Artificial Intelligence Review (2024) 57:201

https://doi.org/10.1007/s10462-024-10805-3

A review of digital twins and their application

in cybersecurity based on artificial intelligence

Mohammadhossein Homaei1 · Óscar Mogollón‑Gutiérrez1 ·

José Carlos Sancho1 · Mar Ávila1 · Andrés Caro1

Published online: 10 July 2024

© The Author(s) 2024

Abstract
The potential of digital twin technology is yet to be fully realised due to its diversity and
untapped potential. Digital twins enable systems’ analysis, design, optimisation, and evolu-
tion to be performed digitally or in conjunction with a cyber-physical approach to improve
speed, accuracy, and efficiency over traditional engineering methods. Industry 4.0, facto-
ries of the future, and digital twins continue to benefit from the technology and provide
enhanced efficiency within existing systems. Due to the lack of information and security
standards associated with the transition to cyber digitisation, cybercriminals have been
able to take advantage of the situation. Access to a digital twin of a product or service is
equivalent to threatening the entire collection. There is a robust interaction between digital
twins and artificial intelligence tools, which leads to strong interaction between these tech-
nologies, so it can be used to improve the cybersecurity of these digital platforms based on
their integration with these technologies. This study aims to investigate the role of artificial
intelligence in providing cybersecurity for digital twin versions of various industries, as
well as the risks associated with these versions. In addition, this research serves as a road
map for researchers and others interested in cybersecurity and digital security.

Keywords Digital twin · Cybersecurity · Artificial intelligence · Internet of things ·

Industry 4.0

* Mohammadhossein Homaei
[email protected]
Óscar Mogollón‑Gutiérrez
[email protected]
José Carlos Sancho
[email protected]
Mar Ávila
[email protected]
Andrés Caro
[email protected]
1
Departamento de Ingeniería de Sistemas Informáticos y Telemáticos, Universidad de Extremadura,
Av/ Universidad S/N, 10003 Cáceres, Extremadura, Spain

13
Vol.:(0123456789)
201 Page 2 of 65 M. Homaei et al.

Abbreviations
AAA​ Authentication, Authorization, and Accounting
AI Artificial Intelligence
ANN Artificial Neural Networks
API Application Programming Interfaces
APTs Advanced Persistent Threats
AS Authentication Server
ASR Attack Success Rates
AV Autonomous Vehicle
CIA-Triad Confidentiality, Integrity, and Availability Triad
CIM Computer-Integrated Manufacturing
CPNI Centre for the Protection of National Infrastructure
CPS Cyber-Physical System
DCS Distributed Control Systems
DDoS Distributed Denial of Service
DHS Department of Homeland Security
DL Deep Learning
DM Digital Model
DoS Denial of Service
DTP Digital Twin of Physical
DTA DT Aggregate
DTDL DT Definition Language
DTE DT Ecosystem
DTI DT of Integration
DTS DTs
DTLS Datagram Transport Layer Security
ECU Engine Control Unit
EA Evolutionary Algorithms
ETSI European Telecommunications Standards Institute
FDTF Framework Data Transfer Format
FIWARE Future Internet Warehouse
FNN Feed-forward Neural Networks
GA Genetic Algorithms
gNB Next Generation NodeB
GPS Global Positioning System
GS Gravitational Search
HIDS Host Intrusion Detection Systems
HMIs Human–Machine Interfaces
HIPAA Health Insurance Portability and Accountability Act
IAM Identity and Access Management
ICS Industrial Control Systems
IDPS Intrusion Detection and Prevention System
IDS Intrusion Detection Systems
IIoT Industrial Internet of Things
I2V Infrastructure-to-Vehicle
IT Information Technology
ITS Intelligent Traffic Systems
JWT JSON Web Token
K-NN K-Nearest Neighbors

13
A review of digital twins and their application in cybersecurity… Page 3 of 65 201

LSO Locust Swarm Optimization

ML Machine Learning
Modbus TCP/IP Modbus Transmission Control Protocol/Internet Protocol
MQTT Message Queuing Telemetry Transport
MFA Multi-factor Authentication
MITM Man-in-the-Middle
NIDS Network Intrusion Detection Systems
NIST National Institute of Standards and Technology
NB Naive Bayes
NSL-KDD NSL-KDD dataset
OPC UA Open Platform Communications Unified Architecture
OT Operational Technology
PKI Public Key Infrastructure
PLC Programmable Logic Controllers
PSO Particle Swarm Optimization
RBAC Role-Based Access Control
ROC Receiver Operating Characteristics
RSU Roadside Unit
RSA Roadside Safety Application
SCADA Supervisory Control and Data Acquisition
SDLC Secure Development Life Cycle
SIEM Security Information and Event Management
SPAT Signal Phase and Timing
SSL Secure Sockets Layer
SA Simulated Annealing
TLS Transport Layer Security
UDP User Datagram Protocol
URLLC Ultra-Reliable Low-Latency Communications
V2I Vehicle-to-Infrastructure
V2V Vehicle-to-Vehicle
VANETs Vehicle Ad hoc Networks
VM Virtual Machines
VR Virtual Reality
WSA WAVE Short Message
XAI Explainable Artificial Intelligence

1 Introduction

The digital twin (DT) is the most superior advanced technology in Industry 4.0. It is
used today by several sectors and systems, including manufacturing, construction,
healthcare, aerospace, transportation, smart cities, and even precision agriculture. Using
DT concepts, applications have been made more efficient, effective, and reliable. DT
technologies make it possible to create a virtual replica of the existing system and test,
investigate and improve the activities, interactions, and results of various decisions
made in real-world scenarios. Although today, most research and applications of DT
are known as an emerging technology, this concept has a history of 50 years. When
it was focused on conquering space, NASA’s many functions of launching spaceships,

13
201 Page 4 of 65 M. Homaei et al.

rockets, and space missions were based on DT (Mullet et al. 2021). Of course, due to
the hardware, software, and processing limitations, it only included summary processes
and monitoring phenomena, but it can be considered the beginning of this phenomenon
(Huo et al. 2022).
According to IEEE author Roberto Saracco, in the last decade, the DT concept has
evolved from a model of a physical entity used primarily in the design phase to a mir-
roring of an existing physical entity used as a reference model (Saracco and Henz 2022).
A physical entity’s synchronisation with its associated instance may vary by leveraging
embedded sensors in the physical entity, connected across a network to the DT using
IoT (Saracco 2019; Hemdan et al. 2023). With the increasing development of computer
and communication technologies, especially IoT and AI platforms, the DT concept has
entered an innovation channel (Homaei et al. 2022; Abed et al. 2022). Perhaps in the
distant years, due to the limited resources and the processing of many models, analysis,
and tests in the digital model were impossible or associated with very high costs, which
challenged its feasibility. DT aims to characterise physical assets through digital repre-
sentation industrial and monitoring applications using detail-based techniques, math-
ematical models, and application programming interfaces (APIs) (Perno et al. 2022).
Almost all these things are processed and executed on servers, cloud and fog, servers,
and virtual resources (such as virtual machines (VM). Digital peer processing mainly
aims to predict errors and detect or apply changes and deviations. It is related to cor-
rect functioning models and things like this that often correct the natural behaviour of
a model or system. Naturally, networks such as the IoT connect these online resources
to the physical world to interact with real-world components (Stjepandić et al. 2021).
Therefore, in Fig. 1, the connection between the physical world, cyberspace, and net-
work communication is shown.
According to the literature on DTs and their inherent difference from other classical
monitoring methods, there is two-way communication between the physical and virtual
worlds or a virtual model based on network communication. In classical models, the
information about the physical world was sent for inspection by experts. Nevertheless,
in DT models, this communication is two-way; often, the feedback is sent to the physical
world or applied directly to modify the model, system, or process (Wang et al. 2023a;
Epiphaniou et al. 2023; Can and Turkmen 2023). According to Bergs et al. (2021), there
are three types of mirror systems, which are classified as follows:

Fig. 1  The relationship between DT, CPS, and IoT

13
A review of digital twins and their application in cybersecurity… Page 5 of 65 201

• A Digital Model (DM) is an isolated monitoring system without automatic connection

to the real world (Simulink and software model).
• A Digital Shadow (DS) is a system with automatic one-way communication between
physical and virtual space (Environmental monitoring).
• A DT is a system with a two-way and automatic connection between real-world and DT
spaces.

An example of a DT can be seen in Fig. 1). Smart buildings are characterised by physical
assets (sensors, cameras, and other devices) that send information to this DT to fire the
simulation model in the real world (Röhm and Anderl 2022). Additionally, digital assets
may establish configurations and execute commands suitable for maintaining, optimising,
or improving the operational performance of their physical counterparts. To achieve the
above, a DT must integrate algorithms, models, patterns, equipment, and communication
technologies and systems and, if necessary, make decisions that are automatically applied
to physical world equipment. Gartner also emphasises this practical aspect in its annual
ranking of strategic technologies, ranking the DT paradigm fourth and first in 2018 and
2019 (Saracco and Henz 2022). Market researchers predict that the DT market will grow
from its current value of $3.1 billion to $48.2 billion by 2026. By 2031, the DT market
will reach $183 billion, with composite DTs providing the most significant opportunity
(Balyakin et al. 2022; Jeong et al. 2022). According to these reports, DT applications are
used in various applications, such as industrial applications, production, smart cities, agri-
culture and animal husbandry, disaster management, and control and monitoring of the bat-
tlefield. Therefore, the key objective of this research is to investigate the potential security
threats associated with the diverse applications of DT. In classical monitoring and control
systems, cyber security’s importance often determines the application type (Somers et al.
2023). This issue is very challenging in discussing the DT because most critical infrastruc-
ture may not interest those interested in security issues at first glance. With a closer look,
we find that even the most straightforward application of the DT in society’s basic infra-
structure can be a passive defence. Therefore, paying attention to the cybersecurity of the
most basic digital applications is necessary.
Figure 2 illustrates how each application and its tasks include essential services (data
acquisition, distribution, synchronisation, modelling, simulation, representation, etc.) pro-
vided by various interfaces, technologies, and computation systems (Korovin 2022; Qian
et al. 2022; Röhm and Anderl 2022; Krzyczkowski 2019). Because integrating these tech-
nologies and computation systems also entails serious security risks, this paper wanted to
illustrate the classification of the threats according to infrastructures of functionality and
their related technologies. In most of the above applications, monitoring over the internet
was once challenging. Still, today, the infrastructure is steadily growing, and some stand-
ards are being published that help stabilise communications. Industry 4.0 requires exten-
sive CPS research to bridge the physical and virtual worlds (Korovin 2022; Shahzad et al.
2022). This concept states that if production systems can operate more efficiently if they
are intelligent to the affordability and availability of sensors and actuators, data collection
has become easier than in previous decades (Alcaraz and Lopez 2022). Echoing the impor-
tance of these developments, this study broadens the scope by offering an extensive analy-
sis of cybersecurity challenges and potential AI-based solutions across various industries,
thus providing a more comprehensive perspective than the specific yet innovative approach
detailed in Suhail et al. (2023). However, amidst these advancements, a significant chal-
lenge remains in establishing secure platforms, a crucial aspect yet to be adequately
addressed in DT technologies.

13
201 Page 6 of 65 M. Homaei et al.

Fig. 2  DT applications and scopes (Adapted from source: Microsoft Azure Blog on DTs)

Smart cities use DTs to determine the optimal way to preserve critical assets by elimi-
nating guesswork. DT platforms are ideal for leveraging IoT to power enterprise services
and platforms. Despite its features and advantages, DT is vulnerable to cyber-attacks due
to multiple attack levels and novelty, lack of standardisation and security requirements, and
many other reasons (Guo et al. 2022; de Souza Junior et al. 2021). There are several cyber-
attacks in the DT ecosystem, and the attack depends on the cybercriminal’s goals. Our
study has addressed the digital security challenges in cyberspace (Fig. 3).
There are good reasons why the cybersecurity issues of DTs have not been sufficiently
explored. The most important of these reasons is that DTs are considered critical systems
because they participate in automation processes, and working with them is difficult due
to the issue’s sensitivity. Second, DTs contain parts of intellectual property that represent
a digital copy of the physical world, so most private collections in the world, to protect
their business secrets, allow cybersecurity experts access to DTs of the process or produc-
tion line or monitoring products or they do not provide their services (Alcaraz and Lopez

Fig. 3  DT applications

13
A review of digital twins and their application in cybersecurity… Page 7 of 65 201

2022). These two aspects of subject sensitivity and copyright or protection and ownership
of data and processes are desirable to cybercriminals who are trying to disrupt or harm the
business of a group or organisation. Most of these applications include basic infrastruc-
tures and non-operating governmental or private defences, whose damage can endanger the
security of a country. In addition, a cybercriminal may harm DT from the physical environ-
ment and the digital space to take control of its underlying infrastructure and production
assets (Alshammari et al. 2021; Lv et al. 2022a). The attack surface differs because the
DT paradigm connects the two worlds through communication systems, technologies, and
algorithms (Kose 2023).
The structure of the rest of the paper is as follows: Sect. 2 delves into DT concepts
and structures, discussing classifications, integration with Industry 4.0, IoT, and the vari-
ous challenges faced, such as in CPS, data science, and optimisation. Section 3 investi-
gates security challenges across DT applications like smart cities and healthcare. Section 4
analyses the range of security threats to DTs and outlines their security goals. Section 5
focuses on AI’s role in cybersecurity within DTs, exploring the use of explainable AI and
ML. The paper concludes with Sect. 6, summarising the findings and suggesting future
research directions.

2 DT concepts and structures

The concept of the DT has garnered significant interest from researchers and industries and
continues to evolve. Initially, DTs were primarily three-dimensional simulation models of
physical objects. Over time, this concept has broadened to encompass simulations based on
data collected from objects or physical systems, allowing for more precise replicas across
various time and space scales. DT technology enables virtual representation and optimiza-
tion of physical objects or systems in real-time (Chinesta et al. 2018; Hribernik et al. 2021).
The critical components of DT, as identified in recent literature (Boyes and Watson
2022; Fang et al. 2022; Sharma et al. 2022; Vieira et al. 2022b), include the physical space,
cyberspace, and information processing space. The physical space consists of objects or
systems, isolated or distributed across different regions, interconnected by communication
technologies. This space uses sensors and communication devices to gather and transmit
diverse data types, including measurements, user data, status features, and system errors.
It also responds intelligently to feedback from cyberspace through specialized equipment
such as operators.
The information processing space connects the physical space to cyberspace, managing
data storage, processing (which includes pre-processing, analysis, extraction, and integra-
tion), and mapping (analysis, correlation, synchronization). Conversely, cyberspace con-
tains virtual models like workflow and simulation models, fed data from the information
processing space. These models form the basis of a DT application subsystem, which com-
prises the visualization and simulation of objects or physical systems (Alcaraz and Lopez
2022).

2.1 DT structures

Each DT comprises three main components: the physical system, the digital counter-
part, and the connections between them. The physical systems may represent a range of
real-world scenarios, such as smart grids, smart conveyance, smart industries, and smart

13
201 Page 8 of 65 M. Homaei et al.

cities. These systems are designed to deliver services to multiple users. However, the
operating environment for these systems can change (Delgado and Oyedele 2021; Hol-
mes et al. 2021; Ozkaya 2022; Rudskoy et al. 2021; Stjepandić et al. 2021), posing chal-
lenges in managing these changes, especially given the complexity of updating the real-
world cyber-physical models based on operational protocols. In response, DT provides
a mechanism for controlling a simplified version of the physical system and simulating
new environmental data. This control mechanism allows the physical system to adapt,
guided by the insights provided by the DT. Consequently, the interaction between the
physical and digital systems enables the categorization of DT into three types or genera-
tions: Digital Model (DM), Digital Shadow (DS), and Digital Twin (DT) (Delgado and
Oyedele 2021; Stjepandić et al. 2021). Figure 4 illustrates these three generations of DT.
Generally, digital modelling involves representing a physical system or its theoretical
model in digital form. The digital representation includes detailed descriptions of the
physical components. A notable distinction between a DT and a CPS is that in DT, the
sensor and input data are used to create a simulation model, from which tangible assets
are derived (Delgado and Oyedele 2021). While there is a strong linkage between DM
and CPS, these models cannot automatically modify the digital counterpart based on
simulation results alone. The DS extends the capabilities of the DM by incorporating
simulation functionalities, enhancing the model’s interaction with the physical world
(Krückemeier and Anderl 2022). This process usually happens in a one-way flow, where
environmental changes and physical inputs are necessary for the DM to interact with its
environment, increasing the model’s accuracy and output quality.
However, the DM cannot autonomously correct or respond to inconsistencies or
deviations from established policies in real time. The DT, an evolution of DS and DM,
establishes a bidirectional connection between the digital model and the physical envi-
ronment. In DT systems, input data is fed directly from sensors into the model, and
decision-making outputs are sent back to control the physical system (Krückemeier and
Anderl 2022). This two-way interaction allows the digital model to effect changes in the
physical system, providing outcomes based on dynamic system variables and enabling
the control system to interact more effectively with the physical environment to achieve
desired outcomes (Stjepandić et al. 2021).

Fig. 4  DT generations

13
A review of digital twins and their application in cybersecurity… Page 9 of 65 201

This article also aims to clarify common misconceptions about DTs, as listed in
Table 1, to help researchers identify the correct technologies for their work and contrib-
ute more effectively to future developments in this field. Also, the DT service categories
classify the use cases identified by the literature review (Table 2). It is also possible to
categorise DT processes differently, as shown in Fig. 5 and Table 3).

Table 1  Widespread misconceptions about the DT

Term Reasons and differences

Device shadow IoT and cloud computing platforms are expected places to find device shadow
research (Wang et al. 2022a). IoT device shadows are the virtual repre-
sentations of physical objects; they are services for maintaining copies of
information extracted from physical devices connected to the internet
Cyber twin Due to the common understanding that “cyber” is another alternative term
for “digital”, some researchers used the terms interchangeably (Rodrigues
et al. 2021). It is common to hear terms such as CPS, cyber-DT, and so on
(Adhikari et al. 2022). For the cyber twin or CPS to be successful, a network
(internet architecture) must be closely aligned with the advancements and
implementation of the Internet of Everything (IoE) (Dash et al. 2022). It
is standard practice to combine the network architecture of a cyber twin or
CPS with a digital thread
Fidelity model /Simulation In simulation modelling, fidelity refers to how closely a simulation model
replicates the physical product it is simulating (Zhang et al. 2022b). Models/
simulations are often described as high/low/core/multi-fidelity, representing
different levels of fidelity or considerations when building the simulation
model (Purcell and Neubauer 2023). A common feature of DTs is their real-
time dynamic data exchange between a physical object and its virtual twin,
as well as high or even ultra-high fidelity
Simulation From the viewpoint of the virtual twin (Palensky et al. 2022), simulation
refers to the critical imitating capabilities of DT technology. The simulation
indicates a broader range of models since it does not consider the real-time
data exchange between the physically existing object; it is a part of the DT
rather than another term
Digital thread Digital threads provide a continuous lifetime digital/traceable record of
physical products, beginning with the innovative and designing stages and
continuing into the end of their existence (Voth and Sturtevant 2022). In
addition, they function as enablers of interdisciplinary information exchange
and play an essential role in the digitisation process (Pessoa et al. 2022)
Digital Modelling Modelling is one of the essential elements of a DT, but it is not an alterna-
tive term to refer to a DT. Data is exchanged bi-bidirectionally between the
physical product and its virtual twin. Still, the information is exchanged
manually, which means the virtual twin represents a certain status of the
physical product because of the manually controlled synthesis process (Fang
et al. 2022; Tao et al. 2022)
DS In a DS, a physically existing product is represented by its virtual twin. Still,
there is only a one-way data connection between the physical product and its
virtual representation, which means that the virtual twins are merely digital
representations of the physical entities (Bergs et al. 2021; Jarosz and Özel
2022)

13
 201

13
Page 10 of 65

Table 2  Specifications of service categories of DTs

Service categories Definition Typical components
Monitoring Simulation UI Learning Actuator Analytics

Real-time monitoring Monitor and log the status of a system ✓ – ✓ – – –

Energy Consumption Analysis Analyse and find ways to minimise the energy consumption of the ✓ ✓ ✓ – – ✓
physical system
System Failure Analysis and Prediction Determine if a system needs maintenance by analysing the received ✓ ✓ ✓ ✓ – ✓
data
Optimisation/ Update Achieving optimal performance for a system and continuously updat- ✓ ✓ ✓ ✓ ✓ ✓
ing the parameters
Analysis/user operation guide Analysis and provide feedback on human-made operations ✓ – ✓ – – ✓
Technology Integration Combining multiple technologies under one umbrella improve opera- ✓ ✓ ✓ ✓ ✓ ✓
tions’ efficiency and visibility
Virtual Maintenance Provide users with the ability to implement different maintenance – ✓ ✓ – – ✓
strategies virtually for testing with minimal interference
M. Homaei et al.
A review of digital twins and their application in cybersecurity… Page 11 of 65 201

Fig. 5  Four various DTs

2.2 DT and Industry 4.0

The fourth Industrial Revolution, or Industry 4.0, has revolutionized manufacturing by

incorporating advanced technologies such as the IoT and cloud computing (Korovin 2022;
Rocha-Jácome et al. 2021; van der Burg et al. 2021; Kim et al. 2023). This era is charac-
terized by increased automation and digital and physical systems integration, significantly
improving production efficiency and collaboration. However, it also brings challenges, par-
ticularly in increased susceptibility to internet threats and cyber-attacks.
While the field of cybersecurity is well-developed, it is observed that many stakehold-
ers in the manufacturing sector are only beginning to understand the critical importance of
robust cybersecurity measures for safeguarding their operations (Ashraf et al. 2022; Mullet
et al. 2021). Despite the availability of extensive security practices, there remains a sub-
stantial gap in the widespread implementation of secure DT platforms. Most existing plat-
forms offer a range of solutions, from traditional cybersecurity measures to more innova-
tive strategies like honeypot-based systems and the integration of DTs.
DTs play a crucial role in the context of the CPSs, which are a hallmark of the Indus-
trial IIoT during the Industry 4.0 era (Boton et al. 2020; Pan and Zhang 2023). By merg-
ing physical machinery with multidimensional data analytics, these systems enable an
enhanced perception of the environment and facilitate autonomous control. This integra-
tion aims to optimize resource usage and elevate manufacturing efficiencies.
Another pivotal technology in this landscape is blockchain, renowned for its proper-
ties such as decentralization, resistance to tampering, transparency, anonymity, and autono-
mous smart contracts. These attributes make blockchain an excellent tool for enhancing
IIoT services and fostering growth in Industry 4.0. In recent literature, several authors have
discussed the expansive potential of blockchain applications within the IIoT framework
(Bao et al. 2023; Wang et al. 2022b). Overall, DT, IoT, and blockchain technologies under-
pins Industry 4.0’s transformative impact, paving the way for more secure, efficient, and
transparent manufacturing processes.

