Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Beyond Detection: Leveraging Large Language Models for Cyber Attack Prediction in IoT Networks

Alaeddine Diaf, Abdelaziz Amara Korba, Nour Elislem Karabadji, Yacine Ghamri-Doudane

TL;DR

The paper tackles the need for proactive IoT security by proposing a novel intrusion-prediction framework that leverages GPT for next-packet generation, BERT for evaluating the plausibility of predicted packets, and an LSTM classifier for final normal/malicious labeling, all trained and tested on the CICIoT2023 dataset. The approach demonstrates high predictive performance, achieving 98% overall accuracy in intrusion prediction, and provides a MEC-deployed workflow for timely mitigation. By combining transformer-based sequence modeling with temporal classifiers, the work offers a forward-looking defense against multi-stage and unseen IoT attacks. The results suggest practical viability for preemptive cyber defense in IoT ecosystems, with future work aimed at broader datasets and attack types.

Abstract

In recent years, numerous large-scale cyberattacks have exploited Internet of Things (IoT) devices, a phenomenon that is expected to escalate with the continuing proliferation of IoT technology. Despite considerable efforts in attack detection, intrusion detection systems remain mostly reactive, responding to specific patterns or observed anomalies. This work proposes a proactive approach to anticipate and mitigate malicious activities before they cause damage. This paper proposes a novel network intrusion prediction framework that combines Large Language Models (LLMs) with Long Short Term Memory (LSTM) networks. The framework incorporates two LLMs in a feedback loop: a fine-tuned Generative Pre-trained Transformer (GPT) model for predicting network traffic and a fine-tuned Bidirectional Encoder Representations from Transformers (BERT) for evaluating the predicted traffic. The LSTM classifier model then identifies malicious packets among these predictions. Our framework, evaluated on the CICIoT2023 IoT attack dataset, demonstrates a significant improvement in predictive capabilities, achieving an overall accuracy of 98%, offering a robust solution to IoT cybersecurity challenges.

Beyond Detection: Leveraging Large Language Models for Cyber Attack Prediction in IoT Networks

TL;DR

The paper tackles the need for proactive IoT security by proposing a novel intrusion-prediction framework that leverages GPT for next-packet generation, BERT for evaluating the plausibility of predicted packets, and an LSTM classifier for final normal/malicious labeling, all trained and tested on the CICIoT2023 dataset. The approach demonstrates high predictive performance, achieving 98% overall accuracy in intrusion prediction, and provides a MEC-deployed workflow for timely mitigation. By combining transformer-based sequence modeling with temporal classifiers, the work offers a forward-looking defense against multi-stage and unseen IoT attacks. The results suggest practical viability for preemptive cyber defense in IoT ecosystems, with future work aimed at broader datasets and attack types.

Abstract

In recent years, numerous large-scale cyberattacks have exploited Internet of Things (IoT) devices, a phenomenon that is expected to escalate with the continuing proliferation of IoT technology. Despite considerable efforts in attack detection, intrusion detection systems remain mostly reactive, responding to specific patterns or observed anomalies. This work proposes a proactive approach to anticipate and mitigate malicious activities before they cause damage. This paper proposes a novel network intrusion prediction framework that combines Large Language Models (LLMs) with Long Short Term Memory (LSTM) networks. The framework incorporates two LLMs in a feedback loop: a fine-tuned Generative Pre-trained Transformer (GPT) model for predicting network traffic and a fine-tuned Bidirectional Encoder Representations from Transformers (BERT) for evaluating the predicted traffic. The LSTM classifier model then identifies malicious packets among these predictions. Our framework, evaluated on the CICIoT2023 IoT attack dataset, demonstrates a significant improvement in predictive capabilities, achieving an overall accuracy of 98%, offering a robust solution to IoT cybersecurity challenges.
Paper Structure (16 sections, 11 equations, 5 figures, 4 tables)

This paper contains 16 sections, 11 equations, 5 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Proposed Solution
  4. Packet parsing and Preparing
  5. Pre-trained Large Language Models for Predicting Next Packets
  6. Developing an LLM-based next packet predictor
  7. Developing an LLM-based next packet prediction evaluator
  8. Training a next packet classifier
  9. Performance Evaluation
  10. Dataset pre-processing
  11. Experiments
  12. Fine-tuning GPT-2 for next packet prediction
  13. Fine-tuning BERT for Packet-Pair Classification
  14. LSTM training for packet classification
  15. Results
  16. ...and 1 more sections

Figures (5)

  • Figure 1: Workflow of the proposed intrusion prediction framework
  • Figure 2: training and validation loss over epochs
  • Figure 3: Confusion matrix of LSTM binary classification
  • Figure 4: LSTM’s intrusion detection Receiver Operating Curve (ROC)
  • Figure 5: LSTM’s detailed multi-class classification results