The Industrial Control System (ICS) environment encompasses a wide range of intricate communication protocols, posing substantial challenges for Security Operations Center (SOC) analysts tasked with monitoring, interpreting, and addressing network activities and security incidents. Conventional monitoring tools and techniques often struggle to provide a clear understanding of the nature and intent of ICS-specific communications. To enhance comprehension, we propose a software solution powered by a Large Language Model (LLM). This solution currently focused on BACnet protocol, processes a packet file data and extracts context by using a mapping database, and contemporary context retrieval methods for Retrieval Augmented Generation (RAG). The processed packet information, combined with the extracted context, serves as input to the LLM, which generates a concise packet file summary for the user. The software delivers a clear, coherent, and easily understandable summary of network activities, enabling SOC analysts to better assess the current state of the control system.

翻译：工业控制系统（ICS）环境包含大量复杂的通信协议，这对负责监控、解析和处理网络活动及安全事件的安全运营中心（SOC）分析师构成了重大挑战。传统的监控工具与技术往往难以清晰理解ICS专用通信的性质与意图。为提升理解能力，我们提出一种由大语言模型（LLM）驱动的软件解决方案。该方案目前专注于BACnet协议，通过映射数据库处理数据包文件并提取上下文信息，同时采用检索增强生成（RAG）的现代上下文检索方法。经处理的数据包信息与提取的上下文相结合，作为LLM的输入，最终为用户生成简洁的数据包文件摘要。该软件能提供清晰、连贯且易于理解的网络活动摘要，帮助SOC分析师更准确地评估控制系统的当前状态。