Industrial control systems (ICS) are increasingly vulnerable to cybersecurity threats due to the integration of IoT devices and operational technology networks. Traditional centralized anomaly detection methods face significant challenges, including privacy concerns, bandwidth limitations, and single points of failure. Federated learning (FL) offers a promising alternative by enabling collaborative model training across distributed devices without sharing raw data. However, FL in industrial settings introduces challenges such as communication overhead, resource heterogeneity, and the risk of Byzantine failures. This study proposes a comprehensive framework for efficient and secure FL‐based anomaly detection in ICS. We introduce two novel compression techniques, weight clustering with adaptive bit allocation (WC‐ABA) and energy‐aware knowledge distillation (EA‐KD), to reduce communication overhead while maintaining detection accuracy. Additionally, we implement differential delta compression with adaptive clustering and entropy coding, which further minimizes data transmission by sending only the differences between model updates. Our robust aggregation mechanism, SparseVariance Aggregator, filters out suspicious updates and ensures model integrity. The framework also integrates differential privacy techniques to protect against inference attacks. Evaluated on the Secure Water Treatment (SWaT) and Water Distribution Attack Dataset (WADI) datasets, our approach demonstrates superior anomaly detection performance, reduced communication costs, and lower computational demand compared to centralized alternatives. The results highlight the effectiveness of our framework in enhancing the security and efficiency of ICS environments.
Owusu et al. (Thu,) studied this question.