Cover
Vol. 1 No. 1 (2025)

Published: June 30, 2025

Pages: 54-62

Review Article

Harnessing Large Language Models for Enhanced Cybersecurity: A Review of Their Role in Defending Against APT and Cyber Attacks

Zainab Aziz 1 Ali Abed 2
1Computer Engineering Department, University of Basrah, Basrah, Iraq
2Mechatronics Engineering Department, University of Basrah, Basrah, Iraq
History
  • Received: June 8, 2025
  • Revised: June 20, 2025
  • Accepted: June 23, 2025
  • Available Online: June 30, 2025
DOI

https://doi.org/10.33971/ijmrai.1.1.8

Abstract

The emergence of Large Language Models (LLMs) has opened new frontiers in artificial intelligence applications across multiple domains, including cybersecurity. This paper presents a comprehensive review of the role of LLMs in enhancing cyber defense mechanisms, with a particular focus on their effectiveness in identifying, mitigating, and responding to Advanced Persistent Threats (APTs) and other sophisticated cyber-attacks. We explore the integration of LLMs in threat intelligence, anomaly detection, automated incident response, and adversarial behavior analysis. By examining recent advancements, case studies, and state-of-the-art implementations, we highlight the strengths and limitations of current LLM-based approaches. Furthermore, we assess the challenges related to scalability, adversarial robustness, and ethical considerations inherent in deploying LLMs within cybersecurity infrastructures. The review concludes with future research directions, emphasizing the need for hybrid AI systems that combine LLMs with traditional rule-based and statistical methods to provide resilient and adaptive cybersecurity solutions in the face of evolving digital threats.

