Skip to content
Enrique Tomás Martínez Beltrán
HomeResearchPublicationsTopicsTeachingBlog
ENES
Contact
HomeResearchPublicationsTopicsTeachingBlog
ENES
Contact

Enrique Tomás Martínez Beltrán

Federated learning, trustworthy AI and cyberdefense research, focused on systems that are robust, privacy-preserving and useful in security operations.

  • Privacy Policy
  • Terms of Service
  • Accessibility Statement
  • GitHubopens in a new tab
  • LinkedInopens in a new tab
  • Google Scholaropens in a new tab
  • ResearchGateopens in a new tab
  • ORCIDopens in a new tab
  • Scopusopens in a new tab
  • DBLPopens in a new tab
  • Web of Scienceopens in a new tab

Enrique Tomás Martínez Beltrán. All rights reserved.

Back to top

This site loads optional analytics from Google and external analytics providers only if you accept. You can decline and continue using the site normally.

  1. Home
  2. LLMs for Cyberdefense Support
Research topic

LLMs for Cyberdefense Support

Use of LLMs as a support layer for attack explanation, mitigation recommendation and human-in-the-loop incident analysis.

LLMsCyberdefenseHuman-in-the-loopAttack ExplanationMitigation RecommendationExplainable AI

LLMs as an analyst support layer

LLMs can help translate low-level security signals into explanations, response options and investigation hypotheses. In cyberdefense, the useful role is not autonomous decision-making, but bounded support that improves analyst understanding and response speed.

  • Explain attack context in language operators can inspect and challenge.
  • Map evidence to candidate mitigations without hiding uncertainty.
  • Keep humans responsible for final operational decisions.

Reliability constraints

Security use cases require stronger controls than general-purpose assistants. Outputs need provenance, grounding in observed evidence, traceable recommendations and safeguards against hallucinated mitigations or overconfident explanations.

Connection with trustworthy AI

LLM-assisted cyberdefense overlaps with explainability, evaluation, human factors and accountable AI. The research question is how to make these systems useful without increasing operational risk.

On this page

LLMsCyberdefenseHuman-in-the-loopAttack ExplanationMitigation RecommendationExplainable AI

Frequently asked questions

Should LLMs automatically mitigate cyberattacks?

In high-impact settings, LLMs are better positioned as advisory systems. They can explain and suggest, while humans and controlled playbooks approve actions.

What is the main risk of LLMs in cyberdefense?

The main risk is producing plausible but unsupported explanations or mitigations. Grounding, evaluation and human review are essential.

Where can LLMs help security analysts most?

They are useful for summarizing evidence, explaining alerts, comparing response options and documenting incident reasoning.

Related projects

DEFENDIS: Decentralized Federated Learning for IoT Device Identification and Security

DEFENDIS develops a framework for uniquely identifying IoT devices in a distributed manner while solving security threats through decentralized federated learning.

View Project

EU-GUARDIAN: European Framework and Proofs-of-concept for the Intelligent Automation of Cyber Defence Incident Management

A European research project on methods and proofs of concept for supporting cyber defence incident management.

View Project

ROBUST-6G: Smart, Automated and Reliable Security Service Platform for 6G

ROBUST-6G studies security mechanisms for 6G systems, including monitoring, secure data management, trustworthy AI services, federated learning, and threat response.

View Project

CyberBrain: Cybersecurity in BCI for Advanced Driver Assistance

A comprehensive cybersecurity framework for Brain-Computer Interface systems in advanced driver assistance scenarios, focusing on detecting and preventing cyberattacks on the BCI lifecycle.

View Project

Related notes

From Monitoring to Mitigation: A DFL Cyberdefense Lifecycle with LLM Explanations

A practical note on how distributed monitoring, DFL models, alert evidence and LLM-based support can fit into a cyberdefense workflow.

Decentralized Federated LearningLLMsExplainable AI
Read More

Situational Awareness for Cyberdefense with Decentralized Federated Learning

A research note on using DFL to turn distributed telemetry, anomalies and trust signals into cyberdefense situational awareness.

Situational AwarenessDecentralized Federated LearningExplainable AI
Read More

Drones, Edge Intelligence and DFL for Cyberdefense Operations

A technical note on how drone fleets can use DFL to collaborate on detection models without exposing mission telemetry.

Decentralized Federated LearningCyberdefenseEdge AI
Read More

Byzantine-Resilient Aggregation for Decentralized Federated Learning

A focused research note on median, trimmed mean and trust-weighted aggregation for peer-to-peer federations under poisoning and unreliable clients.

Decentralized Federated LearningTrustworthy AIAdversarial ML
Read More

Privacy-Preserving IoT Security with Decentralized Federated Learning

A research note on edge training, secure aggregation and adaptive privacy budgets for IoT security monitoring.

Decentralized Federated LearningIoT SecurityPrivacy-Preserving AI
Read More