{"id":"https://openalex.org/W4416799781","doi":"https://doi.org/10.1109/snpd65828.2025.11254228","title":"Hybrid LLM-Enhanced Intrusion Detection for Zero-Day Threats in IoT Networks","display_name":"Hybrid LLM-Enhanced Intrusion Detection for Zero-Day Threats in IoT Networks","publication_year":2025,"publication_date":"2025-06-25","ids":{"openalex":"https://openalex.org/W4416799781","doi":"https://doi.org/10.1109/snpd65828.2025.11254228"},"language":null,"primary_location":{"id":"doi:10.1109/snpd65828.2025.11254228","is_oa":false,"landing_page_url":"https://doi.org/10.1109/snpd65828.2025.11254228","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE/ACIS 29th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5028304067","display_name":"Mohammad F. Al-Hammouri","orcid":"https://orcid.org/0000-0001-6884-3715"},"institutions":[{"id":"https://openalex.org/I157392197","display_name":"Hashemite University","ror":"https://ror.org/04a1r5z94","country_code":"JO","type":"education","lineage":["https://openalex.org/I157392197"]}],"countries":["JO"],"is_corresponding":true,"raw_author_name":"Mohammad F Al-Hammouri","raw_affiliation_strings":["The Hashemite University,Dept. of Computer Engineering,Zarqa,Jordan"],"affiliations":[{"raw_affiliation_string":"The Hashemite University,Dept. of Computer Engineering,Zarqa,Jordan","institution_ids":["https://openalex.org/I157392197"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5014662198","display_name":"Yazan Otoum","orcid":"https://orcid.org/0000-0002-5500-3060"},"institutions":[{"id":"https://openalex.org/I86519414","display_name":"Algoma University","ror":"https://ror.org/0131d6623","country_code":"CA","type":"education","lineage":["https://openalex.org/I86519414"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Yazan Otoum","raw_affiliation_strings":["Algoma University,School of Computer Science and Technology,Canada"],"affiliations":[{"raw_affiliation_string":"Algoma University,School of Computer Science and Technology,Canada","institution_ids":["https://openalex.org/I86519414"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086043457","display_name":"Rasha Jamal Atwa","orcid":null},"institutions":[{"id":"https://openalex.org/I4210099699","display_name":"Jeddah University","ror":"https://ror.org/015ya8798","country_code":"SA","type":"education","lineage":["https://openalex.org/I4210099699"]}],"countries":["SA"],"is_corresponding":false,"raw_author_name":"Rasha Atwa","raw_affiliation_strings":["University of Jeddah,College of Computer Science and Engineering,Saudi Arabia"],"affiliations":[{"raw_affiliation_string":"University of Jeddah,College of Computer Science and Engineering,Saudi Arabia","institution_ids":["https://openalex.org/I4210099699"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048076896","display_name":"Amiya Nayak","orcid":"https://orcid.org/0000-0002-4605-0500"},"institutions":[{"id":"https://openalex.org/I153718931","display_name":"University of Ottawa","ror":"https://ror.org/03c4mmv16","country_code":"CA","type":"education","lineage":["https://openalex.org/I153718931"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amiya Nayak","raw_affiliation_strings":["University of Ottawa,School of Electrical Engineering and Computer Science,Canada"],"affiliations":[{"raw_affiliation_string":"University of Ottawa,School of Electrical Engineering and Computer Science,Canada","institution_ids":["https://openalex.org/I153718931"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5028304067"],"corresponding_institution_ids":["https://openalex.org/I157392197"],"apc_list":null,"apc_paid":null,"fwci":1.6666,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.89694946,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"864","last_page":"869"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8847000002861023,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8847000002861023,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.0215000007301569,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.014100000262260437,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.8105999827384949},{"id":"https://openalex.org/keywords/adaptability","display_name":"Adaptability","score":0.6491000056266785},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5956000089645386},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5313000082969666},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4560999870300293},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.34060001373291016},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.33570000529289246},{"id":"https://openalex.org/keywords/firewall","display_name":"Firewall (physics)","score":0.3160000145435333}],"concepts":[{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.8105999827384949},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7562000155448914},{"id":"https://openalex.org/C177606310","wikidata":"https://www.wikidata.org/wiki/Q5674297","display_name":"Adaptability","level":2,"score":0.6491000056266785},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5956000089645386},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5313000082969666},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4666999876499176},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4560999870300293},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.34060001373291016},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.33570000529289246},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.33329999446868896},{"id":"https://openalex.org/C77714075","wikidata":"https://www.wikidata.org/wiki/Q5452017","display_name":"Firewall (physics)","level":5,"score":0.3160000145435333},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.30970001220703125},{"id":"https://openalex.org/C20136886","wikidata":"https://www.wikidata.org/wiki/Q749647","display_name":"Interoperability","level":2,"score":0.28859999775886536},{"id":"https://openalex.org/C2779585090","wikidata":"https://www.wikidata.org/wiki/Q3457762","display_name":"Resilience (materials science)","level":2,"score":0.28200000524520874},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.28189998865127563},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2800000011920929},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.2791999876499176},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.2752000093460083},{"id":"https://openalex.org/C158251709","wikidata":"https://www.wikidata.org/wiki/Q354025","display_name":"Intrusion","level":2,"score":0.25870001316070557},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.25540000200271606}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/snpd65828.2025.11254228","is_oa":false,"landing_page_url":"https://doi.org/10.1109/snpd65828.2025.11254228","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE/ACIS 29th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":9,"referenced_works":["https://openalex.org/W1489073918","https://openalex.org/W1985987493","https://openalex.org/W2861867928","https://openalex.org/W3036573907","https://openalex.org/W4379618930","https://openalex.org/W4391844658","https://openalex.org/W4407790276","https://openalex.org/W4408324949","https://openalex.org/W4414539344"],"related_works":[],"abstract_inverted_index":{"This":[0],"paper":[1],"presents":[2],"a":[3,105,126],"novel":[4],"approach":[5],"to":[6,74,97,158],"intrusion":[7,128],"detection":[8,135],"by":[9,43,137,142],"integrating":[10],"traditional":[11,63],"signature-based":[12,114],"methods":[13,64],"with":[14,116],"the":[15,20,44,49,111,117,152],"contextual":[16],"understanding":[17],"capabilities":[18],"of":[19,46,113,119,154],"GPT-2":[21,83],"Large":[22],"Language":[23],"Model":[24],"(LLM).":[25],"As":[26],"cyber":[27],"threats":[28],"become":[29],"increasingly":[30,60],"sophisticated,":[31],"particularly":[32],"in":[33],"distributed,":[34],"heterogeneous,":[35],"and":[36,53,77,89,144,162],"resource-constrained":[37],"environments":[38],"such":[39],"as":[40],"those":[41],"enabled":[42],"Internet":[45],"Things":[47],"(IoT),":[48],"need":[50],"for":[51,67,167],"dynamic":[52],"adaptive":[54],"Intrusion":[55],"Detection":[56],"Systems":[57],"(IDSs)":[58],"becomes":[59],"urgent.":[61],"While":[62],"remain":[65],"effective":[66],"detecting":[68],"known":[69],"threats,":[70],"they":[71],"often":[72],"fail":[73],"recognize":[75],"new":[76],"evolving":[78],"attack":[79,101],"patterns.":[80],"In":[81],"contrast,":[82],"excels":[84],"at":[85],"processing":[86],"unstructured":[87],"data":[88],"identifying":[90],"complex":[91],"semantic":[92,121],"relationships,":[93],"making":[94],"it":[95],"well-suited":[96],"uncovering":[98],"subtle,":[99],"zero-day":[100],"vectors.":[102],"We":[103],"propose":[104],"hybrid":[106],"IDS":[107],"framework":[108],"that":[109,131],"merges":[110],"robustness":[112],"techniques":[115],"adaptability":[118],"GPT-2-driven":[120],"analysis.":[122],"Experimental":[123],"evaluations":[124],"on":[125],"representative":[127],"dataset":[129],"demonstrate":[130],"our":[132],"model":[133,156],"enhances":[134],"accuracy":[136],"6.3%,":[138],"reduces":[139],"false":[140],"positives":[141],"9.0%,":[143],"maintains":[145],"near":[146],"real-time":[147],"responsiveness.":[148],"These":[149],"results":[150],"affirm":[151],"potential":[153],"language":[155],"integration":[157],"build":[159],"intelligent,":[160],"scalable,":[161],"resilient":[163],"cybersecurity":[164],"defences":[165],"suited":[166],"modern":[168],"connected":[169],"environments.":[170]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-11-28T00:00:00"}