{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T03:49:01Z","timestamp":1775188141991,"version":"3.50.1"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032020178","type":"print"},{"value":"9783032020185","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:00:00Z","timestamp":1755820800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T00:00:00Z","timestamp":1755820800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-02018-5_10","type":"book-chapter","created":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:51:49Z","timestamp":1755841909000},"page":"129-142","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["HyLLM-IDS: A Conceptual Hybrid LLM-Assisted Intrusion Detection Framework for\u00a0Cyber-Physical Systems"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-9685-8880","authenticated-orcid":false,"given":"Mamdouh","family":"Muhammad","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9159-8436","authenticated-orcid":false,"given":"Abdelkader Magdy","family":"Shaaban","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9071-4802","authenticated-orcid":false,"given":"Reinhard","family":"German","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8461-5154","authenticated-orcid":false,"given":"Loui","family":"Al Sardy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2025,8,22]]},"reference":[{"key":"10_CR1","doi-asserted-by":"publisher","unstructured":"Khullar, V., Sharma, V., Angurala, M., Chhabra, N. (eds.): Artificial Intelligence and Society 5.0: Issues, Opportunities, and Challenges. Chapman & Hall\/CRC Press, an imprint of Taylor & Francis Group, LLC, Boca Raton, FL and Abingdon, Oxon (2024). https:\/\/doi.org\/10.1201\/9781003397052","DOI":"10.1201\/9781003397052"},{"issue":"3","key":"10_CR2","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1109\/MITP.2022.3177281","volume":"24","author":"C Patrikakis","year":"2022","unstructured":"Patrikakis, C., Law, K.: Society 5.0: human centric, decentralized, and hyperautomated. IT Prof. 24(3), 16\u201317 (2022). https:\/\/doi.org\/10.1109\/MITP.2022.3177281","journal-title":"IT Prof."},{"key":"10_CR3","doi-asserted-by":"publisher","unstructured":"Tyagi, A.K., Lakshmi Priya, R., Mishra, A.K., Balamurugan, G.: Industry 5.0: Potentials, Issues, Opportunities, and Challenges for Society 5.0, pp. 409\u2013432 (2023). https:\/\/doi.org\/10.1002\/9781394213726.ch17","DOI":"10.1002\/9781394213726.ch17"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Vosughi, A., Tamimi, A., King, A.B., Majumder, S., Srivastava, A.K.: Cyber\u2013physical vulnerability and resiliency analysis for DER integration: a review, challenges and research needs. Renew. Sustain. Energy Rev. 168(C) (2022). https:\/\/ideas.repec.org\/a\/eee\/rensus\/v168y2022ics1364032122006785.html","DOI":"10.1016\/j.rser.2022.112794"},{"key":"10_CR5","doi-asserted-by":"publisher","unstructured":"Muhammad, M., Alshra\u2019a, A.S., German, R.: Survey of cybersecurity in smart grids protocols and datasets. Procedia Comput. Sci. 241, 365\u2013372 (2024). 14th International Conference on Sustainable Energy Information Technology. https:\/\/doi.org\/10.1016\/j.procs.2024.08.049","DOI":"10.1016\/j.procs.2024.08.049"},{"key":"10_CR6","unstructured":"OPSWAT. ICS\/OT cybersecurity budget survey 2025. OPSWAT Report. https:\/\/info.opswat.com\/hubfs\/OT%20-%20Assets\/Survey_2025-ICS-OT-Budget.pdf"},{"key":"10_CR7","doi-asserted-by":"publisher","unstructured":"Quincozes, V., Quincozes, S., Albuquerque, C., Passos, D., Moss\u00e9, D.: Intrusion detection datasets for cyber-physical systems: taxonomy, challenges, and opportunities. SSRN Electron. J. (2025). https:\/\/doi.org\/10.2139\/ssrn.5247519","DOI":"10.2139\/ssrn.5247519"},{"key":"10_CR8","unstructured":"Bundesamt f\u00fcr Sicherheit in der Informationstechnik. IT-Sicherheitsgesetz 2.0 (IT-SiG 2.0) (2025). https:\/\/www.bsi.bund.de\/DE\/Das-BSI\/Auftrag\/Gesetze-und-Verordnungen\/IT-SiG\/2-0\/it_sig-2-0_node.html. Accessed 24 Apr 2025"},{"key":"10_CR9","unstructured":"Bundesamt f\u00fcr Sicherheit in der Informationstechnik. BSI-Gesetz (BSIG) \u2013 Federal Office for Information Security Act (2025). https:\/\/www.bsi.bund.de\/EN\/Das-BSI\/Auftrag\/Gesetze-und-Verordungen\/BSI-Gesetz\/bsi-gesetz.html. Accessed 23 Apr 2025"},{"key":"10_CR10","unstructured":"Bundesamt f\u00fcr Sicherheit in der Informationstechnik. FAQ: Systeme