2.3 DT and the IoT

The IoT is a pivotal component in the DT concept. As technology advances, the inte-
gration of IoT and AI is fostering the emergence of new applications on a daily basis.

13
 201

13
Page 12 of 65

Table 3  Specifications of various types of DTs

Various of DTs Definition Advantages Disadvantages

DTP In DTP, all CPS streams are used to represent the To improve the efficiency of the physical system’s DTP monitoring system only focuses on displaying
physical entities of the system. In a way, it is operation by reducing costs and time. DTP can data and processes, and it is impossible to change
the interaction of physical assets and the virtual be used to monitor CPS system assets the system’s efficiency
world
DTI Unlike DTP, a DTI tries to communicate with Predictions or guidelines are presented in the The disadvantage of DTI is that there is only one
CPS. DTIs, unlike DTPs, handle data flow data flow, allowing the physical system to react data stream from the virtual copy to the CPS
between the digital and physical systems. simultaneously to environmental changes as it
DTP and DTI establish a two-way connection operates
between physical and digital techniques
DTA Data flow from the digital model to the CPS are DTA represents the aggregation of all the DTIs Data limitations, hardware diversity, and infrastruc-
exchanged via DTI/DTA. Based on received data tural and environmental changes make it neces-
and forecasts, CPS control can be performed sary to refine data. Therefore, several mechanisms
are needed to recover the received data from
sensors and the CPS environment for use in DT
DTE A DTE can be a set of DTs in an ecosystem. Each DTE manages complex and diverse systems in Multiple digital systems need to be synchronised to
DT in DTE may have various applications multiple DT users. The possibility of interaction speed up query processing
between DTs is one of the advantages of these
platforms
M. Homaei et al.
A review of digital twins and their application in cybersecurity… Page 13 of 65 201

This expansive network poses significant cybersecurity challenges and risks, particu-
larly when implementing security measures in real-world scenarios (Ashraf et al. 2022;
Fortino et al. 2022; Homaei et al. 2019).
While offering substantial opportunities, Internet-based manufacturing also brings
numerous challenges. In the past, manufacturing machines operated independently and
were not connected to any network other than the power source. Today, these machines
must exchange information across extensive communication networks, raising complex
questions about IT and data security.
Securing manufacturing systems in contemporary organizations has become increas-
ingly challenging due to the prevalence of cyberattacks and intrusions. The Computer-
Integrated Manufacturing (CIM) model outlines five levels of security that are criti-
cal for protecting manufacturing systems in such environments (de Souza Junior et al.
2021). CIM has been integrated into numerous manufacturing models and standards and
is recognized for its thorough and comprehensive approach to operational security.
The levels defined in the CIM model are:

• Enterprise/corporate level Decisions regarding operational management are made at

this level, determining the workflows and processes to produce the final product.
• Plant management network This level involves local plant-level decision-making,
overseeing broader operational activities.
• Supervision level This level manages different manufacturing cells, each dedicated
to a specific manufacturing process.
• Process control level At this level, specific actions are performed by the processes,
directly influencing production.
• Sensor actuator level Consists of sensors, actuators, and controllers that collabora-
tively perform the physical manufacturing process.

As DT and IoT technologies continue to advance, understanding and implementing the

detailed security frameworks outlined by models like CIM is essential for protecting
against the evolving landscape of cyber threats in modern manufacturing. The design of
this model makes it particularly vulnerable to security attacks. It relies on several pro-
tocols, including Modbus, DNP3, industrial Ethernet, PROFIBUS, and BACnet, inte-
gral to building automation and control networks. However, robust security measures
such as authentication, integrity, data freshness, non-repudiation, confidentiality, and
mechanisms to detect faults and abnormal behaviour are primarily applied within super-
visory and control layers (Domínguez et al. 2022). Manufacturers face a spectrum of
cyber risks, including business interruption, data breaches, cyber extortion, intellectual
property damage, and third-party claims. These security vulnerabilities can be mitigated
through various strategies, such as:

• Public key infrastructure Utilizing device certificates and critical public infrastructure
(PKI) architectures to secure communication layers (Bao et al. 2023). PKI integration
in embedded systems ensures connected devices’ authentication, configuration, and
integrity, making it suitable for large-scale deployments where high security is para-
mount without compromising performance.
• Anti-malware and software hardening Deploying anti-malware and hardening software
on all IT and OT systems helps encrypt highly confidential data, ensuring that only
authorized users can access it (Job and Paul 2022). Additionally, symmetric encryption
algorithms, hybrid encryption schemes, cryptographic hash functions, digital signa-

13
201 Page 14 of 65 M. Homaei et al.

tures, key agreements, and distribution protocols are employed to restrict system access
to authorized entities only.
• Monitoring systems for abnormal activity It is crucial to monitor the dynamic behaviour
of security systems and search for any abnormal activity. IDS use knowledge-based or
behaviour-based detection techniques, depending on the data source (Kale et al. 2022).
The performance of IDS is typically evaluated using the receiver operating characteris-
tics (ROC) curve, which plots the probability of detection against the likelihood of false
alarms. However, IDS research, especially for smart manufacturing and IoT systems, is
still in its early stages and faces numerous challenges due to limited testbed availability
and scarce incident data.
• Adherence to security guidelines and regulations Implementing security in smart man-
ufacturing systems must comply with various guidelines and regulations (Kaur et al.
2020). This includes following protocols outlined in the Guide to ICS for SCADA sys-
tems, standards by the National Institute of Standards and Technology (NIST), DCS,
directives from the Department of Homeland Security (DHS), and the Centre for the
Protection of National Infrastructure (CPNI).

Moreover, leading information technology companies have actively developed platforms

for various applications in digital cities, transitioning from physical to digital realms.
The key IoT platforms and their specific security challenges and solutions are detailed in
Table 4). In addition, this table presents several standard DT protocols along with their
definitions, strengths, and weaknesses in the context of cybersecurity.

2.4 Layers, models, and technologies of DT

DTs are sophisticated constructs that recreate the physical world within a digital space with
high fidelity. This process is facilitated by integrating advanced sensors, AI, and commu-
nication technologies, enabling an accurate digital mirroring of physical entities (Homaei
et al. 2020; Moya et al. 2023). The literature recognizes a classical four-layer model as one
of the most comprehensive structures for DT architecture. However, it is noted that certain
architectures are specifically designed for particular applications (Kaiser et al. 2023).
The classical four-layer model consists of the following:

1. Physical layer The base layer comprises the physical objects or systems the DT is
designed to replicate, including machinery, buildings, and other infrastructures.
2. Data layer This layer captures and aggregates data from the physical layer via sensors
and data acquisition systems, ensuring the DT is informed with accurate, real-time
information.
3. Service layer At this level, the collected data is processed and analyzed using AI and
ML algorithms, forming the decision-making centre of the DT.
4. Application layer The uppermost layer applies the insights gained from analysis to
achieve practical outcomes, interfacing with users to provide actionable intelligence
and visualizations.

The layered model can be adapted and redefined based on specific DT applications. In
Fig. 6, we modify the Alcaraz et al. model and present an adaptive layering model for DTs
characterized by the following layers:

13
A review of digital twins and their application in cybersecurity… Page 15 of 65 201

Fig. 6  DTs architecture and layer (adapted from Alcaraz and Lopez (2022) and modified)

1. Physical space and data dissemination and acquisition This foundational layer is where
the physical reality meets its digital counterpart. Sensors and devices across the physi-
cal environment continuously collect data, from simple temperature sensors to complex
surveillance systems. These devices are the primary sources of real-time data propagated
through ’digital threads,’ ensuring a seamless flow of information from the physical
domain to the digital platform.
2. Data Management and synchronization Once the data is acquired, it enters the data
management domain, where it is normalized-and converted into a standard format that
can be consistently used across the DT system. This layer also synchronizes the incom-
ing data streams to ensure the information is coherent and temporally aligned. Effective
data management is critical for maintaining the DT’s integrity and enabling accurate
simulations and analytics.
3. Data modeling and additional services In this layer, the normalized data is used to
develop digital models that can simulate the behaviour of their physical counterparts.
Virtual sensors and actuators are deployed within these models to test various scenarios
and predict outcomes. The digital models are not static; they are dynamic and evolve
based on continuous data influx and simulation results. Additional services such as
anomaly detection, optimization, and ML-driven analytics are also performed at this
stage.
4. Data visualization and access The top layer is where data becomes actionable insights.
The processed data is visualised in an intelligible form through various Human–Machine

13
 Table 4  Popular DT protocols and their security challenges
201

Protocol name Protocol type Protocol characteristics Security challenges Solutions

13
CoAP (Vieira et al. 2022a) Communication Explicitly developed for devices Susceptible to Man-in-the-Middle, CoAP does not provide authentica-
with limited resources, this proto- Multi-vector, Unreachable destina- tion and authorisation; in this case,
Page 16 of 65

col is based on the UDP. Mecha- tion responses, DDoS amplified either communication security
nism to facilitate the collection of attacks, spoofing attacks, cross- (IPsec or DTLS) or object security
continuous sensor data layer attacks, and reflection attacks (within the payload) can be used.
X.509 digital certificates, pre-shared
keys, and public keys
DTDL (Terry 2022) Data representation By depicting six characteristics of Susceptible to attacks based on Microsoft-managed encryption key
IoT elements, its open-standards update distributions or modular
platform provides seamless data development at the disposal of
transmission between various developers. (e.g., Large-scale npm
apparatuses attack)
FDTF (Autiosalo et al. 2020) Data representation The data link between DT compo- It is not proof of the method’s There will be further validation of the
nents enables DT systems to share validity and cybersecurity side. It method over time
information using this protocol has many security threats, so it is
under development
FIWARE (Panfilis et al. 2018) Data representation Various IoT components are sup- Lack of confidentiality –
ported for data transmission and
contextual information processing
Modbus TCP/IP (Pires et al. 2021) Communication TCP enable industrial devices to be Communications over networks are Encapsulation of the packets, OPC
connected, provide reliable data not confidential, there is no stand- UA, and IoT gateways with inbuilt
transfer, and incorporate built-in ard authentication, and there may Mod-bus/MQTT
checksum security be reliability problems: padding
attacks, browser exploits, protocol
weakness exploits, and bugs.
MQTT (Human et al. 2021) Communication IoT equipment can now communi- Authentication of data sources and Encryption (TLS or SSL certificates),
cate securely and reliably using anomaly detection App-Layer Authentication (X.509),
this protocol based on lightweight Authorisation (OAuth 2.0 (JWT),
TCP technology and HiveMQ)
M. Homaei et al.
 Table 4  (continued)
Protocol name Protocol type Protocol characteristics Security challenges Solutions

OPC UA (Abdelsattar et al. 2022; Data representation Modelling frameworks provide Message flooding, resource exhaus- Supported AAA Framework and
Kaiser et al. 2023 ) information retrieval from raw tion, message spoofing CIA-Triad
data, support data manipulation,
and enable monitoring
URLLC (Huynh et al. 2022) Communication Its low latency and high reliability Adding integrity protection may Using AS keys and updating the AS
make it an excellent communica- increase the computation complex- key based on the policy in the gNB
tion protocol for IoT devices ity, thus adding an unacceptable for intra-gNB handover
delay
A review of digital twins and their application in cybersecurity…
Page 17 of 65 201

13
201 Page 18 of 65 M. Homaei et al.

Interfaces (HMIs) and applications. This layer is essential for decision-makers, as it

translates complex datasets into understandable formats, such as dashboards or 3D
models, that assist in making informed decisions. Access control mechanisms are also
crucial at this stage to ensure data security and provide access to various users.

Figure 6 also underlines the critical nature of security within these layers, suggesting a
direct relationship between the layers’ depth and the complexity of the required cyberse-
curity measures. Integrating OT and IT with robust cybersecurity protocols, such as those
provided by CPS and IIoT communications, is essential for system integrity. DTs leverage
this structured layering to offer a dynamic simulation environment, enabling the monitor-
ing and control and real-time adaptation and optimization of physical assets. This adapt-
ability illustrates the versatility of DTs and their pivotal role in addressing the complex
demands of Industry 4.0 (Alcaraz and Lopez 2022).

2.5 Challenges of DTs

Integrating DTs into CPS can significantly enhance system efficiency through improved
intelligence, offering end users more valuable services. A DT should accurately represent
spatial entities, objects, processes, and schedules as a digital replica of cyberspace. How-
ever, developing and implementing a DT poses several challenges. For example, within a
network, DTs impact the calculation, control, and analysis phases of output data generated
by IoT devices. Moreover, DTs must be designed to meet quality-of-service requirements,
including delay, reliability, scalability, and distribution, and ensure privacy and security.
Addressing these issues introduces new challenges and opportunities for interdisciplinary
research, increasing its attractiveness and relevance (Botín-Sanabria et al. 2022).

2.5.1 CPS challenges

CPSs are complex networks that require tight coordination of networking, computing, and
control to meet stringent performance demands. These systems necessitate low latency,
high reliability, and significant scalability to support CPS applications (Delgado and Oye-
dele 2021; Lv et al. 2022a). Consider the scenario of smart transportation systems and
autonomous driving development. Vehicles must rapidly collect and process relevant data
(Lv et al. 2022b; Ozkaya 2022). This data and computations from sensors must be effi-
ciently transmitted through communication networks to and from the smart vehicle and
stored in both cloud spaces and vehicle databases (Ali et al. 2023). Furthermore, vehicles
require the capability to perform computations while interacting with internal and cloud
databases quickly. The safety of the driver, vehicle, and broader transportation ecosystem
relies on these rapid and accurate computations in the vehicle’s virtual counterpart. Real-
time service is critical, and minimising hardware, software, and network errors is crucial,
ideally aiming for zero faults.
Additionally, the design of autonomous driving applications must address scalability
challenges such as network congestion and the complexity brought on by managing large
fleets of vehicles, with the number of smart cars varying in each scenario. As highlighted
by this example, maintaining high performance in CPS involves intricate interactions
among multiple subsystems-networking, computing, and control-which collectively influ-
ence the system’s overall functionality (Dinis et al. 2021; Qian et al. 2022; Zhang and Tai
2021). Even minor performance deviations in one subsystem can significantly affect the

13
A review of digital twins and their application in cybersecurity… Page 19 of 65 201

entire system. Designing a DT for CPS that meets these strict performance requirements
and accurately reflects the complex interactions among various subsystems presents a sig-
nificant challenge.

2.5.2 Data science challenges

Constructing a DT for complex systems necessitates robust mathematical modelling and

detailed data analysis. Two primary methodologies for developing an accurate DT are
data-driven and model-driven approaches. In model-driven processes, physical systems are
described using mathematical models (Botín-Sanabria et al. 2022; Shahzad et al. 2022),
posing significant challenges in accurately modelling complex physical systems within
CPS. Such systems often feature non-linear dynamics, high coupling, and time variability,
complicating the mathematical and statistical models.
Conversely, the data-driven approach involves collecting extensive data on the physical
system’s state over time. This approach faces challenges in data collection and selection
(Qian et al. 2022). Ensuring consistent data quality from diverse sources, which may have
different hardware capabilities, is particularly challenging. Additionally, managing the stor-
age and transmission of large data volumes significantly strains the system. To maintain
up-to-date reflections of the physical system, data is frequently sampled at high frequen-
cies, necessitating substantial storage capacity and imposing a considerable performance
burden on network and computing infrastructures (Alazab et al. 2022b; Broo et al. 2022;
Kulik et al. 2022). A key issue in data science is minimizing the volume of data collected
and its impact on system effectiveness. Conclusion: Developing a robust DT for a com-
plex system with minimal data yet ensuring effectiveness requires a sophisticated blend of
mathematical modelling and data science expertise.

2.5.3 Optimisation challenges

One of the most crucial tasks in CPS is the creation of a DT that integrates computing,
control, communication, and data analysis into a cohesive end-to-end chain. The challenge
intensifies when dealing with massively distributed networks and the need for low latency
as algorithms for allocating communication resources become exceedingly complex. Fur-
thermore, task offloading presents additional optimization challenges within edge/cloud
architectures (Khan et al. 2022; Qian et al. 2022; Stjepandić et al. 2021).
The control mechanisms within these systems may trigger based on events or time,
necessitating the extraction of complex features, training, and possibly continuous predic-
tion or classification to fulfil real-time data analysis requirements. By integrating real-time
computing, communication, and control processes, the DT poses a joint/integrated optimi-
zation problem. For example, in smart manufacturing supported by Virtual Reality (VR),
the process begins with transmitting large volumes of sensing data within strict latency
limits. A real-time decision model (DM) is then generated using the graphics engine,
and the control commands are executed within the latency constraints (Guo et al. 2022).
This VR system’s optimization is particularly challenging as a failure in one component
adversely affects the entire system’s performance, even with centralized platforms and
enhanced hardware.
The distributed nature of CPS further complicates joint optimization. Researchers have
applied deep reinforcement learning to improve the control functions of distributed smart
manufacturing systems by simultaneously configuring the network and adjusting sensor

13
201 Page 20 of 65 M. Homaei et al.

sampling rates (Delgado and Oyedele 2021; Lv et al. 2022a). The introduction of DT in
CPS necessitates considering additional processes. The control process involves domain
experts who manage DT through physical objects, while three computing processes are
considered for computing the DT in CPS. Interactions among DTs are simulated in a sce-
nario, and actual CPS operations are computed based on the digital copies of physical enti-
ties or objects. Communications in CPS should consider interactions between physical
objects and their virtual clones, among DTs, and between DTs and their human control
interfaces.
Optimizing the vast amount of data generated during these processes is essential to
maximize the limited resources available. Given the minimal hardware requirements due
to the deployment scale, a significant concern in CPS is the data quality used to generate
DTs. Furthermore, collecting consistent data from diverse sources in the CPS environment
is challenging. Various CPS applications require different data sources, complicating the
selection process. The high-frequency sampling of physical objects’ states to update them
promptly results in large data volumes on the server side, which not only aids in develop-
ing other DT systems but also requires substantial storage space. Selecting valuable data
for storage is always challenging as long as the stored data volume does not linearly relate
to DT system performance (Holmes et al. 2021; Krückemeier and Anderl 2022; Ozkaya
2022). Due to the heterogeneous nature of CPS systems, where IoT/CPS devices use dif-
ferent communication technologies, deploying a gateway with various radio interfaces to
facilitate data exchange introduces additional hardware costs and potential network bot-
tlenecks. Designing a network infrastructure to meet strict timing and latency require-
ments for real-time communication between different components remains a formidable
challenge.

2.6 Security challenges in DT applications

This section explores the privacy and security challenges within DT applications. DTs
are inherently vulnerable to cyber-attacks due to their need to update the state of physical
objects through network communications continuously. This vulnerability extends to the
physical hardware, sensors, transmissions, and digital systems. For instance, an adversary
might directly attack a device acting as a data collector, causing it to relay misleading or
inaccurate data, exemplifying a data integrity attack. There is also a risk that an adver-
sary could compromise the gateway through which IoT devices manage data transmis-
sion, interjecting invalid data into the collected information (Huo et al. 2022; Majeed et al.
2021; Qian et al. 2022). Additionally, adversaries may inject false data directly into the
DT. Given the DT’s close connection to physical objects, any compromise can significantly
impact the entire system’s integrity.
Sensitive information within DT applications includes medical records, autonomous
vehicle data, and real-time operations data for smart grids (Lalouani et al. 2022; Yu et al.
2021). This necessitates robust authentication mechanisms for cyber-physical entities, digi-
tal communications, and machine-to-machine transmissions. Implementing these mecha-
nisms on low-energy IoT devices can be challenging and costly, especially on devices with
limited power.
DT applications rely heavily on sensor data from the object layer to build a digital
replica of the physical system. These sensors and gateways could be targeted by denial-
of-service (DoS) attacks or malware (Ghimire and Rawat 2022; Khraisat and Alazab
2021). A compromised gateway or sensor complicates the DT’s ability to reflect the

13
A review of digital twins and their application in cybersecurity… Page 21 of 65 201

CPS’s overall condition accurately. Thus, it is critical to propose and validate mitigation
mechanisms to lessen the impact of such attacks.
Moreover, the operation of DT applications depends on data from IoT sensors and
gateways, highlighting the need for focused research on data and communication secu-
rity and privacy (Ashraf et al. 2022; Huo et al. 2022; Wang et al. 2022b). Security
research addresses several dimensions, including confidentiality, integrity, and avail-
ability. Consider a smart transportation system as an example; IoT sensors are installed
near roads, and vehicles collect data. Various organisations might own and operate these
sensors, necessitating mixed authentication and secure communication protocols to
maintain data confidentiality across all parties.
Additionally, some data stored at the application layer, such as vehicle locations and
traffic camera data, are highly sensitive. Therefore, access control is crucial to safeguard
user privacy. Specific security regulations, such as those stipulated by HIPAA, are nec-
essary to ensure the confidentiality of medical information and protect user privacy by
controlling data dissemination, particularly at the end-user level.
Several DT applications in sectors like smart grids, transportation, manufacturing,
and urban management require real-time data to construct a system’s decision model.
Maintaining data integrity is vital for the DT to model and guide the physical system
effectively. This integrity spans four layers of DT architecture, starting with object
layer communication, where sensors must securely transmit data to gateways to prevent
MITM attacks. Implementing security mechanisms at the application layer to prevent
unauthorized data alteration and employing anomaly detection to ensure data integrity
is imperative. The final safeguard involves implementing robust authentication systems
at the user level to prevent unauthorized access.
As DT technology evolves, the complexity of these systems also increases. Newer
generations of DT applications integrate more deeply with OT, enhancing efficiency
and increasing potential cybersecurity risks. The continuous evolution of cyber threats
necessitates ongoing updates to security protocols and systems within DT environments
to safeguard against sophisticated attacks that could disrupt digital and physical oper-
ations. This proactive approach to security management will ensure that DT systems
remain resilient against evolving threats while supporting the continuous, real-time
decision-making processes critical to modern infrastructures.
Using AI and ML in cybersecurity presents significant challenges beyond the tech-
nology itself (Ashraf et al. 2022; Zohdi 2021; Ghimire and Rawat 2022; Thelen et al.
2022; Kor et al. 2023). Among the weaknesses in the current approach to security are
the following:

• Distant infrastructure In today’s interconnected world, systems frequently send sen-

sitive data across continents, making these transfers susceptible to breaches due to
inadequate protection measures.
• Manual detection Security threats and suspicious patterns are typically not moni-
tored continuously. In most cases, systems rely on intermittent human oversight
rather than constant surveillance.
• Reactivity of security teams Many security professionals primarily focus on respond-
ing to threats as they occur rather than anticipating and preventing potential
breaches.
• Dynamic threats Hackers employ various strategies to conceal their locations, IP
addresses, identities, and methods. Meanwhile, the data created by businesses are more
accessible and vulnerable to these cyber criminals.

