Generative AI Driven Novel Approaches for Cyber Attack Prediction, Detection, and Mitigation
Abstract
Ensuring Quality of Service (QoS) and Quality of Experience (QoE) in networks requires robust mechanisms for cyberattack prediction, detection, and mitigation. The rapid advancements in Machine Learning (ML) and Natural Language Processing (NLP) offer innovative solutions for these challenges but also introduce complexities that must be carefully addressed. This thesis tackles these issues through four empirical studies, presenting novel approaches for cyberattack prediction, detection, and mitigation. Firstly, we propose an EMD-KNN-based traffic forecasting technique. By accurately predicting unexpected spikes in internet traffic, we can proactively identify potential cyberattacks before they occur. Additionally, we introduce an end-to-end framework for detecting and explaining cyberattacks using Explainable AI (XAI) and Large Language Models (LLMs). While large cloud-based LLMs, such as ChatGPT, provide advanced text generation and general intelligence, they pose risks for enterprises due to the potential exposure of sensitive data. As a result, on-premise solutions are often preferred in network security environments. However, open-source LLMs typically underperform compared to their cloud-based counterparts. To address this, we explored domain-specific fine-tuning of LLMs to enhance their performance in cybersecurity tasks. Finally, we integrate these innovations into an autonomous cyberattack monitoring and incident response system, utilizing the Reasoning and Acting (ReAct) framework and the capabilities of LLMs. By incorporating generative AI into the cyberattack detection and mitigation process, this research opens new dimensions in cybersecurity, paving the way for more intelligent, autonomous defense mechanisms in network security.