Papers
Topics
Authors
Recent
Search
2000 character limit reached

From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems

Published 7 Apr 2026 in cs.CR and cs.AI | (2604.05674v1)

Abstract: Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness impedes reliable security assessment, as inaccurate or missing architectural knowledge limits the identification of system dependencies, attack surfaces, and risk propagation pathways. To address this foundational challenge, this paper introduces ASTRAL (Architecture-Centric Security Threat Risk Assessment using LLMs), an architecture-centric security assessment technique implemented in a prototype tool powered by multimodal LLMs. The proposed approach assists practitioners in reconstructing and analysing CPS architectures when documentation is fragmented or absent. By leveraging prompt chaining, few-shot learning, and architectural reasoning, ASTRAL extracts and synthesises system representations from disparate data sources. By integrating LLM reasoning with architectural modelling, our approach supports adaptive threat identification and quantitative risk estimation for cyber-physical systems. We evaluated the approach through an ablation study across multiple CPS case studies and an expert evaluation involving 14 experienced cybersecurity practitioners. Practitioner feedback suggests that ASTRAL is useful and reliable for supporting architecture-centric security assessment. Overall, the results indicate that the approach can support more informed cyber risk management decisions.

Summary

  • The paper introduces ASTRAL, an LLM-driven framework that reconstructs incomplete CPS architectures for quantitative risk analysis.
  • It employs prompt chaining, multimodal analysis, and Bayesian Networks to generate threat models and compute composite risk metrics.
  • Empirical case studies in industrial, medical, and solar CPS demonstrate improved risk identification and actionable security insights.

Multimodal LLM-Driven Architecture-Centric Security Assessment in Cyber-Physical Systems

Motivation and Problem Statement

Architectural incompleteness is a pervasive obstacle in cyber-physical systems (CPSs) security assessment. Fragmented, outdated, or missing architectural documentation—exacerbated by legacy technologies, multi-vendor integrations, and complex life-cycle evolution—severely impedes systematic risk analysis. This gap undermines accurate identification of dependencies, attack surfaces, trust boundaries, and risk propagation paths, especially as threat models become rapidly obsolete in operational environments. Existing security assessment frameworks (e.g., STRIDE-LM, attack trees, Bayesian Networks) presuppose exhaustive architectural fidelity, a requirement routinely violated in live CPS deployment.

The paper introduces ASTRAL (Architecture-Centric Security Threat Risk Assessment using LLMs), a prototype framework leveraging prompt chaining with state-of-the-art multimodal LLMs to systematically reconstruct, model, and quantify risk within CPSs, even under severe architectural uncertainty. This investigation is positioned against current LLM-based security automation which, as documented, generally assumes access to comprehensive architectural data and lacks explicit architectural synthesis or integration with downstream risk quantification (2604.05674).

ASTRAL Framework Overview

ASTRAL operationalizes architecture-centric security assessment through a three-phase, tightly integrated pipeline:

  • Phase 1: Architectural Reconstruction: Extracts a structured, ontologically-grounded representation of system architecture from incomplete artefacts (e.g., diagrams, partial documentation), applying strict semantic guardrails, prompt chaining, and multimodal pattern completion.
  • Phase 2: Security Modelling: Applies LLM-driven structured prompts to generate threat models (STRIDE-LM) and hierarchical attack trees contextualized with system-specific CVEs, hazards, and adversarial objectives.
  • Phase 3: Probabilistic Analysis: Synthesizes architectural and threat model outputs into a semantically compliant Bayesian Network (BN), encoded in AutomationML, to facilitate quantitative computation of attack/exposure/impact probabilities and composite risk metrics.

The workflow is illustrated in (Figure 1). Figure 1

Figure 1: ASTRAL’s workflow: multimodal architectural reconstruction, security modeling, and probabilistic risk analysis.

Technical Approach

Multimodal Architectural Reconstruction

ASTRAL uses LLMs capable of processing both visual (e.g., DFD images) and textual artefacts to curate a normalized architectural narration. Domain-specific ontologies, structural analogy to reference architectures (e.g., Purdue Model), and context-specific semantic guardrails ensure only plausible component/zone/mapping inference. The process is tightly controlled using prompt chaining with low temperature, high top_p, persona-specific prompts (e.g., solution architect vs cybersecurity expert), and explicit schema enforcement aligned to IEC 62714/AutomationML.

The prototype’s interface and intermediate artefact augmentation process are shown in (Figure 2). Figure 2

Figure 2

Figure 2: Prototype implementation of ASTRAL, reconstructing architecture from incomplete artefacts (ex: DFD).

Structured Threat and Attack Modelling

The reconstructed architecture feeds a security modeling phase, where LLMs are prompted to generate threat scenarios in machine-readable formats (e.g., structured JSON mapping to STRIDE-LM categories), enumerate attack paths, and identify architectural ambiguities needing refinement. The process is iterative and maintains alignment to both operational semantics (e.g., zones, protocols, assets) and adversarial reasoning (e.g., objective-oriented attack trees, causal dependencies, FMECA-style hazard analysis).

