doi:10.1007/s10462-025-11432-2engMehavilla, LorenaRodríguez, MaríaGarcía, JoséAlesanco, ÁlvaroEvaluating large language models effectiveness for flow-based intrusion detection: a comparative study with ML and DL baselinesART-2026-147679This paper presents the first systematic benchmark evaluating Large Language Models (LLMs), specifically GPT-2, GPT-Neo-125M, and LLaMA-3.2-1B, as standalone classifiers for intrusion detection, covering both binary and multiclass classification tasks, using structured Zeek logs derived from the CIC IoT 2023 dataset. We compare their performance against established and widely used Machine Learning (XGBoost, Random Forest, Decision Tree) and Deep Learning models (MLP, GRU, LeNet-5) across key evaluation metrics: detection effectiveness (precision, recall and F1-score), inference speed, and resource consumption. All models are consistently trained and rigorously evaluated on the CIC IoT 2023 dataset, ensuring fair, reproducible, and transparent comparisons. Our findings indicate that while LLMs achieve strong F1-score exceeding 95%, and do not fully utilize available GPU resources, they still do not outperform top-performing ML models. Notably XGBoost achieves a higher F1-score of 96.96%, using only 4% of the available CPU. These results emphasize the practical trade-offs between detection capability, inference efficiency, and hardware requirements when applying LLMs in flow-based IDS contexts, particularly in resource-constrained environments such as IoT or edge deployments.2026http://zaguan.unizar.es/record/16810110.1007/s10462-025-11432-2http://zaguan.unizar.es/record/168101oai:zaguan.unizar.es:168101info:eu-repo/grantAgreement/ES/DGA/T31-20Rinfo:eu-repo/grantAgreement/ES/MCINN/PID2022-136476OB-I00ARTIFICIAL INTELLIGENCE REVIEW 59, 2 (2026), [38 pp.]byhttps://creativecommons.org/licenses/by/4.0/deed.esinfo:eu-repo/semantics/openAccess