A novel and secure artificial intelligence enabled zero trust intrusion detection in industrial internet of things architecture

Abstract

Some of the potential advancements in information and communication technology (ICT), like artificial intelligence (AI) with federated learning (FL), which are particularly used in the transformation of industrial environments, are driven by digital technologies and can increase the efficiency and dependability of systems. The world has recently become more interconnected as a result of digital technology adoption but with some significant drawbacks. One of the major problems that arises as a malevolent possibility is cybercrime, which poses a threat to governments, corporations, and societies—most significantly, civil society. It is now feasible to work with more than two people to integrate Advanced Digital Technology (ADT) and move the foundation in the direction of a strong hierarchy, but in a complicated way, which has turned into a playground for cybercriminals. The idea of zero trust offers some sweetness in demand for threat detection by autonomously based FL, ML, and DL to address such difficult elements. This paper’s main objective, however, is to offer an investigative report based on cyber vulnerability detection using AI, ML, and DL in order to shield the ecosystem from malevolent attacks before they happen. Examining machine learning-enabled classifiers and ensembles for network intrusions and autonomous malicious detection is the secondary objective. Therefore, it explains how we can combine the two models to analyze the context of attacks more effectively and efficiently and how to respond by implementing network security and Internet of Things (IoT) security strategies, such as the stop-and-listen method. When developing and implementing an integrated AI-enabled zero-trust intrusion detection architecture into the present industrial IoT ecosystem, there is a significant discussion about difficult issues and potential solutions. Given the notable outcomes of the simulations we obtained, it is evident at the conclusion of this research that the proposed solution is a strong contender for implementation in the real-time industrial setting.

Introduction

The Internet of Things (IoT) has gained popularity due to its association found in every aspect of daily life, like its involvement in smart medical systems, intelligent industrial environments, smart cities, and IoT transportation for traveling autonomously^1,2. In order to provide neutral connectivity to the devices, a significantly large number of data that is interoperable from one to another, which includes personal information such as data of authentication, geolocation, GPS connectivity and sharing resources, and coupling with the sensitive data from the interoperable environment within the same ecosystem. Undoubtedly, managing real-time data is a challenging problem, especially in the Industrial Environment (IE), which is only possible while proposing a standardized hierarchy of data organization, for example, captured, shared, examined, analyzed, presented, and preserved dynamically^3,4. In short, it is clear that the IoT derives, and related ecosystems need to be more protected, which is often a complex task because of enforcing rigorous physical security measures. In addition, there are other reasons, like open and closing and dispersed registration of a huge number of participants, which create a compound limitation, such as financial implications. Furthermore, the architecture of IoT systems is critical in terms of managing device diversity from different developing environments while integrating distinct protocols and their operations. It is worth noting that the existing IoT devices have potentially a huge ground for the occurrence of malicious attacks^3,4,5. In IE, the technological experts, along with the enterprises prefer privacy protection and security promotions in order to achieve the cost of resource reduction, which is directly proportional to the competitive benefits. Such type of practices affects the technological privacy protection and security of their products.

However, the compound limitations are derived from the computational, network, and preservation-related problems in the device environment, where a discussion of conventional privacy protection is raised^5,6. Thus, algorithms of conventional privacy and security of IoT devices are unreliable to be integrated and deployed in the domain of small medium-sized enterprises (SMEs) due to constraints of cost management of IoT systems. As per the recent report, the rate of IoT devices can robust drastically in a number of utilizations worldwide up from 10 billion to 28.8 billion approximately in between 2023 and 2030^5,6,7. More than that, it is evaluated that the current IoT systems rely on the non-standard lifecycle, hierarchy, and protocols, which leads to environmental vulnerabilities that transform into malicious threats. The availability of different third-party open-source software plays a critical role in the adverse impact on the entire Industrial IoT (IIoT) ecosystem. All such prospects have the same security weakness that raises infection exploitation, systems threats and malware, personal information leakage, and authentication. In addition, network scans, buffer overflow, and injection-like command-based are also critical popped up throughout the investigation. Resultant separates a list of advanced attacks evolved in the IoT environment. More than that, the evaluation of IoT vulnerability indicates the weakness in the process of response techniques that are actively adopted in the current scenario^8,9.

