Industrial Control System (ICS) testbeds are critical for cybersecurity research but typically demand significant time, expertise, and vendor-specific tooling. This paper explores whether Large Language Models (LLMs) can automate the generation of runnable, network-visible ICS simulations from plain-language descriptions. We introduce Words2Wires, a lightweight, LLM-integrated toolchain combining a Lua-based control logic runtime with open-source Modbus/TCP and OPC-UA implementations. Given a simple textual prompt (e.g., describing a tank or traffic light system), the LLM produces control scripts, simulation code, and an OPC-UA tag map. These artefacts are executed directly, without manual edits or formal validation, to yield functioning ICS testbeds in under 90 s per instance. The resulting simulations behave as valid Modbus and OPC-UA devices, respond to HMI inputs, and support basic adversarial scenarios such as discovery, command injection, and denial-of-service. While the generated logic may contain flaws and the process models are simplistic, our results show that LLMs can greatly reduce the effort needed to create ICS testbeds for protocol-centric and exploratory security testing. Though not suitable for high-fidelity simulations, this prompt-to-simulation pipeline is well-suited for cyber ranges, deception systems, and rapid prototyping.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

From Words to Wires: Toward Rapid ICS Cyber-Range Construction Using LLMs

  • Tommy Helland Berg,
  • Ahmed Amro,
  • Aida Akbarzadeh,
  • Georgios Kavallieratos

摘要

Industrial Control System (ICS) testbeds are critical for cybersecurity research but typically demand significant time, expertise, and vendor-specific tooling. This paper explores whether Large Language Models (LLMs) can automate the generation of runnable, network-visible ICS simulations from plain-language descriptions. We introduce Words2Wires, a lightweight, LLM-integrated toolchain combining a Lua-based control logic runtime with open-source Modbus/TCP and OPC-UA implementations. Given a simple textual prompt (e.g., describing a tank or traffic light system), the LLM produces control scripts, simulation code, and an OPC-UA tag map. These artefacts are executed directly, without manual edits or formal validation, to yield functioning ICS testbeds in under 90 s per instance. The resulting simulations behave as valid Modbus and OPC-UA devices, respond to HMI inputs, and support basic adversarial scenarios such as discovery, command injection, and denial-of-service. While the generated logic may contain flaws and the process models are simplistic, our results show that LLMs can greatly reduce the effort needed to create ICS testbeds for protocol-centric and exploratory security testing. Though not suitable for high-fidelity simulations, this prompt-to-simulation pipeline is well-suited for cyber ranges, deception systems, and rapid prototyping.