The paper proposes a system-aware unsupervised framework that combines lightweight online detection with a contextual digital twin and LLM to provide interpretable, actionable anomaly diagnoses for In…

This paper introduces an attribution-driven analysis of encoder-based Large Language Models (LLMs) for network intrusion detection, demonstrating that the models make decisions based on meaningful tra…

The paper proposes a Digital Twin (DT)-driven hybrid system that combines deterministic heuristics and constrained Large Language Model (LLM) reasoning to achieve highly accurate and interpretable rea…

The paper introduces HIDBench, a new benchmark for evaluating LLMs' ability to perform host-based intrusion detection using complex, noisy system logs, finding that model performance degrades signific…

This paper investigates the vulnerability of machine learning-based fault detection and localization systems in Cyber-Physical Systems (CPS) to backdoor attacks, demonstrating that such attacks are su…

The paper empirically evaluates domain-adapted and general-purpose LLMs for structured threat modelling (STRIDE on 5G security), finding that domain adaptation and model size do not guarantee reliable…

The paper proposes an embarrassingly simple detector that monitors model extraction attacks by testing whether the aggregate distribution of incoming LLM queries deviates from the historical distribut…

The paper introduces an end-to-end framework that not only detects network intrusions using deep learning but also generates actionable, citation-grounded mitigation reports using a Retrieval-Augmente…

The paper introduces CritBench, a novel framework to evaluate LLM cybersecurity capabilities specifically within IEC 61850 Digital Substation Operational Technology (OT) environments, finding that whi…

The paper introduces 'log-substrate prompt injection,' demonstrating that attacker-controlled log fields can be used to manipulate LLM-powered security analysis, with persona hijacking and context man…

The paper analyzes LLM vulnerability detection using mechanistic interpretability, finding that models primarily rely on safety detectors rather than direct vulnerability signature recognition.

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper introduces PLM-NIDS, a novel intrusion detection system that models network flows as a language based solely on L3/L4 metadata, successfully detecting attacks by identifying deviations from…

The paper establishes a standardized security assessment framework and develops a multi-layered defensive system, demonstrating that systematic testing and external defenses are crucial for safe LLM d…

This paper proposes a hybrid CNN-LSTM framework to enhance cyber attack detection and prevention in U.S. critical digital infrastructure by evaluating multiple machine learning models on the CSE-CIC-I…

This paper evaluates unsupervised temporal learning models, specifically recurrent autoencoders, for real-time anomaly detection in vulnerable IEC-61850 GOOSE networks, demonstrating that the GRU mode…

This paper discusses the significant challenges in developing a holistic intrusion detection system for Industrial Control Systems (ICS) that must cover all operational dimensions.

LanG is a governance-aware, open-source agentic AI platform that unifies security operations by providing advanced correlation, automated rule generation, and attack reconstruction capabilities.

The study compared the cybersecurity risk assessment capabilities of five popular large language models (LLMs) against human experts, finding that LLMs consistently underestimated risks and require ma…

IstGPT introduces a novel LLM-based framework for real-time, fine-grained anomaly detection in complex industrial cyber-physical systems, achieving state-of-the-art performance across multiple benchma…