Fig. 1

”The current working operation of zero- trust architecture”.

In general, there are different classical approaches proposed and adopted in software vulnerability analysis, mainly for IoT-enabled equipment for privacy protection and security-related active threat detection using Artificial Intelligence (AI), especially Machine Learning (ML)^7,8,9. Most of these AI-based algorithms are increasingly utilized to examine the patterns of attacks being trained in the system for fast intrusion detection and related vulnerabilities^9,10. Some of the AI algorithms use cluster functions for more specifically evaluate the occurrence of intrusions throughout. Due to the low availability of computational power, processing, and energy in consumption of training the systems^7,9; in order to these metrics, ML plays a significant role in implementing a sufficient large amount of anomaly detection, which means such ML-based proposals consume low cost of memory with respect to execution time. Throughout this process, the overall cloud network and communication environment can be investigated while evaluating before transmission^8,10. Undoubtedly, we must say that the ML techniques are more supportable and reliable compared to the traditional method of intrusion detection in the IoT environment. Unfortunately, the restriction from the IoT connectivity and networking while node-to-node interoperability environment, there are still challenging prospects counted based on the recent infrastructure of ML integrates with IoT for active intrusion detection and vulnerabilities.

Traditionally, software-enabled intrusion detection is examined and detected on high-performance centralized server-based architectures due to the effectiveness of the ecosystem^11,12,13,14. On the other side, the lightweight nature of IoT devices makes it difficult to such software in terms of scheduling high-intensive detection and response tasks^12,14. Nowadays, different types of research have been conducted that mainly adopt the techniques of ML in IoT for achieving better results. However, the insufficiency of IoT resource constraints, especially for the industrial environment needs to be considered, which is required to make a realistic attack performance prospect that cannot be conducted previously. To provide a solution for addressing a new paradigm for an efficient and reliable process of intrusion detection, along with the integration of optimization by training data size to detect system intrusion effectively and robustly while managing loss function. The ratio of data sampling in the collected dataset and training the AI-enabled ML techniques in the IoT in accordance with the optimal point finders, which are between performance and size of data. In addition, the concept of zero-trust intrusion detection in the industrial IoT diverts the dynamics in terms of defining a set of cybersecurity principles that can be used to make an approach for moving network defense from malicious attacks, the perimeter of a wide area, static network management that mainly focusing on systems, users, and ecosystem, along with a personal or small group of resources, as shown in Fig. 1. In this manner, the adaptation of an AI-enabled zero-trust intrusion detection strategy can be counted successfully, especially for industrial things management and organization, as shown in Fig. 1.

Research motivation and contributions

A recent industrial environment is categorized into three subunits (i) manufacturing, (ii) production, and (iii) industrial things management. In these divisions, the role of wireless sensor networks and IoT devices is crucial throughout the development cycle of industrial products and manufacturing. Due to this scenario, the infrastructural security and privacy protection of IoT devices require different paradigms to tackle their integrity while transmissions, in which physical to man-in-the-middle attacks, like botnet, false data injection, and distributed-denial of service (DDoS) need to be evaluated before. To achieve such prospects, the metrics of intrusion detection software can be adjusted in terms of complexity, code reusability, functional parameters, and detection methods using one of the strategies, like an abstract syntax tree. But in this paper, an AI-enabled zero-trust intrusion detection strategy applies to IoT networks to support the industrial environment to get better results (defending from advanced attacks, like DDoS), including efficiency, effectiveness, robustness, and reliable manner. This paper majorly focuses on the practical detection of ML-based intrusion that occurs in industrial transmission and delivery, but it should evaluate performance from consecutive accuracy, complex architectural management, computational limitations, memory consumption, and latency. Substantially, we need a standardized design that alleviates the trade-off of both the devices and performance. By analyzing such critical problems, this paper addresses some of the major research questions as follows:

• Question 1: What AI-enabled ML techniques are suitable for adopting to implement an efficient and effective zero-trust intrusion detection strategy for industrial things?