13
201 Page 22 of 65 M. Homaei et al.

Additionally, the real-time functionality of DT depends critically on the security of keys

and the availability of sensors and gateways, which are prone to cyber-attacks such as
DDoS and malware propagation. Although gateways employ mitigation schemes to fil-
ter out malicious traffic, these measures may not be sufficient. Adversaries can still over-
load DT systems by sending time-consuming or large-scale queries through the end-user
layer. To counter these threats, it is essential to implement robust mitigation strategies at
the application level. For instance, when multiple users access the same service simulta-
neously, load-balancing algorithms can be integrated into the gateway to distribute traffic
efficiently. Utilizing nearby low-load gateways when one is overwhelmed creates a more
resilient system.

2.6.1 DT in smart cities

Smart cities are becoming a tangible reality with the rapid advancement of technology,
where every physical object is equipped with embedded computing and communication
capabilities. Monitoring processes through the internet, which was once a significant chal-
lenge, has become more feasible thanks to the steady growth of infrastructure and the
release of new standards that help stabilize communication. The rise of Industry 4.0 has
necessitated extensive research on CPS to bridge the gap between the physical and vir-
tual worlds effectively. This research posits that more innovative production systems can
operate more efficiently, enhancing overall productivity (Guo et al. 2022; Pessoa et al.
2022). Moreover, data acquisition has become more accessible and cost-effective due to the
increased affordability and availability of sensors and actuators. However, securing these
platforms remains a formidable challenge.
In smart cities, DTs are utilized to optimize the maintenance of critical assets, thereby
eliminating much of the guesswork traditionally involved in city management. DT plat-
forms are particularly well-suited for leveraging the IoT to enhance enterprise services and
platforms (Alshammari et al. 2021; Stjepandić et al. 2021). Despite their numerous features
and benefits, DTs are vulnerable to cyber-attacks due to various factors, including multiple
potential attack vectors, the novelty of the technology, and a lack of standardized security
measures (Botín-Sanabria et al. 2022; Qian et al. 2022). The DT ecosystem faces numerous
types of cyber-attacks, the nature of which often depends on the objectives of the cyber-
criminals. Our study has addressed some of the challenges that cybersecurity in DTs pre-
sents, especially when integrated with AI.

2.6.2 DT in smart health

DTs in healthcare offer numerous social–ethical benefits, such as disease prevention and
treatment, cost reduction, enhanced patient autonomy, and equitable treatment (Alazab
et al. 2022a; Turab and Jamil 2023). However, these advantages are accompanied by signif-
icant social-ethical risks, including privacy, property rights, potential disruptions to social
structures, and risks of inequality and injustice. One of the pressing concerns is the confi-
dentiality of patient information, a critical issue in personalized medicine.
The impact of DTs on these issues remains uncertain; they could either ameliorate or
exacerbate existing challenges. Consequently, deploying DTs necessitates comprehensive
policies addressing these social and ethical dilemmas while safeguarding individual rights.
Such policies must extend beyond data privacy to protect personal biological information.
The data utilized for DTs must be high quality, consistent, and derived from a continuous

13
A review of digital twins and their application in cybersecurity… Page 23 of 65 201

data stream. Any deviation resulting in incomplete, inconsistent, or low-quality data can
severely undermine system performance (Liu et al. 2022; Wang et al. 2022c). Moreover,
cybercriminals might exploit these data vulnerabilities to engage in harmful activities and
launch extensive attacks on these systems, potentially breaching confidential, private, and
health-related regulations (Abounassar et al. 2021).
Several pervasive challenges are associated with the adoption of DTs in the healthcare
industry (Ho 2021:

• Data quality High-quality data are crucial for a virtual twin to accurately represent its
physical counterpart.
• Privacy It is imperative to secure information against cyber threats to ensure data secu-
rity.
• Ethical concerns There is a risk that DTs may exacerbate biases, such as racial bias,
leading to healthcare inequalities if data representation is skewed.
• Trust/fear in AI There is a prevailing fear among healthcare professionals that DTs may
replace them, which could hinder trust in DT modelling. It is essential to position DTs
as tools that support rather than substitute healthcare professionals.

Additionally, concerns about the over-collection of data are prevalent. A regulatory frame-
work is necessary to ensure that service providers do not collect data irrelevant to the ser-
vices provided by the DT. The accumulation of excessive personal information increases
the risk of hacking attacks. Effective detection of hacking and prevention of cyber-attacks
require security measures that are continuously monitored and updated (Zhang and Tai
2021). It is crucial that DTs maintain reliability to ensure the quality and accuracy of data,
and they must be designed so that users cannot tamper with them.
In other words, users whose data is being collected should not be able to compromise
the device’s integrity. If the data collection process is seamless and free from corruption,
service providers can make informed decisions based on the data provided by the DT
(Jimenez et al. 2019). Beyond data integrity issues, DTs risk becoming digitally obsolete if
developers do not maintain the systems with updates and service support. It is essential for
users to fully understand what they consent to when sharing their information with a DT.
Cyberattacks pose an additional threat because DTs often store sensitive information that
could be exploited (Pirbhulal et al. 2022).
Moreover, the algorithms that underpin DTs may unintentionally produce discrimina-
tory outcomes if they fail to consider socio-environmental factors like air pollution, water
quality, and educational disparities, which can all significantly impact health outcomes
(Aluvalu et al. 2023). Another significant concern in using DTs for personalized healthcare
is over-diagnosis risk. Personalized healthcare aims to identify and mitigate diseases early,
but overly preemptive actions could lead to unnecessary diagnoses and treatments. Three
key elements must be considered to enhance cybersecurity in DT technologies for health-
care applications, as outlined in Table 5).

2.6.3 DT in smart cars

DTs in the truck industry have advanced significantly, partly due to the heightened impor-
tance of safety in road and street crossings. This advancement is driven by developing
sophisticated control systems, sensors, and related technologies. Recent standards and
procedures have been published in Europe and America, which most food manufacturing

13
 201

13
Page 24 of 65

Table 5  Reduce the risk of cyber-attacks using DT in healthcare

Attacks Risk assessment Risk mitigation

This stage will demonstrate how attackers may gain → The organisation will gain a deeper understanding → To prevent these risks in IoT-based healthcare,
access to the system. With DT, healthcare systems of the healthcare system and its vulnerabilities, testing on DT can be performed after identifying
can be analysed asset-by-asset by providing a risks, and threats because of learning from the first the risks and vulnerabilities associated with each
continuous overview of vulnerabilities, threat step. It is also possible to utilise the knowledge process. The use of DT allows smart applications
landscapes, and attack spaces. It is possible to acquired from DT for risk assessment and man- to minimise risks throughout each process. If not
monitor the chances of attackers entering the agement at each individual or operational level in addressed, cyberattacks and risks associated with
system at every step and assess the security threats the future IoT-based healthcare systems could have devastat-
they may pose ing consequences. Cyberattacks on healthcare
services are also dangerous and compromise data
confidentiality and integrity. Healthcare providers
must identify vulnerable processes. CDT can help
improve cybersecurity and combat intruders
M. Homaei et al.
A review of digital twins and their application in cybersecurity… Page 25 of 65 201

companies involved in vehicle production must adhere to meet sales standards in these
regions (Chen and Lv 2022; Ozkaya 2022; Ali et al. 2023). Some of these standards are
integral to DT infrastructure, ensuring tight integration between the hardware, sensors, and
car components with the virtual models in their software and systems (Guo and Lv 2022).
Intelligent Traffic Systems (ITS) have evolved to facilitate cooperative or connected
vehicles, significantly pushing the adoption of self-driving cars. This evolution allows for
enhanced data communication through vehicle-to-vehicle (V2V), vehicle-to-infrastructure
(V2I/I2V), and other road entity interactions (Lv et al. 2022b; Rudskoy et al. 2021). Over
the past decade, CPS have incorporated advanced sensors, subsystems, and intelligent driv-
ing assistance applications that equip unmanned aircraft and vehicles with autonomous
decision-making capabilities. Self-driving cars are particularly vulnerable to threats due
to the complexity of their sensor structures and operational applications. A comprehensive
analysis of threats, attacks against autonomous vehicles, ITS, and associated countermeas-
ures is crucial for mitigating these risks. Recent reviews have focused on detecting poten-
tial attacks on Vehicle Ad hoc Networks (VANETs), ITS, and autonomous vehicles (Wu
et al. 2022, yet gaps remain in coverage of actual attacks that have occurred. For instance,
the research highlighted in Chowdhury et al. (2020) investigates security vulnerabilities
and attacks targeting self-driving cars. Such research aids manufacturers and governments
in updating their strategies to detect and counter cyberattacks effectively.
In Europe, the European Telecommunications Standards Institute (ETSI) ITS standard,
which includes security as one of the communication layers, is currently in use. Initially
developed to enhance road safety, traffic quality, and road health, ITS technology relies
heavily on wireless communication, making it susceptible to various hazards that could
disrupt performance and lead to severe incidents (Liu et al. 2022; Yoshizawa et al. 2023).
The most critical aspects of smart and self-driving cars, including their vulnerabilities and
threats, are outlined in Table 6).

2.6.4 DT security challenges in IoT

The rapid pace of the digital revolution has transformed many personal and commercial
devices into “smart” devices, integrating them into DT networks. However, this integration
introduces significant security and privacy vulnerabilities that must be addressed due to the
inherently dynamic nature of IoT connectivity. Recent studies have highlighted several pri-
mary concerns that are critical to the security of DT networks (Holmes et al. 2021; Homaei
et al. 2022:

• Network scale The IoT ecosystem includes billions of interconnected smart devices,
each constantly generating, processing, and transmitting data. These operations’ enor-
mous scale and complexity present significant network management and security chal-
lenges. Ensuring consistent security measures across such a diverse and expansive net-
work is a daunting task that requires sophisticated, scalable, and automated security
systems capable of handling continuous data flows and rapid interactions.
• Heterogeneity IoT devices vary significantly in terms of hardware capabilities, operat-
ing systems, and application functions designed to serve different user needs and opera-
tional contexts. This diversity complicates the implementation of standardized security
protocols, as each device category might have unique vulnerabilities and require tai-
lored security approaches. Moreover, local policies and regulations can differ signifi-

13
 201

13
Page 26 of 65

Table 6  Attacks on DT cars

AV component Threats Impacts Possibility of hazards

Infrastructure signs Change/ add/ remove road sign (e.g., speed False or no reaction Traffic disturbance, collision, and congestion
limit)
GPS Jamming and Spoofing Inaccurate location info and wrong manoeuvre Traffic disturbance and crash hazard
Lidar Jamming and smart material (absorbent and False detection and degraded Lidar performance Loss of situation awareness and traffic disturbance
reflective)
Radar/camera Creating blind spots and presenting a false False reaction Driver disturbance
image
In-vehicle device Malware and ECU attack Depends on malware capability Traffic disturbance, disabling vehicle automation
and accident service
Acoustic sensors Interference and fake sound False Positive/negative obstacle detection and Traffic disturbance and low/high-speed crash
sensor malfunction
In-Vehicle sensors Eavesdropping and malware Privacy leak, reverse engineering, and false mes- Serious traffic congestions and driver / traffic
sage generation disturbance
Infrastructure (RSU) Denial of Service and fake WSA (RSA, SPAT) Wrong notify to the driver, wrong detection, and Traffic disturbance, safety issues, and critical
no information for ITS incident
M. Homaei et al.
A review of digital twins and their application in cybersecurity… Page 27 of 65 201

cantly across regions, adding another layer of complexity to enforcing consistent secu-
rity measures across global networks.
• Connection IoT devices are expected to be perpetually connected, exchanging data
seamlessly with other devices and systems across global networks. This level of con-
nectivity demands robust, fault-tolerant communication protocols that can prevent data
breaches and ensure the integrity of data transfers. The need for reliable connectivity
also makes IoT devices prime targets for network-based attacks, which can disrupt ser-
vices or intercept sensitive information.
• Mobility and dynamism The dynamic nature of IoT networks, where devices are fre-
quently added, updated, or removed, requires flexible and adaptive security strate-
gies. Security protocols must be capable of automatically configuring new devices and
securely decommissioning obsolete ones without human intervention. This mobility
also increases the risk of security vulnerabilities if not appropriately managed, as tem-
porary devices can introduce unexpected security gaps.
• Vulnerability DT systems are vulnerable to various cyber threats, which exploit spe-
cific vulnerabilities inherent in IoT devices and networks. These threats include, but are
not limited to, cookie theft, cross-site scripting, SQL injection, session hijacking, and
DDoS attacks. Each of these attacks can severely compromise the integrity and avail-
ability of the network, leading to potential data losses or disruptions in service. The
complexity and variety of these threats require a multi-layered security approach com-
bining technological, procedural, and organizational measures to defend against them
effectively.

Given these challenges, it is imperative to develop sophisticated, responsive, and compre-

hensive security strategies tailored to the unique requirements of DT systems within the
IoT. This involves technological solutions and collaboration across industries and govern-
ments to establish standards and best practices for securing IoT environments.

2.7 The potential uses of DTs in cybersecurity

DTs offer significant advantages in cybersecurity, providing security teams with crucial
tools to combat sophisticated threats and mitigate risks associated with CPS in manufactur-
ing, the IoT, and smart consumer devices. DTs can be applied in three promising cyber-
security domains, demonstrating their potential capabilities (Ghimire and Rawat 2022;
Sancho et al. 2020). While DTs facilitate improved detection of anomalous behaviour,
their value lies in enabling rapid detection and response to thwart attacks effectively. As a
relatively new yet rapidly evolving technology, DTs represent a state-of-the-art solution to
mitigate a broad spectrum of risks, accurately emulating physical and virtual components,
including hardware, software, and firmware systems. This capability allows for real-time
monitoring, detailed analysis, and precise emulation of conditions, facilitating proactive
cybersecurity measures and beyond. This paper delves into the latest practices in cyber
risk prediction, exploring the foundational principles of DTs and their prevalent applica-
tions across industries. By thoroughly examining how DTs can be leveraged, the discussion
extends to how they significantly enhance an organization’s cybersecurity maturity, ulti-
mately contributing to a more resilient infrastructure (Luzzi et al. 2024).

• Secure design DTs enable security professionals to simulate a variety of cyberattacks

on physical systems, such as CPS within a smart grid, autonomous vehicles, or IoT

13
201 Page 28 of 65 M. Homaei et al.

health monitors. These simulations help understand how systems react under attack
conditions, allowing for device design enhancement before being finalized for pro-
duction. Analyzing system responses to different cyberattacks is crucial for designing
robust systems with improved fault tolerance. Beyond simulating attacks, DTs also con-
tribute to securing system designs by minimizing the attack surface. Detailed analyses
of system architecture, communication protocols, and traffic flows under normal condi-
tions can identify and mitigate potential vulnerabilities. This might involve eliminating
unnecessary services to reduce the attack surface (Nunez et al. 2020).
• A safer approach to penetration testing Penetration testing in ICS and OT environ-
ments, while invaluable, carries significant risks. Testing on live systems can lead to
unacceptable downtime. Specific paths, techniques, or tools may be avoided during
these tests due to their potential impact on system availability. Conversely, attackers
do not hesitate to disrupt crucial operational systems to achieve their objectives, with
downtime often being a primary goal of such attacks (Dietz et al. 2022). Utilizing DTs
allows for comprehensive penetration testing on virtual system replicas without risking
the live systems, offering a dual benefit: more extensive security risk assessment and
zero downtime.
• More intelligent intrusion detection DTs are particularly promising for intrusion detec-
tion in OT environments. As cyber threats to these interconnected systems increase,
effective monitoring of intrusions in ICS and DCS becomes essential to detect and
address malicious activities or violations of corporate security policies (Mogollon-Gut-
ierrez et al. 2023). An intriguing research study published in 2020 highlights how DTs
can facilitate rapid and efficient intrusion detection by mirroring the physical systems’
performance and state, allowing intrusion detection algorithms to operate on real-time
data without disrupting production systems (Akbarian et al. 2020; Dietz et al. 2022).
Further extending the capabilities of DTs, a recent study introduced a spatiotemporal
feature fusion approach to enhance IoT attack identification. By dynamically acquiring
data, raising feature awareness, and leveraging DL, the intelligent DT-based method
proposed significantly improves network attack detection in IoT scenarios, demonstrat-
ing a 5% increase in test accuracy using well-known datasets (Wang et al. 2023b).

Using DTs in cybersecurity enhances the ability to respond to threats and significantly
improves systems’ resilience against potential breaches, underlining their importance in
contemporary security strategies.

3 Security and threats in DT

This section reviews the security landscape within DT and IoT environments. It explores
the security challenges and the recent technological advances, including those involving
AI. Like all innovations, DTs face structural limitations, such as infrastructure adequacies
and social acceptance, which limit their design, application, and usage. One of the most
significant challenges in a physical, cyber system is creating a digital interface that sup-
ports interoperability, trust, stability, reliability, and predictability. From a technical per-
spective, however, the primary challenges for DTs include data security, enhancement of
human performance, data quality improvement, latency reduction, real-time simulation
capabilities, large-scale data fusion and aggregation, intelligent data analysis and forecast-
ing, transparency, and generalization of technologies across various application fields.

13
A review of digital twins and their application in cybersecurity… Page 29 of 65 201

Table 7  A perspective from an attacker on DTs

Attack Actuation mode

Managing the product lifecycle The manipulation of benign behaviour of DTs to steer the CPS into an
insecure state. Utilise the digital thread to link data throughout the life-
cycle of a product
Mode of replication Directly update the state of physical devices by replicating the virtual
behaviour of their DTs
Mode of simulation Re-run test simulations to learn about system behaviour. The manipulation
of simulation parameters or system specifications’ data during security
tests may involve exploiting DTs’s specification-based or ML-based
process knowledge
The design phases DT can be utilised for process knowledge based on specifications or ML
Phase of decommissioning Preserving knowledge about the system’s life for re-use if the DT is
improperly disposed of. To access archived DTs’ data, exploit security
breaches such as unauthorised access
Movement in the laterally Obtain control over assets of high value, such as design artefacts. The new
values should be generated randomly to manipulate sensor readings or
simulation parameters at random intervals without causing significant
deviations from the actual process values

3.1 Attacks on DT/CPS

In recent years, critical infrastructures worldwide have been the targets of numerous cyber-
attacks, some of which have directly impacted DT and CPS. Notable incidents include the
Stuxnet attack in 2009, the Aramco attack in 2012, the Tridium Niagara Framework Attack
in 2012, the Fukushima Daiichi Nuclear Disaster in 2012, and the Godzilla Attack! Turn
Back! in 2013, the German Steel Mill Cyber Attack in 2014, the Kemuri Water Company
Attack in 2016, the Ukrainian Power Grid Attack in 2016, the TRITON attack in 2017,
the Cryptocurrency Malware Attack on SCADA systems in 2018, the Norsk Hydro Ran-
somware Attack in 2019, the Riviera Beach Ransomware Attack in 2019, and the Florida
Water Treatment Poisoning Attack in 2021 (Kayan et al. 2022). Understanding the tactics
employed by adversaries is crucial to comprehending the anatomy of these cyberattacks
and developing effective countermeasures (Table 7). The following section discusses vari-
ous attacks on DTs, providing insights into their methodologies and impacts.

3.1.1 Reconnaissance‑based attacks

In cybersecurity, reconnaissance is a preliminary phase where attackers collect information

about the target system or platform. This stage typically involves identifying, collecting,
and scanning ports and input/output systems to detect security vulnerabilities, including
zero-day vulnerabilities (Kulik et al. 2022). A notable instance of such an attack was the
deployment of Triton malware at a petrochemical facility in Saudi Arabia in 2012. This
attack illustrates how IT/OT infrastructures can be compromised at their core and through
vulnerabilities in commonly used networks and industrial environments.
Reconnaissance can be conducted using advanced tools such as virtualizers, sand-
boxes, and similar platforms, which can operate concurrently or asynchronously. With the
advent of AI technologies, these reconnaissance activities have become more formidable.
Cybercriminals equipped with AI tools can now perform network scanning continuously,

13
201 Page 30 of 65 M. Homaei et al.

operating 24/7 without interruption, significantly increasing the risk and potential impact
of attacks (Potgantwar et al. 2022).
One of the most sophisticated reconnaissance attacks was the introduction of the Stux-
net malware into Iran’s nuclear energy infrastructure by Israel in 2009. This malware spe-
cifically targeted the control systems of uranium enrichment centrifuges to disrupt their
operation, ultimately aiming to delay Iran’s nuclear program by damaging the technology
and equipment. This attack, often cited as one of the most effective of the past decade,
underscores the potential for cybercriminals to execute extensive, complex, and impactful
attacks on systems designed for critical infrastructure (Shi et al. 2022).

3.1.2 Simulation and CPS

DTs are complete representations of CPS. The closer the resemblance and integration
between the CPS and its DT, the more significant the benefits, including enhanced sys-
tem testing, model validation, and performance optimization. DTs provide a cost-effective
means to experiment with various models without physically replicating the CPS. This
capability allows for increased efficiency in finalizing the performance of the system’s sim-
ulated version.
However, the detailed replication in DTs also increases the potential for successful
cyberattacks. Cybercriminals can monitor and record inputs, outputs, and system events
across different iterations of the DT in real-time, as well as the entire operation of the
DT (Kayan et al. 2022; Mora et al. 2022). Once the system exhibits repetitive processes,
attackers can simulate its behavior to understand and exploit it. To effectively utilize this
information, an attacker must remain actively engaged during these repetitions to grasp the
nuances of timing and synchronization issues in time-sensitive processes and to interact
appropriately with the physical system.
It is important to note that most CPSs are not linked to their DTs in real-time. Instead,
the critical parameters and user settings entered into the system become prime targets for
attackers (Hussaini et al. 2022). This scenario presents an ideal opportunity for applying AI
and ML algorithms. These technologies excel at iterative trial-and-error processes on the
simulator’s input data, making them powerful tools for cybercriminals. Malicious attackers
employ these capabilities to test sensitive systems with various inputs in the simulation,
aiming to uncover vulnerabilities and achieve their harmful objectives. By manipulating
settings and configurations and conducting security tests, attackers can identify and exploit
security flaws, undermining the system’s integrity.
In a related development, the discussion on cyber threats to aircraft avionics networks
has traditionally been limited within academic circles, missing out on potential collabo-
rations that could benefit the aviation cybersecurity industry. An innovative academia-
industry initiative, exemplified by the partnership between Purdue University’s Data Mine
Corporate Partners program and Boeing, has developed a synergistic course that enhances
the educational outcomes of conventional IT, CS, DS, and aerospace engineering courses
by integrating them with cybersecurity studies focused on aviation (Kuleshov et al. 2024).
This partnership has facilitated the creation of a DT model designed to simulate poten-
tial cyber-attacks on aircraft systems, thereby eliminating the need for costly hardware. The
model, which runs on general-purpose computers, emulates the transfer of aircraft data
packets within securely firewalled network domains. This educational setup facilitates a
hands-on experience in identifying vulnerabilities and potential cyber-attack vectors and
is a foundational practice in understanding and securing avionics networks. Such practical

13
A review of digital twins and their application in cybersecurity… Page 31 of 65 201

experiences are crucial in preparing the next generation of engineers to enhance the com-
petitiveness of the United States aviation industry globally.

3.1.3 Targeting physical systems

Security within DTs platforms often takes a backseat to the complexities and critical
aspects of implementing the finer details of a DT (Mora et al. 2022; Kayan et al. 2022;
Kulik et al. 2022). Cybercriminals exploit the infrastructure-primarily software and mid-
dleware platforms-used in DTs to infiltrate entire systems. Given the diverse tools available
to DT development and security teams, many of these intrusions remain covert. Advanced
Persistent Threats (APTs) have exploited system infrastructure bugs to withstand software
updates over recent years.
A prime example of such a strategy is observed in the Stuxnet attack, where the mal-
ware’s main objective was to intercept and manipulate signal transmissions to and from
Programmable Logic Controllers (PLCs). The secretive nature of this attack allowed it to
bypass security measures undetected, leading to significant damage to the targeted hard-
ware and adversely affecting the performance of the CPS. AI and ML algorithms can
offer a countermeasure by continuously monitoring system inputs and outputs during such
cybercriminal activities. These algorithms can learn, mimic, and alter patterns based on the
cybercriminals’ desired outcomes, thus posing a formidable defence mechanism.
Industrial espionage and cyber warfare are expected to employ such sophisticated tac-
tics increasingly. The continuous advancement in AI and ML capabilities will play a piv-
otal role in perpetrating and countering these cyber-attacks, shaping the future landscape of
cybersecurity in industrial settings.

3.1.4 Targeting the DT

Cybercriminals cause significant damage to logical and physical assets by targeting DTs,
affecting DT applications (Benedictis et al. 2022; Kayan et al. 2022). Since DTs are equiv-
alent to CPS assets-encompassing a real system’s hardware, PLC codes, and hardware con-
trol software-an attack on a DT can directly affect the performance of PLCs, controllers,
and robots, thereby impacting the system as a whole.
On the one hand, security experts can detect bugs and intrusions using DTs, leveraging
them under security and safety regulations. This approach allows for analysing dynamic
variables and recorded data to identify deviations from defined or learned policies in the
platform, aiding DT system experts in providing crucial findings to security analysts. On
the other hand, cybercriminals can exploit these same features to disrupt DT efficiency
by detecting system trends and correlating data and variables. Such actions may even be
aimed at obscuring the detection of misconduct (based on knowledge or behaviour) and
complicating the reporting of attack details.
The unique aspect of these attacks is that the perpetrator uses the system’s own assets
without external software or illegal tools, making intrusions difficult to detect. Conse-
quently, identifying long-term deviations in the system becomes complex, if not impossi-
ble. Cybercriminals’ use of AI and learning tools can further exacerbate this issue, creating
noise in system data that is subtle yet significant enough to undermine the DT’s-and conse-
quently, the real-world CPS’s-performance.
Additionally, in some CPSs, prototypes of system assets are designed and tested based
on simulations during the engineering phases, relying on DT input and output data from

13
201 Page 32 of 65 M. Homaei et al.

conception to completion. Thus, DTs must reproduce the performance of CPSs with com-
plete fidelity to protect against damages and attacks. As CPS technology evolves, DTs must
also adapt and remain compatible to the fullest extent possible, necessitating that cyber-
criminals continuously update their attack techniques.

3.1.5 CPS/DT hybrid targeting

The question arises: is it more hazardous to attack DTs and CPSs separately or launch
combined attacks simultaneously? Undoubtedly, any penetration impacts both components
directly or indirectly. An attack on any part of the CPS/DT ecosystem results in implica-
tions that vary based on the system’s degree of connectivity (Benedictis et al. 2022; Suhail
et al. 2022). As these connections strengthen and integrate more closely in real-time, the
likelihood of cybercriminals targeting these systems increases.
Cyber warfare and industrial espionage often involve prolonged preparation, sometimes
over several years. Attackers may bide their time, waiting for an opportune moment to
strike. Consequently, there appears to be a lack of effective countermeasures against these
stealthy, prolonged attacks, and in some instances, they might affect only the DTs, not the
CPS. Nevertheless, these attacks will significantly influence the policies and strategies of
CPS design in the future (Grasselli et al. 2022; Kayan et al. 2022).
Recent trends in cyber attacks reveal that attackers frequently conceal their presence
within ecosystem elements and organizational network traffic, significantly complicating
security experts’ detection efforts. The introduction of AI has further complicated matters;
data poisoned by AI can surreptitiously replace genuine input data, leading to particularly
destructive and severe outcomes within this integrated ecosystem.

3.1.6 Lifecycle and DTs

DTs experience several phases throughout their lifecycle. The initial phase, engineering,
utilizes the CPS model to derive insights into system processes (de Azambuja et al. 2024).
The DT’s model is typically developed after preparing the CPS. This phase focuses on
understanding and modelling the system thoroughly, providing a foundation for the subse-
quent phases.
The next phase involves implementing models, algorithms, and methods for the recep-
tion, processing, storage, and analysis of input data transferred from the CPS to the DT.
Establishing robust security models becomes a priority during this stage due to the critical
nature of accurately implementing and modelling a DT from the CPS (Kayan et al. 2022).
The models created by the DT, while effective in mimicking system behaviour, generally
acquire less knowledge compared to models developed through ML due to their reliance on
predefined system parameters rather than adaptive learning.
However, AI-powered models are susceptible to various forms of cyberattacks. The
data, model, and algorithms are all vulnerable to poisoning. If AI models are overly trans-
parent, it becomes easier for cybercriminals to exploit them. These criminals can use live
data to discern patterns in CPS execution, enabling them to mount more strategic attacks
on the CPSs.
Yet, digital assets sometimes become incomplete due to outdated or replaced hardware
and software in the CPS, which complicates access for cybercriminals. Despite this, it
remains possible for system experts to review and utilize knowledge from previous models.

13
A review of digital twins and their application in cybersecurity… Page 33 of 65 201

System experts strive to preserve earlier insights that might inform future models, retaining
valuable information even as system components evolve.
Despite the preventive efforts of experts and system designers, cybercriminals focus
solely on exploiting data, models, and algorithms that are vulnerable to misuse. Without a
doubt, DTs present appealing targets for these attackers, driven by the potential to under-
mine cybersecurity measures.

3.2 DT’s security goals and threats

In addition to other classifications for DTs, we have used a triple variety to understand the
issue better. The DT’s platform is divided into three main parts in this category.

• Data collection or sensor side: Infrastructure-level security works on detecting incon-

sistencies in the physical system and equipment, such as sensors, cameras, and launch-
ers. Most of these pieces of equipment can fall under different cyber terms due to brand
incompatibilities.
• Network: Communication infrastructure or network part: At this level of security, we
mainly focus on anomaly detection, which does not correspond to possible behaviours
such as identifying network events, including attacks, accidental access, and data usage.
Researchers in this field exploit the unsolved unsupervised learning ability of autoen-
coders.
• Applications: DT platforms and IoT applications are being monitored for malware and
botnets at the software level.

Cybersecurity literature does not provide a consensus regarding the essential security goals
in DTs and IoT infrastructure. Several terms and definitions overlap, e.g., authentication
can sometimes be used for identification since both are necessary for each other. There
are different definitions of security goals, so this paper has not elaborated fully on them.
Table 8 outlines the DT and IoT security goals based on existing literature (Homaei et al.
2022; Al-Turjman et al. 2019; Paul 2022).

Cybersecurity threats are vast and have various countermeasures to mitigate risks. The
DT platform can detect cyber threats such as sensor attacks, spoof-node attacks, hardware
manipulation attacks, energy manipulation attacks, sniffing, DDoS, sensitive data leakage,

Table 8  Security goals in DTs Layer Sensing Network Application

and IoT
Security goals
Authorisation ✓ ✓ ✓
Authentication ✓ ✓ ✓
Availability ✓ ✓ ✓
Identification ✓ ✓ ✓
Integrity – ✓ ✓
Freshness ✓ ✓ –
Confidentiality ✓ ✓ ✓
Privacy – ✓ ✓
Non-repudiation ✓ ✓ ✓

13
201 Page 34 of 65 M. Homaei et al.

Fig. 7  Famous attacks on DTs and IoT Platformsr

and fault tolerance (Herwig et al. 2021; Holmes et al. 2021; Olivares-Rojas et al. 2022)
(Fig. 7).

4 AI in cybersecurity

AI has already penetrated many industries, including cybersecurity. Most businesses

believe that they would be unable to detect and withstand attacks without the assistance
of AI. According to the Capgemini survey, over 80% of telecommunication companies use
AI for security purposes, and 75% of banking executives have adopted AI technology. A
similar trend can be observed across all major industries. In addition to taking over day-
to-day security issues, AI has shown that it can solve complex problems. Protection and
hacking (Abdullahi et al. 2022; Ansari 2022). Here is a look at how both sides use AI and
what corporations can learn from examining AI applications. The increasing complexity of
IT threats is the primary motivation for adopting AI for cybersecurity (Rani et al. 2022).

13
A review of digital twins and their application in cybersecurity… Page 35 of 65 201

Previously, businesses had to deal with “typical threats” such as Zeus trojans, but new spe-
cies emerged as we learned how to deal with those threats. Recent threats include Ryuk
ransomware, smart botnets, and Triickbot, a newly evolved trojan.
It should be noted. However, evolved threats are not even one of the highlights of risks
(Ansari et al. 2022; Arpita and Panchal 2022). Cybercriminals are equally enthusiastic
about utilising AI and ML to their advantage (Kumar and Pande 2022). Smart protection
methods are necessary to counter equally smart threats already on the horizon. The use
of AI in cybercrime is included in some respects (Bonfanti 2022). Even though AI-based
attacks have remained rare in the last few years, there have been discussions about devel-
oping powerful AI threats. Building the infrastructure to maintain such a threat is nec-
essary to create an AI virus. Viruses are small tools with a limited purpose that do not
require AI, ML, DT, facial recognition software, or extensive data analysis (Hailu et al.
2022; Tsareva and Voronova 2022; Waqas et al. 2022). For the machine to learn, it uses
techniques adapted from human learning techniques. These techniques generally have three
stages (Table 9).
Moreover, the attackers exploit these machine-learning techniques to overcome the
security system’s lines of defence. ML and DL are the best solutions to the security of the
line of defence, proving conventional computer security methods are no longer effective
(Kor et al. 2023; Lv et al. 2023). In cybersecurity, an IDS classifies the collected traffic
into two main categories (normal and abnormal). Organising it as a different type of attack
can go a long way. In this regard, supervised learning is used when a precise outcome is
required. In ML and DL, there are supervised/unsupervised and semi-supervised methods,
each of which can serve as a tool for cybersecurity. Each has its advantages and disadvan-
tages. Figure 8 is a general demonstration of how learning occurs.
The developed models of supervision aim to solve two types of problems:

• Regression problems: attempting to predict the value of an infinitude of continuous var-

iables.
• Classification problems: They involve classifying discrete objects with only a limited
number of values, as their name suggests

4.1 Explainable AI for cybersecurity

Cybercriminals employ evolving attack patterns to evade detection. A traditional intru-

sion detection system (NIDS/HIDS), particularly one based on signatures, requires a con-
tinuous update. However, growing network data and standard ML tools are lacking as we
move towards distributed and real-time processing. Integrating hybrid ML algorithms into
big data processing will increase the percentage of accurate results and reveal the hid-
den knowledge within the data. Compared to manual or statistically-based approaches,
ML and DL techniques can reduce the false recognition rate of traditional NIDS (Kaissar
et al. 2022; Umer et al. 2022; Ji and Niu 2024). By reducing False Negatives, the detec-
tion rate will be improved. Therefore, AI techniques, particularly ML and DL, have been
actively studied to assist the IDS in resisting malicious attacks by assuming that the pattern
of attack packets differs from that of regular packets. This technique is based on a set of
features that identify the state of an object, which must be selected carefully and accurately
to avoid inaccuracy and waste of time. Removing unrelated or irrelevant features from the
data set is necessary to achieve good data learning with accurate and efficient results. A
process such as this is called a feature reduction or a dimensionality reduction. A feature

13
 201

13
Page 36 of 65

Table 9  Steps in ML and DL in cybersecurity

Pre-processing Training Detection

The purpose of this step is to structure the data → To build a data model, useful information has to → Based on the model developed in the previous phase,
properly to prepare them for the training phase be extracted from the data prepared before pre- the supervised traffic data will be used as input to
processing the model, which will compare them with the previ-
ous model. Therefore, it can be divided into two
classes: normal and abnormal
M. Homaei et al.
A review of digital twins and their application in cybersecurity… Page 37 of 65 201

Fig. 8  ML and DL models are trained (Ji and Niu 2024)

selection process is necessary to select and generate only the most essential features. Some
recent AI methods for solving intrusion detection problems include Artificial Neural Net-
works (ANN), Decision Trees (DT), Evolutionary Algorithms (EA), Genetic Algorithms
(GA), Particle Swarm Optimisation (PSO), Simulated Annealing (SA), Rule-based Data
Mining, and Swarm Intelligence (Rathore et al. 2021; Anjum et al. 2021; Farhan and
D.Jasim 2022).
Different NIDS and HIDS have been deployed using ML/DL techniques in the literature
(Zhang et al. 2022b). Since each one treats attacks in a particular architecture using differ-
ent datasets and various ML and DL algorithms, comparing them will not be easy. Like
(Capuano et al. 2022; Patil et al. 2022, FNN-LSO is proposed for building an advanced
detection system and improving the performance of IDS based on Feed-forward Neural
Networks (FNN) combined with Locust Swarm Optimisation (LSO). Based on their find-
ings, LSO is recommended only for datasets with a high number of features and large data-
sets. The LSO algorithm is advantageous in large datasets due to the disproportionate num-
ber of local optima that render the conventional training algorithm virtually ineffective.
Several algorithms have been combined (Aslam et al. 2022; Capuano et al. 2022) to train
a neural network for various real-world datasets using Gravitational Search (GS) and PSO
algorithms. Tests of the NSL-KDD dataset were conducted to demonstrate the applicability
of the proposed approaches (e.g., error, training time, decision time, overage detection, and
accuracy rate) (Hariharan et al. 2021; Sharma et al. 2022).

4.2 ML/DL in DT cybersecurity

The growing popularity of wireless connectivity has led IoT providers to seek cost-effective
solutions for 5 G and 6 G networks from the outset (Homaei et al. 2021; Ji and Niu 2024).
In this context, addressing cybersecurity is crucial to protect users, network equipment, and
data from malicious attacks, unauthorized access, and data leaks. ML and DL play pivotal
roles in the cybersecurity systems of IoT and DT platforms today. DL, in particular, offers

13
201 Page 38 of 65 M. Homaei et al.

significant advantages for security tasks by learning to identify patterns and signatures
through supervised learning and applying these insights to new, unseen intrusions.
In Adjei et al. (2024), a proposed model integrates KNN into DTs to enhance anomaly
detection capabilities within network security systems. This model effectively addresses
the challenges of imbalanced network data, significantly improving the system’s preci-
sion and recall in identifying and mitigating potential threats. Such capabilities are vital
in IoT environments, where rapid and accurate responses to cyber threats are essential for
maintaining the integrity and security of digital infrastructures. Using ML in this context
improves the adaptability and effectiveness of security measures. It keeps pace with the
evolving dynamics of modern CPS, providing a robust defence mechanism against sophis-
ticated threats.
The paper (Krishnaveni et al. 2024) The paper introduces CyberDefender, an intelli-
gent defence framework for enhancing the cybersecurity of Industrial Cyber-Physical Sys-
tems (ICPS) through the simulation of cyberattacks using DTs. This framework evaluates
threats across four layers of ICPS and utilizes a proof-of-concept (PoC) developed with
open-source tools like AWS, T-Pot, Mininet, ELK, and Docker. For intrusion detection
and classification in DT-ICPS, the framework integrates two strategies: an innovative fea-
ture identification method using explainable AI and ensemble-based filter feature selec-
tion (XAI-EFFS), analyzed through Shapley Additive Explanations (SHAP), and a hybrid
GRU-LSTM DL model, fine-tuned with a Bayesian optimization algorithm. This method
significantly improves security, achieving a detection accuracy of 98.96% and effectively
identifying zero-day attacks.
Furthermore, using ML/DL and various AI models enables the detection of unu-
sual attacker behaviours through unsupervised learning. This ability means that DL/ML
can significantly reduce the effort needed to redefine rules for differentiating intrusions
(Rathore et al. 2021). Additionally, attackers might employ DL techniques to steal or crack
user passwords and other private information. This discussion highlights the role of DL/
ML in network security from three perspectives: infrastructure security, software-level
security, and traffic analysis.

4.3 Attacks via DTs

As technology progresses, DTs increasingly face sophisticated cybersecurity threats. This

subsection delves into the dynamic realm of cyberattacks, highlighting the utilization of
AI and ML by cybercriminals to conduct attacks that are both highly effective and elu-
sive. Malicious applications of AI can automate the process of identifying vulnerabilities
within systems, offering a substantial efficiency improvement over traditional manual pen-
etration methods. For instance, AI-driven algorithms can swiftly scan extensive networks,
pinpointing vulnerabilities more rapidly than manual testing and increasing the odds of
exploiting these weaknesses before they are addressed or detected by cybersecurity meas-
ures (da Silva et al. 2023; Matheu et al. 2020).
Data poisoning attacks, while bearing similarities to intake attacks, primarily aim to
corrupt the data inputs over a prolonged period. This corruption adversely affects the AI
analyzing the data. Typically, as AI systems undergo training before deployment, data
poisoning is most likely to occur during this training phase. An example of this could be
a hostile military force manipulating an AI system to fail in recognizing specific types
of aircraft, such as drones, which could be critical in scenarios where AI is deployed

13
A review of digital twins and their application in cybersecurity… Page 39 of 65 201

for aircraft detection. Similarly, in systems designed for predictive maintenance that
constantly adapt based on new data, data poisoning can drastically undermine the AI’s
effectiveness. There are three principal methods by which data poisoning can be carried
out (Homaei et al. 2022):

1. Poisoned dataset This strategy directly impairs an AI’s learning process by introducing
flaws within the training datasets. Corrupted datasets containing inaccurate or misla-
beled data will detrimentally impact the AI’s performance.
2. Poisoned algorithm This form of attack targets the AI’s learning algorithms. It is notably
prevalent in federated learning scenarios, which involve training over multiple decentral-
ized devices while preserving user privacy.
3. Poisoned model This method involves replacing a legitimate model with a tampered
version prepared beforehand. Attackers only need to substitute the file storing the model.
Modifying the equations and data within a trained model file can be particularly danger-
ous, even if the model undergoes extensive checks.

The research (Li et al. 2023) emphasizes the vulnerability of ML-based anomaly detec-
tors within DT-based networks to data poisoning attacks, which compromise the integ-
rity of model outputs by injecting maliciously tainted training data. The authors propose
specialized ML-based anomaly detectors to identify network attacks and demonstrate
that these attacks can bypass the detectors with over 80% probability. This highlights
the critical need for enhanced robustness in ML-based anomaly detectors to mitigate
such vulnerabilities.
In addition, Shen and Huang (2024) evaluate the vulnerabilities of object detection
models to backdoor attacks-a critical threat in areas such as autonomous driving and
smart cities. They introduce five backdoor attack types and propose a novel technique
that utilizes image watermarks as triggers in training data to increase stealth through
wavelet transformation. This method embeds covert triggers in training images, evad-
ing traditional neural network-based detection and complicating the detection and miti-
gation process. Experimental results indicate high attack success rates across various
datasets, with triggers remaining undetectable to human inspectors and standard algo-
rithms, thus emphasizing the urgent need for enhanced security in sensitive ML applica-
tions (Shen and Huang 2024).
Moreover, Ferrag et al. (2023) discusses the impact of poisoning attacks on the accu-
racy and integrity of federated learning models within DT frameworks enhanced by 6 G
technology. These attacks pose significant threats to IoT applications by manipulating
the training process. The analysis reveals how adversarial inputs can subtly degrade
system functionality, with significant reductions in accuracy noted under different data
conditions.
Son et al. (2024) focus on the challenges posed by the vast number of data poison-
ing attacks across various AI applications. They develop a comprehensive roadmap to
understanding their dependencies on the characteristics of the victim models, providing
a structured framework to expedite finding effective defence mechanisms. This system-
atic approach aims to replace the inefficient trial-and-error method, enhancing the secu-
rity protocols against such sophisticated attacks in ML deployments.
The integration of AI has also transformed traditional security testing techniques
such as fuzzing, which now involves feeding random or unexpected data to applica-
tions to identify security flaws more efficiently. Other threats, like infiltration attacks

13
201 Page 40 of 65 M. Homaei et al.

