[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-32318":3,"doc-seo-32318":27},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"file_id":15,"file_url":16,"file_type":17,"file_size":18,"view_count":4,"is_deleted":4,"is_public":19,"is_downloadable":19,"audit_status":19,"page_count":20,"language":21,"language_code":22,"table_of_contents":23,"faqs":24,"seo_title":13,"seo_description":14,"update_tm":25,"read_time":26},32318,34359740700684,"Finn","https://ap-avatar.wpscdn.com/avatar/1f400023980c374ae676?_k=1777273430885731487",8,"Research & Report","A RAG-Based Question-Answering Solution for Cyber-Attack Investigation and Attribution","RAG-based question-answering is proposed to support cybersecurity analysts in investigating cyber-attacks and attributing responsible actors. The approach combines a Retrieval Augmented Generation pipeline with a large language model to answer user queries using either a curated knowledge base or user-provided external resources. Evaluation includes multiple question categories and metric-driven assessment, including faithfulness, relevancy, context precision/recall, entity recall, similarity, and correctness. The method is compared with GPT-3.5 and GPT-4o, showing improved reliability through source-grounded answers and reduced hallucinations, and better results when few-shot examples are used.","cbCainkdOImry0J6","https://ap.wps.com/l/cbCainkdOImry0J6","pdf",1046562,1,20,"English","en","# Introduction\n## Attribution levels and challenges\n## RAG for mitigating hallucinations\n## Evaluation methodology","[{\"question\":\"How does few-shot prompting affect performance?\",\"answer\":\"When few-shot examples are provided instead of only zero-shot instructions, the model generates better answers, as shown by the documented comparison in the work.\"}]",1781126468,50,{"code":4,"msg":28,"data":29},"ok",{"site_id":30,"language":22,"slug":31,"title":13,"keywords":32,"description":14,"schema_data":33,"social_meta":76,"head_meta":78,"extra_data":80,"updated_unix":25},105,"a-rag-based-question-answering-solution-for-cyber-attack-investigation-and-attribution","",{"@graph":34,"@context":75},[35,52,66],{"@type":36,"itemListElement":37},"BreadcrumbList",[38,42,46,49],{"item":39,"name":40,"@type":41,"position":19},"https://docshare.wps.com","Home","ListItem",{"item":43,"name":44,"@type":41,"position":45},"https://docshare.wps.com/document/","Document",2,{"item":47,"name":12,"@type":41,"position":48},"https://docshare.wps.com/document/research-report/",3,{"item":50,"name":13,"@type":41,"position":51},"https://docshare.wps.com/document/a-rag-based-question-answering-solution-for-cyber-attack-investigation-and-attribution/32318/",4,{"url":50,"name":13,"@type":53,"author":54,"headline":13,"publisher":56,"fileFormat":59,"description":14,"dateModified":60,"datePublished":60,"encodingFormat":59,"isAccessibleForFree":61,"interactionStatistic":62},"DigitalDocument",{"name":9,"@type":55},"Person",{"url":39,"name":57,"@type":58},"DocShare","Organization","application/pdf","2026-06-10",true,{"@type":63,"interactionType":64,"userInteractionCount":4},"InteractionCounter",{"@type":65},"ViewAction",{"@type":67,"mainEntity":68},"FAQPage",[69],{"name":70,"@type":71,"acceptedAnswer":72},"How does few-shot prompting affect performance?","Question",{"text":73,"@type":74},"When few-shot examples are provided instead of only zero-shot instructions, the model generates better answers, as shown by the documented comparison in the work.","Answer","https://schema.org",{"og:url":50,"og:type":77,"og:title":13,"og:site_name":57,"og:description":14},"article",{"robots":79,"canonical":50},"index,follow",{"doc_id":7,"site_id":30}]