Cyber Threat Hunting by Finetuning LLM for DDoS Detection

Cybersecurity threats, particularly Distributed Denial-of-Service (DDoS) attacks, pose significant risks to modern network infras- tructures. Traditional detection mechanisms often struggle with scalability and adaptability, necessitating more advanced AI-driven solutions. This research initially explored zero-shot prompting with Large Language Models (LLMs) for cyber threat detection; however, the results highlighted the limitations of general-purpose models in handling domain-specific classification tasks.To improve detection performance, we adopted a supervised fine-tuning approach, using the CICIDS 2019 dataset. Four state-of-the-art LLMs—Llama 3.1, Llama 3.2, Mistral —were fine-tuned using Low-Rank Adaptation (LoRA) to optimize classification performance while maintaining computational efficiency. The models were evaluated on key performance metrics, including accuracy, precision, recall, F1 score, and latency, with Llama 3.2 showing the highest accuracy and the most balanced trade-offs. Structured prompt engineering further enhanced the effectiveness of fine-tuned models in identifying network threats.The findings underscore the potential of supervised fine-tuning for adapting LLMs to cybersecurity domains, offering a scalable and robust solution for real-time intrusion detection. Future work may focus on deployment strategies and integration with multimodal threat intelligence to enhance practical applicability.