Keywords

References

  1. L. Zheng, W. Chiang, Y. Sheng, S. Zhuang, Z. Wu, Y. Zhuang, Z. Lin, Z. Li, D. Li, E. P. Xing, H. Zhang, J. E. Gonzalez, and I. Stoica, “Judging llm-as-a-judge with mt-bench and chatbot arena,” Advances in Neural Information Processing Systems, 36, pp. 46595-46623, 2023.
  2. S. Jagtap, V. Kavitkar, M. Jain, A. Ingle, J. P. Tamkhade and K. Kshirsagar, "Enhancing Cyber Security Against DDoS Attacks: A Comprehensive Review and Future Directions," 2025 1st International Conference on AIML-Applications for Engineering & Technology (ICAET), Pune, India, pp. 1-6, 2025, https://doi.org/10.1109/ICAET63349.2025.10932273
  3. S. Mannarswamy, & S. Roy, “Evolving AI from Research to Real Life-Some Challenges and Suggestions,” In IJCAI, pp. 5172-5179, 2018, https://doi.org/10.24963/ijcai.2018/717
  4. N. Sabharwal and A. Agrawal, “Introduction to Natural Language Processing,” Hands-on Question Answering Systems with BERT: Applications in Neural Networks and Natural Language Processing, pp. 1-14, 2021, https://doi.org/10.1007/978-1-4842-6664-9_1
  5. R. A. Chetwyn and L. Erdődi, "Towards Dynamic Capture-The-Flag Training Environments For Reinforcement Learning Offensive Security Agents," 2022 IEEE International Conference on Big Data (Big Data), Osaka, Japan, pp. 2585-2594, 2022, https://doi.org/10.1109/BigData55660.2022.10020389
  6. G. De Vito, F. Palomba and F. Ferrucci,” The role of Large Language Models in addressing IoT challenges: A systematic literature review,” Future Generation Computer Systems, vol. 171, 2025, https://doi.org/10.1016/j.future.2025.107829
  7. A. Kumar, M. Mohammed, D. Camacho and J. H. Park,” A comprehensive survey on large language models for multimedia data security: challenges and solutions,” Computer Networks, vol. 267, 2025, https://doi.org/10.1016/j.comnet.2025.111379
  8. S. Qiu, "Multi-modal Remote Sensing Visual Question Answering Algorithm Based on Large Language Model," 2024 5th International Conference on Big Data & Artificial Intelligence & Software Engineering (ICBASE), Wenzhou, China, pp. 20-23, 2024, https://doi.org/10.1109/ICBASE63199.2024.10762433
  9. O. Perera and J. Grob, "Generative AI in Phishing Detection: Insights and Research Opportunities," 2024 Cyber Awareness and Research Symposium (CARS), Grand Forks, ND, USA, pp. 1-5, 2024, https://doi.org/10.1109/CARS61786.2024.10778758
  10. A. Kimia, M. Hempel, H. Sharif, J. L. Jr., and K. Perumalla, “Cybert: Cybersecurity claim classification by fine-tuning the BERT language model,” Journal of cybersecurity and privacy, vol. 1, no. 4, pp. 615-637, 2021, https://doi.org/10.3390/jcp1040031
  11. E. Aghaei, X. Niu, W. Shadid, and E. Al-Shaer, “Securebert: A domain-specific language model for cybersecurity,” in International Conference on Security and Privacy in Communication Systems, pp. 39-56, Cham: Springer Nature Switzerland, 2022, https://doi.org/10.1007/978-3-031-25538-0_3
  12. F. Shi, S. Kai, J. Zheng, and Y. Zhong, “XL Net-based prediction model for CVSS metric values,” Applied Sciences, vol. 12, no. 18, 2022, https://doi.org/10.3390/app12188983
  13. M. Bayer, P. Kuehn, R. Shanehsaz, and C. Reuter, “Cysecbert: A domain-adapted language model for the cybersecurity domain”, ACM Transactions on Privacy and Security, vol. 27, no. 2, pp. 1-20, 2024, https://doi.org/10.1145/3652594
  14. J. Zhang, H. Bu, H. Wen, Y. Liu, H. Fei, R. Xi, L. Li, Y. Yang, H. Zhu and D. Meng “When LLMs meet cybersecurity: a systematic literature review,” Cybersecurity, vol. 8, no. 55, 2025, https://doi.org/10.1186/s42400-025-00361-w
  15. T. Choudhary, "Political Bias in Large Language Models: A Comparative Analysis of ChatGPT-4, Perplexity, Google Gemini, and Claude," in IEEE Access, vol. 13, pp. 11341-11379, 2025, https://doi.org/10.1109/ACCESS.2024.3523764.
  16. S. Atawneh, and H. Aljehani, “Phishing email detection model using deep learning,” Electronics, vol. 12, no. 20, 2023, https://doi.org/10.3390/electronics12204261
  17. D. Demırcı, and C. Acarturk, “Static malware detection using stacked BiLSTM and GPT-2,” IEEE Access, vol. 10, pp. 58488-58502, 2022, https://doi.org/10.1109/ACCESS.2022.3179384
