A survey of large language models for cyber threat detection☆

With the increasing complexity of cyber threats and the expanding scope of cyberspace, there exist progressively more challenges in cyber threat detection. It is proven that most previous threat detection models may become inadequate due to the escalation of hacker attacks. However, recent research has shown that some of these problems can be effectively addressed by Large Language Models (LLMs) directly or indirectly. Nowadays, a growing number of security researchers are adopting LLMs for analyzing various cyber threats. According to the investigation, we found that while there are numerous emerging reviews on the utilization of LLMs in some fields of cyber security, there is currently a lack of a comprehensive review on the application of LLMs in the threat detection stage. Through retrieving and collating existing works in recent years, we examined various threat detection and monitoring tasks for which LLMs may be well-suited, including cyber threat intelligence, phishing email detection, threat prediction, logs analysis, and so on. Additionally, the review explored the specific stages of different detection tasks in which LLMs are involved, evaluating the points at which LLMs are optimized. For instance, LLMs have been found to enhance the interpretability of log analysis in real-time anomaly event discovery. Additionally, we discussed some tasks where LLMs may not be suitable and explored future directions and challenges in this field. By providing a detailed status update and comprehensive insights, this review aims to assist security researchers in leveraging LLMs to enhance existing detection frameworks or develop domain-specific LLMs.