The paper proposes a Digital Twin (DT)-driven hybrid system that combines deterministic heuristics and constrained Large Language Model (LLM) reasoning to achieve highly accurate and interpretable rea…

IstGPT introduces a novel LLM-based framework for real-time, fine-grained anomaly detection in complex industrial cyber-physical systems, achieving state-of-the-art performance across multiple benchma…

This paper demonstrates that an off-the-shelf Large Language Model (LLM) can function as a high-performing, explainable, human-in-the-loop layer for detecting cyberattacks in Industrial Control System…

HySecTwin introduces a knowledge-driven digital twin framework that uses semantic modeling and hybrid reasoning to provide explainable, context-aware, and high-speed threat detection for complex Cyber…

This paper discusses the significant challenges in developing a holistic intrusion detection system for Industrial Control Systems (ICS) that must cover all operational dimensions.

The paper introduces i-SDT, an intelligent Self-Defending Digital Twin, which enhances cyber-physical security by accurately discriminating various attack types and maintaining safe operation without…

This paper investigates the vulnerability of machine learning-based fault detection and localization systems in Cyber-Physical Systems (CPS) to backdoor attacks, demonstrating that such attacks are su…

This paper systematically evaluates Provenance-based Intrusion Detection Systems (PIDSes) in real industrial scenarios, revealing that existing systems struggle with data heterogeneity, advanced attac…

AFL-ICP is a novel specification-driven fuzzing framework that significantly enhances the security testing of industrial control protocols by detecting subtle semantic and logic bugs missed by traditi…

This paper evaluates unsupervised temporal learning models, specifically recurrent autoencoders, for real-time anomaly detection in vulnerable IEC-61850 GOOSE networks, demonstrating that the GRU mode…

The paper introduces the Canonical Security Telemetry Substrate (CSTS), a standardized, AI-ready foundation designed to harmonize fragmented and heterogeneous cybersecurity data into a unified model f…

The paper proposes a clustering-enhanced domain adaptation method that significantly improves cross-domain intrusion detection in industrial control systems by aligning feature distributions and enhan…

This paper enhances anomaly-based Intrusion Detection Systems by integrating process mining to provide detailed, process-based explanations and severity ratings for detected network anomalies.

The paper proposes a semi-automated framework that integrates network topology and vulnerability data to generate and analyze multi-step attack graphs in Industrial Control Systems, demonstrated using…

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…

This paper evaluates the security of industrial control systems (ICS) transitioning to 5G communication, finding that while optimal conditions allow for resilience, degraded channel conditions signifi…

This paper proposes an explainable threat attribution system for IoT networks that uses SHAP and flow behavior modeling to accurately classify and explain over 30 distinct attack variants into 8 meani…

This paper demonstrates that Unmanned Aerial Vehicle (UAV) autopilot fail-safe mechanisms are vulnerable to non-invasive voltage glitch fault injection, potentially allowing attackers to suppress crit…

The paper proposes PROVFUSION, a multi-view fusion framework that integrates anomaly signals from attribute, structure, and causality views to overcome the limitations of single node- or edge-centric…

The paper proposes a federated, high-throughput stream-processing framework for cross-sector threat detection and automated containment, achieving end-to-end operational convergence within 12-20 secon…