Proactively Detecting Threats: A Novel Approach Using LLMs
By: Aniesh Chawla, Udbhav Prasad
Potential Business Impact:
Finds computer threats before they cause harm.
Enterprise security faces escalating threats from sophisticated malware, compounded by expanding digital operations. This paper presents the first systematic evaluation of large language models (LLMs) to proactively identify indicators of compromise (IOCs) from unstructured web-based threat intelligence sources, distinguishing it from reactive malware detection approaches. We developed an automated system that pulls IOCs from 15 web-based threat report sources to evaluate six LLM models (Gemini, Qwen, and Llama variants). Our evaluation of 479 webpages containing 2,658 IOCs (711 IPv4 addresses, 502 IPv6 addresses, 1,445 domains) reveals significant performance variations. Gemini 1.5 Pro achieved 0.958 precision and 0.788 specificity for malicious IOC identification, while demonstrating perfect recall (1.0) for actual threats.
Similar Papers
Cracking IoT Security: Can LLMs Outsmart Static Analysis Tools?
Cryptography and Security
AI struggles to find hidden smart home rule dangers.
POLAR: Automating Cyber Threat Prioritization through LLM-Powered Assessment
Cryptography and Security
Makes computers better at finding online dangers.
A Decompilation-Driven Framework for Malware Detection with Large Language Models
Cryptography and Security
Helps computers spot bad computer programs.