operating conditions and control parameters across inverters, and scales to large power systems while enabling collaborative detection of cyberattacks.

The structure of this paper is organized as below: Section 2 introduces the mathematical and control structure of VSMs, emphasizing their swing dynamics, voltage regulation, and vulnerability to cyber-physical disturbances due to increased reliance on communication links. Section 3 provides a comprehensive classification of cyberattack surfaces in VSM-based systems, detailing various FDIA vectors and their impacts on system stability and coordination. In Section 4, we present the proposed detection framework, which integrates a physics-informed long short-term memory (PI-LSTM) model with federated learning (FL) to enable decentralized, physically consistent, and data-private anomaly detection across VSM units. Section 5 offers an in-depth analysis of simulation results under multiple attack scenarios, comparing the detection accuracy, robustness, and computational efficiency of the proposed model against baseline approaches. Finally, Section 6 concludes the paper by summarizing key findings and highlighting directions for future research in cyber-resilient grid-forming converter networks.

2. Virtual Synchronous Machine

The global transition toward renewable energy has led to the widespread deployment of inverter-based resources (IBRs), such as photovoltaic (PV) systems and wind turbines. Unlike conventional SMs, which inherently contribute mechanical inertia and provide frequency and voltage regulation, these resources connect to the grid through power electronic interfaces that do not naturally support such dynamics. As the penetration of IBRs increases, system inertia declines, leading to degraded frequency stability, higher rates of change of frequency (RoCoFs), and reduced frequency nadirs following disturbances [41]. To address these stability challenges, grid-forming converters (GFCs) are being developed to emulate SM capabilities such as inertial response, voltage support, black start, and droop-based frequency regulation. Among various control strategies for GFCs, the virtual synchronous machine (VSM) has emerged as a physically intuitive and widely adopted method. VSMs replicate the electromechanical behavior of synchronous machines using virtual models embedded in power converter controllers [41]. At the heart of VSM control is the swing equation, which models the frequency dynamics of a synchronous machine. The $j_{th}$ VSM emulates this using

$${\dot{\theta }}_j={\omega }_j$$

(1)

$$J_j{\dot{\omega }}_j={\displaystyle \frac{1}{{\omega }^{*}}}\left(p_j^{*}-p_j\right)+D_j\left({\mathsf{\omega }}^{*}-{\omega }_j\right)$$

(2)

Here, $\theta$ is the internal angle of the converter, $\omega$ is the instantaneous angular frequency, $J$ is the virtual moment of inertia, $D$ is the virtual damping factor, ${\omega }^{*}$ is the nominal frequency (e.g., 50 or 60 Hz), $p^{*}$ is the active power reference, and $p$ is the measured active power output [41]. Equation (1) ensures the phase angle evolves according to the frequency, replicating the rotor dynamics of SMs. To integrate virtual friction or coordinated damping, we modified the swing equation as follows [42]:

$$J_j{\dot{\omega }}_j={\displaystyle \frac{1}{{\omega }^{*}}}\left(p_j^{*}-p_j\right)+D_j\left({\omega }^{*}-{\omega }_j\right)+F_j\left({\omega }_{C,j}-{\omega }_j\right)$$

(3)

where

• $F_j$ is the virtual friction coefficient
• ${\omega }_C$ is the center-of-inertia frequency, typically calculated as

  $${\omega }_C={\displaystyle \frac{{\sum }_{j=1}^N \left(J_j{\omega }^{*}\right){\omega }_j}{{\sum }_{j=1}^N \left(J_j{\omega }^{*}\right)}}$$

  (4)

This extension adds a damping torque that depends on the mismatch between a unit’s local frequency and the global average frequency. Equation (3) governs frequency changes in response to active power imbalance and provides a mechanism for emulated inertial and droop response. To enhance synchronization in multi-VSM networks, a virtual friction term $F_j\left({\omega }_C-{\omega }_j\right)$ must also be included. This term dampens the deviation between the local frequency ${\omega }_j$ and the center-of-inertia frequency ${\omega }_C$, calculated across all VSMs as in (3), and improves coherence across the microgrid. The output voltage of the VSM is synthesized based on the internal angle $\theta$ and a virtual excitation current $i_f$, which is analogous to the field current in a synchronous generator. The three-phase voltage reference is constructed as follows:

$${\widehat{v}}_{abc}=2\omega M_f{i}_f\left[\begin{array}{c}sin\left(\theta \right)\\ sin(\theta -2\pi /3)\\ sin(\theta -4\pi /3)\end{array}\right]$$

(5)

Here, $M_f$ is the mutual inductance coefficient between the virtual field and stator windings. To regulate the voltage magnitude, a virtual automatic voltage regulator (AVR) is implemented. This typically consists of a fractional order proportional-integral (FO-PI) controller that adjusts the excitation current $i_f$ to maintain the DC-link or output voltage at a desired setpoint:

$$i_f={\displaystyle \frac{k_p}{M_f}}\left(v_{ref}-‖v_{dq}‖\right)+{\displaystyle \frac{k_i}{a{M}_f}}{\int }_0^t \left(v_{ref}-‖v_{dq}\left(\tau \right)‖\right)d\tau$$

(6)

which replicates the function of the AVR by adjusting $i_f$ to maintain the reference voltage $v_{\mathrm{ref}}$. Here, $‖v_{dq}‖$ denotes the measured voltage magnitude in the dq-frame; $a$ is the fractal factor; and $k_p\mathrm{a}\mathrm{n}\mathrm{d}{k}_i$ are the proportional and integral gains, respectively [41,43]. Transforming the reference voltages ${\widehat{v}}_{abc}$ to the dq-coordinate frame using the same angle $\theta$ and frequency $\omega$ as in (2), the FOC-VSM employs standard voltage and current control loops. These loops, along with PWM signal generation, remain consistent with the conventional control design [41], ensuring accurate real-time tracking of voltage and current references.

