Abstract
Industrial IoT (IIoT) environments face growing cyber threats due to device heterogeneity and cyber-physical integration. This study proposes a Zero Trust-enhanced intrusion detection framework integrating deep learning anomaly detection, differential privacy, lightweight blockchain-inspired hash-chained ledger and Digital Twin-based situational awareness and visualization of device trust states, designed for low-latency inference suitable for near-real-time IIoT monitoring .A unified dataset was constructed by merging NSL-KDD, CICIDS-2017, and IoT-23 (2,513,419 raw samples unified to 143 features, balanced to 100,000 samples across Normal, DoS, Probe, R2L, U2R classes using SMOTE). Mutual information-based feature selection reduced features to 25. Optimized Multilayer Perceptron (MLP) and CNN–BiLSTM models achieved 89–91% accuracy and 0.89–0.91 macro F1-score, with near-perfect rare-attack detection (F1 ≈ 1.00 for R2L/U2R). Differential privacy (Laplace, ε = 25) reduced accuracy to ~ 78%, quantifying the privacy-utility trade-off. The decoupled Zero-Trust Manager dynamically updates trust scores based on prediction confidence, with tamper-evident SHA-256 hash-chained logging adding negligible latency (~ 1.04–1.06 s for 500 samples). This lightweight, centralized design offers strong cross-domain generalization and deployability for resource-constrained IIoT.
Data availability
To promote transparency and reproducibility, all datasets, source code, and experimental output logs used in this study have been deposited in an openly accessible repository. These materials can be accessed at: [https://zenodo.org/records/18207414]
References
Ullah, Z., Al-Turjman, F., Mostarda, L. & Gagliardi, R. Applications of artificial intelligence and machine learning in smart cities. Comput. Commun. 154, 313–323 (2020).
Torkura, K. A., Sukmana, M. I., Cheng, F. & Meinel, C. Continuous auditing and threat detection in multi-cloud infrastructure. Comput. Secur. 102, 102124 (2021).
Fatema, K. et al. Federated XAI IDS: An explainable and safeguarding privacy approach to detect intrusion combining federated learning and SHAP. Future Internet. 17 (6), 234 (2025).
Neto, E. C. et al. CICIoT2023: A real-time dataset and benchmark for large-scale attacks in IoT environment. Sensors 23 (13), 5941 (2023).
Harbi, Y., Medani, K., Gherbi, C., Aliouat, Z. & Harous, S. Roadmap of adversarial machine learning in Internet of Things-enabled security systems. Sensors 24(16), 5150 (2024).
Paul, B. & Rao, M. Zero-trust model for smart manufacturing industry. Appl. Sci. 13 (1), 221 (2022).
Federici, F., Martintoni, D. & Senni, V. A zero-trust architecture for remote access in industrial IoT infrastructures. Electronics 12 (3), 566 (2023).
Laghari, A. A. et al. A novel and secure artificial intelligence enabled zero trust intrusion detection in industrial internet of things architecture. Sci. Rep. 15 (1), 26843 (2025).
Onwubiko, A., Singh, R., Awan, S., Pervez, Z. & Ramzan, N. Enabling trust and security in digital twin management: A blockchain-based approach with Ethereum and IPFS. Sensors 23(14), 6641 (2023).
Mishra, S. & Sharma, S. K. Advanced contribution of IoT in agricultural production for the development of smart livestock environments. Internet Things 22(1), 100724 (2023).
Zanasi, C., Russo, S. & Colajanni, M. Flexible zero trust architecture for the cybersecurity of industrial IoT infrastructures. Ad Hoc Netw. 156(1), 103414 (2024).
Lilhore, U. K. et al. SmartTrust: a hybrid deep learning framework for real-time threat detection in cloud environments using zero-trust architecture. J. Cloud Comput. 14(1), 35 (2025).
Ali, S., Li, Q. & Yousafzai, A. Blockchain and federated learning-based intrusion detection approaches for edge-enabled industrial IoT networks: A survey. Ad Hoc Netw. 152(1), 103320 (2024).
Huma, Z. E., Jan, S. U., Ahmad, J., Buchanan, W. & Pitropakis, N. Adversarial machine learning in IoT security: A comprehensive survey. ACM Comput. Surv. (2025).
Benjamin Franklin, I., Paul Arokiadass Jerald, M. & Bhuvaneswari, R. Machine learning-based trust management in cloud using blockchain technology. SN Comput. Sci. 3 (6), 429 (2022).
.Hong, Y., Wu, J. & Morello, R. LLM-Twin: mini-giant model-driven beyond 5G digital twin networking framework with semantic secure communication and computation. Sci. Rep. 14 (1), 19065 (2024).
