An LLM-based Self-Evolving Security Framework for 6G Space-Air-Ground Integrated Networks
Qi Qin, Xinye Cao, Guoshun Nan, Sihan Chen, Rushan Li, Li Su, Haitao Du, Qimei Cui, Pengxuan Mao, Xiaofeng Tao, Tony Q. S. Quek
TL;DR
This work introduces a self-evolving security framework for 6G SAGINs that combines an LLM-equipped threat-processing core (LLM-6GNG) with a self-evolution mechanism (6G-INST) and a semi-physical 6G Simulator. The approach condenses and correlates massive unstructured threat information, generates targeted security strategies via multi-agent CoT reasoning, and continuously updates the model to address unknown threats using a retrieval-augmented generation pipeline. Experimental results across three datasets show notable improvements in defense strategy accuracy against unseen attacks while preserving accuracy for known threats. The framework offers a practical pathway to robust, adaptive security in dynamic, cross-layer, cross-domain SAGIN environments, and the authors provide open-source code to foster community use.
Abstract
Recently emerged 6G space-air-ground integrated networks (SAGINs), which integrate satellites, aerial networks, and terrestrial communications, offer ubiquitous coverage for various mobile applications. However, the highly dynamic, open, and heterogeneous nature of SAGINs poses severe security issues. Forming a defense line of SAGINs suffers from two preliminary challenges: 1) accurately understanding massive unstructured multi-dimensional threat information to generate defense strategies against various malicious attacks, 2) rapidly adapting to potential unknown threats to yield more effective security strategies. To tackle the above two challenges, we propose a novel security framework for SAGINs based on Large Language Models (LLMs), which consists of two key ingredients LLM-6GNG and 6G-INST. Our proposed LLM-6GNG leverages refined chain-of-thought (CoT) reasoning and dynamic multi-agent mechanisms to analyze massive unstructured multi-dimensional threat data and generate comprehensive security strategies, thus addressing the first challenge. Our proposed 6G-INST relies on a novel self-evolving method to automatically update LLM-6GNG, enabling it to accommodate unknown threats under dynamic communication environments, thereby addressing the second challenge. Additionally, we prototype the proposed framework with ns-3, OpenAirInterface (OAI), and software-defined radio (SDR). Experiments on three benchmarks demonstrate the effectiveness of our framework. The results show that our framework produces highly accurate security strategies that remain robust against a variety of unknown attacks. We will release our code to contribute to the community.