Table 10  Attack method by AI in DT

Term Specifications

Cybercriminals can also use AI as a tool. Attackers often use AI to find and exploit vulnerabilities
Automated Detection of Vulner- much faster than developers. Cybercriminals are usually ahead of
abilities security experts because they focus on one target (da Silva et al.
2023; Matheu et al. 2020)
Fuzzing Technique For detecting automated vulnerabilities, fuzzing is proper. Specifically,
designed inputs are fed to programs to trigger vulnerabilities and
cause the system to crash (Matheu et al. 2020)
Infiltration Attacks Disruptive inputs to AI-based systems, including noise and algorithm
changes by or through physical, cyber, or hybrid methods, expose
the digital counterpart of self-driving cars to some of these attacks
(Lalouani et al. 2022)
False data Injection and Poisoning Datasets, models, and algorithms are poisoned by some attacks based
on AI. Dataset poisoning directly impacts the understanding of AI
and DTs. A method of algorithm poisoning is federated learning,
which exploits AI learning algorithms. The legitimate model is
replaced with one already poisoned (Shen and Huang 2024; Lalouani
et al. 2022)

and false data injection, compromise the integrity and reliability of DT systems. These
attacks aim not only to disrupt but also to erode trust in data accuracy, which is crucial
for the effective functioning of DTs. Poisoning attacks that corrupt training datasets for
ML models can severely impact decision-making processes, underscoring the critical
need for advanced defensive strategies to safeguard the security and operational effi-
ciency of DT-dependent systems (Lalouani et al. 2022) (Table 10).

4.4 Countermeasures via DTs: enhancing cybersecurity in the digital realm

In cybersecurity, AI and ML manifest as double-edged swords, providing formidable

defences and potent means for attacks (Homaei et al. 2022). Within the context of DTs-dig-
ital mirrors of physical systems-AI and ML are essential, acting both to protect and to chal-
lenge. These technologies are pivotal in cybersecurity, strengthening defences while also
being employed by attackers to infiltrate systems stealthily. Experts have recommended
various defensive strategies to counter these threats, especially those pertinent to native
digital applications (Khan et al. 2022; Zhang et al. 2022a).
Blockchain technology is a prime example of defensive measures, enhancing reli-
ability and securing the data essential to a DT’s functionality (Putz et al. 2021; Huo et al.
2022; Liu et al. 2022). The integrity and confidentiality of data are paramount, necessi-
tating robust protection. Blockchain employs centralized and distributed encryption algo-
rithms to effectively manage and secure data distribution across networks. It also provides
mechanisms to detect and prevent code manipulations within CPS. Thanks to its immuta-
ble nature, blockchain facilitates secure data tracking across networks, bolstering security
and safety standards and providing a solid defence against unauthorized intrusions. Addi-
tionally, blockchain supports the engineering phase of DTs by providing monitorable and
programmable solutions that enhance ML patterns, thereby increasing DTs’ resilience to
cybercriminal activities and enabling them to serve multiple stakeholders simultaneously.

13
A review of digital twins and their application in cybersecurity… Page 41 of 65 201

Furthermore, the security architecture of DTs is augmented by gamification strategies,

which create a multifaceted environment for security assessment and system strengthen-
ing (Ulmer et al. 2022; Vielberth et al. 2021). Gamification in non-gaming contexts, such
as ’red versus blue’ team games, establishes an arena for refining defensive and offensive
cybersecurity strategies. These simulations involve management consoles, designated
roles, resources, and various attack scenarios designed to train security personnel in rec-
ognizing and mitigating potential threats. These environments also serve as incubators
for system learning, enabling repeated testing and analysis within DT frameworks. The
insights gained from these exercises are crucial for continuously developing and enhanc-
ing security protocols and fortifying the system against attacks such as Man-in-the-Middle,
penetrations, and data intrusions. Despite these advancements, ensuring DT fidelity to CPS
in terms of security remains a challenge, potentially limiting the effectiveness of block-
chain and gamification methods.
Together with these specific countermeasures, the overall enhancement of DT systems,
particularly within twin networks, demands a proactive, layered approach to cybersecu-
rity (Khan et al. 2022; Zhang et al. 2022a). This strategy includes integrating advanced
ML models for anomaly detection, continuous threat intelligence sharing, and conducting
regular penetration testing to uncover and address vulnerabilities. Using DTs to simulate
cyber-attack scenarios equips organizations with the ability to preemptively identify poten-
tial weaknesses and develop robust countermeasures, thereby enhancing preparedness and
response capabilities. Below is a table outlining some popular AI-based methods used in
these technologies (Table 11).
Advanced machine learning algorithms are pivotal in enhancing the capabilities of
DTs, which are virtual replicas of physical systems used to simulate real-world objects or
processes dynamically. These sophisticated algorithms empower DTs to predict system
behaviour, optimize performance, and aid decision-making, thereby driving significant
improvements in operational efficiency and innovation across diverse sectors such as man-
ufacturing, healthcare, and urban planning (Rathore et al. 2021).

• DL challenges: DL, a complex branch of ML based on deep neural networks, is par-

ticularly effective in DTs for processing intricate data inputs and enhancing prediction
accuracy. For example, in a DT model of a manufacturing line, DL can process sensory
data to preemptively identify potential equipment failures or maintenance demands.
Despite its advantages, DL requires extensive labelled datasets, demands high com-
putational power, and its operations are generally opaque, which complicates under-
standing the rationale behind its decisions. This opacity can restrict its use in scenarios
where clarity in decision-making processes is critical or where data availability is lim-
ited (Rathore et al. 2021; San et al. 2023).
• SVM challenges: In DTs, SVMs excel in classification tasks, such as differentiating
between normal and potential failure operational states of industrial equipment. SVMs
are effective with smaller, more defined datasets, delivering precise class separation.
However, they struggle with scalability and performance when applied to larger, noisier
datasets typical of DT environments, leading to prohibitive computational demands.
Moreover, SVMs do not inherently provide probabilities for their classification deci-
sions, which can be a drawback in decision-making contexts within DTs (Wan et al.
2021; Castellani et al. 2021).
• Random Forests challenges: Known for their robustness against data variability, Ran-
dom Forests are beneficial in DTs for both classification and regression tasks. They
work by constructing multiple decision trees during training and output either the mode

13
 Table 11  Defence method by AI in DT
201

Term Definition/efficiency Limitation/challenges

13
Machine Learning NB classify data according to the Bayesian theorem, suggesting Zero frequency and the problem of spammers deceiving the NB algo-
anomalous activities usually result from multiple events rather than rithm led to experts utilising exceptional discoveries such as denying
Page 42 of 65

a single attack. Additionally, NB analyses each activity to determine listing to obtain information
whether it is abnormal after training (Vieira et al. 2022a)
Federated Learning Model Federated learning offers to exchange data/information security and In the early step of research and development, when the training method
privacy. The FL model proposes these solutions to prevent and detect and process are still being iterated, federated learning is more expen-
manipulation of equipment and user data on a macro scale and to sive than collecting and processing the information centrally
reduce its effectiveness (Alazab et al. 2022b)
Support Vector Machines Cybersecurity uses SVM’s technique to analyse Internet traffic patterns Due to the learning curve, it is unsuitable for implementing large data
and classify them into HTTP, FTP, and SMTP categories. During sets in real-world applications. This algorithm is capable of covering a
penetration testing or network traffic generation, SVMs are often limited number of attacks
used as training data for attacks that can be simulated (Vitthalrao
2020; Adhikari et al. 2022)
K-Nearest Neighbour The K-NN technique is used for intrusion detection and detecting false It requires much memory and is computationally intensive due to storing
data injection attacks since it adapts rapidly to new traffic patterns to all the training data. This algorithm is not used for distributed applica-
detect previously unknown attacks (Majeed et al. 2021) tions and has a long prediction time, making it unsuitable for real-time
applications. Furthermore, this algorithm is also affected by unrelated
features and data sizes
Decision Trees Cybersecurity analyses traffic size, flow, and duration by this method Many correlated and uncertain outcomes can make calculations very
to detect DoS attacks (Vieira et al. 2022a) challenging when dealing with data classified at different levels. The
nodes in a Decision Graph can be connected by (OR) rather than
(AND); whereas the nodes in a (AND) graph can only be bound by
(AND)
Artificial Neural Networks ANNs could give rapid response times, which is crucial in systems like A neural network faces two mismatch problems: the initial mismatch
traffic management (Zhang et al. 2021). Moreover, AI cybersecu- problem and the inherent mismatch problem. Due to these factors,
rity measures often detect or stop attacks in progress rather than neural networks are unsuitable for deployment in IT operations man-
preventing them from occurring in the number one place, which is agement environments
why other preventative security measures should be implemented
(Paredes et al. 2021)
M. Homaei et al.
 Table 11  (continued)
Term Definition/efficiency Limitation/challenges
Explainable AI In contrast to the traditional approach, XAI provides us with an Black box models are these models. It is sometimes difficult to justify
advanced method for making appropriate decisions regarding secu- the predictions or decisions made due to the opacity of these complex
rity background processes. The user receives additional information models. Interpretability is one of the most critical factors in cyber
with the output explaining why a prediction has been completed. security because it promotes trust in the model. Failure to do so may
This method can generally detect attacks and threats such as Fraud compromise vital information and the organisation’s vulnerability
Detection, Intrusion Detection, Spam Detection, Malware Detection,
and Traffic Analysis and Identification (Sharma et al. 2022)
A review of digital twins and their application in cybersecurity…
Page 43 of 65 201

13
201 Page 44 of 65 M. Homaei et al.

of the classes (for classification) or the average prediction (for regression) across trees.
Although Random Forests are effective across various scenarios, they are computation-
ally intensive to train with large datasets and offer limited interpretability due to the
complexity of their multiple tree-based structures (Scheuermann et al. 2020).
• DT challenges: The integration of these advanced ML algorithms into DTs introduces
distinct challenges. The foremost challenge is seamlessly incorporating dynamic, real-
time data into the algorithms, as DTs continuously sync with their physical counter-
parts. Maintaining data integrity and efficiently managing data flow are both critical
yet daunting tasks. Moreover, the need for models to adapt to changes in the physical
system or environment (concept drift) can render previously trained models ineffective.
Security concerns, especially regarding data privacy and the vulnerability to adversarial
attacks, are also critical, given the operation of DTs in vital infrastructure (San et al.
2023).

In conclusion, while advanced ML algorithms substantially boost the functionality and

accuracy of predictions in DTs, overcoming their inherent limitations-such as scalability,
interpretability, and adaptability-is crucial for their effective deployment and operation.
These challenges demand continuous research and development to ensure DTs can faith-
fully replicate and interact with their physical counterparts in a secure and efficient manner.
Implementing proactive and multi-layered security strategies is essential to enhance the
operational performance of DTs. Optimized data exchange protocols, the use of sophisti-
cated ML algorithms, and the development of adaptive models significantly enhance the
efficiency, accuracy, and reliability of DT networks, enabling effective real-time monitor-
ing and system optimization (Sousa et al. 2021; Liu et al. 2024; Putz et al. 2021). Addition-
ally, decentralized architectures like blockchain not only augment security and transpar-
ency but also contribute to the scalability and resilience of DT applications (Dietz et al.
2022; Calvo-Bascones et al. 2023). Further, fostering a culture of security awareness and
embedding secure development practices from the design phase are vital measures to miti-
gate potential cybersecurity risks.
In the evolving landscape of DT applications and cybersecurity, aligning academic dis-
course with these dynamics is imperative. A restructured scholarly manuscript could start
with a comprehensive introduction to DTs, followed by an exploration of their applications
and security challenges and a detailed discussion of the necessary tools and strategies for
their protection. This proposed structural framework aims to streamline the narrative for
better understanding and to emphasize the interconnectedness of various aspects of DTs
and cybersecurity.
In summary, securing DTs against cyber threats necessitates a holistic approach that
blends cutting-edge technologies like AI and blockchain with conventional cybersecurity
measures. These tools highlight the intricate nature of protecting digital assets in a time
marked by rapid technological progress and increasingly complex cyber threats (Putz et al.
2021; A. et al. 2023). As DTs become increasingly central to driving digital transformation
across various sectors, prioritizing their security through a comprehensive and forward-
thinking approach is paramount (Table 12).

4.5 Enhancing DT system performance in twin networks

Building upon the foundational understanding of the cybersecurity landscape surrounding

DTs, it is crucial to delve into the strategies for enhancing the overall performance of DT

13
 Table 12  Proactive cyber defence techniques for DTs
Term Definition/efficiency Limitation/challenges

Threat Intelligence Sharing (Dietz et al. 2022) Sharing information about threats and vulnerabilities to While beneficial, it requires robust and secure channels
anticipate and mitigate threats to DTs for sharing to prevent data leaks and ensure that sensi-
tive information is not exposed to adversaries
Anomaly Detection through ML (Calvo-Bascones et al. Using ML algorithms to detect unusual activities and ML-based systems require extensive training data and
2023) monitor DT operations for security breaches may generate false positives, necessitating ongoing tun-
ing and verification
A review of digital twins and their application in cybersecurity…

Penetration Testing and Red Teaming (Dietz et al. 2022) Simulated attacks to evaluate security measures to These practices can be resource-intensive and might not
uncover vulnerabilities and assess DT resilience always predict novel or sophisticated attack vectors
Enhanced Simulation and Modelling (Dietz et al. 2022) Simulating cyber-attack scenarios on DTs to prepare for While valuable for preparedness, simulations may not
and respond to cyber incidents effectively fully capture the complexity of real-world scenarios,
leading to potential oversights in defence mechanisms
Page 45 of 65 201

13
201 Page 46 of 65 M. Homaei et al.

systems within twin networks. These interconnected and data-intensive networks demand
a nuanced approach to ensure efficient information interaction and self-learning between
numerous pairs of DTs (Tang et al. 2022). To achieve this, the integration of optimised
data exchange protocols is paramount. These protocols facilitate efficient, secure, and reli-
able data communication between DTs, reducing latency and bandwidth consumption and
ensuring timely and accurate data sharing.
Furthermore, deploying advanced ML algorithms enables DTs to learn from data, iden-
tify patterns, and make predictions or decisions with minimal explicit programming. This
capability is instrumental in improving predictive accuracy and adapting to the physi-
cal system or environment changes, thus enhancing decision-making and operational
efficiency. Adaptive models evolve based on continuous feedback from real-time data
and learning algorithms. They allow DTs to update their simulations and predictions in
response to new data or changing conditions. This leads to more accurate and reliable out-
comes, crucial for the effective operation of DTs (Onwubiko et al. 2023).
Implementing decentralised architectures like blockchain technology can significantly
enhance interactions between DTs’ security, trust, and transparency while improving scal-
ability and resilience against failures. Additionally, establishing interoperability standards
facilitates smooth integration and communication between diverse DTs, enabling more
cohesive and effective system-wide performance (Teisserenc and asgozar 2021).
Organisations can significantly improve their DT systems’ efficiency, accuracy, and reli-
ability by focusing on these key areas-optimised data exchange protocols, advanced ML
algorithms, adaptive models, decentralised architectures, and interoperability standards.
This not only unlocks the full potential of twin networks for real-time monitoring, analysis,
and optimisation but also underscores the importance of a comprehensive and proactive
approach to enhancing the operational capabilities of DT systems in the face of evolving
technological landscapes and cybersecurity threats (Table 13).

4.6 Strategic defence measures for DT integrity

In addressing the critical need to protect DTs from cyber criminals, it becomes imperative
to implement proactive security measures. These measures are designed not only to safe-
guard the valuable data and insights generated by DTs but also to ensure the integrity and
reliability of these digital assets. The foundation of a robust DT security framework begins
with strong authentication and access control mechanisms. Utilizing MFA and RBAC
ensures that only authorized users have access to DT systems and data, effectively prevent-
ing unauthorized access (Ortega-Gras et al. 2021; Bühler et al. 2022; AlSalem et al. 2023).
Data encryption is pivotal in protecting DT data at rest and in transit. By employing
strong encryption standards, organizations can ensure the confidentiality and integrity of
their data, making it resistant to interception and unauthorized access (Saeed et al. 2024;
de Azambuja et al. 2024). Moreover, conducting regular security assessments and penetra-
tion testing is crucial for identifying vulnerabilities within the DT infrastructure. These
proactive evaluations allow organizations to address potential weaknesses before attackers
exploit them.
Advanced threat detection and response systems, equipped with AI and ML capabili-
ties, enable the real-time detection and mitigation of cyber threats (Zhang et al. 2023a).
This rapid response capability is essential for minimizing the potential damage and down-
time associated with security breaches. Additionally, cybersecurity awareness training for

13
 Table 13  Strategies for improving DT system performance in twin networks
Strategy Description Benefit

Optimised Data Exchange Protocols Efficient and secure communication protocols Reduces latency and ensures accurate data sharing
Advanced ML Algorithms (Rathore et al. 2021; Sophisticated algorithms for pattern recognition and prediction Improves predictive accuracy and decision-making
Wan et al. 2021)
Adaptive Models (Castellani et al. 2021) Dynamic models that evolve based on real-time data Enhances simulation accuracy and reliability
A review of digital twins and their application in cybersecurity…

Decentralised Architecture (San et al. 2023) Distributed computational and storage workload Increases security, scalability, and resilience
Interoperability Standards Standards for seamless system integration Facilitates smooth communication and collabora-
tion between DTs
Page 47 of 65 201

13
201 Page 48 of 65 M. Homaei et al.

employees highlights the risks associated with DTs and emphasizes the importance of
adhering to security best practices.
A secure development lifecycle incorporating security best practices from the initial
design to deployment and maintenance of DTs ensures that security considerations are
embedded within the DT systems from the ground up (El Bazi et al. 2023; Ebrahimabadi
et al. 2023). Establishing continuous monitoring and a comprehensive incident response
plan is vital for the timely detection of security incidents and effective response strategies
to minimize their impact (Seelaboyina et al. 2024).

4.6.1 Encryption and cryptography

Cryptography plays a pivotal role in the security architecture of DT systems by ensuring

the confidentiality and integrity of data. The certificates key agreement scheme proposed
by Zhang et al. (2023a) reduces the storage and computational overhead on resource-lim-
ited devices while ensuring secure data transmission, particularly in telemedicine appli-
cations. This model illustrates the importance of adapting cryptographic solutions to the
specific operational and technical constraints within DT environments.

4.6.2 Blockchain for data integrity and access control

The immutable nature of blockchain enhances data integrity and access control. Studies
by Huang et al. (2020) and Wei et al. (2023) demonstrate how blockchain-based methods
secure data transactions and facilitate efficient data sharing among stakeholders, ensuring
that data integrity and authenticity are maintained. Additionally, the blockchain model pre-
sented by Son et al. (2022) utilizes cloud computing and blockchain to secure data shar-
ing and enhance data verifiability in DT environments, emphasizing the security of data in
transit.

4.6.3 Securing data in transit and at rest

Data security, both in transit and at rest, is a recurring theme in DT applications (Pal 2023).
The strategic use of encryption and blockchain technologies ensures that data remains
secure as it travels from physical assets to DTs and is stored securely in virtual environ-
ments. This is essential for maintaining the privacy and integrity of sensitive information
across all phases of data handling.

4.6.4 Comprehensive security frameworks

A comprehensive approach to DT security involves not only protecting data but also ensur-
ing the robustness of the underlying IT infrastructure. The challenges posed by rapid
advancements in AI and IoT technologies that drive DT applications are significant. A
holistic security strategy, inclusive of advanced data analytics and robust IT infrastructures,
is essential to overcome these challenges and ensure the seamless integration of physical
and virtual twins.
In conclusion, by integrating proactive security measures, including strong authentica-
tion, data encryption, regular security assessments, advanced threat detection, employee
training, secure development practices, and effective incident response, organizations can
create a formidable defence against the evolving threats targeting DTs. The strategic use

13
A review of digital twins and their application in cybersecurity… Page 49 of 65 201

of advanced cryptographic and blockchain technologies further enhances this defence,

ensuring the integrity and confidentiality of DT data. As DTs continue to emerge as a cor-
nerstone of digital transformation initiatives across industries, prioritizing their security is
not just a best practice but a necessity for safeguarding the future of digital innovation.
Adopting these comprehensive security strategies is essential for reducing the risk posed
by cybercriminals, ensuring the resilience and reliability of these critical digital assets in
the face of evolving cyber threats (Table 14).

4.7 Enhancing DT security with advanced technologies

The need for advanced security measures has become critical as DT increasingly becomes
central to industrial and operational processes. This need arises from the growing com-
plexity of cyber threats that endanger DT data’s integrity, confidentiality, and availability.
Consequently, a comprehensive security strategy is essential to protect DTs against these
threats (Wang et al. 2023a).
A robust DT security framework includes strategic and technical measures to safeguard
digital assets. This framework emphasizes stringent authentication and access control
mechanisms to ensure that only authorized entities can access sensitive DT data. Encryp-
tion also plays a key role in protecting data, whether in storage or transit, against intercep-
tion or tampering.
Proactive security practices are vital for early detection and mitigation of vulnerabilities
within the DT environment, thereby enhancing system resilience. Advanced threat detec-
tion and response systems, leveraging AI and ML technologies, are critical for identifying
and neutralizing threats in real-time.
Network security solutions are equally important. Technologies such as firewalls, IDS,
and IPS monitor and regulate network traffic to prevent unauthorized access and detect
malicious activities. These technologies are complemented by efforts to promote cyber-
security awareness among employees and stakeholders, thereby strengthening the human
element of the security ecosystem.
Incorporating SDLC practices ensures that security considerations are integrated
throughout the DT system’s design, development, and maintenance phases. This approach
protects against current threats and prepares the system for future challenges.
Recent research, including the work by Jim Scheibmeir and Yashwant Malaiya from
Colorado State University, underscores the importance of integrating security frameworks
with DTs to protect associated physical systems. They advocate a multi-model security
approach, utilizing state machines, lattice models, and information flow models to ensure
data integrity and confidentiality (Scheibmeir and Malaiya 2020).
Further insights come from studies on Facebook’s development of cyber-cyber and
cyber-physical DTs, highlighting the underexplored potential of simulating software and
physical systems (Ahlgren et al. 2021). This dual-layer simulation structure underscores
the importance of developing new methods to verify and validate simulation results, par-
ticularly in modelling real user behaviour and balancing simulation speed and accuracy.
A recent study by Ma et al. (2024) explores enhancing CPS security through imple-
menting DT technology. Addressing the susceptibility of CPS to network threats, the
authors propose a novel security framework that integrates data-driven behavioural mod-
els of the physical layer with network layer attack graphs, all facilitated by DT. This inte-
grated approach allows for real-time security updates and anomaly diagnosis, significantly

13
 201

13
Page 50 of 65

Table 14  Proactive measures to protect DTs

Measure Implementation Benefit

Strong Authentication and Access Control (Thakur et al. 2023) Utilise MFA and RBAC Prevents unauthorised access
Data Encryption (Stergiou et al. 2023; Wang et al. 2023c) Encrypt data at rest and in transit Protects data confidentiality and integrity
Regular Security Assessments (Zhang et al. 2023b) Conduct security assessments and penetration tests Identifies and mitigates vulnerabilities
Advanced Threat Detection (Pulyala 2023) Deploy SIEM systems with AI and ML capabilities Rapid detection and mitigation of threats
Cybersecurity Awareness Training Provide regular training to employees Reduces the risk of breaches caused by human error
Secure the Development Life-cycle (Seelaboyina et al. 2024) Incorporate security in the DT development life-cycle Ensures built-in security from the ground up
Monitoring and Incident Response (Allison et al. 2023) Establish continuous monitoring and a response plan Enables timely detection and effective response
M. Homaei et al.
 Table 15  Comprehensive security tools and strategies for DT systems
Tool/technology Primary function Benefit

IAM Systems (Partida et al. 2021) Controls user access to DT data and systems Prevents unauthorised access and data breaches
Authentication and Access Control (Patel et al. 2024) Ensure that only authorised personnel can access the Enhances the security of sensitive data and functionalities
DT system
Encryption Solutions (Patel et al. 2024) Protects data at rest and in transit Ensures data confidentiality and integrity
Regular Security Assessments and Penetration Testing Identifies and addresses vulnerabilities within the DT Proactively fortifies the DT system against potential
(de Azambuja et al. 2024) environment attacks, improving resilience
Advanced Threat Detection and Response Systems (Wu Utilises AI and ML to detect anomalies and respond to Enables rapid detection and mitigation of cyber incidents,
et al. 2023) threats in real-time reducing impact
Network Security Solutions (Firewalls, IDS, IPS) (Gras- Monitor and control network traffic to prevent unauthor- Ensures secure communication channels and prevents
selli et al. 2022; El-Hajj et al. 2024) ized access and detect malicious activities data breaches
A review of digital twins and their application in cybersecurity…

Cybersecurity Awareness Training (Alshammari et al. Educates employees and stakeholders about cyber risks Increases overall security posture by reducing risks asso-
2021) and security best practices ciated with human error
SDLC (Seelaboyina et al. 2024) Integrate security into every phase of the DT system Ensures built-in security, addressing threats throughout
development, from design to maintenance the DT’s life cycle
IDPS in DT (Dodiya et al. 2024 Monitors for malicious activities or policy violations Enhances threat detection and prevention
SIEM Systems in DTs (Vielberth et al. 2021) Provides real-time analysis of security alerts Quick detection and response to security incidents
Vulnerability Assessment Tools (El-Hajj et al. 2024) Scans for known vulnerabilities Identifies and mitigates security weaknesses
Blockchain Technology (Shen et al. 2021) Offers a secure framework for data exchange Ensures data integrity and trustworthiness
ML and AI (Suhail et al. 2023) Analyses data to detect patterns of cyber threats Improves adaptability to new and sophisticated threats
Page 51 of 65 201

13
201 Page 52 of 65 M. Homaei et al.

improving the detection and response capabilities against potential cyber threats. The paper
demonstrates the efficacy of their methodology through improved metrics such as preci-
sion, recall rates, and F1 scores, suggesting that DT technology not only enhances real-
time security but also ensures comprehensive risk management and robust countermeasure
recommendations in CPS environments.
Table 15 presents these technologies and strategies, offering insights into their function-
ality and benefits within the DT security context. This table is a resource for organizations
to evaluate their security posture and identify enhancements to protect their DTs against
increasingly sophisticated cyber threats.

5 Summary

As technology continues to evolve rapidly, so too do the security demands it necessitates.

DTs are no exception, facing an urgent need for innovative cybersecurity strategies to
counteract current and emerging threats, such as powerful AI-driven viruses (Ansari 2022;
Bonfanti 2022; Vieira et al. 2022b). The absence of active AI-based attacks does not imply
a reduced risk; rather, it highlights organisations’ critical need to enhance their defences
proactively.
AI and ML are pivotal in identifying and neutralizing threats that exploit new vulner-
abilities in personal devices and corporate networks (Shandilya et al. 2022). These tech-
nologies extend beyond merely addressing known virus strains; they can also identify
and mitigate previously unknown ones. By analyzing patterns within data and employing
advanced algorithms, AI systems can devise effective countermeasures. Over time, these
systems increasingly excel at recognizing and responding to new threats, improving their
efficacy and response speed.
One notable success story involves an ML-based security system that identified and
neutralized OceanLotus—a cyber threat originating from a Vietnamese hacking group-
through pattern recognition within seemingly benign data. This example underscores the
broader potential applications of AI in cybersecurity, detailed in Table 16.
However, the integration of AI in cybersecurity is not without its challenges. While AI
presents significant opportunities to enhance the effectiveness of cybersecurity measures
within DTs, it also introduces new risks. The dual nature of AI as both a potential threat
and a valuable tool underscores the crucial roles of researchers and governmental bodies in
navigating these complexities (Table 17).
The next generation of viruses will likely leverage cyber technologies more extensively
(Aloqaily et al. 2022; Kumar and Pande 2022). To date, the development of such advanced
threats has been limited by financial and technological constraints, typically outside the
reach of individual hackers. Nevertheless, these barriers are anticipated to diminish over
time, enabling even solo attackers to employ AI in their strategies (Ansari et al. 2022).
DTs’ ongoing deployment and safeguarding against AI-driven threats involve numerous
challenges, as outlined in Table 18.
In the broader context of technological advancements, AI is increasingly pivotal. It
provides proactive surveillance and enhances the detection and mitigation of distributed
threats, continuously adapting to new attack vectors. Unlike traditional security solutions,
AI-driven systems are adept at managing both known and novel threats, positioning AI at
the forefront of the global security landscape (Table 19).

13
A review of digital twins and their application in cybersecurity… Page 53 of 65 201

Table 16  Potential applications of AI in cybersecurity of DTs

Potential Advantages

Detecting viruses AI can analyse terabytes of data within a brief period, detecting
suspicious code fragments in a short amount of time (Mylrea et al.
2021)
Creating a virus database AI will store, process, and learn from previously detected threats
(Mylrea et al. 2021)
Anticipating cybercriminals’ moves AI can analyse existing threats, security news, and trends to forecast
future developments (Alcaraz and Lopez 2022)
Optimising functionality AI can help businesses improve their software and decrease the
likelihood of future attacks by providing smart insights (Rathore
et al. 2021)

Table 17  AI threats in cybersecurity of DTs

Threat Definition

The random mutation of executable code (Saeed Polymorphic viruses are already capable of doing
et al. 2024) this, but AI can increase the variety of variables
supported
Operating system adaptability (Shen and Huang The AI-based virus could find an intelligent approach
2024) to Kernel-level functions or apply rootkits to avoid
being detected
Identifying the antivirus and attacking AI viruses can detect anti-virus software and develop
methods for attacking its code
Detection of social networks (Scheibmeir and Viruses can mimic human language and trick users
Malaiya 2020; Ahlgren et al. 2021) into sending confidential documents, providing
access data, or simply perpetrating cyberbullying
using conversational programming
Update creation Once an antivirus detects the previous version, it
can push a new version and continue its malicious
activities

Table 18  AI and cybersecurity challenges in the DT

Challenge Definition

Distanced infrastructure System communications today span continents, sending sensitive data
around the globe. Insufficient protection is in place for these transfers,
making them easier to hack
The detection process is manual Security threats and suspicious patterns are not the focus of human teams
24 hours a day, 7 days a week. It is common for systems to go unmoni-
tored most of the time
Security teams’s reactivity It is more common for security experts to focus on responding to threats
rather than predicting them
Providing dynamic threats Hackers use several strategies to conceal their locations, IP addresses,
identities, and methods. In contrast, the cybersecurity field is much
more transparent and open to research - data created by businesses are
readily available to criminals
Heterogeneity /Scale A wide variety of hardware and software designs resulting from DT/IoT
platforms and different local policy areas also add to the heterogeneity
and difficulties of applying AI in cybersecurity

13
201 Page 54 of 65 M. Homaei et al.

Table 19  Advantages of using AI in DT cybersecurity

Advantage Definition

Fast detection AI’s capabilities surpass human analysis and monitoring, identifying
unknown threats and creating response strategies rapidly
No human errors AI supports strategic decision-making by analyzing data without the risk
of human oversight or misinterpretation
Quick response AI and ML solutions enable even large corporations to quickly detect
threats within seconds, processing terabytes of data
Automating routine work With routine tasks automated by AI, the security team can focus on
strategic and creative insights, which are crucial for advancing security
measures
A smart approach to education AI collects and generalizes information about viral threats, creating smart
databases to identify risks and respond effectively

Table 20  Disadvantages of using AI in DT cybersecurity

Disadvantage Definition

Hackers are also AI-savvy AI security solutions can also be utilised by hackers. Cybersecurity
practices tend to be more transparent compared to the more clandestine
nature of hackers’ methods
Cyberthreats continue to evolve The integration of AI into security measures doesn’t grant immunity to all
threats. AI systems require constant updating and improvement to keep
up with evolving malware
Adoption hurdle Implementing AI in cybersecurity demands significant human and com-
puting resources, which may present a challenge compared to installing
ready-made software. However, AI is becoming more accessible, allow-
ing even small businesses to build advanced security networks

Despite AI’s considerable contributions to resolving cybersecurity issues, it is not a

panacea. Implementing AI on a smaller scale remains challenging, and the technology still
requires significant refinement. Recent studies affirm that while the benefits of AI systems
generally surpass their limitations, they are not without drawbacks, particularly when com-
pared to human capabilities (Table 20).

6 Conclusion

The integration of the IoT with global internet networks alongside the expansion in com-
munication and monitoring technologies has catalyzed the application of AI and ML in
recent years. DTs are poised to play a pivotal role in monitoring and controlling processes
across virtually all industries and aspects of daily life. Developments in sectors such as
industry, transportation, medicine, aerospace, agriculture, and environmental sciences sug-
gest that nearly every physical entity may soon have a digital counterpart. This article has
explored DTs’ what, why, and how across various applications, focusing mainly on their
challenges. Among these, cybersecurity emerges as a crucial hurdle, given that threats to a
DT can directly impact its associated CPS and vice versa.

13
A review of digital twins and their application in cybersecurity… Page 55 of 65 201

This review has addressed several critical questions: What are the security challenges,
attacks, and threats that DTs face? How can these be effectively mitigated? What tools
are essential for ensuring the security of both DTs and CPSs? Through our examination,
we underscored the importance of incorporating cybersecurity considerations early in the
design phase of any DT. We discussed the application of AI solutions and the strategic use
of these advanced tools to fortify DTs against potential cyber threats. The possibility of
cybercriminals harnessing AI technologies means that only through similarly sophisticated
tools can we hope to secure DT systems effectively.
The broad spectrum of DT applications makes it challenging to comprehensively
cover all potential security risks, attacks, threats, and countermeasures. Nevertheless,
this article has endeavoured to draw the attention of researchers and practitioners in
cybersecurity, digitalization, monitoring, and computer science to these critical issues.
This field is anticipated to receive increased scrutiny and deeper investigation in the
coming years.
In conclusion, it must be emphasized that exploring the cybersecurity challenges associ-
ated with DTs is not just necessary; it is crucial for the advancement of digital twin tech-
nologies. As we move forward, the interplay between DTs and CPSs will increasingly
influence the security paradigms of our interconnected world. Addressing these challenges
proactively will be key to harnessing the full potential of DTs while safeguarding the infra-
structures and data they mirror.

Author contributions All authors have contributed equally to this work, encompassing the conceptualisa-
tion, methodology, analysis, and manuscript writing. Each author has thoroughly reviewed and provided
critical feedback on the manuscript, ensuring its accuracy and coherence. We agree to submit this work to
Artificial Intelligence Review, following its submission guidelines and ethical standards, and confirm that
this manuscript is original, unpublished, and not under consideration elsewhere.

Funding Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature.

Data availability No datasets were generated or analysed during the current study.

Declarations
Competing interests The authors declare no competing interests.

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License,
which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long
as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Com-
mons licence, and indicate if changes were made. The images or other third party material in this article
are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the
material. If material is not included in the article’s Creative Commons licence and your intended use is not
permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly
from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

References
Abdelsattar A, Park EJ, zouk A (2022) An OPC UA client/gateway-based digital twin architecture of a
SCADA system with embedded system connections. In: 2022 IEEE/ASME international conference
on advanced intelligent mechatronics (AIM). IEEE

13
201 Page 56 of 65 M. Homaei et al.

Abdullahi M, Baashar Y, Alhussian H, Alwadain A, Aziz N, Capretz LF et al (2022) Detecting cybersecu-

rity attacks in Internet of Things using artificial intelligence methods: a systematic literature review.
Electronics 11(2):198. https://​doi.​org/​10.​3390/​elect​ronic​s1102​0198
Abed AM, Seddek LF, Elattar S, Gaafar TS (2022) The digital twin model of vehicle containers to provide
an ergonomic handling mechanism. South Fla J Dev 3(2):1971–1992. https://​doi.​org/​10.​46932/​sfjdv​
3n2-​030
Abounassar EM, El-Kafrawy P, El-Latif AAA (2021) Security and interoperability issues with Internet of
Things (IoT) in healthcare industry: a survey. In: Studies in big data. Springer, Cham, pp 159–189
Adhikari M, Munusamy A, Kumar N, Srirama S (2022) Cybertwin-driven resource provisioning for IoE
applications at 6G-enabled edge networks. IEEE Trans Ind Inf 18(7):4850–4858. https://​doi.​org/​10.​
1109/​tii.​2021.​30966​72
Adjei PO, Tetarave SK, John C, Manneh M, Pattnayak P (2024) Robust network anomaly detection with
K-nearest neighbors (KNN) enhanced digital twins. In: SoutheastCon 2024. IEEE
Ahlgren J, Bojarczuk K, Drossopoulou S, Dvortsova I, George J, Gucevska N, et al (2021) Facebook’s
cyber–cyber and cyber–physical digital twins. In: Evaluation and assessment in software engineering.
EASE ACM, New York
Akbarian F, Fitzgerald E, Kihl M (2020) Intrusion detection in digital twins for industrial control systems.
In: 2020 International conference on software, telecommunications and computer networks (Soft-
COM). IEEE
Alazab M, Khan LU, Koppu S, Ramu SP, Meenakshisundaram I, Boobalan P et al (2022a) Digital twins for
healthcare 4.0—recent advances, architecture, and open challenges. IEEE Consumer Electron Mag.
https://​doi.​org/​10.​1109/​mce.​2022.​32089​86
Alazab M, Swarna Priya RM, Parimala M, Maddikunta PKR, Gadekallu TR, Pham QV (2022b) Feder-
ated learning for cybersecurity: concepts, challenges, and future directions. IEEE Trans Ind Inf
18(5):3501–3509. https://​doi.​org/​10.​1109/​tii.​2021.​31190​38
Alcaraz C, Lopez J (2022) Digital twin: a comprehensive survey of security threats. IEEE Commun Surv
Tutor 24(3):1475–1503. https://​doi.​org/​10.​1109/​comst.​2022.​31714​65
Ali WA, Fanti MP, Roccotelli M, Ranieri L (2023) A review of digital twin technology for electric and
autonomous vehicles. Appl Sci 13(10):5871. https://​doi.​org/​10.​3390/​app13​105871
Allison D, Smith P, Mclaughlin K (2023) Digital twin-enhanced incident response for cyber-physical sys-
tems. In: Proceedings of the 18th international conference on availability, reliability and security.
ARES 2023. ACM, New York
Aloqaily M, Kanhere S, Bellavista P, Nogueira M (2022) Special issue on cybersecurity management in the
era of AI. J Netw Syst Manag. https://​doi.​org/​10.​1007/​s10922-​022-​09659-3
AlSalem T, Almaiah M, Lutfi A (2023) Cybersecurity risk analysis in the IoT: a systematic review. Electron-
ics 12(18):3958. https://​doi.​org/​10.​3390/​elect​ronic​s1218​3958
Alshammari K, Beach T, Rezgui Y (2021) Cybersecurity for digital twins in the built environment: cur-
rent research and future directions. J Inf Technol Constr 26:159–173. https://​doi.​org/​10.​36680/j.​itcon.​
2021.​010
Alshammari K, Beach T, Rezgui Y (2021) industry engagement for identification of cybersecurity needs
practices for digital twins. In: 2021 IEEE international conference on engineering, technology and
innovation (ICE/ITMC). IEEE. https://​doi.​org/​10.​1109/​ICE/​ITMC5​2061.​2021.​95702​08
Al-Turjman F, Zahmatkesh H, Shahroze R (2019) An overview of security and privacy in smart cities’ IoT
communications. Transactions on Emerging Telecommunications Technologies. https://​doi.​org/​10.​
1002/​ett.​3677
Aluvalu R, Mudrakola S, UmaMaheswari V, Kaladevi AC, Sandhya MVS, Bhat CR (2023) The novel
emergency hospital services for patients using digital twins. Microprocessors Microsyst 98:104794.
https://​doi.​org/​10.​1016/j.​micpro.​2023.​104794
Anjum N, Latif Z, Lee C, Shoukat IA, Iqbal U (2021) MIND: a multi-source data fusion scheme for intru-
sion detection in networks. Sensors 21(14):4941. https://​doi.​org/​10.​3390/​s2114​4941
Ansari MF (2022) A quantitative study of risk scores and the effectiveness of AI-based cybersecurity aware-
ness training programs. Int J Smart Sens Adhoc Netw. https://​doi.​org/​10.​47893/​ijssan.​2022.​1212
Ansari MF, Sharma PK, Dash B (2022) Prevention of phishing attacks using AI-based cybersecurity aware-
ness training. Int J Smart Sens Adhoc Netw. https://​doi.​org/​10.​47893/​ijssan.​2022.​1221
Arpita M, Panchal S (2022) Smart health and cybersecurity in the era of artificial intelligence. In: Informa-
tion and communication technology for competitive strategies (ICTCS 2021). Springer, Singapore, pp
41–48
Ashraf I, Park Y, Hur S, Kim SW, Alroobaea R, Zikria YB, et al (2022) A survey on cyber security threats
in IoT-enabled time industry. IEEE Trans Intell Transp Syst. https://​doi.​org/​10.​1109/​tits.​2022.​31646​
78

