Logo Politecnico di Torino
ITEN
WebThesis

Design, Implementation and Evaluation of LLM-based Agents for Forensic Analysis

Stefano Fumero

Design, Implementation and Evaluation of LLM-based Agents for Forensic Analysis.

Rel. Danilo Giordano, Francesco De Santis, Marco Mellia. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2025

[thumbnail of Tesi_di_laurea]
Preview
 PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution.
Download (1MB) | Preview

Abstract

Large Language Model (LLM) based agents are increasingly adopted for the automation of complex tasks. In this thesis, I systematically study their capabilities and limitations in cybersecurity forensics. Building upon a publicly available cybersecurity benchmark, I designed and evaluated a modular multi-agent system for forensic analysis. I first addressed two fundamental limitations of LLMs: the lack of long-term memory and the inability to access up-to-date knowledge. To overcome these challenges, I added a semantic memory module for storing and retrieving information and a web search tool (RAG) for external knowledge retrieval. Leveraging these solutions, I then enhanced the agent architecture through iterative refinements.

The initial design relied on a single monolithic agent, while later versions added specialized components, including a PCAP Flow Reporter and a Log Reporter for traffic and log analysis

Relatori

Danilo Giordano, Francesco De Santis, Marco Mellia

Anno Accademico

2025/26

Tipo di pubblicazione

Elettronica

Numero di pagine

68

Corso di laurea

Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)

Classe di laurea

Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA

Aziende collaboratrici

Politecnico di Torino

URI

https://webthesis.biblio.polito.it/id/eprint/37685
Modifica (riservato agli operatori) Modifica (riservato agli operatori)
Logo Politecnico di Torino