Pallas: Optimizing LLM-Based Anomaly Traffic Classification with Compressed Prompt Engineering
摘要
To alleviate the impact of Distributed Denial-of-Service (DDoS) attacks, many traffic classifiers have been deployed to filter the malicious traffic. Most existing classifiers are based on machine learning (ML) or deep learning (DL), which requires comprehensive data collection or well-designed algorithms. These well trained classifiers usually perform poorly on new unseen traffic distributions and need much time to improve it. Motivated by the excellent generalization promise of Large Language Model (LLM), some LLM-based classifiers have been proposed. However, direct application of foundation LLMs yields unsatisfactory results due to the high-dimension and non-text format of network traffic data. To this end, we propose Pallas, a compressed prompt engineering approach for optimizing LLM-based anomaly traffic classifier. Pallas consists of two main components: i) Feature Purification is responsible for selecting high discriminative features to eliminate noisy features and reduce token overhead; ii) Prompt Engineering Integration is designed to efficiently inject background knowledge into LLMs and employs carefully crafted reasoning templates to reduce hallucinations and enhance classification performance. The experimental results on public datasets show that Pallas can improve the accuracy by 9.78% compared with the state-of-the-art, while saving 69.37% of token consumption for users.