• Question 2: How the current architectures integrate with the autonomous penetration testing and support?

• Question 3: What type of penetration testing identifies security issues of IoT in the industrial and manufacturing environment?

• Question 4: Which criteria can be considered for creating or selecting a standardized way to proposed zero-trust intrusion detection architecture for IoT systems?

The main contributions and objectives of this paper is defined as follows:

• This paper addresses via presenting the infrastructural weakness of the existing IoT systems through evaluating the recent published (more than fourth (40) that are most cited) state-of-the-art research publication. In the process of examination, various impactful privacy protection and security related problems highlights, which can be considered in this proposed work while designing the architecture.

• A standardized process of AI-enabled zero trust intrusion detection software implementation for IoT systems, is proposed.

• In this paper, we propose a novel architecture that define a pathway to create AI-enabled ML connectivity with zero trust strategy for real-time identification of intrusions in the industrial environment.

• The result of this proposal is based on the updates of such parameters as follows:

$$\:a=a-\text{min}\left(a\right)/\text{m}\text{a}\text{x}\left(a\right)-\text{m}\text{i}\text{n}\left(x\right)$$

(1)

$$\:\text{a}\left(\text{b}\text{e}\text{s}\text{t}\:\text{c}\text{a}\text{s}\text{e}\right)=average\:\left(\text{min}\left(f\left(a\right)\right)\right)\to\:a\:belongs\:to\:inside\:liited\:domain\:A$$

(2)

$$\:Xi+Xn\:/Xi+Xn\:+Frequency\:of\left(Fi\right)+\:Frequency\:of\left(Fn\right)$$

(3)

$$\:Xi\:/Xi+Fi\:\:\:\:\:\:\:$$

(4)

$$\:Xi\:/Xi+Fn\:\:\:\:\:\:\:$$

(5)

$$\:F1-score=2*(precision*recall\:/\:precision+recall)$$

(6)

$$\:Fi\:/Fi+Xn\:\:\:\:\:\:\:$$

(7)

• The open research gaps are highlighted that involved in the process of implementation, along with system’s deployment. And so, in this manner, we propose some of the possible solutions of each prospect in the end of this research.

Structure of this paper

The section and subsections of this paper are aligned as follows: In Sect. 2, a detailed argument of investigation on the topic of AI-based zero-trust intrusion detection in an industrial environment and related hierarchy. And so, the role of IoT networks in cyberspace is listed. The preliminaries and fundamental knowledge of the current problem examination are discussed, along with the description of integrated technologies that are associated with the creation of the proposed architecture of intrusion detection using AI-enabled zero trust strategy for industrial things in Sect. 3. Through the simulations, this paper presents unique results that are generated via deploying the proposed strategy of zero trust and compared with state-of-the-art schemes in Sect. 4. In Sect. 5, a list of open research problems that still require expert consideration is mentioned with possible solution descriptions. Finally, this work concluded with the statement of conclusions and future research directions in Sect. 6.

Background and related work

This section identifies that IoT security is mainly a complex and achievable manner due to their broad range of distinct underlying IoT components, along with the connectivity of wireless sensors network^15,16. The current architecture of IoT technology is categorized into three subunits such as (i) embedded devices connectivity, (ii) radio communications, and (iii) software integrations. The embedded devices connectivity is mainly designed for equipping sensors association to capture and examine data from the environments on different devices with different data formats by using radio-frequency identification, such as wireless sensors network and GPS. On the other side, radio communication enables the interconnectivity between devices for efficient intercommunication like sharing and exchange. The common communication protocols are the cellular network, LoRa-WAN, Wi-Fi, Wave, etc. Whereas the software integration makes everything on one page, the focusing factor of this subunit is the firmware that bridges both environments, like mobile and web, in order to run the system effectively. However, device interface management is one of the critical prospects that is resolved by setting up the cloud components connected to the devices and others. for instance, these subdivisions in the architecture of IoT make this technology weak; due to this, security and privacy protection are the fundamental concerns involved in this environment and become one of the discussion factors in every domain of investigation. The major investigation of this study is divided into two different sections, including AI-based zero-trust intrusion detection in industrial environments and the role of IoT networks in cyberspace as follows:

