Next Article in Journal
An Isolated AC-DC LED Electronic Lighting Driver Circuit with Power Factor Correction
Previous Article in Journal
Enhanced Semantic BERT for Named Entity Recognition in Education
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Article

DLG–IDS: Dynamic Graph and LLM–Semantic Enhanced Spatiotemporal GNN for Lightweight Intrusion Detection in Industrial Control Systems

1
Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049, China
2
School of Nuclear Science and Technology, University of Chinese Academy of Sciences, Beijing 100049, China
3
China Spallation Neutron Source Science Center, Dongguan 523803, China
*
Authors to whom correspondence should be addressed.
Electronics 2025, 14(19), 3952; https://doi.org/10.3390/electronics14193952
Submission received: 29 August 2025 / Revised: 1 October 2025 / Accepted: 3 October 2025 / Published: 7 October 2025

Abstract

Industrial control systems (ICSs) face escalating security challenges due to evolving cyber threats and the inherent limitations of traditional intrusion detection methods, which fail to adequately model spatiotemporal dependencies or interpret complex protocol semantics. To address these gaps, this paper proposes DLG–IDS —a lightweight intrusion detection framework that innovatively integrates dynamic graph construction for capturing real–time device interactions and logical control relationships from traffic, LLM–driven semantic enhancement to extract fine–grained embeddings from graphs, and a spatio–temporal graph neural network (STGNN) optimized via sparse attention and local window Transformers to minimize computational overhead. Evaluations on SWaT and SBFF datasets demonstrate the framework’s superiority, achieving a state–of–the–art accuracy of 0.986 while reducing latency by 53.2% compared to baseline models. Ablation studies further validate the critical contributions of semantic fusion, sparse topology modeling, and localized temporal attention. The proposed solution establishes a robust, real–time detection mechanism tailored for resource–constrained industrial environments, effectively balancing high accuracy with operational efficiency.
Keywords: Industrial Control Systems Security; graph neural networks; Large Language Models; dynamic graph Industrial Control Systems Security; graph neural networks; Large Language Models; dynamic graph

Share and Cite

MDPI and ACS Style

Liu, J.; Wang, J.; Yan, T.; Qi, F.; Chen, G. DLG–IDS: Dynamic Graph and LLM–Semantic Enhanced Spatiotemporal GNN for Lightweight Intrusion Detection in Industrial Control Systems. Electronics 2025, 14, 3952. https://doi.org/10.3390/electronics14193952

AMA Style

Liu J, Wang J, Yan T, Qi F, Chen G. DLG–IDS: Dynamic Graph and LLM–Semantic Enhanced Spatiotemporal GNN for Lightweight Intrusion Detection in Industrial Control Systems. Electronics. 2025; 14(19):3952. https://doi.org/10.3390/electronics14193952

Chicago/Turabian Style

Liu, Junyi, Jiarong Wang, Tian Yan, Fazhi Qi, and Gang Chen. 2025. "DLG–IDS: Dynamic Graph and LLM–Semantic Enhanced Spatiotemporal GNN for Lightweight Intrusion Detection in Industrial Control Systems" Electronics 14, no. 19: 3952. https://doi.org/10.3390/electronics14193952

APA Style

Liu, J., Wang, J., Yan, T., Qi, F., & Chen, G. (2025). DLG–IDS: Dynamic Graph and LLM–Semantic Enhanced Spatiotemporal GNN for Lightweight Intrusion Detection in Industrial Control Systems. Electronics, 14(19), 3952. https://doi.org/10.3390/electronics14193952

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop