LLM-enhanced security framework for IoT network: anomaly detection and malicious devices identification

Due to resource constraints, Internet of Things (IoT) devices often lack built-in security systems, making them vulnerable to zero-day attacks. Consequently, there is a growing need for anomaly-based intrusion detection systems for IoT networks. However, traditional anomaly systems suffer from a high number of false positives, which wastes analysts’ time. Besides this, there is a semantic gap between the system outputs and the network operators. In this paper, we propose a machine learning-based framework with large language model (LLM) integration to address those challenges we face in traditional systems. The model not only detects potential threats but also bridges the semantic gap. The framework employs isolation forest for anomaly detection and random forest for device integrity assessment. To enhance anomaly evaluation and improve interpretability, the system’s insights are further processed by GPT-4o mini, an LLM. The LLM elucidates statistical summaries of IoT traffic, assigns risk scores, and provides human-readable explanations and thereby enhancing decision-making. This approach reduces the reliance on expert network operators. As a result, non-technical users can understand and act upon the system’s outputs.