Liu, Yifan, Li, Shancang and Bin Hulayyil, Sarah
2025.
Intelligent detection of cyber attack patterns in industrial IoT using pretrained language models.
Electronics
14
(20)
, 4094.
10.3390/electronics14204094
|
Preview |
PDF
- Published Version
Available under License Creative Commons Attribution. Download (868kB) | Preview |
Abstract
Industrial Internet of Things (IIoT) systems is increasingly exposed to sophisticated and rapidly evolving cyber threats. In response, this work proposes a proactive threat detection framework that leverages pretrained transformer-based language models to identify emerging attack patterns within IIoT ecosystems. This work introduces a transformer-based framework that fine-tunes domain-specific pretrained models (SecBERT, SecRoBERTa, CyBERT), derives potential attack-path patterns from vulnerability–tactic mappings, and incorporates a retrieval-based fallback mechanism. The fallback not only improves robustness under uncertainty, but also provides a practical solution to the absence of labeled datasets linking ICS-specific MITRE ATT\&CK tactics with vulnerabilities, thereby filling a key research gap. Experiments show that the fine-tuned models substantially outperform traditional machine learning baselines; SecBERT achieves the best balance while maintaining high inference efficiency. Overall, the framework advances vulnerability-driven threat modeling in IIoT and offers a foundation for proactive identification of attack patterns.
| Item Type: | Article |
|---|---|
| Date Type: | Publication |
| Status: | Published |
| Schools: | Schools > Computer Science & Informatics |
| Publisher: | MDPI |
| ISSN: | 2079-9292 |
| Date of First Compliant Deposit: | 30 October 2025 |
| Date of Acceptance: | 10 October 2025 |
| Last Modified: | 04 Nov 2025 13:53 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/181588 |
Actions (repository staff only)
 |
Edit Item |
Altmetric
Altmetric