Zero-Trust Agentic Federated Learning for Secure IIoT Defense Systems

TL;DR

This paper introduces ZTA-FL, a secure federated learning framework for IIoT intrusion detection that combines cryptographic attestation, explainable Byzantine detection, and adversarial training, significantly improving robustness and privacy.

Contribution

It presents a novel Zero-Trust Agentic Federated Learning framework with cryptographic attestation, explainable Byzantine detection, and privacy-preserving adversarial training for secure IIoT systems.

Findings

Achieves 97.8% detection accuracy on IDS benchmarks.

Outperforms existing methods with 93.2% accuracy under Byzantine attacks.

Provides 89.3% adversarial robustness and reduces communication overhead by 34%.

Abstract

Recent attacks on critical infrastructure, including the 2021 Oldsmar water treatment breach and 2023 Danish energy sector compromises, highlight urgent security gaps in Industrial IoT (IIoT) deployments. While Federated Learning (FL) enables privacy-preserving collaborative intrusion detection, existing frameworks remain vulnerable to Byzantine poisoning attacks and lack robust agent authentication. We propose Zero-Trust Agentic Federated Learning (ZTA-FL), a defense in depth framework combining: (1) TPM-based cryptographic attestation achieving less than 0.0000001 false acceptance rate, (2) a novel SHAP-weighted aggregation algorithm providing explainable Byzantine detection under non-IID conditions with theoretical guarantees, and (3) privacy-preserving on-device adversarial training. Comprehensive experiments across three IDS benchmarks (Edge-IIoTset, CIC-IDS2017, UNSW-NB15) demonstrate that ZTA-FL achieves 97.8 percent detection accuracy, 93.2 percent accuracy under 30 percent Byzantine attacks (outperforming FLAME by 3.1 percent, p less than 0.01), and 89.3 percent adversarial robustness while reducing communication overhead by 34 percent. We provide theoretical analysis, failure mode characterization, and release code for reproducibility.