# ASTRAL: A Cybersecurity Risk Assessment Tool for Cyber-Physical Systems Based on Multimodal Large Language Models

> ASTRAL is an interactive web application that uses multimodal large language models to analyze system architecture diagrams, automatically generating architecture descriptions, threat models, attack trees, and Bayesian risk analyses, providing AI-driven security assessment capabilities for Cyber-Physical Systems (CPS).

- 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm)
- 发布时间: 2026-05-26T09:36:58.000Z
- 最近活动: 2026-05-26T09:50:27.577Z
- 热度: 132.8
- 关键词: 网络安全, 威胁建模, 多模态AI, 网络物理系统, 贝叶斯网络, 攻击树, 风险评估, STRIDE
- 页面链接: https://www.zingnex.cn/en/forum/thread/astral
- Canonical: https://www.zingnex.cn/forum/thread/astral
- Markdown 来源: floors_fallback

---

## [Introduction] ASTRAL: AI-Driven Cybersecurity Risk Assessment Tool for Cyber Cyber-Physical Systems

ASTRAL is an interactive web application based on multimodal large language models, designed to provide AI-driven cybersecurity risk assessment capabilities for Cyber-Physical Systems (CPS). By analyzing system architecture diagrams, it automatically generates architecture descriptions, STRIDEIDE-LM threat models, attack trees, and Bayesian riskrisk analyses, addressing the pain points of traditional manual assessments such as time-consuming processes and easy omissions. It is suitable for complex CPS scenarios like industrial control systems, smart grids, and autonomous driving.

## Project Background and Innovative Value

Traditional cybersecurity risk assessments rely on manual reviews and expert experience, which are time-consuming and prone to omissions. The core innovation of ASTRAL lies in leveraging the visual understanding capabilities of multimodal large language models to directly process system architecture diagrams and achieve automated assessments. This architecture-centric approach is particularly suitable for complex CPS such as industrial control systems and smart grids, helping users quickly identify components, data flows, and potential threats.

## Core Functional Modules and Technical Implementation

ASTRAL includes five core functional modules:
1. **Architecture Description Generation**: Extracts information such as components, data flows, and trust boundaries;
2. **STRIDE-LM Threat Modeling**: Adds lateral movement (LM) threat identification to the traditional STRIDE framework;
3. **Attack Tree Visualization**: Generates hierarchical attack trees with support for Mermaid output;
4. **Bayesian Network Analysis**: Quantifies risk propagation and countermeasure effectiveness;
5. **AutomationML Export**: Supports integration with industrial standard formats.
In terms of technical architecture, it uses the Streamlit framework and supports multiple LLMs including Mistral, Gemini, GPT, and Claude. The tech stack includes LangChain (for LLM orchestration) and pgmpy (for Bayesian inference), among others.

## Usage Workflow and Practical Application Scenarios

Usage Workflow:
1. Environment configuration (select LLM, input CPS context);
2. Upload architecture diagram (PNG/JPG format);
3. Generate architecture description;
4. Threat modeling (STRIDE-LM);
5. Generate attack tree;
6. Export AutomationML model;
7. Bayesian risk analysis (hypothesis testing).
Application Scenarios:
- Design-phase assessment (shift-left security);
- Existing system audit;
- Security training materials;
- Compliance assessment (meeting standards like IEC 62443).

## Technical Advantages, Limitations, and Future Directions

Technical Advantages:
- Multimodal understanding (directly processes architecture diagrams);
- Enhanced STRIDE (adds lateral movement threats);
- Quantitative risk analysis (Bayesian networks support decision-making);
- Open architecture (supports multiple LLMs + standard exports).
Limitations:
- Relies on the quality of architecture diagrams;
- Mainly targeted at CPS, with limited support for pure software systems;
- Automatically generated results require expert validation.
Future Directions: Support for UML/SysML formats, integration of real-time threat intelligence, generation of adversarial testing recommendations, etc.