Automated IoT Threat Monitoring & Mitigation using Tiny LLMs

Authors

  • Vinay Tiparadi Syracuse University
  • Narayan Krishnan Syracuse University
  • Chetanya Rathi Syracuse University
  • Saman Kumarawadu Syracuse University

DOI:

https://doi.org/10.32473/flairs.39.1.141840

Keywords:

IoT Security, Tiny LLM,, Intrusion Detection, Threat Mitigation, Gateway Deployment, MITRE CAPEC

Abstract

Traditional IoT Intrusion Detection Systems (IDS) lack semantic understanding and provide no automated response. We fine-tune three Tiny LLMs—Qwen3-4B, Gemma-3-270M, and Phi-3-mini—on the Edge-IIoTset dataset for simultaneous multi-class threat classification and MITRE CAPEC-aligned mitigation generation. Fine-tuned models achieve 100% binary accuracy and up to 76.93% on 15-class detection, surpassing XGBoost (53.56%) by over 23 points and matching prior LLM work at a smaller model size. Gemma-3-270M reaches only 45.4% multiclass accuracy despite perfect binary performance, establishing a 270M-parameter lower bound for complex semantic reasoning. All models deploy within IoT gateway hardware budgets, demonstrating Tiny LLMs as practical autonomous security agents.

Florida Artificial Intelligence Research Society Logo

Downloads

Published

06-05-2026

How to Cite

Tiparadi, V., Krishnan, N., Rathi, C., & Kumarawadu, S. (2026). Automated IoT Threat Monitoring & Mitigation using Tiny LLMs. The International FLAIRS Conference Proceedings, 39(1). https://doi.org/10.32473/flairs.39.1.141840

Issue

Vol. 39 No. 1 (2026): Proceedings of FLAIRS-39

Section

Posters

License

Copyright (c) 2026 Vinay Tiparadi, Narayan Krishnan, Chetanya Rathi, Saman Kumarawadu

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.