The proliferation of Internet of Things devices in critical infrastructure has created unprecedented cybersecurity challenges, necessitating collaborative threat detection mechanisms that preserve data privacy while maintaining robustness against sophisticated attacks. Traditional federated learning approaches for IoT security suffer from two critical vulnerabilities: susceptibility to Byzantine attacks where malicious participants poison model updates, and inadequacy against future quantum computing threats that can compromise cryptographic aggregation protocols. This paper presents a novel Byzantine-robust federated learning framework integrated with post-quantum secure aggregation specifically designed for real-time threat intelligence sharing across critical IoT infrastructure. The proposed framework combines a adaptive weighted aggregation mechanism with lattice-based cryptographic protocols to simultaneously defend against model poisoning attacks and quantum adversaries. We introduce a reputation-based client selection algorithm that dynamically identifies and excludes Byzantine participants while maintaining differential privacy guarantees. The secure aggregation protocol employs CRYSTALS-Kyber for key encapsulation and homomorphic encryption to ensure confidentiality during parameter updates. Experimental evaluation on industrial IoT intrusion detection datasets demonstrates that our framework achieves 96.8% threat detection accuracy while successfully mitigating up to 40% Byzantine attackers, with only 18% computational overhead compared to non-secure federated approaches. The framework maintains sub-second aggregation latency suitable for real-time applications and provides 256-bit post-quantum security level.

翻译：关键基础设施中物联网设备的激增带来了前所未有的网络安全挑战，需要既能保护数据隐私又能抵御复杂攻击的协作式威胁检测机制。传统面向物联网安全的联邦学习方法存在两个关键脆弱性：易受恶意参与者毒化模型更新的拜占庭攻击，以及无法抵御可能破坏加密聚合协议的未来量子计算威胁。本文提出一种新颖的拜占庭鲁棒联邦学习框架，集成了专门为关键物联网基础设施间实时威胁情报共享设计的后量子安全聚合方案。该框架结合自适应加权聚合机制与基于格的密码协议，能同时防御模型投毒攻击和量子敌手。我们引入一种基于信誉的客户端选择算法，在保持差分隐私保证的同时动态识别并排除拜占庭参与者。安全聚合协议采用CRYSTALS-Kyber进行密钥封装并结合同态加密，确保参数更新过程中的机密性。在工业物联网入侵检测数据集上的实验评估表明，本框架实现了96.8%的威胁检测准确率，成功抵御高达40%的拜占庭攻击者，与不安全联邦方法相比仅产生18%的计算开销。该框架保持亚秒级聚合延迟，适用于实时应用，并提供256位后量子安全等级。