Byeon, HaewonHaewonByeonAlsaadi, Mahmood AbdulrazzaqMahmood AbdulrazzaqAlsaadiGupta, Sachin KumarSachin KumarGuptaPatni, Jagdish ChandraJagdish ChandraPatniAhamed Ahanger, Tariq AhamedTariq AhamedAhamed AhangerSingh, Brajesh KumarBrajesh KumarSinghSrivastava, Ajeet KumarAjeet KumarSrivastavaAbdinabievna, Pardaeva ShakhnozaPardaeva ShakhnozaAbdinabievnaBoddupalli, SanthoshSanthoshBoddupalli2026-02-102026-02-102025http://dx.doi.org/10.1109/TCE.2025.3563408https://www.scopus.com/pages/publications/105003498811https://gnanaganga.alliance.edu.in/handle/123456789/9342In response to the lack of effective means for detecting and locating malicious exchange nodes in data flow transmission links within the Internet of Things (IoT), this paper proposes a zero-trust management method for data flow between edge nodes based on software defined networking (SDN) communication and control of cyber-physical systems (CPS). To detect and prevent anomalous behaviors like data tampering, forwarding path anomalies, and malicious packet drops through forwarding verification by exchange nodes, SDN-ZTM applies SDN to the data transmission process between IoT edge nodes. This approach applies the SDN architecture to the transmission process of data flows between edge nodes, utilizing a fixed length header overhead for zero-trust management of data flows, nodes, and paths, thereby enabling lightweight packet forwarding verification and malicious exchange node localization. Simulation studies and theoretical research show that SDN-ZTM offers more extensive security features than similar methods. Additionally, SDN-ZTM is a lightweight, useful solution appropriate for IoT application scenarios since it introduces a fixed-length header and has a smaller performance overhead. Experimental results show that the method introduces less than 10% forwarding delay and less than 8% throughput loss. © 1975-2011 IEEE.enCyber-Physical SystemsEdge NodesIotSdn-ZtmZero Trust ManagementArticle