PORTO @ Archivio Istituzionale della Ricerca

Operational Technology (OT) networks face growing cybersecurity risks, yet applying best practice guidelines remains difficult—particularly in settings with limited cybersecurity expertise. This paper proposes a modular framework combining a Large Language Model (Llama3 8B Instruct), semantic search (FAISS), and structured prompting to assist in the analysis of OT configurations. The system extracts best practices from authoritative sources, generates standardized JSON templates for data collection, and leverages a chatbot assistant for compliance validation and mitigation guidance. Experimental results show moderate accuracy (60–66.67%), highlighting both the promise and current limitations of LLM-based security tools. The framework offers a foundation for enhancing automation, interpretability, and resilience in OT environments.

Leveraging Large Language Models for OT Network Configuration Analysis / Colletto, Alberto Salvatore; Todaro, Mario; Viticchié, Alessio; Aliberti, Alessandro. - ELETTRONICO. - (In corso di stampa). (Intervento presentato al convegno Research and Technologies for Society and Industry (RTSI) tenutosi a Gammarth, Tunis nel 24-26 August, 2025).

Leveraging Large Language Models for OT Network Configuration Analysis

Alberto Salvatore Colletto;Alessandro Aliberti
In corso di stampa

Abstract

Operational Technology (OT) networks face growing cybersecurity risks, yet applying best practice guidelines remains difficult—particularly in settings with limited cybersecurity expertise. This paper proposes a modular framework combining a Large Language Model (Llama3 8B Instruct), semantic search (FAISS), and structured prompting to assist in the analysis of OT configurations. The system extracts best practices from authoritative sources, generates standardized JSON templates for data collection, and leverages a chatbot assistant for compliance validation and mitigation guidance. Experimental results show moderate accuracy (60–66.67%), highlighting both the promise and current limitations of LLM-based security tools. The framework offers a foundation for enhancing automation, interpretability, and resilience in OT environments.
In corso di stampa
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/3002713
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo