[CS] Aniket Anand MS Presentation/Feb 18, 2026

[via cs]

This is an announcement of Aniket Anand's MS Presentation
===============================================
Candidate: Aniket Anand

Date: Wednesday, February 18, 2026

Time:  2:30 pm CST

Remote Location: https://uchicago.zoom.us/j/6179938377?pwd=aitrdzFqTENDOS9lQUdyN01TKzJXdz09&omn=93298474058  Meeting ID: 617 993 8377 Passcode: 443644

Location: JCL 346

Title: Benchmarking and Exploring the Capabilities of LLMs for Attack Investigations

Abstract: In this paper we present AuditBench, a new benchmark dataset for evaluating the capabilities of LLMs at investigating security-related system audit logs. We design and use this benchmark to explore the performance of LLMs on four log-investigation tasks that incident response teams commonly perform, ranging from triaging alerts generated by a detector to identifying persistence mechanisms on a compromised system. AuditBench consists of system audit logs collected from Linux and Windows machines, and spans over 50 different security investigation scenarios including both malicious and benign activity. Using our benchmark, we evaluate and analyze the performance of five state-of-the-art LLMs at analyzing audit logs for attack investigations Our analysis explores how the performance of LLMs, and the errors they produce, varies based on different design choices, such as differences in model size, data representation, prompt construction, dataset sources, and specific investigation tasks. Additionally, we characterize the kinds of errors that models make across our benchmark dataset. Taken together, our work provides a foundation for assessing the capabilities of LLMs for investigating security logs, insights for practitioners looking to use LLMs in security operations, and key directions for future work.

Advisors: 

Committee Members: Nick Feamster, Alex Kantchelian and Grant Ho