Abstract

Critical infrastructure systems increasingly rely on interconnected IoT and message-oriented communication protocols, making them highly vulnerable to sophisticated cyberattacks that can disrupt essential services. Traditional perimeter-based defenses are insufficient against dynamic and insider threats, highlighting the need for continuous verification and intelligent threat detection. This study proposes a Zero Trust based critical infrastructure cybersecurity framework that integrates secure MQTT communication, AI-driven intrusion detection, and automated mitigation within a layered architecture. The proposed framework consists of perception, network, and application layers, where trusted edge devices collect real-time data, a secure message broker ensures protected communication, and a Zero Trust enforcement mechanism continuously validates traffic. At the core of the detection engine, a hybrid GRU+LSTM deep learning model is introduced to capture both short-term and long-term temporal dependencies in network traffic, enabling accurate classification of legitimate and malicious activities. Experiments were conducted using a multi-class MQTT intrusion dataset containing legitimate, DoS, flood, malformed, brute force, and SlowITe traffic. The proposed model achieved 89.21 percent accuracy, 0.90 precision, 0.91 recall, 0.89 F1 score, and 0.99 AUC, outperforming conventional machine learning and standalone deep learning models while also reducing inference time. The framework further enables automated mitigation and real-time monitoring through secure application-layer response mechanisms. These results demonstrate that integrating Zero Trust principles with hybrid deep learning provides a robust and scalable solution for securing critical infrastructure against evolving cyber threats, supporting secure network modernization and resilient cyber defense.