This work addresses the challenges of deploying network intrusion detection models on resource-constrained devices, where high-dimensional noisy data, class imbalance, and limited computational memory hinder performance. The authors propose a correlation-aware divide-and-conquer learning framework—the first to introduce task decomposition into intrusion detection—by exploiting semantic associations between features and attack types to partition the complex detection task into manageable subproblems. Each subproblem is solved using a lightweight decision tree model, preserving high interpretability while significantly enhancing local accuracy and adversarial robustness. Experimental results on real-world datasets demonstrate up to a 43.3% improvement in local accuracy and a 257-fold reduction in model size compared to baseline approaches.

Machine learning-based intrusion detection requires complex models to capture patterns in high-dimensional, noisy, and class-imbalanced raw network traffic, yet deploying such models remains impractical on resource-constrained devices with limited processing power and memory. In this paper, we present a correlation-aware divide-and-conquer learning technique that decomposes a complex learning problem into smaller, more manageable subproblems. This enables lightweight models as simple as decision trees to be trained on focused subtasks, yielding up to 43.3% higher local accuracy and up to 257 times reduction in model size on real-world network intrusion detection datasets, while also improving adversarial robustness and explainability.