CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts
📖 Full Retelling
arXiv:2603.04186v1 Announce Type: cross
Abstract: Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specific configurations such as expert-defined detection rules, handcrafted log parsers, or manual feature-engineering. Crucially, the level of automation of
Entity Intersection Graph
No entity connections available yet for this article.
Original Source
--> Computer Science > Cryptography and Security arXiv:2603.04186 [Submitted on 4 Mar 2026] Title: CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts Authors: Max Landauer , Wolfgang Hotwagner , Thorina Boenke , Florian Skopik , Markus Wurzenberger View a PDF of the paper titled CAM-LDS: Cyber Attack Manifestations for Automatic Interpretation of System Logs and Security Alerts, by Max Landauer and 4 other authors View PDF HTML Abstract: Log data are essential for intrusion detection and forensic investigations. However, manual log analysis is tedious due to high data volumes, heterogeneous event formats, and unstructured messages. Even though many automated methods for log analysis exist, they usually still rely on domain-specific configurations such as expert-defined detection rules, handcrafted log parsers, or manual feature-engineering. Crucially, the level of automation of conventional methods is limited due to their inability to semantically understand logs and explain their underlying causes. In contrast, Large Language Models enable domain- and format-agnostic interpretation of system logs and security alerts. Unfortunately, research on this topic remains challenging, because publicly available and labeled data sets covering a broad range of attack techniques are scarce. To address this gap, we introduce the Cyber Attack Manifestation Log Data Set (CAM-LDS), comprising seven attack scenarios that cover 81 distinct techniques across 13 tactics and collected from 18 distinct sources within a fully open-source and reproducible test environment. We extract log events that directly result from attack executions to facilitate analysis of manifestations concerning command observability, event frequencies, performance metrics, and intrusion detection alerts. We further present an illustrative case study utilizing an LLM to process the CAM-LDS. The results indicate that correct attack techniques are predicted perfectl...
Read full article at source