{"id":"https://openalex.org/W4415180475","doi":"https://doi.org/10.1109/blackseacom65655.2025.11193960","title":"Evaluating Large Language Models for Anomaly Detection with Cost-Efficient Sampling: A Generalized Framework","display_name":"Evaluating Large Language Models for Anomaly Detection with Cost-Efficient Sampling: A Generalized Framework","publication_year":2025,"publication_date":"2025-06-23","ids":{"openalex":"https://openalex.org/W4415180475","doi":"https://doi.org/10.1109/blackseacom65655.2025.11193960"},"language":"en","primary_location":{"id":"doi:10.1109/blackseacom65655.2025.11193960","is_oa":false,"landing_page_url":"https://doi.org/10.1109/blackseacom65655.2025.11193960","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5083895646","display_name":"Duy Anh Ph\u1ea1m","orcid":"https://orcid.org/0000-0003-3832-9453"},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Duy Anh Pham","raw_affiliation_strings":["King&#x2019;s College London,Department of Informatics,London,UK"],"affiliations":[{"raw_affiliation_string":"King&#x2019;s College London,Department of Informatics,London,UK","institution_ids":["https://openalex.org/I183935753"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010458580","display_name":"Ievgeniia Kuzminykh","orcid":"https://orcid.org/0000-0001-6917-4234"},"institutions":[{"id":"https://openalex.org/I183935753","display_name":"King's College London","ror":"https://ror.org/0220mzb33","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I183935753"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Ievgeniia Kuzminykh","raw_affiliation_strings":["King&#x2019;s College London,London,UK"],"affiliations":[{"raw_affiliation_string":"King&#x2019;s College London,London,UK","institution_ids":["https://openalex.org/I183935753"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5068995776","display_name":"Andrii Astrakhantsev","orcid":"https://orcid.org/0000-0002-6664-3653"},"institutions":[{"id":"https://openalex.org/I202483615","display_name":"National Technical University of Ukraine \u201cIgor Sikorsky Kyiv Polytechnic Institute\u201d","ror":"https://ror.org/00syn5v21","country_code":"UA","type":"education","lineage":["https://openalex.org/I202483615"]}],"countries":["UA"],"is_corresponding":false,"raw_author_name":"Andrii Astrakhantsev","raw_affiliation_strings":["Igor Sikorsky Kyiv Polytechnic Institute,Kyiv,Ukraine"],"affiliations":[{"raw_affiliation_string":"Igor Sikorsky Kyiv Polytechnic Institute,Kyiv,Ukraine","institution_ids":["https://openalex.org/I202483615"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5044709278","display_name":"Bogdan Ghita","orcid":"https://orcid.org/0000-0002-1788-547X"},"institutions":[{"id":"https://openalex.org/I897542642","display_name":"University of Plymouth","ror":"https://ror.org/008n7pv89","country_code":"GB","type":"education","lineage":["https://openalex.org/I897542642"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Bogdan Ghita","raw_affiliation_strings":["University of Plymouth,School of Engineering, Computing, and Mathematics,Plymouth,UK"],"affiliations":[{"raw_affiliation_string":"University of Plymouth,School of Engineering, Computing, and Mathematics,Plymouth,UK","institution_ids":["https://openalex.org/I897542642"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5083895646"],"corresponding_institution_ids":["https://openalex.org/I183935753"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.15918392,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9571999907493591,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9571999907493591,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10181","display_name":"Natural Language Processing Techniques","score":0.9106000065803528,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.7110000252723694},{"id":"https://openalex.org/keywords/adaptability","display_name":"Adaptability","score":0.6654000282287598},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6434999704360962},{"id":"https://openalex.org/keywords/anomaly","display_name":"Anomaly (physics)","score":0.4652000069618225},{"id":"https://openalex.org/keywords/volume","display_name":"Volume (thermodynamics)","score":0.3772999942302704},{"id":"https://openalex.org/keywords/production","display_name":"Production (economics)","score":0.3628999888896942},{"id":"https://openalex.org/keywords/sampling","display_name":"Sampling (signal