With the proliferation of edge devices, there is a significant increase in attack surface on these devices. The decentralized deployment of threat intelligence on edge devices, coupled with adaptive machine learning techniques such as the in-context learning feature of Large Language Models (LLMs), represents a promising paradigm for enhancing cybersecurity on resource-constrained edge devices. This approach involves the deployment of lightweight machine learning models directly onto edge devices to analyze local data streams, such as network traffic and system logs, in real-time. Additionally, distributing computational tasks to an edge server reduces latency and improves responsiveness while also enhancing privacy by processing sensitive data locally. LLM servers can enable these edge servers to autonomously adapt to evolving threats and attack patterns, continuously updating their models to improve detection accuracy and reduce false positives. Furthermore, collaborative learning mechanisms facilitate peer-to-peer secure and trustworthy knowledge sharing among edge devices, enhancing the collective intelligence of the network and enabling dynamic threat mitigation measures such as device quarantine in response to detected anomalies. The scalability and flexibility of this approach make it well-suited for diverse and evolving network environments, as edge devices only send suspicious information such as network traffic and system log changes, offering a resilient and efficient solution to combat emerging cyber threats at the network edge. Thus, our proposed framework can improve edge computing security by providing better security in cyber threat detection and mitigation by isolating the edge devices from the network.

翻译：随着边缘设备的激增，这些设备面临的攻击面显著扩大。在边缘设备上部署去中心化的威胁情报，结合自适应机器学习技术（如大语言模型的情境学习特性），为增强资源受限边缘设备的网络安全提供了一种前景广阔的范式。该方法将轻量级机器学习模型直接部署于边缘设备，以实时分析本地数据流（如网络流量与系统日志）。同时，将计算任务分发至边缘服务器可降低延迟、提升响应能力，并通过本地处理敏感数据来增强隐私保护。大语言模型服务器能够使这些边缘服务器自主适应不断演变的威胁与攻击模式，持续更新模型以提高检测精度并减少误报。此外，协同学习机制促进了边缘设备间点对点的安全可信知识共享，增强了网络的集体智能，并支持动态威胁缓解措施（如针对检测到的异常实施设备隔离）。该方案的可扩展性与灵活性使其能很好地适应多样化且不断演变的网络环境——边缘设备仅需发送可疑信息（如网络流量与系统日志变更），从而为应对网络边缘新兴网络威胁提供了弹性高效的解决方案。因此，我们提出的框架通过将边缘设备与网络隔离，可在网络威胁检测与缓解方面提供更优的安全保障，从而提升边缘计算安全性。