Table of Contents
Fetching ...

An LLM-based Self-Evolving Security Framework for 6G Space-Air-Ground Integrated Networks

Qi Qin, Xinye Cao, Guoshun Nan, Sihan Chen, Rushan Li, Li Su, Haitao Du, Qimei Cui, Pengxuan Mao, Xiaofeng Tao, Tony Q. S. Quek

TL;DR

This work introduces a self-evolving security framework for 6G SAGINs that combines an LLM-equipped threat-processing core (LLM-6GNG) with a self-evolution mechanism (6G-INST) and a semi-physical 6G Simulator. The approach condenses and correlates massive unstructured threat information, generates targeted security strategies via multi-agent CoT reasoning, and continuously updates the model to address unknown threats using a retrieval-augmented generation pipeline. Experimental results across three datasets show notable improvements in defense strategy accuracy against unseen attacks while preserving accuracy for known threats. The framework offers a practical pathway to robust, adaptive security in dynamic, cross-layer, cross-domain SAGIN environments, and the authors provide open-source code to foster community use.

Abstract

Recently emerged 6G space-air-ground integrated networks (SAGINs), which integrate satellites, aerial networks, and terrestrial communications, offer ubiquitous coverage for various mobile applications. However, the highly dynamic, open, and heterogeneous nature of SAGINs poses severe security issues. Forming a defense line of SAGINs suffers from two preliminary challenges: 1) accurately understanding massive unstructured multi-dimensional threat information to generate defense strategies against various malicious attacks, 2) rapidly adapting to potential unknown threats to yield more effective security strategies. To tackle the above two challenges, we propose a novel security framework for SAGINs based on Large Language Models (LLMs), which consists of two key ingredients LLM-6GNG and 6G-INST. Our proposed LLM-6GNG leverages refined chain-of-thought (CoT) reasoning and dynamic multi-agent mechanisms to analyze massive unstructured multi-dimensional threat data and generate comprehensive security strategies, thus addressing the first challenge. Our proposed 6G-INST relies on a novel self-evolving method to automatically update LLM-6GNG, enabling it to accommodate unknown threats under dynamic communication environments, thereby addressing the second challenge. Additionally, we prototype the proposed framework with ns-3, OpenAirInterface (OAI), and software-defined radio (SDR). Experiments on three benchmarks demonstrate the effectiveness of our framework. The results show that our framework produces highly accurate security strategies that remain robust against a variety of unknown attacks. We will release our code to contribute to the community.

An LLM-based Self-Evolving Security Framework for 6G Space-Air-Ground Integrated Networks

TL;DR

This work introduces a self-evolving security framework for 6G SAGINs that combines an LLM-equipped threat-processing core (LLM-6GNG) with a self-evolution mechanism (6G-INST) and a semi-physical 6G Simulator. The approach condenses and correlates massive unstructured threat information, generates targeted security strategies via multi-agent CoT reasoning, and continuously updates the model to address unknown threats using a retrieval-augmented generation pipeline. Experimental results across three datasets show notable improvements in defense strategy accuracy against unseen attacks while preserving accuracy for known threats. The framework offers a practical pathway to robust, adaptive security in dynamic, cross-layer, cross-domain SAGIN environments, and the authors provide open-source code to foster community use.

Abstract

Recently emerged 6G space-air-ground integrated networks (SAGINs), which integrate satellites, aerial networks, and terrestrial communications, offer ubiquitous coverage for various mobile applications. However, the highly dynamic, open, and heterogeneous nature of SAGINs poses severe security issues. Forming a defense line of SAGINs suffers from two preliminary challenges: 1) accurately understanding massive unstructured multi-dimensional threat information to generate defense strategies against various malicious attacks, 2) rapidly adapting to potential unknown threats to yield more effective security strategies. To tackle the above two challenges, we propose a novel security framework for SAGINs based on Large Language Models (LLMs), which consists of two key ingredients LLM-6GNG and 6G-INST. Our proposed LLM-6GNG leverages refined chain-of-thought (CoT) reasoning and dynamic multi-agent mechanisms to analyze massive unstructured multi-dimensional threat data and generate comprehensive security strategies, thus addressing the first challenge. Our proposed 6G-INST relies on a novel self-evolving method to automatically update LLM-6GNG, enabling it to accommodate unknown threats under dynamic communication environments, thereby addressing the second challenge. Additionally, we prototype the proposed framework with ns-3, OpenAirInterface (OAI), and software-defined radio (SDR). Experiments on three benchmarks demonstrate the effectiveness of our framework. The results show that our framework produces highly accurate security strategies that remain robust against a variety of unknown attacks. We will release our code to contribute to the community.
Paper Structure (23 sections, 5 figures)

This paper contains 23 sections, 5 figures.

Figures (5)

  • Figure 1: Illustration of 6G usage scenarios and the corresponding threats. 6G introduces new usage scenarios such as artificial intelligence and communication, ubiquitous connectivity, and massive communication, which bring more security threats including DDoS and advanced persistent threat (APT).
  • Figure 2: Illustration of our proposed self-evolving security framework of 6G SAGINs and the 6G Simulator. The proposed LLM-6GNG receives threat information from our 6G Simulator, and feeds back security strategies to the 6G Simulator. Meanwhile, our 6G-INST collects data from the proposed LLM-6GNG, trains the Twin Specific Strategy Agent, and updates the LLMs.
  • Figure 3: Illustration of our LLM-6GNG and 6G-INST. The top layer provides an example of threat information from the three subnets within our 6G Simulator. The middle part of the diagram describes the process of the LLM-6GNG, with the left side depicting the scenario of intra-network communication, and the right side showing the scenario of inter-Network Communication. The bottom layer of the diagram describes the process by which our 6G-INST automatically generates new datasets to assist the LLM-6GNG in its self-evolution.
  • Figure 4: Illustration of Performance. (a), (b), (c), (d), and (e) compare the accuracy of security strategies generated by different LLMs against unknown threats. (f) compares the accuracy of security strategies generated with and without our 6G-INST against known attacks. Experimental results demonstrate that our security framework can generate highly accurate security strategies, and that our 6G-INST significantly improves the accuracy of security strategies against unknown threats, while maintaining the accuracy of strategies against known threats.
  • Figure 5: Case study of our security framework. This case illustrates a typical 6G SAGINs communication scenario involving threats such as DDoS attacks, UAV GPS spoofing, and satellite vulnerabilities. It details the workflows of LLM-6GNG in processing threat information and generating security strategies, and the procedure of 6G-INST assisting the self-evolution of LLM-6GNG.