Optimizing Large Language Models for Network Intrusion Detection Systems- MSc Thesis Defense by: Mohammed S Ahmad

Monday, January 27, 2025 - 10:00

The School of Computer Science is pleased to present....

Optimizing Large Language Models for Network Intrusion Detection Systems

MSc Thesis Defense by: Mohammed S Ahmad

Date: Monday, January 27, 2025

Time: 10 AM – 11:30 AM

Location: Human Kinetics Building, Room 144

 

Abstract

Cybersecurity has played a significant role in the development of modern computer systems. Without robust cybersecurity systems, software solutions deployed at the public level would be very vulnerable to attacks by malicious parties. A particular application of cybersecurity is for the detection of anomalies in networks. These systems, named network Intrusion Detection Systems (IDS), constantly need to evolve along with the changing landscape of novel threats. These are designed to protect our networks against various malicious attacks orchestrated by hackers and other agents. Over the decades, these systems have kept up with the adoption of newer technologies that have developed. Hence, AI has played an important role in improving IDS in the last decade. The advancement of machine learning techniques and the development and wide-scale adoption of large language model (LLM) systems, have led to the need to adopt LLMs to enhance existing IDS and enable better novel threat detection. Given the recency of the development of LLMs and particularly their use case for IDS, there is great scope for research and improvement in this area.

 

In this thesis, we propose a novel method to utilize LLMs for improving IDS by the use of prompt optimization in LLMs as well as the use of ensemble methods. These methods are chosen after extensive research on the current state of the domain and identifying the shortcomings and research gaps. In our method, we propose the use of ensemble methods with 3 different LLMs, such as Llama, Claude, and Gemini. These models, when used in conjunction with prompt optimization tools, demonstrate significant performance enhancements. Using the NSL-KDD dataset, we compare the results of our novel method against a baseline and highlight the resulting performance improvements. In addition to this, we also highlight the architectural advantages of our framework and how this system promotes the interchangeability of LLMs to keep the system updated with newer advancements with minimal effort. These results indicate the ability of the system to overcome previous limitations, making it a robust solution for intrusion detection.

Thesis Committee:

Internal Reader: Dr. Dan Wu       

External Reader: Dr. Mohammad Hassanzadeh  

Advisor: Dr. Saeed Samet

Chair: Dr. Muhammad Asaduzzaman

Registration link (only MAC students need to pre-register)