Distributed Threat Intelligence at the Edge Devices: A Large Language Model-Driven Approach

TL;DR

This paper proposes a novel framework for distributed threat intelligence on edge devices using lightweight models and Large Language Models (LLMs) to enhance real-time cybersecurity, privacy, and collaborative learning.

Contribution

It introduces a scalable, adaptive, and privacy-preserving threat detection approach leveraging LLM-driven distributed intelligence at the network edge.

Findings

Enhanced threat detection accuracy with LLM integration

Reduced latency through local data analysis on edge devices

Improved privacy via local processing and secure knowledge sharing

Abstract

With the proliferation of edge devices, there is a significant increase in attack surface on these devices. The decentralized deployment of threat intelligence on edge devices, coupled with adaptive machine learning techniques such as the in-context learning feature of Large Language Models (LLMs), represents a promising paradigm for enhancing cybersecurity on resource-constrained edge devices. This approach involves the deployment of lightweight machine learning models directly onto edge devices to analyze local data streams, such as network traffic and system logs, in real-time. Additionally, distributing computational tasks to an edge server reduces latency and improves responsiveness while also enhancing privacy by processing sensitive data locally. LLM servers can enable these edge servers to autonomously adapt to evolving threats and attack patterns, continuously updating their models to improve detection accuracy and reduce false positives. Furthermore, collaborative learning mechanisms facilitate peer-to-peer secure and trustworthy knowledge sharing among edge devices, enhancing the collective intelligence of the network and enabling dynamic threat mitigation measures such as device quarantine in response to detected anomalies. The scalability and flexibility of this approach make it well-suited for diverse and evolving network environments, as edge devices only send suspicious information such as network traffic and system log changes, offering a resilient and efficient solution to combat emerging cyber threats at the network edge. Thus, our proposed framework can improve edge computing security by providing better security in cyber threat detection and mitigation by isolating the edge devices from the network.