Treffer: Beyond the Black Box: A Framework for Explainable and Attack-Resilient Federated Anomaly Detection in IIoT

Federated Learning (FL) is a promising paradigm for anomaly detection in Industrial Internet of Things (IIoT) environments. However, existing FL frameworks suffer from vulnerabilities such as model poisoning attacks, privacy leakage, and a lack of model interpretability, which is critical for IIoT environments. This paper introduces a novel framework, Federated Learning with Explainable Anomaly Signals (FL-EAS), designed to overcome these limitations. FLEAS fundamentally alters the federated learning process by exchanging compact, 21-dimensional feature vector derived from the reconstruction errors of local, explainable models, rather than raw model parameters. The framework incorporates a server-side supervised classifier to detect and reject malicious contributions, thereby ensuring attack resilience. By propagating explainability from the client edge to the global model, FL-EAS provides transparent, human-interpretable results. The efficacy of this approach is contextualized for evaluation using the physical process data from the BATADAL 2.0 dataset, demonstrating a state-of-the-art F1-score of 0.9511 on concealed attacks, and demonstrating its potential for secure, efficient, and trustworthy anomaly detection in real-world Cyber-Physical Systems.