A digital twin of the SWaT process combined with heuristics for known attack signatures and a constrained LLM invoked only on abstention achieves precise attack localization with low time-to-detect and zero false positives in four evaluated scenarios.
MAD-LLM: A Novel Approach for Alert-Based Multi-stage Attack Detection via LLM
1 Pith paper cite this work. Polarity classification is still indexing.
1
Pith paper citing it
fields
cs.CR 1years
2026 1verdicts
UNVERDICTED 1representative citing papers
citing papers explorer
-
Systematic Integration of Digital Twins and Constrained LLMs for Interpretable Cyber-Physical Anomaly Detection
A digital twin of the SWaT process combined with heuristics for known attack signatures and a constrained LLM invoked only on abstention achieves precise attack localization with low time-to-detect and zero false positives in four evaluated scenarios.