From Vector Space to Symbolic Space: Informational and Semantic Analysis of Benign and DDoS IoT Traffic Using LLMs

In this paper, we investigate the feasibility of using Large Language Models (LLMs) for the structural analysis of flow-based network data, considering the fundamental onto-logical difference between the multidimensional numerical space of IoT data and the symbolic space in which these models operate. The primary objective was the development of a formal framework that enables the controlled transformation of numerical data into linguistically analyzable semantic representations, without resorting to classification or machine-learning mechanisms. We propose the SFE mechanism, a deterministic method for robust discretization and behavioral abstraction that converts the numerical characteristics of IoT flows into structural semantic descriptions, based on the CIC IoT-DIAD 2024 [1] dataset. Through formal informational measures, we demonstrate the existence of an intrinsic structural difference between benign and DDoS traffic in the analyzed dataset. In the validation stage, we evaluated whether these informational differences are reflected at the level of linguistic abstraction through controlled inference experiments in IBM WatsonX [2]. The paper demonstrates that LLMs can work as mechanisms for semantic auditing of distributional structure when supported by a formal encoding layer, offering a reproducible framework for integrating numerical security data into language-model-based analysis.