Atlantis Institut des Sciences Fictives

Resumen: This paper presents the first systematic benchmark evaluating Large Language Models (LLMs), specifically GPT-2, GPT-Neo-125M, and LLaMA-3.2-1B, as standalone classifiers for intrusion detection, covering both binary and multiclass classification tasks, using structured Zeek logs derived from the CIC IoT 2023 dataset. We compare their performance against established and widely used Machine Learning (XGBoost, Random Forest, Decision Tree) and Deep Learning models (MLP, GRU, LeNet-5) across key evaluation metrics: detection effectiveness (precision, recall and F1-score), inference speed, and resource consumption. All models are consistently trained and rigorously evaluated on the CIC IoT 2023 dataset, ensuring fair, reproducible, and transparent comparisons. Our findings indicate that while LLMs achieve strong F1-score exceeding 95%, and do not fully utilize available GPU resources, they still do not outperform top-performing ML models. Notably XGBoost achieves a higher F1-score of 96.96%, using only 4% of the available CPU. These results emphasize the practical trade-offs between detection capability, inference efficiency, and hardware requirements when applying LLMs in flow-based IDS contexts, particularly in resource-constrained environments such as IoT or edge deployments.
Idioma: Inglés
DOI: 10.1007/s10462-025-11432-2
Año: 2026
Publicado en: ARTIFICIAL INTELLIGENCE REVIEW 59, 2 (2026), [38 pp.]
ISSN: 0269-2821
Financiación: info:eu-repo/grantAgreement/ES/DGA/T31-20R
Financiación: info:eu-repo/grantAgreement/ES/MCINN/PID2022-136476OB-I00
Tipo y forma: Article (Published version)
Área (Departamento): Área Ingeniería Telemática (Dpto. Ingeniería Electrón.Com.)
Exportado de SIDERAL (2026-01-26-14:50:32)


Visitas y descargas

Este artículo se encuentra en las siguientes colecciones:
articulos > articulos-por-area > ingenieria_telematica