Takeshi Kaneko (Panasonic Holdings Corporation), Hiroyuki Okada (Panasonic Holdings Corporation), Rashi Sharma (Panasonic R&D Center Singapore), Tatsumi Oba (Panasonic Holdings Corporation), Naoto Yanai (Panasonic Holdings Corporation)
Security Operations Centers (SOCs) have increasingly adopted Large Language Models (LLMs) to support cyberattack analysis, yet existing LLM usage often lacks knowledge required for accurate protocol-level explanations. In this study, we propose PAIEL, an LLM-based framework that integrates semantic context of protocol-level knowledge and structured context as external knowledge to generate accurate and faithful explanations for each protocol from raw packets, thereby supporting SOC analyst operations. Through extensive experiments, we show that PAIEL outperforms common LLM baselines in terms of both human and automatic evaluations by considering protocol specifications. Our results also indicate that both structured context and semantic context are necessary to generate effective explanations. We also conduct an evaluation of PAIEL as a real-world application by providing it with SOC analysts, and then demonstrate that PAIEL is practical in the real world.