A Survey of Large Language Models for Cyber Threat Detection

Abstract

With the increasing complexity of cyber threats and the expanding scope of cyberspace, there exist progressively more challenges in cyber threat detection and discovery. It’s proven that some previous threat detection models may become inadequate due to the escalation of hacker attacks. However, recent research has shown that some of these problems can be effectively addressed by Large Language Models (LLMs) as an alternative to traditional methods. Nowadays, a growing number of security researchers are attempting to adopt LLMs for analyzing various cyber threats. According to investigation, we found that there is currently no systematic review of how LLMs are applied in cyber threat detection. To assist security researchers in learning and developing more solutions with LLMs efficiently, we have reviewed representative applications of LLMs on cyber threat detection. Firstly, we looked back brief history of LLMs and cyber threat detection, finding reasons why LLMs are suitable for some tasks of cyber threat detection. Next, we systematically retrieved and collated existing works in latest years, covering areas like threat intelligence, malware detection, threat prediction, etc. Additionally, We screened these articles according to certain criteria, then categorized typical works into common detection scenarios, assessing which step or point were LLMs optimized. Finally, we discussed extra topics including future directions and challenges in this field. The review aims to provide research status and comprehensive insights for researchers engaged in this field.