LLM-based Generation of Formal Specification for Run-time Security Monitoring of ICS
Industrial Control Systems (ICS) are vulnerable to cybersecurity threats due to their distributed architecture and critical role in infrastructure sectors. Ensuring their secure operation requires deploying runtime monitoring mechanisms to detect behavioral deviations, with inline security monitorin...
Saved in:
| Published in: | 2025 IEEE International Conference on Cyber Security and Resilience (CSR) pp. 957 - 962 |
|---|---|
| Main Authors: | , , , |
| Format: | Conference Proceeding |
| Language: | English |
| Published: |
IEEE
04.08.2025
|
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract | Industrial Control Systems (ICS) are vulnerable to cybersecurity threats due to their distributed architecture and critical role in infrastructure sectors. Ensuring their secure operation requires deploying runtime monitoring mechanisms to detect behavioral deviations, with inline security monitoring arising as a practical solution. However, writing these specifications manually is time-consuming, error-prone, and requires deep domain expertise. In this paper, we explore the feasibility of using large language models (LLMs) to assist in generating JML-based inline security monitors for ICS applications. Using a water distribution system as a testbed, we prompt the model with structured templates and evaluate its output against expertwritten specifications. Our results highlight that LLMs can correctly infer key security properties and produce contextaware assertions with minimal guidance, marking an early but promising step toward automated monitor synthesis. |
|---|---|
| AbstractList | Industrial Control Systems (ICS) are vulnerable to cybersecurity threats due to their distributed architecture and critical role in infrastructure sectors. Ensuring their secure operation requires deploying runtime monitoring mechanisms to detect behavioral deviations, with inline security monitoring arising as a practical solution. However, writing these specifications manually is time-consuming, error-prone, and requires deep domain expertise. In this paper, we explore the feasibility of using large language models (LLMs) to assist in generating JML-based inline security monitors for ICS applications. Using a water distribution system as a testbed, we prompt the model with structured templates and evaluate its output against expertwritten specifications. Our results highlight that LLMs can correctly infer key security properties and produce contextaware assertions with minimal guidance, marking an early but promising step toward automated monitor synthesis. |
| Author | Khan, Muhammad Taimoor Serpanos, Dimitrios Raptis, George E. Koulamas, Christos |
| Author_xml | – sequence: 1 givenname: George E. surname: Raptis fullname: Raptis, George E. email: graptis@isi.gr organization: Industrial Systems Institute (ISI) ATHENA RC,Patras,Greece – sequence: 2 givenname: Muhammad Taimoor surname: Khan fullname: Khan, Muhammad Taimoor email: m.khan@greenwich.ac.uk organization: University of Greenwich,Centre for Sustainable Cyber Security,London,United Kingdom – sequence: 3 givenname: Christos surname: Koulamas fullname: Koulamas, Christos email: koulamas@isi.gr organization: Industrial Systems Institute (ISI) ATHENA RC,Patras,Greece – sequence: 4 givenname: Dimitrios surname: Serpanos fullname: Serpanos, Dimitrios email: serpanos@ece.upatras.gr organization: University of Patras, Computer Technology Institute and Press "Diophantus", & Industrial Systems Institute (ISI),Electrical and Computer Engineering,Patras,Greece |
