Leveraging large language models, graph neural networks, and explainable AI for revolutionizing the next-generation network intrusion detection systems

Leveraging large language models, graph neural networks, and explainable AI for revolutionizing the next-generation network intrusion detection systems

연구 분야: Databases

학회: Journal of Intelligent Information Systems

As digital ecosystems, such as the Internet of Things (IoT), evolve, cyber threats have become increasingly sophisticated, posing greater challenges for Network Intrusion Detection Systems (NIDS). Artificial intelligence, particularly Large Language Models (LLMs), enhances cybersecurity through log analysis, anomaly detection, and threat intelligence. However, optimizing NIDS for real-time detection in dynamic, resource-limited contexts remains a significant challenge. This survey paper provides a comprehensive overview of modern AI-driven methodologies for enhancing NIDS, focusing on transformer-based techniques, graph-based models, and hybrid approaches incorporating explainable AI. LLMs, as transformer-based models, are effective in analyzing complex network data for better anomaly detection and threat prediction. Graph-based models, including Knowledge Graphs (KGs) and Graph Neural Networks (GNNs), are well-suited for relational data modeling and multistage attack identification. Hybrid frameworks combine various methods to improve generalizability, accuracy, and interpretability. The paper also highlights challenges such as data privacy and the need for lightweight architectures, which pave the way for sophisticated, adaptive cyber defenses against emerging threats.