Master's thesis; Mitigating model evasion attacks for robust LLM-based intrusion detection

About RISE
RISE Research Institutes of Sweden AB is a research organization owned by the Swedish government. This thesis will be conducted within the RISE Cybersecurity Unit, which is among the largest publicsector cybersecurity research groups in Sweden. Our core areas of expertise are: IoT Security, Cloud Security, Network & Communication Security, Access Control, Privacy (technical and social aspects), and Secure Virtualization and Trusted Computing. The RISE Cybersecurity Unit is the European leader in IoT security research & development. In additional to a strong research environment, RISE

Cybersecurity is the owner of the RISE Cyber Range, a cybersecurity test and demo facility in Kista with a critical infrastructure grade security, that provides a trusted place for Swedish industry to understand and address their cybersecurity needs. RISE Cyber Range, in addition to providing practical cybersecurity education, training and exercise, is an environment for state-of-the-art cybersecurity research and development.

Background
Large Language Model–based Intrusion Detection Systems (LLM-based NIDS) are emerging as a new approach for analyzing network traffic and identifying suspicious or malicious activities. By leveraging the contextual modeling capabilities of LLMs, these systems can detect complex or previously unseen attack patterns, generate detailed alerts, and support automated responses such as blocking malicious flows or isolating compromised hosts. While LLM-based NIDS offer improved adaptability and semantic understanding compared to traditional ML models, they also introduce new security challenges. In particular, the models themselves may become targets of adversarial manipulation, where carefully crafted inputs are designed to evade detection—raising significant concerns regarding model-evasion attacks and the robustness of these systems in real-world deployments.

Thesis description
This project aims to investigate the robustness of LLM-based NIDS against emerging model-evasion attacks. While several studies have explored adversarial threats in intrusion detection, current defensive approaches remain insufficient: they are computationally expensive, provide only narrow or limited robustness guarantees, are susceptible to adaptive adversaries, and frequently rely on evaluation methodologies that overestimate practical resilience. As large language models continue to advance and become more deeply integrated into security analytics, the attack surface is expected to expand, making robust defenses even more critical. To address these gaps, this research will develop new adversarial training strategies that adaptively select or generate context-aware training instances and rigorously evaluate defensive effectiveness under realistic operational scenarios. A successful candidate will have the opportunity to contribute to European Research & Development security projects.

RISE will provide the necessary background information and guidance throughout the completion of the Master's thesis. The student's tasks for this project will include:

• Conducting a comprehensive study on state-of-the-art defence techniques against model evasion attacks on LLM-based IDSs.
• Assessing the effectiveness of the defence techniques.
• Design and implement novel techniques that can practically defend against novel model evasion attacks.
• Conducting experimental evaluations of the developed solutions in a laboratory environment.
• Documenting all activities and outcomes of the research in the form of a comprehensive thesis report.

Student profile
We are looking for an ambitious MSc student who has fulfilled the course requirements. Good programming skills in Python are required, as is good spoken and written English. Experience with machine learning, LLM, and network security is a plus. Applications should include a brief personal statement, a CV, and a list of grades. The application has to mention previous activities or other projects that are relevant for the position.

This thesis will be conducted within the RISE Cybersecurity Unit in Kista, Stockholm.

Terms

• The thesis project is expected to be carried out during Spring 2026. The duration of the work is about 20 weeks.
• Credits: 30 ECTS in agreement with your thesis advisor at your university.
• Compensation: 39,990 SEK after the project is completed and approved.
• Location: RISE, Kista. Option to partially work remotely.

Welcome with your application
Candidates are encouraged to send their application as soon as possible. Suitable applicants will be interviewed as applications are received. 

If you want to know more, please contact Han Wang ). Last day of application is January 6, 2026.