{"id":"https://openalex.org/W7165382669","doi":"https://doi.org/10.1145/3765611.3815140","title":"Large Language Models as Explainable Cyberattack Detectors for Energy Industrial Control Systems","display_name":"Large Language Models as Explainable Cyberattack Detectors for Energy Industrial Control Systems","publication_year":2026,"publication_date":"2026-06-20","ids":{"openalex":"https://openalex.org/W7165382669","doi":"https://doi.org/10.1145/3765611.3815140"},"language":null,"primary_location":{"id":"doi:10.1145/3765611.3815140","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3765611.3815140","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM Sustainability Week","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3765611.3815140","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5000645671","display_name":"Weiyi Kong","orcid":null},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Weiyi Kong","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Toronto, Toronto, Ontario, Canada"],"raw_orcid":"https://orcid.org/0009-0002-1948-1003","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Toronto, Toronto, Ontario, Canada","institution_ids":["https://openalex.org/I185261750"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034965559","display_name":"Ahmad Mohammad Saber","orcid":"https://orcid.org/0000-0003-3115-2384"},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Ahmad Mohammad Saber","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Toronto, Toronto, Ontario, Canada"],"raw_orcid":"https://orcid.org/0000-0003-3115-2384","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Toronto, Toronto, Ontario, Canada","institution_ids":["https://openalex.org/I185261750"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085765243","display_name":"Amr Youssef","orcid":"https://orcid.org/0000-0002-4284-8646"},"institutions":[{"id":"https://openalex.org/I60158472","display_name":"Concordia University","ror":"https://ror.org/0420zvk78","country_code":"CA","type":"education","lineage":["https://openalex.org/I60158472"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Amr Youssef","raw_affiliation_strings":["Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Quebec, Canada"],"raw_orcid":"https://orcid.org/0000-0002-4284-8646","affiliations":[{"raw_affiliation_string":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Quebec, Canada","institution_ids":["https://openalex.org/I60158472"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077035168","display_name":"Deepa Kundur","orcid":"https://orcid.org/0000-0001-5999-1847"},"institutions":[{"id":"https://openalex.org/I185261750","display_name":"University of Toronto","ror":"https://ror.org/03dbr7087","country_code":"CA","type":"education","lineage":["https://openalex.org/I185261750"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Deepa Kundur","raw_affiliation_strings":["Department of Electrical and Computer Engineering, University of Toronto, Toronto, Ontario, Canada"],"raw_orcid":"https://orcid.org/0000-0001-5999-1847","affiliations":[{"raw_affiliation_string":"Department of Electrical and Computer Engineering, University of Toronto, Toronto, Ontario, Canada","institution_ids":["https://openalex.org/I185261750"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.95293478,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"47","last_page":"54"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.4878000020980835,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12026","display_name":"Explainable Artificial Intelligence (XAI)","score":0.4878000020980835,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.10989999771118164,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.07880000025033951,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/industrial-control-system","display_name":"Industrial control system","score":0.6200000047683716},{"id":"https://openalex.org/keywords/energy","display_name":"Energy (signal processing)","score":0.44339999556541443},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4287000000476837},{"id":"https://openalex.org/keywords/detector","display_name":"Detector","score":0.38449999690055847},{"id":"https://openalex.org/keywords/control-system","display_name":"Control system","score":0.38280001282691956},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.34130001068115234}],"concepts":[{"id":"https://openalex.org/C40071531","wikidata":"https://www.wikidata.org/wiki/Q2513962","display_name":"Industrial control system","level":3,"score":0.6200000047683716},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6018000245094299},{"id":"https://openalex.org/C186370098","wikidata":"https://www.wikidata.org/wiki/Q442787","display_name":"Energy (signal processing)","level":2,"score":0.44339999556541443},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4287000000476837},{"id":"https://openalex.org/C94915269","wikidata":"https://www.wikidata.org/wiki/Q1834857","display_name":"Detector","level":2,"score":0.38449999690055847},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.38280001282691956},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.36070001125335693},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.34130001068115234},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3303999900817871},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.29910001158714294},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.2824000120162964},{"id":"https://openalex.org/C557691694","wikidata":"https://www.wikidata.org/wiki/Q185091","display_name":"Remote control","level":2,"score":0.27309998869895935},{"id":"https://openalex.org/C2780165032","wikidata":"https://www.wikidata.org/wiki/Q16869822","display_name":"Energy consumption","level":2,"score":0.25609999895095825}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3765611.3815140","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3765611.3815140","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM Sustainability Week","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3765611.3815140","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3765611.3815140","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2026 ACM Sustainability Week","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Affordable and clean energy","score":0.7946127653121948,"id":"https://metadata.un.org/sdg/7"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":8,"referenced_works":["https://openalex.org/W2005028112","https://openalex.org/W2887195793","https://openalex.org/W3035503910","https://openalex.org/W3185341429","https://openalex.org/W4212795178","https://openalex.org/W4400461591","https://openalex.org/W4411849920","https://openalex.org/W4416757219"],"related_works":[],"abstract_inverted_index":{"In":[0,35],"modern":[1],"energy":[2],"systems,":[3],"industrial":[4],"control":[5],"systems":[6],"(ICS)":[7],"and":[8,76,101,123,139,164],"power-system":[9],"SCADA":[10],"require":[11],"intrusion":[12],"detection":[13],"that":[14,170],"is":[15,28,89,140],"not":[16],"only":[17],"accurate":[18],"but":[19],"also":[20],"auditable":[21],"by":[22,31],"operators.":[23],"The":[24],"ICS":[25,70],"intrusion-detection":[26],"landscape":[27],"currently":[29],"dominated":[30],"established":[32],"supervised":[33,145],"detectors.":[34],"this":[36,59],"paper,":[37],"we":[38,158],"study":[39],"whether":[40],"an":[41],"off-the-shelf":[42],"large":[43],"language":[44],"model":[45],"(LLM)":[46],"can":[47],"serve":[48],"as":[49,60,186],"a":[50,61,81,92,102,106,111],"complementary,":[51],"human-in-the-loop":[52],"layer":[53],"for":[54,116],"Modbus":[55,71,86],"traffic.":[56],"We":[57],"cast":[58],"binary":[62],"network-side":[63],"normal/critical":[64,107],"decision":[65],"task":[66],"on":[67,136],"two":[68],"public":[69],"datasets,":[72],"collapsing":[73],"attack":[74],"periods":[75],"other":[77],"safety-critical":[78],"behaviors":[79],"into":[80,91],"single":[82],"critical":[83],"class.":[84],"Each":[85],"communication":[87],"instance":[88],"converted":[90],"compact":[93],"token":[94],"string":[95],"derived":[96],"from":[97],"discretized":[98],"protocol":[99],"fields,":[100],"prompt-configured":[103],"LLM":[104],"produces":[105],"alert":[108],"together":[109],"with":[110],"concise,":[112],"token-grounded":[113],"incident":[114],"record":[115],"analyst":[117],"review.":[118],"Under":[119],"matched":[120],"event":[121],"information":[122],"shared":[124],"evaluation":[125],"splits,":[126],"the":[127,155,171,178],"resulting":[128],"LLM-based":[129],"triage":[130],"pipeline":[131],"achieves":[132],"high":[133],"predictive":[134],"performance":[135],"both":[137],"benchmarks":[138],"broadly":[141],"comparable":[142],"to":[143,177],"strong":[144],"baselines,":[146],"while":[147],"requiring":[148],"no":[149],"task-specific":[150],"weight":[151],"updates.":[152],"To":[153],"assess":[154],"audit":[156,187],"record,":[157],"apply":[159],"intervention-based":[160],"diagnostics,":[161],"including":[162],"sufficiency-":[163],"necessity-style":[165],"tests,":[166],"which":[167],"provide":[168],"evidence":[169],"cited":[172],"tokens":[173],"are":[174,184],"often":[175],"decision-relevant":[176],"model\u2019s":[179],"own":[180],"prediction.":[181],"These":[182],"records":[183],"intended":[185],"signals":[188],"rather":[189],"than":[190],"full":[191],"human-grounded":[192],"explanations.":[193]},"counts_by_year":[],"updated_date":"2026-06-21T06:12:48.119943","created_date":"2026-06-20T00:00:00"}
