Home / Journals / CMES / Online First / doi:10.32604/cmes.2026.083972
Special Issues
Table of Content

Open Access

ARTICLE

LLM-Driven Cross-Flow Modeling for Network Attack Traffic Detection

Aoran Huang1,2,*, Sinuo Zhang1,2, Haoxiang Zhu1,2, Xiaojing Fan1,2, Huachun Zhou1,2,*
1 School of Electronic and Information Engineering, Beijing Jiaotong University, Beijing, China
2 National Engineering Research Center for Advanced Network Technologies, Beijing Jiaotong University, Beijing, China
* Corresponding Author: Aoran Huang. Email: email; Huachun Zhou. Email: email
(This article belongs to the Special Issue: Advanced Security and Privacy for Future Mobile Internet and Convergence Applications: A Computer Modeling Approach)

Computer Modeling in Engineering & Sciences https://doi.org/10.32604/cmes.2026.083972

Received 14 April 2026; Accepted 05 June 2026; Published online 29 June 2026

Abstract

In Future Mobile Internet and convergence application scenarios, existing network attack traffic detection methods are insufficient in characterizing cross-flow correlations and structural dependencies during the attack process, and therefore still have limited generalization ability in complex scenarios and unknown attack identification tasks. To address this issue, this paper proposes a cross-flow modeling large language model framework, which extends the traditional detection paradigm based on single-flow features to joint modeling oriented toward cross-flow context and relational structure. Specifically, this paper constructs cross-flow context through flow sorting, grouping, and cross-group sampling, and combines an inter-flow relation matrix with a dual-branch embedding mechanism to achieve structured representation and relation-aware modeling of network traffic; at the model level, by removing the causal mask and introducing a relation-aware bias into bidirectional self-attention, the representation capability of the large language model for complex attack behaviors and potential inter-flow dependencies is enhanced. Experimental results show that the proposed method overall outperforms traditional machine learning and deep learning baseline models, and demonstrates better stability and accuracy in tasks such as fine-grained classification, unknown attack identification, and cross-scenario generalization. Ablation experiments further verify the effectiveness of the proposed cross-flow context construction, dual-branch embedding, and relation-aware LLM adaptation, demonstrating that each component contributes to the overall detection performance and generalization ability. Our work shows that, after targeted structural adaptation, large language models can effectively serve non-text security tasks such as network traffic analysis, thereby supporting AI-driven security modeling for Future Mobile Internet environments.

Keywords

Large language models; network traffic detection; network security; attention mechanism
  • 40

    View

  • 10

    Download

  • 0

    Like

Share Link