An Intelligent LLM Based Model for Network Threat Detection and Analysis
DOI:
https://doi.org/10.70917/ijcisim-2026-2843Keywords:
Network Threat Detection, Large Language Models (LLMs), LLaMA 3.2, IP-based Analysis, Multi-task inference, Encrypted traffic, Real-time Detection, Cybersecurity, low-text environments, feature reduction, Intrusion Detection, Biomimetic Security ModelsAbstract
Network threat detection is a must for enterprise cybersecurity in line with the traditional approaches, such as rule-based systems, IDS, and machine learning models that focus on studying ports, protocols, and payloads. However, traditional methods are quite challenged by the dynamic aspects of imminent threat, namely encrypted data, new types of attacks, and shifting attack frontiers, requiring thorough feature engineering. The current study proposes an innovative Large Language Model (LLM) framework based on LLaMA 3.2 (1B) that aims to identify threats in a network using only IP addresses for source and destination, without the prerequisite for payload analysis, or manual engineering of features. The current article utilizes IP-based communication as a language modeling task which enables it to do multi-task inference, predict the protocol, describe IP behavior, and classify traffic as benign or malicious simultaneously. This enables proposed model to be able to detect threats in real-time with only one inference step. It obtains lower dimensional feature sets, better adaptiveness in secure and opaque environments, and introduce a scalable, biologically inspired alternative that performs better than traditional systems. The experiments confirm the system’s superior performance and adaptability, suggesting that LLMs have a strong potential in real-time, low-context cybersecurity.