Micro-segmentation as a core requirement of zero trust architecture (ZTA) divides networks into small security zones, called micro-segments, thereby minimizing impact of security breaches and restricting lateral movement of attackers. Existing approaches for Industrial Internet of Things (IIoT) networks often remain centralized, static, or difficult to interpret. These limitations are critical in IIoT, where devices are heterogeneous, communication behavior evolves over time, and raw data sharing across sites is often undesirable. Accordingly, we propose EFAH-ZTM, an Explainable Federated Autoencoder-Hypergraph framework for Zero Trust micro-segmentation in IIoT networks. The framework includes a trained federated DNAE that learns behavioral embeddings from distributed clients. kNN-based and Manifold-based hypergraphs capture higher-order relationships among device-flow instances. To generate micro-segments, MiniBatch KMeans and HDBSCAN clustering techniques are applied on the spectral embeddings, while an operational risk score that combines reconstruction error and structural outlierness drives allow/block policy decisions. Trustworthiness of the policy decision is improved through feature-level explanations using LIME and SHAP. Experiments on the WUSTL-IIoT-2021 dataset show that HDBSCAN achieved the strongest structural quality, while the manifold-based hypergraph produces the best oracle-aligned security efficacy that reaches a purity of 0.9990 with near-zero contamination. Similarly, the explainability module also showed high fidelity and stability, with surrogate classifier having an accuracy of 0.9927 and stable explanations across runs. Moreover, an ablation analysis shows that the federated learning preserves competitive segmentation quality relative to centralized training, and the hypergraph modeling significantly improves structural separation and risk stratification.

翻译：微分割作为零信任架构（ZTA）的核心要求，将网络划分为称为微分割的小型安全区域，从而最大限度地减少安全漏洞的影响并限制攻击者的横向移动。现有的工业物联网（IIoT）网络方法通常集中、静态或难以解释。这些局限在IIoT中尤为关键，因为设备异构、通信行为随时间演变，且跨站点原始数据共享往往不可取。因此，我们提出EFAH-ZTM，一种面向IIoT网络中零信任微分割的可解释联邦自编码器-超图框架。该框架包括一个训练后的联邦DNAE，可从分布式客户端学习行为嵌入。基于kNN和流形的超图捕获设备流实例间的高阶关系。为了生成微分割，对谱嵌入应用MiniBatch KMeans和HDBSCAN聚类技术，同时结合重构误差和结构异常值的操作风险评分驱动允许/阻断策略决策。通过使用LIME和SHAP的特征级解释，提升了策略决策的可信度。在WUSTL-IIoT-2021数据集上的实验表明，HDBSCAN实现了最强的结构质量，而基于流形的超图产生了最佳的、与oracle对齐的安全效能，其纯度达到0.9990且接近零污染。类似地，可解释性模块也表现出高保真度和稳定性，替代分类器准确率为0.9927，且多次运行的解释结果稳定。此外，消融分析表明，联邦学习相对于集中式训练保持了有竞争力的分割质量，超图建模显著改善了结构分离和风险分层。