pith. machine review for the scientific record. sign in

arxiv: 2605.11682 · v1 · submitted 2026-05-12 · 💻 cs.CR

Recognition: no theorem link

HySecTwin: A Knowledge-Driven Digital Twin Framework Augmented with Hybrid Reasoning for Cyber-Physical Systems

Ahmad Moshin, David Holmes, Helge Yanicke, Leslie Sikos, Surya Nepal

Pith reviewed 2026-05-13 00:57 UTC · model grok-4.3

classification 💻 cs.CR
keywords digital twincyber-physical systemshybrid reasoningsemantic modellingthreat detectioncybersecurityCPS
0
0 comments X

The pith

HySecTwin combines semantic modeling with hybrid deterministic and fuzzy reasoning in digital twins to deliver faster, explainable threat detection for cyber-physical systems.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents HySecTwin to overcome the absence of semantic reasoning in conventional digital twins used for CPS cybersecurity. It converts heterogeneous telemetry, device attributes, and operational relationships into machine-interpretable semantic forms and runs an embedded reasoning engine that mixes deterministic rules with fuzzy logic over live contextual states. This produces explicit, auditable security assessments while supporting real-time context-aware monitoring. Experiments on a representative CPS testbed using MITRE ATT&CK-inspired attack scenarios report sub-millisecond twin synchronization and up to 21.5 percent faster threat detection than deterministic reasoning alone, with no added system overhead. The framework is positioned as a lightweight, containerized solution for secure-by-design deployments in mission-critical infrastructures.

Core claim

HySecTwin is a knowledge-driven digital twin architecture that places automated reasoning at its core by transforming CPS telemetry and relationships into semantic representations and applying a hybrid reasoning engine that integrates deterministic rule-based inference with fuzzy reasoning to generate interpretable security assessments directly from live device data.

What carries the argument

The hybrid reasoning engine operating over semantically enriched contextualized system states to combine deterministic rules with fuzzy logic for producing explicit and auditable threat assessments.

Load-bearing premise

The representative CPS testbed and MITRE ATT&CK-inspired attack scenarios sufficiently capture the complexity, heterogeneity, and real-time dynamics of actual mission-critical cyber-physical systems.

What would settle it

Deployment on a larger, more heterogeneous real-world CPS under non-simulated threats that yields synchronization latency above sub-millisecond levels or no measurable improvement in detection speed from the hybrid component would falsify the performance advantages.

read the original abstract

Existing Digital Twin (DT) approaches often lack semantic reasoning capabilities for effective cybersecurity modelling in Cyber-Physical Systems (CPS). This paper presents HySecTwin, a knowledge-driven digital twin architecture that places automated reasoning at the core of real-time threat detection. HySecTwin incorporates semantic modelling to transform heterogeneous CPS telemetry, device attributes, and operational relationships into machine-interpretable representations, combined with an embedded reasoning engine operating over contextualized system states. Unlike opaque detection methods, the framework integrates deterministic rule-based inference with hybrid fuzzy reasoning to generate explicit, interpretable, and auditable security assessments from live device telemetry. This enables context-aware monitoring of complex CPS environments while preserving transparency and trust. Experimental evaluation using a representative CPS testbed and MITRE ATT\&CK campaign-inspired attack scenarios demonstrates sub-millisecond twin synchronization latency and up to 21.5\% faster threat detection compared with deterministic reasoning alone. The results show that semantic modelling, semantic enrichment, and hybrid reasoning improve explainability and resilience without extra system overhead. HySecTwin provides a lightweight, containerized, and extensible framework for secure-by-design digital twin deployments in mission-critical infrastructures

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper presents HySecTwin, a knowledge-driven digital twin framework for cybersecurity in cyber-physical systems. It combines semantic modeling of heterogeneous CPS telemetry and device relationships with an embedded hybrid reasoning engine that integrates deterministic rule-based inference and fuzzy reasoning to produce interpretable threat assessments. The central claims are that this yields sub-millisecond twin synchronization latency and up to 21.5% faster threat detection than deterministic reasoning alone, with no additional system overhead, demonstrated via experiments on a representative CPS testbed using MITRE ATT&CK-inspired attack scenarios.

Significance. If the performance and explainability claims hold under rigorous validation, HySecTwin would represent a meaningful advance in transparent, knowledge-augmented digital twins for CPS security, addressing the opacity of many ML-based detectors while preserving real-time operation. The hybrid reasoning approach and emphasis on auditable outputs are strengths that could improve deployability in mission-critical settings.

major comments (3)
  1. [§5] §5 (Experimental Evaluation): The headline claims of sub-millisecond synchronization latency and up to 21.5% faster threat detection rest on results from a single 'representative CPS testbed' and ATT&CK-inspired scenarios, yet the section supplies no concrete description of hardware platforms, network topology, protocol mix (e.g., Modbus, DNP3), data rates, timing jitter, or how the attack campaigns were instantiated. This absence directly undermines the ability to judge whether the observed gains are robust or artifacts of an oversimplified environment.
  2. [§5.2] §5.2 (Performance Comparison): The 21.5% improvement is reported without accompanying statistical tests, confidence intervals, number of experimental runs, or error analysis; the baseline ('deterministic reasoning alone') is not defined in sufficient detail to allow reproduction, and no ablation isolating the contribution of fuzzy reasoning versus semantic enrichment is provided. These omissions make the quantitative claims impossible to evaluate or generalize.
  3. [§4] §4 (Framework Architecture): While the hybrid reasoning engine is described at a high level, the paper does not specify how fuzzy membership functions are defined or tuned, nor does it address potential computational overhead of semantic enrichment under high-frequency telemetry; the claim of 'no extra overhead' therefore lacks supporting measurements or analysis.
minor comments (2)
  1. The related-work section would benefit from explicit comparison tables against recent DT frameworks (e.g., those using ontology-based or graph-based reasoning) to better position the hybrid approach.
  2. Notation for the semantic model (e.g., how device attributes and relationships are encoded) could be clarified with a small example in §3 to improve readability for readers unfamiliar with knowledge graphs.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback, which highlights important aspects for improving the clarity, reproducibility, and rigor of our experimental and architectural descriptions. We agree that the current manuscript would benefit from expanded details in these areas and will incorporate the suggested revisions.

