Sentinel-AI: A Multi-Agent AI Powered Intrusion Detection System for Sme Network Security and Nis2 Compliance on Ultra Low-Resource Edge Devices

Abstract — Small and medium-sized enterprises (SMEs) represent over 99% of European businessesyet remain disproportionately vulnerable to cyber threats due to limited budgets and technicalexpertise. The NIS2 Directive (EU 2022/2555), transposed into Italian law through D.Lgs. 138/2024,mandates robust cybersecurity measures for organizations across 18 critical sectors, imposingsignificant compliance obligations even on smaller entities within essential supply chains. This paperpresents SENTINEL-AI, a novel multi-agent intrusion detection system (IDS) designed to operate onultra-low-resource edge hardware (Raspberry Pi Zero 2 W, 512 MB RAM, <5 MB runtime footprint)while providing enterprise-grade threat detection capabilities. The system implements eight specializeddetection engines (beaconing analysis, DNS exfiltration, malicious domain identification, lateralmovement detection, phishing recognition, brute-force monitoring, suspicious port analysis, andanomalous data volume tracking) coordinated by three AI agents leveraging external APIs (VirusTotal,AbuseIPDB, and Claude AI) for real-time threat intelligence, reputation scoring, and natural languagethreat explanation. Experimental evaluation on a simulated SME network environment comprising 17devices across 7 attack scenarios demonstrated detection of 15 threats with 12 critical alerts, zerofalse positives on legitimate traffic, and successful identification of Emotet beaconing, Cobalt StrikeC2 communications, ransomware lateral movement, and DNS tunneling exfiltration.Keywords: Intrusion Detection System, Multi-Agent AI, NIS2 Compliance, Edge Computing, SMECybersecurity, Threat Intelligence.