The paper proposes a system-aware unsupervised framework that combines lightweight online detection with a contextual digital twin and LLM to provide interpretable, actionable anomaly diagnoses for In…

The paper proposes a Digital Twin (DT)-driven hybrid system that combines deterministic heuristics and constrained Large Language Model (LLM) reasoning to achieve highly accurate and interpretable rea…

This paper discusses the significant challenges in developing a holistic intrusion detection system for Industrial Control Systems (ICS) that must cover all operational dimensions.

This paper evaluates unsupervised temporal learning models, specifically recurrent autoencoders, for real-time anomaly detection in vulnerable IEC-61850 GOOSE networks, demonstrating that the GRU mode…

This paper proposes a lightweight, multi-layer Machine Learning-based security framework for Industrial IoT (IIoT) to enhance trust convergence and detect advanced threats.

The paper proposes a semi-automated framework that integrates network topology and vulnerability data to generate and analyze multi-step attack graphs in Industrial Control Systems, demonstrated using…

The paper introduces i-SDT, an intelligent Self-Defending Digital Twin, which enhances cyber-physical security by accurately discriminating various attack types and maintaining safe operation without…

ChronosAD introduces a novel architecture that uses time series foundation models and a custom Temporal Block to achieve robust and highly accurate anomaly detection across diverse domains.

This paper systematically evaluates Provenance-based Intrusion Detection Systems (PIDSes) in real industrial scenarios, revealing that existing systems struggle with data heterogeneity, advanced attac…

This paper investigates the vulnerability of machine learning-based fault detection and localization systems in Cyber-Physical Systems (CPS) to backdoor attacks, demonstrating that such attacks are su…

This paper demonstrates that an off-the-shelf Large Language Model (LLM) can function as a high-performing, explainable, human-in-the-loop layer for detecting cyberattacks in Industrial Control System…

The paper proposes a clustering-enhanced domain adaptation method that significantly improves cross-domain intrusion detection in industrial control systems by aligning feature distributions and enhan…

The paper introduces APIOT, the first LLM framework capable of autonomously performing the full discovery, exploitation, patching, and verification cycle against bare-metal industrial OT devices.

The paper introduces Gammaf, an open-source benchmarking framework designed to standardize the evaluation of graph-based anomaly detection methods for securing Large Language Model Multi-Agent Systems…

The paper proposes a novel Federated Learning framework combined with Homomorphic Encryption and a dynamic agent selection scheme to enhance privacy and efficiency for anomaly detection in the Industr…

This paper provides the first comprehensive threat model for IoT-enabled Controlled Environment Agriculture (CEA) systems, identifying 123 unique threats and proposing a defense-in-depth framework to…

The paper introduces the Canonical Security Telemetry Substrate (CSTS), a standardized, AI-ready foundation designed to harmonize fragmented and heterogeneous cybersecurity data into a unified model f…

FlowGuard introduces an identity-independent defense using flow matching to detect data-free model stealing attacks by identifying synthetic queries as out-of-distribution based on their lower-dimensi…

The paper proposes PROVFUSION, a multi-view fusion framework that integrates anomaly signals from attribute, structure, and causality views to overcome the limitations of single node- or edge-centric…

This paper experimentally demonstrates the high detection performance of machine learning-based intrusion detection systems for identifying cyberattacks targeting OPC UA applications running over priv…