ARGUS: An Autonomous Robotic Guard System for Uncovering Security Threats in Cyber-Physical Environments

Abstract

Cyber-physical infrastructures such as hospitals and smart campuses face hybrid threats that target both digital and physical domains. Traditional security solutions separate surveillance from network monitoring, leaving blind spots when attackers combine these vectors. This paper introduces ARGUS, an autonomous robotic platform designed to close this gap by correlating cyber and physical anomalies in real time. ARGUS integrates computer vision for facial and weapon detection with intrusion detection systems (Snort, Suricata) for monitoring malicious network activity. Operating through an edge-first microservice architecture, it ensures low latency and resilience without reliance on cloud services. Our evaluation covered five scenarios—access control, unauthorized entry, weapon detection, port scanning, and denial-of-service attacks—with each repeated ten times under varied conditions such as low light, occlusion, and crowding. Results show face recognition accuracy of 92.7% (500 samples), weapon detection accuracy of 89.3% (450 samples), and intrusion detection latency below one second, with minimal false positives. Audio analysis of high-risk sounds further enhanced situational awareness. Beyond performance, ARGUS addresses GDPR and ISO 27001 compliance and anticipates adversarial robustness. By unifying cyber and physical detection, ARGUS advances beyond state-of-the-art patrol robots, delivering comprehensive situational awareness and a practical path toward resilient, ethical robotic security.

1. Introduction

In our increasingly interconnected social systems, cyber-physical systems such as hospitals, airports, and smart campuses are susceptible to hybrid threats that simultaneously engage both the physical and digital domains. Current security operations rely mainly on linear surveillance: fixed cameras, data collected in separate domains, and human oversight. This model is inadequate when adversaries act without physical or cyber boundaries [1,2]. The significant limitations of linear surveillance procedures highlight the widely held belief that scalable solutions must be sought within the domain of integrated robotic platforms, endowed with autonomous mobility, sensing, and reasoning capabilities, in order to enable preventative and adaptable security frameworks [3,4].

Current applications of mobile robotics demonstrate advancements in artificial intelligence, particularly in navigation capabilities, computer vision algorithms, and certain distributed control applications. Nevertheless, the majority of robotic platforms continue to restrict functionality to a single user or system. Many robotic patrol systems provide only limited visual surveillance and struggle to generate meaningful, real-time responses.

The main research gap addressed by this work is the absence of robotic security platforms capable of correlating cyber and physical anomalies in real time. While existing systems focus on either computer vision surveillance or intrusion detection, none provide multimodal fusion across these domains, leaving infrastructures vulnerable to hybrid attacks. Existing intrusion detection systems at the network level that monitor independent of environment factors as portable devices have far greater limitations. Current technologies remain underdeveloped in their ability to perform multimodal data fusion, integrating present observations with anticipated movements or decision pathways. They also lack robust real-time response mechanisms capable of negotiating uncertainty, adapting to dynamic complexity, and overcoming obstacles when operating under conditions of risk. These limitations bring broken ramifications to security operations within security incidents, subject to hybrid attacks, and then monitoring, detection, and responding to all possible security iterations at once [5,6,7].

The developments created by the latest technological trends provide better avenues to better traverse this problem space. Recent edge technologies that enable rapid processing and deployments of machine learning algorithms without reliance on centralized cloud services are discussed in [8,9,10,11]. Federated learning is just one context of how technology declines collaboration, training the model on multiple devices, for example, while not relinquishing sensitive data from the device. Concurrent developments in navigation using simultaneous localization and mapping (SLAM) techniques, along with multi-agent coordination and new libraries that support adversarial machine learning algorithms, provide agent strategies for autonomous security robots [12]. In this paper, we aim to establish a framework of digital technologies that integrates discussions of both cyber and physical security, with the objective of enhancing resilience against forms of intrusion and disruption through the application of contemporary cyber-physical security approaches.

In this paper, we mainly introduce and define ARGUS (Autonomous Robotic Guarding System), a fully autonomous, multi-model, and distributed edge-based security system that leverages the use of multi-model sensing and embedded intrusion detection with intelligent patrol strategies that can be combined to respond to any potential occurrences from the construction of security vulnerabilities. From established patrol systems, ARGUS uses real-time observations to connect the logical drivers of data, visual, acoustic, and network and put it all together into more abstract rationales about complex hybrid threats. ARGUS will operate through a distributed edge agent, characterized by the ability to coordinate actions across multiple agents, units and human operators at varying levels of command and within diverse spatial and temporal scales, in order to respond effectively to rapid evolving environments [13].

Achieving such integration is not trivial. Synchronizing asynchronous data streams from IDS logs and computer vision outputs requires a distributed messaging backbone, while ensuring low latency under constrained edge hardware adds significant complexity. The design of ARGUS therefore goes beyond integration, introducing a microservice-based orchestration that guarantees reliable real-time fusion and decision-making.

