Publication Date

Fall 2025

Degree Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Engineering

Advisor

Jerry Gao; Jun Liu; Melody Moh; Wencen Wu

Keywords

Anomaly Detection;Explainable AI (XAI);Intrusion Detection Systems (IDS);Large Language Models (LLM);Network Security;Retrieval Augmented Generation (RAG)

Abstract

This research project explores a modern approach to Intrusion Detection System (IDS) anomaly detection by leveraging Artificial Intelligence (AI), Machine Learning (ML), Large Language Models (LLM), and Explainable AI (XAI). The purpose is to assess the effectiveness of these technologies in enhancing the understanding of intrusion events. This research study addresses the challenges of threshold determination and the interpretability of anomaly detection results. The proposed solution involves an LLM-based framework with XAI capabilities, integrated with a Retrieval Augmented Generation (RAG) architecture, to provide clear explanations for detected anomalies, utilizing both custom and pre-trained datasets. The study navigated inherent challenges, including the computational demands of LLMs, the potential for bias in training data, the accuracy of data retrieval in the RAG system, and the effective integration of LLM and RAG components. However, the results demonstrate improved generalization of anomaly detection patterns, enabling analysts to better understand and respond to security threats. This approach achieves rapid detection and facilitates faster incident response, leading to a proactive security posture and potential business cost savings. The major impact of this study lies in its novel approach to anomaly detection, successfully uncovering previously undetected intrusions through the combined power of RAG, LLM, and XAI.

Download

Share

COinS