Title: IstGPT: Leveraging LLMs for Anomaly Detection in Spatial-Temporal Industrial Graphs

Industrial Internet infrastructure is increasingly vulnerable to advanced attacks on Industrial Control Systems (ICS), which can precipitate severe safety failures. Current detection mechanisms often fall short in real-time scenarios because they struggle to account for the intricate interdependencies between sensors and actuators. To address this challenge, we introduce IstGPT, a novel anomaly detection solution that combines Large Language Models (LLMs) with graph learning to offer immediate defense against diverse ICS threats.

IstGPT is designed to capture spatial-temporal dependencies within industrial cyber-physical systems with high precision and granularity. The process begins by utilizing multi-modal industrial knowledge—such as system diagrams, technical documentation, and operational data—alongside multi-stage prompt engineering to construct dependency graphs linking sensors and actuators. These graphs are subsequently optimized through a module called LLM-Optimation, which iteratively enhances the structure by evaluating node accuracy, edge consistency, and logical coherence. For anomaly identification, IstGPT employs an encoder-decoder framework powered by enhanced graph neural networks, flagging irregularities through reconstruction errors.

In our evaluation, IstGPT was tested against twelve leading baseline methods using nine distinct datasets, comprising two public benchmarks, six simulated environments, and one dataset from a real-world robotic arm. The results demonstrate that IstGPT secures the highest F1-scores and eTaF1 (a newer metric sensitive to temporal dynamics) across all nine datasets. We also examine the practical viability of implementing IstGPT in actual industrial settings.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC