Internet of Things (IoT) deployments combine heterogeneous, resource-constrained devices with weak security configurations, exposed services, limited logging, patching constraints, and long lifecycles. Signature- and threshold-based controls remain useful baselines, but they are insufficient as standalone mechanisms in dynamic IoT networks. Likewise, offline artificial intelligence (AI) benchmark performance alone does not establish operational deployability. This article presents a conceptual framework and research agenda for a Linux-based IoT edge gateway that combines resource-aware flow-level AI-assisted risk scoring, event-level explainability, and bounded mitigation through eBPF/XDP. The controller applies reversible, time-limited actions subject to critical-device safeguards, updates packet-level enforcement state, and records structured logs. The architecture separates complex reasoning and policy control in user space from concise packet-handling decisions in the kernel. It also defines a future hardware-aware evaluation pathway covering detection quality, resource cost, response timing, rollback behaviour, and legitimate-traffic preservation. The paper does not report new experimental measurements or claim measured superiority or completed real-time performance.

翻译：物联网（IoT）部署将异构、资源受限的设备与薄弱的安全配置、暴露的服务、有限的日志记录、补丁限制以及长生命周期相结合。基于签名和阈值的控制仍是有效的基线方法，但在动态物联网网络中作为独立机制存在不足。同样，离线人工智能（AI）基准性能本身并不能保证运营可部署性。本文提出了一种基于Linux的物联网边缘网关的概念框架与研究议程，该网关结合了资源感知的流级AI辅助风险评分、事件级可解释性以及通过eBPF/XDP实现的受限缓解。控制器应用可逆的、时间受限的操作，并受关键设备保护措施约束，更新数据包级实施状态，并记录结构化日志。该架构将用户空间中的复杂推理与策略控制与内核中简洁的数据包处理决策分离。它还定义了一条未来硬件感知的评估路径，涵盖检测质量、资源成本、响应时序、回滚行为以及合法流量保留。本文未报告新的实验测量结果，也未声称已取得测量优势或完成实时性能。