Transformers and large language models for efficient intrusion detection systems: A comprehensive survey

IF 14.7 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Information Fusion Pub Date : 2025-05-29 DOI:10.1016/j.inffus.2025.103347

Hamza Kheddar

{"title":"Transformers and large language models for efficient intrusion detection systems: A comprehensive survey","authors":"Hamza Kheddar","doi":"10.1016/j.inffus.2025.103347","DOIUrl":null,"url":null,"abstract":"<div><div>With significant advancements in Transformers and large language models (LLMs), natural language processing (NLP) has extended its reach into many research fields due to its enhanced capabilities in text generation and user interaction. One field benefiting greatly from these advancements is cybersecurity. In cybersecurity, many parameters that need to be protected and exchanged between senders and receivers are in the form of text and tabular data, making NLP a valuable tool in enhancing the security measures of communication protocols. This survey paper provides a comprehensive analysis of the utilization of Transformers and LLMs in cyber-threat detection systems. The methodology of paper selection and bibliometric analysis is outlined to establish a rigorous framework for evaluating existing research. The fundamentals of Transformers are discussed, including background information on various cyber-attacks and datasets commonly used in this field. The survey explores the application of Transformers in intrusion detection systems (IDSs), focusing on different architectures such as Attention-based models, LLMs like BERT and GPT, CNN/LSTM-Transformer hybrids, and emerging approaches like Vision Transformers (ViTs), and more. Furthermore, it explores the diverse environments and applications where Transformers and LLMs-based IDS have been implemented, including computer networks, Internet of things (IoT) devices, critical infrastructure protection, cloud computing, software-defined networking (SDN), as well as in autonomous vehicles (AVs). The paper also addresses research challenges and future directions in this area, identifying key issues such as interpretability, scalability, and adaptability to evolving threats, and more. Finally, the conclusion summarizes the findings and highlights the significance of Transformers and LLMs in enhancing cyber-threat detection capabilities, while also outlining potential avenues for further research and development.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"124 ","pages":"Article 103347"},"PeriodicalIF":14.7000,"publicationDate":"2025-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253525004208","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

With significant advancements in Transformers and large language models (LLMs), natural language processing (NLP) has extended its reach into many research fields due to its enhanced capabilities in text generation and user interaction. One field benefiting greatly from these advancements is cybersecurity. In cybersecurity, many parameters that need to be protected and exchanged between senders and receivers are in the form of text and tabular data, making NLP a valuable tool in enhancing the security measures of communication protocols. This survey paper provides a comprehensive analysis of the utilization of Transformers and LLMs in cyber-threat detection systems. The methodology of paper selection and bibliometric analysis is outlined to establish a rigorous framework for evaluating existing research. The fundamentals of Transformers are discussed, including background information on various cyber-attacks and datasets commonly used in this field. The survey explores the application of Transformers in intrusion detection systems (IDSs), focusing on different architectures such as Attention-based models, LLMs like BERT and GPT, CNN/LSTM-Transformer hybrids, and emerging approaches like Vision Transformers (ViTs), and more. Furthermore, it explores the diverse environments and applications where Transformers and LLMs-based IDS have been implemented, including computer networks, Internet of things (IoT) devices, critical infrastructure protection, cloud computing, software-defined networking (SDN), as well as in autonomous vehicles (AVs). The paper also addresses research challenges and future directions in this area, identifying key issues such as interpretability, scalability, and adaptability to evolving threats, and more. Finally, the conclusion summarizes the findings and highlights the significance of Transformers and LLMs in enhancing cyber-threat detection capabilities, while also outlining potential avenues for further research and development.

查看原文本刊更多论文

用于高效入侵检测系统的转换器和大型语言模型：综合调查

随着变形金刚和大型语言模型（llm）的重大进步，自然语言处理（NLP）由于其在文本生成和用户交互方面的增强能力，已经扩展到许多研究领域。从这些进步中受益匪浅的一个领域是网络安全。在网络安全中，发送方和接收方之间需要保护和交换的许多参数都是以文本和表格数据的形式存在的，这使得NLP成为加强通信协议安全措施的重要工具。本文对网络威胁检测系统中变压器和llm的应用进行了全面分析。本文概述了论文选择和文献计量分析的方法，以建立一个严格的框架来评估现有的研究。讨论了变形金刚的基本原理，包括各种网络攻击的背景信息和该领域常用的数据集。该调查探讨了变压器在入侵检测系统（ids）中的应用，重点关注不同的架构，如基于注意力的模型、像BERT和GPT这样的llm、CNN/LSTM-Transformer混合模型，以及像视觉变压器（ViTs）这样的新兴方法等。此外，它还探讨了变压器和基于llms的IDS已经实施的各种环境和应用，包括计算机网络、物联网（IoT）设备、关键基础设施保护、云计算、软件定义网络（SDN）以及自动驾驶汽车（AVs）。本文还讨论了该领域的研究挑战和未来方向，确定了关键问题，如可解释性、可扩展性和对不断变化的威胁的适应性等。最后，结论总结了研究结果，并强调了变形金刚和法学硕士在增强网络威胁检测能力方面的重要性，同时也概述了进一步研究和开发的潜在途径。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Fusion 工程技术-计算机：理论方法

CiteScore

33.20

自引率

4.30%

发文量

161

审稿时长

7.9 months

期刊介绍： Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.