Publications
Type of Publication: Article in Journal
AI-driven digital twin-based security orchestration, automation and response for critical infrastructures
- Author(s):
- Nguyen, Phu; Rauniyar, Ashish; Bartel, Jone; Laufer, Jan; Dalamagkas, Ashish; Pohl, Klaus
- Title of Journal:
- Automated Software Engineering
- Volume (Publication Date):
- 33 (2026)
- Number of Issue:
- 61
- pages:
- 1-44
- Digital Object Identifier (DOI):
- doi:10.1007/s10515-026-00612-1
- Link to complete version:
- https://link.springer.com/article/10.1007/s10515-026-00612-1
- Citation:
- Download BibTeX
Abstract
The more critical infrastructures (CIs) being digitized, the more vulnerable they are regarding cyber security attacks. Digitisation-leveraging technologies in the Internet of Things (IoT) and Cyber-Physical Systems (CPS) have been largely adopted for CIs, along with the Digital Twin (DT) paradigm. However, the distributed and heterogeneous nature of IoT or CPS poses significant challenges in safeguarding against diverse attack surfaces, including physical devices, network infrastructures, and third-party integration. To tackle these challenges, we propose an AI-driven DT-based security orchestration automation and response framework (SOAR4BC). Gathering system contexts from the DT in combination with security intelligence from the security tools gives us a holistic context for SOAR, which has not been seen in the existing approaches. We leverage this holistic context into the decision-making core, which utilizes advanced algorithms, like deep reinforcement learning, to generate adaptation recommendations based on incident alerts, risk assessments, and system state observations. By rigorously evaluating tampered data and distributed denial of service (DDoS) scenarios, we validate the SOAR4BC framework’s efficacy in handling security incidents leveraging digital twin environments. We further demonstrate real-world applicability through false-data injection and DoS attacks on an operational electric-vehicle charging testbed, confirming the practical effectiveness of SOAR4BC in securing critical infrastructures. Together, these results establish SOAR4BC as a robust and explainable AI-driven SOAR framework that advances the use of digital twins for cybersecurity in IoT and CPS ecosystems, offering actionable contributions for both research and industrial deployment.