The contributions of this study are:

• Integration of Cyber-Physical: ARGUS empowers an integrated capacity for cyber intrusion detection and physical surveillance that allows a single robotic platform to impact security events.
• Edge-first architectural operational domain: The architecture was designed as containerized microservices allowing for quick use of edge-based AI to enable local AI inference to bring resiliency and low-latency operating parameters.
• Intelligent patrol/multi-modal sensing; ARGUS utilizes advanced waypoint navigation, LiDAR human detection, and AI oriented audio/video learning for intelligent adaptive response to threat events.
• Complete algorithm and validation of platform; ARGUS has been tested and validated under user defined simulation scenarios involving unauthorized entry/controls, identification of abnormal behaviors, and identification of cyber anomalies that highlighted it as a hybrid generation of security solution.

Unlike conventional systems, ARGUS operates as a distributed security agent, embedding intrusion detection systems (Snort and Suricata) directly onboard to monitor and react to network-level anomalies such as port scans, unauthorized access attempts, and Denial-of-Service (DoS) attacks [14,15]. These cyber-detections are correlated in real-time with physical observations, such as human presence, vehicle detection, and suspicious objects, enabling the identification of complex hybrid threat scenarios. The image of the functional prototype is shown in Figure 1.

One of ARGUS’s critical functionalities is the detection of stationary individuals in secure zones using 2D LiDAR technology [16]. By segmenting and classifying static point clouds, ARGUS can distinguish between passive objects and stationary humans potentially evading traditional surveillance. The integration of motion sensors and audio signal analysis further enhances the system’s capacity to minimize false positives, thereby improving operational reliability in environments such as hospitals, universities, or administrative facilities [17].

To extend coverage and reduce vulnerability to predictable attack patterns, ARGUS employs advanced patrol planning mechanisms based on heatmap generation, historical incident records, and randomized routing strategies [18,19]. By prioritizing less-visited or high-risk zones dynamically, the platform minimizes patrol predictability while ensuring comprehensive surveillance. These capabilities are crucial in large, heterogeneous operational areas where static patrols remain vulnerable to the emergence of dynamic threats [20].

The platform’s navigation autonomy is further reinforced by integrating multi-modal obstacle detection and avoidance systems, combining visual, ultrasonic, and inertial data through sensor fusion. Trajectory optimization algorithms based on probabilistic models such as A* and D* Lite allow ARGUS to anticipate and bypass potential obstructions while maintaining efficient energy consumption and minimizing mission time [21].

Combining key capabilities, ARGUS integrates voice control for hands-free command execution in enclosed environments, advanced autonomous surveillance for public and industrial spaces, and anomaly detection using machine learning (ML) models trained on specialized datasets such as University of Macau Anomaly Detection Benchmark Dataset (UMAD). Bringing together autonomous navigation, video analytics, collaborative control, and cyberattack detection, ARGUS establishes a resilient and intelligent platform that sets a new benchmark for autonomous patrol in complex cyber-physical environments [22,23].

ARGUS is primarily designed as a fully autonomous patrolling unit, while also supporting human-in-the-loop supervision for mission planning and escalation, ensuring adaptability and accountability.

2. ARGUS System Functionalities

Similar functional approaches have been reported in robotic patrol systems that integrate vision-based surveillance and access control [1,2,5,7,24]. However, none of these platforms combine both physical and cyber intrusion detection within a unified architecture as proposed in ARGUS.

Inspired by the mythological figure Argus Panoptes, a giant with a hundred eyes and constant vigilance, the ARGUS platform embodies the same core concepts of continuous monitoring, intelligent surveillance, and proactive threat detection.

In practice, these functionalities are organized into four main operational domains: access control and monitoring, incident management, perimeter surveillance with automated reporting, and privacy-aware data governance.

In essence, this figurative concept has been turned into a fully autonomous robotic function that can analyze an environment in real-time, detect cyber intrusion, and respond to incidents that can arise [24]. ARGUS was designed to operate as a mobile patrol and reconnaissance unit designed to combine cyber-physical awareness with autonomous decision making.

To perform security operations, the platform combines numerous technologies, including artificial intelligence and computer vision for facial and object recognition, proximity and motion sensors for perimeter detection, embedded network monitoring for unauthorized scanning detection, GPS positional components to track intruders, or automatic alerts and real-time incident management.

ARGUS is more than a robot, it’s a fully autonomous and integrated security solution designed to transform the approach to perimeter protection, and the protection of critical infrastructure. By virtue of conducting autonomous patrols, while providing intelligence for decision making in terms of threat assessment and cyber-physical anomaly detection, the platform is a truly future looking integrated security solution [25,26].

The following sections highlight the main operational capabilities of the ARGUS system, featuring real-world data flows and examples of the system interface [27].

In the literature, two perspectives are often distinguished: using mobile agents to secure a system, and securing the mobile agents themselves against tampering, spoofing, or adversarial compromise. ARGUS is positioned in the first category, functioning as a mobile security system for cyber-physical infrastructures, while future research will expand to the second perspective to ensure resilience of the robotic agent itself.

