Hospitals, airports, and campuses are no longer dealing with separate security problems. Someone can slip past a checkpoint while another actor launches a network scan, and together those actions create a bigger risk than either one alone. Most surveillance tools and patrol robots are built to catch one or the other. A new study introduces ARGUS, a mobile system that watches the digital and physical environment at the same time and ties its findings together.
ARGUS prototype equipped with LiDAR, RGB/IR cameras, and IDS modules, designed for hybrid threat detection in cyber-physical environments. Notes: LiDAR = Light Detection and Ranging; IDS = Intrusion Detection System; IR = Infrared.
Bridging cyber and physical threats
Researchers at the Ştefan cel Mare University of Suceava built ARGUS to solve a gap they saw: the lack of real-time correlation between what happens on the network and what happens in the physical space. ARGUS runs facial and weapon detection using computer vision while also hosting intrusion detection software such as Snort and Suricata.
By combining these capabilities, the robot can spot a suspicious individual and connect that detection with, for example, a port scan happening on the network. For environments like hospitals or smart campuses, that linkage could mean catching a coordinated attack that would otherwise slip past siloed tools.
How the ARGUS security robot works under the hood
ARGUS is built on an edge-first design. That means it processes data locally, without sending everything to the cloud. The architecture relies on containerized microservices, so different modules handle video, network monitoring, or sensors independently and still work together.
The robot carries multiple sensors: LiDAR, infrared cameras, microphones, GPS, and ultrasonic detectors. Navigation is supported through mapping and obstacle avoidance, and patrol routes are planned using incident history, heatmaps, and randomization to avoid predictable routines.
ARGUS also listens. Its audio module detects sounds such as gunshots or human screams, which trigger the system to start recording, issue alerts, and pass information to other units.
Test results show strong accuracy and quick response times
The team tested ARGUS in five scenarios: access control, unauthorized entry, weapon detection, port scanning, and DoS attacks. Each scenario was run ten times under different conditions, including low light, crowded spaces, and partial occlusion.
Results showed:
- Face recognition accuracy of 92.7 percent across 500 samples.
- Weapon detection accuracy of 89.3 percent across 450 samples.
- Intrusion detection with latency averaging under one second.
- Audio analysis that improved awareness in obstructed environments.
These figures indicate that the system can respond in real time, keeping false positives low while combining cyber and physical anomalies.
Access control that recognizes faces and stops intruders
ARGUS manages access points by registering authorized users in a database with facial features extracted during setup. At doors or checkpoints, it compares live video with stored profiles and triggers alerts if someone without authorization tries to enter. All attempts are logged with timestamps for traceability.
The system extends to vehicles and weapons. Computer vision models such as YOLO (You Only Look Once) detect vehicles and verify authorization. The same approach applies to detecting bladed weapons or suspicious objects. When a risk is confirmed, ARGUS escalates the response and can act autonomously or coordinate with human operators.
Smarter incident management for vehicles, weapons, and network scans
Incident management is organized by priority. Low-level events are logged for later review, while high-priority ones trigger alarms and call resources. ARGUS can also tie related cyber and physical events together, giving security teams a fuller picture of what is happening.
This approach allows operators to see patterns across incidents. If repeated unauthorized access attempts or recurring weapon detections happen in the same location, ARGUS can recommend adjusting patrol routes or boosting surveillance.
Automated reporting that helps with audits and compliance
Every event feeds into automated reports generated daily, weekly, or monthly. These reports include access attempts, alerts, anomalies, and system health, and can be tailored to roles such as security managers or IT administrators. Reports are digitally signed to preserve integrity.
Because the system processes biometric and behavioral data, the researchers designed ARGUS with privacy and compliance in mind. It supports GDPR and ISO 27001 requirements, with features like retention limits, audit trails, and restricted access. Consent is logged in the database, and metadata can be anonymized where possible.
The tech stack behind the robot’s cyber-physical defense
ARGUS relies on layered hardware: Raspberry Pi boards handle video and facial recognition, ZimaBoard runs Snort and Suricata for intrusion detection, and Arduino microcontrollers manage environmental sensors. This separation allows tasks to run in parallel.
Software is written in Python, with OpenCV, MediaPipe, YOLOv8, and RabbitMQ supporting the main functions. Alerts and events are distributed in real time through asynchronous messaging, keeping latency low. Running both Snort and Suricata in parallel provides redundancy, reducing the risk of an attacker bypassing one IDS.
Where ARGUS succeeds and where it still struggles
The robot consistently delivered detection latency below one second and maintained low false positives. By merging physical and cyber observations, ARGUS provides situational awareness that single-domain patrol robots cannot.
There are limits. Detection accuracy dropped in poor lighting or when objects were partially hidden. The facial recognition dataset used for testing was relatively small, which the authors say needs expansion for stronger statistical confidence. Future work will involve more diverse datasets and additional sensors such as thermal cameras to improve accuracy in difficult conditions.
The researchers plan to extend ARGUS with features like blockchain-based event recording, 5G connectivity for faster synchronization, and defenses against spoofing or deepfake attacks. They also note the importance of securing the robot itself from tampering or adversarial compromise.