processing)","score":0.3411000072956085}],"concepts":[{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.7110000252723694},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6662999987602234},{"id":"https://openalex.org/C177606310","wikidata":"https://www.wikidata.org/wiki/Q5674297","display_name":"Adaptability","level":2,"score":0.6654000282287598},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6434999704360962},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.49889999628067017},{"id":"https://openalex.org/C12997251","wikidata":"https://www.wikidata.org/wiki/Q567560","display_name":"Anomaly (physics)","level":2,"score":0.4652000069618225},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4602000117301941},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.37860000133514404},{"id":"https://openalex.org/C20556612","wikidata":"https://www.wikidata.org/wiki/Q4469374","display_name":"Volume (thermodynamics)","level":2,"score":0.3772999942302704},{"id":"https://openalex.org/C2778348673","wikidata":"https://www.wikidata.org/wiki/Q739302","display_name":"Production (economics)","level":2,"score":0.3628999888896942},{"id":"https://openalex.org/C140779682","wikidata":"https://www.wikidata.org/wiki/Q210868","display_name":"Sampling (signal processing)","level":3,"score":0.3411000072956085},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3384999930858612},{"id":"https://openalex.org/C32896092","wikidata":"https://www.wikidata.org/wiki/Q189447","display_name":"Risk management","level":2,"score":0.329800009727478},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.29600000381469727},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.2922999858856201},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.28600001335144043},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.2847999930381775},{"id":"https://openalex.org/C61797465","wikidata":"https://www.wikidata.org/wiki/Q1188986","display_name":"Term (time)","level":2,"score":0.2712000012397766},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2703000009059906},{"id":"https://openalex.org/C45804977","wikidata":"https://www.wikidata.org/wiki/Q7239673","display_name":"Predictive modelling","level":2,"score":0.2680000066757202}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/blackseacom65655.2025.11193960","is_oa":false,"landing_page_url":"https://doi.org/10.1109/blackseacom65655.2025.11193960","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Black Sea Conference on Communications and Networking (BlackSeaCom)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W2099940443","https://openalex.org/W2122111042","https://openalex.org/W2149706766","https://openalex.org/W2342408547","https://openalex.org/W2775103799","https://openalex.org/W3113549393","https://openalex.org/W4213315959","https://openalex.org/W4394862991","https://openalex.org/W4406458335"],"related_works":[],"abstract_inverted_index":{"Cybersecurity":[0],"threats,":[1],"particularly":[2],"zero-day":[3],"attacks,":[4],"pose":[5],"significant":[6],"risks":[7],"to":[8,16,18,79,99,117],"organisations.":[9],"Traditional":[10],"machine":[11],"learning":[12],"(ML)":[13],"models":[14],"struggle":[15],"adapt":[17],"novel":[19],"threats":[20],"outside":[21],"of":[22],"their":[23,31],"training":[24],"data.":[25],"Large":[26],"Language":[27],"Models":[28],"(LLMs),":[29],"with":[30,59],"adaptability":[32],"and":[33,62,75,96],"semantic":[34],"reasoning,":[35],"offer":[36],"potential":[37],"for":[38,120],"detecting":[39],"anomalies":[40],"in":[41,56,94],"network":[42],"traffic.":[43],"This":[44],"paper":[45],"assesses":[46],"whether":[47],"LLMs":[48,108,119],"can":[49],"effectively":[50],"support":[51],"anomaly":[52],"detection":[53],"when":[54],"deployed":[55],"industrial":[57],"contexts":[58],"real-time":[60],"constraints":[61],"large-scale":[63],"data":[64,81],"streams.":[65],"To":[66],"lower":[67],"computational":[68],"costs,":[69],"we":[70,106],"propose":[71],"two-level":[72],"stratified":[73],"sampling":[74],"optimised":[76],"prompt":[77],"engineering":[78],"reduce":[80],"volume":[82],"by":[83],"over":[84],"80%,":[85],"while":[86],"still":[87],"preserving":[88],"key":[89],"malicious":[90],"patterns.":[91],"Comparing":[92],"LLaMA":[93],"zero-shot":[95],"few-shot":[97],"modes":[98],"ML":[100],"baselines":[101],"using":[102],"the":[103],"CICIDS2017":[104],"dataset,":[105],"find":[107],"fall":[109],"short":[110],"on":[111],"volumetric":[112],"attacks.":[113],"We":[114],"discuss":[115],"strategies":[116],"improve":[118],"cost-effective":[121],"production":[122],"use.":[123]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-15T00:00:00"}