Figure 1 presents a comprehensive view of the control architecture used to implement a FOC-VSM. This architecture is organized in a hierarchical manner, reflecting the layered control strategy required to replicate the behavior of synchronous machines using power electronics. At the highest level, the control system incorporates a swing equation and frequency droop-based loop, which governs the virtual rotor dynamics. Specifically, the angle dynamics are given by $\dot{\theta }=\omega$, and the frequency dynamics are given by the swing Equation (2). This combination allows the converter to exhibit synthetic inertia and emulate a primary frequency response, adapting its internal frequency based on active power imbalances and deviations from nominal frequency.

Beneath this frequency control layer, the voltage magnitude control loop emulates the function of an automatic voltage regulator (AVR) as found in traditional synchronous generators. This loop regulates the virtual excitation current $i_f$ using a fractional order proportional-integral (FO-PI) controller that minimizes the error between the reference voltage $v_{\mathrm{ref}}$ and the measured terminal or DC-link voltage $v_{dc}$, as represented by (6). The result is dynamic voltage support capability and improved voltage stability at the point of common coupling (PCC). Once the internal angle $\theta$ and excitation current $i_f$ are determined, a waveform generator constructs the three-phase voltage reference signals. These are synthesized according to (5), thereby generating a rotating voltage vector with magnitude and frequency determined by the outer control loops. This sinusoidal reference ensures that the output voltage behaves like that of a synchronous machine’s stator windings.

3. Cyberattacks on Virtual Synchronous Machines

While the local control laws of VSMs are typically hardcoded into power electronics and locally executed, they increasingly rely on external communication to support coordinated operation. This includes feedback and synchronization signals exchanged between distributed inverters and central or supervisory controllers. Such communication channels (although essential for functions like virtual friction (VF) damping, droop control coordination, and grid restoration) open the system to cybervulnerabilities, particularly FDIAs.

3.1. Attack Surfaces in VSM Microgrids

Each VSM maintains its internal dynamics using the swing equation and voltage regulation via an AVR (see Equations (1)–(5)). These control laws rely on several signals that may be internally generated (e.g., power output $p_j$ and frequency ${\omega }_j$) or externally received, such as the center-of-inertia (COI) frequency ${\omega }_C$. For example, VF damping requires that each VSM compares its local frequency to ${\omega }_C$, a weighted average of all inverter frequencies, typically computed by a central controller and broadcast back to all units. These communication-based dependencies introduce four principal vectors of attack:

• Frequency measurement reports (${\omega }_j\to \mathrm{C}\mathrm{C}$);
• Global reference feedback (${\omega }_C\to {\mathrm{V}\mathrm{S}\mathrm{M}}_j$);
• Setpoint commands (e.g., $p_j^{*},v_{\mathrm{ref}}$);
• Excitation current feedback (e.g., used in some distributed AVR schemes).

3.2. False Data Injection on Local Frequency Measurements

Assume that each VSM $j\in \mathcal{N}=\{1,2,\dots ,N\}$ computes its own instantaneous frequency ${\omega }_j$ using the standard swing dynamics. This locally computed frequency is then reported to a central controller (CC) or used in coordination mechanisms like frequency consensus or virtual friction. An FDIA can target this communication channel by adding a time-varying corrupting signal $a_j^A\left(t\right)$ to the outgoing data, resulting in a manipulated signal received by the CC:

$${\omega }_j^A={\omega }_j+a_j^A(t)$$

(7)

Here, $a_j^A\left(t\right)$ represents an arbitrary and potentially unbounded additive disturbance introduced by the attacker. This injected error may not be observable at the CC and can mislead any subsequent frequency aggregation or control logic that depends on the ensemble of ${\omega }_j$ values [44]. In this study, the additive disturbance ${\mathrm{a}}_{\mathrm{j}}^{\mathrm{A}}\left(\mathrm{t}\right)$ in (7) was modeled using several representative attack profiles, including constant offsets, sinusoidal variations, square-wave manipulations, and ramped signals. These profiles represent practical FDIA strategies ranging from persistent biasing to stealthy gradual corruption. Their amplitudes, start times, and durations were randomized within specified bounds, to ensure comprehensive coverage of both short-term and long-duration attack cases.

In systems where the controller calculates the center-of-inertia (COI) frequency as a weighted average of reported frequencies,

$${\omega }_C^n={\displaystyle \frac{{\sum }_{j=1}^N \left(J_j{\omega }^{*}\right){\omega }_j}{{\sum }_{j=1}^N \left(J_j{\omega }^{*}\right)}}$$

(8)

The attack alters this value to

$${\omega }_C={\omega }_C^n+{\displaystyle \frac{{\sum }_{j=1}^N \left(J_j{\omega }^{*}\right)a_j^A(t)}{{\sum }_{j=1}^N \left(J_j{\omega }^{*}\right)}}$$

(9)

This attack can induce system-wide instabilities, such as frequency divergence, by perturbing only a subset of nodes. The systemic vulnerability arises from the aggregation mechanism of ${\omega }_C$: the attack on a few nodes contaminates the reference used by all. Oscillatory or ramped attack profiles $a_j^A\left(t\right)$ may be particularly destabilizing as they introduce persistent frequency fluctuations or false trends, potentially triggering overcurrent protection or load-shedding schemes.

3.3. False Data Injection on COI Frequency Feedback

The second major scenario involves corrupting the COI frequency signal ${\omega }_C$ that the CC sends back to the inverters. Even if the CC computes a valid ${\omega }_C$, an adversary can compromise the downstream communication channel to VSM $k$, altering the signal as

$${\omega }_{C,k}^{received}={\omega }_C+a_k^B(t)$$

(10)

Here, $a_k^B(t)$ is a second additive signal, designed to mislead the VSM about the global frequency state. Since VF damping applies a torque $F_j\left({\omega }_{C,k}-{\omega }_j\right)$, such an attack can invert, amplify, or disable the damping response. In a coordinated VSM network, misalignment of damping terms can degrade system synchrony, increase frequency drift, and compromise load-sharing. In [38], it is shown that such attacks (if sustained) can prevent the system from reaching steady-state consensus, even if the swing dynamics remain otherwise unchanged.

