To address the delayed and inflexible response to Advanced Persistent Threats (APTs) in cloud environments, this paper proposes LLM-PD: a Large Language Model (LLM)-based self-evolving proactive defense architecture. LLM-PD integrates multi-step logical reasoning, real-time log and configuration semantic parsing, automated defensive script generation, and cloud-native deployment—enabling online, zero-fine-tuning adaptation to novel attack scenarios for the first time. Its core innovation lies in establishing a closed-loop pipeline—“perception → reasoning → policy generation → autonomous deployment”—overcoming the static nature and training-data dependency inherent in conventional rule-based engines and supervised learning approaches. Evaluated across diverse APT simulation campaigns, LLM-PD achieves over 96% defense success rate with sub-second average response latency, significantly enhancing the timeliness, generalizability, and autonomy of cloud security protection.

The rapid evolution of cloud computing technologies and the increasing number of cloud applications have provided a large number of benefits in daily lives. However, the diversity and complexity of different components pose a significant challenge to cloud security, especially when dealing with sophisticated and advanced cyberattacks. Recent advancements in generative foundation models (GFMs), particularly in the large language models (LLMs), offer promising solutions for security intelligence. By exploiting the powerful abilities in language understanding, data analysis, task inference, action planning, and code generation, we present LLM-PD, a novel proactive defense architecture that defeats various threats in a proactive manner. LLM-PD can efficiently make a decision through comprehensive data analysis and sequential reasoning, as well as dynamically creating and deploying actionable defense mechanisms on the target cloud. Furthermore, it can flexibly self-evolve based on experience learned from previous interactions and adapt to new attack scenarios without additional training. The experimental results demonstrate its remarkable ability in terms of defense effectiveness and efficiency, particularly highlighting an outstanding success rate when compared with other existing methods.