paper

Multi-Source Cybersecurity Logs: An ATT&CK-Labeled Dataset and SLM Evaluation

paperactiveprovisionalmulti-source-cybersecurity-logs-an-att-ck-labeled-dataset-and-slm-evaluation-be4591f7·1 events·first seen 6h ago

Aliases: Multi-Source Cybersecurity Logs: An ATT&CK-Labeled Dataset and SLM Evaluation

Co-occurring entities

CICIDS Llama 3.2 LoRA Phi-4-mini Qwen2.5-1.5B MITRE ATT&CK UNSW-NB15 Atlas

More like this (12)

MITRE ATT&CK Cybersecurity Task Evaluation Detecting and Countering Malicious Uses of Claude: March 2025 2026 State of AI Traffic and Cyberthreat Benchmark Report Multi-Component LLM Agent Clinically Grounded Privacy Evaluation of Medical LMs Self-Ensembling VLM Chart Extraction CL-Drive dataset KSAA-2026 Shared Task cyberattack scaling law Leveraging Audio-LLMs to Filter Speech-to-Speech Training Data AI Cybersecurity Threat Evaluation Framework

Recent events (1)

5arXiv · cs.LG·6h ago·source ↗

Multi-source cybersecurity log dataset with ATT&CK labels and SLM fine-tuning evaluation

Researchers introduce a new multi-source cybersecurity log dataset of 870 sessions (~2.3M events) capturing system, network, and browser activity on Windows endpoints, with per-entry MITRE ATT&CK technique labels across 12 tactics and 53 techniques. The dataset addresses gaps in existing public datasets (CICIDS, UNSW-NB15, ATLAS) that lack combined multi-source coverage with fine-grained ATT&CK labeling. Three small language models (Qwen2.5-1.5B, Llama-3.2-3B, Phi-4-Mini) were fine-tuned with LoRA on the dataset, achieving chunk classification accuracy of 90–97% versus ~8% for base variants, though ATT&CK technique identification remained harder at 42% exact-match accuracy.

Evaluation and Benchmarking AI Safety Research Multi-Source Cybersecurity Logs: An ATT&CK-Labeled Dataset and SLM Evaluation CICIDS Llama 3.2 +6 more