{"id":"https://openalex.org/W4414575228","doi":"https://doi.org/10.1145/3769682","title":"Payload-Aware Intrusion Detection with CMAE and Large Language Models","display_name":"Payload-Aware Intrusion Detection with CMAE and Large Language Models","publication_year":2025,"publication_date":"2025-09-27","ids":{"openalex":"https://openalex.org/W4414575228","doi":"https://doi.org/10.1145/3769682"},"language":"en","primary_location":{"id":"doi:10.1145/3769682","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3769682","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1145/3769682","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5108136660","display_name":"Y. Kim","orcid":null},"institutions":[{"id":"https://openalex.org/I4210087305","display_name":"Scoular (United States)","ror":"https://ror.org/000ccd270","country_code":"US","type":"company","lineage":["https://openalex.org/I4210087305"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yong Cheol Kim","raw_affiliation_strings":["Neouly","Neouly, Mapo-gu, Korea (the Republic of)"],"affiliations":[{"raw_affiliation_string":"Neouly","institution_ids":["https://openalex.org/I4210087305"]},{"raw_affiliation_string":"Neouly, Mapo-gu, Korea (the Republic of)","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045032584","display_name":"Chanjae Lee","orcid":"https://orcid.org/0000-0001-8838-6128"},"institutions":[{"id":"https://openalex.org/I94588446","display_name":"Hongik University","ror":"https://ror.org/00egdv862","country_code":"KR","type":"education","lineage":["https://openalex.org/I94588446"]},{"id":"https://openalex.org/I4210164862","display_name":"Artificial Intelligence in Medicine (Canada)","ror":"https://ror.org/05p590m36","country_code":"CA","type":"company","lineage":["https://openalex.org/I4210164862"]}],"countries":["CA","KR"],"is_corresponding":false,"raw_author_name":"ChanJae Lee","raw_affiliation_strings":["Artificial Intelligencet/Big Data, Hongik University","Artificial Intelligencet/Big Data, Hongik University, Mapo-gu, Korea (the Republic of)"],"affiliations":[{"raw_affiliation_string":"Artificial Intelligencet/Big Data, Hongik University","institution_ids":["https://openalex.org/I4210164862","https://openalex.org/I94588446"]},{"raw_affiliation_string":"Artificial Intelligencet/Big Data, Hongik University, Mapo-gu, Korea (the Republic of)","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033703795","display_name":"Young Yoon","orcid":"https://orcid.org/0000-0002-5249-2823"},"institutions":[{"id":"https://openalex.org/I94588446","display_name":"Hongik University","ror":"https://ror.org/00egdv862","country_code":"KR","type":"education","lineage":["https://openalex.org/I94588446"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Young Yoon","raw_affiliation_strings":["Computer Engineering, Hongik University","Computer Engineering, Hongik University, Mapo-gu, Korea (the Republic of)"],"affiliations":[{"raw_affiliation_string":"Computer Engineering, Hongik University","institution_ids":["https://openalex.org/I94588446"]},{"raw_affiliation_string":"Computer Engineering, Hongik University, Mapo-gu, Korea (the Republic of)","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5108136660"],"corresponding_institution_ids":["https://openalex.org/I4210087305"],"apc_list":null,"apc_paid":null,"fwci":4.6723,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.95352952,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":99},"biblio":{"volume":"29","issue":"1","first_page":"1","last_page":"30"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9987000226974487,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.7833999991416931},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.7786999940872192},{"id":"https://openalex.org/keywords/modular-design","display_name":"Modular design","score":0.5967000126838684},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.4447999894618988},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.4341000020503998},{"id":"https://openalex.org/keywords/constant-false-alarm-rate","display_name":"Constant false alarm rate","score":0.32519999146461487},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.30809998512268066},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3028999865055084}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8222000002861023},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.7833999991416931},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.7786999940872192},{"id":"https://openalex.org/C101468663","wikidata":"https://www.wikidata.org/wiki/Q1620158","display_name":"Modular design","level":2,"score":0.5967000126838684},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5195000171661377},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.49729999899864197},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.48559999465942383},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.4447999894618988},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.4341000020503998},{"id":"https://openalex.org/C77052588","wikidata":"https://www.wikidata.org/wiki/Q644307","display_name":"Constant false alarm rate","level":2,"score":0.32519999146461487},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.30809998512268066},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3028999865055084},{"id":"https://openalex.org/C137524506","wikidata":"https://www.wikidata.org/wiki/Q2247688","display_name":"Anomaly-based intrusion detection system","level":3,"score":0.301800012588501},{"id":"https://openalex.org/C176982825","wikidata":"https://www.wikidata.org/wiki/Q835922","display_name":"Lexical analysis","level":2,"score":0.29420000314712524},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.29249998927116394},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.2897999882698059},{"id":"https://openalex.org/C114289077","wikidata":"https://www.wikidata.org/wiki/Q3284399","display_name":"Statistical model","level":2,"score":0.2883000075817108},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.28130000829696655},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.26829999685287476},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.26570001244544983}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3769682","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3769682","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3769682","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3769682","pdf_url":null,"source":{"id":"https://openalex.org/S4210174050","display_name":"ACM Transactions on Privacy and Security","issn_l":"2471-2566","issn":["2471-2566","2471-2574"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Privacy and Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":46,"referenced_works":["https://openalex.org/W433644524","https://openalex.org/W2064675550","https://openalex.org/W2097117768","https://openalex.org/W2145052282","https://openalex.org/W2194775991","https://openalex.org/W2282821441","https://openalex.org/W2576489192","https://openalex.org/W2791691014","https://openalex.org/W2908954810","https://openalex.org/W2915893383","https://openalex.org/W2929135440","https://openalex.org/W2962858109","https://openalex.org/W2963748489","https://openalex.org/W2983109779","https://openalex.org/W3000367805","https://openalex.org/W3003243900","https://openalex.org/W3010903537","https://openalex.org/W3032021129","https://openalex.org/W3108767863","https://openalex.org/W3116196108","https://openalex.org/W3119693685","https://openalex.org/W3149084432","https://openalex.org/W3157152365","https://openalex.org/W3195241069","https://openalex.org/W3202760407","https://openalex.org/W4206382210","https://openalex.org/W4224220262","https://openalex.org/W4229003780","https://openalex.org/W4285227013","https://openalex.org/W4303700086","https://openalex.org/W4327750468","https://openalex.org/W4362554721","https://openalex.org/W4381890377","https://openalex.org/W4381956218","https://openalex.org/W4387642628","https://openalex.org/W4392353733","https://openalex.org/W4393110971","https://openalex.org/W4395081901","https://openalex.org/W4396930243","https://openalex.org/W4396980283","https://openalex.org/W4401056366","https://openalex.org/W4404926956","https://openalex.org/W4409261757","https://openalex.org/W4410857897","https://openalex.org/W4412898713","https://openalex.org/W6891829139"],"related_works":[],"abstract_inverted_index":{"Intrusion":[0],"Detection":[1],"Systems":[2],"(IDS)":[3],"play":[4],"a":[5,56,61,74,93,107,121,142],"vital":[6],"role":[7],"in":[8],"network":[9],"security,":[10],"yet":[11],"signature-based":[12],"methods":[13],"are":[14],"limited":[15],"by":[16,139],"high":[17],"false":[18],"positive":[19],"rates":[20],"(FPR)":[21],"and":[22,67,73,79,92,112,115,129,150,164,170,175,188],"inability":[23],"to":[24,45],"detect":[25],"novel":[26],"threats.":[27],"Recent":[28],"AI-based":[29],"approaches":[30],"offer":[31],"improved":[32],"adaptability,":[33],"but":[34],"most":[35],"rely":[36],"on":[37,102],"flow-level":[38],"or":[39],"statistical":[40],"features,":[41],"constraining":[42],"their":[43],"ability":[44],"analyze":[46],"sophisticated":[47],"payload-based":[48],"attacks.":[49],"To":[50],"address":[51],"these":[52],"challenges,":[53],"we":[54],"present":[55],"dual-path":[57,145],"IDS":[58,190],"framework:":[59],"Xavier-CMAE,":[60],"lightweight":[62,149],"model":[63],"using":[64],"Hex2Int":[65],"tokenization":[66],"Xavier":[68],"initialization,":[69],"achieves":[70,89,161],"99.9718%":[71],"accuracy":[72,91,166],"0.0182%":[75],"FPR":[76,95],"without":[77,167],"pre-training;":[78,169],"LLM-CMAE,":[80],"which":[81],"leverages":[82],"pre-trained":[83,180],"LLM":[84,181],"tokenizers":[85,182],"for":[86,153,183],"enhanced":[87],"detection,":[88],"99.9696%":[90],"0.0194%":[94],"at":[96],"higher":[97],"computational":[98],"cost.":[99],"Experimental":[100],"results":[101],"the":[103,173],"CIC-IDS2017":[104],"dataset":[105],"reveal":[106],"distinct":[108],"trade-off":[109],"between":[110],"efficiency":[111],"Contextually":[113],"Adept":[114],"Scalable":[116],"(CAS)":[117],"power,":[118],"indicating":[119],"that":[120,147,159],"modular":[122],"approach":[123],"may":[124],"enable":[125],"both":[126],"real-time":[127,162],"scalability":[128,163],"in-depth":[130],"threat":[131,186],"analysis.":[132],"This":[133],"work":[134],"advances":[135],"AI-powered":[136],"intrusion":[137],"detection":[138,152],"(1)":[140],"introducing":[141],"modular,":[143],"payload-centric":[144],"architecture":[146],"combines":[148],"CAS":[151],"adaptive,":[154],"layered":[155],"security;":[156],"(2)":[157],"demonstrating":[158],"Xavier-CMAE":[160],"state-of-the-art":[165],"embedding":[168],"(3)":[171],"exploring":[172],"effectiveness":[174],"future":[176],"potential":[177],"of":[178],"integrating":[179],"nuanced,":[184],"selective":[185],"analysis":[187],"robust":[189],"design.":[191]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}