LLMs' Suitability for Network Security: A Case Study of STRIDE Threat Modeling
AbdulAziz AbdulGhaffar, Ashraf Matrawy
TL;DR
The paper assesses the suitability of Large Language Models (LLMs) for network-security threat modeling using the STRIDE framework in a 5G context. By evaluating four prompting strategies across five LLMs on six predefined threats, it reveals that prompting with examples improves STRIDE classification accuracy (63% to ~71%) and F1 (~52% to ~62%), but many second-order threats and perspective issues remain challenging. The study highlights that no single model dominates, and performance differences are sensitive to prompting approach; it advocates telecom-specific fine-tuning to achieve robust threat-modeling in AI-native, future networks. Overall, the work provides actionable insights into prompting design and the limitations of off-the-shelf LLMs for automated network threat classification, guiding future optimization and integration in security workflows.
Abstract
Artificial Intelligence (AI) is expected to be an integral part of next-generation AI-native 6G networks. With the prevalence of AI, researchers have identified numerous use cases of AI in network security. However, there are very few studies that analyze the suitability of Large Language Models (LLMs) in network security. To fill this gap, we examine the suitability of LLMs in network security, particularly with the case study of STRIDE threat modeling. We utilize four prompting techniques with five LLMs to perform STRIDE classification of 5G threats. From our evaluation results, we point out key findings and detailed insights along with the explanation of the possible underlying factors influencing the behavior of LLMs in the modeling of certain threats. The numerical results and the insights support the necessity for adjusting and fine-tuning LLMs for network security use cases.