zur Angriffserkennung (SzA) (2025). https:\/\/www.bsi.bund.de\/EN\/Themen\/Regulierte-Wirtschaft\/Kritische-Infrastrukturen\/KRITIS-FAQ\/FAQ-Systeme-Angriffserkennung\/faq-systeme-angriffserkennung_node.html. Accessed 03 May 2025"},{"key":"10_CR11","unstructured":"European Union. Regulation (EU) 2024\/1689 of the European Parliament and of the Council of 13 June 2024 on laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) (2024). https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=OJ:L_202401689"},{"key":"10_CR12","unstructured":"Future of Life Institute. Annex III \u2013 High-Risk AI Systems According to Article 6(2) (2025). https:\/\/artificialintelligenceact.eu\/annex\/3\/. Accessed 25 Apr 2025"},{"key":"10_CR13","unstructured":"Future of Life Institute. Article 15 \u2013 Accuracy, Robustness and Cybersecurity (2025). https:\/\/artificialintelligenceact.eu\/article\/15\/. Accessed 25 Apr 2025"},{"key":"10_CR14","unstructured":"Zhao, W.X., et al.: A survey of large language models. arXiv:2303.18223 (2025)"},{"key":"10_CR15","doi-asserted-by":"crossref","unstructured":"Huang, J., Chang, K.C.-C.: Towards reasoning in large language models: a survey. arXiv:2212.10403 (2023)","DOI":"10.18653\/v1\/2023.findings-acl.67"},{"issue":"2","key":"10_CR16","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3703155","volume":"43","author":"H Lei","year":"2025","unstructured":"Lei, H., et al.: A survey on hallucination in large language models: Principles, taxonomy, challenges, and open questions. ACM Trans. Inf. Syst. 43(2), 1\u201355 (2025). https:\/\/doi.org\/10.1145\/3703155","journal-title":"ACM Trans. Inf. Syst."},{"key":"10_CR17","doi-asserted-by":"crossref","unstructured":"Chen, L., Zaharia, M., Zou, J.: How is ChatGPT\u2019s behavior changing over time? Harvard Data Sci. Rev. 6(2) (2024). https:\/\/hdsr.mitpress.mit.edu\/pub\/y95zitmz","DOI":"10.1162\/99608f92.5317da47"},{"key":"10_CR18","doi-asserted-by":"publisher","unstructured":"Hadi, M.U., et al.: Large language models: a comprehensive survey of its applications, challenges, limitations, and future prospects (2023). https:\/\/doi.org\/10.36227\/techrxiv.23589741.v1","DOI":"10.36227\/techrxiv.23589741.v1"},{"key":"10_CR19","doi-asserted-by":"publisher","unstructured":"Fauzi, N., Yulianto, F., Nuha, H.: The effectiveness of anomaly-based intrusion detection systems in handling zero-day attacks using adaboost, j48, and random forest methods, pp. 57\u201362 (2023). https:\/\/doi.org\/10.1109\/APWiMob59963.2023.10365642","DOI":"10.1109\/APWiMob59963.2023.10365642"},{"issue":"3","key":"10_CR20","doi-asserted-by":"publisher","first-page":"4815","DOI":"10.1109\/JIOT.2018.2871719","volume":"6","author":"N Moustafa","year":"2019","unstructured":"Moustafa, N., Turnbull, B., Choo, K.-K.R.: An ensemble intrusion detection technique based on proposed statistical flow features for protecting network traffic of internet of things. IEEE Internet Things J. 6(3), 4815\u20134830 (2019). https:\/\/doi.org\/10.1109\/JIOT.2018.2871719","journal-title":"IEEE Internet Things J."},{"key":"10_CR21","unstructured":"Ring, M., Wunderlich, S., Gr\u00fcdl, D., Landes, D., Hotho, A.: Flow-based benchmark data sets for intrusion detection. In: Proceedings of the 16th European Conference on Cyber Warfare and Security (ECCWS), pp. 361\u2013369. ACPI (2017). https:\/\/www.researchgate.net\/publication\/317271077"},{"key":"10_CR22","unstructured":"Canadian Institute for Cybersecurity, University of New Brunswick. CIC Datasets (2025). https:\/\/www.unb.ca\/cic\/datasets\/. Accessed 28 Apr 2025"},{"key":"10_CR23","doi-asserted-by":"crossref","unstructured":"Nguyen, H.-C.-T., Nguyen, X.-H., Le, K.-H.: An automated benchmarking framework for anomaly-based intrusion detection systems. In: 2024 International Conference on Multimedia Analysis and Pattern Recognition (MAPR), pp. 1\u20136 (2024). https:\/\/api.semanticscholar.org\/CorpusID:272574707","DOI":"10.1109\/MAPR63514.2024.10660867"},{"key":"10_CR24","doi-asserted-by":"publisher","unstructured":"Agoramoorthy, M., Ali, A., Sujatha, D., Michael, F., Ramesh, G.: An analysis of signature-based components in hybrid intrusion detection systems, pp. 1\u20135 (2023). https:\/\/doi.org\/10.1109\/ICCEBS58601.2023.10449209","DOI":"10.1109\/ICCEBS58601.2023.10449209"},{"key":"10_CR25","doi-asserted-by":"publisher","unstructured":"Rehman, F., Mushtaq, F., Zaman, H.: