LLM-Driven APT Detection for 6G Wireless Networks: A Systematic Review and Taxonomy
Muhammed Golec, Yaser Khamayseh, Suhib Bani Melhem, Abdulmalik Alwarafy
TL;DR
This paper tackles the problem of detecting Advanced Persistent Threats (APTs) in future 6G wireless networks using Large Language Models (LLMs). It employs a systematic literature review (SLR) and taxonomy to map LLM capabilities to 6G security challenges, synthesizing 142 studies from 2018–2025 and outlining five research questions that cover log provenance, encrypted traffic, edge deployment, data modeling, and reproducibility. The resulting taxonomy organizes inputs, granularity, techniques, deployment, and kill-chain phases, and identifies open challenges such as explainability gaps, data scarcity, and edge hardware limits, while proposing future directions like slice-aware XAI and memory-efficient edge LLMs. The work provides a foundational reference for researchers and practitioners aiming to design LLM-driven APT detection in 6G, with a clear focus on cross-layer data fusion, real-time edge inference, and robust evaluation in encrypted and sliced 6G environments.
Abstract
Sixth Generation (6G) wireless networks, which are expected to be deployed in the 2030s, have already created great excitement in academia and the private sector with their extremely high communication speed and low latency rates. However, despite the ultra-low latency, high throughput, and AI-assisted orchestration capabilities they promise, they are vulnerable to stealthy and long-term Advanced Persistent Threats (APTs). Large Language Models (LLMs) stand out as an ideal candidate to fill this gap with their high success in semantic reasoning and threat intelligence. In this paper, we present a comprehensive systematic review and taxonomy study for LLM-assisted APT detection in 6G networks. We address five research questions, namely, semantic merging of fragmented logs, encrypted traffic analysis, edge distribution constraints, dataset/modeling techniques, and reproducibility trends, by leveraging most recent studies on the intersection of LLMs, APTs, and 6G wireless networks. We identify open challenges such as explainability gaps, data scarcity, edge hardware limitations, and the need for real-time slicing-aware adaptation by presenting various taxonomies such as granularity, deployment models, and kill chain stages. We then conclude the paper by providing several research gaps in 6G infrastructures for future researchers. To the best of our knowledge, this paper is the first comprehensive systematic review and classification study on LLM-based APT detection in 6G networks.