LLMs' Suitability for Network Security: A Case Study of STRIDE Threat Modeling

TL;DR

This paper evaluates the effectiveness of Large Language Models in network security, specifically using STRIDE threat modeling for 5G threats, highlighting their potential and the need for fine-tuning.

Contribution

It provides a systematic analysis of LLMs' suitability for network security tasks through a case study on STRIDE threat classification.

Findings

LLMs can classify 5G threats using STRIDE with various prompting techniques.

Performance varies across different LLMs and prompting methods.

Fine-tuning is necessary to improve LLMs' effectiveness in security applications.

Abstract

Artificial Intelligence (AI) is expected to be an integral part of next-generation AI-native 6G networks. With the prevalence of AI, researchers have identified numerous use cases of AI in network security. However, there are very few studies that analyze the suitability of Large Language Models (LLMs) in network security. To fill this gap, we examine the suitability of LLMs in network security, particularly with the case study of STRIDE threat modeling. We utilize four prompting techniques with five LLMs to perform STRIDE classification of 5G threats. From our evaluation results, we point out key findings and detailed insights along with the explanation of the possible underlying factors influencing the behavior of LLMs in the modeling of certain threats. The numerical results and the insights support the necessity for adjusting and fine-tuning LLMs for network security use cases.