Privacy Budgets That Work: Client-Level Differential Privacy with Robust Aggregation for IIoT Intrusion Detection

Abstract

Federated learning (FL) is promising for intrusion detection for Industrial Internet of Things (IIoT) without the necessity of centralizing raw telemetry, but there exist two stumbling blocks: (i) limiting what can be inferred about the clients (sites/devices) from their updates and (ii) providing reliability under heterogeneous, non-independent and identically distributed (non-IID) data with faulty or Byzantine members. We outline a systems design that intertwines client-level differential privacy (DP) with robust aggregation and experiment on the Edge-IIoTset workload specification and deterministic synthetic experiments with the goal of generating fully reproducible figures. The server applies per-client L2 clipping, adds calibrated Gaussian noise, and tracks privacy with Re´nyi DP (RDP) under subsampling; aggregation uses coordinate-wis → enforcing the target budget. Sweeping privacy budgets 0.5 reduces macro-F1 0.93 → 0.78 (−19.2%), AUROC 0.96 𝜀 ∈ {0.5 e median, → , 1 0.86 (−10.4%), and worst-client F1 0.89 , 2, 5 β , -trimmed mean, or Krum, with an auditable stop-on- 10} yields clear privacy–utility frontiers: tightening from → 0.70 (−21.3%). Under 10% 𝜀 controller 𝜀 = 10 corrupted clients at 𝜀 = 2, coordinate-wise median improves macro-F1 over mean by +11.1% and worst-client F1 by +20.3%. Time per round scales with the number of selected clients m = qK: 0.60 → 2.60 s as K = 10 → 200 at q = 0.1. The recipe exposes deployable knobs (𝜀, C, q, aggregator), auditable privacy via stop-on-𝜀, and tail-aware reporting—charting a practical path to regulator-aligned, privacy-preserving FL for IIoT intrusion detection.

Received: 11 December 2025 | Revised: 22 January 2026 | Accepted: 24 March 2026

Conflicts of Interest

The authors declare that they have no conflicts of interest to this work.

Data Availability Statement

The data that support the findings of this study are openly available in Kaggle at https://www.kaggle.com/datasets/mohamedamineferrag/edgeiiotset-cyber-security-dataset-of-iot-iiot, reference number [26].

Author Contribution Statement

Mahavir Teraiya: Conceptualization, Methodology, Software, Validation, Formal analysis, Investigation, Data curation, Writing – original draft, Writing – review & editing, Visualization. Madhu Shukla: Conceptualization, Methodology, Resources, Writing – review & editing, Supervision, Project administration.