Search for a command to run...
The rapid expansion of Industrial Internet of Things (IIoT) systems has significantly increased the attack surface of edge networks, necessitating intrusion detection solutions that are accurate, efficient, and interpretable under strict resource constraints. Existing deep learning–based IoT intrusion detection models often suffer from high latency, excessive memory usage, and limited explainability, while purely symbolic or rule-based systems lack adaptability to evolving traffic patterns. To address these limitations, this study proposes a lightweight neuro-symbolic edge-based intrusion detection framework that integrates lightweight neural learning, symbolic rule-based reasoning, and knowledge distillation for real-time edge deployment. The framework is evaluated on the Edge-IIoTset dataset, consisting of 205,500 labeled network-flow instances collected from a real smart-factory environment and covering multiple attack categories including Denial of Service, Man-in-the-Middle, reconnaissance, and malicious control. Feature selection is performed using mutual information–based relevance analysis combined with symbolic feature embedding, enabling the selection of discriminative numerical, categorical, temporal, and logical features while minimizing redundancy and computational overhead. The proposed hybrid model employs weighted neural–symbolic fusion to combine neural inference with logical rule activation, ensuring both adaptability and interpretability. Model compression is achieved through teacher–student knowledge distillation, significantly reducing resource consumption on edge devices. Experimental results demonstrate an overall accuracy of 94.3% and a macro-averaged F1-score of 93.5%, along with a 37% reduction in memory usage and a 54% reduction in inference latency compared to deep learning baselines. The contribution of this work lies in the deployment-oriented integration of explicit symbolic reasoning within a distilled, edge-optimized neural architecture, enabling interpretable and efficient intrusion detection under realistic IoT edge constraints.