{"title":"用于网络威胁检测的大型语言模型调查","authors":"","doi":"10.1016/j.cose.2024.104016","DOIUrl":null,"url":null,"abstract":"<div><p>With the increasing complexity of cyber threats and the expanding scope of cyberspace, there exist progressively more challenges in cyber threat detection. It is proven that most previous threat detection models may become inadequate due to the escalation of hacker attacks. However, recent research has shown that some of these problems can be effectively addressed by Large Language Models (LLMs) directly or indirectly. Nowadays, a growing number of security researchers are adopting LLMs for analyzing various cyber threats. According to the investigation, we found that while there are numerous emerging reviews on the utilization of LLMs in some fields of cyber security, there is currently a lack of a comprehensive review on the application of LLMs in the threat detection stage. Through retrieving and collating existing works in recent years, we examined various threat detection and monitoring tasks for which LLMs may be well-suited, including cyber threat intelligence, phishing email detection, threat prediction, logs analysis, and so on. Additionally, the review explored the specific stages of different detection tasks in which LLMs are involved, evaluating the points at which LLMs are optimized. For instance, LLMs have been found to enhance the interpretability of log analysis in real-time anomaly event discovery. Additionally, we discussed some tasks where LLMs may not be suitable and explored future directions and challenges in this field. By providing a detailed status update and comprehensive insights, this review aims to assist security researchers in leveraging LLMs to enhance existing detection frameworks or develop domain-specific LLMs.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A survey of large language models for cyber threat detection\",\"authors\":\"\",\"doi\":\"10.1016/j.cose.2024.104016\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>With the increasing complexity of cyber threats and the expanding scope of cyberspace, there exist progressively more challenges in cyber threat detection. It is proven that most previous threat detection models may become inadequate due to the escalation of hacker attacks. However, recent research has shown that some of these problems can be effectively addressed by Large Language Models (LLMs) directly or indirectly. Nowadays, a growing number of security researchers are adopting LLMs for analyzing various cyber threats. According to the investigation, we found that while there are numerous emerging reviews on the utilization of LLMs in some fields of cyber security, there is currently a lack of a comprehensive review on the application of LLMs in the threat detection stage. Through retrieving and collating existing works in recent years, we examined various threat detection and monitoring tasks for which LLMs may be well-suited, including cyber threat intelligence, phishing email detection, threat prediction, logs analysis, and so on. Additionally, the review explored the specific stages of different detection tasks in which LLMs are involved, evaluating the points at which LLMs are optimized. For instance, LLMs have been found to enhance the interpretability of log analysis in real-time anomaly event discovery. Additionally, we discussed some tasks where LLMs may not be suitable and explored future directions and challenges in this field. By providing a detailed status update and comprehensive insights, this review aims to assist security researchers in leveraging LLMs to enhance existing detection frameworks or develop domain-specific LLMs.</p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-07-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003213\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003213","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
A survey of large language models for cyber threat detection
With the increasing complexity of cyber threats and the expanding scope of cyberspace, there exist progressively more challenges in cyber threat detection. It is proven that most previous threat detection models may become inadequate due to the escalation of hacker attacks. However, recent research has shown that some of these problems can be effectively addressed by Large Language Models (LLMs) directly or indirectly. Nowadays, a growing number of security researchers are adopting LLMs for analyzing various cyber threats. According to the investigation, we found that while there are numerous emerging reviews on the utilization of LLMs in some fields of cyber security, there is currently a lack of a comprehensive review on the application of LLMs in the threat detection stage. Through retrieving and collating existing works in recent years, we examined various threat detection and monitoring tasks for which LLMs may be well-suited, including cyber threat intelligence, phishing email detection, threat prediction, logs analysis, and so on. Additionally, the review explored the specific stages of different detection tasks in which LLMs are involved, evaluating the points at which LLMs are optimized. For instance, LLMs have been found to enhance the interpretability of log analysis in real-time anomaly event discovery. Additionally, we discussed some tasks where LLMs may not be suitable and explored future directions and challenges in this field. By providing a detailed status update and comprehensive insights, this review aims to assist security researchers in leveraging LLMs to enhance existing detection frameworks or develop domain-specific LLMs.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.