CoTSentry: Advanced Network Attack Detection with Chain-of-Thought Reasoning
摘要
The emergence of Large Language Models (LLMs) coincides with increasingly sophisticated network attacks that challenge conventional detection mechanisms. Traditional approaches exhibit significant limitations when confronted with novel attacks, often lacking interpretability and adaptability. To address these challenges, we introduce CoTSentry, a novel framework that leverages reasoning-enhanced language models through systematic multi-phase analysis for attack detection. By shifting from traditional pattern matching to comprehensive reasoning-based analysis, our approach methodically decomposes complex security problems into logical steps, revealing attack indicators even when deliberately obscured by adversaries. Through extensive empirical evaluations, CoTSentry achieves exceptional detection performance with accuracy rates consistently exceeding 97%, even against sophisticated obfuscation techniques that significantly degrade conventional methods. The system exhibits strong generalization capabilities to emerging threats without requiring attack-specific training, while providing security practitioners with comprehensive intelligence, including explicit reasoning chains, severity assessments, detailed attack explanations, and actionable defense recommendations.