Large Language Models in Wireless Application

Design: In-Context Learning-enhanced Automatic

Network Intrusion Detection
Han Zhang∗ , Akram Bin Sediq† , Ali Afana† and Melike Erol-Kantarci∗ , Senior Member, IEEE
∗ School of Electrical Engineering and Computer Science, University of Ottawa, Ottawa, Canada
† Ericsson Inc., Ottawa, Canada

{hzhan363, melike.erolkantarci}@uottawa.ca,
{akram.bin.sediq, ali.afana}@ericsson.com
arXiv:2405.11002v1 [cs.LG] 17 May 2024

Abstract—Large language models (LLMs), especially gener- to effectively execute complex tasks. Additionally, as models
ative pre-trained transformers (GPTs), have recently demon- grow in scale, the process of fine-tuning LLMs becomes costly
strated outstanding ability in information comprehension and and technically challenging [5]. On the other hand, in-context
problem-solving. This has motivated many studies in applying
LLMs to wireless communication networks. In this paper, we learning gives insights into tackling this challenge [6]. In-
propose a pre-trained LLM-empowered framework to perform context learning is a specific prompt-building method where
fully automatic network intrusion detection. Three in-context task-related examples are provided as part of the prompt. In
learning methods are designed and compared to enhance the this way, it can empower the LLM domain-specific knowledge
performance of LLMs. With experiments on a real network without updating the pre-trained model parameters.
intrusion detection dataset, in-context learning proves to be
highly beneficial in improving the task processing performance in There are several benefits of using pre-trained LLMs instead
a way that no further training or fine-tuning of LLMs is required. of traditional machine learning (ML) models. First, there is no
We show that for GPT-4, testing accuracy and F1-Score can need to train the ML models from scratch for each individual
be improved by 90%. Moreover, pre-trained LLMs demonstrate task in different scenarios. This provides the possibility of
big potential in performing wireless communication-related tasks. using one model to fit all the network functions since LLM
Specifically, the proposed framework can reach an accuracy and
F1-Score of over 95% on different types of attacks with GPT-4 parameters do not need to be updated when applied to differ-
using only 10 in-context learning examples. ent tasks. In addition, traditional ML-based methods usually
Index Terms—Large language model, GPT, Generative AI, require large amounts of training data to perform given tasks.
intrusion detection, wireless networks, B5G and 6G, in-context In contrast, with the general intelligence obtained from pre-
learning. training, LLMs-based methods only need minimal example
I. I NTRODUCTION
data. Using LLM also solves the over-fitting problems of
Artificial intelligence (AI) enables machines to perform traditional ML models. Moreover, the network robustness is
automated perception and decision-making tasks that normally improved since using pre-trained LLMs can prevent attacks
require human intelligence. In the past years, AI technologies during the model training phase. The explainability of model
have been applied to wireless communication applications to decisions can also be improved since LLMs can give semantic
support a multitude of services. The widespread use of AI explanations about the decisions. Therefore, leveraging pre-
enables wireless networks to adapt to environmental changes trained LLMs for wireless network functions instead of tradi-
in an automated fashion and serves as a basis for AI-native tional ML-based methods is a promising direction.
sixth-generation (6G) networks [1]. Inspired by the above-mentioned thoughts, in this work, we
Large language models (LLMs), especially generative pre- explore the potential of using pre-trained LLMs to automati-
trained transformers (GPTs), have recently received extensive cally perform wireless communications-related tasks with in-
attention in various areas. Given the impressive capacity for in- context learning. Specifically, we propose a fully automated
formation comprehension and strategic planning demonstrated framework empowered by pre-trained LLMs and compare its
by LLMs, there is a future vision of achieving a self-evolving performance to a traditional Convolutional Neural Network
wireless network [2] by integrating LLMs into Radio Access (CNN)-based network intrusion detection model. Three well-
Network (RAN) controllers [3]. The Generative AI journey known LLMs are involved in the experiments, namely GPT-
in wireless networks begins by including LLM as a solution 3.5, GPT-4, and LLAMA. Our focus is on evaluating the effi-
for wireless application design and developing LLM-driven cacy of LLMs in wireless communication tasks and the impact
network applications [4]. of prompt design. The main contributions are summarized as
Although the potential research directions of combining follows:
LLMs with wireless communications have been explored by (1) We design a pipeline of automated LLM-empowered
several existing studies, only limited number of studies have network applications. This pipeline involves LLM-based input
proposed concrete realization methods or applications. The information selection, prompt building, in-context learning,
primary concern with this approach is that pre-trained LLMs and output conversion. This realizes a seamless integration of
may lack sufficient wireless communication-related knowledge LLMs within wireless communication systems.
 (2) We propose a translation method between wireless with LLMs. [3] discussed several ways to integrate LLMs
network information and human-like text-based information within the 6G system. These works are from the perspective of
to realize the communication between LLM and wireless conducting an overview, however, our research can be seen as
networks. a concrete practice of possible research directions mentioned
(3) We propose three distinct in-context learning methods, in previous works. In addition, [11] proposed a LLM-enhanced
namely illustrative in-context learning, heuristic in-context multi-agent system that can generate communication models