Probabilistic Bayesian Risk Analysis

Downstream, ASTRAL constructs and parameterizes a BN using incremental, schema-constrained prompt chaining, mapping architectural elements, vulnerabilities, and hazards to nodes and edges. Probability assignments are derived via calibrated CVSS/EPSS metrics with attack feasibility modifiers, accommodating system uncertainty and time-dependent exposure/failure logic. The analytic flow supports VE-based inference for posterior estimates on successful attack, severe impact, risk scores, and expected availability. Full AutomationML compatibility ensures semantic and syntactic interoperability.

Continuous Feedback and Refinement

ASTRAL supports real-time, cyclical refinement of architecture and risk models via practitioner feedback, integration of supplementary artefacts (configurations, live data), and interactive prompt-based updates. This closed feedback loop addresses evolving threat intelligence, operational state, and controls deployment.

Empirical Validation

Case Studies

ASTRAL was validated on several prominent CPS types:

  • Industrial Heating (FrostyGoop): Quantitative risk (21.12%), low availability (25.04%) post-exposure, with documented risk propagation along unreported, LLM-reconstructed trust boundaries.
  • Medical CPS: High risk (39.15%) and critically low availability (14.01%)—structural uncertainty in the underlying schematic emphasizes the advantage of multimodal inference in revealing latent zones and attack surfaces.
  • Solar PV Inverter Networks: Low composite risk (4.95%), higher robustness (38.65% availability), highlighting the containment granted by loosely coupled, LLM-clarified field-to-SCADA segmentation.

Across all cases, the ability to reconstruct critical security perimeters, operational boundaries, and overlooked interfaces was demonstrated, and the framework generalized to diverse, real-world artefact incompleteness.

Ablation Study

A systematic ablation analysis disabling multimodality, guardrails, and parameter perturbations (temperature, top_p) was performed:

  • Text-only: Substantial reduction in valid trust boundary identification (−23.5%-23.5\% to −43.1%-43.1\%), with resultant impaired attack path mapping.
  • No guardrails: Generated outputs with degraded structural integrity and ungrounded attack models.
  • Parameter shifts: Controlled stochasticity (higher temperature/top_p) improved boundary recovery in abstract schematics but not in explicit topology (BN graphs).

The pipeline demonstrates robustness against topological errors, with guardrails as the primary mechanism for maintaining output fidelity.

Practitioner Evaluation

A study with 14 expert practitioners (including CISOs) yielded high ratings for usefulness (4.64/5), ease of use (4.29), and professional acceptability. Trustworthiness was rated lowest, highlighting the need for greater transparency, explainability, and customizable, human-in-the-loop refinements. Participants emphasized the tool’s operational value, efficiency gains, and the quality of architecture-driven, actionable insights. Limitations noted include output non-determinism, occasional hallucinations, and performance concerns in complex scenarios—issues predominantly linked to LLM inference characteristics.

Implications and Future Directions

Practical and Theoretical Implications

ASTRAL underlines the feasibility and value of integrating multimodal LLMs for reliable architectural reconstruction and quantitative risk modeling under documentation uncertainty. The approach provides an adaptive, configurable workflow that bridges the gap between security engineering theory (structured architectural analysis, BN-based risk quantification) and operational practice (efficient, automated, actionable assessments).

Theoretical implications include evidence that prompt chaining with ontologically rigorous, multimodal LLM reasoning can mitigate the absence of ground truth architecture in legacy and evolving CPS contexts, thereby enabling more rigorous subsequent security analysis.

Recommendations for Future Development

  • Explainability Enhancements: Incorporate transparency modules that link reconstructed architectural features and risk metrics to source artefacts.
  • Integration with Live/Operational Data: Broader support for ingesting real-time inventories, telemetry, and external threat intelligence as input augmentations.
  • Advanced Visualization and Feedback Control: Enable direct mapping of threats and risk scores onto architectural diagrams and support iterative, guided feedback for model recalibration.
  • Automated Benchmarking and Comparative Studies: Systematic comparison with established industry tools (e.g., Microsoft Threat Modeling Tool, OWASP Threat Dragon) using standardized completeness/accuracy metrics.

Conclusion

ASTRAL marks a significant technical advance toward architecture-centric, LLM-driven CPS security assessment. By fusing multimodal artefact reasoning, schema-guided prompt chaining, and quantitative probabilistic modeling, the pipeline reliably fills critical gaps left by incomplete system documentation. Empirical analysis demonstrates improvements in architectural reconstruction fidelity, practitioner-aligned analytic output, and risk assessment agility. The design’s generalisability positions it as an extensible foundation for next-generation secure-by-design CPS engineering and adaptive cyber risk management. Figure 1

Figure 1: ASTRAL’s workflow: multimodal architectural reconstruction, security modeling, and probabilistic risk analysis.

Figure 2

Figure 2

Figure 2: Prototype implementation of ASTRAL, reconstructing architecture from incomplete artefacts (ex: DFD).

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.