Live Roundups Editor's Desk Insights Executive Ops Weather About 🔍
Home Science Sample-Efficient LLM-Based Detection of Malicious Web...
Science

Sample-Efficient LLM-Based Detection of Malicious Web Server Logs with Forensically Explainable Reasoning

arXiv CS Tuesday 09 June 2026, 04:00 UTC By Bernhard Kneip, Nhien-An Le-Khac, Hong-Hanh Nguyen-Le 1 min read
Key Points

Announce Type: new Abstract: Forensic analysis of web server logs demands both accurate detection and human-readable explanations that can satisfy legal requirements. We present CEF-Log, a context-enhanced few-shot chain-of-thought prompting strategy for Large Language Models that addresses this dual requirement. CEF-Log embeds expert investigative methodology through a structured five-step reasoning template, enabling the model to learn \textit{how} to analyze logs rather than \textit{what}...

arXiv:2606.08649v1 Announce Type: new Abstract: Forensic analysis of web server logs demands both accurate detection and human-readable explanations that can satisfy legal requirements. We present CEF-Log, a context-enhanced few-shot chain-of-thought prompting strategy for Large Language Models that addresses this dual requirement. CEF-Log embeds expert investigative methodology through a structured five-step reasoning template, enabling the model to learn \textit{how} to analyze logs rather than \textit{what} patterns to memorize. Experimental evaluation demonstrates that CEF-Log achieves an F1-score of 0.99 on the CSIC 2010 dataset using only four examples while providing a $10\times$ improvement in sample efficiency compared to other prompting-based methods. We also introduce ForenWebLog, a new dataset that incorporates real-world attacks and multi-step attack sequences for comprehensive evaluation. Qualitative analysis confirms that CEF-Log generates traceable, accurate explanations suitable for forensic documentation, addressing the critical "black-box" limitation of traditional machine learning approaches.
CEF-Log (ORG) CSIC (ORG)
Originally published by arXiv CS Read original →

Related Stories

'Voltron: Legendary Defender' turns 10 today, and we think this mecha robot reboot was just as good as 'Power Rangers' and 'Transformers'

'Voltron: Legendary Defender' turns 10 today, and we think this mecha robot reboot was just as good as 'Power Rangers' and 'Transformers' Voltron may sound like an ointment for back pain, but the reboot Legendary Defender demonstrates that there's more to the big stompy robots concept than meets the eye. Reboot is a dirty word when it comes to TV. Very rarely does a remade show receive its due.

Space.com 25m ago

Exclusive-GM may ditch LFP batteries for future EVs

Exclusive-GM may ditch LFP batteries for future EVs SAN FRANCISCO, June 10 : General Motors may scrap plans to use a lower-cost, iron-based battery chemistry that many automakers are using to cut electric-vehicle costs, GM's head of battery technology said. The Detroit automaker had said it planned to develop lithium-iron phosphate, or LFP, batteries for use in future EV models, and would begin making those batteries in late 2027 at a jointly owned plant in Tennessee. But GM battery chief...

Channel News Asia 36m ago

Claude Fable won’t answer basic biology questions

Anthropic just released Claude Fable 5, calling it the most powerful AI model it has ever made widely available and praising its skills in biology, among others. But the model won't answer basic biology questions - the kind you'd expect a high schooler to handle. Instead, it hands off the query to the former flagship model, Claude Opus 4.8.

The Verge 42m ago

Musk Stock Fans Say ‘The More, The Better’ in SpaceX IPO Frenzy

A SpaceX Falcon 9 rocket launched from Cape Canaveral Space Force Station in Florida.

Bloomberg Technology 42m ago