ZeroDay-LLM: A Large Language Model Framework for Zero-Day Threat Detection in Cybersecurity
Mohammed Alsuwaiket
Abstract
Zero-day attacks pose unprecedented challenges to modern cybersecurity frameworks, exploiting unknown vulnerabilities that evade traditional signature-based detection systems. This paper presents ZeroDay-LLM, a novel large language model framework specifically designed for real-time zero-day threat detection in IoT and cloud networks. The proposed system integrates lightweight edge encoders with centralized transformer-based reasoning engines, enabling contextual understanding of network traffic patterns and behavioral anomalies. Through comprehensive evaluation on benchmark cybersecurity datasets including CICIDS2017, NSL-KDD, and UNSW-NB15, ZeroDay-LLM demonstrates superior performance, with a 97.8% accuracy in detecting novel attack signatures, a 23% reduction in false positives compared to traditional intrusion detection systems, and enhanced resilience against adversarial evasion techniques. The framework achieves real-time processing capabilities with an average latency of 12.3 ms per packet analysis while maintaining scalability across heterogeneous network infrastructures. Experimental results across urban, rural, and mixed deployment scenarios validate the practical applicability and robustness of the proposed approach.