Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Large Language Models in Wireless Application Design: In-Context Learning-enhanced Automatic Network Intrusion Detection

Han Zhang, Akram Bin Sediq, Ali Afana, Melike Erol-Kantarci

TL;DR

This work addresses automatic intrusion detection in wireless networks by leveraging pre-trained large language models (LLMs) with in-context learning, eliminating the need for task-specific fine-tuning. It proposes a fully automated framework consisting of feature selection, data collection and processing, prompt building, and decision extraction, and evaluates three LLMs (GPT-3.5, GPT-4, LLAMA) against a CNN baseline on a real DDoS dataset. The key finding is that in-context learning can significantly boost performance, with GPT-4 achieving over 95% accuracy and F1 with as few as 10 in-context examples, representing up to a 90% improvement over non-context settings. The paper also introduces three in-context learning schemes—Illustrative, Heuristic, and Interactive—and discusses practical considerations, including prompt design and the risks of adversarial prompting and hallucination, outlining directions for extending this approach to broader wireless security tasks.

Abstract

Large language models (LLMs), especially generative pre-trained transformers (GPTs), have recently demonstrated outstanding ability in information comprehension and problem-solving. This has motivated many studies in applying LLMs to wireless communication networks. In this paper, we propose a pre-trained LLM-empowered framework to perform fully automatic network intrusion detection. Three in-context learning methods are designed and compared to enhance the performance of LLMs. With experiments on a real network intrusion detection dataset, in-context learning proves to be highly beneficial in improving the task processing performance in a way that no further training or fine-tuning of LLMs is required. We show that for GPT-4, testing accuracy and F1-Score can be improved by 90%. Moreover, pre-trained LLMs demonstrate big potential in performing wireless communication-related tasks. Specifically, the proposed framework can reach an accuracy and F1-Score of over 95% on different types of attacks with GPT-4 using only 10 in-context learning examples.

Large Language Models in Wireless Application Design: In-Context Learning-enhanced Automatic Network Intrusion Detection

TL;DR

This work addresses automatic intrusion detection in wireless networks by leveraging pre-trained large language models (LLMs) with in-context learning, eliminating the need for task-specific fine-tuning. It proposes a fully automated framework consisting of feature selection, data collection and processing, prompt building, and decision extraction, and evaluates three LLMs (GPT-3.5, GPT-4, LLAMA) against a CNN baseline on a real DDoS dataset. The key finding is that in-context learning can significantly boost performance, with GPT-4 achieving over 95% accuracy and F1 with as few as 10 in-context examples, representing up to a 90% improvement over non-context settings. The paper also introduces three in-context learning schemes—Illustrative, Heuristic, and Interactive—and discusses practical considerations, including prompt design and the risks of adversarial prompting and hallucination, outlining directions for extending this approach to broader wireless security tasks.

Abstract

Large language models (LLMs), especially generative pre-trained transformers (GPTs), have recently demonstrated outstanding ability in information comprehension and problem-solving. This has motivated many studies in applying LLMs to wireless communication networks. In this paper, we propose a pre-trained LLM-empowered framework to perform fully automatic network intrusion detection. Three in-context learning methods are designed and compared to enhance the performance of LLMs. With experiments on a real network intrusion detection dataset, in-context learning proves to be highly beneficial in improving the task processing performance in a way that no further training or fine-tuning of LLMs is required. We show that for GPT-4, testing accuracy and F1-Score can be improved by 90%. Moreover, pre-trained LLMs demonstrate big potential in performing wireless communication-related tasks. Specifically, the proposed framework can reach an accuracy and F1-Score of over 95% on different types of attacks with GPT-4 using only 10 in-context learning examples.
Paper Structure (14 sections, 1 equation, 6 figures)

This paper contains 14 sections, 1 equation, 6 figures.

Table of Contents

  1. Introduction
  2. Related works
  3. LLM-empowered network intrusion detection
  4. Feature selection
  5. Data collection and processing
  6. Prompt building
  7. Decision extraction
  8. In-context learning-enhanced detection
  9. In-context learning for LLM
  10. In-context learning for network intrusion detection
  11. Experimental settings and Results
  12. experimental settings
  13. experimental results
  14. Conclusions and future directions

Figures (6)

  • Figure 1: System model of pre-trained LLM-empowered network intrusion detection.
  • Figure 2: Three different methods to implement in-context learning with labelled examples.
  • Figure 3: The feature selection and importance ranking results from three different LLMs, GPT-3.5, GPT-4, and LLAMA.
  • Figure 4: Comparison of intrusion detection testing accuracy and F1-Score under three different in-context learning methods with GPT-3.5 while increasing the number of in-context learning examples.
  • Figure 5: Comparison of intrusion detection testing accuracy and F1-Score under three different in-context learning methods with GPT-4 while increasing the number of in-context learning examples.
  • ...and 1 more figures