Internet of Things (IoT) networks generate diverse and high-volume traffic that reflects both normal activity and potential threats. Deriving meaningful insight from such telemetry requires cross-layer interpretation of behaviors, protocols, and context rather than isolated detection. This work presents an LLM-powered AI agent framework that converts raw packet captures into structured and semantically enriched representations for interactive analysis. The framework integrates feature extraction, transformer-based anomaly detection, packet and flow summarization, threat intelligence enrichment, and retrieval-augmented question answering. An AI agent guided by a large language model performs reasoning over the indexed traffic artifacts, assembling evidence to produce accurate and human-readable interpretations. Experimental evaluation on multiple IoT captures and six open models shows that hybrid retrieval, which combines lexical and semantic search with reranking, substantially improves BLEU, ROUGE, METEOR, and BERTScore results compared with dense-only retrieval. System profiling further indicates low CPU, GPU, and memory overhead, demonstrating that the framework achieves holistic and efficient interpretation of IoT network traffic.
翻译:物联网(IoT)网络产生多样且高流量的网络数据,这些数据既反映了正常活动,也潜藏着威胁。要从此类遥测数据中获取有意义的洞察,需要对行为、协议和上下文进行跨层级的整体解析,而非孤立的检测。本文提出一种基于大语言模型(LLM)的AI智能体框架,该框架将原始数据包捕获转换为结构化且语义增强的表示形式,以支持交互式分析。该框架集成了特征提取、基于Transformer的异常检测、数据包与流摘要、威胁情报增强以及检索增强的问答系统。一个由大语言模型引导的AI智能体对已索引的流量数据执行推理,整合证据以生成准确且人类可读的解析结果。在多个物联网流量数据集和六个开源模型上的实验评估表明,结合词法与语义搜索并经过重排序的混合检索方法,相较于仅使用稠密检索,在BLEU、ROUGE、METEOR和BERTScore指标上均有显著提升。系统性能分析进一步表明,该框架在CPU、GPU和内存开销方面均较低,证明其能够实现对物联网网络流量的整体且高效的解析。
相关内容
微信扫码咨询专知VIP会员