AI-based zero-trust intrusion detection in industrial environment

AI-enabled zero trust strategy is considered an architectural module of security that mandates, which is granted before, by maintaining data accessibility and applications^15,16,17. However, users either work in the environment of organizations or outside, which requires different channels for networks to intercommunicate, such as implicit and explicit requests. For instance, there are authentication, authorization, and security protocols for undergoing/ongoing connectivity, and their posture validation maintenance requires additional technological integration for autonomous decision-making. In this manner, the revolution of AI in cybersecurity creates new paradigms, like proactive threat detection, predictive insights, automated response, user behavior monitoring, threat hunting, adaptive access control, and intrusion identification^14,15. Network intrusion detection is another key area that is covered by AI in cybersecurity, where an Intrusion Detection System (IDS) can be capable of examining the patterns of network traffic and redundancies. It can help to note the point of unusual impacts that occur in the network and evaluate the point of breach and the point of assault^15,16. By proposing such developments from the side of cybersecurity experts^16,17, a fast and reliable evaluation of the large volume of network data takes place using AI techniques that reduce the effect along with speeding up the identification and restriction process to attacks.

Table 1 presents the analysis report of the current adoptive AI-based zero-trust strategy for intrusion identification and its detection and vice versa in the real-time environment, where the examination metrics are defined as follows: (i) major research objectives, (ii) as used with the methods, models, or techniques, (iii) benefits of this proposed work, (iv) comparative analysis and opportunities, and (v) references of each state-of-the-art publication.

Table 1 “Related work of AI-based zero trust strategy for intrusion identification and real time detection”.

The role of internet of things (IoT) network in cyberspace

As per the evaluation of state-of-the-art publications^{24,25,26,27,28,29}, it is clear that IoT technology is becoming more closely integrated into everyday lifestyles, most importantly in the enterprise environment, which is a great need for cybersecurity. The major role of cybersecurity is to encompass the technological activities employed to secure and protect in terms to safeguard devices and the platforms that are associated with the networks from malicious threats. From an industrial perspective, operations like manufacturing and product delivery, the IoT units have extremely sensitive information and handling. The critical aspects of IoT device compromises, weak network points, and connectivity of vulnerable devices raise the malicious attackers, most probably the physical deranges and the ability to retrieve intelligence without requiring any kind of authentication^24,25,26. While shifting the IoT to interconnectedness, the technology has raised critical drawbacks, such as managing potential financial and privacy protection damages and risk mitigation. In addition, the emergence of device utilization impacts drastically by increasing network consumption, which directly affects privacy protection and security-related prospects in terms of increasing the opportunities for cybercriminals entrance into the systems and access data^27,28. Furthermore, cost-effective convenience from the business point of view creates consequences of the biggest cybersecurity problems due to neglect of the integration of different IoT components, which are lightweight in nature, and also because of unsecure growing network interconnectivity. To tackle such challenging issues involved in the IoT environment, the experts of^{24,25,26,27,28,29} discussed the crucial aspects that need to be adopted before designing, developing, and deploying the architecture as follows:

• Building infrastructure.

• Association with industrial infrastructure.

• Communication infrastructure integration and testing.

Preliminaries

Recently, AI-enabled Deep Learning (DL) models (including Artificial Neural Networks (ANNs), Convolutional Neural Networks (CNN), Recurrent Neural Networks (RNNs)) have gained a lot of attention, especially in the cybersecurity domain, most importantly in network intrusion detection purpose^24,25. Due to this, we can achieve availability to adopt such methods for getting different format of data form different datasets, which directly impacts the performance enhancement. On the other side, the resource management of these methods is yet to be the complex prospects-critical domain where data management, organization, and optimization is important. In this manner, most of the research directions shifted towards the side of ML, where the experimental study elaborates that the three different machine learning methods perform drastically better, such as supervised learning, unsupervised learning, and semi-supervised learning. And so, the designed models-based on these mentioned methods that are listed as one of the topmost adoptive strategies for intrusion detection and evaluate network vulnerabilities^26,27,28,29: (i) random forest, (ii) logistic regression, (iii) gradient boosting machine learning, and (iv) AL-enabled adoptive deep learning approach. The detail of these models is discussed as follows:

• Random Forest: It is a partitioning algorithm, which is recursive in nature. It allows to create various decision trees that average the predictive results at the end, which reduces the load of computational resources.