These systems illustrate the evolution of autonomous platforms for surveillance and cyber-physical protection, but they rarely address the dual challenge of securing both the environment and the mobile agent itself. Previous studies on mobile agents emphasize not only their capacity to enhance system security [28], but also the necessity of securing the agents themselves against malicious interference [29].

2.1. Access Control and Monitoring

The first stage of access control involves registering individuals authorized to enter a building or secured perimeter. This process is fully automated and includes submitting personal data (such as name, photo, and role) via a web-based interface. The system extracts facial features using Google MediaPipe and stores them in a centralized database, as is shown in Figure 2.

Biometric-based access control has also been widely adopted in previous robotic and IoT-enabled surveillance systems [25,26], which confirms the relevance of integrating such a module into ARGUS.

In the second stage, ARGUS continuously monitors entry points, detecting in real time any person attempting to access the secured zone. Video streams are transmitted via RabbitMQ to the processing module, where facial recognition algorithms analyze the captured images. Detected features are compared with those in the database to verify access rights.

If access is granted, the system permits entry. Otherwise, an alert is triggered, both through system logs and notifications sent to assigned security personnel. This ensures a rapid and automatic response to unauthorized access efforts.

By combining facial identification, real-time video processing, and automatic identity verification, ARGUS replaces traditional authentication methods with a self-interaction, reference-aware access control platform. Each effort is logged, and alerts are issued when an intruder is detected.

Every individual who accesses the area is also recorded using a timestamp and an image, for traceability of both successful and unsuccessful access. This module ensures that only authorized individuals are granted access, while maintaining flexibility through adaptive rule-based scheduling and multi-layered verification.

Moreover, the platform offers enhanced reliability by requiring two or more verification attempts within a narrow time window, mitigating false negatives caused by temporary occlusion or low lighting. Upon detecting one or more failed attempts, ARGUS escalates by triggering an additional response layer (e.g., an acoustic alert, or message broadcast to the nearby units). The full process is illustrated in Figure 3.

The system merges biometric identification with network-distributed decision logic, to provide an extensible, adaptive access control regime. This is seizing the opportunity inherent in environments where risk levels constantly change and human oversight is limited.

2.2. Incident Management

ARGUS integrates advanced capabilities for managing vehicle access within secured perimeters, using real-time computer vision detection algorithms such as YOLO (You Only Look Once) and SSD (Single Shot MultiBox Detector). Surveillance cameras capture video streams, which are transmitted asynchronously via RabbitMQ to processing modules. These modules detect vehicles and verify their authorization against a secure database. If validation is successful, access mechanisms (e.g., barrier gates) are activated automatically. Otherwise, alerts are triggered, events are logged, and optional notifications are sent to external systems such as parking management or incident reporting platforms.

In addition to vehicle control, the platform supports real-time detection of physical threats, including facial recognition and identification of bladed weapons. Video feeds from drones, fixed cameras, and mobile patrol robots are processed in parallel through a scalable architecture based on Goroutines. When a dangerous object is detected, ARGUS cross-checks the individual’s identity against the authorized personnel database. Unauthorized or unknown individuals immediately trigger safety alerts and initiate escalation protocols.

For efficient events reaction, the system includes an analytics module that classifies events based on the source (robot or camera) and provides them with priority levels. Incidents of low-priority are stored for later review, while high-risk detections trigger alarm and collect security resources. In critical circumstances, the system can react autonomously or coordinate with operators to neutralize hazards, ensuring a comprehensive and reference-driven safety response (see Figure 4).

To optimize situational awareness, ARGUS preserves a real-time record of events, with contextual metadata that reflects the location, time of detection, kind of threat, and response status of a system. These mechanisms highlight the ability of ARGUS not only to detect but also to classify and prioritize threats in real time, ensuring scalable response coordination between cyber and physical domains.

These records are displayed through the command interface, and the operator can filter, monitor, and interpret occurrences over time. When opportunities for pattern analysis of event histories arise, such as unauthorized vehicle access attempts occurring in the same area several times or the same object detected in the same location over months, the system will recommend altering patrol routes or increasing monitoring of that location.

Further, the platform supports multiple escalation layers: if a cyber alert along with a physical anomaly occurs within the same cadence, the ARGUS system can tie both alerts into the same collection of action responses. The linking of events and the ability for operators to analyze them across time and space provide continuous situational intelligence when time is critical. This intelligence equips ARGUS not only with the capability to respond to ongoing extraordinary threats, but also with the flexibility to learn and adapt to compound security challenges and multifaceted incidents.

2.3. Perimeter Monitoring and Report Generation

ARGUS not only comes equipped with the physical and cyber surveillance capabilities previously described, but it also has an audio threat detection system. Through contextual sound analysis, the system detects high-risk sounds (e.g., gunshots, human screams) and classifies them as incidents. When ARGUS detects a high-risk sound, it will automatically invoke the alerting mechanism: begin capturing video and audio, emit a local alert tone, and if required will forward the event to some or all other units, using a distributed message broker. These agents consume events and execute appropriate responses, establishing a cohesive multi-agent framework capable of rapid and coordinated action.