| BookMark | eNo1j1FLwzAUhSPog879A5H8gc7cpmmTRyluDjqEte8jvb2RwJqMrHvYv7cyhQMHPjiHc57YfYiBGHsFsQIQ5q1u92VRSbPKRa5mBFLMumNLUxktJSipDJhH1jXNLuvtmQa-oUDJTj4GHh1fxzTaI29PhN55vHEXE99fQjb5kXhLeEl-uvJdDH6KyYfv3-C2bp_Zg7PHMy3_fMG69UdXf2bN12ZbvzeZN3LKcjADkDYVlk5prYQiMg41atWXgwN0vQA7gBh6NICFKRAJlYBCzetzlAv2cqv1RHQ4JT_adD38f5U_QqpOSw |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/CSR64739.2025.11130130 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9798331535919 |
| EndPage | 962 |
| ExternalDocumentID | 11130130 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i93t-219d1e897c6f588505ee9fc8c85b6df1cfb01ad10dbc91c494ccec501455352c3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Sep 03 07:09:37 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i93t-219d1e897c6f588505ee9fc8c85b6df1cfb01ad10dbc91c494ccec501455352c3 |
| PageCount | 6 |
| ParticipantIDs | ieee_primary_11130130 |
| PublicationCentury | 2000 |
| PublicationDate | 2025-Aug.-4 |
| PublicationDateYYYYMMDD | 2025-08-04 |
| PublicationDate_xml | – month: 08 year: 2025 text: 2025-Aug.-4 day: 04 |
| PublicationDecade | 2020 |
| PublicationTitle | 2025 IEEE International Conference on Cyber Security and Resilience (CSR) |
| PublicationTitleAbbrev | CSR |
| PublicationYear | 2025 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.925171 |
| Snippet | Industrial Control Systems (ICS) are vulnerable to cybersecurity threats due to their distributed architecture and critical role in infrastructure sectors.... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 957 |
| SubjectTerms | cyberphysical systems formal specification Formal specifications Generative AI Industrial control Industrial Control Systems (ICS) inline monitors Java Modeling Language (JML) Large language models large language models (LLMs) Monitoring Runtime runtime verification Security security monitoring Software Source coding water distribution systems Writing |
| Title | LLM-based Generation of Formal Specification for Run-time Security Monitoring of ICS |
| URI | https://ieeexplore.ieee.org/document/11130130 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFA5uePCk4sTf5OA1W7OmaXIeDoU5xrbDbqN9eYGBtDI3_37z0k7x4MFbKU0LX5K-j_fyvY-xRymLwmswIrMShHLZUJSFByEhrCfvIJAOE80m8unUrFZ21orVoxYGEePhM-zTZazluxr2lCobkC06Vdo6rJPnuhFrtapfmdjBaDHXKo_yk2HWPzz8yzYlRo3x6T-_d8Z6P_o7PvuOLOfsCKsLtpxMXgUFHcebXtEEKa89HxPtfOPRSd63KTgeuCif7ytB3vF80ZrU8WYHUyqPBr6MFj22HD8tR8-i9UQQG5vuRPi_OInG5qB9ZkygL4jWgwGTldp5Cb5MZOFk4koI4CurABBi7ZD6uEB6ybpVXeEV4ypHbTBNHHEi1OE1OkldoGeqpJHumvUIkfV70_VifQDj5o_7t-yEcI-H49Qd6-62e7xnx_C523xsH-JcfQEUF5aY |
| linkProvider | IEEE |
| linkToHtml | http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3PS8MwFA46BT2pOPG3OXjN1qxpmpyHY8NujK2H3Ub7ksBAOpmbf795aad48OAtlKSF95K-j_fyvY-QZ86LwklQLNEcmDBJj5WFA8bB7ydnwIMOFcQm0slELRZ62pDVAxfGWhsun9kODkMt36xhh6myLsqiY6XtkBwlQvSimq7V8H55pLv9-UyKNBBQeklnP_2XcEqIG4Ozf37xnLR_GHh0-h1bLsiBrS5JnmVjhmHH0LpbNBqVrh0dIPB8o0FL3jVJOOrRKJ3tKobq8XTeyNTR-gxjMg8XjvrzNskHL3l_yBpVBLbS8Zb5P4zhVukUpEuU8gDGWu1AgUpKaRwHV0a8MDwyJXjzCy0ALITqIXZygfiKtKp1Za8JFamVysaRQVRkpX-NjGLjAZoocaW5IW20yPK97nux3Bvj9o_nT-RkmI-zZTaavN6RU_RBuCon7klru9nZB3IMn9vVx-Yx-O0LGe-Z3w |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2025+IEEE+International+Conference+on+Cyber+Security+and+Resilience+%28CSR%29&rft.atitle=LLM-based+Generation+of+Formal+Specification+for+Run-time+Security+Monitoring+of+ICS&rft.au=Raptis%2C+George+E.&rft.au=Khan%2C+Muhammad+Taimoor&rft.au=Koulamas%2C+Christos&rft.au=Serpanos%2C+Dimitrios&rft.date=2025-08-04&rft.pub=IEEE&rft.spage=957&rft.epage=962&rft_id=info:doi/10.1109%2FCSR64739.2025.11130130&rft.externalDocID=11130130 |