The adoption of Internet of Things (IoT) systems at the network edge of smart architectures is increasing rapidly, intensifying the need for security mechanisms that are both adaptive and resource-efficient. In such environments, runtime defence mechanisms are no longer limited to detection alone but become a resource-constrained task of selecting mitigation actions. Security controls must be carefully selected, combined, and executed under latency, energy, and computational constraints, while preventing unsafe interactions between controls. Existing approaches predominantly rely on static rule sets and learned policies, which provide limited guarantees of feasibility, conflict safety, and execution correctness in resource-constrained edge settings. To address this limitation, we introduce ASPO, a self-adaptive multi-agent security pattern selection that integrates Large Language Model (LLM)-based reasoning with deterministic enforcement within a MAPE-K control loop. ASPO explicitly separates stochastic decision generation from execution: LLM agents propose candidate mitigation portfolios, while a deterministic optimisation core enforces closed-world action integrity, conflict-free composition, and resource feasibility at every decision epoch. We deploy ASPO on a distributed edge-gateway testbed and evaluate it across two workloads, each comprising 500 and 1000 runtime security decisions, using replayed IoT attack traffic. In addition, the results demonstrate invariant safety properties, including 100% conflict-free activation, consistent resource feasibility across workloads, and stable pattern dominance with perfect rank preservation. Importantly, deeper decision exploration reduces extreme-case execution costs, compressing tail latency and energy overheads by 21.9% and 23.1%, respectively, without increasing mean energy consumption.

翻译：物联网（IoT）系统在智能架构网络边缘的部署正迅速增长，这加剧了对兼具自适应性和资源高效性的安全机制的需求。在此类环境中，运行时防御机制不再局限于检测，而是转变为在资源约束条件下选择缓解措施的任务。安全控制需在延迟、能量和计算约束下仔细选择、组合并执行，同时防止控制间的不安全交互。现有方法主要依赖静态规则集和学习策略，在资源受限的边缘场景中对可行性、冲突安全性和执行正确性的保障有限。为解决这一局限，我们提出ASPO——一种自适应性多智能体安全模式选择方法，该方法在MAPE-K控制循环内将基于大语言模型（LLM）的推理与确定性执行相结合。ASPO明确分离随机决策生成与执行过程：LLM智能体提出候选缓解方案组合，而确定性优化核心在每个决策周期强制保证闭包操作完整性、无冲突组合及资源可行性。我们在分布式边缘网关测试平台上部署ASPO，并利用重放的物联网攻击流量，在包含500次和1000次运行时安全决策的两个工作负载上对其进行评估。此外，实验结果展示了不变的安全性特性，包括100%无冲突激活、跨工作负载一致的资源可行性，以及具有完美秩保持的稳定模式优度。值得注意的是，更深入的决策探索降低了极端情况下的执行成本，将尾延迟和能量开销分别压缩了21.9%和23.1%，且未增加平均能耗。