Large Language Model-Augmented Cybersecurity Threat Detection for Cloud-Native Infrastructures
Keywords:
large language models, cybersecurity, threat detection, cloud-native infrastructure, systems architecture, adversarial robustness, governance, sustainabilityAbstract
The rapid shift toward cloud-native architectures, characterized by microservices, containerization, and dynamic orchestration, has introduced a new class of cybersecurity vulnerabilities that challenge traditional detection paradigms. This paper proposes and critically examines a framework for augmenting threat detection in such environments using large language models. Unlike signature-based or shallow machine learning methods, large language models offer deep contextual understanding of unstructured logs, natural language reports, and code-level anomalies. However, their integration into real-time, high-stakes security pipelines raises significant structural trade-offs involving latency, computational cost, interpretability, and resilience. This study addresses these trade-offs from a systems engineering perspective, analyzing architectural patterns for embedding language models within cloud-native security stacks. Emphasis is placed on deployment strategies that balance detection accuracy against resource consumption, governance mechanisms to ensure model fairness and avoid adversarial exploitation, and sustainability considerations in terms of energy and hardware lifecycle. Through a synthesis of current research and cross-domain comparisons with autonomous systems and critical infrastructure, the paper identifies key challenges such as data drift, prompt injection, and adversarial robustness. Policy implications are discussed, including the need for regulatory frameworks that address model accountability and transparency in cybersecurity operations. The analysis concludes with a forward-looking agenda for hybrid systems that combine large language models with specialized anomaly detectors, advocating for continuous validation and human-in-the-loop oversight. This work contributes to the emerging discourse on foundation model deployment in safety-critical socio-technical infrastructures.
References
1. Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176. https://doi.org/10.1109/COMST.2015.2494502
2. Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (pp. 305–316). IEEE. https://doi.org/10.1109/SP.2010.25
3. Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A. N., Kaiser, Ł., & Polosukhin, I. (2017). Attention is all you need. In Advances in Neural Information Processing Systems 30 (pp. 5998–6008). Curran Associates.
4. Devlin, J., Chang, M.-W., Lee, K., & Toutanova, K. (2019). BERT: Pre-training of deep bidirectional transformers for language understanding. In Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (pp. 4171–4186). ACL. https://doi.org/10.18653/v1/N19-1423
5. Brown, T. B., Mann, B., Ryder, N., Subbiah, M., Kaplan, J., Dhariwal, P., ... & Amodei, D. (2020). Language models are few-shot learners. In Advances in Neural Information Processing Systems 33 (pp. 1877–1901). Curran Associates.
6. Radford, A., Wu, J., Child, R., Luan, D., Amodei, D., & Sutskever, I. (2019). Language models are unsupervised multitask learners. OpenAI Blog, 1(8), 9.
7. Zhang, Y., Li, Z., & Li, T. (2023). Large language models for cybersecurity: A systematic review. arXiv preprint arXiv:2308.00054. https://arxiv.org/abs/2308.00054
8. Hu, S., & Li, J. (2024). SecBERT: A language model for security log analysis. In Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (pp. 120–135). ACM. https://doi.org/10.1145/3658644.3690347
9. Almubarak, M., & Soni, V. (2022). Offline vs. online intrusion detection using deep learning: A comparative analysis. Journal of Network and Systems Management, 30(4), 1–25. https://doi.org/10.1007/s10922-022-09672-0
10. Patterson, D., Gonzalez, J., Le, Q. V., Liang, P., Dean, J., & Yang, N. (2021). Carbon emissions and large neural network training. arXiv preprint arXiv:2104.10350. https://arxiv.org/abs/2104.10350
11. Carlini, N., Tramer, F., Wallace, E., Jagielski, M., Herbert-Voss, A., Lee, K., ... & Papernot, N. (2021). Extracting training data from large language models. In Proceedings of the 30th USENIX Security Symposium (pp. 2633–2650). USENIX.
12. Perez, F., & Ribeiro, L. (2023). Prompt engineering for security: A study of hallucination and prompt injection. In Proceedings of the 2023 IEEE Conference on Secure Computing (pp. 45–58). IEEE. https://doi.org/10.1109/SecureC.2023.00012
13. Chen, W., & Wang, H. (2024). Distilled language models for real-time anomaly detection in cloud environments. IEEE Transactions on Dependable and Secure Computing, 21(2), 789–802. https://doi.org/10.1109/TDSC.2023.3321807
14. Papernot, P., McDaniel, P., & Goodfellow, I. (2016). Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277. https://arxiv.org/abs/1605.07277
15. Guo, C., Pleiss, G., Sun, Y., & Weinberger, K. Q. (2020). On calibration of modern neural networks. In Proceedings of the 34th International Conference on Machine Learning (pp. 1321–1330). PMLR.
16. Doshi-Velez, F., & Kim, B. (2017). Towards a rigorous science of interpretable machine learning. arXiv preprint arXiv:1702.08608. https://arxiv.org/abs/1702.08608
17. Strubell, E., Ganesh, A., & McCallum, A. (2019). Energy and policy considerations for deep learning in NLP. In Proceedings of the 57th Annual Meeting of the Association for Computational Linguistics (pp. 3645–3650). ACL. https://doi.org/10.18653/v1/P19-1355
18. Satyanarayanan, M. (2017). The emergence of edge computing. Computer, 50(1), 30–39. https://doi.org/10.1109/MC.2017.9
19. Greshake, K., Abdessamad, M., & Lutz, K. (2023). Prompt injection attacks against large language models: A survey. In Proceedings of the 2023 European Symposium on Research in Computer Security (pp. 112–130). Springer. https://doi.org/10.1007/978-3-031-40878-6_7
20. Biggio, B., & Roli, F. (2018). Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84, 317–331. https://doi.org/10.1016/j.patcog.2018.07.023
21. Mehrabi, N., Morstatter, F., Saxena, N., Lerman, K., & Galstyan, A. (2021). A survey on bias and fairness in machine learning. ACM Computing Surveys, 54(6), 1–35. https://doi.org/10.1145/3457607
22. European Commission. (2021). Proposal for a Regulation laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). COM(2021) 206 final. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52021PC0206
23. Henderson, P., Hu, J., Romoff, J., Brunskill, E., Jurafsky, D., & Pineau, J. (2020). Towards the systematic reporting of the energy and carbon footprints of machine learning. Journal of Machine Learning Research, 21(1), 1–43.
24. Common Criteria. (2022). Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5. CCMB-2022-01-001. https://www.commoncriteriaportal.org/
25. Koopman, P., & Wagner, M. (2016). Challenges in autonomous vehicle testing and validation. SAE International Journal of Transportation Safety, 4(1), 15–24. https://doi.org/10.4271/2016-01-0128
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Journal of Data Intelligence and AI Systems
This work is licensed under a Creative Commons Attribution 4.0 International License.
This article is published under the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
