Sentinels of the Stream: Unleashing Large Language Models for Dynamic Packet Classification in Software Defined Networks -- Position Paper
Shariq Murtuza
TL;DR
The paper addresses dynamic packet classification and threat assessment in Software Defined Networks by proposing Sentinel, an LLM-based approach. It outlines a concrete plan to finetune three open models—Llama2-7B, Falcon-7B, and Mixtral MoE—on a purpose-built SDN attack dataset generated via Containernet and captured with TCPdump. By treating network packets as language-like sequences, the work justifies applying natural language processing techniques to structured network data. The contributions include a clear finetuning plan, a dataset generation strategy, and a framework to compare model efficacy for real-time threat judgment in SDN, with potential impact on adaptive network security.
Abstract
With the release of OpenAI's ChatGPT, the field of large language models (LLM) saw an increase of academic interest in GPT based chat assistants. In the next few months multiple accesible large language models were released that included Meta's LLama models and Mistral AI's Mistral and Mixtral MoE models. These models are available openly for a wide array of purposes with a wide spectrum of licenses. These LLMs have found their use in a different number of fields like code development, SQL generation etc. In this work we propose our plan to explore the applicability of large language model in the domain of network security. We plan to create Sentinel, a LLM, to analyse network packet contents and pass a judgment on it's threat level. This work is a preliminary report that will lay our plan for our future endeavors.