LLM-based Generation of Formal Specification for Run-time Security Monitoring of ICS

Industrial Control Systems (ICS) are vulnerable to cybersecurity threats due to their distributed architecture and critical role in infrastructure sectors. Ensuring their secure operation requires deploying runtime monitoring mechanisms to detect behavioral deviations, with inline security monitorin...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:2025 IEEE International Conference on Cyber Security and Resilience (CSR) s. 957 - 962
Hlavní autoři: Raptis, George E., Khan, Muhammad Taimoor, Koulamas, Christos, Serpanos, Dimitrios
Médium: Konferenční příspěvek
Jazyk:angličtina
Vydáno: IEEE 04.08.2025
Témata:
cyberphysical systems
formal specification
Formal specifications
Generative AI
Industrial control
Industrial Control Systems (ICS)
inline monitors
Java Modeling Language (JML)
Large language models
large language models (LLMs)
Monitoring
Runtime
runtime verification
Security
security monitoring
Software
Source coding
water distribution systems
Writing
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Industrial Control Systems (ICS) are vulnerable to cybersecurity threats due to their distributed architecture and critical role in infrastructure sectors. Ensuring their secure operation requires deploying runtime monitoring mechanisms to detect behavioral deviations, with inline security monitoring arising as a practical solution. However, writing these specifications manually is time-consuming, error-prone, and requires deep domain expertise. In this paper, we explore the feasibility of using large language models (LLMs) to assist in generating JML-based inline security monitors for ICS applications. Using a water distribution system as a testbed, we prompt the model with structured templates and evaluate its output against expertwritten specifications. Our results highlight that LLMs can correctly infer key security properties and produce contextaware assertions with minimal guidance, marking an early but promising step toward automated monitor synthesis.
DOI:10.1109/CSR64739.2025.11130130