| Liu, Yifan, Li, Shancang and Bin Hulayyil, Sarah 2025. Intelligent detection of cyber attack patterns in industrial IoT using pretrained language models. Electronics |
Abstract
Industrial Internet of Things (IIoT) systems is increasingly exposed to sophisticated and rapidly evolving cyber threats. In response, this work proposes a proactive threat detection framework that leverages pretrained transformer-based language models to identify emerging attack patterns within IIoT ecosystems. This work introduces a transformer-based framework that fine-tunes domain-specific pretrained models (SecBERT, SecRoBERTa, CyBERT), derives potential attack-path patterns from vulnerability–tactic mappings, and incorporates a retrieval-based fallback mechanism. The fallback not only improves robustness under uncertainty, but also provides a practical solution to the absence of labeled datasets linking ICS-specific MITRE ATT\&CK tactics with vulnerabilities, thereby filling a key research gap. Experiments show that the fine-tuned models substantially outperform traditional machine learning baselines; SecBERT achieves the best balance while maintaining high inference efficiency. Overall, the framework advances vulnerability-driven threat modeling in IIoT and offers a foundation for proactive identification of attack patterns.
| Item Type: | Article |
|---|---|
| Status: | In Press |
| Schools: | Schools > Computer Science & Informatics |
| Publisher: | MDPI |
| Date of Acceptance: | 9 October 2025 |
| Last Modified: | 13 Oct 2025 13:30 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/181588 |
Actions (repository staff only)
 |
Edit Item |
CORE (COnnecting REpositories)
CORE (COnnecting REpositories)