Internet of Things (IoT) deployments combine heterogeneous, resource-constrained devices with weak security configurations, exposed services, limited logging, patching constraints, and long lifecycles. Signature- and threshold-based controls remain useful baselines, but they are insufficient as standalone mechanisms in dynamic IoT networks. Likewise, offline artificial intelligence (AI) benchmark performance alone does not establish operational deployability. This article presents a conceptual framework and research agenda for a Linux-based IoT edge gateway that combines resource-aware flow-level AI-assisted risk scoring, event-level explainability, and bounded mitigation through eBPF/XDP. The controller applies reversible, time-limited actions subject to critical-device safeguards, updates packet-level enforcement state, and records structured logs. The architecture separates complex reasoning and policy control in user space from concise packet-handling decisions in the kernel. It also defines a future hardware-aware evaluation pathway covering detection quality, resource cost, response timing, rollback behaviour, and legitimate-traffic preservation. The paper does not report new experimental meas

翻译：物联网（IoT）部署将异构、资源受限的设备与薄弱的安全配置、暴露的服务、有限的日志记录、补丁约束和长生命周期相结合。基于签名和阈值的控制仍是有效的基线，但在动态物联网网络中，它们作为独立机制并不足够。同样，离线人工智能（AI）的基准性能本身也不能确定操作可部署性。本文提出了一个基于Linux的物联网边缘网关的概念框架和研究议程，该网关结合了资源感知的流级AI辅助风险评分、事件级可解释性以及通过eBPF/XDP的受限缓解。控制器应用可逆的、有时限的操作，并遵循关键设备保护措施，更新数据包级执行状态，并记录结构化日志。该架构将用户空间中的复杂推理和策略控制与内核中简洁的数据包处理决策分离。它还定义了一条未来的硬件感知评估路径，涵盖检测质量、资源成本、响应时机、回滚行为和合法流量保护。本文未报告新的实验测量结果。