Internet of Things (IoT) has gained widespread popularity, revolutionizing industries and daily life. However, it has also emerged as a prime target for attacks. Numerous efforts have been made to improve IoT security, and substantial IoT security and threat information, such as datasets and reports, have been developed. However, existing research often falls short in leveraging these insights to assist or guide users in harnessing IoT security practices in a clear and actionable way. In this paper, we propose ChatIoT, a large language model (LLM)-based IoT security assistant designed to disseminate IoT security and threat intelligence. By leveraging the versatile property of retrieval-augmented generation (RAG), ChatIoT successfully integrates the advanced language understanding and reasoning capabilities of LLM with fast-evolving IoT security information. Moreover, we develop an end-to-end data processing toolkit to handle heterogeneous datasets. This toolkit converts datasets of various formats into retrievable documents and optimizes chunking strategies for efficient retrieval. Additionally, we define a set of common use case specifications to guide the LLM in generating answers aligned with users' specific needs and expertise levels. Finally, we implement a prototype of ChatIoT and conduct extensive experiments with different LLMs, such as LLaMA3, LLaMA3.1, and GPT-4o. Experimental evaluations demonstrate that ChatIoT can generate more reliable, relevant, and technical in-depth answers for most use cases. When evaluating the answers with LLaMA3:70B, ChatIoT improves the above metrics by over 10% on average, particularly in relevance and technicality, compared to using LLMs alone.

翻译：物联网（IoT）已获得广泛普及，深刻变革了各行各业与日常生活。然而，它也已成为攻击的主要目标。尽管已有大量研究致力于提升物联网安全性，并产生了丰富的物联网安全与威胁信息（如数据集与报告），但现有工作往往未能有效利用这些洞见，以清晰且可操作的方式协助或引导用户实践物联网安全。本文提出ChatIoT，一种基于大型语言模型（LLM）的物联网安全助手，旨在传播物联网安全与威胁情报。通过利用检索增强生成（RAG）的通用特性，ChatIoT成功地将LLM先进的语言理解与推理能力，与快速演进的物联网安全信息相结合。此外，我们开发了一套端到端的数据处理工具包，用于处理异构数据集。该工具包将不同格式的数据集转换为可检索文档，并优化分块策略以实现高效检索。同时，我们定义了一组通用用例规范，以引导LLM生成符合用户特定需求与专业水平的回答。最后，我们实现了ChatIoT的原型系统，并使用多种LLM（如LLaMA3、LLaMA3.1与GPT-4o）进行了广泛实验。实验评估表明，对于大多数用例，ChatIoT能够生成更可靠、更相关且技术深度更高的回答。在使用LLaMA3:70B评估回答时，与单独使用LLM相比，ChatIoT在以上指标上平均提升超过10%，尤其在相关性与技术深度方面表现突出。