3.4. Power Setpoint and Voltage Reference Manipulation

A third scenario involves manipulating control setpoints sent to the VSM, such as the active power reference $p_j^{*}$ or the voltage reference $v_{\mathrm{ref}}$. These parameters typically originate from a central energy management system (EMS) or higher-level supervisory controller. If an attacker gains access to the control path between this supervisory layer and the inverter controller, they can corrupt the intended commands as

$$p_j^{*,\mathrm{compromised}}=p_j^{*}+a_j^p(t)$$

(11)

$$v_{\mathrm{ref}}^{\mathrm{compromised}}=v_{\mathrm{ref}}+a_j^v(t)$$

(12)

Such FDIAs can be particularly damaging because they directly modify target states, causing the VSM to regulate toward physically infeasible conditions. For instance, over-injection of power via $p_j^{*}\uparrow$ may lead to inverter overloading, line overheating, or protection trips. Undervoltage commands via $v_{\mathrm{ref}}\downarrow$ may degrade power quality and destabilize reactive power sharing. Intermittent switching of setpoints (e.g., toggling between extremes) can stress the converter’s inner control loops and introduce high-frequency oscillations. These attacks are difficult to detect because they do not necessarily trigger abnormal deviations in system states unless carefully monitored with residual-based mechanisms.

4. Proposed Framework

4.1. Physics-Informed LSTM Model

To detect cyberattacks that compromise the integrity of VSMs, we propose a physics-informed long short-term memory (PI-LSTM) model that embeds the physical swing dynamics of the VSM into a deep learning framework. This hybrid approach combines the predictive power of LSTM-based sequence modeling with prior knowledge of the VSM’s dynamic equations.

4.1.1. Integration of VSM Swing Dynamics

Each VSM’s frequency and phase angle are governed by nonlinear differential equations that mimic the behavior of synchronous machines. These swing dynamics describe how the system evolves over time in response to changes in power setpoints, damping forces, and global frequency references (as seen in Section 2). To integrate these equations into a machine learning model, we discretize them using the forward Euler method, which yields update rules of the form

$${\delta }_j\left(t\right)={\delta }_j\left(t-1\right)+\mathsf{\Delta }t\cdot {\omega }_j(t-1)$$

(13)

$${\omega }_j\left(t\right)={\omega }_j\left(t-1\right)+\mathsf{\Delta }t\cdot {\dot{\omega }}_j(t-1)$$

(14)

The term ${\dot{\omega }}_j(t-1)$ is computed from the system’s physical model, incorporating local active power imbalance, virtual damping, and coordinated virtual friction (as detailed in Section 2). These equations define how a well-behaved VSM is expected to evolve. However, as shown in Section 3, cyberattacks such as FDIAs can target key VSM signals exchanged over communication channels. To enable the model to recognize both normal and malicious behavior, we construct the PI-LSTM input vector at each time step $t$ as

$$x_t=\left[{\omega }_j(t),p_j(t),v_{dc}(t),{\omega }_{C,j}^{received}(t),p_j^{*,comp}(t),v_{ref}^{comp}(t)\right]$$

(15)

This input, $x_t$, is passed to the PI-LSTM along with the internal hidden state $h_t$, which retains historical context across time steps:

$${\widehat{s}}_{t+1}=PILSTM\left(x_t,h_t\right)$$

(16)

The output ${\widehat{s}}_{t+1}$ represents the model’s predicted physical state for the next time step, typically including

$${\widehat{s}}_{t+1}=\left[{\widehat{\omega }}_j(t+1),{\widehat{\delta }}_j(t+1)\right]$$

(17)

By learning to map these attack-aware inputs to physically consistent state transitions, the PI-LSTM develops an understanding of how a VSM should behave under normal conditions. When cyberattacks distort the inputs in a way that violates the expected physics, the model will produce predictions that deviate from actual measurements, forming the basis for detection, which is further detailed in the next subsection.

The Euler forward scheme adopted in this work provides a simple and computationally efficient discretization of the swing dynamics, with a global truncation error of $\mathcal{O}\left(\mathsf{\Delta }t\right)$. In theory, the classical fourth-order Runge–Kutta (RK4) method [45] offers significantly higher accuracy, with a global truncation error of $\mathcal{O}\left(\mathsf{\Delta }{t}^4\right)$, and thus has the potential to yield more precise state propagation for the nonlinear variables (${\delta }_j,{\omega }_j$). Nevertheless, RK4 requires four evaluations of the swing-equation right-hand side per time step, whereas Euler requires only one. This difference substantially increases computational demand and update latency. Since the primary objective of this work is to develop and evaluate a federated, physics-informed detection framework rather than to optimize numerical solvers, Euler forward is selected as the most suitable trade-off. The additional computational burden of RK4 is not aligned with our real-time detection focus, even though it could theoretically enhance numerical fidelity in offline studies or future extensions.

4.1.2. Physics-Based Residual Computation

To detect deviations from expected VSM behavior (such as those introduced by false data injection attacks), the PI-LSTM model is equipped with a residual-based detection mechanism. This mechanism exploits the discrepancy between the model’s predicted future state (based on physically grounded dynamics) and the actual observed state at each time step. Let the PI-LSTM output at time step $t+1$ be (17) and the corresponding ground-truth measurements be

$$s_{t+1}=\left[{\omega }_j(t+1),{\delta }_j(t+1)\right]$$

(18)

The prediction residual $r_{t+1}$ is then computed as

$$r_{t+1}={‖{\widehat{s}}_{t+1}-s_{t+1}‖}_2=\sqrt{{\left({\widehat{\omega }}_j\left(t+1\right)-{\omega }_j(t+1)\right)}^2+{\left({\widehat{\delta }}_j\left(t+1\right)-{\delta }_j(t+1)\right)}^2}$$

(19)

