JSAI2024

Presentation information

General Session

General Session » GS-2 Machine learning

[1B3-GS-2] Machine learning: Generative model

Tue. May 28, 2024 1:00 PM - 2:40 PM Room B (Concert hall)

座長:比嘉恭太(NEC)

2:00 PM - 2:20 PM

[1B3-GS-2-04] Exploration of Using Large Language Models in Cause Estimation for Anomaly Detection of Packet Payloads

〇Tomokatsu Takahashi1, Yuuki Yamanaka1 (1. NTT Social Informatics Laboratories)

[[Online]]

Keywords:Anomaly Detection, Cause Estimation, LLM

Anomaly communication detection which correspond to various communication protocols used within Industrial Control Systems (ICS) is essential to ensure the security of ICS. For this purpose, Anomaly communication detection using Bidirectional Encoder Representations for Transformers (BERT) is attracting attention, since this method automatically learns the characteristics of packet payloads and is adaptable to various protocols. However, in anomaly communication detection using BERT, it is difficult to explicitly identify the role of the detected packets in communication and the cause of the anomaly due to the lack of prior knowledge about the anomaly. As a result, users are required to have specialized knowledge in security and communication.To address this problem, this paper considers exploits large language models (LLMs), which have been achieving results in various fields. Specifically, to apply LLMs for multiple tasks performed by users to infer the cause of anomalies, we design prompts and construct Retrieval-Augmented Generation (RAG). Furthermore, through evaluation experiments, we discuss the effectiveness and challenges of applying LLMs to the task of cause inference.

Authentication for paper PDF access

A password is required to view paper PDFs. If you are a registered participant, please log on the site from Participant Log In.
You could view the PDF with entering the PDF viewing password bellow.

Password