In practice, audio detection was tested by simulating high-risk sounds such as gunshots (recorded samples) and human screams under both indoor and outdoor conditions. Although audio was not the main focus of this study, it successfully complemented visual and cyber modules, improving situational awareness by reducing false negatives in crowded or visually obstructed environments.

To facilitate operational traceability and continuous oversight, ARGUS enables automated reporting as illustrated in Figure 5.

This module runs CRON (time-based job scheduler) jobs at EDT intervals (for example, 2–3 AM), during which all or a selection of data will be obtained from system logs, detection events, status of the robots, and surveillance images. This information will be processed internally and used to generate regular daily, weekly, or monthly reports, with users selecting either security reports (access, incidents, or alerts) or performance reports (system health, maintenance history, etc.). These reports can be exported in PDF or CSV format for aggregation with other systems, ensuring legislative efficiencies and interoperability.

To ensure operational visibility, every report contains logs with timestamps, system status snapshots, and summary statistics: the number of access attempts, alerts fired, anomalies detected, and uptime percentages. The reports are also tailored for the user role, e.g., a security manager gets a different report than an IT administrator or maintenance staff, so they only receive information pertinent to their role.

Additionally, ARGUS can automatically generate and distribute reports via email or secure file transfer at any defined point in time or time interval, so that less manual monitoring is necessary and critical information is presented to designated parties in a timely manner. All reports are tampered evident, digitally signed and archived in a legally defensible manner, as well as for regulatory purposes.

In operations requiring mandatory compliance (e.g., critical infrastructure, public sector), automated reporting substantially reduces administrative workload while ensuring a high degree of accountability and traceability. As reports accumulate over time, they generate numerous trend lines, that help inform strategic improvements in patrols, sensor placement, and equipment maintenance intervals.

2.4. Privacy, Ethics, and Data Protection

Modern security robotics must consider not just technical performance but ethical and legal obligations. ARGUS platform depends on biometric and behavioral analysis that naturally depends on individual data. Because sensitive data is processed, the system design must adhere basic privacy and data protection principles in compliance with regulations such as GDPR and CCPA. Data collected through facial recognition, radio access logs, or audio recording will have defined retention limits, restricted access to qualified users, and automatic deletion once expiration periods are reached. User consent must be recorded in the access control database. All user transactions will employ digital signatures to ensure actions can be traced to specific individuals for accountability. Audit trails will capture footprints to provide evidence and verification, ensuring compliance with systems expectations and intended use.

However, beyond legal compliance, ethical considerations have been incorporated into the platform by limiting data collection to what is strictly necessary, anonymizing metadata where possible, and providing reports that ensure transparency. The ARGUS platform may not only operate as an advanced robotic guard, but it may also act as a privacy conscientious solution to technology that is up to date with modern innovation as it intersects ethical compliance and responsible innovation.

3. Methodology

The ARGUS system architecture was designed based on a customized, modular, and extensible robotic structure to support a wide range of integrated functionalities, including physical detection of human presence, facial recognition, network monitoring, and protection against cyberattacks in the real-world environment. This design allows for easy expansion of features and reconfiguration depending on operational conditions. Regarding the hardware level, ARGUS combines the performance of specialized integrated platforms, such as Raspberry Pi, ZimaBoard and Arduino microcontrollers. Each of them performs a specific function in sensor processing, network interfacing or algorithm exclusivity. This layered approach significantly contributes to the robustness of the system and its resilience in critical security scenarios.

To ensure transparency and reproducibility, the methodology also documents the training of AI models, the strategies adopted to mitigate overfitting, and the mechanisms considered for adversarial robustness.

3.1. Integrated Hardware and Sensors

Regarding hardware, the ARGUS robot is equipped with the following components:

• The Raspberry Pi board video interface management, facial identification, and responsible for local processing of real-time data currents;
• Dedicated to network traffic analysis and intrusion detection on a ZimaBoard, running Snort and Suricata in parallel;
• An Arduino microcontroller that is used to interface with temperature, acoustic and touch/speed sensors;
• A comprehensive sensor suit, which includes ultrasonic sensor, 2D lidar, PIR, a directional microphone and an infrared camera, which are all climbed on an autonomous mobile chassis.

This structure ensures logical separation of tasks and allows parallel processing, thus increasing the reliability of the system under real operational conditions.

The patrolling unit integrates GPS and IMU modules for navigation and trajectory logging, enabling precise patrol coverage and georeferenced alerts.

In addition, embedded processing modules offload intrusion detection and anomaly analysis locally, which increases resilience against distributed denial-of-service (DDoS) attacks by reducing dependence on remote servers.

The design of ARGUS was motivated by the limitations of static surveillance infrastructures, which are unable to correlate cyber intrusions with physical intrusions in real time. ARGUS integrates visual analytics and IDS alerts, and distributes messaging through RabbitMQ into a unified orchestration module. This modular integration allows real-time decision making with low latency at the edge, ensuring both scalability and adaptability to diverse environments.

