中文标题#
eX-NIDS:一种利用大语言模型的可解释网络入侵检测框架
英文标题#
eX-NIDS: A Framework for Explainable Network Intrusion Detection Leveraging Large Language Models
中文摘要#
本文介绍了 eX-NIDS,这是一种框架,旨在通过利用大型语言模型(LLMs)来增强基于流量的网络入侵检测系统(NIDS)的可解释性。 在我们提出的框架中,由 NIDS 标记为恶意的流量首先通过一个称为 Prompt Augmenter 的模块进行处理。 该模块从这些流量中提取上下文信息和与网络威胁情报(CTI)相关的知识。 然后将这种丰富且特定于上下文的数据与 LLM 的输入提示相结合,使其能够生成详细的解释和解释,说明为什么流量被 NIDS 识别为恶意。 我们将生成的解释与一个 Basic-Prompt Explainer 基线进行比较,该基线不将任何上下文信息纳入 LLM 的输入提示中。 我们的框架使用 Llama 3 和 GPT-4 模型进行定量评估,采用一种针对自然语言解释的新评估方法,重点关注其正确性和一致性。 结果表明,增强的 LLM 可以生成准确且一致的解释,作为 NIDS 中解释恶意流量分类的有价值的补充工具。 与 Basic-Prompt Explainer 相比,增强提示的使用使性能提高了 20% 以上。
英文摘要#
This paper introduces eX-NIDS, a framework designed to enhance interpretability in flow-based Network Intrusion Detection Systems (NIDS) by leveraging Large Language Models (LLMs). In our proposed framework, flows labelled as malicious by NIDS are initially processed through a module called the Prompt Augmenter. This module extracts contextual information and Cyber Threat Intelligence (CTI)-related knowledge from these flows. This enriched, context-specific data is then integrated with an input prompt for an LLM, enabling it to generate detailed explanations and interpretations of why the flow was identified as malicious by NIDS. We compare the generated interpretations against a Basic-Prompt Explainer baseline, which does not incorporate any contextual information into the LLM's input prompt. Our framework is quantitatively evaluated using the Llama 3 and GPT-4 models, employing a novel evaluation method tailored for natural language explanations, focusing on their correctness and consistency. The results demonstrate that augmented LLMs can produce accurate and consistent explanations, serving as valuable complementary tools in NIDS to explain the classification of malicious flows. The use of augmented prompts enhances performance by over 20% compared to the Basic-Prompt Explainer.
PDF 获取#
抖音扫码查看更多精彩内容