Zero-Trust Agentic Federated Learning for Secure IIoT Defense Systems

📝 Abstract

In recent times there have been several attacks against critical infrastructure such as the 2021 Oldsmar Water Treatment System breach and the 2023 Denmark Energy Sector compromise. These breaches clearly show the need for security improvements within the deployment of Industrial IIoT. Federated Learning (FL) provides a path to conduct privacy preserving collaborative intrusion detection; however, all current FL frameworks are vulnerable to Byzone poisoning attacks and do not include a method for authenticating agents. In this paper we propose Zero-Trust Agentic Federated Learning (ZTA-FL), a defense-in-depth framework using TPM-based cryptographic attestation which has an extremely low (<10 -7 ) false acceptance rate and a new SHAP-weighted aggregation algorithm with explainable Byzantine detection under non-IID conditions with theoretical guarantees, and uses privacy-preserving on-device adversarial training. Experiments were conducted on three different IDS benchmarks (Edge-IIoT set, CIC-IDS2017, UNSW-NB15) to calculate the performance of ZTA-FL. The results indicate that ZTA-FL achieved a 97.8% detection rate, a 93.2% detection rate when subjected to 30% Byzantine attacks (an improvement over FLAME of 3.1%, p < 0.01) and 89.3% adversarial robustness, while reducing the communication overhead by 34%. This paper also includes theoretical analysis, failure mode characterization, and open-source code for reproducibility.

💡 Analysis

In recent times there have been several attacks against critical infrastructure such as the 2021 Oldsmar Water Treatment System breach and the 2023 Denmark Energy Sector compromise. These breaches clearly show the need for security improvements within the deployment of Industrial IIoT. Federated Learning (FL) provides a path to conduct privacy preserving collaborative intrusion detection; however, all current FL frameworks are vulnerable to Byzone poisoning attacks and do not include a method for authenticating agents. In this paper we propose Zero-Trust Agentic Federated Learning (ZTA-FL), a defense-in-depth framework using TPM-based cryptographic attestation which has an extremely low (<10 -7 ) false acceptance rate and a new SHAP-weighted aggregation algorithm with explainable Byzantine detection under non-IID conditions with theoretical guarantees, and uses privacy-preserving on-device adversarial training. Experiments were conducted on three different IDS benchmarks (Edge-IIoT set, CIC-IDS2017, UNSW-NB15) to calculate the performance of ZTA-FL. The results indicate that ZTA-FL achieved a 97.8% detection rate, a 93.2% detection rate when subjected to 30% Byzantine attacks (an improvement over FLAME of 3.1%, p < 0.01) and 89.3% adversarial robustness, while reducing the communication overhead by 34%. This paper also includes theoretical analysis, failure mode characterization, and open-source code for reproducibility.

📄 Content

Zero-Trust Agentic Federated Learning for Secure IIoT Defense Systems 1st Samaresh Kumar Singh IEEE Senior Member Leander, Texas ssam3003@gmail.com 2nd Joyjit Roy IEEE Member Austin, Texas joyjit.roy.tech@gmail.com 3rd Martin So Independent Researcher British Columbia, Canada martinytso99@gmail.com Abstract—In recent times there have been several attacks against critical infrastructure such as the 2021 Oldsmar Wa- ter Treatment System breach and the 2023 Denmark Energy Sector compromise. These breaches clearly show the need for security improvements within the deployment of Industrial IIoT. Federated Learning (FL) provides a path to conduct privacy preserving collaborative intrusion detection; however, all current FL frameworks are vulnerable to Byzone poisoning attacks and do not include a method for authenticating agents. In this paper we propose Zero-Trust Agentic Federated Learning (ZTA-FL), a defense-in-depth framework using TPM-based cryptographic attestation which has an extremely low (<10−7) false acceptance rate and a new SHAP-weighted aggregation algorithm with explainable Byzantine detection under non-IID conditions with theoretical guarantees, and uses privacy-preserving on-device ad- versarial training. Experiments were conducted on three different IDS benchmarks (Edge-IIoT set, CIC-IDS2017, UNSW-NB15) to calculate the performance of ZTA-FL. The results indicate that ZTA-FL achieved a 97.8% detection rate, a 93.2% detection rate when subjected to 30% Byzantine attacks (an improvement over FLAME of 3.1%, p < 0.01) and 89.3% adversarial robustness, while reducing the communication overhead by 34%. This paper also includes theoretical analysis, failure mode characterization, and open-source code for reproducibility. Index Terms—Zero-Trust Architecture, Federated Learning, Industrial IoT, Intrusion Detection, Adversarial Machine Learn- ing, Edge Computing, Defense Systems, Secure Multi-Agent Systems I. INTRODUCTION Recent attacks on critical infrastructure, including the 2021 Oldsmar water treatment breach [1] and 2023 Danish energy sector compromises [2], expose urgent security gaps in In- dustrial IoT (IIoT) deployments projected to exceed 75 billion devices by 2025 [3]. While Federated Learning allows privacy- preserving collaborative intrusion detection [4], distributed architectures introduce critical vulnerabilities: Byzantine ad- versaries can inject poisoned model updates [5], heterogeneous non-IID data complicates malicious update detection [6], and autonomous agents lack robust identity verification [7]. The problem statement is to enable secure, privacy- protective collaboration of autonomous IIoT-agents in a collaborative-learning setting through protection from Byzantine-poisoning attacks; evasion attacks; and imperson- ation attacks on IIoT agents. Currently available defensive measures are insufficient. Most recent Byzantine-resistant methods (e.g., Krum [8] and Trimmed-Mean [9]) presume that the input data is identically and independently distributed (IID) and therefore degrade when applied to IIoT systems which include heterogeneous inputs. More recently developed approaches (e.g., FLTrust [10] and FLAME [11]), although providing some advantages over prior approaches (i.e., hardware-based authentication of agents), provide no guarantees regarding explainability. There has been no integration of zero-trust architecture with feder- ated IIoT defense mechanisms [12]. How we approached this problem Zero-Trust Agentic Federated Learning (ZTA-FL) combines three main elements:

1. TPM based cryptographic attestation (FAR ¡ 10−6),
2. SHAP-weighted aggregation for explainable Byzantine detection in a non IID environment,
3. On-device adversarial training. Our contributions to this area of study
4. We have proposed an hierarchical edge-fog-cloud struc- ture for zero trust federated learning and demonstrated it can be used to allow trusted agents to participate in federated learning.
5. We are the first to use explainable AI metrics (SHAP- weighted) to build a Byzantine resilient federated learn- ing algorithm, which has theoretical support.
6. We have shown through experiment that on-device adversarial training can improve federated learning’s ability to evade attack by 16.4
7. We have evaluated our ZTA-FL on two different data sets; Edge-IIoT set [13], and CIC IDS 2017 [14]. The results were 97.8 % accuracy, 89.3 % against adversarial examples, and 93.2 % against Byzantine attacks with 30 %, outperforming FLAME by 3.1 % (p < .01). II. RELATED WORK Federated Learning for IIoT Security: Utilization of Federated Learning (FL) based Intrusion Detection System (IDS) in a privacy-preserving collaborative defense approach is proposed in [15]–[18], but classical Byzantine-resilient methods (like Krum [8], Trimmed Mean [9]), which are based on IID assumption, fail to be resilient to heterogeneity in the data [19]. Recently developed methods have improved robustness, such as FLTrust [10] (which establ

This content is AI-processed based on ArXiv data.