Let AI Autogenerate Neural ASR Rules for OT Attacks via NLP
Mars Cheng, Jr Wei-Huang
DEF CON 33 · Day 1 · Main Stage
In this DEF CON talk, Mars Cheng and Jr Wei-Huang (Jay Jong) from TX1 Networks presented a groundbreaking approach to enhance Operational Technology (OT) security by leveraging Artificial Intelligence (AI) and Natural Language Processing (NLP) to autonomously generate Application Security Rules (ASR) for detecting OT-specific attacks. The presentation, titled "Let AI Autogenerate Neural ASR Rules for OT Attacks via NLP," addresses the unique and pressing challenges of securing critical industrial control systems (ICS) and OT environments, which often cannot adopt traditional IT security paradigms.
AI review
Legitimate OT security research with a real problem statement and genuine dataset — 50K OT binaries and 2M telemetry records is not nothing. The core contribution is a word2vec-style behavioral embedding applied to OT process telemetry with explicit parent-child relationship modeling, which is a reasonable engineering advance over generic IT EDR approaches, even if the underlying ML technique isn't novel.