Survey of Federated Learning for Cyber Threat Intelligence in Industrial IoT: Techniques, Applications and Deployment Models

Tom, Abin Kumbalapalliyil; Khraisat, Ansam; Jan, Tony; Whaiduzzaman, Md; Nguyen, Thien D.; Alazab, Ammar

Survey of Federated Learning for Cyber Threat Intelligence in Industrial IoT: Techniques, Applications and Deployment Models

Abin Kumbalapalliyil Tom, Ansam Khraisat, Tony Jan, Md Whaiduzzaman, Thien D. Nguyen and Ammar Alazab ()
Additional contact information
Abin Kumbalapalliyil Tom: Centre for Artificial Intelligence Research and Optimization (AIRO), Torrens University Australia (TUA), 46–52 Mountain Street, Ultimo, NSW 2007, Australia
Ansam Khraisat: School of Info Technology, Faculty of Science Engineering & Built Environment, Deakin University, Burwood, VIC 3125, Australia
Tony Jan: Centre for Artificial Intelligence Research and Optimization (AIRO), Torrens University Australia (TUA), 46–52 Mountain Street, Ultimo, NSW 2007, Australia
Md Whaiduzzaman: Centre for Artificial Intelligence Research and Optimization (AIRO), Torrens University Australia (TUA), 46–52 Mountain Street, Ultimo, NSW 2007, Australia
Thien D. Nguyen: Centre for Artificial Intelligence Research and Optimization (AIRO), Torrens University Australia (TUA), 46–52 Mountain Street, Ultimo, NSW 2007, Australia
Ammar Alazab: Centre for Artificial Intelligence Research and Optimization (AIRO), Torrens University Australia (TUA), 46–52 Mountain Street, Ultimo, NSW 2007, Australia

Future Internet, 2025, vol. 17, issue 9, 1-25

Abstract: The Industrial Internet of Things (IIoT) is transforming industrial operations through connected devices and real-time automation but also introduces significant cybersecurity risks. Cyber threat intelligence (CTI) is critical for detecting and mitigating such threats, yet traditional centralized CTI approaches face limitations in latency, scalability, and data privacy. Federated learning (FL) offers a privacy-preserving alternative by enabling decentralized model training without sharing raw data. This survey explores how FL can enhance CTI in IIoT environments. It reviews FL architectures, orchestration strategies, and aggregation methods, and maps their applications to domains such as intrusion detection, malware analysis, botnet mitigation, anomaly detection, and trust management. Among its contributions is an empirical synthesis comparing FL aggregation strategies—including FedAvg, FedProx, Krum, ClippedAvg, and Multi-Krum—across accuracy, robustness, and efficiency under IIoT constraints. The paper also presents a taxonomy of FL-based CTI approaches and outlines future research directions to support the development of secure, scalable, and decentralized threat intelligence systems for industrial ecosystems.

Keywords: cyber threat intelligence (CTI); federated learning (FL); Industrial Internet of Things (IIoT); privacy-preserving learning; intrusion detection; distributed security (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/17/9/409/pdf (application/pdf)
https://www.mdpi.com/1999-5903/17/9/409/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:17:y:2025:i:9:p:409-:d:1744670

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().