Securing Industrial IoT (IIoT) network environments remains a significant challenge due to the increasing complexity of interconnected sensors, actuators, gateways, and control systems, which are frequent targets of cyberattacks. These threats can lead to operational disruptions, financial losses, and safety risks. This paper proposes an efficient multi-stage intrusion detection framework based on an enhanced Extreme Gradient Boosting (XGBoost) model for IIoT environments. The proposed framework integrates data preprocessing, class imbalance handling, hyperparameter optimization, probability calibration, and class-specific decision thresholds within a unified pipeline. In addition, calibrated probability outputs are utilized as continuous indicators of prediction confidence, enabling more reliable and risk-aware decision-making. The hierarchical multi-stage design decomposes the detection task into progressively refined classification levels, improving discrimination among complex and overlapping attack categories. The framework is evaluated using the Edge-IIoTset benchmark dataset, which reflects realistic IIoT network traffic under both normal and malicious conditions. Experimental results demonstrate that the proposed approach achieved significant performance improvements, including up to 21% increase in recall and 15% improvement in macro F1 score compared to the baseline models. Furthermore, the model exhibits low inference latency and supports efficient deployment in time-sensitive IIoT monitoring scenarios. These results indicate that the proposed framework provides an effective and scalable solution for multi-class cyber threat detection in IIoT networks.
Ahmed et al. (Fri,) studied this question.