LLM-based Generation of Formal Specification for Run-time Security Monitoring of ICS

Industrial Control Systems (ICS) are vulnerable to cybersecurity threats due to their distributed architecture and critical role in infrastructure sectors. Ensuring their secure operation requires deploying runtime monitoring mechanisms to detect behavioral deviations, with inline security monitorin...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:2025 IEEE International Conference on Cyber Security and Resilience (CSR) s. 957 - 962
Hlavní autori: Raptis, George E., Khan, Muhammad Taimoor, Koulamas, Christos, Serpanos, Dimitrios
Médium: Konferenčný príspevok..
Jazyk:English
Vydavateľské údaje: IEEE 04.08.2025
Predmet:
cyberphysical systems
formal specification
Formal specifications
Generative AI
Industrial control
Industrial Control Systems (ICS)
inline monitors
Java Modeling Language (JML)
Large language models
large language models (LLMs)
Monitoring
Runtime
runtime verification
Security
security monitoring
Software
Source coding
water distribution systems
Writing
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:Industrial Control Systems (ICS) are vulnerable to cybersecurity threats due to their distributed architecture and critical role in infrastructure sectors. Ensuring their secure operation requires deploying runtime monitoring mechanisms to detect behavioral deviations, with inline security monitoring arising as a practical solution. However, writing these specifications manually is time-consuming, error-prone, and requires deep domain expertise. In this paper, we explore the feasibility of using large language models (LLMs) to assist in generating JML-based inline security monitors for ICS applications. Using a water distribution system as a testbed, we prompt the model with structured templates and evaluate its output against expertwritten specifications. Our results highlight that LLMs can correctly infer key security properties and produce contextaware assertions with minimal guidance, marking an early but promising step toward automated monitor synthesis.
DOI:10.1109/CSR64739.2025.11130130