This residual captures how far the observed physical state deviates from what the PI-LSTM, informed by swing dynamics, expects to happen under the given control and measurement inputs. Because the model has been trained on normal (attack-free) data and guided by physical laws, residuals during nominal operation remain small. When a cyberattack alters any of the key signals-especially those involved in swing control (e.g., $p_j^{*},{\omega }_C,v_{\mathrm{ref}}$), the relationship between inputs and resulting physical states will diverge from learned patterns, and the residual $r_{t+1}$ will increase. To further enforce physical consistency and increase sensitivity to unmodeled disturbances, we can also compute an auxiliary physics-informed residual based on the discretized swing equation. From the known dynamics, we calculate an alternative estimate of ${\omega }_j(t+1)$ using the forward Euler update (reproduced from Section 4.1):

$${\omega }_j^{phys}\left(t+1\right)={\omega }_j\left(t\right)+\Delta t\cdot {\displaystyle \frac{1}{J_j}}\left[{\displaystyle \frac{1}{{\omega }^{*}}}\left(p_j^{*,\mathrm{comp}}(t)-p_j(t)\right)+D_j\left({\omega }^{*}-{\omega }_j(t)\right)+F_j\left({\omega }_{C,j}^{received}(t)-{\omega }_j(t)\right)\right]$$

(20)

This provides a purely physics-based prediction of the next frequency, which can be compared with either the observed frequency ${\omega }_j(t+1)$ or the PI-LSTM prediction ${\widehat{\omega }}_j(t+1)$. Thus, a physics consistency residual is also defined:

$$r_{t+1}^{phys}=\left|{\widehat{\omega }}_j(t+1)-{\omega }_j^{phys}(t+1)\right|$$

(21)

This residual provides an additional anomaly indicator: if the LSTM prediction aligns with the data but not with the physical model, it may signal data drift or model overfitting; if it aligns with the physics but not with the data, it likely indicates an attack or fault. Finally, both residuals can be combined in a hybrid detection metric:

$$R_{t+1}=\alpha \cdot r_{t+1}+(1-\alpha )\cdot r_{t+1}^{phys},\alpha \in [0,1]$$

(22)

A detection threshold $\tau$ is defined based on training or validation data: $\mathrm{i}\mathrm{f}{R}_{t+1}>\tau \Rightarrow$ anomaly detected. This physics-aware residual computation strategy ensures the detection system is robust to both fast-changing cyberanomalies and gradual data manipulation, while minimizing false positives due to benign system disturbances.

4.1.3. Combined Loss Function and Training Objective

The PI-LSTM model is trained not only to minimize prediction errors on observed data but also to conform to the underlying physical laws of VSM dynamics. To achieve this, we formulate a hybrid loss function that combines data-driven prediction loss and physics-based consistency loss. Together, these objectives encourage the model to produce accurate forecasts while maintaining fidelity to the swing equation and resisting overfitting to spurious temporal correlations.

Data-Driven Loss (Supervised Prediction Error)

This component penalizes discrepancies between the PI-LSTM’s predicted state and the ground truth:

$${\mathcal{L}}_{\mathit{data}}={\displaystyle \frac{1}{N}}\sum _{t=1}^N \left({\left[{\widehat{\omega }}_j(t)-{\omega }_j(t)\right]}^2+{\left[{\widehat{\delta }}_j(t)-{\delta }_j(t)\right]}^2\right)$$

(23)

This is a standard mean squared error (MSE) loss computed across a sequence of length $N$. It ensures the LSTM learns to forecast the short-term dynamics of frequency and rotor angle.

Physics-Informed Loss (Swing Equation Residual)

To penalize deviations from the known physics (specifically the swing equation), we define a residual loss based on the Euler-discretized update of ${\omega }_j(t)$ as derived in Equation (20). The physics-consistency loss is defined as

$${\mathcal{L}}_{phys}={\displaystyle \frac{1}{N}}\sum _{t=1}^N {\left({\widehat{\omega }}_j(t)-{\omega }_j^{phys}(t)\right)}^2$$

(24)

This encourages the model’s predictions to align with those generated by first-principal dynamics, even in the presence of non-observable state dependencies.

Total Loss Function

The final objective used for model training is a weighted combination of the two terms:

$${\mathcal{L}}_{\mathit{total}}=\lambda \cdot {\mathcal{L}}_{\mathit{data}}+(1-\lambda )\cdot {\mathcal{L}}_{\mathit{phys}}$$

(25)

Here, $\lambda \in [0,1]$ is a tunable hyperparameter that balances emphasis between data fit and physical conformity. A lower λ biases the model toward strict physical consistency, while a higher λ prioritizes minimizing forecast error. In practice, λ is selected through cross-validation to optimize both predictive accuracy and generalizability under disturbances and cyberthreats. By enforcing both objectives during training, the PI-LSTM learns to reject physically implausible trajectories. This dual constraint enables the model to serve as a reliable foundation for residual-based anomaly detection, especially under conditions where cyberattacks alter only a subset of input signals.

4.2. Federated Learning Strategy

While the PI-LSTM model enables localized detection of cyberanomalies in VSMs, training such models centrally would require aggregating raw operational data from geographically distributed units. This raises privacy, scalability, and communication overhead concerns, especially in cyber-physical systems like smart grids where real-time control must be preserved. To overcome these limitations, we integrate the PI-LSTM into a federated learning (FL) framework. In this architecture, each VSM trains its model locally using site-specific data while contributing to a shared global model without exposing raw measurements. This decentralized approach ensures data privacy, supports heterogeneity in VSM operating conditions, and allows the detection framework to scale to large systems.

4.2.1. Local Model Training and Update Cycle

To support distributed, privacy-preserving cyberattack detection across a fleet of VSMs, we adopt a federated learning (FL) architecture in which each VSM functions as an autonomous learning client. Inspired by practical frameworks in the recent literature [46,47], our approach allows each unit to train a local physics-informed deep model on site while collaboratively contributing to a global cyberattack detection model without sharing raw data. Each VSM node executes a local training cycle within a synchronous global learning round, following the steps below.

