Saved in:
Bibliographic Details
Main Authors: Sharma, Rashi, Okada, Hiroyuki, Oba, Tatsumi, Subramanian, Karthikk, Yanai, Naoto, Pranata, Sugiri
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2407.15428
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866910537014575104
author Sharma, Rashi
Okada, Hiroyuki
Oba, Tatsumi
Subramanian, Karthikk
Yanai, Naoto
Pranata, Sugiri
author_facet Sharma, Rashi
Okada, Hiroyuki
Oba, Tatsumi
Subramanian, Karthikk
Yanai, Naoto
Pranata, Sugiri
contents The Industrial Control System (ICS) environment encompasses a wide range of intricate communication protocols, posing substantial challenges for Security Operations Center (SOC) analysts tasked with monitoring, interpreting, and addressing network activities and security incidents. Conventional monitoring tools and techniques often struggle to provide a clear understanding of the nature and intent of ICS-specific communications. To enhance comprehension, we propose a software solution powered by a Large Language Model (LLM). This solution currently focused on BACnet protocol, processes a packet file data and extracts context by using a mapping database, and contemporary context retrieval methods for Retrieval Augmented Generation (RAG). The processed packet information, combined with the extracted context, serves as input to the LLM, which generates a concise packet file summary for the user. The software delivers a clear, coherent, and easily understandable summary of network activities, enabling SOC analysts to better assess the current state of the control system.
format Preprint
id arxiv_https___arxiv_org_abs_2407_15428
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Decoding BACnet Packets: A Large Language Model Approach for Packet Interpretation
Sharma, Rashi
Okada, Hiroyuki
Oba, Tatsumi
Subramanian, Karthikk
Yanai, Naoto
Pranata, Sugiri
Cryptography and Security
Artificial Intelligence
The Industrial Control System (ICS) environment encompasses a wide range of intricate communication protocols, posing substantial challenges for Security Operations Center (SOC) analysts tasked with monitoring, interpreting, and addressing network activities and security incidents. Conventional monitoring tools and techniques often struggle to provide a clear understanding of the nature and intent of ICS-specific communications. To enhance comprehension, we propose a software solution powered by a Large Language Model (LLM). This solution currently focused on BACnet protocol, processes a packet file data and extracts context by using a mapping database, and contemporary context retrieval methods for Retrieval Augmented Generation (RAG). The processed packet information, combined with the extracted context, serves as input to the LLM, which generates a concise packet file summary for the user. The software delivers a clear, coherent, and easily understandable summary of network activities, enabling SOC analysts to better assess the current state of the control system.
title Decoding BACnet Packets: A Large Language Model Approach for Packet Interpretation
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2407.15428