—Securing Industrial Internet of Things (IIoT) net works against intrusion is fundamentally difficult because edge devices are resource-constrained, sensitive operational data can-not be shared across factory boundaries, and different factories encounter different attack types in practice. Centralised detection architectures fail on all three counts, while standard Federated Learning (FL) approaches treat detection as a binary problem, use aggregation rules that ignore client contribution quality, and do not account for the non-independent and identically distributed (non-IID) data distributions that arise across hetero-geneous deployments. This paper proposes FedProx-KQE, which addresses these limitations within a single framework. A Vari-ational Autoencoder–Long Short-Term Memory (VAE-LSTM) local model is extended with a multi-class classification head to identify individual attack categories rather than collapsing all threats into one class. Training data is partitioned across four factory clients with non-overlapping attack profiles to reflect realistic heterogeneity, and FedProx regularisation is applied to prevent local updates from drifting too far from the global model. Aggregation weights are replaced by a composite trust score that accounts for each client’s local accuracy, data volume, and class coverage. Experiments on the X-IIoTID benchmark under both binary and multi-class settings show that FedProx reduces the impact of data heterogeneity compared to standard Federated Averaging (FedAvg), and a Convolutional Neural Network (CNN) ablation study confirms that model capacity is not the binding constraint in the federated multi-class setting. ...
Authors: Pushpraj Shrivastava, Shweta Chouksey, Priyanka Verma.