learning, and interactive in-context learning. Each is designed with customized communication knowledge. [12] proposed a
to significantly improve the performance of pre-trained LLMs LLM-based framework that can train and coordinate edge AI
in the specified task. models to meet users’ demands. Similarly, [13] proposed a
According to the experimental results, with the benefit of in- split learning framework for LLM agents in 6G networks that
context learning, the pre-trained LLM is capable of performing enable collaboration between distributed devices. Our work
the intrusion detection task. Specifically, for GPT-4, in-context uses LLMs in a different way. Instead of generating code with
learning can improve the detection accuracy and F1-Score by LLMs or designing generic frameworks, we directly generate
90%. With more than 10 in-context learning examples, GPT-4 wireless network-related decisions with logical reasoning. It
can reach a detection accuracy and F1-Score higher than 95%. is worth noting that the proposed LLM framework is versatile
It achieves comparable or superior performance to traditional and can be adapted for various network application designs
ML models with only a small amount of task-specific data. beyond network intrusion detection. For instance, it can also
Although the proposed framework demonstrates good per- be applied to cell configuration, incoming traffic analytics and
formance, LLM, being a very new technology, still have some dynamic resource management [3][14].
potential pitfalls and risks while being applied to practical III. LLM- EMPOWERED NETWORK INTRUSION DETECTION
scenarios. Some frequently raised concerns include adversarial
The system model of the proposed pre-trained LLM-
prompting, hallucination and stochastic output. These concerns
empowered network intrusion detection framework is shown
can be mitigated by appropriate prompt design skills like
in Fig 1. In this work, we consider a cloud-based wireless
output formatting and in-context learning. Still, more research
communication system where malicious attackers can perform
on LLM needs to be conducted in the future to make it more
distributed denial of service (DDoS) attacks and generate
reliable.
malicious traffic to the networks. At the network controller
The rest of the paper is organized as follows. Section II
side, a cloud-based pre-trained LLM is deployed for network
introduces related works. Section III explains the implemen-
security monitoring and intrusion detection.
tation of the LLM-empowered network intrusion detection
As shown in Fig 1, four main steps are designed in the
framework. Section IV describes the design of in-context
framework to enable fully automatic intrusion detection for
learning methods. Section V gives experimental results, and
zero-touch networks. In the first step, the most relevant net-
Section VI concludes the paper.
work features for intrusion detection are selected by the LLM.
II. R ELATED WORKS In the second step, data is collected from the networks and
There are a few studies that have applied pre-trained LLMs, processed for LLM input. The third step is to build the prompt
especially GPT models, for domain-specific applications. For for LLM, and the last step is to extract the desired decision
instance, [7] proposed a framework using the GPT-4 model from LLM output. These steps automate the interactions
to explore the Minecraft world without human intervention. between the LLM and the 5G communication system, allowing
In [8], medical domain knowledge and logical reasoning of the LLM to choose desired network information based on its
LLMs are leveraged to enhance the output of computer- knowledge base, capture the required values from the system,
aided diagnosis networks. These studies have demonstrated the and feedback decisions. Detailed implementation of each step
powerful capabilities of LLMs and have shown the potential is explained below.
for broader applications. A. Feature selection
On the other hand, some studies have discussed how to To start LLM-based intrusion detection, feature selection is
use in-context learning to enhance the performance of LLMs. first performed to select the most important features from a
For instance, [9] discussed how to select effective in-context large number of network features according to their relevance
learning examples for LLMs to implement LLM-based code to the intrusion detection task. This step can be implemented
generation. In [10], in-context learning is applied to LLMs with the knowledge base of pre-trained LLMs.
to handle multiple task inputs and reduce costs. Different First, all the accessible network features are indexed and
from these works, our work proposes three different ways given to the LLM. Next, the LLM is instructed to select
to perform in-context learning and evaluate the effect of in- the indexing numbers corresponding to the ten most relevant
context learning on wireless communication-related tasks. features of the network intrusion detection task. The LLM is
Some other works have discussed the combination of then requested to rank the importance of all selected features
LLMs with wireless communications. In [2], two aspects on three levels: ‘very important’, ‘kind of important’, and ‘not
are discussed, which are how to leverage LLMs in wireless very important’. Only ’very important’ features and ’kind of
communications and how to empower wireless communication important’ features will be kept as desired features for the
 2. Data collection 3. Prompt building
Decide the most relevant Translate network indicators
features for input. into text-based input. (a). Instructions
1. Feature selection gNB • Task publishing and clarification.
• Role description.
• Listing and indexing
all the available (b) In-context learning
network indicators. • Performing in-context learning with
• Choose useful examples.
indicators.
(c) Output format
• Rank the importance Benign Attacker • Defining output format.
of chosen indicators. user 1
Benign Benign (d) Input
user 2 user 3 • Showing values of current network
4. Decision extraction indicators
Translate text-based results into network
conditions.

Fig. 1: System model of pre-trained LLM-empowered network intrusion detection.

following detection tasks. The goal of this step is to concise step, the decision extraction can be achieved with keyword
the length of the LLM input token and to avoid the impact of searching. In detail, if ”yes” or ”Yes” appears in the LLM
irrelevant features on the detection results. output while ”no” or ”No” does not appear, then the decision
B. Data collection and processing is that the traffic is malicious and vice versa. If neither of
After feature selection, the LLM is employed to monitor the the above cases is valid, output formatting will continue to be
network status for suspected intrusions. First, the values cor- performed until the desired clear output is obtained.
responding to the selected features are collected and converted IV. I N - CONTEXT LEARNING - ENHANCED DETECTION
to a text-based format. Next, a text-based template is created to Although LLMs may have some basic intelligence and
give definitions and semantic explanations about the collected knowledge about wireless networks, it is still difficult to
values. Finally, the text-based values are concatenated with directly perform intrusion detection tasks through pre-trained
pre-defined templates. Based on the above steps, selected input LLMs without fine-tuning. In-context learning is an effective
features can be translated into comprehensible human-like method that can improve the accuracy of LLMs on specific
descriptions of current network conditions. tasks with only a small amount of labelled data.
C. Prompt building In this section, we illustrate how we design in-context learn-
In this step, prompts are designed to provide the LLM ing schemes with labelled examples to improve the perfor-
with formalized guidance for effective intrusion detection. The mance of pre-trained LLMs for domain-specific tasks. In first
prompts are composed of four parts, instructions, in-context subsection, general principles of in-context learning in LLMs
learning examples, output formatting, and input information. are introduced. In second subsection, detailed implementation
The instructions usually include the task publishing and of in-context learning in our framework is given.
clarification and role description. In particular, for network A. In-context learning for LLM
intrusion detection tasks, the prompts should first define what In-context learning is an effective technique that enables
a network intrusion is, describe the role of the LLM as a 5G pre-trained LLMs to address specific tasks without updating
network safety monitor and clarify the task is to determine the parameters of LLM. This is achieved by integrating
whether the traffic is from a malicious user based on given text-based examples into the prompts and by changing the
information. Next, examples of both benign cases and mali- distribution of the input text to obtain the desired output. The
cious cases are included in the prompts to provide the LLM process can be formulated as:
with task-specific knowledge through in-context learning. The yt∗ = argmax P (yt |(x1 , y1 ), ..., (xn , yn ), xt ; Θorigin ) (1)
detailed implementation of in-context learning is given in the yt

next section. where yt∗

denotes the LLM output of the network intrusion
Output formatting is also included as a part of prompt detection task. P (yt |...) denotes the possibility of getting yt∗ as
building to give clearer detection results and prevent mis- the output. xt denotes the network condition description input.
understandings. In particular, for network intrusion detection (xn , yn ) denotes the nth in-context learning examples. Θorigin
tasks, the output formatting can be implemented by using denotes the pre-trained parameters of the LLM. Following this
prompts like ”If you think the traffic is malicious, answer formula, the output of the LLM is influenced by examples
yes. Otherwise if you think it is benign, answer no”. The included in the context information and the LLM is more likely
output formatting part also simplifies the translation from the to output decisions that are consistent with the given example
LLM output to the detection results of network conditions [10].
in the following step. Input information refers to human-like
B. In-context learning for network intrusion detection
descriptions of network conditions acquired in the last step.
D. Decision extraction In this work, we design and compare three different in-
The last step is to understand the output of the LLM and context learning methods, the illustrative in-context learning,
extract the desired results. With output formatting in the last the heuristic in-context learning, and the interactive in-context
 Implementations of three different in-context learning methods.
Collected labelled examples Illustrative in-context learning
Illustrative: Here are some
Source IP Destination IP Flow … Attack 1. Feed network condition examples. In the case of …, the
duration or not descriptions and expected answers. traffic is malicious/benign.
You should answer yes/no.
60.61.0.1 142.3.141.39 34377 … 0
Heuristic in-context learning From given examples, think
60.61.0.1 192.168.52.112 51744586 1 Heuristic: Here are some about these questions:
1. Feed network condition examples. In the case of …, 1. What are the
60.61.0.4 172.217.5.22 124384009 0 the traffic is
descriptions and expected answers. commonalities of all the
2. Ask for conclusions in the form of malicious/benign.
… malicious examples?
heuristic questions 2. ...

Interactive:
Interactive in-context learning In the case of …, Your answer is correct. Please classify
Now, you observed the following information. 1. Feed network condition do you think this such examples as benign\malicious in
The source IP address of the traffic is _____, descriptions and inquire about traffic is your following judgments.
malicious? You
the destination IP address is _____, and the detection results.
should answer
2. Give correct answers
flow duration is ______. 3. Ask LLM for self-evaluation and yes/no.
Your answer is wrong, Can you
provoke thinking.
rethink why?
Data processing and conversion

Fig. 2: Three different methods to implement in-context learning with labelled examples.