13
A review of digital twins and their application in cybersecurity… Page 57 of 65 201

Aslam N, Khan IU, Mirza S, AlOwayed A, Anis FM, Aljuaid RM et al (2022) Interpretable machine learn-
ing models for malicious domains detection using explainable artificial intelligence (XAI). Sustain-
ability 14(12):7375. https://​doi.​org/​10.​3390/​su141​27375
Autiosalo J, Vepsalainen J, Viitala R, Tammi K (2020) A feature-based framework for structuring industrial
digital twins. IEEE Access 8:1193–1208. https://​doi.​org/​10.​1109/​access.​2019.​29505​07
Balyakin AA, Nurbina MV, Taranenko SB (2022) Digital twins in real economy: unobvious effects. In:
Proceeding of the international science and technology conference “FarEastCYRSon 2021”. Springer,
Singapore, pp 699–711
Bao Z, He D, Khan MK, Luo M, Xie Q (2023) PBidm: privacy-preserving blockchain-based identity man-
agement system for industrial Internet of Things. IEEE Trans Ind Inf 19(2):1524–1534. https://​doi.​
org/​10.​1109/​tii.​2022.​32067​98
Benedictis AD, Esposito C, Somma A (2022) Toward the adoption of secure cyber digital twins to enhance
cyber-physical systems security. In: Communications in computer and information science. Springer,
Cham, pp 307–321
Bergs T, Gierlings S, Auerbach T, Klink A, Schraknepper D, Spurger T (2021) The concept of digital twin
and digital shadow in manufacturing. Procedia CIRP 101:81–84. https://​doi.​org/​10.​1016/j.​procir.​
2021.​02.​010
Bonfanti ME (2022) Artificial intelligence and the offense–defense balance in cyber security. In: Cyber
security politics. Routledge, London, pp 64–77
Botín-Sanabria DM, Mihaita AS, Peimbert-García RE, Ramírez-Moreno MA, Ramírez-Mendoza RA, de
J. Lozoya-Santos J (2022) Digital twin technology challenges and applications: a comprehensive
review. Remot Sens 14(6):1335. https://​doi.​org/​10.​3390/​rs140​61335
Boton C, Rivest L, Ghnaya O, Chouchen M (2020) What is at the root of construction 4.0: a systematic
review of the recent research effort. Arch Comput Methods Eng 28(4):2331–2350. https://​doi.​org/​10.​
1007/​s11831-​020-​09457-7
Boyes H, Watson T (2022) Digital twins: an analysis framework and open issues. Comput Ind 143:103763.
https://​doi.​org/​10.​1016/j.​compi​nd.​2022.​103763
Broo DG, Bravo-Haro M, Schooling J (2022) Design and implementation of a smart infrastructure digital
twin. Autom Constr 136:104171. https://​doi.​org/​10.​1016/j.​autcon.​2022.​104171
Bühler MM, Jelinek T, Nübel K (2022) Training and preparing tomorrow’s workforce for the fourth indus-
trial revolution. Educ Sci 12(11):782. https://​doi.​org/​10.​3390/​educs​ci121​10782
Calvo-Bascones P, Voisin A, Do P, Sanz-Bobi MA (2023) A collaborative network of digital twins for
anomaly detection applications of complex systems. Snitch Digital Twin concept. Comput Ind
144:103767. https://​doi.​org/​10.​1016/j.​compi​nd.​2022.​103767
Can O, Turkmen A (2023) Digital twin and manufacturing, 8th edn. Springer, Singapore, pp 175–194
Capuano N, Fenza G, Loia V, Stanzione C (2022) Explainable artificial intelligence in cybersecurity: a sur-
vey. IEEE Access 10:93575–93600. https://​doi.​org/​10.​1109/​access.​2022.​32041​71
Castellani A, Schmitt S, Squartini S (2021) Real-world anomaly detection by using digital twin systems and
weakly supervised learning. IEEE Trans Ind Inf 17(7):4733–4742. https://​doi.​org/​10.​1109/​tii.​2020.​
30197​88
Chen D, Lv Z (2022) Artificial intelligence enabled digital twins for training autonomous cars. Internet
Things Cyber-Physi Syst 2:31–41. https://​doi.​org/​10.​1016/j.​iotcps.​2022.​05.​001
Chinesta F, Cueto E, Abisset-Chavanne E, Duval JL, Khaldi FE (2018) Virtual, digital and hybrid twins: a
new paradigm in data-based engineering and engineered data. Arch Comput Methods Eng 27(1):105–
134. https://​doi.​org/​10.​1007/​s11831-​018-​9301-4
Chowdhury A, Karmakar G, Kamruzzaman J, Jolfaei A, Das R (2020) Attacks on self-driving cars and their
countermeasures: a survey. IEEE Access 8:207308–207342. https://​doi.​org/​10.​1109/​access.​2020.​
30377​05
da Silva ACF, Wagner S, Lazebnik E, Traitel E (2023) Using a cyber digital twin for continuous automotive
security requirements verification. IEEE Softw 40(1):69–76. https://​doi.​org/​10.​1109/​ms.​2022.​31713​
05
Dash SP, Joshi S, Satapathy SC, Shandilya SK, Panda G (2022) A cybertwin-based 6G cooperative IoE
communication network: secrecy outage analysis. IEEE Trans Ind Inf 18(7):4922–4932. https://​doi.​
org/​10.​1109/​tii.​2021.​31401​25
de Azambuja AJG, Giese T, Schützer K, Anderl R, Schleich B, Almeida VR (2024) Digital twins in Indus-
try 4.0—opportunities and challenges related to cyber security. Procedia CIRP 121:25–30. https://​doi.​
org/​10.​1016/j.​procir.​2023.​09.​225
de Souza Junior AA, de Souza Pio JL, Fonseca JC, Oliveira MAD, de Paiva Valadares OC, Silva PHSD
(2021) The state of cybersecurity in smart manufacturing systems: a systematic review. Eur J Bus
Manag Res 6(6):188–194. https://​doi.​org/​10.​24018/​ejbmr.​2021.6.​6.​1173

13
201 Page 58 of 65 M. Homaei et al.

Delgado JMD, Oyedele L (2021) Digital Twins for the built environment: learning from conceptual and pro-
cess models in manufacturing. Adv Eng Inform 49:101332. https://​doi.​org/​10.​1016/j.​aei.​2021.​101332
Dietz M, Hageman L, von Hornung C, Pernul G (2022) Employing digital twins for security-by-design
system testing. In: Proceedings of the 2022 ACM workshop on secure and trustworthy cyber-physical
systems, CODASPY ’22. ACM, New York
Dinis FM, Poças Martins J, Guimarães AS, Rangel B (2021) BIM and semantic enrichment methods and
applications: a review of recent developments. Arch Comput Methods Eng 29(2):879–895. https://​
doi.​org/​10.​1007/​s11831-​021-​09595-6
Dodiya KR, Jha M, Jha S (2024) Fortifying the digital forge: unleashing cybersecurity in the interconnected
world of digital manufacturing. IGI Global, Hershey, pp 230–256
Domínguez M, Fuertes JJ, Prada MA, Alonso S, Morán A, Pérez D (2022) Design of platforms for experi-
mentation in industrial cybersecurity. Appl Sci 12(13):6520. https://​doi.​org/​10.​3390/​app12​136520
Ebrahimabadi M, Bahrami J, Younis M, Karimi N (2023) Digital twin integrity protection in distributed
control systems. In: IEEE consumer communications & networking conference (CCNC), Las Vegas
El Bazi N, Mabrouki M, Laayati O, Ouhabi N, El Hadraoui H, Hammouch FE et al (2023) Generic multi-
layered digital-twin-framework-enabled asset lifecycle management for the sustainable mining indus-
try. Sustainability 15(4):3470. https://​doi.​org/​10.​3390/​su150​43470
El-Hajj M, Itäpelto T, Gebremariam T (2024) Systematic literature review: digital twins’ role in enhancing
security for Industry 4.0 applications. Secur Privacy. https://​doi.​org/​10.​1002/​spy2.​396
Epiphaniou G, Hammoudeh M, Yuan H, Maple C, Ani U (2023) Digital twins in cyber effects modelling of
IoT/CPS points of low resilience. Simul Model Pract Theory 125:102744. https://​doi.​org/​10.​1016/j.​
simpat.​2023.​102744
Fang X, Wang H, Liu G, Tian X, Ding G, Zhang H (2022) Industry application of digital twin: from con-
cept to implementation. Int J Adv Manuf Technol 121(7–8):4289–4312. https://​doi.​org/​10.​1007/​
s00170-​022-​09632-z
Farhan BI, Jasim AD (2022) A survey of intrusion detection using deep learning in Internet of Things. Iraqi
J Comput Sci Math. https://​doi.​org/​10.​52866/​ijcsm.​2022.​01.​01.​009
Ferrag MA, Kantarci B, Cordeiro LC, Debbah M, Choo KKR (2023) Poisoning attacks in federated edge
learning for digital twin 6G-enabled IoTs: an anticipatory study. In: 2023 IEEE International confer-
ence on communications workshops (ICC Workshops). IEEE
Fortino G, Guerrieri A, Pace P, Savaglio C, Spezzano G (2022) IoT platforms and security: an analysis of
the leading industrial/commercial solutions. Sensors 22(6):2196. https://​doi.​org/​10.​3390/​s2206​2196
Ghimire B, Rawat DB (2022) Recent advances on federated learning for cybersecurity and cybersecurity for
federated learning for Internet of Things. IEEE Internet Things J 9(11):8229–8249. https://​doi.​org/​10.​
1109/​jiot.​2022.​31503​63
Grasselli C, Melis A, Rinieri L, Berardi D, Gori G, Sadi AA (2022) An Industrial network digital twin for
enhanced security of cyber-physical systems. In: 2022 International symposium on networks, com-
puters and communications (ISNCC). IEEE
Guo J, Lv Z (2022) Application of Digital Twins in multiple fields. Multimedia Tools Appl 81(19):26941–
26967. https://​doi.​org/​10.​1007/​s11042-​022-​12536-5
Guo J, Bilal M, Qiu Y, Qian C, Xu X, Choo KKR (2022) Survey on digital twins for Internet of vehicles:
fundamentals, challenges, and opportunities. Digit Commun Netw. https://​doi.​org/​10.​1016/j.​dcan.​
2022.​05.​023
Hailu TA, Viajiprabhu G, Endris AS, Arappali N (2022) Artificial intelligence based network security sys-
tem to predict the possible threats in healthcare data. In: 2022 International conference on sustainable
computing and data communication systems (ICSCDS). IEEE
Hariharan S, Velicheti A, Anagha AS, Thomas C, Balakrishnan N (2021) Explainable artificial intelligence
in cybersecurity: a brief review. In: 2021 4th International conference on security and Privacy (ISEA-
ISAP). IEEE
Hemdan EED, El-Shafai W, Sayed A (2023) Integrating digital twins with IoT-based blockchain: concept,
architecture, challenges, and future scope. Wirel Pers Commun 131(3):2193–2216. https://​doi.​org/​10.​
1007/​s11277-​023-​10538-6
Herwig C, Pörtner R, Möller J (eds) (2021) Digital twins. Springer, Cham
Ho ESL (2021) Data Security challenges in deep neural network for healthcare IoT systems. In: Studies in
big data. Springer, Cham Cham, pp 19–37
Holmes D, Papathanasaki M, Maglaras L, Ferrag MA, Nepal S, icke H (2021) Digital twins and cyber secu-
rity—solution or challenge? In: 2021 6th South-East Europe design automation, computer engineer-
ing, computer networks and social media conference (SEEDA-CECNSM). IEEE
Homaei MH, Salwana E, Shamshirband S (2019) An enhanced distributed data aggregation method in the
Internet of Things. Sensors 19(14):3173. https://​doi.​org/​10.​3390/​s1914​3173

13
A review of digital twins and their application in cybersecurity… Page 59 of 65 201

Homaei MH, Soleimani F, Shamshirband S, Mosavi A, Nabipour N, Varkonyi-Koczy AR (2020) An

enhanced distributed congestion control method for classical 6LowPAN protocols using fuzzy deci-
sion system. IEEE Access 8:20628–20645. https://​doi.​org/​10.​1109/​access.​2020.​29685​24
Homaei MH, Band SS, Pescape A, Mosavi A (2021) DDSLA-RPL: dynamic ision system based on learning
automata in the RPL protocol for achieving QoS. IEEE Access. 9:63131–63148. https://​doi.​org/​10.​
1109/​access.​2021.​30753​78
Homaei M, Caro Lindo A, Mogollon-Gutierrez O, Diaz Alonso J (2022) The role of artificial intelligence in
digital twin’s cybersecurity. XVII Reunión española sobre criptología y seguridad de la información
RECSI 265:133. https://​doi.​org/​10.​22429/​Euc20​22.​028
Hribernik K, Cabri G, Mandreoli F, Mentzas G (2021) Autonomous, context-aware, adaptive Digital
Twins—state of the art and roadmap. Comput Ind 133:103508. https://​doi.​org/​10.​1016/j.​compi​nd.​
2021.​103508
Huang S, Wang G, Yan Y, Fang X (2020) Blockchain-based data management for digital twin of product. J
Manuf Syst 54:361–371. https://​doi.​org/​10.​1016/j.​jmsy.​2020.​01.​009
Human C, Basson AH, Kruger K (2021) Digital twin data pipeline using MQTT in SLADTA. In: Service
oriented, holonic and multi-agent manufacturing systems for industry of the future. Springer, Cham,
pp 111–122
Huo R, Zeng S, Wang Z, Shang J, Chen W, Huang T et al (2022) A comprehensive survey on blockchain in
industrial Internet of Things: motivations, research progresses, and future challenges. IEEE Commun
Surv Tutor 24(1):88–122. https://​doi.​org/​10.​1109/​comst.​2022.​31414​90
Hussaini A, Qian C, Liao W, Yu W (2022) A taxonomy of security and defense mechanisms in digital
twins-based cyber-physical systems. In: 2022 IEEE international conferences on Internet of Things
(iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical
and Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cyber-
matics (Cybermatics). IEEE
Huynh DV, Nguyen VD, Khosravirad SR, Sharma V, Dobre OA, Shin H et al (2022) URLLC edge networks
with joint optimal user association, task offloading and resource allocation: a digital twin approach.
IEEE Trans Commun 70(11):7669–7682. https://​doi.​org/​10.​1109/​tcomm.​2022.​32056​92
Jarosz K, Özel T (2022) Machine learning approaches towards digital twin development for machining sys-
tems. Int J Mechatron Manuf Syst 15(2/3):127. https://​doi.​org/​10.​1504/​ijmms.​2022.​124922
Jeong DY, Baek MS, Lim TB, Kim YW, Kim SH, Lee YT et al (2022) Digital twin: technology evolution
stages and implementation layers with technology elements. IEEE Access 10:52609–52620. https://​
doi.​org/​10.​1109/​access.​2022.​31742​20
Ji C, Niu Y (2024) A hybrid evolutionary and machine learning approach for smart city planning: digital
twin approach. Sustain Energy Technol Assess 64:103650. https://​doi.​org/​10.​1016/j.​seta.​2024.​103650
Jimenez JI, Jahankhani H, Kendzierskyj S (2019) Health care in the cyberspace: medical cyber-physical
system and digital twin challenges. In: Internet of Things. Springer, Cham, pp 79–92
Job D, Paul V (2022) Challenges, security mechanisms, and research areas in IoT and IioT. In: Internet of
Things and its applications. Springer, Cham, pp 523–538
Kaiser J, McFarlane D, Hawkridge G, André P, Leitão P (2023) A review of reference architectures for digi-
tal manufacturing: classification, applicability and open issues. Comput Ind 149:103923. https://​doi.​
org/​10.​1016/j.​compi​nd.​2023.​103923
Kaissar A, Nassif AB, Injadat M (2022) A survey on network intrusion detection using convolutional neural
network. ITM Web Conf 43:01003. https://​doi.​org/​10.​1051/​itmco​nf/​20224​301003
Kale R, Lu Z, Fok KW, Thing VLL (2022) A hybrid deep learning anomaly detection framework for intru-
sion detection. In: 2022 IEEE 8th international conference on big data security on cloud (BigDataSe-
curity), IEEE international conference on high performance and smart computing (HPSC) and IEEE
international conference on intelligent data and security (IDS). IEEE
Kaur MJ, Mishra VP, Maheshwari P (2020) The convergence of digital twin, IoT, and machine learning:
transforming data into action. In: Internet of Things. Springer, Cham, pp 3–17
Kayan H, Nunes M, Rana O, Burnap P, Perera C (2022) Cybersecurity of industrial cyber-physical systems:
a review. ACM Comput Surv 54(11s):1–35. https://​doi.​org/​10.​1145/​35104​10
Khan LU, Saad W, Niyato D, Han Z, Hong CS (2022) Digital-twin-enabled 6G: vision, architectural trends,
and future directions. IEEE Commun Mag 60(1):74–80. https://​doi.​org/​10.​1109/​mcom.​001.​21143
Khraisat A, Alazab A (2021) A critical review of intrusion detection systems in the internet of things: tech-
niques, deployment strategy, validation strategy, attacks, public datasets and challenges. Cybersecu-
rity. https://​doi.​org/​10.​1186/​s42400-​021-​00077-7
Kim M, Lim C, Hsuan J (2023) From technology enablers to circular economy: data-driven understand-
ing of the overview of servitization and product–service systems in Industry 4.0. Comput Ind
148:103908. https://​doi.​org/​10.​1016/j.​compi​nd.​2023.​103908

13
201 Page 60 of 65 M. Homaei et al.

Kor M, Yitmen I, Alizadehsalehi S (2023) An investigation for integration of deep learning and digital
twins towards construction 4.0. Smart Sustain Built Environ 12(3):461–487. https://​doi.​org/​10.​1108/​
SASBE-​08-​2021-​0148
Korovin G (2022) Digital twins in the industry: maturity, functions, effects. In: Lecture notes in information
systems and organisation. Springer, Cham, pp 1–12
Kose U (2023) Security issues in artificial intelligence use for metaverse and digital twin setups. In: Digital
twin driven intelligent systems and emerging metaverse. Springer, Singapore, pp 331–349
Krishnaveni S, Chen TM, Sathiyanarayanan M, Amutha B (2024) CyberDefender: an integrated intelligent
defense framework for digital-twin-based industrial cyber-physical systems. Clust Comput. https://​
doi.​org/​10.​1007/​s10586-​024-​04320-x
Krückemeier S, Anderl R (2022) Concept for digital twin based virtual part inspection for additive manufac-
turing. Procedia CIRP 107:458–462. https://​doi.​org/​10.​1016/j.​procir.​2022.​05.​008
Krzyczkowski D (2019) Introducing azure digital twins: IoT device integration in digital and physical
spaces. O’Reilly, Sebastopol
Kuleshov YA, Nagpal K, Ucpinar K, Gadaginmath A, Gadaginmath S, O’Daniel K, et al (2024) Cyber
attacks on avionics networks in digital twin environment: detection and defense. In: AIAA SCITECH
2024 forum. American Institute of Aeronautics and Astronautics, Reston
Kulik T, Gomes C, Macedo HD, Hallerstede S, Larsen PG (2022). Towards secure digital twins. In: Lecture
notes in computer science. Springer, Cham, pp 159–176
Kumar K, Pande BP (2022) Applications of machine learning techniques in the realm of cybersecurity.
Cyber Secur Digit Forensics. https://​doi.​org/​10.​1002/​97811​19795​667.​ch13
Lalouani W, Younis M, Ebrahimabadi M, Karimi N (2022) Countering modeling attacks in PUF-based
IoT security solutions. ACM J Emerg Technol Comput Syst 18(3):1–28. https://​doi.​org/​10.​1145/​
34912​21
Liu J, Zhang L, Li C, Bai J, Lv H, Lv Z (2022) Blockchain-based secure communication of intelligent
transportation digital twins system. IEEE Trans Intell Transp Syst 23(11):22630–22640. https://​
doi.​org/​10.​1109/​tits.​2022.​31833​79
Liu YK, Ong SK, Nee AYC (2022) State-of-the-art survey on digital twin implementations. Adv Manuf
10(1):1–23. https://​doi.​org/​10.​1007/​s40436-​021-​00375-w
Liu Y, Zhang W, Li L, Wu J, Xia Y, Gao S et al (2024) Toward autonomous trusted networks—from
digital twin perspective. IEEE Netw. https://​doi.​org/​10.​1109/​mnet.​2024.​33531​80
Li S, Wu W, Meng Y, Li J, Zhu H, Shen XS (2023) Data poisoning attack against anomaly detectors in
digital twin-based networks. In: ICC 2023—IEEE international conference on communications. IEEE
Luzzi J, Naha R, Arulappan A, Mahanti A (2024) SoK: a holistic view of cyberattacks prediction with
digital twins. In: 2024 2nd International conference on emerging trends in information technology
and engineering (ICETITE). IEEE. https://​doi.​org/​10.​1109/​ic-​ETITE​58242.​2024.​10493​514
Lv Z, Chen D, Feng H, Singh AK, Wei W, Lv H (2022a) Computational intelligence in security of digi-
tal twins big graphic data in cyber-physical systems of smart cities. ACM Trans Manag Inf Syst
13(4):1–17. https://​doi.​org/​10.​1145/​35227​60
Lv Z, Li Y, Feng H, Lv H (2022b) Deep learning for security in digital twins of cooperative intelli-
gent transportation systems. IEEE Trans Intell Transp Syst 23(9):16666–16675. https://​doi.​org/​10.​
1109/​tits.​2021.​31137​79
Lv Z, Cheng C, Lv H (2023) Blockchain based entralized learning for security in digital twins. IEEE
Internet Things J. https://​doi.​org/​10.​1109/​jiot.​2023.​32954​99
Ma J, Guo Y, Fang C, Zhang Q (2024) Digital-twin-based CPS anomaly diagnosis and security defense
countermeasure recommendation. IEEE Internet Things J. https://​doi.​org/​10.​1109/​jiot.​2024.​33669​04
Majeed R, Abdullah NA, Mushtaq MF, Umer M, Nappi M (2021) Intelligent cyber-security system for
IoT-aided drones using voting classifier. Electronics 10(23):2926. https://​doi.​org/​10.​3390/​elect​
ronic​s1023​2926
Matheu SN, Hernández-Ramos JL, Skarmeta AF, Baldini G (2020) A survey of cybersecurity certifica-
tion for the Internet of Things. ACM Comput Surv 53(6):1–36. https://​doi.​org/​10.​1145/​34101​60
Mogollon-Gutierrez O, Sancho Nuñez JC, Avila Vegas M, Caro Lindo A (2023) A novel ensemble
learning system for cyberattack classification. Intell Automation Soft Comput 37(2):1691–1709.
https://​doi.​org/​10.​32604/​iasc.​2023.​039255
Mora AC, Nadjm-Tehrani S, Weippl E, Eckhart M (2022) Digital twins for cyber-physical systems secu-
rity (Dagstuhl Seminar 22171). TBD. https://​doi.​org/​10.​4230/​DAGREP.​12.4.​54
Moya B, Badías A, González D, Chinesta F, Cueto E (2023) Computational sensing, understanding, and
reasoning: an artificial intelligence approach to physics-informed world modeling. Arch Comput
Methods Eng. https://​doi.​org/​10.​1007/​s11831-​023-​10033-y