3.2. Software Architecture and Technologies Used

The ARGUS software 1.0 system has been developed in Python 3.11 and follows a hybrid distributed, event-powered architecture. It takes advantage of local microservice and asynchronous communication to ensure modularity and scalability. Each application runs in an isolated container and communicates through a lightweight REST API or via RabbitMQ using asynchronous message queues.

The system incorporates the following technologies:

• OpenCV 4.8.1 and MediaPipe 0.10.9 for real-time video stream processing and facial recognition tasks;
• YOLOv8 (Ultralytics v8.1.0), manually trained, for detecting bladed weapons, suspicious objects, and vehicles;
• Snort 3.1.72.0 and Suricata 7.0.2, deployed on the ZimaBoard, for identifying unauthorized scans and malicious traffic;
• CRON (Debian v3.0pl1-137) jobs for scheduled and automated report generation;
• Flask 3.0.2 to manage the local API interface and inter-module communication;
• RabbitMQ 3.12.1 (Erlang 25.3.2.8) as the backbone for asynchronous messaging between system components.

The YOLOv8 detection models were trained on a custom dataset of around 12,500 labeled images, including both indoor and outdoor scenes with varied lighting conditions (natural light, artificial light, and low-light). Custom data augmentation methods, such as random cropping, flipping, and brightness adjustment, were applied to increase dataset variability and help prevent overfitting during model training. Training proceeded for 100 epochs with a batch size of 32, using an 80/20 split between training and validation sets. Cross-validation was employed to assess robustness, and model selection was based on minimizing both the false-positive and false-negative results across validation runs. MediaPipe models utilized pre-trained weights but were validated with 500 local face recognition samples to ensure compatibility with the target deployment environment.

3.3. Operational Flow and Data Management

All data collected by the system, including images, alerts, incident records, and robot statuses, is stored within a local private cloud and is accessible via a secure web-based graphical interface. ARGUS follows an edge-first processing model, where data analysis is performed locally, at the edge of the network, to minimize latency and reduce exposure to external threats.

The system is trained to identify and classify:

• whether a person is authorized, using multi-angle facial recognition;
• whether the individual is carrying a bladed weapon, through object classification algorithms;
• whether suspicious network activity is occurring, such as scans or unauthorized access attempts.

Based on these detections, ARGUS can:

• automatically send real-time alerts via email and SMS to designated security personnel;
• log the events in the system and activate additional ARGUS units using distributed messaging protocols.

Below is a visual representation of the ARGUS architecture in Figure 6, depicting the inter-relationships of hardware modules, AI edge processing components, and the command-and-control server, throughout the system.

Evaluation was carried out under both indoor and outdoor conditions, including normal illumination, low-light, and partially obstructed environments. Five distinct scenarios were tested: (i) authorized face recognition, (ii) unauthorized face detection, (iii) edged weapon detection, (iv) port scanning, and (v) denial-of-service attack. Each scenario was repeated ten times to ensure reproducibility. For network traffic monitoring, five additional independent tests were conducted under identical load conditions to validate consistency of results.

Cyber-threat testing included simulated port scanning, denial-of-service attempts, and unauthorized access intrusions. Each scenario was repeated ten times to ensure reproducibility, and results were aggregated to compute mean accuracy and false-positive rates. This allowed validation of all key ARGUS characteristics summarized in Figure 6.

This diagram shows how the Raspberry Pi boards, ZimaBoard and Arduino microcontroller work in tandem to collect, analyze and transmit data. The diagram also seeks to denote the asynchronous communication flows that enable seamless operation of video analysis, AI detection, network monitoring, and alert systems as layered subsystems.

Due to the multi-layered architecture, the platform can operate independently in an isolated manner, while also synchronizing with a centralized infrastructure, allowing for incremental data aggregation and event correlation at the system-level.

To ensure clarity and reproducibility, an explicit evaluation framework was defined for the experiments conducted with ARGUS. The framework relies on three main components:

• Performance criteria: detection accuracy, false positive and false negative rates, detection latency, and adversarial robustness.
• Threat scenarios: face recognition (authorized/unauthorized), edged weapon detection, port scanning, denial-of-service attacks, and contextual audio detection.
• Statistical analysis: each scenario was repeated ten times, and mean values with 95% confidence intervals were reported to avoid interpreting isolated cases.

This framework directly connects to the comparative benchmarking presented later, situating ARGUS within the context of existing robotic patrol systems. By adopting this structured evaluation, the reported results become both transparent and directly comparable with prior work in the literature.

3.4. Security and Adversarial Robustness

In addition to common functionality, ARGUS is made to accommodate adversarial conditions against its learning modules and its intrusion detection systems. Potential risks include adversarial inputs, designed to confuse computer vision models across multiple modalities (spoofing and deepfake attacks), poisoning attempts to corrupt training data, and altering the configuration of an IDS to suppress alerts. To mitigate these threats, ARGUS employs redundancy across detection modalities (visual, audio, and cyber), and running an ensemble IDS (i.e., both Snort and Suricata) in parallel allows for cross-validation. Detection capability is enhanced through cable connections to edge devices, which contributes to system flexibility. With detection capabilities established, we have begun considering adversarial training and dataset enrichment to ensure performance remains robust, even under adversarial conditions. Managing uncertainty underpins all resilience and security measures, improving the overall robustness of the platform and supporting autonomous deployment in safety-critical contexts.

