Minimalist LLMs for Network Attack Detection Via Quantization and Low-Rank Adaptation

Large Language Models (LLMs) are increasingly considered for network attack detection; however, their high computational footprint and generative design limit their suitability for real-time cybersecurity deployment. This work introduces a lightweight LLM-based framework for network attack detection that utilizes two LLMs, Gemma-2 and LLaMA-3.2, enhanced through quantization and calibration to make them efficient and accurate. The Low-Rank Adaptation (LoRA) framework is used to fine-tune the models for network traffic, improving their capability to understand traffic patterns. LoRA also reduces the number of trainable parameters by approximately 99%. The fine-tuned weights are further compressed to 4-bit float precision using the BitsAndBytes framework, and quantization quality is enhanced using the NormalFloat4 approach, yielding a 3-4 × memory reduction without the need for retraining. Gemma-2 and LLaMA-3.2 achieve accuracies of 0.99 and 0.95, respectively, with LLaMA-3.2 providing a 0.022 s inference time per sample, suitable for real-time monitoring.