Skip to main navigation menu Skip to main content Skip to site footer

Special Issue: Artificial Intelligence Across the Communication Stack: Engineering, Human Interaction, and Governance in the 6G Era

Vol. 2 (2026)

Federated Deep Learning for Telecom-Orchestrated Anomaly Detection in Industrial IoT Critical Infrastructure Networks

DOI:
https://doi.org/10.31875/2979-1081.2026.02.05
Submitted
July 4, 2026
Published
2026-07-04

Abstract

Industrial Internet of Things (IIoT) critical infrastructure is increasingly connected through private 5G/6G networks, software-defined transport, network slicing and O-RAN-compatible orchestration stacks. In such environments, anomaly detection is not only an application-layer cybersecurity task; it is also a communication-engineering signal that can trigger changes in RAN, core and transport control loops. Centralizing sensor, radio and network telemetry for high-accuracy deep anomaly detection violates data-sovereignty and regulatory requirements, while isolated local models fail to generalize across heterogeneous plants and private-network deployments. Federated deep learning (FDL) offers a privacy-preserving architecture for collaborative anomaly detection, but its practical value depends on how anomaly scores are mapped to telecom control elements such as network slices, QoS flows, RIC xApps/rApps, SDN/NFV routing and isolation functions. This paper reviews FDL architectures for IIoT anomaly detection with explicit grounding in telecom system design. Beyond F1-score comparison, the analysis emphasizes radio and network KPIs including SINR degradation, PRB utilization, handover failure rate, link latency, throughput, QoS/QoE, control overhead and spectrum constraints. The paper further explains how anomaly outputs can support automated control actions such as rerouting, slice-profile adjustment, QoS enforcement, edge isolation and SDN/NFV remediation, while respecting radio latency budgets, closed-loop stability and safety requirements. Security threats, communication overhead, model compression and regulatory constraints are analyzed as deployment factors for private 5G/6G critical-infrastructure networks.

