Edge computing decentralizes computation to resource-constrained devices, significantly expanding the attack surface; however, conventional intrusion detection systems (IDSs) struggle to simultaneously achieve lightweight deployment and effective detection of previously unseen threats. To address this, we propose LDPI—a lightweight deep-learning-based intrusion detection system tailored for virtualized edge environments. LDPI embeds a deep learning anomaly detection model as an isolated service within the virtualization layer, ensuring security isolation while enabling efficient, real-time threat identification. Optimized via five-fold cross-validation, LDPI achieves an average AUC of 0.999 and high F1 scores on laptop-class edge nodes, effectively detecting zero-day attacks such as network flooding. Compared to signature-based IDSs (e.g., Suricata and Snort), LDPI delivers superior detection accuracy with bounded computational overhead. Our approach establishes a novel paradigm for edge IDS that jointly satisfies security guarantees, real-time responsiveness, and practical deployability.

Edge computing pushes computation closer to data sources, but it also expands the attack surface on resource-constrained devices. This work explores the deployment of the Lightweight Deep Anomaly Detection for Network Traffic (LDPI) integrated as an isolated service within a virtualization framework that provides security by separation. LDPI, adopting a Deep Learning approach, achieved strong training performance, reaching AUC 0.999 (5-fold mean) across the evaluated packet-window settings (n, l), with high F1 at conservative operating points. We deploy LDPI on a laptop-class edge node and evaluate its overhead and performance in two scenarios: (i) comparing it with representative signature-based IDSes (Suricata and Snort) deployed on the same framework under identical workloads, and (ii) while detecting network flooding attacks.