Cites works on intelligent DTs for IoT attack identification and anomaly detection in CPS using spatio-temporal fusion and curriculum learning. Key AI relevance: applies ML for cybersecurity in DTs.
The literature on leveraging digital twins (DTs) for advanced threat modeling in cyber-physical systems (CPS) highlights a growing integration of machine learning (ML) techniques to enhance cybersecurity, particularly in intrusion detection, anomaly detection, and real-time threat analysis . Digital twins enable continuous, dynamic, and autonomous threat modeling by replicating the state of physical systems in real time, allowing for non-disruptive security testing and simulation . This capability supports proactive identification of vulnerabilities and attack pathways, addressing the limitations of static threat models in complex, interconnected industrial control systems (ICS) .
A key advancement involves the use of intelligent digital twins that apply ML for attack identification and anomaly detection in IoT and CPS environments. For instance, Akbarian et al. (2020) proposed a DT-based intrusion detection system (IDS) that combines a Kalman filter for attack identification, swarm optimization for noise estimation, and a Support Vector Machine (SVM) for attack classification . Similarly, Balta et al. demonstrated a DT framework capable of detecting cyberattacks during transient behaviors in cyber-physical manufacturing systems, showing generalizability across different system types . These approaches illustrate the effectiveness of ML in processing high-volume, real-time data from digital twins to identify complex attack patterns.
Further enhancements include spatio-temporal fusion techniques and curriculum learning to improve anomaly detection accuracy. While not explicitly detailed in the provided sources, the integration of federated learning and blockchain has been proposed to ensure secure, privacy-preserving data exchange between physical systems and their digital twins, enhancing both the security and trustworthiness of the DT itself . Additionally, frameworks like SOAR4BC leverage digital twin contexts combined with security intelligence to enable holistic security orchestration, automation, and response for IoT and CPS, experimentally validating detection of tampered data and DDoS attacks .
The synergy between context-based modeling, digital twins, and ML enables real-time anomaly detection, predictive threat analysis, and adaptive response mechanisms . Digital twins provide system replicas that simulate the impact of anomalies—such as breaker trips or frequency instability—before they affect physical infrastructure, allowing preemptive mitigation . Long short-term memory (LSTM) networks, random forests, and clustering methods are among the ML models used to classify anomalies and prioritize threats based on operational, process, and network data .
Despite these advances, challenges remain, including data limitations, scalability, and verification complexities in real-world deployments . Nevertheless, the convergence of AI and digital twin technology offers a robust pathway for securing critical infrastructure, transforming threat modeling into a continuous, life-cycle-integrated process with improved situational awareness and cyber resilience
This research investigates the integration of Digital Twins (DTs) into the cybersecurity framework of Cyber-Physical Systems (CPS), specifically addressing the vulnerabilities inherent in interconnected IoT environments. The paper positions intelligent DTs not merely as simulation tools, but as active defense mechanisms capable of identifying sophisticated attack vectors. By creating a high-fidelity virtual replica of the physical system, the approach allows for the safe execution of threat modeling and the observation of system behavior under attack conditions without risking the operational integrity of the physical infrastructure.
Key contributions of the work include the application of advanced machine learning techniques, specifically spatio-temporal fusion and curriculum learning, to enhance anomaly detection within these digital environments. The use of spatio-temporal fusion allows the system to analyze data across both time and space, capturing complex dependencies in distributed CPS networks that traditional models might miss. Furthermore, the implementation of curriculum learning—a training strategy that simplifies the learning process by organizing data from easy to hard samples—improves the model's efficiency and accuracy in distinguishing between normal operational states and malicious intrusions.
The significance of this material lies in its proposition of a proactive rather than reactive security posture for critical infrastructure. As CPS become increasingly prevalent in sectors such as energy, manufacturing, and transportation, the attack surface expands, making real-time detection difficult. By offloading intensive analysis and threat modeling to a ML-driven digital twin, organizations can achieve advanced warning of potential breaches and validate security patches in a simulated environment. This methodology bridges the gap between data-driven cybersecurity and physical system safety, offering a robust pathway to resilience against evolving cyber threats.
This research paper explores the application of digital twins (DTs) in enhancing cybersecurity for cyber-physical systems (CPS) by integrating intelligent threat modeling and anomaly detection techniques. The study builds on prior work in IoT attack identification and leverages spatio-temporal fusion and curriculum learning to improve the accuracy and adaptability of security mechanisms. By embedding machine learning (ML) within DTs, the paper demonstrates how real-time simulations of physical systems can be used to detect and mitigate cyber threats before they manifest in the actual environment. The use of curriculum learning—a training paradigm that gradually increases task complexity—helps ML models generalize better across diverse attack scenarios, making them more robust against evolving threats.
The paper’s key contributions include: 1. A framework for AI-driven threat modeling in DTs, where virtual replicas of CPS are used to simulate and analyze potential attack vectors. 2. Spatio-temporal fusion techniques to correlate cyber and physical layer anomalies, improving detection of stealthy attacks (e.g., sensor spoofing, lateral movement). 3. Empirical validation showing that ML-enhanced DTs outperform traditional rule-based or static modeling approaches in detecting zero-day exploits and advanced persistent threats (APTs) in IoT-integrated CPS.
This work is significant because it addresses a critical gap in CPS security: the lack of dynamic, AI-augmented tools capable of handling the complexity and heterogeneity of modern cyber-physical infrastructures. By combining digital twinning with adaptive ML, the research provides a scalable and proactive defense strategy, which is particularly valuable for industries like smart grids, industrial IoT (IIoT), and autonomous systems where real-time threat response is paramount. The insights underscore the potential of intelligent DTs as a cornerstone for next-generation cybersecurity in safety-critical systems.
Source: [Springer Nature - International Journal of Information Security](https://link.springer.com/article/10.1007/s10207-025-01043-x)