References

  1. Lee J, Bagheri B, Kao HA: A cyber-physical systems architecture for industry 4.0-based manufacturing systems. Manufacturing Letters 2015, 3: 18-23. https://doi.org/10.1016/j.mfglet.2014.12.001
  2. Stouffer K, Pillitteri V, Lightman S, Abrams M, Hahn A: Guide to Industrial Control Systems (ICS) Security. NIST SP 800-82 Rev. 3; 2023.
  3. Dragos Inc: Year in Review: OT/ICS Cybersecurity Threat Landscape Report 2024. Dragos; 2024.
  4. Goh J, Adepu S, Junejo KN, Mathur A: A dataset to support research in the design of secure water treatment systems. In: CRITIS 2016, LNCS 10242: 88-99. https://doi.org/10.1007/978-3-319-71368-7_8
  5. Ahmed CM, Palleti VR, Mathur AP: WADI: A water distribution testbed for research in the design of secure cyber physical systems. In: CyberICPS 2017: 25-28. https://doi.org/10.1145/3055366.3055375
  6. McMahan HB, Moore E, Ramage D, Hampson S, Arcas BA: Communication-efficient learning of deep networks from decentralized data. AISTATS 2017: 1273-1282.
  7. IEC 62443-3-3: Industrial Automation and Control Systems Security - System Security Requirements and Security Levels. IEC; 2013.
  8. Chandola V, Banerjee A, Kumar V: Anomaly detection: A survey. ACM Computing Surveys 2009, 41(3): 1-58. https://doi.org/10.1145/1541880.1541882
  9. Kravchik M, Shabtai A: Efficient cyber attack detection in industrial control systems using lightweight neural networks and PCA. IEEE Transactions on Dependable and Secure Computing 2021, 18(2): 993-1006.
  10. Mathur AP, Tippenhauer NO: SWaT: A water treatment testbed for research and training on ICS security. In: IEEE CSET 2016. https://doi.org/10.1109/CySWater.2016.7469060
  11. Taormina R, Galelli S, Tippenhauer NO, et al.: The battle of the attack detection algorithms: Disclosing cyber attacks on water distribution networks. Journal of Water Resources Planning and Management 2018, 144(8): 04018048. https://doi.org/10.1061/(ASCE)WR.1943-5452.0000983
  12. Sin D, Han S, Kim S, et al.: HAI 21.03: Industrial control system security dataset. In: DFRWS USA 2021.
  13. Goh J, Adepu S, Tan M, Lee ZS: Anomaly detection in cyber physical systems using recurrent neural networks. In: IEEE HASE 2017: 65-72. https://doi.org/10.1109/HASE.2017.36
  14. Katser ID, Kozitsin VO: Skoltech Anomaly Benchmark (SKAB). Kaggle 2020.
  15. McMahan HB, Moore E, Ramage D, et al.: Advances and open problems in federated learning. Foundations and Trends in Machine Learning 2021, 14(1-2): 1-210. https://doi.org/10.1561/2200000083
  16. Zhang Y, Li P, Zhao L, et al.: FedAnomaly: Federated learning for anomaly detection in IIoT. IEEE Internet of Things Journal 2023, 10(12): 10547-10561.
  17. Zhao Y, Li M, Lai L, Suda N, Civin D, Chandra V: Federated learning with non-IID data. arXiv: 1806.00582; 2018.
  18. Fallah A, Mokhtari A, Ozdaglar A: Personalized federated learning with theoretical guarantees. Advances in Neural Information Processing Systems 2020, 33: 9492-9502.
  19. Liu W, Chen L, Zhang W: Federated anomaly detection for heterogeneous ICS environments. In: IEEE INFOCOM 2024.
  20. Sattler F, Muller KR, Samek W: Clustered federated learning: Model-agnostic distributed multi-task optimization under privacy constraints. IEEE Transactions on Neural Networks 2021, 32(8): 3710-3722. https://doi.org/10.1109/TNNLS.2020.3015958
  21. Li T, Sahu AK, Zaheer M, Sanjabi M, Smola A, Smith V: Federated optimization in heterogeneous networks. In: MLSys 2020.
  22. Xie C, Koyejo S, Gupta I: Asynchronous federated optimization. In: OPT Workshop @ NeurIPS 2019.
  23. Audibert J, Michiardi P, Guyard F, Marti S, Zuluaga MA: USAD: Unsupervised anomaly detection on multivariate time series. In: ACM KDD 2020. https://doi.org/10.1145/3394486.3403392
  24. Hundman K, Constantinou V, Laporte C, Colwell I, Soderstrom T: Detecting spacecraft anomalies using LSTMs and nonparametric dynamic thresholding. In: ACM KDD 2018. https://doi.org/10.1145/3219819.3219845
  25. Bai S, Kolter JZ, Koltun V: An empirical evaluation of generic convolutional and recurrent networks for sequence modeling. arXiv: 1803.01271; 2018.
  26. Deng A, Hooi B: Graph neural network-based anomaly detection in multivariate time series. In: AAAI 2021. https://doi.org/10.1609/aaai.v35i5.16523
  27. Guo Y, Qin Y, Fan J, et al.: Graph-augmented federated anomaly detection for industrial control systems. IEEE Transactions on Information Forensics and Security 2024, 19: 4451-4465.
  28. Kim S, Moon I, Lee D, et al.: Integer-only quantization for efficient DNN-based channel estimation. IEEE Wireless Communications Letters 2023, 12(3): 500-504.
  29. Davis J, Goadrich M: The relationship between Precision-Recall and ROC curves. In: ICML 2006: 233-240. https://doi.org/10.1145/1143844.1143874
  30. Bagdasaryan E, Veit A, Hua Y, Estrin D, Shmatikov V: How to backdoor federated learning. In: AISTATS 2020.
  31. Blanchard P, El Mhamdi EM, Guerraoui R, Stainer J: Machine learning with adversaries: Byzantine tolerant gradient descent. Advances in Neural Information Processing Systems 2017, 30.
  32. Yin D, Chen Y, Kannan R, Bartlett P: Byzantine-robust distributed learning: Towards optimal statistical rates. In: ICML 2018.
  33. Fang M, Cao X, Jia J, Gong N: Local model poisoning attacks to Byzantine-robust federated learning. In: USENIX Security 2020.
  34. Tramer F, Zhang F, Juels A, Reiter MK, Ristenpart T: Stealing machine learning models via prediction APIs. In: USENIX Security 2016.
  35. Li Y, Bai Y, Jiang Y, et al.: Federated learning model watermarking for verifying ownership of global models. IEEE Transactions on Dependable and Secure Computing 2023, 20(5): 3706-3718.
  36. Lin W, Su Y, Wang G, Yu Y: Free-rider attacks on model aggregation in federated learning. In: AISTATS 2021.
  37. Li Q, Wen Z, He B: Practical federated gradient boosting decision trees. In: AAAI 2020. https://doi.org/10.1609/aaai.v34i04.5895
  38. Geyer RC, Klein T, Nabi M: Differentially private federated learning: A client level perspective. arXiv: 1712.07557; 2017.
  39. IEC 61508: Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems. IEC; 2010.
  40. Pfeiffer M, Pfeil T: Deep learning with spiking neurons: Opportunities and challenges. Frontiers in Computational Neuroscience 2018, 12: 88. https://doi.org/10.3389/fnins.2018.00774
  41. Konecny J, McMahan HB, Yu FX, Richtarik P, Suresh AT, Bacon D: Federated learning: Strategies for improving communication efficiency. arXiv: 1610.05492; 2016.
  42. Lin Y, Han S, Mao H, Wang Y, Dally WJ: Deep gradient compression: Reducing the communication bandwidth for distributed training. In: ICLR 2018.
  43. European Parliament: Directive (EU) 2022/2555 on Measures for a High Common Level of Cybersecurity (NIS2). OJ L 333; 2022.
  44. Lundberg SM, Lee SI: A unified approach to interpreting model predictions. Advances in Neural Information Processing Systems 2017, 30.
  45. Dhurandhar A, Chen PY, Luss R, et al.: Explanations based on the missing: Towards contrastive explanations with pertinent negatives. Advances in Neural Information Processing Systems 2018, 31.
  46. Fuller A, Fan Z, Day C, Barlow C: Digital twin: Enabling technologies, challenges and open research. IEEE Access 2020, 8: 108952-108971. https://doi.org/10.1109/ACCESS.2020.2998358
  47. Li X, Zhang H, Zhou J, et al.: Digital-twin-assisted federated anomaly detection for water distribution networks. IEEE Internet of Things Journal 2024, 11(8): 14220-14234.
  48. Zenke F, Poole B, Ganguli S: Continual learning through synaptic intelligence. In: ICML 2017.
  49. Yoon J, Jeong W, Lee G, Yang E, Hwang SJ: Federated continual learning with weighted inter-client transfer. In: ICML 2021.
  50. Bonawitz K, Ivanov V, Kreuter B, et al.: Practical secure aggregation for privacy-preserving machine learning. In: ACM CCS 2017. https://doi.org/10.1145/3133956.3133982
  51. O-RAN Alliance: O-RAN Architecture Description. O-RAN.WG1.O-RAN-Architecture-Description; 2023.
  52. 3GPP TS 23.501: System Architecture for the 5G System (5GS). 3GPP; Release 18; 2024.
  53. 3GPP TS 28.541: Management and orchestration; 5G Network Resource Model. 3GPP; Release 18; 2024.