  18. R. Kaur, T. Klobučar and D. Gabrijelčič, “Harnessing the power of language models in cybersecurity: A comprehensive review,” International Journal of Information Management Data Insights, vol. 5, no. 1, 2025, https://doi.org/10.1016/j.jjimei.2024.100315.
  19. Z. Ali, W. Tiberti, A. Marotta and D. Cassioli, "Empowering Network Security: BERT Transformer Learning Approach and MLP for Intrusion Detection in Imbalanced Network Traffic," in IEEE Access, vol. 12, pp. 137618-137633, 2024, https://doi.org/10.1109/ACCESS.2024.3465045
  20. T. Heričko and B. Šumak, "Commit Classification Into Software Maintenance Activities: A Systematic Literature Review," 2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC), Torino, Italy, pp. 1646-1651, 2023, https://doi.org/10.1109/COMPSAC57700.2023.00254
  21. I. Shen, Y. Wang, Z. Li and W. Ma, “SMS Spam Detection Using BERT and Multi-Graph Convolutional Networks,” International Journal of Intelligent Networks, vol. 6, 2025, https://doi.org/10.1016/j.ijin.2025.06.002
  22. S. Krishnapriya, and S. Singh, “A Comprehensive Survey on Advanced Persistent Threat (APT) Detection Techniques,” Computers, Materials & Continua, vol. 80, no.2, 2024, https://doi.org/10.32604/cmc.2024.052447
  23. H. Liu, B. An, Y. Yin, X. Huo, Z. Su, and Y. Wang, “A Trust Evaluation and Concept Drift-Based Approach for Dynamic APT Evasion Detection,” in 2024 IEEE Cyber Science and Technology Congress (CyberSciTech), pp. 544-547, IEEE, 2024, https://doi.org/10.1109/CyberSciTech64112.2024.00097
  24. A. Alshamrani, S. Myneni, A. Chowdhary, and D. Huang, “A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities”, IEEE Communications Surveys & Tutorials, vol. 21, no. 2, pp. 1851-1877, 2019, https://doi.org/10.1109/COMST.2019.2891891
  25. K. Koshekov, B. Bakirov, A. Sakhov, L. Nataliіa, Y. Tanovitskiy, A. Koshekov, Y. Kurbanov, and R. Togambayev, “Cyber hygiene of the digital twin of the civil aviation occupational safety management system in the context of quantum transformation,” Radio electronic and Computer Systems, vol. 2025, no. 1, pp. 231-247, 2025, https://doi.org/10.32620/reks.2025.1.16
  26. H. Touvron, T. Lavril, G. Izacard, X. Martinet, M. Lachaux, T. Lacroix, B. Rozière, N. Goyal, E. Hambro, F. Azhar, A. Rodriguez, A. Joulin, E. Grave, and G. Lample, “Llama: Open and efficient foundation language models,” arXiv preprint arXiv:2302.13971, https://doi.org/10.48550/arXiv.2302.13971
  27. M.A.I. Mallick, and R. Nath, “Navigating the cyber security landscape: A comprehensive review of cyber-attacks, emerging trends, and recent developments,” World Scientific News, vol. 190, no. 1, pp. 1-69, 2024.
  28. H. Guo, S. Yuan, and X. Wu, “Logbert: Log anomaly detection via BERT,” in 2021 international joint conference on neural networks (IJCNN), pp. 1-8. IEEE, 2021, https://doi.org/10.1109/IJCNN52387.2021.9534113
  29. M. Songailaitė, E. Kankevičiūtė, B. Zhyhun, and J. Mandravickaitė, “BERT-based models for phishing detection,” in 28th Conference on Information Society and University Studies (IVUS’2023). CEUR Workshop Proceedings, Kaunas, Lithuania, 2023.
  30. P. Balasubramanian, J. Seby, and P. Kostakos, “Cygent: A cybersecurity conversational agent with log summarization powered by GPT-3,” in 2024 3rd International Conference on Artificial Intelligence for Internet of Things (AIIoT), pp. 1-6, IEEE, 2024, https://doi.org/10.1109/AIIoT58432.2024.10574658
  31. Z. Yang, and I. G. Harris,”LogLLaMA: Transformer-based log anomaly detection with LLaMA,” arXiv preprint arXiv:2503.14849.
  32. X. Huang, K. Xue, L. Chen, J. Han, J. Li and D. S. L. Wei, "ForenSiX: Automated Network Forensics and Diagnostics for Beyond-5G and 6G Networks Using Large Language Models," in IEEE Network, vol. 39, no. 5, pp. 74-80, 2025, https://doi.org/10.1109/MNET.2025.3579925.
  33. R. Pavlich, N. Ebadi, R. Tarbell, B. Linares, A. Tan, R. Humphreys, J. Das, R. Ghandiparsi, H. Haley, J. George, R. Slavin, K. Choo, G. Dietrich and A. Rios, A. (2024). “Beyond Text-to-SQL for IoT Defense: A Comprehensive Framework for Querying and Classifying IoT Threats,” arXiv preprint arXiv:2406.17574, https://doi.org/10.18653/v1/2025.trustnlp-main.1