Table of Contents
Fetching ...

Zero-Trust Agentic Federated Learning for Secure IIoT Defense Systems

Samaresh Kumar Singh, Joyjit Roy, Martin So

TL;DR

This work addresses secure, privacy-preserving collaborative intrusion detection in Industrial IoT under Byzantine poisoning, evasion, and impersonation threats. It introduces Zero-Trust Agentic Federated Learning (ZTA-FL), integrating TPM-based attestation, SHAP-weighted explainable aggregation, and on-device adversarial training within a hierarchical edge-fog-cloud framework. Empirical results on Edge-IIoTset, CIC-IDS2017, and UNSW-NB15 show high detection accuracy ($97.8\%$ clean, $93.2\%$ under $30\%$ Byzantine), strong adversarial robustness ($89.3\%$ against FGSM), and substantial communication savings ($34\%$) with robust resilience to backdoors ($8.7\%$ ASR). The work also provides theoretical analysis (Theorem 1) and extensive ablation to reveal the synergy of the defense-in-depth approach, and it releases reproducible code for broader adoption in IIoT security contexts.

Abstract

Recent attacks on critical infrastructure, including the 2021 Oldsmar water treatment breach and 2023 Danish energy sector compromises, highlight urgent security gaps in Industrial IoT (IIoT) deployments. While Federated Learning (FL) enables privacy-preserving collaborative intrusion detection, existing frameworks remain vulnerable to Byzantine poisoning attacks and lack robust agent authentication. We propose Zero-Trust Agentic Federated Learning (ZTA-FL), a defense in depth framework combining: (1) TPM-based cryptographic attestation achieving less than 0.0000001 false acceptance rate, (2) a novel SHAP-weighted aggregation algorithm providing explainable Byzantine detection under non-IID conditions with theoretical guarantees, and (3) privacy-preserving on-device adversarial training. Comprehensive experiments across three IDS benchmarks (Edge-IIoTset, CIC-IDS2017, UNSW-NB15) demonstrate that ZTA-FL achieves 97.8 percent detection accuracy, 93.2 percent accuracy under 30 percent Byzantine attacks (outperforming FLAME by 3.1 percent, p less than 0.01), and 89.3 percent adversarial robustness while reducing communication overhead by 34 percent. We provide theoretical analysis, failure mode characterization, and release code for reproducibility.

Zero-Trust Agentic Federated Learning for Secure IIoT Defense Systems

TL;DR

This work addresses secure, privacy-preserving collaborative intrusion detection in Industrial IoT under Byzantine poisoning, evasion, and impersonation threats. It introduces Zero-Trust Agentic Federated Learning (ZTA-FL), integrating TPM-based attestation, SHAP-weighted explainable aggregation, and on-device adversarial training within a hierarchical edge-fog-cloud framework. Empirical results on Edge-IIoTset, CIC-IDS2017, and UNSW-NB15 show high detection accuracy ( clean, under Byzantine), strong adversarial robustness ( against FGSM), and substantial communication savings () with robust resilience to backdoors ( ASR). The work also provides theoretical analysis (Theorem 1) and extensive ablation to reveal the synergy of the defense-in-depth approach, and it releases reproducible code for broader adoption in IIoT security contexts.

Abstract

Recent attacks on critical infrastructure, including the 2021 Oldsmar water treatment breach and 2023 Danish energy sector compromises, highlight urgent security gaps in Industrial IoT (IIoT) deployments. While Federated Learning (FL) enables privacy-preserving collaborative intrusion detection, existing frameworks remain vulnerable to Byzantine poisoning attacks and lack robust agent authentication. We propose Zero-Trust Agentic Federated Learning (ZTA-FL), a defense in depth framework combining: (1) TPM-based cryptographic attestation achieving less than 0.0000001 false acceptance rate, (2) a novel SHAP-weighted aggregation algorithm providing explainable Byzantine detection under non-IID conditions with theoretical guarantees, and (3) privacy-preserving on-device adversarial training. Comprehensive experiments across three IDS benchmarks (Edge-IIoTset, CIC-IDS2017, UNSW-NB15) demonstrate that ZTA-FL achieves 97.8 percent detection accuracy, 93.2 percent accuracy under 30 percent Byzantine attacks (outperforming FLAME by 3.1 percent, p less than 0.01), and 89.3 percent adversarial robustness while reducing communication overhead by 34 percent. We provide theoretical analysis, failure mode characterization, and release code for reproducibility.
Paper Structure (27 sections, 1 equation, 6 figures, 7 tables)

This paper contains 27 sections, 1 equation, 6 figures, 7 tables.

Figures (6)

  • Figure 1: Threat model illustrating attack vectors and adversarial capabilities in ZTA-FL. Red arrows denote attack paths, while green shields indicate defensive mechanisms.
  • Figure 2: ZTA-FL System Architecture illustrating edge agents with attestation modules, fog aggregation layer with SHAP-weighted robust aggregation, and cloud coordination layer.
  • Figure 3: Accuracy under poisoning: (a) label flipping, (b) gradient manipulation.
  • Figure 4: Accuracy vs. perturbation budget $\epsilon$ for FGSM and PGD-20 attacks.
  • Figure 5: Convergence comparison below 20% Byzantine attackers (label flipping). ZTA-FL achieves faster and more stable convergence.
  • ...and 1 more figures