Hybrid AI framework for anomaly detection and root cause analysis in multi-agent systems

Anomaly detection and root cause analysis (RCA) are critical for securing intelligent systems against evolving threats. Traditional models often suffer from high false alarms, weak adaptability to streaming contexts, and limited interpretability. This work proposes a hybrid artificial intelligence (AI) framework that integrates machine learning (ML) with prior knowledge, semantic rules, and bio-inspired modeling. The approach strengthens detection of diverse attacks, including DoS/DDoS, Probe, U2R, and R2L, while reducing human intervention. Experiments on the NSL-KDD dataset demonstrate that our method decreases spurious alerts by up to 90%, improves accuracy by 2–4%, and reduces false positives/negatives by about 4%. Beyond statistical gains, the framework ensures robustness in real-time environments, offering interpretable and scalable anomaly detection for heterogeneous systems. These results highlight the potential of hybrid symbolic–subsymbolic AI to enhance reliability in next-generation security infrastructures.