Abstract:With the proliferation of edge devices, there is a significant increase in attack surface on these devices. The decentralized deployment of threat intelligence on edge devices, coupled with adaptive machine learning techniques such as the in-context learning feature of large language models (LLMs), represents a promising paradigm for enhancing cybersecurity on low-powered edge devices. This approach involves the deployment of lightweight machine learning models directly onto edge devices to analyze local data streams, such as network traffic and system logs, in real-time. Additionally, distributing computational tasks to an edge server reduces latency and improves responsiveness while also enhancing privacy by processing sensitive data locally. LLM servers can enable these edge servers to autonomously adapt to evolving threats and attack patterns, continuously updating their models to improve detection accuracy and reduce false positives. Furthermore, collaborative learning mechanisms facilitate peer-to-peer secure and trustworthy knowledge sharing among edge devices, enhancing the collective intelligence of the network and enabling dynamic threat mitigation measures such as device quarantine in response to detected anomalies. The scalability and flexibility of this approach make it well-suited for diverse and evolving network environments, as edge devices only send suspicious information such as network traffic and system log changes, offering a resilient and efficient solution to combat emerging cyber threats at the network edge. Thus, our proposed framework can improve edge computing security by providing better security in cyber threat detection and mitigation by isolating the edge devices from the network.

What problem does this paper attempt to address?

This paper aims to address the issue of network security threats faced by edge devices after their numbers surge. Specifically, the authors propose a distributed threat intelligence framework based on large language models (LLM) to enhance the cybersecurity of low-power edge devices. This approach involves deploying lightweight machine learning models directly onto edge devices to analyze local data streams (such as network traffic and system logs) in real-time and respond when potential threats are detected. Additionally, the framework leverages the contextual learning capabilities of LLMs, enabling edge servers to autonomously adapt to evolving threats and attack patterns, continuously updating models to improve detection accuracy and reduce false positives. To achieve this goal, the system architecture includes four main components: 1. **Edge devices with lightweight machine learning models**: These models can run efficiently on resource-constrained devices, enabling real-time threat analysis and response. 2. **Message Queuing Telemetry Transport (MQTT)**: Used to connect edge devices with edge servers, supporting data sharing between devices. 3. **Locally deployed edge servers**: Provide MQTT queues, monitor activities, and notify system administrators or isolate infected devices when anomalies are detected. 4. **Central LLM server**: Continuously trains and updates to adapt to new threats, enhancing threat identification accuracy. In the experimental section, the research team used two Raspberry Pi devices and an Android phone as edge devices, running the MQTT service on the edge server, connected to the central LLM server (using OpenAI's GPT-3.5 Turbo API). Future work plans include further optimizing the intelligence of the central server and validating the effectiveness of the framework through practical demonstrations. Overall, this research aims to address the unique cybersecurity challenges of edge devices by combining LLM and other advanced technologies, ensuring data privacy and scalability under resource-constrained conditions.

Distributed Threat Intelligence at the Edge Devices: A Large Language Model-Driven Approach

EI-MTD: Moving Target Defense for Edge Intelligence Against Adversarial Attacks

Large Language Models in Cybersecurity: State-of-the-Art

TinyLLM: A Framework for Training and Deploying Language Models at the Edge Computers

Threat Modelling and Risk Analysis for Large Language Model (LLM)-Powered Applications

Large Language Models Empowered Autonomous Edge AI for Connected Intelligence

Large language models in 6G security: challenges and opportunities

A Novel Distributed Machine Learning Model to Detect Attacks on Edge Computing Network

A Survey of Large Language Models for Cyber Threat Detection

Generative AI and Large Language Models for Cyber Security: All Insights You Need

An Intelligent Reinforcement Learning-Based Method for Threat Detection in Mobile Edge Networks

Mobile Edge Intelligence for Large Language Models: A Contemporary Survey

Recent Advances in Attack and Defense Approaches of Large Language Models

DrLLM: Prompt-Enhanced Distributed Denial-of-Service Resistance Method with Large Language Models

A Domain-Adaptive Large Language Model with Refinement Framework for IoT Cybersecurity

Empowering Large Language Models to Edge Intelligence: A Survey of Edge Efficient LLMs and Techniques

Towards Edge General Intelligence via Large Language Models: Opportunities and Challenges

Beyond Detection: Leveraging Large Language Models for Cyber Attack Prediction in IoT Networks

Emerging Security Challenges of Large Language Models

Toward Intelligent and Secure Cloud: Large Language Model Empowered Proactive Defense