Recent attacks on critical infrastructure, including the 2021 Oldsmar water treatment breach and 2023 Danish energy sector compromises, highlight urgent security gaps in Industrial IoT (IIoT) deployments. While Federated Learning (FL) enables privacy-preserving collaborative intrusion detection, existing frameworks remain vulnerable to Byzantine poisoning attacks and lack robust agent authentication. We propose Zero-Trust Agentic Federated Learning (ZTA-FL), a defense in depth framework combining: (1) TPM-based cryptographic attestation achieving less than 0.0000001 false acceptance rate, (2) a novel SHAP-weighted aggregation algorithm providing explainable Byzantine detection under non-IID conditions with theoretical guarantees, and (3) privacy-preserving on-device adversarial training. Comprehensive experiments across three IDS benchmarks (Edge-IIoTset, CIC-IDS2017, UNSW-NB15) demonstrate that ZTA-FL achieves 97.8 percent detection accuracy, 93.2 percent accuracy under 30 percent Byzantine attacks (outperforming FLAME by 3.1 percent, p less than 0.01), and 89.3 percent adversarial robustness while reducing communication overhead by 34 percent. We provide theoretical analysis, failure mode characterization, and release code for reproducibility.

翻译：近期针对关键基础设施的攻击，包括2021年奥兹马水处理厂入侵事件和2023年丹麦能源行业安全事件，凸显了工业物联网部署中亟待解决的安全漏洞。虽然联邦学习能够实现隐私保护的协同入侵检测，但现有框架仍易受拜占庭投毒攻击，且缺乏鲁棒的智能体认证机制。本文提出零信任智能体联邦学习，这是一种纵深防御框架，融合了以下三个核心组件：(1) 基于可信平台模块的密码学认证机制，其错误接受率低于0.0000001；(2) 一种新颖的SHAP加权聚合算法，可在非独立同分布条件下提供具备理论保证的可解释拜占庭检测；(3) 隐私保护的端侧对抗训练。在三个入侵检测系统基准数据集上的综合实验表明，该框架实现了97.8%的检测准确率，在30%拜占庭攻击下仍保持93.2%的准确率，优于FLAME框架3.1个百分点，且具有统计学显著性，同时具备89.3%的对抗鲁棒性，并将通信开销降低了34%。本文提供了理论分析、故障模式表征，并开源了代码以确保可复现性。