4. Experimental Evolution and Results

Figure 7 depicts RabbitMQ’s message monitoring console utilized by ARGUS when processing security alerts in real time, generated by the Snort intrusion detection engine. Alerts are sent along a dedicated channel using base64-encoded messages, making it an effective, reliable, and quick communication channel between elements of the system.

To provide statistical reliability, each experimental test was repeated five times under identical conditions, and the results are presented with mean values and 95% confidence intervals. This approach ensures that the reported accuracy and latency are not isolated outcomes but representative of the system’s overall performance.

The figure shows real IDS log entries forwarded by RabbitMQ. These logs are essential for correlating cyber events with physical anomalies, even for readers less familiar with IDS outputs.

For statistical reliability, each scenario was repeated ten times, and results are reported as mean values with 95% confidence intervals. In the case of network traffic monitoring, five independent runs were additionally performed and averaged to confirm stability under identical load conditions.

The captured display shows log entries of network events classified under BAD-TRAFFIC same SRC/DST, with identical source and destination address. The phenomenon depicts UDP packets in which both the source and destination are broadcast addresses (0.0.0.0:68 → 255.255.255.255:67). Each alert may include useful metadata, such as timestamp, the protocol in use (IP/UDP), and the assigned priority level, all of which provide valuable context for assessing the nature of the threat.

Across repeated trials, the detection latency remained consistently below one second, with a measured mean of 0.84 s ± 0.05 s at the 95% confidence level. This confirms that ARGUS is capable of real-time intrusion detection with minimal variation, even under high network load.

Using these priority levels, ARGUS can make automatic decisions based upon low-severity and high-severity incidents. In addition to delivering immediate alerts to the operator, priority levels enable the system to dynamically learn and adjust rules as needed.

Using RabbitMQ, with the asynchronous nature of the messaging design, is beneficial to improving both the performance and scalability of this platform. Alerts are consistently processed through RabbitMQ regardless of high traffic volumes or network complexity. The critical factor is that RabbitMQ ensures no data loss or noticeable delay, maintaining continuous operational capability while working with alerts and events, even in extremely high-stress scenarios.

The results obtained in the network traffic monitoring tests confirm the efficiency of the integration of IDS modules within the ARGUS system. Abnormal traffic detections were retrieved, classified, and distributed with response times below the critical threshold of one second, demonstrating the robot’s ability to support active and adaptive cyber protection in real patrol scenarios.

In addition, the distributed architecture based on RabbitMQ ensures not only the resilience of the information flow in case of congestion, but also the possibility of scaling the system to cover wider perimeters or integrate multiple ARGUS entities in a collaborative network.

Next, the experimental evaluations focus on validating the physical and computer vision detection components, specifically the ARGUS capabilities for facial recognition, edged-weapons identification, and classification of suspicious behaviors.

Before presenting the IDS log integration, it is important to highlight how ARGUS processes and correlates multimodal events. The visual detection modules generate alerts for faces, weapons, or abnormal behaviors, which are timestamped and forwarded via RabbitMQ to the central monitoring layer. In parallel, the IDS modules detect anomalous network traffic and produce log entries. The combination of these outputs provides ARGUS with a unified threat picture, enabling the system to associate cyber anomalies with simultaneous physical detections. This correlation forms the basis of the experimental results that follow.

Figure 8 presents a sample log output from the ARGUS module responsible for integrating intrusion detection alerts into the real-time monitoring workflow. The fragment displays the successful initialization of the Snort engine and the live forwarding of alerts, specifically BAD-TRAFFIC same SRC/DST, to the system’s processing and alerting layers.

The log output demonstrates how ARGUS prioritizes and records IDS alerts in real time, providing structured event data that is accessible for both automated responses and operator review.

These messages are handled by a dedicated custom-built application (main.go) tailored to the modular structure of ARGUS. Unlike generic integration solutions, this lightweight module ensures minimal latency and provides direct control over:

• message formatting;
• event logging and storage;
• alert prioritization logic;
• future scalability requirements.

For every detected anomaly, a structured log entry is recorded, containing the timestamp, threat type, and assigned priority level (e.g., priority 2 in the shown case).

This custom logging approach reinforces ARGUS’s ability to natively embed IDS modules and efficiently manage cyber alerts, contributing to enhanced resilience against evolving network threats in autonomous security deployments.

ARGUS merges these separate paradigms onto a single, mobile platform, integrating both physical threat detection and continuous cybersecurity anomaly assessment. Compared to robotic security systems examined in recent literature [1,2,5], which primarily focus on patrol, visual recognition [2], autonomous navigation/SLAM [12], and path/pathway formations [3], the ARGUS system contains not only solutions to these previous issues but also integrates security intrusion detection modules (e.g., Snort + Suricata), enabling real-time correlations of abnormal visual presence with anomalous network activity.

