SENTINEL-AI: A MULTI-AGENT AI POWERED INTRUSION DETECTION SYSTEM FOR SME NETWORK SECURITY AND NIS2 COMPLIANCE ON ULTRA LOW-RESOURCE EDGE DEVICES

Abstract — Small and medium-sized enterprises (SMEs) represent over 99% of European businesses
yet remain disproportionately vulnerable to cyber threats due to limited budgets and technical
expertise. The NIS2 Directive (EU 2022/2555), transposed into Italian law through D.Lgs. 138/2024,
mandates robust cybersecurity measures for organizations across 18 critical sectors, imposing
significant compliance obligations even on smaller entities within essential supply chains. This paper
presents SENTINEL-AI, a novel multi-agent intrusion detection system (IDS) designed to operate on
ultra-low-resource edge hardware (Raspberry Pi Zero 2 W, 512 MB RAM, <5 MB runtime footprint)
while providing enterprise-grade threat detection capabilities. The system implements eight specialized
detection engines (beaconing analysis, DNS exfiltration, malicious domain identification, lateral
movement detection, phishing recognition, brute-force monitoring, suspicious port analysis, and
anomalous data volume tracking) coordinated by three AI agents leveraging external APIs (VirusTotal,
AbuseIPDB, and Claude AI) for real-time threat intelligence, reputation scoring, and natural language
threat explanation. Experimental evaluation on a simulated SME network environment comprising 17
devices across 7 attack scenarios demonstrated detection of 15 threats with 12 critical alerts, zero
false positives on legitimate traffic, and successful identification of Emotet beaconing, Cobalt Strike
C2 communications, ransomware lateral movement, and DNS tunneling exfiltration.
Keywords: Intrusion Detection System, Multi-Agent AI, NIS2 Compliance, Edge Computing, SME
Cybersecurity, Threat Intelligence.