As Industrial Internet of Things (IIoT) environments expand to include tens of thousands of connected devices. The centralization of security monitoring architectures creates serious latency issues that savvy attackers can exploit to compromise an entire manufacturing ecosystem. This paper outlines a new, decentralized multi-agent swarm (DMAS) architecture that includes autonomous artificial intelligence (AI) agents at each edge gateway, functioning as a distributed digital "immune system" for IIoT networks. Instead of using a traditional static firewall approach, the DMAS agents communicate via a lightweight peer-to-peer protocol to cooperatively detect anomalous behavior across the IIoT network without sending data to a cloud infrastructure. The authors also outline a consensus-based threat validation (CVT) process in which agents vote on the threat level of an identified threat, enabling instant quarantine of a compromised node or nodes. The authors conducted experiments on a testbed that simulated an innovative factory environment with 2000 IIoT devices and found that the DMAS demonstrated sub-millisecond response times (average of 0.85ms), 97.3% accuracy in detecting malicious activity under high load, and 87% accuracy in detecting zero-day attacks. All significantly higher than baseline values for both centralized and edge computing. Additionally, the proposed architecture can prevent real-time cascading failures in industrial control systems and reduce network bandwidth use by 89% compared to cloud-based solutions.

翻译：随着工业物联网（IIoT）环境扩展到包含数万台互联设备，集中式安全监控架构产生了严重的延迟问题，精明的攻击者可利用此漏洞危及整个制造生态系统。本文提出了一种新颖的去中心化多智能体集群（DMAS）架构，该架构在每个边缘网关部署自主人工智能（AI）智能体，作为IIoT网络的分布式数字“免疫系统”。DMAS智能体不采用传统的静态防火墙方法，而是通过轻量级点对点协议进行通信，协同检测整个IIoT网络中的异常行为，而无需将数据发送至云端基础设施。作者还概述了一种基于共识的威胁验证（CVT）流程，智能体对已识别威胁的威胁等级进行投票，从而实现对单个或多个受感染节点的即时隔离。作者在一个模拟创新工厂环境（包含2000台IIoT设备）的测试平台上进行了实验，发现DMAS架构表现出亚毫秒级的响应时间（平均0.85毫秒），在高负载下检测恶意活动的准确率达到97.3%，检测零日攻击的准确率为87%。这些指标均显著高于集中式计算和边缘计算的基线值。此外，所提出的架构能够防止工业控制系统中的实时级联故障，与基于云的解决方案相比，网络带宽使用量减少了89%。