Betreuer/in: Al Sardy
Überschrift
Traditional Intrusion Detection Systems (IDS) rely on signature-based and anomaly-based techniques, which suffer from limitations such as outdated rule sets, lack of contextual awareness, and poor adaptability to zero-day attacks. These challenges are particularly critical in Cyber-Physical Systems (CPS), where evolving and context-dependent threats require intelligent and adaptive detection mechanisms.
This paper presents HyLLM-IDS, a hybrid intrusion detection framework that integrates signature-based detection, anomaly detection, and Large Language Model (LLM) reasoning enhanced by Retrieval-Augmented Generation (RAG). The proposed system employs a parallel detection architecture, where both signature and anomaly agents analyze network traffic. Suspicious alerts are further processed using a RAG component that retrieves relevant threat intelligence from CVE databases using FAISS-based similarity search. An open-source LLM then performs contextual reasoning to classify alerts and generate human-readable explanations. Experimental results demonstrate that the proposed system achieves high detection capability with improved contextual understanding. The system shows strong recall while maintaining reasonable precision, reflecting realistic IDS behavior. Additionally, a Security Operations Center (SOC) dashboard is implemented to visualize alerts, evaluation metrics, and performance.
The results highlight the effectiveness of combining hybrid detection with LLM-based reasoning and dynamic knowledge retrieval for modern intrusion detection systems.
Raum 04.137, Martensstr. 3, Erlangen
oder
Zoom-Meeting beitreten:
https://fau.zoom-x.de/j/68350702053?pwd=UkF3aXY0QUdjeSsyR0tyRWtLQ0hYUT09
Meeting-ID: 683 5070 2053
Kenncode: 647333