中文标题#
eX-NIDS:一種利用大語言模型的可解釋網絡入侵檢測框架
英文标题#
eX-NIDS: A Framework for Explainable Network Intrusion Detection Leveraging Large Language Models
中文摘要#
本文介紹了 eX-NIDS,這是一種框架,旨在通過利用大型語言模型(LLMs)來增強基於流量的網絡入侵檢測系統(NIDS)的可解釋性。 在我們提出的框架中,由 NIDS 標記為惡意的流量首先通過一個稱為 Prompt Augmenter 的模塊進行處理。 該模塊從這些流量中提取上下文信息和與網絡威脅情報(CTI)相關的知識。 然後將這種豐富且特定於上下文的數據與 LLM 的輸入提示相結合,使其能夠生成詳細的解釋和解釋,說明為什麼流量被 NIDS 識別為惡意。 我們將生成的解釋與一個 Basic-Prompt Explainer 基線進行比較,該基線不將任何上下文信息納入 LLM 的輸入提示中。 我們的框架使用 Llama 3 和 GPT-4 模型進行定量評估,採用一種針對自然語言解釋的新評估方法,重點關注其正確性和一致性。 結果表明,增強的 LLM 可以生成準確且一致的解釋,作為 NIDS 中解釋惡意流量分類的有價值的補充工具。 與 Basic-Prompt Explainer 相比,增強提示的使用使性能提高了 20% 以上。
英文摘要#
This paper introduces eX-NIDS, a framework designed to enhance interpretability in flow-based Network Intrusion Detection Systems (NIDS) by leveraging Large Language Models (LLMs). In our proposed framework, flows labelled as malicious by NIDS are initially processed through a module called the Prompt Augmenter. This module extracts contextual information and Cyber Threat Intelligence (CTI)-related knowledge from these flows. This enriched, context-specific data is then integrated with an input prompt for an LLM, enabling it to generate detailed explanations and interpretations of why the flow was identified as malicious by NIDS. We compare the generated interpretations against a Basic-Prompt Explainer baseline, which does not incorporate any contextual information into the LLM's input prompt. Our framework is quantitatively evaluated using the Llama 3 and GPT-4 models, employing a novel evaluation method tailored for natural language explanations, focusing on their correctness and consistency. The results demonstrate that augmented LLMs can produce accurate and consistent explanations, serving as valuable complementary tools in NIDS to explain the classification of malicious flows. The use of augmented prompts enhances performance by over 20% compared to the Basic-Prompt Explainer.
PDF 获取#
抖音掃碼查看更多精彩內容