Utilising large language models for automated real-time cyber threat analysis
Abstract
In the contemporary cybersecurity landscape, where the rapid growth in the quantity and complexity of threats has undermined the effectiveness of traditional rule- and signature-based detection methods, an urgent need has emerged for automated cyber threat analysis systems employing large language models. The objective of this study was to investigate the capabilities of large language models for automated cyber threat analysis, risk assessment, and improving incident response efficiency in corporate environments. To achieve this goal, machine learning and natural language processing techniques were employed, particularly the adaptation of large language models for threat classification, risk-level evaluation, and anomaly detection. A system was developed to analyse incoming and outgoing email communications, which during testing automatically identified phishing attacks and social engineering techniques, assigned risk scores to messages, and quarantined those exceeding a predefined threshold (e.g., 0.8) for further inspection. The system analysed a dataset of 100,000 emails, of which 70% were legitimate communications and 30% were phishing attacks. Additionally, real-time analysis of data streams from corporate logs and external sources enabled the detection of potential cyber incidents with an accuracy of up to 94%, while reducing the false-positive rate to 6.5%. The obtained results confirmed the efficacy of large language models, which achieved a threat classification accuracy of up to 97% with an F1-score of 95% and reduced incident response times by 30-40%. These findings can be leveraged by other researchers to refine phishing detection techniques, reduce false positives in corporate security systems, and integrate machine learning models with diverse data sources, including SIEM systems and external cybersecurity resources
Keywords
natural language processing; machine learning for security; phishing attack detection; anomaly detection; deep learning in cybersecurity; neural networks for security; cyber threat intelligence
References
[1] Aghaei, E., Niu, X., Shadid, W., & Al-Shaer, E. (2022). SecureBERT: A domain-specific language model for cybersecurity. In F. Li, K. Liang, Z. Lin & S.K. Katsikas (Eds.), Security and privacy in communication networks (pp. 39-56). Cham: Springer. doi: 10.1007/978-3-031-25538-0_3.
[2] Alabi, M., & Ademola, F. (2024). Adversarial robustness and defense mechanisms in machine learning. Retrieved from https://www.researchgate.net/publication/383250866_Adversarial_Robustness_and_Defense_Mechanisms_ in_Machine_Learning.
[3] Alfarsi, K., Rasheed, S., & Ahmad, I. (2024). Malware classification using few-shot learning approach. Information, 15(11), article number 722. doi: 10.3390/info15110722.
[4] Ambekar, N.G., & Thokchom, S. (2024). UL-VAE: An unsupervised learning approach for zero-day malware detection using variational autoencoder. In Proceedings of the international conference on computational intelligence and network systems (pp. 1-7). Dubai: IEEE. doi: 10.1109/CINS63881.2024.10864450.
[5] Avci, C., Tekinerdogan, B., & Catal, C. (2024). Design tactics for tailoring transformer architectures to cybersecurity challenges. Cluster Computing, 27, 9587-9613. doi: 10.1007/s10586-024-04355-0.
[6] Chaabene, N.E., Bouzeghoub, A., Guetari, R., & Ghezala, H.B. (2021). Deep learning methods for anomalies detection in social networks using multidimensional networks and multimodal data: A survey. Multimedia Systems, 28, 2133-2143. doi: 10.1007/s00530-020-00731-z.
[7] Cherqi, O., Moukafih, Y., Ghogho, M., & Benbrahim, H. (2023). Enhancing cyber threat identification in opensource intelligence feeds through an improved semi-supervised generative adversarial learning approach with contrastive learning. IEEE Access, 11, 84440-84452. doi: 10.1109/ACCESS.2023.3299604.
[8] Damola, P., & Miracle, A. (2024). LLM-based security automation: Revolutionizing threat detection and incident response. Cybersecurity & Cybercrime, 6(7), 9-15.
[9] Ding, Z., Xu, H., Guo, Y., Yan, L., Cui, L., & Hao, Z. (2023). Mal-Bert-GCN: Malware detection by combining Bert and GCN. In Proceedings of the international conference on trust, security and privacy in computing and communications (pp. 175-183). Wuhan: IEEE. doi: 10.1109/TrustCom56396.2022.00034.
[10] Gholami, Y. (2024). Large Language Models (LLMs) for cybersecurity: A systematic review. World Journal of Advanced Engineering Technology and Sciences, 13(1), 57-69. doi: 10.30574/wjaets.2024.13.1.0395.
[11] Gunda, P., & Komati, T.R. (2024). Integrating self-attention mechanisms for contextually relevant information in product management. International Journal of Computational and Experimental Science and Engineering, 10(4), 1361-1371. doi: 10.22399/ijcesen.651.
[12] Guo, W., Liu, C., Wang, L., Wu, J., Xu, Z., Huang, C., Fang, Y., & Liu, Y. (2024). PackageIntel: Leveraging large language models for automated intelligence extraction in package ecosystems. ArXiv. doi: 10.48550/arXiv.2409.15049.
