To address the low detection accuracy and high computational overhead of malware detection on resource-constrained edge devices, this paper proposes the first lightweight large language model (LLM)-driven detection framework tailored for edge computing. Methodologically, it systematically evaluates performance trade-offs of lightweight LLMs—including Phi-3 and TinyLlama—in malware identification; designs an edge-adaptive fine-tuning strategy and cross-platform inference optimization mechanism; and introduces EdgeMalNet, a dedicated IoT malware dataset. Its key contribution is the first holistic optimization paradigm for deploying heterogeneous-edge LLMs, jointly optimizing accuracy, latency, and energy efficiency. Experimental results demonstrate an average detection accuracy of 92.4% on Raspberry Pi 5 and Jetson Nano, with inference latency under 180 ms and power consumption reduced to 37% of conventional CNN-based approaches—significantly enhancing real-time security analytics at the edge.

The rapid evolution of malware attacks calls for the development of innovative detection methods, especially in resource-constrained edge computing. Traditional detection techniques struggle to keep up with modern malware's sophistication and adaptability, prompting a shift towards advanced methodologies like those leveraging Large Language Models (LLMs) for enhanced malware detection. However, deploying LLMs for malware detection directly at edge devices raises several challenges, including ensuring accuracy in constrained environments and addressing edge devices' energy and computational limits. To tackle these challenges, this paper proposes an architecture leveraging lightweight LLMs' strengths while addressing limitations like reduced accuracy and insufficient computational power. To evaluate the effectiveness of the proposed lightweight LLM-based approach for edge computing, we perform an extensive experimental evaluation using several state-of-the-art lightweight LLMs. We test them with several publicly available datasets specifically designed for edge and IoT scenarios and different edge nodes with varying computational power and characteristics.