LUT-Compiled Kolmogorov-Arnold Networks for Lightweight DoS Detection on IoT Edge Devices

TL;DR

This paper introduces LUT-compiled Kolmogorov-Arnold Networks (KANs) for efficient, real-time DoS attack detection on resource-limited IoT edge devices, significantly reducing inference latency while maintaining high accuracy.

Contribution

The authors develop a LUT compilation pipeline for KANs, enabling fast, accurate DoS detection on IoT devices with minimal resource usage and deterministic latency.

Findings

Achieves 99.0% accuracy on CICIDS2017 dataset.

Provides 68x speedup at batch size 256 with only 2x memory overhead.

Maintains near-original accuracy after LUT compilation with high resolution.

Abstract

Denial-of-Service (DoS) attacks pose a critical threat to Internet of Things (IoT) ecosystems, yet deploying effective intrusion detection on resource-constrained edge devices remains challenging. Kolmogorov-Arnold Networks (KANs) offer a compact alternative to Multi-Layer Perceptrons (MLPs) by placing learnable univariate spline functions on edges rather than fixed activations on nodes, achieving competitive accuracy with fewer parameters. However, runtime B-spline evaluation introduces significant computational overhead unsuitable for latency-critical IoT applications. We propose a lookup table (LUT) compilation pipeline that replaces expensive spline computations with precomputed quantized tables and linear interpolation, dramatically reducing inference latency while preserving detection quality. Our lightweight KAN model (50K parameters, 0.19~MB) achieves 99.0\% accuracy on the CICIDS2017 DoS dataset. After LUT compilation with resolution $L=8$, the model maintains 98.96\% accuracy (F1 degradation $<0.0004$) while achieving $\mathbf{68\times}$ speedup at batch size 256 and over $\mathbf{5000\times}$ speedup at batch size 1, with only $2\times$ memory overhead. We provide comprehensive evaluation across LUT resolutions, quantization schemes, and out-of-bounds policies, establishing clear Pareto frontiers for accuracy-latency-memory trade-offs. Our results demonstrate that LUT-compiled KANs enable real-time DoS detection on CPU-only IoT gateways with deterministic inference latency and minimal resource footprint.