[13] He, P., Lin, Y., Dong, S., Xu, H., Xing, Y., & Liu, H. (2025). Red-teaming LLM multi-agent systems via communication attacks. ArXiv. doi: 10.48550/arXiv.2502.14847.
[14] Jamal, S., & Wimmer, H. (2023). An improved transformer-based model for detecting phishing, spam, and ham: A large language model approach. Research Square. doi: 10.21203/rs.3.rs-3608294/v1.
[15] Joshua, E., Do, J., & Patel, R. (2025). AI-driven threat intelligence system (AIDTIS): Leveraging large language models for automated threat research and detection development. International Journal of Science and Research Archive, 14(3), 270-285. doi: 10.30574/ijsra.2025.14.3.0339.
[16] Kuppam, M. (2024). Turning data telemetry into insights using application performance monitoring solutions. FeedForward, 3(2), 23-32.
[17] Li, L., & Chen, W. (2024). ConGraph: Advanced persistent threat detection method based on provenance graph combined with process context in cyber-physical system environment. Electronics, 13(5), article number 945. doi: 10.3390/electronics13050945.
[18] Liu, S., Chen, J., Ruan, S., Su, H., & Yin, Z. (2024). Exploring the robustness of decision-level through adversarial attacks on LLM-based embodied models. In J. Cai, M. Kankanhalli, B. Prabhakaran & S. Boll (Eds.), Proceedings of the 32nd ACM international conference on multimedia (pp. 8120-8128). New York: Association for Computing Machinery. doi: 10.1145/3664647.3680616
[19] McIntosh, T., Liu, T., Susnjak, T., Alavizadeh, H., Ng, A., Nowrozy, R., & Watters, P. (2023). Harnessing GPT-4 for generation of cybersecurity GRC policies: A focus on ransomware attack mitigation. Computers & Security, 134, article number 103424. doi: 10.1016/j.cose.2023.103424.
[20] Mokin, V.B., & Pradivliannyi, M.G. (2024). Machine learning, intelligent data analysis and artificial intelligence of things. Vinnytsia: Vinnytsia National Technical University.
[21] Molleti, R., Goje, V., Luthra, P., & Raghavan, P. (2024). Automated threat detection and response using LLM agents. World Journal of Advanced Research and Reviews, 24(2), 79-90. doi: 10.30574/wjarr.2024.24.2.3329.
[22] Ogundairo, O., & Broklyn, P. (2024). Natural language processing for cybersecurity incident analysis. Retrieved from https://easychair.org/publications/preprint/zXlC.
[23] Olaoye, F., & Egon, A. (2024). Explainable AI for security decision making. Retrieved from https://easychair.org/ publications/preprint/TtJd.
[24] Parmar, S., & Patel, H. (2024). Prompt engineering for large language model. doi: 10.13140/RG.2.2.11549.93923.
[25] Partyka, A., Harasymchuk, O., Nyemkova, E., Sovyn, Y., & Dudykevych, V. (2024). Development of a method for investigating cybercrimes by type of ransomware using artificial intelligence models in the critical infrastructure Information security management system. Social Development and Security, 14(2), 52-63. doi: 10.33445/sds.2024.14.2.6.
[26] Podvysotska, O.P., & Nosok, S.O. (2024). Applying machine learning algorithms to detect network traffic anomalies. In All-Ukrainian scientific and practical conference of students, postgraduates and young scientists (pp. 288-290). Kyiv: National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”.
[27] Ranade, P., Piplai, A., Mittal, S., & Joshi, A. (2021). Generating fake cyber threat intelligence using transformerbased models. In Proceedings of the international joint conference on neural networks (pp. 1-9). Shenzhen: IEEE. doi: 10.1109/IJCNN52387.2021.9534192.
[28] Rybalchenko, L., & Ohrimenco, S. (2024). The impact of cybersecurity and crime on national security. Philosophy, Economics and Law Review, 4(2), 62-72. doi: 10.31733/2786-491X-2024-2-62.
[29] Sangher, K.S., Singh, A., Pandey, H.M., & Kumar, V. (2023). Towards safe cyber practices: Developing a proactive cyber-threat intelligence system for dark web forum content by identifying cybercrimes. Information, 14(6), article number 349. doi: 10.3390/info14060349.
[30] Santoso, J.T., Hartono, B., Silalahi, F.D., & Muthohir, M. (2024). Transformers in cybersecurity: Advancing threat detection and response through machine learning architectures. Journal of Technology Informatics and Engineering, 3(3), 382-396. doi: 10.51903/jtie.v3i3.211.
[31] Singh, K., Grover, S.S., & Kumar, R.K. (2022). Cyber security vulnerability detection using natural language processing. In World AI IoT congress (pp. 174-178). Seattle: IEEE. doi: 10.1109/AIIoT54504.2022.9817336.
[32] Taghavi, S.M., & Feyzi, F. (2024). Using large language models to better detect and handle software vulnerabilities and cyber security threats. Research Square. doi: 10.21203/rs.3.rs-4387414/v1.
[33] Wang, J. (2024). Exploring vulnerabilities in BERT models. doi: 10.20944/preprints202407.0204.v2.