To address the reactive nature of existing IoT intrusion detection systems—which operate post-attack and lack proactive threat prediction capability—this paper proposes a novel LLM-based proactive intrusion prediction framework. Our method introduces a dual-LLM collaborative architecture: BART is employed for generative time-series forecasting of network traffic, while BERT performs semantic-level maliciousness classification. This represents the first application of generative bidirectional Transformers to pre-emptive identification of IoT attack traffic. The framework is fine-tuned and evaluated on the CICIoT2023 dataset, achieving an overall accuracy of 98%, substantially outperforming conventional reactive approaches. It delivers high-precision, low-latency real-time threat prediction with model interpretability and practical deployability. By shifting from post-hoc detection to anticipatory defense, our work establishes a new, explainable, and operationally viable paradigm for IoT security.

The integration of Internet of Things (IoT) technology in various domains has led to operational advancements, but it has also introduced new vulnerabilities to cybersecurity threats, as evidenced by recent widespread cyberattacks on IoT devices. Intrusion detection systems are often reactive, triggered by specific patterns or anomalies observed within the network. To address this challenge, this work proposes a proactive approach to anticipate and preemptively mitigate malicious activities, aiming to prevent potential damage before it occurs. This paper proposes an innovative intrusion prediction framework empowered by Pre-trained Large Language Models (LLMs). The framework incorporates two LLMs: a fine-tuned Bidirectional and AutoRegressive Transformers (BART) model for predicting network traffic and a fine-tuned Bidirectional Encoder Representations from Transformers (BERT) model for evaluating the predicted traffic. By harnessing the bidirectional capabilities of BART the framework then identifies malicious packets among these predictions. Evaluated using the CICIoT2023 IoT attack dataset, our framework showcases a notable enhancement in predictive performance, attaining an impressive 98% overall accuracy, providing a powerful response to the cybersecurity challenges that confront IoT networks.