Research Progress on Detection Technologies for Network Attack Based on Large Language Model#br#

Abstract

Abstract: Large language model (LLM), with its powerful feature learning ability, the ability to recognize complex patterns, and generalization ability, has paved the way for innovative and powerful methods in network attack detection. Firstly, this paper elaborates on the technical advantages of LLM in network attack detection and proposes a corresponding technical framework. Then, drawing on existing literature, the application status of LLM in network attack detection is reviewed from three aspects: processing original security data, extracting threat features, correlation analysis, and identifying threats in the target environment. Furthermore, the problems and challenges associated with network threat detection using LLM are analyzed. Lastly, the paper outlines the future research directions for network attack detection technology leveraging LLM. This paper aims to provide references for the further development of network attack detection technology based on LLM in the field of network security.

Key words: large language model, network traffic analysis, threat feature extraction, network attack detection, correlation analysis

摘要： 大语言模型凭借其强大的特征学习能力、对复杂模式的识别能力以及泛化能力等优势，为网络攻击检测开辟了新的有效途径.首先阐述大语言模型在网络攻击检测中的技术优势，并提出相应的技术框架.然后结合现有文献，从原始安全数据处理、威胁特征提取、关联分析及目标环境威胁识别3个维度介绍了大语言模型在网络攻击检测中的应用现状，并剖析了基于大语言模型进行网络威胁检测时存在的问题与挑战.最后分析了基于大语言模型的网络攻击检测技术的未来研究方向.旨在为网络安全领域进一步发展基于大语言模型的网络攻击检测技术提供参考.

关键词: 大语言模型, 网络流量分析, 威胁特征提取, 网络攻击检测, 关联分析

CLC Number:

TP309

陈世武, 晋钢, 王炜, 杨渝, . 基于大语言模型的网络攻击检测技术研究进展[J]. 信息安全研究, 2026, 12(1): 16-.

References

［1］Fazil M, Sah A K,Abulaish M. DeepSBD: A deep neural network model with attention mechanism for socialbot detection［J］. IEEE Trans on Information Forensics and Security, 2021, 16: 42114223［2］Pala S K. Study todevelop AI models for early detection of network vulnerabilities［J］. International Journal of Enhanced Research in Science, Technology & Engineering, 2024, 13(2): 7784［3］Bai Yuzhe, Sun Min, Zhang Liman, et al. Enhancing network attack detection accuracy through the integration of large language models and synchronized attention mechanism［J］. Applied Sciences, 2024, 14(9): 3829［4］Gui Zhiwen, Wang Enze, Deng Binbin, et al. SqliGPT: Evaluating and utilizing large language models for automated SQL injection blackbox detection［J］. Applied Sciences, 2024, 14(16): 6929［5］Kheddar H. Transformers and large language models for efficient intrusion detection systems: A comprehensive survey［J］. arXiv preprint, arXiv: 2408.07583, 2024［6］Ali T. Nextgeneration intrusion detection systems with LLMs: Realtime anomaly detection, explainable AI, and adaptive data generation［D］. Finland: University of Oulu, 2024［7］Liu Jie, He Dongjie, Wu Diyu, et al. Correlating UI contexts with sensitive API calls: Dynamic semantic extraction and analysis［C］ Proc of the 31st IEEE Int Symp on Software Reliability Engineering (ISSRE). Piscataway, NJ: IEEE, 2020: 241252［8］Setianto F, Tsani E, Sadiq F, et al. GPT2C: A parser for honeypot logs using large pretrained language models［C］ Proc of the 2021 IEEEACM Int Conf on Advances in Social Networks Analysis and Mining. New York: ACM, 2021: 649653［9］McIntosh T, Liu Tong, Susnjak T, et al. Harnessing GPT4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation［J］. Computers & Security, 2023, 134: 103424［10］Hashemi Chaleshtori F, Ray I. Automation of vulnerability information extraction using transformerbased language models［C］ Proc of the European Symp on Research in Computer Security. Berlin: Springer, 2022: 645665［11］池亚平, 吴冰, 徐子涵. 大语言模型在威胁情报生成方面的研究进展［J］. 信息安全研究, 2024, 10(11): 10281035［12］Hu Yuelin, Zou Futai, Han Jiajia, et al. LLMTIKG: Threat intelligence knowledge graph construction utilizing large language model［J］. Computers & Security, 2024, 145: 103999［13］Wu Zihan, Zhang Hong, Wang Penghai, et al. RTIDS: A robust transformerbased approach for intrusion detection system［J］. IEEE Access, 2022, 10: 6437564387［14］WangYanbin, Ma Wenrui, Xu Haitao, et al. A lightweight multiview learning approach for phishing attack detection using transformer with mixture of experts［J］. Applied Sciences, 2023, 13(13): 7429［15］Chataut R, Gyawali P K, Usman Y. Can AI keep you safe? A study of large language models for phishing detection［C］ Proc of the 14th IEEE Annual Computing and Communication Workshop and Conference (CCWC). Piscataway, NJ: IEEE, 2024: 05480554［16］An Hao, Ma Ruotong, Yan Yuhan, et al. Finsformer: A novel approach to detecting financial attacks using transformer and clusterattention［J］. Applied Sciences, 2024, 14(1): 460［17］K A, John A. A deeplearning based intrusion detection system using transformers［JOL］. SSRN Electronic Journal, 2022 ［20250507］. https:papers.ssrn.com［18］Diaf A, Korba AA, Karabadji N E, et al. Beyond detection: Leveraging large language models for cyber attack prediction in IoT networks［C］ Proc of the 20th Int Conf on Distributed Computing in Smart Systems and the Internet of Things (DCOSSIoT). Piscataway, NJ: IEEE, 2024: 117123［19］Deng Gelei, Liu Yi, MayoralVilches V, et al. PentestGPT: An LLMsempowered automatic penetration testing tool［J］. arXiv preprint, arXiv: 2308.06782, 2023［20］Ghourabi A. A security model based on LightGBM and Transformer to protect healthcare systems from cyberattacks［J］. IEEE Access, 2022, 10: 4889048903［21］Linkov I, Galaitsi S, Trump B D, et al. Cybertrust: From explainable to actionable and interpretable artificial intelligence［J］. Computer, 2020, 53(9): 9196［22］Ali T,Kostakos P. HuntGPT: Integrating machine learningbased anomaly detection and explainable AI with large language models (LLMs)［J］. arXiv preprint, arXiv: 2309.16021, 2023

