TY - GEN
T1 - Fine-Tuning Large Language Models for Network Traffic Analysis in Cyber Security
AU - Lavi, Ortal
AU - Manor, Ofir
AU - Schwartz, Tomer
AU - Murillo, Andres F.
AU - Messous, Ayoub
AU - Sekiya, Motoyoshi
AU - Suga, Junichi
AU - Hikichi, Kenji
AU - Unno, Yuki
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - Language modelling has demonstrated the exceptional interpretation and analysis capabilities of Large Language Models (LLMs) in addressing a wide range of Natural Language Processings (NLPs) tasks. However, LLMs still face challenges in technical network text analysis due to its special terminology, syntax, and protocols which are not consistent with conventional human language. In this paper, we introduce a method for fine-tuning NLP-based LLMs on technical network text intended for machine comprehension. We apply our method to detect and classify different types of attacks in network traffic flows. To validate our method, we used the Kitsune Network Attack Dataset and our results show that our method is able to correctly classify the network attacks, even in adverse conditions, when the model receives irrelevant context for classification. This study highlights how the capabilities of LLMs can be extended across different unknown domains, specifically cyber security, thereby enhancing their ability to detect anomalies, classify them, and distinguish between various types of attacks. Our experiments show that fine-tuned models significantly outperform non-fine-tuned models, underlining the effectiveness of fine-tuning LLMs for cyber security applications involving the analysis of technical text data.
AB - Language modelling has demonstrated the exceptional interpretation and analysis capabilities of Large Language Models (LLMs) in addressing a wide range of Natural Language Processings (NLPs) tasks. However, LLMs still face challenges in technical network text analysis due to its special terminology, syntax, and protocols which are not consistent with conventional human language. In this paper, we introduce a method for fine-tuning NLP-based LLMs on technical network text intended for machine comprehension. We apply our method to detect and classify different types of attacks in network traffic flows. To validate our method, we used the Kitsune Network Attack Dataset and our results show that our method is able to correctly classify the network attacks, even in adverse conditions, when the model receives irrelevant context for classification. This study highlights how the capabilities of LLMs can be extended across different unknown domains, specifically cyber security, thereby enhancing their ability to detect anomalies, classify them, and distinguish between various types of attacks. Our experiments show that fine-tuned models significantly outperform non-fine-tuned models, underlining the effectiveness of fine-tuning LLMs for cyber security applications involving the analysis of technical text data.
KW - cyber security
KW - large language models
KW - network anomaly classification
UR - http://www.scopus.com/inward/record.url?scp=85214580834&partnerID=8YFLogxK
U2 - 10.1109/DSC63325.2024.00019
DO - 10.1109/DSC63325.2024.00019
M3 - Conference contribution
AN - SCOPUS:85214580834
T3 - Proceedings - 2024 IEEE Conference on Dependable and Secure Computing, DSC 2024
SP - 45
EP - 50
BT - Proceedings - 2024 IEEE Conference on Dependable and Secure Computing, DSC 2024
PB - Institute of Electrical and Electronics Engineers
T2 - 7th IEEE Conference on Dependable and Secure Computing, DSC 2024
Y2 - 6 November 2024 through 8 November 2024
ER -