English

Proactively Detecting Threats: A Novel Approach Using LLMs

Cryptography and Security 2026-01-15 v1 Artificial Intelligence

Abstract

Enterprise security faces escalating threats from sophisticated malware, compounded by expanding digital operations. This paper presents the first systematic evaluation of large language models (LLMs) to proactively identify indicators of compromise (IOCs) from unstructured web-based threat intelligence sources, distinguishing it from reactive malware detection approaches. We developed an automated system that pulls IOCs from 15 web-based threat report sources to evaluate six LLM models (Gemini, Qwen, and Llama variants). Our evaluation of 479 webpages containing 2,658 IOCs (711 IPv4 addresses, 502 IPv6 addresses, 1,445 domains) reveals significant performance variations. Gemini 1.5 Pro achieved 0.958 precision and 0.788 specificity for malicious IOC identification, while demonstrating perfect recall (1.0) for actual threats.

Keywords

Cite

@article{arxiv.2601.09029,
  title  = {Proactively Detecting Threats: A Novel Approach Using LLMs},
  author = {Aniesh Chawla and Udbhav Prasad},
  journal= {arXiv preprint arXiv:2601.09029},
  year   = {2026}
}

Comments

2025 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC)

R2 v1 2026-07-01T09:03:36.256Z