[1]	. Fileless Obfuscation Attack Recognition Based on Semantic Recovery and Large Language Model [J]. Journal of Information Security Reserach, 2025, 11(12): 1125-.
[2]	Ji Xu, Zhang Jianyi, Zhao Zhangchi, Zhou Ziyin, Li Yilong, and Sun Zezheng. A Large Language Model Detection System for Domainspecific Jargon [J]. Journal of Information Security Reserach, 2024, 10(9): 795-.
[3]	. A Trust Framework for Large Language Model Application [J]. Journal of Information Security Reserach, 2024, 10(12): 1153-.
[4]	. Research Progress on Large Language Models in the Generation of Threat Intelligence [J]. Journal of Information Security Reserach, 2024, 10(11): 1028-.
[5]	. Data Scarcity and Large Language Model Data Value Asymmetry [J]. Journal of Information Security Reserach, 2023, 9(7): 637-.
[6]	. ChatGPT’s Applications, Status and Trends in the Field of Cyber Security [J]. Journal of Information Security Reserach, 2023, 9(6): 500-.
[7]	. Research on Content Detection Generated by Large Language Model and the Mechanism of Bypassing [J]. Journal of Information Security Reserach, 2023, 9(6): 524-.
[8]	. Automatic Analysis and Reproduction Technology of Remote Code Execution Vulnerability Based on Grid System [J]. Journal of Information Security Reserach, 2022, 8(9): 939-.
[9]	. NetSensor Network Traffic Analysis Solution [J]. Journal of Information Security Reserach, 2021, 7(E1): 126-.
[10]	. Research on Web Traffic Baseline Analysis of Government Website [J]. Journal of Information Security Research, 2020, 6(6): 0-0.
[11]	. Application Analysis of Big Data in Information Security [J]. Journal of Information Security Research, 2019, 5(7): 599-607.
[12]	. The Method and Practice of Smart and Precise Detection of Cyber Attacks [J]. Journal of Information Security Research, 2018, 4(5): 440-446.
[13]	. Webshell Detection Method Based on Correlation Analysis [J]. Journal of Information Security Research, 2018, 4(3): 251-255.

Research Progress on Detection Technologies for Network Attack Based on Large Language Model#br#

基于大语言模型的网络攻击检测技术研究进展

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 13

Recommended Articles

Metrics