In this study, we evaluate open-source models for security incident classification, comparing them with proprietary models. We utilize a dataset of anonymized real incidents, categorized according to the NIST SP 800-61r3 taxonomy and processed using five prompt-engineering techniques (PHP, SHP, HTP, PRP, and ZSL). The results indicate that, although proprietary models still exhibit higher accuracy, locally deployed open-source models provide advantages in privacy, cost-effectiveness, and data sovereignty.

翻译：本研究评估了开源模型在安全事件分类中的性能，并将其与专有模型进行对比。我们使用了一个经过匿名化处理的真实事件数据集，该数据集依据NIST SP 800-61r3分类法进行标注，并采用了五种提示工程技术（PHP、SHP、HTP、PRP和ZSL）进行处理。结果表明，尽管专有模型仍展现出更高的准确性，但本地部署的开源模型在隐私保护、成本效益和数据主权方面具有优势。