English

Evaluating Language Models For Threat Detection in IoT Security Logs

Cryptography and Security 2025-07-04 v1 Artificial Intelligence

Abstract

Log analysis is a relevant research field in cybersecurity as they can provide a source of information for the detection of threats to networks and systems. This paper presents a pipeline to use fine-tuned Large Language Models (LLMs) for anomaly detection and mitigation recommendation using IoT security logs. Utilizing classical machine learning classifiers as a baseline, three open-source LLMs are compared for binary and multiclass anomaly detection, with three strategies: zero-shot, few-shot prompting and fine-tuning using an IoT dataset. LLMs give better results on multi-class attack classification than the corresponding baseline models. By mapping detected threats to MITRE CAPEC, defining a set of IoT-specific mitigation actions, and fine-tuning the models with those actions, the models are able to provide a combined detection and recommendation guidance.

Keywords

Cite

@article{arxiv.2507.02390,
  title  = {Evaluating Language Models For Threat Detection in IoT Security Logs},
  author = {Jorge J. Tejero-Fernández and Alfonso Sánchez-Macián},
  journal= {arXiv preprint arXiv:2507.02390},
  year   = {2025}
}
R2 v1 2026-07-01T03:44:29.242Z