Unlike some architectures that are dependent on cloud-based analytics or delayed decision loops, ARGUS primarily uses an edge-based distributed computing architecture allowing processed data located at the edge to be classified in real-time, which can trigger security response protocols at predetermined times. This independence, either through software or hardware reliance no matter the scenario, provides benefits in resilience, edge rendering without dependence, and also provides improved functionality in exigent circumstances or contexts where network connectivity is scarce.

When evaluating current literature on robotic security systems as described earlier in this report, it is revealed they rely heavily on monolithic software stacks with little or nothing described around the ability to change or adapt them once deployed. In contrast, the ARGUS system is based on a containerized microservices architecture, which supports multiple and selective updates, isolated module upgrades, and the execution of parallel tasks. These features are some of the most significant for ensuring long-term maintainability and mission success.

Many existing systems rely on disjointed information streams, and multi-sensory inputs are often classified in silos or evaluated asynchronously without situational awareness. The ARGUS system can integrate multimodal data from visual, acoustic, thermal, and cyber sources to form a complete and up-to-date operational picture. Although there are currently no examples in the literature of patrol robots aggregating multimodal information, the various sensor data used by human operators would classify them as multiplatform surveillance-oriented agents.

The combination of autonomous navigation, real-time AI inference, embedded cybersecurity, and distributed edge computing/microservices demonstrates ARGUS’s flexibility in integrating each aspect of modern security threats. This fully integrated, responsive multi-sensor and multi-modal framework exemplifies the next generation of robotic surveillance platforms.

Overall, the experimental findings confirm that ARGUS delivers reliable cyber-physical anomaly detection with statistically validated accuracy and latency. The system maintains resilience under diverse environmental conditions and demonstrates measurable advantages over state-of-the-art patrol robots, thereby validating its contribution as a next-generation security platform.

5. Evaluation of Computer Vision Detection Capabilities

Within the experiments to validate the visual capabilities of the ARGUS system, two main test directions were defined:

• Facial recognition of authorized/unauthorized persons;
• Detection of edged weapons (knives, batons, blunt objects) carried by suspicious people.

The tests were conducted in a controlled environment, replicating an access point in a secured perimeter. The ARGUS platform used RGB and infrared cameras to capture images of moving or stationary individuals.

Image processing was performed as follows:

• Face detection using the MediaPipe Face Detection model;
• Person recognition by comparing facial landmarks with the registered set;
• Weapon detection using the YOLOv8 model trained on a custom set of images (with edged weapon labels).

In addition to standard lighting, the models were evaluated under adverse conditions, including infrared-only input, partial occlusions, simulated fog, and crowded scenes. These adverse conditions correspond directly to the performance values reported in

Table 1. Performance comparison of ARGUS visual modules in weapon detection tasks and facial recognition, including processing time, accuracy, and error rates under mixed lighting conditions.

Characteristic	Face Recognition	Weapon Detection
Average Processing Time (ms)	180	240
Detection Accuracy (%)	92.7	89.3
False Positive Rate (%)	3.2	4.1
False Negative Rate (%)	4.1	5.8
Testing Conditions	Natural and Artificial Light	Natural and Artificial Light

and Figure 9, where detection accuracy decreases by 7–10% under occlusion or low-light scenarios.

Figure 9 presents the comparative performance of ARGUS’s computer vision detection modules, focusing on face recognition and weapon detection. Face recognition achieved a faster processing time of ~180 ms, while weapon detection averaged 240 ms, due to the deeper feature extraction required by models like YOLOv8. Face recognition achieved an accuracy of approximately 92.7% (based on 500 test samples, with a 95% confidence interval of ±2.5%), confirming the robustness of the visual module while acknowledging dataset limitations.

The access control module was validated using a dataset of 500 authorized and 200 unauthorized face samples. The accuracy of access validation exceeded 91%, confirming that the module provides reliable authentication under varied lighting conditions.

These results are not only a function of YOLO’s strength in object detection, but of the multimodal scheme that ARGUS implements. By correlating suspicious physical events with simultaneous IDS anomalies, the system can escalate alerts with higher confidence, reducing false positives and providing richer situational awareness than either YOLO or IDS alone.

ARGUS effectively identified authorized individuals and triggered real-time alerts for unauthorized persons. For edged weapons, detection remained reliable in various lighting conditions, with minor degradation under low visibility. The system’s rapid alerting mechanisms, including instant email and SMS notifications to the control centre, were validated successfully. Experimental analysis confirms ARGUS’s high accuracy and low latency (<250 ms) across both detection tasks, supporting its readiness for autonomous security deployments, as is illustrated in Table 1.

However, the tests highlighted certain limitations in low-light conditions or partial exposure of objects, where the recognition accuracy slightly decreases, indicating the need to implement additional mechanisms, such as:

• integration of additional IR cameras;
• improvement of the training dataset with low-light images;
• adaptation of AI models through fine-tuning techniques for various environmental conditions.

Overall, the results validate the viability of the ARGUS system in autonomous patrol scenarios, with clear optimization perspectives to expand the scope of applicability and operational robustness.

