As part of a lab in my master’s program, we explored different ways in which industrial intrusion detection systems can analyze network traffic and classify malicious activity. In the final part of this lab, we were asked to develop a project in the field of intrusion detection, in which case we developed a highly experimental detection approach. We built a system that classifies Modbus network communications using a GPT model, such as the one used by ChatGPT.

After preprocessing the data in Python, we fed the parsed network traffic into an existing GPT-2 implementation in PyTorch, which predicts future network traffic. After comparing the predicted traffic to the actual traffic, we identified malicious patterns and visualized the results. Although the evaluation required significant computing time on the university’s computer cluster for model training, the results showed promising performance.

Here, you can learn more about this project: Deep-Learning IIDS