{"id":"https://openalex.org/W7152049116","doi":"https://doi.org/10.48550/arxiv.2604.05458","title":"MA-IDS: Multi-Agent RAG Framework for IoT Network Intrusion Detection with an Experience Library","display_name":"MA-IDS: Multi-Agent RAG Framework for IoT Network Intrusion Detection with an Experience Library","publication_year":2026,"publication_date":"2026-04-07","ids":{"openalex":"https://openalex.org/W7152049116","doi":"https://doi.org/10.48550/arxiv.2604.05458"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.05458","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.05458","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.05458","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5013833748","display_name":"Md Shamimul Islam","orcid":"https://orcid.org/0000-0003-0768-1091"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Islam, Md Shamimul","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5065825528","display_name":"Luis G. Jaimes","orcid":"https://orcid.org/0000-0003-4914-6740"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jaimes, Luis G.","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5133177196","display_name":"Ayesha S. Dina","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dina, Ayesha S.","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5013833748"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8784999847412109,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8784999847412109,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.016100000590085983,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.014000000432133675,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.8309999704360962},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.6075000166893005},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.44780001044273376},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.43130001425743103},{"id":"https://openalex.org/keywords/intrusion-prevention-system","display_name":"Intrusion prevention system","score":0.4156000018119812},{"id":"https://openalex.org/keywords/face","display_name":"Face (sociological concept)","score":0.375900000333786},{"id":"https://openalex.org/keywords/intrusion","display_name":"Intrusion","score":0.3449000120162964}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.8309999704360962},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7651000022888184},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.6075000166893005},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4717000126838684},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.47040000557899475},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.44780001044273376},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.43130001425743103},{"id":"https://openalex.org/C27061796","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion prevention system","level":3,"score":0.4156000018119812},{"id":"https://openalex.org/C2779304628","wikidata":"https://www.wikidata.org/wiki/Q3503480","display_name":"Face (sociological concept)","level":2,"score":0.375900000333786},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.3449000120162964},{"id":"https://openalex.org/C2777735758","wikidata":"https://www.wikidata.org/wiki/Q817765","display_name":"Path (computing)","level":2,"score":0.3330000042915344},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33250001072883606},{"id":"https://openalex.org/C166955791","wikidata":"https://www.wikidata.org/wiki/Q629579","display_name":"Macro","level":2,"score":0.32420000433921814},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.30399999022483826},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.29910001158714294},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2833000123500824},{"id":"https://openalex.org/C20162079","wikidata":"https://www.wikidata.org/wiki/Q1151406","display_name":"Case-based reasoning","level":2,"score":0.2606000006198883},{"id":"https://openalex.org/C161301231","wikidata":"https://www.wikidata.org/wiki/Q3478658","display_name":"Knowledge representation and reasoning","level":2,"score":0.2529999911785126},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.2506999969482422}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.05458","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.05458","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.05458","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.05458","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Network":[0],"Intrusion":[1,65],"Detection":[2,66],"Systems":[3],"(NIDS)":[4],"face":[5],"important":[6],"limitations.":[7],"Signature-based":[8],"methods":[9],"are":[10,178],"effective":[11],"for":[12,79,129,186,203],"known":[13,30],"attack":[14],"patterns,":[15],"but":[16],"they":[17],"struggle":[18],"to":[19],"detect":[20],"zero-day":[21],"attacks":[22],"and":[23,53,116,148,158,166,172],"often":[24],"miss":[25],"modified":[26],"variants":[27],"of":[28,50,156,164],"previously":[29],"attacks,":[31],"while":[32,182],"many":[33],"machine":[34],"learning":[35,134],"approaches":[36],"offer":[37],"limited":[38],"interpretability.":[39],"These":[40,176],"challenges":[41],"become":[42],"even":[43],"more":[44,169],"severe":[45],"in":[46],"IoT":[47,204],"environments":[48],"because":[49],"resource":[51],"constraints":[52],"heterogeneous":[54],"protocols.":[55],"To":[56],"address":[57],"these":[58],"issues,":[59],"we":[60],"propose":[61],"MA-IDS,":[62],"a":[63,90,100,104,195],"Multi-Agent":[64],"System":[67],"that":[68,108,121,191],"combines":[69],"Large":[70],"Language":[71],"Models":[72],"(LLMs)":[73],"with":[74,180],"Retrieval":[75],"Augmented":[76],"Generation":[77],"(RAG)":[78],"reasoning-driven":[80],"intrusion":[81,201],"detection.":[82],"The":[83],"proposed":[84],"framework":[85],"grounds":[86],"LLM":[87],"reasoning":[88,193],"through":[89,99,135],"persistent,":[91],"self-building":[92],"Experience":[93],"Library.":[94],"Two":[95],"specialized":[96],"agents":[97],"collaborate":[98],"FAISS-based":[101],"vector":[102],"database:":[103],"Traffic":[105],"Classification":[106],"Agent":[107,120],"retrieves":[109],"past":[110],"error":[111],"rules":[112,127],"before":[113],"each":[114],"inference,":[115],"an":[117],"Error":[118],"Analysis":[119],"converts":[122],"misclassifications":[123],"into":[124],"human-readable":[125],"detection":[126,202],"stored":[128],"future":[130],"retrieval,":[131],"enabling":[132],"continual":[133],"external":[136],"knowledge":[137],"accumulation,":[138],"without":[139],"modifying":[140],"the":[141],"underlying":[142],"language":[143],"model.":[144],"Evaluated":[145],"on":[146],"NF-BoT-IoT":[147],"NF-ToN-IoT":[149],"benchmark":[150],"datasets,":[151],"MA-IDS":[152],"achieves":[153],"Macro":[154],"F1-Scores":[155],"89.75%":[157],"85.22%,":[159],"improving":[160],"over":[161],"zero-shot":[162],"baselines":[163],"17%":[165],"4.96%":[167],"by":[168],"than":[170],"72":[171],"80":[173],"percentage":[174],"points.":[175],"results":[177],"competitive":[179],"SVM":[181],"providing":[183],"rule-level":[184],"explanations":[185],"every":[187],"classification":[188],"decision,":[189],"demonstrating":[190],"retrieval-augmented":[192],"offers":[194],"principled":[196],"path":[197],"toward":[198],"explainable,":[199],"self-improving":[200],"networks.":[205]},"counts_by_year":[],"updated_date":"2026-04-09T06:13:59.934233","created_date":"2026-04-09T00:00:00"}