learning. The implementations of three methods are presented between traditional ML models and LLMs. The performance is
in Fig. 2. evaluated according to the accuracy and F1-Score of network
In the illustrative in-context learning method, examples intrusion detection. All the models are implemented using
with labels are converted into human (and LLM)-interpretable Python with the support of PyTorch, Openai-api, and hug-
descriptions of cases and expected answers. Then, they are laid gingface.
out and fed directly into the LLM as part of the prompt. The B. experimental results
prompts usually start with identifying statements like ”Here Fig 3 shows the feature selection results of the network
are some examples” and each example ends with conclusive intrusion detection task from three LLMs, GPT-3.5, GPT-4,
instructions like ”You should answer yes/no.” and LLAMA. The manually selected features for a CNN-based
The illustrative in-context learning method is the simplest network intrusion detection model proposed in [15] are also
among the three in-context learning methods. On this basis, added for comparison. During the experiments, each LLM is
the heuristic in-context learning method is designed by adding asked to choose ten features from the given 84 features, and
heuristic questions to the prompts. Based on the given network the importance of these features are ranked according to three
intrusion detection task scenario, some critical questions that levels, ’very important’, ’kind of important’, and ’not very
may shape the outcome are extracted, like ”What are the important’. Only 16 features are mentioned by three LLMs,
commonalities of all the malicious examples?” or ”What is and among these 16 features, 5 features mentioned by only
the rational range of flow duration?”. These questions can one LLM are ranked as ’not very important’. This suggests
give insights to the LLM on what should be concluded from that different LLMs exhibit a high degree of similarity in
the given examples. The LLM outputs of these questions will feature selection for the given task. It can also be observed that
also be included in the prompts as context information for the the selected features overlap significantly with the manually
following intrusion detection tasks. selected features. This validates the knowledge base of pre-
The last proposed in-context learning method is the interac- trained LLM in the wireless communication domain and its
tive in-context learning. In this method, in-context examples ability to handle related tasks. In the following experiments,
are given and analyzed through a question-and-answer format. features ranked as ’not very important’ are removed and only
First, the examples are fed into the LLM without giving the ’very important’ features and ’kind of important’ features are
expected answers. Then the LLM is asked to provide detection kept as the input for intrusion detection.
results and perform self-evaluation. If the result matches the For the in-context learning experiments, we only test with
label, the LLM is encouraged to continue to make judgments GPT-3.5 and GPT-4. This is because LLAMA2 is an open-
in this manner. Otherwise, the LLM is asked to perform self- source model with a limited token size and is more suitable
corrections by providing explanations of expected results and for fine-tuning rather than in-context learning. Fig. 4 and
reflecting on the reasons for the incorrect answer. Similar to Fig. 5 show the comparison of three different in-context
the heuristic in-context learning method, the self-assessments learning methods on a TCP ACK attack detection task. It
and reflections will also be included in the prompts as a part can be observed that the testing accuracy and F1-Score grow
of the context information. with the number of examples. For GPT-3.5, the heuristic in-
context learning method shows a poor performance when
V. E XPERIMENTAL SETTINGS AND R ESULTS
there are only 2 examples. This is because GPT-3.5 may
A. experimental settings summarize incorrect conclusions from only 2 examples. As
In this work, we use a real network intrusion detection a result, it may give wrong answers to heuristic questions and
dataset proposed in [15] to generate testing examples and in- generate inaccurate detection results. When there are more in-
context learning examples. The dataset includes 9 types of context examples, the interactive in-context learning method
DDoS attacks and 84 network traffic features. Three LLMs and heuristic in-context learning method show better results
are used during the experiments, LLAMA-2-7b [16], GPT-3.5, than the illustrative in-context learning method. Furthermore,
and GPT-4 [17]. CNN-based network intrusion detection is increasing the number of in-context learning examples does
also implemented as a baseline and is used for the comparison not necessarily lead to an improvement in performance. This
 Features\Models GPT-3.5 GPT-4 LLAMA-2 CNN-based model
Source IP address ! ! !
Destination IP address ! ! !
Flow duration " ! " !
Total number of forwarding packets " " " !
Total number of backward packets " " " !
Total length of forwarding packets " ! ! ! Very important
Total length of backward packets " ! ! " Kind of important
Length of forwarding packets std value ! # Not very important

Protocol !
Flow byte per second ! "
Flow packets per second " "
forward PSH flags #
backward PSH flags #
FIN flag #
SYN flag !
ACK flag ! !
Flow inter Arrival Time mean value #
Max idle value #

Fig. 3: The feature selection and importance ranking results from three different LLMs, GPT-3.5, GPT-4, and LLAMA.
100%
85% GPT-3.5 with Illustrative ICL
GPT-3.5 with Heuristic ICL 90%
75% GPT-3.5 with Interactive ICL

Testing accuracy
Testing accuracy

80%
65%
70%

55% 60%
GPT-4 with Illustractive ICL
45% 50% GPT-4 with Heuristic ICL
GPT-4 with Interactive ICL
35% 40%
0 2 4 6 8 0 2 4 6 8 10
In-context learning examples In-context learning examples
(a) Accuracy (a) Accuracy
1
0.8
0.9
Testing F1-Score
Testing F1-score