To contextualize ARGUS within existing robotic security platforms,

Table 2. Comparative benchmarking of ARGUS against representative robotic security platforms, highlighting detection accuracy, latency, sensing modalities, and cyber-physical integration.

System/ Reference	Year	Detection Accuracy	Latency	Modalities	Cyber Intrusion Detection	Scalability	Limitations
ARGUS (this work)	2025	Faces: 92.7%, Weapons: 89.3%	<1 s	Visual, Audio, LiDAR, Network IDS	Yes (Snort, Suricata onboard)	High (edge-first, multi-agent ready)	Limited performance in extreme low-light
Patrol Robot [1]	2024	88% (faces only)	1.8 s	Visual only	No	Medium	No multimodal integration, cloud-dependent
Intelligent Security Patrol [2]	2024	85% (nighttime objects)	2.1 s	Visual + IR	No	Low	Weak adaptability, limited datasets
IoT-Based Guard Robot [5]	2024	80%	2.5 s	Visual + IoT sensors	No	Low	No cyber integration, poor scalability

Source: Authors’ experiments.

provides a comparative overview against representative systems reported in recent literature [1,2,5]. The comparison includes detection accuracy, latency, supported modalities, and scalability. Results indicate that ARGUS outperforms prior solutions by integrating both physical and cyber intrusion detection, achieving lower latency through edge-first processing, maintaining multimodal situational awareness, and ensuring scalable deployment across diverse cyber-physical infrastructures.

Results confirm that ARGUS provides superior multimodal coverage and native intrusion detection compared to prior solutions, while maintaining lower latency through edge-first processing.

6. Evaluation and Outlook

This work presented ARGUS, an integrated robotic security platform combining physical patrolling and cyber-threat detection. The design, implementation, and testing demonstrated that ARGUS can achieve multimodal situational awareness, resilience against cyber-attacks, and adaptive response in diverse scenarios. By integrating GPS-based mobility, distributed AI, and local anomaly detection, the system proved effective in mitigating both physical intrusions and cyber sabotage attempts.

To provide clarity and improve the manuscript’s structure, this section has been divided into two parts. Section 6.1 presents the experimental results and their discussion, highlighting the advantages of ARGUS in comparison with existing solutions. Section 6.2 focuses on the overall conclusions and outlines directions for future work.

6.1. Experimental Results and Discussion

The results of the experiments reaffirm the strong design and operational readiness of ARGUS across multiple threat scenarios, including unauthorized network scanning, physical breach scenarios, and also weapon detection. When compared to existing robotic patrol platforms, ARGUS had a tangible advantage as it combined physical surveillance that operated amalgamated with cyber intrusion detection, leading to lower response times, and maximized multimodal coverage.

While GPS integration and DoS detection are part of the ARGUS design, these features were not fully validated in the current prototype due to hardware constraints. This limitation is acknowledged, and future iterations will include extended field validation of these modules.

Key features of ARGUS include real-time anomaly detection, autonomous patrol selection, dispersed intelligence, and active response. These features underline the potential for ARGUS to set a new benchmark for intelligent security in risk sensitive environments. The system’s modular and expandable design lends itself for use in various domains of operation including critical national infrastructure and smart town spaces.

An additional benefit of the system is its consideration of privacy and compliance requirements, with biometric data and surveillance logs managed in accordance with legislative and ethical standards. Taken together, these results demonstrate ARGUS as a robust and flexible platform, now poised to redefine the conceptualization of autonomous security robotics.

A limitation of this study is the relatively small dataset used for evaluating facial recognition (500 samples). While the results are encouraging, future work will extend testing to larger and more diverse datasets to strengthen statistical validity.

6.2. Conclusions and Future Work

Beyond enhancing detection capabilities, securing the ARGUS agent itself will be a priority, with mechanisms such as secure boot, encrypted communication channels, adversarial defense for AI models, and resilience against firmware tampering.

The novelty of ARGUS lies in its hybrid cyber-physical situational awareness: a robotic platform that unifies edge-based computer vision detection with embedded IDS monitoring to identify complex, correlated threats. This fusion marks a significant step beyond prior patrol systems that treated cyber and physical domains in isolation.

This paper presented the conceptualization, design, development, and validation of ARGUS, an advanced autonomous robotic platform tailored for proactive patrolling in cyber-physical infrastructures. By combining multimodal sensing, real-time AI analytics, distributed threat monitoring, and autonomous decision-making into a unified modular architecture, ARGUS demonstrates that mobile robotic agents can complement or replace static surveillance systems.

Future work will focus on enhancing visual perception under extreme conditions through thermal and hyperspectral imaging, expanding into multi-agent collaboration with decentralized consensus, and applying edge AI optimization for higher efficiency and sustainability. Security auditing will be reinforced through blockchain-based immutable event recording, while 5G integration will improve remote operability and synchronization.

Finally, adversarial robustness will be a priority, with defenses against spoofing, deepfake-based identity attacks, and poisoning of machine learning models. Incorporating predictive behavioral analysis modules will further evolve ARGUS from a reactive security platform into a proactive threat anticipation system.