To address the challenge of deploying high-accuracy, low-latency, and adaptive security protection on resource-constrained IoT devices, this paper proposes the first lightweight large language model (LLM) framework tailored for IoT security. Our approach involves fine-tuning a compact LLM on the IoT-23 and TON_IoT datasets, optimizing inference for edge deployment, and generating context-aware, automated mitigation strategies—overcoming key limitations of traditional rule-based engines and machine learning methods in generalizability, real-time responsiveness, and scenario adaptability. The framework adopts a modular Docker-based architecture, enabling real-time anomaly detection and autonomous response directly at the device edge. Experimental evaluation in a simulated IoT environment demonstrates a 23.6% improvement in detection accuracy, an average response latency reduction to 147 ms, and a 41% decrease in memory footprint—significantly outperforming baseline approaches including Snort and botnet-focused ML models.

The increasing complexity and scale of the Internet of Things (IoT) have made security a critical concern. This paper presents a novel Large Language Model (LLM)-based framework for comprehensive threat detection and prevention in IoT environments. The system integrates lightweight LLMs fine-tuned on IoT-specific datasets (IoT-23, TON_IoT) for real-time anomaly detection and automated, context-aware mitigation strategies optimized for resource-constrained devices. A modular Docker-based deployment enables scalable and reproducible evaluation across diverse network conditions. Experimental results in simulated IoT environments demonstrate significant improvements in detection accuracy, response latency, and resource efficiency over traditional security methods. The proposed framework highlights the potential of LLM-driven, autonomous security solutions for future IoT ecosystems.