To address degraded intrusion detection performance in heterogeneous IoT environments—caused by multimodal data, non-independent and identically distributed (non-IID) client samples, and stringent privacy requirements—this paper proposes a fog-assisted hierarchical federated learning framework. The framework establishes a four-tier fog–edge–cloud collaborative architecture: the fog layer unifies heterogeneous feature representations; the edge layer employs a utility-driven client selection mechanism to enhance participation quality; the fog server performs robust regional aggregation via FedProx; and the cloud orchestrates global model updates. Integrating a lightweight anomaly detection model with hierarchical optimization strategies, the framework achieves 98%–99% accuracy and PR-AUC > 0.97 on the TON-IoT dataset. It significantly improves convergence stability, scalability, and end-to-end privacy preservation under non-IID conditions.

The rapid growth of the Internet of Things (IoT) offers new opportunities but also expands the attack surface of distributed, resource-limited devices. Intrusion detection in such environments is difficult due to data heterogeneity from diverse sensing modalities and the non-IID distribution of samples across clients. Federated Learning (FL) provides a privacy-preserving alternative to centralized training, yet conventional frameworks struggle under these conditions. To address this, we propose a Mist-assisted hierarchical framework for IoT intrusion detection. The architecture spans four layers: (i) Mist, where raw data are abstracted into a unified feature space and lightweight models detect anomalies; (ii) Edge, which applies utility-based client selection; (iii) Fog, where multiple regional aggregators use FedProx to stabilize training; and (iv) Cloud, which consolidates and disseminates global models. Evaluations on the TON-IoT dataset show the framework achieves 98-99% accuracy, PR-AUC> 0.97, and stable convergence under heterogeneous and large-scale settings, while maintaining efficiency and preserving privacy.