The rapid proliferation of Internet of Things (IoT) devices has enabled unprecedented automation and connectivity, but it has also substantially increased the attack surface, exposing networks to sophisticated cyber threats, including zero-day and adversarial intrusions. Traditional Intrusion Detection Systems (IDS) struggle to generalize to unseen attacks, often require substantial computational resources, and lack interpretability, particularly in resource-constrained and heterogeneous IoT networks. Recent advances, including Deep Learning (DL), open-set detection, and Large Language Model (LLM)-based semantic reasoning, address some of these challenges but typically focus on zero-day and adversarial threats and rarely combine semantic reasoning with multi-agent systems. To overcome these limitations, we propose a semantic multi-agent ID that integrates four specialized agents (e.g., Scout, Mutator, Auditor, and Arbiter) that leverage semantic embeddings and multi-stage probabilistic decision fusion. The Scout induces structured hypotheses from semantic embeddings; the Mutator generates adversarially constrained variants; the Auditor evaluates consistency and filters unreliable outputs; and the Arbiter produces interpretable, risk-aware alerts. Extensive experiments across multiple real-world IoT datasets demonstrate that the proposed system achieves 95.9% overall detection accuracy, reduces false-positive rates to 6.8%, improves zero-day detection to 87.9%, and maintains computational efficiency suitable for edge deployment.

翻译：物联网设备的快速普及实现了前所未有的自动化和互联性，但也显著增加了攻击面，使网络面临复杂的网络威胁，包括零日攻击和对抗性入侵。传统入侵检测系统难以泛化到未知攻击，通常需要大量计算资源，且缺乏可解释性，尤其在资源受限和异构的物联网网络中。近期进展（包括深度学习、开集检测和大语言模型语义推理）部分解决了这些挑战，但通常专注于零日或对抗性威胁，鲜有结合语义推理与多智能体系统。为克服这些局限，我们提出一种语义多智能体入侵检测系统，集成四个专用智能体（例如Scout、Mutator、Auditor和Arbiter），利用语义嵌入和多阶段概率决策融合。Scout从语义嵌入中诱导结构化假设；Mutator生成对抗约束变体；Auditor评估一致性并过滤不可靠输出；Arbiter生成可解释、风险感知的警报。在多个真实物联网数据集上的广泛实验表明，所提系统实现了95.9%的整体检测准确率、6.8%的假阳性率、87.9%的零日攻击检测率，并保持了适用于边缘部署的计算效率。