• Logistic Regression: One of the generalized linear algorithms that is mostly used for the context of binary classification and analytics based on prediction.

• Gradient Boosting Machine: It does not create different trees for decision making-create an average outcome which operates in a sequential manner. The model specifically boosts the weak learner prospects by correcting the error in each step of passing.

• Advanced Deep Learning-Adoptive Learning: A pre-trained model that can collaborate with fusion process to build a more powerful learner. It is overall scenario, three things need to be associated with, such as big data, computational processing units (like GPU), and strategy of optimization (for example, metaheuristic-enabled optimization).

Whereas the algorithms are setup in accordance with the following manner:

1. 1.

   For feature scaling of intrusion throughout the process of identification:

   $$\:a=a-\text{min}\left(a\right)/\text{m}\text{a}\text{x}\left(a\right)-\text{m}\text{i}\text{n}\left(x\right)$$

   (1)
2. 2.

   Hyperparameter for data capturing and optimization:

   $$\:\text{a}\left(\text{b}\text{e}\text{s}\text{t}\:\text{c}\text{a}\text{s}\text{e}\right)=average\:\left(\text{min}\left(f\left(a\right)\right)\right)\to\:a\:belongs\:to\:inside\:liited\:domain\:A$$

   (2)
3. 3.

   Parameter for overall accuracy measures:

   $$\:Xi+Xn\:/Xi+Xn\:+Frequency\:of\left(Fi\right)+\:Frequency\:of\left(Fn\right)$$

   (3)
4. 4.

   Parameter for overall precision:

   $$\:Xi\:/Xi+Fi\:\:\:\:\:\:$$

   (4)
5. 5.

   Parameter for overall recall:

   $$\:Xi\:/Xi+Fn\:\:\:\:\:\:\:$$

   (5)
6. 6.

   Parameter for overall F1-score:

   $$\:F1-score=2*(precision*recall\:/\:precision+recall)$$

   (6)
7. 7.

   False Positive and True Positive Calculation:

   $$\:Fi\:/Fi+Xn$$

   (7)

In this paper, a standardized process of training the proposed AI-enabled zero-trust architecture is presented, where the mentioned ML and DL models are getting used to train a real-time intrusion identification and detection for industrial environment (such as industrial, manufacturing, and products point of view) is defined as follows (as shown in Fig. 2):

• Step#1: set the surface for protection (for each industrial units);

• Step#2: data flow plan (like industrial, manufacturing, and production related);

• Step#3: design architecture (the proposed AI-enabled zero-trust architecture, as shown in Fig. 3);

• Step#4: create regulatory (industrial verified protocols); and.

• Step#5: manage the designed industrial network.

Fig. 2

Standardized Process of AI-enabled Zero Trust Architecture.

Problem description, formulation, and the proposed working hierarchy

An endless increment in the usage of IoT devices has initiated a seamless bridge between digital and physical environments. The IoT is performed in a wide area of internet management concept, where internet-based systems that are seamlessly connected can share and exchange data because of the design of interoperability. Due to this, technology is a primary factor that enables cyber-physical systems, the industrial metaverse, and digital twins. However, the intersecting nature of IoT technologies; includes different components to fulfil the requirement of technological deployment or maintain the ecosystem, and such prospect creates critical security challenges. For instance, IoT security comes up with the achievable of wireless security, mobile device security, and network security. In order to tackle this in the industrial environment, this paper proposed a novel architecture using an AI-enabled zero-trust strategy to create privacy protection and security in industrial, manufacturing, and production units, as shown in Fig. 3. This proposed architecture is split into three different sub folds, such as the interconnection of industrial units, the perimeter of zero trust strategy (which is integrated with AI), and the internet. In industrial unit interconnection, all manufacturing, industrial, and production units of the industry are interconnected in such a way that they can intercommunicated with the dedicated channels of explicit and implicit, respectively, as shown in Fig. 3. On the other side, the Internet connects all such units and zero-trust architecture with the centralized network connection. In the third fold of this proposed architecture, we design a perimeter that is integrated with the AI-enabled ML/DL-based zero-trust architecture that can derive a model for industrial unit security, where we design, create, and deploy secure VPN (for remote users’ connection) and internet tunnel (for explicit delivery of industrial, manufacturing, and product units). In addition, with the association of AI, we can able to maintain some of the highlighted prospects: such as (i) creating and deploying a secure access service edge-enabling system that helps in unifying software development wireless access network and network security protocols into a centralized cloud native-services, (ii) schedule micro-segments, (iii) integrates multi-factor authentication, (iv) associate the principle of least privilege, (v) end-point validation, (vi) operationalized zero-trust, as shown in Fig. 3.

