Abstract
HALOGrid is an adaptive edge–cloud malware detection framework for IoT traffic. The approach couples a lightweight LSTM (residual paths, attention, drift-penalty regularization) for low-latency edge inference with a telemetry-driven tuner that performs real-time hyperparameter updates. The tuner employs Augmented Grid Search (AGS): a stage-wise coarse-to-fine exploration with stochastic perturbations, early-stopping of inferior candidates, validation-weighted corrections, and expectation-weighted deployment. A resynchronization controller blends edge and cloud states using divergence- and delay-aware gating; updates are secured via mTLS transport and signed artifacts with rollback. The pipeline integrates preprocessing, drift estimation over multi-metric streams, adaptive learning-rate/regularization adjustment, and A/B deployment safety. Evaluation on CICIoT2023 reports 98.74% accuracy, 1.21% false positive rate, and 12.8,ms mean inference latency on Jetson Nano; energy consumption averages 52.5,mJ/inference. Compared with SGM, HPAI, DFN, ODMS, MIHT, AIMO, IEMS, and DOFD, HALOGrid maintains higher detection fidelity with lower tuning overhead through AGS and secure edge–cloud refinement.