![[2602.16098] Collaborative Zone-Adaptive Zero-Day Intrusion Detection for IoBT](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.16098] Collaborative Zone-Adaptive Zero-Day Intrusion Detection for IoBT
Summary
The paper presents a novel Zone-Adaptive Intrusion Detection framework for the Internet of Battlefield Things (IoBT), addressing the challenges of detecting zero-day attacks in constrained environments.
Why It Matters
As cyber threats evolve, especially in tactical networks like IoBT, effective intrusion detection systems are crucial for operational security. This research introduces a collaborative approach that enhances detection capabilities for previously unseen attack types, which is vital for maintaining the integrity of military operations.
Key Takeaways
- Introduces Zone-Adaptive Intrusion Detection (ZAID) for IoBT.
- ZAID improves detection of zero-day attacks through collaborative learning.
- Achieves up to 83.16% accuracy on unseen attack traffic.
- Utilizes federated aggregation for cross-zone generalization.
- Demonstrates the importance of parameter-efficient, zone-personalized collaboration.
Computer Science > Cryptography and Security arXiv:2602.16098 (cs) [Submitted on 18 Feb 2026] Title:Collaborative Zone-Adaptive Zero-Day Intrusion Detection for IoBT Authors:Amirmohammad Pasdar, Shabnam Kasra Kermanshahi, Nour Moustafa, Van-Thuan Pham View a PDF of the paper titled Collaborative Zone-Adaptive Zero-Day Intrusion Detection for IoBT, by Amirmohammad Pasdar and 3 other authors View PDF HTML (experimental) Abstract:The Internet of Battlefield Things (IoBT) relies on heterogeneous, bandwidth-constrained, and intermittently connected tactical networks that face rapidly evolving cyber threats. In this setting, intrusion detection cannot depend on continuous central collection of raw traffic due to disrupted links, latency, operational security limits, and non-IID traffic across zones. We present Zone-Adaptive Intrusion Detection (ZAID), a collaborative detection and model-improvement framework for unseen attack types, where "zero-day" refers to previously unobserved attack families and behaviours (not vulnerability disclosure timing). ZAID combines a universal convolutional model for generalisable traffic representations, an autoencoder-based reconstruction signal as an auxiliary anomaly score, and lightweight adapter modules for parameter-efficient zone adaptation. To support cross-zone generalisation under constrained connectivity, ZAID uses federated aggregation and pseudo-labelling to leverage locally observed, weakly labelled behaviours. We evaluate ZAID on T...