Fig. 3

Proposed AI-enabled zero-trust architecture.

Fig. 4

Steps to achieve security measures.

Datasets description and formulation

The discussion of datasets is initiated in this section, where different types of datasets are used with different range of applicational scenarios integrated for efficient, fast, reliable, and effective network intrusion detection purposes, including network intrusion identification, malware detection in industrial units, IoT vulnerabilities, and involved other cyber threats. The name of the benchmark dataset that is used in this paper is addressed as follows:

1. 1.

   Dataset #1: Canadian Institute of Cybersecurity—IDS Dataset

   1. a.

      Observations: 25k + observations are registered.

   2. b.

      Flagged as attacks: network attacks, IDS, IoT device vulnerabilities.

   3. c.

      Normal traffic: 1200+.

   4. d.

      Traffic behaviors: Normal.

   5. e.

      Full form encompasses observations: 29k full encompasses observations.

   6. f.

      Spin of original dataset: 20%.

2. 2.

   Dataset #2: Vizsec—UGR’16

   1. a.

      Observations: 21k + observations are registered.

   2. b.

      Flagged as attacks: network attacks, IDS, IoT device vulnerabilities.

   3. c.

      Normal traffic: 1700+.

   4. d.

      Traffic behaviors: Normal.

   5. e.

      Full form encompasses observations: 28k full encompasses observations.

   6. f.

      Spin of original dataset: 25%.

3. 3.

   Dataset #3: Kaggle—Network Security

   1. a.

      Observations: 19k + observations are registered.

   2. b.

      Flagged as attacks: network attacks, IDS, IoT device vulnerabilities.

   3. c.

      Normal traffic: 1100+.

   4. d.

      Traffic behaviors: Normal.

   5. e.

      Full form encompasses observations: 24k full encompasses observations.

   6. f.

      Spin of original dataset: 22%.

Table 2

Pseudo-implementation of deployment process of AI-based zero trust strategy for real-time intrusion identification and detection.

Results and discussion

Before initiate the discussion of simulation results, some of key assumptions are highlighted due to implement and deployment of the proposed AI-enabled zero-trust architecture for industrial environments. The list of features are as follows:

• Processor: Intel core i7 vPro Processor with 3.2 GHz clock speed is required;

• Memory: Minimum of 16 GB RAM up to 32 GB RAM;

• Solid State Drive: Minimum of 256 GB is required;

• Network: Minimum of 4–6 Mbps to 1 Gbps support is required;

• Wireless communication sensors connectivity is required;

• Two intercommunication channels are required for implicit and explicit industrial transactions.

However, Figs. 5 and 6, and 7 illustrate the working hierarchy of the proposed AI-enabled (majorly ML adaptive learning model) with zero-trust architecture for real-time network intrusion detection, whose metrics are the rate of intrusion identified with respect to time(s). In this test, we receive a prominent result, which is completely unique, where the rate of intrusion is identified = 273 in 563 s, as shown in Fig. 5. On the other side, DL performs almost the same as ML; in this evaluation, we receive a fluctuation in between the rate of intrusion identified = 261 in 1955 s, as shown in Fig. 6. In test 3 (zero-trust with clustering features), we receive a fluctuation in between the rate of intrusion is identified = 273 in 821 s, as shown in Fig. 7.

