Lightweight WebAssembly-Based Intrusion Detection for Zero Trust Edge Networks

Abstract

IoT devices deployed across computing continuum infrastructures present significant security challenges due to resource constraints and decentralization. Traditional centralized intrusion detection systems struggle in such environments because of limited connectivity, high latency, and single points of failure. To address these challenges, this article extends a learning-driven Zero Trust framework tailored to resource-constrained edge environments and proposes an approach for evaluating lightweight intrusion detection models in such environments. Our extended approach enables systematic evaluation of lightweight machine learning models for localized intrusion detection, comprising three layers: (i) compilation, (ii) execution, and (iii) measurement. The proposed approach is implemented using Rust and WebAssembly to ensure portable, efficient, and isolated execution across heterogeneous devices. Using this framework, seven representative intrusion detection models (i.e., Decision Tree (DT), Random Forest (RF), k-Nearest Neighbor (KNN), Logistic Regression (LR), Artificial Neural Network (ANN), and Convolutional Neural Network (CNN) variants) were implemented and evaluated on the UNSW-NB15 dataset. Results show that RF achieved the best trade-off between detection accuracy and efficiency, while simpler models (DT and LR) offered near-instant inference with minimal resource usage, making them ideal for highly constrained devices. In contrast, more complex models such as deep neural networks and KNN introduced significant overhead for only modest accuracy gains. These findings underscore the need to balance accuracy and resource efficiency for effective Zero Trust edge security.