Federated Retrieval-Augmented Generation-Based LLM for Enhanced Cyber Threat Detection in the Internet-of-Energy

The Internet-of-Energy (IoE) represents a transformative integration of digital technologies and AI-driven analytics with energy infrastructure, creating an intelligent ecosystem that optimizes energy generation, distribution, and consumption across interconnected grids, renewable resources, and smart consumer devices. While enabling unprecedented efficiency, this interconnectivity introduces significant cybersecurity vulnerabilities, as each component presents a potential entry point for adversaries seeking to disrupt critical operations. Large language models (LLMs) have shown immense promise in addressing cybersecurity issues with their powerful natural language understanding, semantic reasoning, and robust knowledge representation capabilities. However, LLMs encounter significant limitations in processing sensitive, distributed data and executing real-time threat detection in IoE environments. In this paper, we propose FeRAG, a Federated Retrieval-Augmented Generation-based LLM system for autonomous log analysis, designed to enhance cyber threat detection performance while significantly increasing detection efficiency and mitigating privacy risks. We evaluate our method using both GPT-3.5-turbo and GPT-4o as LLM models, and our experimental results demonstrate remarkable improvements of FeRAG over other LLM-driven log analysis methods in the precision of cybersecurity threat detection. Our research also explores promising opportunities for expanding LLMs’ cybersecurity capabilities through integration with diverse multi-modal data sources, enabling more comprehensive threat detection across the evolving IoE landscape.