A host-based intrusion detection: using signature-based and AI-driven anomaly detection for enhanced cybersecurity. In: 2024 4th International Conference on Digital Futures and Transformative Technologies (ICoDT2), pp. 1\u20137 (2024). https:\/\/doi.org\/10.1109\/ICoDT262145.2024.10740248","DOI":"10.1109\/ICoDT262145.2024.10740248"},{"key":"10_CR26","doi-asserted-by":"crossref","unstructured":"Benabderrahmane, S., Valtchev, P., Cheney, J., Rahwan, T.: APT-LLM: embedding-based anomaly detection of cyber advanced persistent threats using large language models. arXiv:2502.09385 (2025)","DOI":"10.1109\/ISDFS65363.2025.11011912"},{"key":"10_CR27","doi-asserted-by":"crossref","unstructured":"Ghosh, R., von Stockhausen, H.-M., Schmitt, M., Vasile, G.M., Karn, S.K., Farri, O.: CVE-LLM: ontology-assisted automatic vulnerability evaluation using large language models. arXiv:2502.15932 (2025)","DOI":"10.1609\/aaai.v39i28.35139"},{"key":"10_CR28","doi-asserted-by":"crossref","unstructured":"Zhong, A., et al.: Logparser-LLM: advancing efficient log parsing with large language models. arXiv:2408.13727 (2024)","DOI":"10.1145\/3637528.3671810"},{"key":"10_CR29","doi-asserted-by":"crossref","unstructured":"Baral, S., Saha, S., Haque, A.: An adaptive end-to-end IoT security framework using explainable AI and LLMs. arXiv (2024). arXiv:2409.13177","DOI":"10.1109\/WF-IoT62078.2024.10811456"},{"key":"10_CR30","unstructured":"Li, Y., Xiang, Z., Bastian, N.D., Song, D., Li, B.: Ids-agent: an LLM agent for explainable intrusion detection in IoT networks (2024). arXiv:2409.13177"},{"key":"10_CR31","unstructured":"Kim, Y., Lee, C., Yoon, Y.: Payload-aware intrusion detection with CMAE and large language models. arXiv (2025). arXiv:2503.20798"},{"key":"10_CR32","unstructured":"Song, C., Ma, L., Zheng, J., Liao, J., Kuang, H., Yang, L.: Audit-LLM: multi-agent collaboration for log-based insider threat detection. arxiv:2408.08902 (2024)"},{"key":"10_CR33","unstructured":"OISF \u2013 Open Information Security Foundation. Suricata Features (2025). https:\/\/suricata.io\/features\/. Accessed 30 Apr 2025"},{"key":"10_CR34","doi-asserted-by":"publisher","unstructured":"Lu, H.: Evaluating the performance of SVM, isolation forest, and DBSCAN for anomaly detection. In: ITM Web Conference, vol. 70, p. 04012 (2025). https:\/\/doi.org\/10.1051\/itmconf\/20257004012","DOI":"10.1051\/itmconf\/20257004012"},{"key":"10_CR35","doi-asserted-by":"publisher","unstructured":"Adesh, A., Shobha, G., Shetty, J., Xu, L.: Local outlier factor for anomaly detection in HPCC systems. J. Parallel Distrib. Comput. 192(C) (2024). https:\/\/doi.org\/10.1016\/j.jpdc.2024.104923","DOI":"10.1016\/j.jpdc.2024.104923"},{"key":"10_CR36","unstructured":"Hugging face models. https:\/\/huggingface.co\/models. Accessed 02 May 2025"},{"key":"10_CR37","unstructured":"LM arena: Benchmark and compare open LLMs. https:\/\/lmarena.ai\/. Accessed 02 May 2025"},{"key":"10_CR38","doi-asserted-by":"crossref","unstructured":"Ng, K.K.Y., Matsuba, I., Zhang, P.C.: Rag in health care: a novel framework for improving communication and decision-making by addressing LLM limitations. NEJM AI 2(1), AIra2400380 (2025). https:\/\/ai.nejm.org\/doi\/full\/10.1056\/AIra2400380","DOI":"10.1056\/AIra2400380"}],"container-title":["Lecture Notes in Computer Science","Computer Safety, Reliability, and Security. SAFECOMP 2025 Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-02018-5_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T05:51:56Z","timestamp":1755841916000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-02018-5_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,22]]},"ISBN":["9783032020178","9783032020185"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-02018-5_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,22]]},"assertion":[{"value":"22 August 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SAFECOMP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Computer Safety, Reliability, and Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Stockholm","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Sweden","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"44","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"safecomp2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/safecomp2025.se\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}