HIDBench unifies DARPA-E3, DARPA-E5, and NodLink datasets with a data pipeline to benchmark LLMs for host-based intrusion detection, showing high precision on simple logs but sharp drops in MCC and rises in false positives on complex noisy data.
Ctikg: Llm-powered knowledge graph construction from cyber threat intelligence,
2 Pith papers cite this work. Polarity classification is still indexing.
2
Pith papers citing it
fields
cs.CR 2years
2026 2verdicts
UNVERDICTED 2representative citing papers
IOCRegex-gen automates IOC-to-regex conversion with LLMs via group-aware grouping and multi-stage validation, reporting 99.1% hit rate and 0.8% false-positive rate on 3000+ CTI reports and 2400 ground-truth strings.
citing papers explorer
-
HIDBench: Benchmarking Large Language Models for Host-Based Intrusion Detection
HIDBench unifies DARPA-E3, DARPA-E5, and NodLink datasets with a data pipeline to benchmark LLMs for host-based intrusion detection, showing high precision on simple logs but sharp drops in MCC and rises in false positives on complex noisy data.
-
From IOCs to Regex: Automating CTI Operationalization for SOC with LLMs
IOCRegex-gen automates IOC-to-regex conversion with LLMs via group-aware grouping and multi-stage validation, reporting 99.1% hit rate and 0.8% false-positive rate on 3000+ CTI reports and 2400 ground-truth strings.