FL Meets LLM: A Hybrid Security Framework for the Internet of Energy

Abstract

The accelerating digital transformation of energy sector has led to the emergence of Internet of Energy (IoE) in which a vast array of interconnected devices coordinate the generation, distribution, and consumption of energy. Although this integration boosts the operational efficiency, it broadens the system’s attack surface, making infrastructure increasingly vulnerable to cyber threats. Conventional intrusion detection systems often fall short in these distributed and privacy-sensitive settings. In this article, we introduce a hybrid cybersecurity framework that integrates federated learning (FL) with large language models (LLMs) to enable decentralized threat detection and context-aware response in IoE environments. By allowing edge devices to collaboratively train anomaly detection models without exposing raw data, the framework ensures data privacy. Moreover, a centralized LLM-driven reasoning layer interprets alerts and assists operators through natural language interfaces. We evaluate the proposed framework through assessing the quality of LLM responses across different prompt types and examining the temporal evolution of threat patterns. An application scenario for intelligent cyber defense in smart grids is introduced to demonstrate the framework’s practical applicability. The results demonstrate that the proposed framework enhances both detection accuracy and interpretability, offering a scalable and transparent defense strategy for next generation energy infrastructure.