MA-IDS: Multi-Agent RAG Framework for IoT Network Intrusion Detection with an Experience Library

TL;DR

MA-IDS introduces a multi-agent, retrieval-augmented framework using LLMs and an experience library to improve IoT network intrusion detection with explainability and continual learning.

Contribution

It presents a novel multi-agent system combining LLMs and retrieval mechanisms for self-improving, explainable intrusion detection in resource-constrained IoT environments.

Findings

Achieves high macro F1-scores of 89.75% and 85.22% on benchmark datasets.

Significantly outperforms zero-shot baselines by over 70 percentage points.

Provides rule-level explanations for detection decisions.

Abstract

Network Intrusion Detection Systems (NIDS) face important limitations. Signature-based methods are effective for known attack patterns, but they struggle to detect zero-day attacks and often miss modified variants of previously known attacks, while many machine learning approaches offer limited interpretability. These challenges become even more severe in IoT environments because of resource constraints and heterogeneous protocols. To address these issues, we propose MA-IDS, a Multi-Agent Intrusion Detection System that combines Large Language Models (LLMs) with Retrieval Augmented Generation (RAG) for reasoning-driven intrusion detection. The proposed framework grounds LLM reasoning through a persistent, self-building Experience Library. Two specialized agents collaborate through a FAISS-based vector database: a Traffic Classification Agent that retrieves past error rules before each inference, and an Error Analysis Agent that converts misclassifications into human-readable detection rules stored for future retrieval, enabling continual learning through external knowledge accumulation, without modifying the underlying language model. Evaluated on NF-BoT-IoT and NF-ToN-IoT benchmark datasets, MA-IDS achieves Macro F1-Scores of 89.75% and 85.22%, improving over zero-shot baselines of 17% and 4.96% by more than 72 and 80 percentage points. These results are competitive with SVM while providing rule-level explanations for every classification decision, demonstrating that retrieval-augmented reasoning offers a principled path toward explainable, self-improving intrusion detection for IoT networks.