An LLM-Powered AI Agent Framework for Holistic IoT Traffic Interpretation
This addresses the challenge of deriving meaningful insights from IoT traffic for network security analysts, though it appears incremental as it builds on existing retrieval and transformer methods.
The paper tackles the problem of interpreting diverse IoT network traffic by developing an LLM-powered AI agent framework that converts raw packet captures into structured representations for analysis, achieving substantial improvements in BLEU, ROUGE, METEOR, and BERTScore metrics with hybrid retrieval and demonstrating low computational overhead.
Internet of Things (IoT) networks generate diverse and high-volume traffic that reflects both normal activity and potential threats. Deriving meaningful insight from such telemetry requires cross-layer interpretation of behaviors, protocols, and context rather than isolated detection. This work presents an LLM-powered AI agent framework that converts raw packet captures into structured and semantically enriched representations for interactive analysis. The framework integrates feature extraction, transformer-based anomaly detection, packet and flow summarization, threat intelligence enrichment, and retrieval-augmented question answering. An AI agent guided by a large language model performs reasoning over the indexed traffic artifacts, assembling evidence to produce accurate and human-readable interpretations. Experimental evaluation on multiple IoT captures and six open models shows that hybrid retrieval, which combines lexical and semantic search with reranking, substantially improves BLEU, ROUGE, METEOR, and BERTScore results compared with dense-only retrieval. System profiling further indicates low CPU, GPU, and memory overhead, demonstrating that the framework achieves holistic and efficient interpretation of IoT network traffic.