To address the limitations of conventional intrusion detection systems (IDS) in IoT environments—specifically their neglect of traffic temporal dynamics and inability to enable early threat identification—this paper proposes a lightweight, Transformer-based early intrusion detection method. The approach introduces two key innovations: (1) a dynamic temporal positional encoding scheme that explicitly captures network flow temporal structure and anomalous timestamp shifts; and (2) a tailored data augmentation pipeline designed for class-imbalanced IoT traffic, enhancing model robustness and generalization. Evaluated on the CICIoT2023 dataset, the method significantly outperforms state-of-the-art baselines, achieving high detection accuracy (F1-score > 0.98) while reducing average detection latency by 37%. Moreover, it supports efficient deployment on resource-constrained IoT devices, with sub-15 ms inference latency and a model size under 3.2 MB.

The rapid expansion of the Internet of Things (IoT) has introduced significant security challenges, necessitating efficient and adaptive Intrusion Detection Systems (IDS). Traditional IDS models often overlook the temporal characteristics of network traffic, limiting their effectiveness in early threat detection. We propose a Transformer-based Early Intrusion Detection System (EIDS) that incorporates dynamic temporal positional encodings to enhance detection accuracy while maintaining computational efficiency. By leveraging network flow timestamps, our approach captures both sequence structure and timing irregularities indicative of malicious behaviour. Additionally, we introduce a data augmentation pipeline to improve model robustness. Evaluated on the CICIoT2023 dataset, our method outperforms existing models in both accuracy and earliness. We further demonstrate its real-time feasibility on resource-constrained IoT devices, achieving low-latency inference and minimal memory footprint.