This work addresses the limitations of existing industrial IoT (IIoT) micro-segmentation approaches, which are typically centralized, static, and lack interpretability, rendering them ill-suited for heterogeneous devices, dynamic communications, and cross-site privacy constraints. To overcome these challenges, the authors propose EFAH-ZTM, a novel framework that integrates federated learning, hypergraph modeling, and explainable AI to enable distributed, dynamic, and interpretable zero-trust micro-segmentation. The method employs federated denoising autoencoders to learn local behavioral embeddings, constructs hypergraphs via kNN manifolds to capture high-order relationships, and applies HDBSCAN clustering to generate security zones. Risk scoring combines reconstruction error and structural anomaly metrics, while LIME and SHAP provide interpretability. Evaluated on the WUSTL-IIoT-2021 dataset, the approach achieves a clustering purity of 0.9990, near-zero contamination rate, and an explanation proxy accuracy of 0.9927—matching centralized training performance while significantly enhancing structural separation and risk stratification capabilities.

Micro-segmentation as a core requirement of zero trust architecture (ZTA) divides networks into small security zones, called micro-segments, thereby minimizing impact of security breaches and restricting lateral movement of attackers. Existing approaches for Industrial Internet of Things (IIoT) networks often remain centralized, static, or difficult to interpret. These limitations are critical in IIoT, where devices are heterogeneous, communication behavior evolves over time, and raw data sharing across sites is often undesirable. Accordingly, we propose EFAH-ZTM, an Explainable Federated Autoencoder-Hypergraph framework for Zero Trust micro-segmentation in IIoT networks. The framework includes a trained federated DNAE that learns behavioral embeddings from distributed clients. kNN-based and Manifold-based hypergraphs capture higher-order relationships among device-flow instances. To generate micro-segments, MiniBatch KMeans and HDBSCAN clustering techniques are applied on the spectral embeddings, while an operational risk score that combines reconstruction error and structural outlierness drives allow/block policy decisions. Trustworthiness of the policy decision is improved through feature-level explanations using LIME and SHAP. Experiments on the WUSTL-IIoT-2021 dataset show that HDBSCAN achieved the strongest structural quality, while the manifold-based hypergraph produces the best oracle-aligned security efficacy that reaches a purity of 0.9990 with near-zero contamination. Similarly, the explainability module also showed high fidelity and stability, with surrogate classifier having an accuracy of 0.9927 and stable explanations across runs. Moreover, an ablation analysis shows that the federated learning preserves competitive segmentation quality relative to centralized training, and the hypergraph modeling significantly improves structural separation and risk stratification.