Model Synchronization and Initialization

At the start of each federated round $r$, a central aggregation server broadcasts the current global model parameters ${\theta }^{\left(r\right)}$ to all participating VSM nodes. These parameters define a shared physics-informed LSTM (PI-LSTM) model, pre-structured to integrate both learned temporal patterns and swing equation-based physical constraints.

Local Data Acquisition and Attack-Aware Input Construction

Each VSM maintains its own operational dataset consisting of historical time-series records of measurable internal states and externally received control signals. For time step $t$, the input vector is constructed as (15). This formulation incorporates both true system dynamics and communication-based quantities susceptible to FDIAs. The next-step VSM state $s_{t+1}=\left[{\omega }_j(t+1),{\delta }_j(t+1)\right]$ is used as the supervised prediction target.

The local PI-LSTM model receives $x_t$ and internal memory state $h_t$ and predicts the future system state (17). Training is guided by a hybrid objective function that combines supervised prediction error with physical consistency loss derived from discretized swing dynamics (Equations (23)–(25)). This training process ensures that each local model learns site-specific operational behavior while conforming to the physical laws that govern VSM dynamics.

Model Update and Sharing

Upon completing local optimization (using Adam), each VSM sends its updated model parameters ${\theta }_j^{(r+1)}$ to the central server. No raw measurements or labels are transmitted, thus preserving data privacy and regulatory compliance.

Preparedness for Aggregation

All received local models are stored by the server for global aggregation (detailed in Section 4.2.2). Clients with insufficient data, low-quality updates, or outlier behavior may be excluded or down-weighted, similar to performance-based schemes used in hierarchical FL strategies such as FedAvg-P [48]. This federated training loop allows each VSM to independently learn dynamic patterns and potential cyberattack impacts, while benefiting from a system-wide collaborative model. The resulting global PI-LSTM becomes more robust to attack variability, regional disturbances, and operating condition diversity.

4.2.2. Secure Aggregation and Global Model Sharing

The final stage of each federated learning (FL) round involves secure aggregation of the locally trained PI-LSTM models and redistribution of the updated global model. This step enables the collaborative improvement of the cyberattack detection capability across the VSM network, while ensuring that privacy is preserved and system heterogeneity is respected.

Model Aggregation via Federated Averaging

Once all participating VSM nodes complete their local training cycles and transmit updated parameters ${\theta }_j^{(r+1)}$, the central aggregator performs model fusion using the Federated Averaging (FedAvg) algorithm. Specifically, the global model update at round $r+1$ is computed as

$${\theta }^{(r+1)}=\sum _{j=1}^K {\displaystyle \frac{n_j}{n_{\mathit{total}}}}\cdot {\theta }_j^{(r+1)}$$

(26)

where ${\theta }_j^{(r+1)}$ denotes the updated parameters from client $j$, $n_j$ is the number of samples at client $j$, $n_{\mathrm{total}}={\sum }_{j=1}^K n_j$ is the total number of samples across all participating clients, and $K$ is the number of clients in the current round. This weighted averaging scheme ensures that clients with more representative or diverse data have proportionally greater influence on the global model, improving convergence and generalization.

In practical FL deployments, communication links between VSMs and the server may suffer from latency and packet loss. These factors do not directly alter the local PI-LSTM inference, but they can influence synchronization in federated rounds. Moderate latency and low packet loss mainly affect the round duration, whereas severe impairments may delay anomaly reporting and reduce responsiveness. This highlights the importance of considering communication-efficient or asynchronous FL variants in future implementations, especially for large-scale or bandwidth-constrained power systems.

4.3. Anomaly Detection and Decision Logic

The federated PI-LSTM framework described in previous sections enables the prediction of future system states based on both historical behavior and physics-informed constraints. However, the ultimate goal is not only accurate forecasting but also the reliable detection of cyber-induced anomalies—specifically, those that violate the expected physical evolution of VSMs. To this end, we implement a residual-based decision mechanism that compares predicted state trajectories against both measured outcomes and physics-consistent estimates, which can be seen in Algorithm 1. A detection threshold $\tau$ is defined during validation. If ${\mathcal{L}}_{t+1}^{total}>\tau$, the system flags the event as anomalous. This hybrid strategy ensures robust detection of stealthy attacks that would otherwise bypass traditional thresholding based on signal deviation alone.

Algorithm 1: Federated PI-LSTM-Based Cyberattack Detection in Virtual Synchronous Generators