Fig. 5

Test (1), The Rate of Intrusion Identifies with Respect of Time (s).

Fig. 6

Test (2), The Rate of Intrusion Identifies with Respect of Time (s).

Fig. 7

Test (3), The Rate of Intrusion Identifies with Respect of Time (s).

Figures 8 and 9 present the True Positive Test (1) and False Positive Test (1) for both the models that are based on AI-enabled (majorly ML adaptive learning model and DL model, as mentioned in Sect. 3) with zero-trust architecture for real-time network intrusion detection and IoT vulnerabilities, whose metrics are the rate of intrusion identifies on the IoT network with respect of time(s). In both these tests (1) (2), we receive a good result with uniqueness, where the rate of intrusion is identified = 266 in 541 s, as shown in Fig. 8. On the other side, DL performs almost the same as ML; in this evaluation, we receive a fluctuation in between the rate of intrusion is identified = 233 in 821 s, as shown in Fig. 9. However, the overall result we received in the proposed simulations and results, where the cost of computation used by ML algorithms is 13.1% (reduction) and maintains 97.4% efficiency. On the other side, DL consumes 17.3% of computational resources due to the management of complex layers but maintains an efficiency of up to 98.7%.

Fig. 8

Test (1) Based on True Positive Test of the proposed AI-enabled Zero-Trust Architecture.

The results of the proposed AI-enabled zero-trust architecture is compared with the list of state-of-the-art methods as follows^{30,31,32,33,34,35,36,37}:

• B. Sharma et al., Explainable artificial intelligence for intrusion detection in IoT networks: A deep learning based approach.

• A. Alalmaie et al., Zero Trust Network Intrusion Detection System (NIDS) using Auto Encoder for Attention-based CNN-BiLSTM.

• X. Chen et al., Zero trust architecture for 6G security.

• C. Zanasi et al., Flexible zero trust architecture for the cybersecurity of industrial IoT infrastructures.

Fig. 9

Test (1) Based on False Positive Test of the proposed AI-enabled Zero-Trust Architecture.

• F. Naeem et al., Federated-learning-empowered semi-supervised active learning framework for intrusion detection in ZSM.

• X. Larriva-Novo et al., Leveraging Explainable Artificial Intelligence in Real-Time Cyberattack Identification: Intrusion Detection System Approach.

• A. Singh et al., Transfer Fuzzy Learning Enabled Streebog Cryptographic Substitution Permutation Based Zero Trust Security in IIOT.

• S. Shen et al., Deep Q-network-based heuristic intrusion detection against edge-based SIoT zero-day attacks.

Tables 3 and 4 present the report of comparative analysis (both the tests (1)(2)), which is done between the proposed architecture with other state-of-the-art methods^{30,31,32,33,34,35,36,37}, where the metrics of compression are as follows: (i) context of comparison, (ii) zero-trust architecture, (iii) collaborative technique for distributed access control architecture and management, (iv) classical access control, and (vi) overall impacts.

Table 3 Comparative analysis (1)—Test (1).

Table 4 Comparative analysis (2)—Test (2).

Open research problems

In this context, we highlight and discuss the open research gaps that are involved in the process of implementation, along with the deployment of AI-enabled zero-trust-based real-time intrusion identification and prevention as follows:

Technological integration and the role of AI

As the revolution occurs in the industrial and manufactural environment day-to-day, AI plays a significant role in terms of allowing security experts to make an informed decision to secure information effectively and live within the less human resources in the server rooms^38,39,40,41. By applying AI in the dynamic monitoring domain for productional analysis, AI performs far better compared to the classical methods due to eliminating repetitive work like humans do in real-time, including video surveillance shift-to-shift monitoring and routine server checks for malicious prevention^38,40. While at the same time, enhancing real-time monitoring efficiency and accuracy is a critical task for humans, AI employs threat recognition on overall industrial monitoring setups at machine time with speed. However, existing security professionals often struggle to identify the dynamic protocols by means of time to detect new threats. Furthermore, most of the industrial units still use a classical method for hunting treats which is often enough because it consumes more computational resources and time due to execution cycle completion. Altering fatigue is another perspective of this angle too. On the other side, AI security mainly replaces the classical method in some of the giant’s industrial units by helping to save time in hunting threats, which promptly detects and stops malicious intrusions, along with the reduced set of interventions required. However, the complex architecture of AI-enabled ML techniques requires computational processing and programming-related efforts to handle multi-layer networks, especially Artificial Neural Networks (ANNs). Resultant, a standardized hierarchy is required to lighten the complexity of ML algorithms in both perspectives, like efficient resource management and performance.

