Edge computing expansion exacerbates the trade-off between detection accuracy and computational efficiency in host-based intrusion detection systems (HIDS), where state-of-the-art deep learning approaches often suffer from prohibitive inference overhead, hindering deployment on resource-constrained edge devices. To address this, we propose a lightweight end-to-end HIDS framework: first, unsupervised feature learning is performed via Deep Support Vector Data Description (DeepSVDD)-guided compression of neural networks, yielding compact representations of system call sequences; second, a hybrid anomaly detection architecture is constructed by integrating a lightweight novelty detection model. The method achieves high detection accuracy while drastically reducing computational load. Experimental results demonstrate consistent accuracy improvements over SOTA baselines, up to 75× lower inference latency, and strong real-time performance, robustness, and scalability.

The expansion of edge computing has increased the attack surface, creating an urgent need for robust, real-time machine learning (ML)-based host intrusion detection systems (HIDS) that balance accuracy and efficiency. In such settings, inference latency poses a critical security risk, as delays may provide exploitable opportunities for attackers. However, many state-of-the-art ML-based HIDS solutions rely on computationally intensive architectures with high inference costs, limiting their practical deployment. This paper proposes LIGHT-HIDS, a lightweight machine learning framework that combines a compressed neural network feature extractor trained via Deep Support Vector Data Description (DeepSVDD) with an efficient novelty detection model. This hybrid approach enables the learning of compact, meaningful representations of normal system call behavior for accurate anomaly detection. Experimental results on multiple datasets demonstrate that LIGHT-HIDS consistently enhances detection accuracy while reducing inference time by up to 75x compared to state-of-the-art methods. These findings highlight its effectiveness and scalability as a machine learning-based solution for real-time host intrusion detection.