0.6
0.8
0.4

0.7 GPT-4 with Illustractive ICL

GPT-3.5 with Illustrative ICL GPT-4 with Heuristic ICL
0.2
GPT-3.5 with Heuristic ICL GPT-4 with Interactive ICL
GPT-3.5 with Interactive ICL 0.6
0 0 2 4 6 8 10
0 2 4 6 8 In-context learning examples
In-context learning examples
(b) F1-Score
(b) F1-Score
Fig. 4: Comparison of intrusion detection testing accuracy and F1- Fig. 5: Comparison of intrusion detection testing accuracy and F1-
Score under three different in-context learning methods with GPT-3.5 Score under three different in-context learning methods with GPT-4
while increasing the number of in-context learning examples. while increasing the number of in-context learning examples.
comprehension and reasoning ability [18]. As a result, it
is because of GPT-3.5 only has limited reasoning ability. When requires less guidance to complete the task.
there are too many in-context examples, the model may fail Compared to illustrative in-context learning, heuristic in-
to draw valid conclusions and show worse performance. It context learning and interactive in-context learning will add
can also be observed that the accuracy and F1-Score show extra information to the prompts and increase the token length.
a slightly different trend. This is because with interactive in- This will lead to higher inference costs. It is also worth noting
context learning, GPT-3.5 will reflect on its mistakes and be that the performance of heuristic in-context learning depends
more careful about possible intrusions. But this also makes it partly on the design of the heuristic questions. Therefore,
take the benign traffic as intrusions sometimes. So interactive the design of heuristic in-context learning still requires the
in-context learning will lead to a relatively high F1-Score, but intervention of domain experts. This paper mainly focuses on
slightly lower accuracy. the framework design and thus does not discuss the design
Such observations do not appear in the experiments using of the heuristic questions in detail. In conclusion, illustrative
GPT-4, which is equipped with a stronger reasoning ability. in-context learning is a more cost-effective choice for LLMs
For GPT-4, the three different in-context learning methods lead with stronger capabilities. Heuristic in-context learning and in-
to very close performance. The illustrative and the heuristic teractive in-context learning will potentially offer performance
in-context learning methods perform a little bit better than the boosts for LLMs with less capabilities.
interactive in-context learning method when there are fewer Fig. 6 compares the intrusion detection testing accuracy
examples. This is because GPT-4 has a greater contextual before and after in-context learning under different types of
 140%
GPT-4 before in-context learning GPT-4 after in-context learning ACKNOWLEDGEMENT
120%
CNN with 1000 training samples CNN with 10000 training samples
100% This work has been supported by NSERC Canada Research
Testing accuracy

80% Chairs program, MITACS and Ericsson Canada.

60%
R EFERENCES
40%
[1] M. Iovene, L. Jonsson, D. Roeland, et al., “Defining AI native:
20%
A key enabler for advanced intelligent telecom networks,”
0%
TCP Push attack TCP ACK attack TCP SYN attack UDP flood attack Mixed attacks Ericsson, Tech. Rep., 2023.
Type of attacks [2] L. Bariah, Q. Zhao, H. Zou, Y. Tian, F. Bader, and M. Debbah,
(a) Accuracy
“Large language models for telecom: The next big thing?”
1.2 GPT-4 before in-context learning GPT-4 after in-context learning arXiv preprint arXiv:2306.10249, 2023.
CNN with 1000 training samples CNN with 10000 training samples [3] S. Tarkoma, R. Morabito, and J. Sauvola, “AI-native intercon-
Testing F1-Score

