Malware Detection at the Edge with Lightweight LLMs: A Performance Evaluation
Rondanini, Christian, Carminati, Barbara, Ferrari, Elena, Gaudiano, Antonio, Kundu, Ashish
–arXiv.org Artificial Intelligence
--The rapid evolution of malware attacks calls for the development of innovative detection methods, especially in resource-constrained edge computing. Traditional detection techniques struggle to keep up with modern malware's sophistication and adaptability, prompting a shift towards advanced methodologies like those leveraging Large Language Models (LLMs) for enhanced malware detection. However, deploying LLMs for malware detection directly at edge devices raises several challenges, including ensuring accuracy in constrained environments and addressing edge devices' energy and computational limits. T o tackle these challenges, this paper proposes an architecture leveraging lightweight LLMs' strengths while addressing limitations like reduced accuracy and insufficient computational power . T o evaluate the effectiveness of the proposed lightweight LLM-based approach for edge computing, we perform an extensive experimental evaluation using several state-of-the-art lightweight LLMs. We test them with several publicly available datasets specifically designed for edge and IoT scenarios and different edge nodes with varying computational power and characteristics. In recent years, the rapid evolution of malware attacks has necessitated the development of innovative approaches for their detection, particularly in the resource-constrained edge computing domain. While foundational, traditional detection techniques have struggled to keep pace with modern malware's increasing sophistication and adaptability. This has prompted a shift towards exploring advanced methodologies, including using lightweight Large Language Models (LLMs), to enhance malware detection capabilities in edge environments. DistilGPT -2, and TinyT5 have emerged as promising solutions. These models leverage techniques such as distillation and pruning to significantly reduce their size and computational requirements, making them more suitable for edge-devices deployment. Despite their smaller footprint, these models retain much of their larger counterparts' pattern recognition and contextual understanding capabilities, allowing them to process and analyze complex, unstructured data streams effectively. In the context of malware detection, they offer the potential for improved accuracy, real-time adaptability, and continuous learning while addressing the strict energy, storage, and computational constraints of edge computing environments. However, deploying LLMs for malware detection in edge computing is not without challenges. Model performance: maintaining high accuracy under the constraints of edge environments remains a significant hurdle. While LLMs excel in natural language understanding and pattern recognition, their generalizability across diverse edge scenarios is often limited, particularly when faced with malware's dynamic and adaptive nature [1].
arXiv.org Artificial Intelligence
Mar-6-2025
- Country:
- North America > United States (0.04)
- Europe > Italy (0.04)
- Oceania > Australia
- New South Wales (0.04)
- Australian Capital Territory > Canberra (0.04)
- Genre:
- Research Report > Promising Solution (0.54)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Technology: