Virginia Tech® home

Adaptive Intrusion Detection in IoT Networks Using LLM-Driven Behavioral Analysis and Deep Reinforcement Learning

Researchers from Old Dominion University, Virginia Tech

Researchers will develop adaptive intrusion-detection tools through the integration of Deep Reinforcement Learning (DRL), Large Language Models (LLMs), neuro-symbolic AI, and wireless networking to enable the Internet of Things (IoT) to swiftly recover from cyberattacks without degrading the user experience. 

Funded by the CCI Hub

Project Investigators

Rationale

The growing reliance on IoT devices in such areas as health care, smart cities, and industrial control requires advanced security frameworks capable of defending against increasingly sophisticated cyber threats. 

These devices, often lacking robust security and operating in resource-constrained environments, are vulnerable to attacks such as Distributed Denial of Service (DDoS), malware, and data breaches. 

The complexity of IoT data makes traditional anomaly detection methods prone to false positives and negatives, particularly in detecting sophisticated, multi-stage attacks.

Recent advances in Large Language Models (LLMs), such as GPT and BERT, present new opportunities for analyzing complex IoT behaviors.

Projected Outcomes

Researchers will:

  • Develop an adaptive prompt-generation system using DRL to optimize LLM queries in real-time by tracking the evolving nature of cyberattacks. 
  • Improve LLM detection capabilities for complex attack scenarios, including Advanced Persistent Threats (APTs), zero-day exploits, and multi-stage attacks. 
  • Formulate resilience metrics to measure IoT network disruption times during various cyberattacks, with the aim of minimizing downtime. 

The system’s effectiveness will be demonstrated across different IoT domains, such as health care, smart homes, and industrial control systems.