1 nect framework for integration of large language model tech-

0.8
nologies in 6G systems,” arXiv preprint arXiv:2311.05842,
2023.
0.6 [4] R. Britto, T. Murphy, M. Iovene, L. Jonsson, M. Erol-Kantarci,
and B. Kovács, “Telecom AI native systems in the age of
0.4
TCP Push attack TCP ACK attack TCP SYN attack UDP flood attack Mixed attacks
generative AI - an engineering perspective,” arXiv preprint
Type of attacks arXiv:2310.11770, 2023.
(b) F1-Score [5] N. Ding, Y. Qin, G. Yang, et al., “Parameter-efficient fine-
Fig. 6: Comparison of intrusion detection testing accuracy and F1- tuning of large-scale pre-trained language models,” Nature
Score with GPT-4 and CNN-based method. Machine Intelligence, vol. 5, no. 3, pp. 220–235, 2023.
[6] S. Min, X. Lyu, A. Holtzman, et al., “Rethinking the role of
attacks. The experiments are performed by GPT-4 with 10 in- demonstrations: What makes in-context learning work?” arXiv
context learning examples. The performance of CNN-based preprint arXiv:2202.12837, 2022.
intrusion detection with different numbers of training samples [7] G. Wang, Y. Xie, Y. Jiang, et al., “Voyager: An open-ended
is also added for comparison. It can be observed that in-context embodied agent with large language models,” arXiv preprint
learning can significantly improve the LLM performance on arXiv:2305.16291, 2023.
[8] S. Wang, Z. Zhao, X. Ouyang, Q. Wang, and D. Shen,
domain-specific tasks. The testing accuracy of LLM after in- “Chatcad: Interactive computer-aided diagnosis on medi-
context learning is about 90% higher than before. On the other cal image using large language models,” arXiv preprint
hand, the performance of the CNN model is very much related arXiv:2302.07257, 2023.
to the number of training samples. The accuracy and F1-Score [9] J. Li, G. Li, C. Tao, H. Zhang, F. Liu, and Z. Jin, “Large lan-
will improve if the number of training samples increases. It can guage model-aware in-context learning for code generation,”
arXiv preprint arXiv:2310.09748, 2023.
be concluded that the performance of traditional ML models [10] J. Li, R. Zhao, Y. Yang, Y. He, and L. Gui, “Overprompt:
relies much on massive amounts of data. In contrast, LLMs Enhancing ChatGPT through efficient in-context learning,” in
achieve comparable or superior performance to traditional ML R0-FoMo: Robustness of Few-shot and Zero-shot Learning in
models with only a small amount of task-specific data. Large Foundation Models, 2023.
[11] F. Jiang, L. Dong, Y. Peng, et al., “Large language model
VI. C ONCLUSIONS AND FUTURE DIRECTIONS enhanced multi-agent systems for 6G communications,” arXiv
preprint arXiv:2312.07850, 2023.
In this work, we investigated the potential of utilizing pre- [12] Y. Shen, J. Shao, X. Zhang, et al., “Large language models
trained LLMs for tasks within the realm of wireless commu- empowered autonomous edge AI for connected intelligence,”
nications. Specifically, we proposed a fully automatic network IEEE Communications Magazine, 2024.
intrusion detection framework in which the LLM carries [13] M. Xu, N. Dusit, J. Kang, et al., “When large language
out the entire process, from feature selection to detection model agents meet 6G networks: Perception, grounding, and
alignment,” arXiv preprint arXiv:2401.07764, 2024.
result output. We also proposed three ways to perform in- [14] A. Maatouk, N. Piovesan, F. Ayed, A. De Domenico, and
context learning with task-specific labelled data to enhance the M. Debbah, “Large language models for telecom: Forthcoming
performance. According to the experimental results, in-context impact on the industry,” arXiv preprint arXiv:2308.06013,
learning can effectively improve the testing accuracy and F1- 2023.
Score of LLMs by 90%. After in-context learning, pre-trained [15] B. Farzaneh, N. Shahriar, A. H. Al Muktadir, and M. S.
Towhid, “DTL-IDS: Deep transfer learning-based intrusion
GPT-4 model-based intrusion detection can reach an accuracy detection system in 5G networks,” in 2023 19th International
and F1-Score over 95% on different types of intrusion attacks Conference on Network and Service Management (CNSM),
with only 10 in-context learning examples. IEEE, 2023, pp. 1–5.
This work is an initial attempt to apply LLMs to the field of [16] H. Touvron, L. Martin, K. Stone, et al., “Llama 2: Open
foundation and fine-tuned chat models,” arXiv preprint
wireless communication, and there are many research interests
arXiv:2307.09288, 2023.
to delve into in the future. One thrust is on investigating how [17] Open AI. “OpenAI developer platform.” (2024), [Online].
to choose more effective in-context learning examples and Available: https://platform.openai.com/docs/overview (visited
how to design heuristic questions for LLMs. Considering the on 02/25/2024).
potential LLMs have shown in this work, combining it with [18] H. Liu, R. Ning, Z. Teng, J. Liu, Q. Zhou, and Y. Zhang,
“Evaluating the logical reasoning ability of chatgpt and gpt-
other wireless communication applications can be a promising
4,” arXiv preprint arXiv:2304.03439, 2023.
direction.