Siraparapu, S. R. & Azad, S. M. Securing the IoT landscape: A comprehensive review of secure systems in the digital era. e-Prime-Adv. Electr. Eng. Electron. Energy 10(1), 100798 (2024).
Chen, X., Feng, W., Ge, N. & Zhang, Y. Zero trust architecture for 6G security. IEEE Netw. 38 (4), 224–232 (2023).
Lv, F. et al. Asynchronous federated learning based zero trust architecture for the next generation industrial control systems. Comput. Netw. 20, 111459 (2025).
Prasad, K. S. et al. A two-tier optimization strategy for feature selection in robust adversarial attack mitigation on internet of things network security. Sci. Rep. 15 (1), 2235 (2025).
Sarhan, M., Lo, W. W., Layeghy, S. & Portmann, M. HBFL: A hierarchical blockchain-based federated learning framework for collaborative IoT intrusion detection. Comput. Electr. Eng. 103, 108379 (2022).
Sundar, K., Sasikumar, S. & Jayakumar, C. Enhanced cloud security model using QKDP (ECSM-QKDP) for advanced data security over cloud. Quantum Inf. Process. 21 (3), 115 (2022).
Javeed, D., Saeed, M. S., Adil, M., Kumar, P. & Jolfaei, A. A federated learning-based zero trust intrusion detection system for Internet of Things. Ad Hoc Netw. 162, 103540 (2024).
Puviarasu, A. & Sudha, V. K. Enhanced IoT security: privacy-preserving federated learning model for accurate, real-time intrusion detection across devices. Ain Shams Eng. J. 17 (1), 103866 (2026).
Nawshin, F., Unal, D., Hammoudeh, M. & Suganthan, P. N. AI-powered malware detection with Differential Privacy for zero trust security in Internet of Things networks. Ad Hoc Netw. 161, 103523 (2024).
Jamiri, H. & Zyane, A. Adversarial attacks in IoT: A performance assessment of ML and DL models. Eng. Proc. 112(1), 14–15 (2025).
Sharafaldin, I., Lashkari, A. H. & Ghorbani, A. A. Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proc. Int. Conf. Inf. Syst. Secur. Priv. (ICISSP). 108–116 (accessed Sept 10 2025). https://doi.org/10.5220/0006639801080116 (2018).
Tavallaee, M., Bagheri, E., Lu, W. & Ghorbani, A. A. accessed Sept. 10, NSL-KDD dataset, University of New Brunswick (2009). (accessed 10 Sept 2025). https://www.unb.ca/cic/datasets/nsl.html
IoT. (accessed 10 Sept 2025). https://www.unb.ca/cic/datasets/iotdataset-2023.html (2023).
Kathole, A. B. et al. Enhanced security mechanism in vehicular networks using ensemble machine learning to detect malicious activity in VANETs. J. Discrete Math. Sci. Cryptogr. 27(7), 2005–2014 (2024).
Kathole, A. B. et al. A novel approach to IoT security for intrusion detection system using ensemble network and heuristic-assisted feature fusion. J. Discrete Math. Sci. Cryptogr. 27(7), 2207–2217 (2024).
Kathole, A. B., Jadhav, D., Vhatkar, K. N., Swapnaja, A. & Gandhewar, N. Solar energy prediction in IoT system based on optimized complex-valued spatio-temporal graph convolutional neural network. Knowledge Based Syst. 304, 112400 (2024).
Kathole, A. B. et al. Secure federated cloud storage protection strategy using hybrid heuristic attribute-based encryption with permissioned blockchain. IEEE Access 12, 117154–117169 (2024).
Acknowledgements
The authors extend their appreciation to the Deanship of Postgraduate Studies and Scientific Research at Majmaah University for funding this research work through the project number (R-2026-70).
Author information
Authors and Affiliations
Contributions
Conceptualization: Shailendra Mishra (S.M). and Naif S. Alshammari (NA), methodology: NA TA, SM., software: Tariq Saleh M Aldafas (TA), validation: TA, S.M, NA; formal analysis: NA, SM, investigation, TA and S.M., resources, NA., data curation, TA writing-original draft preparation, TA, SMwriting-review and editing, N.A., visualization, TA, SM., supervision, NA and S.M., project administration, SMand NA., funding acquisition, NA.
Corresponding authors
Ethics declarations
Competing interests
The authors declare no competing interests.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
About this article
Cite this article
Mishra, S., Aldafas, T.S.M. & Alshammari, N.S. A zero-trust digital twin framework for privacy-preserving multi-dataset intrusion detection in industrial IoT with lightweight blockchain auditing. Sci Rep (2026). https://doi.org/10.1038/s41598-026-42041-w
Received:
Accepted:
Published:
DOI: https://doi.org/10.1038/s41598-026-42041-w