Input:    • Initial global model parameters ${\theta }^{\left(0\right)}$    • Local datasets $D_j=\left\{\left(x_t,s_{t+1}\right)\right\}$ for each VSM node $j$    • Hyperparameters: learning rate $\eta$, loss weight $\lambda$, number of rounds $R$, local epochs $E$, detection threshold $\tau$ Output:    • Trained global PI-LSTM model ${\theta }^{\left(R\right)}$    • Real-time anomaly flags Training Phase (Federated Learning):    1. For each global round $r=1$ to $R$:    2. Server broadcasts global model ${\theta }^{\left(r\right)}$ to all VSM clients    3. For each client $j$ in parallel:    4. Initialize local model ${\theta }_j^{\left(r\right)}={\theta }^{\left(r\right)}$    5. For each local epoch $e=1$ to $E$:    6. For each timestep $t\in D_j$: Predict next state using PI-LSTM: $${\widehat{s}}_{t+1}=\mathrm{P}\mathrm{I}-\mathrm{L}\mathrm{S}\mathrm{T}\mathrm{M}\left(x_t,h_t\right)$$ Estimate frequency from physics model (Euler method): $${\omega }_{t+1}^{\mathrm{phys}}=\mathrm{S}\mathrm{w}\mathrm{i}\mathrm{n}\mathrm{g}\mathrm{E}\mathrm{q}\left(x_t\right)$$ Compute data loss: $${\mathcal{L}}_{\mathrm{data}}={‖{\widehat{s}}_{t+1}-s_{t+1}‖}^2$$ Compute physics loss: $${\mathcal{L}}_{\mathrm{phys}}={\left({\widehat{\omega }}_{t+1}-{\omega }_{t+1}^{\mathrm{phys}}\right)}^2$$ Compute total loss: $${\mathcal{L}}_{\mathrm{total}}=\lambda \cdot {\mathcal{L}}_{\mathrm{data}}+(1-\lambda )\cdot {\mathcal{L}}_{\mathrm{phys}}$$ Update model parameters using gradient descent: $${\theta }_j^{\left(r\right)}\leftarrow {\theta }_j^{\left(r\right)}-\eta \cdot \nabla {\mathcal{L}}_{\mathrm{total}}$$    7. Client $j$ sends ${\theta }_j^{\left(r\right)}$ to server    8. Server aggregates all updates using FedAvg: $${\theta }^{(r+1)}=\sum _{j=1}^K{\displaystyle \frac{n_j}{n_{\mathrm{total}}}}\cdot {\theta }_j^{\left(r\right)}$$ Inference Phase (Anomaly Detection):    9. For each new timestep $t$ at client $j$: Input: $x_t$, current measurements Predict next state: $${\widehat{s}}_{t+1}=\mathrm{P}\mathrm{I}-\mathrm{L}\mathrm{S}\mathrm{T}\mathrm{M}\left(x_t,h_t\right)$$ Estimate physical frequency: $${\omega }_{t+1}^{\mathrm{phys}}=\mathrm{S}\mathrm{w}\mathrm{i}\mathrm{n}\mathrm{g}\mathrm{E}\mathrm{q}\left(x_t\right)$$ Compute prediction residual: $${\mathcal{L}}_{t+1}^{data}={‖{\widehat{s}}_{t+1}-s_{t+1}‖}_2$$ Compute physics residual: $${\mathcal{L}}_{t+1}^{phys}=\left|{\widehat{\omega }}_{t+1}-{\omega }_{t+1}^{\mathrm{p}\mathrm{h}\mathrm{y}\mathrm{s}}\right|$$ Combine residuals: $${\mathcal{L}}_{t+1}^{total}=\alpha \cdot {\mathcal{L}}_{t+1}^{data}+(1-\alpha )\cdot {\mathcal{L}}_{t+1}^{phys}$$ If ${\mathcal{L}}_{t+1}^{total}>\tau$: → Raise anomaly alert

5. Simulation and Results

5.1. System Setup and Modeling Environment

To evaluate the proposed federated PI-LSTM-based cyberattack detection framework under realistic low-inertia power system conditions, we simulate the IEEE 9-bus transmission test system using Simscape Electrical/SimPowerSystems. The system configuration is illustrated in Figure 2 and consists of a conventional synchronous machine (SM), two large-scale grid-forming converter (GFC) systems based on VSMs, and constant impedance loads.

All transmission lines are modeled as nominal π-sections incorporating full RLC dynamics, allowing accurate capture of fast transients and potential adverse interactions with grid-forming inverters. Line dynamics are essential in this context due to the rapid response characteristics of GFCs, which may interact nonlinearly with passive network elements under both normal and adversarial conditions. Transformers are implemented as three-phase linear transformer models, and all loads are constant impedance type.

The cyberattack detection framework is applied to these converter-interfaced VSMs. The relevant plant and control parameters for the VSM modules are as follows. Notably, each VSM uses a virtual moment of inertia = $2\times {10}^3$ and droop coefficients $k_p=0.001,k_i=0.5$. The VSMs operate at a nominal frequency of ${\omega }^{\star }=2\pi \times 50\mathrm{r}\mathrm{a}\mathrm{d}/\mathrm{s}$, with voltage reference regulation via FO-PI controllers embedded in each local control stack. These settings form the operational and physical context in which the PI-LSTM-based anomaly detection is tested under both nominal and compromised scenarios.

In the simulation environment, each VSM is subject to distinct operational conditions, including varying load profiles, renewable generation fluctuations, and cyberattack patterns. These differences result in non-IID data distributions across clients in the federated learning process, thereby reflecting realistic heterogeneity in distributed grid environments.

5.2. VSM Behavior Under Nominal and Attacked Conditions

To evaluate the vulnerability and detection performance of VSMs under cyberattacks, we simulate various FDIAs targeting key control and communication channels. We classify these attacks into four categories:

(i)

Corruption of local frequency measurements ${\omega }_j$ sent to the central controller (CC);

(ii)

Tampering with the COI frequency ${\omega }_C$ received by the VSMs;

(iii)

Manipulation of the voltage reference $v_{\mathrm{ref}}$.

Each attack is introduced in a controlled simulation scenario and evaluated for its impact on frequency and power output. The baseline (nominal) behavior is compared against the system response under attack.

5.2.1. Attack on Signals Sent to the Central Controller

The first attack class targets the upward communication from VSMs to the CC. Figure 3a illustrates the scenario in which individual VSM frequency measurements are corrupted by time-varying signals before reaching the CC. At $t=4\mathrm{s}$, a sine wave of amplitude $0.2$ is added to ${\omega }_{\mathrm{c}}$. At $t=5\mathrm{s}$, a square wave ($0.2\mathrm{r}\mathrm{a}\mathrm{d}/\mathrm{s}$) is applied to ${\omega }_{\mathrm{c}}$, and a constant offset ($0.2\pi \mathrm{r}\mathrm{a}\mathrm{d}/\mathrm{s}$) is injected into ${\omega }_{\mathrm{c}}$ at $t=6\mathrm{s}$. These manipulated values distort the computed center-of-inertia frequency ${\omega }_c$, as shown in Figure 3a. Despite the corrupted inputs, Figure 3b demonstrates that the output power of each VSM remains close to the nominal case (dashed lines), indicating the system’s inherent masking of subtle attacks without proper anomaly detection.

