<p>Industrial IoT (IIoT) environments face growing cyber threats due to device heterogeneity and cyber-physical integration. This study proposes a Zero Trust-enhanced intrusion detection framework integrating deep learning anomaly detection, differential privacy, lightweight blockchain-inspired hash-chained ledger and Digital Twin-based situational awareness and visualization of device trust states, designed for low-latency inference suitable for near-real-time IIoT monitoring .A unified dataset was constructed by merging NSL-KDD, CICIDS-2017, and IoT-23 (2,513,419 raw samples unified to 143 features, balanced to 100,000 samples across Normal, DoS, Probe, R2L, U2R classes using SMOTE). Mutual information-based feature selection reduced features to 25. Optimized Multilayer Perceptron (MLP) and CNN–BiLSTM models achieved 89–91% accuracy and 0.89–0.91 macro F1-score, with near-perfect rare-attack detection (F1 ≈ 1.00 for R2L/U2R). Differential privacy (Laplace, ε = 25) reduced accuracy to ~ 78%, quantifying the privacy-utility trade-off. The decoupled Zero-Trust Manager dynamically updates trust scores based on prediction confidence, with tamper-evident SHA-256 hash-chained logging adding negligible latency (~ 1.04–1.06&#xa0;s for 500 samples). This lightweight, centralized design offers strong cross-domain generalization and deployability for resource-constrained IIoT.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A zero-trust digital twin framework for privacy-preserving multi-dataset intrusion detection in industrial IoT with lightweight blockchain auditing

  • Shailendra Mishra,
  • Tariq Saleh M. Aldafas,
  • Naif S. Alshammari

摘要

Industrial IoT (IIoT) environments face growing cyber threats due to device heterogeneity and cyber-physical integration. This study proposes a Zero Trust-enhanced intrusion detection framework integrating deep learning anomaly detection, differential privacy, lightweight blockchain-inspired hash-chained ledger and Digital Twin-based situational awareness and visualization of device trust states, designed for low-latency inference suitable for near-real-time IIoT monitoring .A unified dataset was constructed by merging NSL-KDD, CICIDS-2017, and IoT-23 (2,513,419 raw samples unified to 143 features, balanced to 100,000 samples across Normal, DoS, Probe, R2L, U2R classes using SMOTE). Mutual information-based feature selection reduced features to 25. Optimized Multilayer Perceptron (MLP) and CNN–BiLSTM models achieved 89–91% accuracy and 0.89–0.91 macro F1-score, with near-perfect rare-attack detection (F1 ≈ 1.00 for R2L/U2R). Differential privacy (Laplace, ε = 25) reduced accuracy to ~ 78%, quantifying the privacy-utility trade-off. The decoupled Zero-Trust Manager dynamically updates trust scores based on prediction confidence, with tamper-evident SHA-256 hash-chained logging adding negligible latency (~ 1.04–1.06 s for 500 samples). This lightweight, centralized design offers strong cross-domain generalization and deployability for resource-constrained IIoT.