Hierarchy of applying zero trust in industrial environment

The hierarchy of applying AI-enabled zero-trust strategy for intrusion detection in the industrial domain is mentioned as follows^{42,43,44,45,46,47}: (i) create and deploy secure access service edge-enabling system that helps in unifying software development wireless access network and network security protocols into a centralized cloud native-services, (ii) schedule micro-segments, (iii) integrates multi-factor authentication, (iv) associate the principle of least privilege, (v) end-point validation, (vi) operationalized zero-trust (like ease of development, scalability, security, visibility, and service & support). However, implementing a zero-trust model in a giant enterprise demand buy-in from participating users to ensure training effectiveness, design and plan, and development. For instance, the implementation of a zero-trust strategy impacts every department in the industrial domain, so the managers of all sectors need to participate and agree on the applicational approach and related protocols. These mentioned critical prospects need to be addressed while deploying an AI-enabled zero-trust strategy in the industrial environment.

Intrusion detection and countermeasures

The discussion of intrusion investigation is based on physical geotechnical examination that integrates with the role of cyberpunk literature that ensures privacy protection and security programs, which means secure computerized information from being accessed by malicious persons, such as it can be malicious insiders or malicious attackers^41,42,43. In the real-time environment of industry, firewalls and their related software components need to be classified for the significance of manufacturing and product delivery electronically. In order to make this possible, there is a requirement to create a strong connection between the cyberpunk literature and the cybercrime investigation process.

Modern technology and the criteria of vulnerabilities investigation

In the advanced digital technological environment, it is clarified that the criteria of vulnerability investigation, which are designed for the proper, efficient, and reliable evaluations, are discussed as follows^40,43:

1. i.

   obtain the identified data,

2. ii.

   obtained the identified data on the systems’ of affected industrial units^41,43,

3. iii.

   examine the known particular component of the intrusion using zero-trust strategy,

4. iv.

   determine the systems are in secured mode,

5. v.

   check if not, then sent alert,

6. vi.

   address the category of intrusion, and.

7. vii.

   document.

Conclusion and future work

This study examines the adaptive advantages of a zero-trust approach powered by AI for real-time intrusion detection on industrial IoT networks. Furthermore, ML’s function in autonomous detection is emphasized, wherein intrusions are classified using a list of learnt datasets. To improve privacy protection and security-related measures, particularly in the industrial setting, the zero-trust architecture idea offers a means of designing “never trust—always verify” infrastructure. The current investigation examined all of these possibilities and proposed a new architecture that establishes a framework for implementing a zero-trust strategy based on AI-enabled machine learning for real-time intrusion detection and identification, and it limits them for security reasons in the industrial sectors. This architecture is supported by a standardized procedure for implementing AI-enabled zero-trust intrusion detection software for Internet of Things systems. Significantly, this work is unique because it uses the most recent iteration of zero-trust intrusion detection parameters, including (i) logistic regression, (ii) recursive partitioning, (iii) gradient boosting, and (iv) DL-AI for fine-tuning Deep Neural Networks (DNNs). Through the simulations, we receive results of the proposed AI-enabled zero trust intrusion detection architecture, which is far better compared to other state-of-the-art methods. The fluctuation in-between false-positive and true-positive from both perspectives of ML and DL is presented, where the cost of computation used by ML algorithms is 13.1% (reduction) and maintains 97.4% efficiency. On the other side, DL consumes 17.3% of computational resources due to the management of complex layers but maintains efficiency up to 98.7%. The application of this proposed architecture in real-time industrial units can be considered one of the candidates due to it provides integrity, effectiveness, efficiency, and reliability.