5.2.2. Attack on COI Frequency Feedback to VSMs

The second attack manipulates the COI frequency signal ${\omega }_C$ broadcast from the CC to each VSM. Figure 4a presents the behavior of ${\omega }_C$, the received COI frequency at a VSM1, under a square-wave FDIA. An attack is introduced at $t=2\mathrm{s}$, generating sharp frequency fluctuations that differ from the true CC value, original ${\omega }_C$. Figure 4b shows the power output of VSM1 under these conditions. Without anomaly mitigation, the output exhibits large oscillations (red line).

5.2.3. Attack on Voltage Reference ${\mathrm{V}}_{\mathrm{r}\mathrm{e}\mathrm{f}}$

The final attack class modifies the reference voltage input used by the AVR controller. This alters the terminal voltage output of the converter, affecting the power balance and potentially causing local voltage collapse or instability (as shown in Figure 5). Overall, these case studies demonstrate that VSMs are susceptible to diverse FDIA vectors that exploit communication dependencies. Without a physics-informed detection mechanism, these attacks may remain hidden while degrading system synchrony or power quality. The proposed PI-LSTM model successfully identifies such anomalies through temporal inconsistency and physical residuals, especially when embedded in a federated architecture.

In addition to short-duration, abrupt false data injection attacks, long-running stealth attacks with low-magnitude perturbations were simulated on the communication links of VSMs. These stealthy manipulations persisted across multiple control cycles while maintaining a degree of stealthiness by remaining within normal operating margins.

5.3. Dataset Construction and Network Parameters

To train and evaluate the proposed FL-PI-LSTM framework for detecting cyberattacks on VSMs, we develop a labeled dataset through simulation of the IEEE 9-bus transmission system. The VSMs are installed at buses 2 and 3, selected due to their inverter-based generation and critical participation in grid-forming control. Each VSM is simulated independently to support decentralized training across clients in the federated learning (FL) setup.

The proposed FL-PI-LSTM framework is not limited to a fixed power or frequency operating point. In this study, simulations were conducted with a nominal frequency of 50 Hz (2π × 50 rad/s) and load variations in the range of 0.8–1.2 p.u. These values were selected to represent typical operating conditions in distribution networks. While the method is demonstrated within this range, it can be extended to different grid frequencies (e.g., 60 Hz) or power levels through retraining with representative datasets, ensuring adaptability across diverse system configurations.

5.3.1. Data Generation and Labeling

Simulations were carried out in MATLAB/Simulink using Simscape Electrical with a sampling interval of 5 ms over 10 s windows. Both nominal operation and FDIA scenarios were considered. For each scenario, time-series data of rotor angle, frequency, power reference, voltage reference, excitation current, and DC-link voltage were collected. Sliding windows were applied to extract training sequences, and labels were assigned as normal or anomalous depending on overlap with injected attacks. To ensure diversity, multiple parameters were systematically varied: attack type (frequency report, COI feedback, power setpoint, and voltage reference), trigger time (uniformly randomized within [1 s, 7 s]), duration (0.5–2 s), amplitude (1–5 rad/s or p.u. equivalent), waveform (constant, sine, square, and ramp), load level (0.8–1.2 of nominal), and the VSM under attack (VSM1, VSM2, or both). A total of 2000 distinct attack events were generated and labeled with metadata. Both training and test datasets included these diverse conditions, ensuring that the proposed framework was evaluated on realistic variations (as shown in

Table 1. Attack and simulation parameter variations.

Parameter	Description	Range/Values
Attack type	Type of FDIA applied	Frequency report, COI feedback, power setpoint, voltage reference
Trigger time	Randomized start time of attack (per trial)	Uniform in [1 s, 7 s]
Attack duration	Length of injected signal	Random in [0.5 s, 2 s]
Amplitude (A)	Perturbation strength	A ∈ [1, 5] rad/s or p.u. equivalent
Attack waveform	Shape of injected signal	Constant, sine, square, ramp
Load level	Active and reactive load at buses	Varied from 0.8 to 1.2 of nominal
VSM under attack	Targeted inverter(s)	VSM 1, VSM 2, or both

).

Each simulation outputs vectors of measured states (e.g., rotor angle and frequency), control inputs (e.g., power reference and voltage reference), and internal signals (e.g., excitation current and VDC), which are aligned to build training sequences. A total of 2000 sequences are labeled with attack metadata.

5.3.2. FL-PI-LSTM Network Configuration

The architecture used for each local model is a physics-informed long short-term memory (PI-LSTM) network. Each VSM is assigned a local model instance, which is trained independently in the federated setting and periodically synchronized via model aggregation (as shown in

Table 2. PI-LSTM model and training parameters.

Component	Description	Value
Input sequence length	Time steps per training sample	20 steps (100 ms)
Hidden units (per cell)	Number of LSTM units per recurrent layer	64
Recurrent layers	Number of stacked LSTM layers	2
Physics-informed layer	Embedded residual-based constraint	Euler-form dynamic loss
Learning rate	Initial learning rate	0.001
Optimizer	Optimization algorithm	Adam
Batch size	Mini-batch size per round	32
Number of FL rounds	Global communication rounds	50
Local epochs	Training epochs per round (per client)	2
Clients	Number of FL participants (VSMs)	2 (VSM1 and VSM2)
Loss function	Combined physics + MSE loss	L = $L_{data}$ + λ$L_{Physics}$
λ (physics loss weight)	Scaling for physics-based residuals	0.6

).

This structured simulation and training environment ensures that the detection model is exposed to a wide variety of attack dynamics and system operating conditions, improving its generalization and robustness under realistic grid threats.

