Date of Award

2-4-2025

Publication Type

Thesis

Degree Name

M.Sc.

Department

Computer Science

Supervisor

Saeed Samet

Rights

info:eu-repo/semantics/openAccess

Abstract

Cybersecurity has played a significant role in the development of modern computer systems. Without the use of robust cybersecurity systems, software solutions deployed at the public level would be very vulnerable to attacks by malicious parties. A particular application of cybersecurity is for the detection of anomalies in networks. These systems, named network Intrusion Detection Systems (IDS), constantly need to evolve along with the changing landscape of novel threats. These are designed to protect our networks against various malicious attacks orchestrated by hackers and other agents. Over the decades, these systems have kept up with the adoption of newer technologies that have developed over the years. Hence, AI has played an important role in the improvement of IDS in the last decade. With the advancement of machine learning techniques and the development and wide scale adoption of large language model (LLM) systems, this has led to the need to adopt LLMs to enhance existing IDS and enable better novel threat detection. Given the recency of the development of LLMs and particularly their use case for IDS, there is great scope for research and improvement in this area. In this thesis, we propose a novel method to utilize LLMs for improving IDS by the use of prompt optimization in LLMs as well as the use of ensemble methods. These methods are chosen after extensive research on the current state of the domain and identifying the shortcomings and research gaps. In our method, we propose the use of ensemble methods with 3 different LLMs, such as Llama, Claude, and Gemini. These models, when used in conjunction with prompt optimization tools, demonstrate significant performance enhancements. Using the NSL-KDD dataset, we compare the results of our novel method against a baseline and highlight the resulting performance improvements. In addition to this, we also highlight the architectural advantages of our framework and how this system promotes the interchangeability of LLMs in order to keep the system updated with newer advancements with minimal effort. These results indicate the ability of the system to overcome previous limitations, making it a robust solution for intrusion detection.

Download

Share

COinS