This work addresses the limitations of traditional intrusion detection systems in resource-constrained, heterogeneous IoT environments—namely poor generalization, low interpretability, and high computational overhead. The authors propose a novel semantic multi-agent intrusion detection system that uniquely integrates semantic reasoning with a multi-agent architecture. Four specialized agents collaboratively perform semantic embedding, adversarial sample augmentation, and multi-stage probabilistic decision fusion, augmented by a risk-aware mechanism. This approach significantly enhances robustness and interpretability against zero-day and adversarial attacks while maintaining efficiency for edge deployment. Experimental results on multiple real-world IoT datasets demonstrate an overall accuracy of 95.9%, a zero-day attack detection rate of 87.9%, and a false positive rate of 6.8%, confirming its suitability for edge computing scenarios.

The rapid proliferation of Internet of Things (IoT) devices has enabled unprecedented automation and connectivity, but it has also substantially increased the attack surface, exposing networks to sophisticated cyber threats, including zero-day and adversarial intrusions. Traditional Intrusion Detection Systems (IDS) struggle to generalize to unseen attacks, often require substantial computational resources, and lack interpretability, particularly in resource-constrained and heterogeneous IoT networks. Recent advances, including Deep Learning (DL), open-set detection, and Large Language Model (LLM)-based semantic reasoning, address some of these challenges but typically focus on zero-day and adversarial threats and rarely combine semantic reasoning with multi-agent systems. To overcome these limitations, we propose a semantic multi-agent ID that integrates four specialized agents (e.g., Scout, Mutator, Auditor, and Arbiter) that leverage semantic embeddings and multi-stage probabilistic decision fusion. The Scout induces structured hypotheses from semantic embeddings; the Mutator generates adversarially constrained variants; the Auditor evaluates consistency and filters unreliable outputs; and the Arbiter produces interpretable, risk-aware alerts. Extensive experiments across multiple real-world IoT datasets demonstrate that the proposed system achieves 95.9% overall detection accuracy, reduces false-positive rates to 6.8%, improves zero-day detection to 87.9%, and maintains computational efficiency suitable for edge deployment.