This work addresses the challenge of detecting unknown attacks in the Internet of Battlefield Things (IoBT), where network heterogeneity, bandwidth constraints, intermittent connectivity, and non-independent and identically distributed (non-IID) traffic across regions hinder effective centralized detection. To this end, we propose ZAID, a collaborative zone-adaptive intrusion detection framework that integrates a generalizable convolutional network to extract transferable traffic representations, leverages autoencoder reconstruction error as an anomaly signal, and incorporates a lightweight adaptation module for parameter-efficient regional personalization. Our approach uniquely combines parameter-efficient fine-tuning, zone-level adaptation, and federated learning, enabling collaborative zero-day attack detection without uploading raw traffic data. Through federated aggregation and a pseudo-labeling mechanism, ZAID achieves 83.16% and 71.64% accuracy on unseen attacks (e.g., MITM, DDoS, DoS) in the ToN_IoT and UNSW-NB15 datasets, respectively.

The Internet of Battlefield Things (IoBT) relies on heterogeneous, bandwidth-constrained, and intermittently connected tactical networks that face rapidly evolving cyber threats. In this setting, intrusion detection cannot depend on continuous central collection of raw traffic due to disrupted links, latency, operational security limits, and non-IID traffic across zones. We present Zone-Adaptive Intrusion Detection (ZAID), a collaborative detection and model-improvement framework for unseen attack types, where "zero-day" refers to previously unobserved attack families and behaviours (not vulnerability disclosure timing). ZAID combines a universal convolutional model for generalisable traffic representations, an autoencoder-based reconstruction signal as an auxiliary anomaly score, and lightweight adapter modules for parameter-efficient zone adaptation. To support cross-zone generalisation under constrained connectivity, ZAID uses federated aggregation and pseudo-labelling to leverage locally observed, weakly labelled behaviours. We evaluate ZAID on ToN_IoT using a zero-day protocol that excludes MITM, DDoS, and DoS from supervised training and introduces them during zone-level deployment and adaptation. ZAID achieves up to 83.16% accuracy on unseen attack traffic and transfers to UNSW-NB15 under the same procedure, with a best accuracy of 71.64%. These results indicate that parameter-efficient, zone-personalised collaboration can improve the detection of previously unseen attacks in contested IoBT environments.