13
A review of digital twins and their application in cybersecurity… Page 61 of 65 201

Mullet V, Sondi P, Ramat E (2021) A review of cybersecurity guidelines for manufacturing factories in
industry 4.0. IEEE Access 9:23235–23263. https://​doi.​org/​10.​1109/​access.​2021.​30566​50
Mylrea M, Nielsen M, John J, Abbaszadeh M (2021) Digital twin industrial immune system: AI-driven
cybersecurity for critical infrastructures. Springer, Cham, pp 197–212
Nunez JCS, Lindo AC, Rodriguez PG (2020) A preventive secure software development model for a
software factory: a case study. IEEE Access 8:77653–77665. https://​doi.​org/​10.​1109/​access.​2020.​
29891​13
Olivares-Rojas JC, Reyes-Archundia E, Gutierrez-Gnecchi JA, Molina-Moreno I, Cerda-Jacobo J, Men-
dez-Patino A (2022) Towards cybersecurity of the smart grid using digital twins. IEEE Internet
Comput 26(3):52–57. https://​doi.​org/​10.​1109/​mic.​2021.​30636​74
Onwubiko A, Singh R, Awan S, Pervez Z, Ramzan N (2023) Enabling trust and security in digital twin
management: a blockchain-based approach with ethereum and IPFS. Sensors 23(14):6641. https://​
doi.​org/​10.​3390/​s2314​6641
Ortega-Gras JJ, Bueno-Delgado MV, Cañavate-Cruzado G, Garrido-Lova J (2021) Twin transition
through the Implementation of Industry 4.0 technologies: desk-research analysis and practical use
cases in Europe. Sustainability 13(24):13601. https://​doi.​org/​10.​3390/​su132​413601
Ozkaya I (2022) Architectural concerns of digital twins. IEEE Softw 39(2):3–6. https://​doi.​org/​10.​1109/​
ms.​2021.​31308​72
Pal K (2023) IoT applications with cryptography and blockchain technology in healthcare digital twin
design. IGI Global, Hershey, pp 220–249. http://​dx.​doi.​org/​10.​4018/​978-1-​6684-​5376-6.​ch009
Palensky P, Cvetkovic M, Gusain D, Joseph A (2022) Digital twins and their use in future power sys-
tems. Digit Twin 1:4. https://​doi.​org/​10.​12688/​digit​altwin.​17435.2
Pan Y, Zhang L (2023) Integrating BIM and AI for smart construction management: current status
and future directions. Arch Comput Methods Eng 30(2):1081–1110. https://​doi.​org/​10.​1007/​
s11831-​022-​09830-8
Panfilis SD, Gusmeroli S, Rodriguez J, Benedicto J (2018) FIWARE for Industry: a data-driven reference
architecture. In: Enterprise interoperability. Wiley, New York, pp 171–178
Paredes CM, tínez-Castro D, Ibarra-Junquera V, González-Potes A (2021) Detection and isolation of DoS
and integrity cyber attacks in cyber-physical systems with a neural network-based architecture. Elec-
tronics 10(18):2238. https://​doi.​org/​10.​3390/​elect​ronic​s1018​2238
Partida A, Criado R, Romance M (2021) Identity and access management resilience against intentional risk
for blockchain-based IOT platforms. Electronics 10(4):378. https://​doi.​org/​10.​3390/​elect​ronic​s1004​
0378
Patel C, Pasikhani A, Gope P, Clark J (2024) User-empowered secure privacy-preserving authentication
scheme for Digital Twin. Comput Secur 140:103793. https://​doi.​org/​10.​1016/j.​cose.​2024.​103793
Patil S, Varadarajan V, Mazhar SM, Sahibzada A, Ahmed N, Sinha O et al (2022) Explainable artificial
intelligence for intrusion detection system. Electronics 11(19):3079. https://​doi.​org/​10.​3390/​elect​
ronic​s1119​3079
Paul B (2022) Internet of Things (IoT), three-layer architecture, security issues and counter measures. In:
ICT analysis and applications. Springer, Singapore, pp 23–34
Perno M, Hvam L, Haug A (2022) Implementation of digital twins in the process industry: a systematic
literature review of enablers and barriers. Comput Ind 134:103558. https://​doi.​org/​10.​1016/j.​compi​
nd.​2021.​103558
Pessoa MVP, Pires LF, Moreira JLR, Wu C (2022) Model-based digital threads for socio-technical systems.
In: Intelligent systems reference library. Springer, Cham, pp 27–52
Pirbhulal S, Abie H, Shukla A (2022) Towards a novel framework for reinforcing cybersecurity using digi-
tal twins in IoT-based healthcare applications. In: 2022 IEEE 95th vehicular technology conference
(VTC2022-Spring). IEEE, New York
Pires F, Souza M, Ahmad B, Leitão P (2021) Decision support based on digital twin simulation: a case
study. In: Service Oriented, holonic and multi-agent manufacturing systems for industry of the future.
Springer, Cham, pp 99–110
Potgantwar A, Aggarwal S, Pant P, Rajawat AS, Chauhan C, Waghmare VN (2022) Secure aspect of digital
twin for industry 4.0 application improvement using machine learning. SSRN Electron J. https://​doi.​
org/​10.​2139/​ssrn.​41879​77
Pulyala SR (2023) The future of SIEM in a machine learning-driven cybersecurity landscape. Turk J Com-
put Math Educ (TURCOMAT) 14(03):1309–1314. https://​doi.​org/​10.​61841/​turco​mat.​v14i03.​14392
Purcell W, Neubauer T (2023) Digital twins in agriculture: a state-of-the-art review. Smart Agric Technol
3:100094. https://​doi.​org/​10.​1016/j.​atech.​2022.​100094
Putz B, Dietz M, Empl P, Pernul G (2021) EtherTwin: blockchain-based secure digital twin information
management. Inf Process Manag 58(1):102425. https://​doi.​org/​10.​1016/j.​ipm.​2020.​102425

13
201 Page 62 of 65 M. Homaei et al.

Qian C, Liu X, Ripley C, Qian M, Liang F, Yu W (2022) Digital twin—cyber replica of physical things:
architecture, applications and future research directions. Future Internet 14(2):64. https://​doi.​org/​10.​
3390/​fi140​20064
Rani V, Kumar M, Mittal A, Kumar K (2022) Artificial intelligence for cybersecurity: recent advancements,
challenges and opportunities. In: Robotics and AI for cybersecurity and critical infrastructure in smart
cities. Springer, Cham, pp 73–88
Rathore MM, Shah SA, Shukla D, Bentafat E, Bakiras S (2021) The role of AI, machine learning, and big
data in digital twinning: a systematic literature review, challenges, and opportunities. IEEE Access
9:32030–32052. https://​doi.​org/​10.​1109/​access.​2021.​30608​63
Rocha-Jácome C, Carvajal RG, Chavero FM, Guevara-Cabezas E, Fort EH (2021) Industry 4.0: a proposal
of paradigm organization schemes from a systematic literature review. Sensors 22(1):66. https://​doi.​
org/​10.​3390/​s2201​0066
Rodrigues TK, Liu J, Kato N (2021) Application of cybertwin for offloading in mobile multiaccess edge
computing for 6G networks. IEEE Internet Things J 8(22):16231–16242. https://​doi.​org/​10.​1109/​jiot.​
2021.​30953​08
Röhm B, Anderl R (2022) Simulation data management in the digital twin (SDM-DT)—evolution of simu-
lation data management along the product life cycle. Procedia CIRP 105:847–850. https://​doi.​org/​10.​
1016/j.​procir.​2022.​02.​140
Rudskoy A, Ilin I, Prokhorov A (2021) Digital twins in the intelligent transport systems. Transp Res Proce-
dia 54:927–935. https://​doi.​org/​10.​1016/j.​trpro.​2021.​02.​152
Saeed MMA, Saeed RA, Ahmed ZE (2024) Data security and privacy in the age of AI and digital twins. IGI
Global, Hershey, pp 99–124
Sancho JC, Caro A, Ávila M, Bravo A (2020) New approach for threat classification and security risk esti-
mations based on security event management. Futur Gener Comput Syst 113:488–505. https://​doi.​
org/​10.​1016/j.​future.​2020.​07.​015
San O, Pawar S, Rasheed A (2023) centralized digital twins of complex dynamical systems. Sci Rep. https://​
doi.​org/​10.​1038/​s41598-​023-​47078-9
Sasikumar A, Vairavasundaram S, Kotecha K, V I, Ravi L, Selvachandran G et al (2023) Blockchain-based
trust mechanism for digital twin empowered Industrial Internet of Things. Future Gen Comput Syst
141:16–27. https://​doi.​org/​10.​1016/j.​future.​2022.​11.​002
Saracco R (2019) Digital twins: bridging physical space and cyberspace. Computer 52(12):58–64. https://​
doi.​org/​10.​1109/​mc.​2019.​29428​03
Saracco R, Henz P (2022) Special issue on digital twins—part 1. IEEE Internet Comput 26(3):5–6. https://​
doi.​org/​10.​1109/​mic.​2021.​30883​18
Scheibmeir J, Malaiya Y (2020) Multi-model security and social media analytics of the digital twin. Adv
Sci Technol Eng Syst J 5(6), 323–330. https://​doi.​org/​10.​25046/​aj050​639
Scheuermann C, Binderberger T, von Frankenberg N, Werner A (2020) Digital twin: a machine learning
approach to predict individual stress levels in extreme environments. In: Adjunct proceedings of the
2020 ACM International joint conference on pervasive and ubiquitous computing and proceedings of
the 2020 ACM international symposium on wearable computers. UbiComp/ISWC ’20. ACM, New
York
Seelaboyina R, Vadla SPC, Teerthala SA, Pedduri VV (2024) Secure software development life cycle: an
approach to reduce the risks of cyber attacks in cyber physical systems and digital twins. Springer,
Singapore, pp 153–161
Shahzad M, Shafiq MT, Douglas D, Kassem M (2022) Digital twins in built environments: an investigation
of the characteristics, applications, and challenges. Buildings 12(2):120. https://​doi.​org/​10.​3390/​build​
ings1​20201​20
Shandilya SK, Upadhyay S, Kumar A, Nagar AK (2022) AI-assisted computer network operations testbed
for nature-inspired cyber security based adaptive defense simulation and analysis. Futur Gener Com-
put Syst 127:297–308. https://​doi.​org/​10.​1016/j.​future.​2021.​09.​018
Sharma DK, Mishra J, Singh A, Govil R, Srivastava G, Lin JCW (2022) Explainable artificial intelligence
for cybersecurity. Comput Electr Eng 103:108356. https://​doi.​org/​10.​1016/j.​compe​leceng.​2022.​
108356
Sharma A, Kosasih E, Zhang J, Brintrup A, Calinescu A (2022) Digital twins: state of the art theory and
practice, challenges, and open research questions. J Ind Inf Integr 30:100383. https://​doi.​org/​10.​
1016/j.​jii.​2022.​100383
Shen M, Huang R (2024) Backdoor attacks with wavelet embedding: revealing and enhancing the insights
of vulnerabilities in visual object detection models on transformers within digital twin systems. Adv
Eng Inform 60:102355. https://​doi.​org/​10.​1016/j.​aei.​2024.​102355

13
A review of digital twins and their application in cybersecurity… Page 63 of 65 201

Shen W, Hu T, Zhang C, Ma S (2021) Secure sharing of big digital twin data for smart manufacturing based
on blockchain. J Manuf Syst 61:338–350. https://​doi.​org/​10.​1016/j.​jmsy.​2021.​09.​014
Shi L, Krishnan S, Wen S (2022) Study cybersecurity of cyber physical system in the virtual environment: a
survey and new direction. In: Australasian computer science week 2022. ACM, New York
Somers RJ, Douthwaite JA, Wagg DJ, Walkinshaw N, Hierons RM (2023) Digital-twin-based testing for
cyber–physical systems: a systematic literature review. Inf Softw Technol 156:107145. https://​doi.​org/​
10.​1016/j.​infsof.​2022.​107145
Son S, Kwon D, Lee J, Yu S, Jho NS, Park Y (2022) On the design of a privacy-preserving communication
scheme for cloud-based digital twin environments using blockchain. IEEE Access 10:75365–75375.
https://​doi.​org/​10.​1109/​access.​2022.​31914​14
Son BD, Hoa NT, Chien TV, Khalid W, Ferrag MA, Choi W, et al (2024) Adversarial attacks and defenses
in 6G network-assisted IoT systems. IEEE Internet Things J. https://​doi.​org/​10.​1109/​jiot.​2024.​33738​
08
Sousa B, Arieiro M, Pereira V, Correia J, Lourenço N, Cruz T (2021) ELEGANT: security of critical infra-
structures with digital twins. IEEE Access 9:107574–107588. https://​doi.​org/​10.​1109/​access.​2021.​
31007​08
Stergiou CL, Bompoli E, Psannis KE (2023) Security and privacy issues in IoT-based big data cloud sys-
tems in a digital twin scenario. Appl Sci 13(2):758. https://​doi.​org/​10.​3390/​app13​020758
Stjepandić J, Sommer M, Stobrawa S (2021) Digital twin: a conceptual view. Springer series in advanced
manufacturing. Springer, Cham, pp 31–49
Suhail S, Hussain R, Jurdak R, Hong CS (2022) Trustworthy digital twins in the industrial Internet of
Things with blockchain. IEEE Internet Comput 26(3):58–67. https://​doi.​org/​10.​1109/​mic.​2021.​30593​
20
Suhail S, Iqbal M, Hussain R, Jurdak R (2023) ENIGMA: an explainable digital twin security solu-
tion for cyber-physical systems. Comput Ind 151:103961. https://​doi.​org/​10.​1016/j.​compi​nd.​2023.​
103961
Tang F, Chen X, Rodrigues TK, Zhao M, Kato N (2022) Survey on digital twin edge networks (DITEN)
toward 6G. IEEE Open J Commun Soc 3:1360–1381. https://​doi.​org/​10.​1109/​ojcoms.​2022.​31978​
11
Tao F, Xiao B, Qi Q, Cheng J, Ji P (2022) Digital twin modeling. J Manuf Syst 64:372–389. https://​doi.​
org/​10.​1016/j.​jmsy.​2022.​06.​015
Teisserenc B, asgozar S (2021) Adoption of blockchain technology through digital twins in the construction
industry 4.0: a PESTELS approach. Buildings 11(12):670. https://​doi.​org/​10.​3390/​build​ings1​11206​70
Terry L (2022) End-to-end security in Azure. Microsoft. https://​learn.​micro​soft.​com/​en-​us/​azure/​secur​
ity/​funda​menta​ls/​end-​to-​end
Thakur G, Kumar P, Deepika, Girala S, Das AK, Park Y (2023) An effective privacy-preserving block-
chain-assisted security protocol for cloud-based digital twin environment. IEEE Access 11:26877–
26892. https://​doi.​org/​10.​1109/​access.​2023.​32491​16
Thelen A, Zhang X, Fink O, Lu Y, Ghosh S, Youn BD et al (2022) A comprehensive review of digital
twin—part 1: modeling and twinning enabling technologies. Struct Multidiscip Optim. https://​doi.​
org/​10.​1007/​s00158-​022-​03425-4
Tsareva PE, Voronova AV (2022) Information security systems based on the AI and machine learning.
In: 2022 Conference of Russian young researchers in electrical and electronic engineering (ElCon-
Rus). IEEE
Turab M, Jamil S (2023) A comprehensive survey of digital twins in healthcare in the era of metaverse.
BioMedInformatics 3(3):563–584. https://​doi.​org/​10.​3390/​biome​dinfo​r mati​cs303​0039
Ulmer J, Braun S, Cheng CT, Dowey S, Wollert J (2022) Usage of digital twins for gamification applica-
tions in manufacturing. Procedia CIRP 107:675–680. https://​doi.​org/​10.​1016/j.​procir.​2022.​05.​044
Umer MA, Junejo KN, Jilani MT, Mathur AP (2022) Machine learning for intrusion detection in indus-
trial control systems: Applications, challenges, and recommendations. Int J Crit Infrastruct Prot
38:100516. https://​doi.​org/​10.​1016/j.​ijcip.​2022.​100516
van der Burg S, Kloppenburg S, Kok EJ, van der Voort M (2021) Digital twins in agri-food: societal
and ethical themes and questions for further research. NJAS Impact Agric Life Sci 93(1):98–125.
https://​doi.​org/​10.​1080/​27685​241.​2021.​19892​69
Vieira MN, Oliveira LP, Carneiro L (2022a) A comparative analysis of machine learning algorithms for
distributed intrusion detection in IoT networks. In: Advanced information networking and applica-
tions. Springer, Cham, pp 249–258
Vieira J, tins JP, de Almeida NM, Patrício H, Morgado JG (2022b) Towards resilient and sustainable
rail and road networks: a systematic literature review on digital twins. Sustainability 14(12):7060.
https://​doi.​org/​10.​3390/​su141​27060

13
201 Page 64 of 65 M. Homaei et al.

Vielberth M, Glas M, Dietz M, Karagiannis S, Magkos E, Pernul G (2021) A digital twin-based cyber
range for SOC analysts. Springer, Cham, pp 293–311
Vitthalrao MA (2020) Software vulnerability classification based on machine learning algorithm. Int
J Adv Trends Comput Sci Eng 9(4):6653–6659. https://​doi.​org/​10.​30534/​ijatc​se/​2020/​35894​2020
Voth JM, Sturtevant GH (2022) Digital engineering: expanding the advantage. J Mar Eng Technol
21(6):355–363. https://​doi.​org/​10.​1080/​20464​177.​2021.​20243​82
Wan Z, Dong Y, Yu Z, Lv H, Lv Z (2021) Semi-supervised support vector machine for digital twins
based brain image fusion. Front Neurosci. https://​doi.​org/​10.​3389/​fnins.​2021.​705323
Wang Z, Liu D, Sun Y, Pang X, Sun P, Lin F et al (2022a) A survey on IoT-enabled home automation
systems: attacks and defenses. IEEE Commun Surv Tutor 24(4):2292–2328. https://​doi.​org/​10.​
1109/​comst.​2022.​32015​57
Wang S, Li H, Chen J, Wang J, Deng Y (2022b) DAG blockchain-based lightweight authentication and
authorization scheme for IoT devices. J Inf Secur Appl 66:103134. https://​doi.​org/​10.​1016/j.​jisa.​
2022.​103134
Wang Y, Kang X, Chen Z (2022c) A survey of Digital Twin techniques in smart manufacturing and
management of energy applications. Green Energy Intell Transp 1(2):100014. https://​doi.​org/​10.​
1016/j.​geits.​2022.​100014
Wang Y, Su Z, Guo S, Dai M, Luan TH, Liu Y (2023a) A survey on digital twins: architecture, enabling
technologies, security and privacy, and future prospects. IEEE Internet Things J 10(17):14965–
14987. https://​doi.​org/​10.​1109/​jiot.​2023.​32639​09
Wang H, Di X, Wang Y, Ren B, Gao G, Deng J (2023b) An intelligent digital twin method based on
spatio-temporal feature fusion for IoT attack behavior identification. IEEE J Sel Areas Commun
41(11):3561–3572. https://​doi.​org/​10.​1109/​jsac.​2023.​33100​91
Wang Q, Wu W, Qian L, Cai Y, Qian J, Meng L (2023c) Design and implementation of secure and reliable
information interaction architecture for digital twins. China Commun 20(2):79–93. https://​doi.​org/​10.​
23919/​jcc.​2023.​02.​006
Waqas M, Tu S, Halim Z, Rehman SU, Abbas G, Abbas ZH (2022) The role of artificial intelligence and
machine learning in wireless networks security: principle, practice and challenges. Artif Intell Rev
55(7):5215–5261. https://​doi.​org/​10.​1007/​s10462-​022-​10143-2
Wei W, An B, Qiao K, Shen J (2023) A blockchain-based multi-users oblivious data sharing scheme for
digital twin system in industrial Internet of Things. IEEE J Sel Areas Commun 41(10):3318–3332.
https://​doi.​org/​10.​1109/​jsac.​2023.​33101​05
Wu J, Wang X, Dang Y, Lv Z (2022) Digital twins and artificial intelligence in transportation infrastructure:
classification, application, and future research directions. Comput Electr Eng 101:107983. https://​doi.​
org/​10.​1016/j.​compe​leceng.​2022.​107983
Wu ZY, Chew A, Meng X, Cai J, Pok J, Kalfarisi R et al (2023) High fidelity digital twin-based anomaly
detection and localization for smart water grid operation management. Sustain Cities Soc 91:104446.
https://​doi.​org/​10.​1016/j.​scs.​2023.​104446
Yoshizawa T, Singelée D, Muehlberg JT, Delbruel S, Taherkordi A, Hughes D et al (2023) A Survey of
Security and Privacy Issues in V2X Communication Systems. ACM Comput Surv 55(9):1–36.
https://​doi.​org/​10.​1145/​35580​52
Yu L, Wang H, Li L, He H (2021) Towards automated detection of higher-order command injection vulner-
abilities in IoT devices. Int J Digit Crime Forensics 13(6):1–14. https://​doi.​org/​10.​4018/​ijdcf.​286755
Zhang J, Tai Y (2021) Secure medical digital twin via human-centric interaction and cyber vulnerability
resilience. Connect Sci 34(1):895–910. https://​doi.​org/​10.​1080/​09540​091.​2021.​20134​43
Zhang Z, Ning H, Shi F, Farha F, Xu Y, Xu J et al (2021) Artificial intelligence in cyber security: research
advances, challenges, and opportunities. Artif Intell Rev 55(2):1029–1053. https://​doi.​org/​10.​1007/​
s10462-​021-​09976-0
Zhang Z, Wen F, Sun Z, Guo X, He T, Lee C (2022a) Artificial intelligence-enabled sensing technologies in
the 5G/Internet of Things era: from virtual reality/mented reality to the digital twin. Adv Intell Syst
4(7):2100228. https://​doi.​org/​10.​1002/​aisy.​20210​0228
Zhang Z, Hamadi HA, Damiani E, Yeun CY, Taher F (2022b) Explainable artificial intelligence applications
in cyber security: state-of-the-art in research. IEEE Access 10:93104–93139. https://​doi.​org/​10.​1109/​
access.​2022.​32040​51
Zhang J, Wei J, Zhang J, Bo C (2023a) CKAA: certificateless key-agreement authentication scheme in digi-
tal twin telemedicine environment. Trans Emerg Telecommun Technol. https://​doi.​org/​10.​1002/​ett.​
4922
Zhang Z, Yang W, Wu F, Li P (2023b) Privacy and integrity-preserving data aggregation scheme for wire-
less sensor networks digital twins. J Cloud Comput. https://​doi.​org/​10.​1186/​s13677-​023-​00522-7

13
A review of digital twins and their application in cybersecurity… Page 65 of 65 201

Zohdi TI (2021) A digital-twin and machine-learning framework for ventilation system optimization for
capturing infectious disease respiratory emissions. Arch Comput Methods Eng 28(6):4317–4329.
https://​doi.​org/​10.​1007/​s11831-​021-​09609-3

Publisher’s Note Springer Nature remains neutral with regard to jurisdictional claims in published maps and
institutional affiliations.

13