With the proliferation of edge devices, there is a significant increase in attack surface on these devices. The decentralized deployment of threat intelligence on edge devices, coupled with adaptive machine learning techniques such as the in-context learning feature of large language models (LLMs), represents a promising paradigm for enhancing cybersecurity on low-powered edge devices. This approach involves the deployment of lightweight machine learning models directly onto edge devices to analyze local data streams, such as network traffic and system logs, in real-time. Additionally, distributing computational tasks to an edge server reduces latency and improves responsiveness while also enhancing privacy by processing sensitive data locally. LLM servers can enable these edge servers to autonomously adapt to evolving threats and attack patterns, continuously updating their models to improve detection accuracy and reduce false positives. Furthermore, collaborative learning mechanisms facilitate peer-to-peer secure and trustworthy knowledge sharing among edge devices, enhancing the collective intelligence of the network and enabling dynamic threat mitigation measures such as device quarantine in response to detected anomalies. The scalability and flexibility of this approach make it well-suited for diverse and evolving network environments, as edge devices only send suspicious information such as network traffic and system log changes, offering a resilient and efficient solution to combat emerging cyber threats at the network edge. Thus, our proposed framework can improve edge computing security by providing better security in cyber threat detection and mitigation by isolating the edge devices from the network.

翻译：随着边缘设备的普及，这些设备的攻击面显著增加。将威胁情报以去中心化方式部署于边缘设备，并结合自适应机器学习技术（如大语言模型（LLMs）的上下文学习能力），代表了一种增强低功耗边缘设备网络安全的有效范式。该方法将轻量化机器学习模型直接部署在边缘设备上，实时分析本地数据流（如网络流量和系统日志）。此外，将计算任务分配到边缘服务器可降低延迟、提升响应速度，同时通过本地处理敏感数据增强隐私保护。LLM服务器能使边缘服务器自主适应不断演变的威胁与攻击模式，持续更新模型以提升检测精度并减少误报。协作学习机制可促进边缘设备间点对点的安全可信知识共享，增强网络集体智能，并实现动态威胁缓解措施（如针对检测异常的设备隔离）。该方法的可扩展性与灵活性使其适用于多样且持续演化的网络环境——边缘设备仅发送可疑信息（如网络流量和系统日志变化），为抵御边缘计算环境中的新型网络威胁提供了弹性高效的解决方案。因此，本文提出的框架通过将边缘设备与网络隔离，在威胁检测与缓解中提供更强的安全保障，从而提升边缘计算安全性。