5.4. Performance Analysis

This section presents a comprehensive evaluation of the proposed FL-PI-LSTM detection framework in comparison with three alternative models: CL-LSTM, FL-LSTM, and CL-PI-LSTM. Each model is trained and tested under the same simulation setup and evaluated using standard detection metrics and runtime efficiency indicators. The training behavior of all models is shown in Figure 6, which presents the evolution of training loss over 250 epochs. The CL-LSTM model demonstrates moderate convergence, with loss reduction tapering off after epoch 150. The FL-LSTM model converges slightly faster and reaches a lower final loss due to the benefit of local training across varied data sources. The CL-PI-LSTM model maintains consistently lower loss values throughout training due to the added regularization effect of physics-based residuals. Among all models, FL-PI-LSTM exhibits the fastest and smoothest convergence, indicating both local model stability and enhanced generalization from physics-informed constraints.

It should be noted that the datasets across VSMs are non-IID by construction since each client experiences unique disturbances and attack scenarios. The convergence behavior illustrated in Figure 6 thus inherently validates the robustness of the proposed method under non-IID conditions.

Figure 7 displays the precision, recall, and F1 score achieved by each model on the test set. The CL-LSTM model yields the lowest overall performance across all metrics, while the FL-LSTM improves notably in recall, benefiting from heterogeneous training data. CL-PI-LSTM surpasses both prior models by incorporating physical constraints, thus reducing false positives. The FL-PI-LSTM achieves the highest overall performance, with a precision of 95%, a recall of 96%, and an F1 score of 95.5%. This demonstrates the combined benefits of federated learning and physics-informed modeling in producing an accurate, resilient, and generalizable cyberattack detection system.

This study concentrates on detecting cyberattacks against VSM signals. Model poisoning and backdoor threats targeting federated aggregation remain outside our present scope but represent important directions for future work, where robust aggregation and client update validation could complement the proposed framework.

The training and inference runtimes of each model are presented in

Table 3. Training and inference time comparison for all four model configurations.

Model	Training Time Per Epoch (s)	Inference Time Per Sample (ms)
CL-LSTM	6.2	0.38
FL-LSTM	3.4 (per client)	0.35
CL-PI-LSTM	7.8	0.41
FL-PI-LSTM	4.0 (per client)	0.39

. Pure LSTM models (CL-LSTM and FL-LSTM) demonstrate faster training per epoch due to their simpler objectives. However, the physics-informed models maintain comparable inference time, indicating no major penalty during real-time deployment. The FL-PI-LSTM, while incorporating additional physical constraints, completes each local epoch in only 4.0 s and maintains an inference latency of 0.39 milliseconds per sample, making it suitable for real-time detection in distributed power systems.

To evaluate the effect of $\lambda$, we conducted a sensitivity analysis with three representative values: $\lambda =0.2,0.5,\mathrm{a}\mathrm{n}\mathrm{d}0.8$.

Table 4. Sensitivity of detection performance to λ.

λ	Precision (%)	Recall (%)	False Positive Rate (%)
0.2	91.8	85.6	3.1
0.5	95.2	92.4	2.5
0.8	93.1	96.7	5.4

reports the precision, recall, and false positive rate (FPR) for each setting. The results indicate that $\lambda =0.5$ achieves the most balanced trade-off, providing both high precision/recall and low FPR. Lower values emphasize physics consistency at the cost of recall, while higher values increase sensitivity but with more false positives.

The proposed PI-LSTM framework was applied to multiple FDIA categories, including frequency measurement corruption, COI feedback tampering, power setpoint manipulation, and voltage reference tampering. In addition, stealthy long-duration perturbations with small amplitudes were introduced to emulate subtle adversarial strategies. Across these scenarios, the PI-LSTM successfully distinguished between normal dynamics and attack-induced anomalies, demonstrating its general applicability for FDIA detection in VSM-based networks.

Ablation Study: Dynamic Thresholding

In addition to fixed-threshold detection, we evaluated a dynamic threshold mechanism to explore its effect on anomaly detection performance. The dynamic threshold $\tau \left(t\right)$ was defined as

$$\tau \left(t\right)={\mu }_t+\beta \cdot {\sigma }_t$$

(27)

where ${\mu }_t$ and ${\sigma }_t$ denote the moving average and standard deviation of the residual loss $L_t^{total}$ within a sliding window of size $W$, and $\beta$ is a scaling hyperparameter. This allows the threshold to adapt in real time to the variability and noise level of operating conditions.

Table 5. Fixed vs. dynamic threshold performance.

Threshold Type	Precision (%)	Recall (%)	FPR (%)
Fixed threshold	95.8	96.2	4.7
Dynamic threshold	95.5	96.0	2.4

summarizes the performance comparison between fixed and dynamic thresholds. Results indicate that dynamic thresholding reduces false positives (FPR) by $\sim 2.3\%$ on average, while recall and precision remain nearly unchanged. This demonstrates that dynamic adjustment primarily helps in suppressing unnecessary alarms without affecting true anomaly detection.

6. Conclusions

This paper presented a novel cyberattack detection framework for VSMs, integrating physics-informed deep learning with federated intelligence. We proposed a hybrid architecture combining a physics-informed long short-term memory (PI-LSTM) network with federated learning (FL), enabling each VSM to perform local anomaly detection while contributing to a globally trained model without sharing raw data. The framework is tailored to detect a wide range of false data injection attacks targeting frequency measurements, COI feedback, power setpoints, and voltage references—key vectors in distributed grid-forming converter networks. By embedding swing dynamics and control constraints into the LSTM architecture, the PI-LSTM model demonstrated a strong ability to distinguish physically inconsistent behaviors from benign transients. This resulted in significantly reduced false alarms and faster detection times. Federated learning further enhanced model generalization and privacy by aggregating knowledge across clients while preserving data locality. Simulations on a modified IEEE 9-bus system, with VSMs deployed at critical nodes, confirmed the superiority of the proposed FL-PI-LSTM model over centralized and non-physics-informed baselines. It achieved the highest classification metrics (F1 score of 95.5%), the lowest false alarm rate (2.1%), and real-time inference performance, making it well suited for practical deployment in cyber-resilient low-inertia power systems. Although this work is based on extensive simulation scenarios, future efforts will focus on hardware-in-the-loop (HIL) and real microgrid experiments to validate the proposed framework under practical operating conditions.