read point-by-point responses

  1. Referee: §5 (Experimental Evaluation): The headline claims of sub-millisecond synchronization latency and up to 21.5% faster threat detection rest on results from a single 'representative CPS testbed' and ATT&CK-inspired scenarios, yet the section supplies no concrete description of hardware platforms, network topology, protocol mix (e.g., Modbus, DNP3), data rates, timing jitter, or how the attack campaigns were instantiated. This absence directly undermines the ability to judge whether the observed gains are robust or artifacts of an oversimplified environment.

    Authors: We agree that the experimental setup requires more concrete specification to support evaluation of robustness and reproducibility. In the revised manuscript, Section 5 will be expanded to include explicit details on the hardware platforms (specific industrial controllers, sensors, and computing nodes), network topology, protocol mix (including Modbus, DNP3, and others), data rates, measured timing jitter, and the exact methods used to instantiate the MITRE ATT&CK-inspired attack scenarios. A new figure depicting the testbed architecture will also be added. revision: yes

  2. Referee: §5.2 (Performance Comparison): The 21.5% improvement is reported without accompanying statistical tests, confidence intervals, number of experimental runs, or error analysis; the baseline ('deterministic reasoning alone') is not defined in sufficient detail to allow reproduction, and no ablation isolating the contribution of fuzzy reasoning versus semantic enrichment is provided. These omissions make the quantitative claims impossible to evaluate or generalize.

    Authors: We acknowledge that the quantitative claims in Section 5.2 lack sufficient statistical support and detail for full evaluation. The baseline 'deterministic reasoning alone' is the hybrid engine with fuzzy components disabled, but we agree this must be stated explicitly. In the revision, we will define the baseline clearly, report the number of experimental runs, add statistical tests (e.g., paired t-tests), confidence intervals, and error analysis to the results. We will also include a new ablation study isolating the effects of fuzzy reasoning and semantic enrichment. Supplementary experiments will be performed if needed to generate these data. revision: yes

  3. Referee: §4 (Framework Architecture): While the hybrid reasoning engine is described at a high level, the paper does not specify how fuzzy membership functions are defined or tuned, nor does it address potential computational overhead of semantic enrichment under high-frequency telemetry; the claim of 'no extra overhead' therefore lacks supporting measurements or analysis.

    Authors: We agree that the description of the hybrid reasoning engine in Section 4 is insufficiently detailed on these points. In the revised manuscript, we will specify how the fuzzy membership functions are defined (using domain-expert-derived ranges for CPS telemetry such as sensor values and state variables) and the tuning methodology employed. We will also add empirical measurements and analysis of computational overhead for semantic enrichment under high-frequency telemetry loads, directly supporting the 'no extra overhead' claim with timing data from the testbed. revision: yes

Circularity Check

0 steps flagged

No circularity in derivation chain

full rationale

The paper presents an architectural framework for a knowledge-driven digital twin with hybrid reasoning, supported by experimental evaluation on a CPS testbed. No equations, derivations, fitted parameters, or first-principles predictions appear in the provided text. Central performance claims (sub-millisecond latency, 21.5% faster detection) are presented as direct experimental outcomes rather than reductions of any claimed derivation to its inputs. No self-definitional steps, load-bearing self-citations, or ansatz smuggling are identifiable. The work is self-contained as an empirical validation of a proposed system.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Only the abstract is available, so no concrete free parameters, axioms, or invented entities can be extracted. The framework description implies rule sets and fuzzy membership functions but provides no specifics on how they are defined or tuned.

pith-pipeline@v0.9.0 · 5513 in / 1028 out tokens · 53844 ms · 2026-05-13T00:57:24.542560+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

54 extracted references · 54 canonical work pages · 1 internal anchor

  1. [1]

    IISE Transactions52(11), 1204–1217 (2020) https://doi.org/10.1080/24725854.2019.1701753

    Gaikwad, A., Yavari, R., Montazeri, M., Cole, K., Bian, L., Rao, P.: Toward the digital twin of additive manufacturing: Integrating thermal simulations, sensing, and analytics to detect process faults. IISE Transactions52(11), 1204–1217 (2020) https://doi.org/10.1080/24725854.2019.1701753

    work page doi:10.1080/24725854.2019.1701753 2020

  2. [2]

    Software and Systems Modeling22(2), 689–707 (2023) https://doi.org/10.1007/s10270-022-01075-0

    Masi, M., Sellitto, G.P., Aranha, H., Pavleska, T.: Securing critical infrastructures with a cybersecurity digital twin. Software and Systems Modeling22(2), 689–707 (2023) https://doi.org/10.1007/s10270-022-01075-0

    work page doi:10.1007/s10270-022-01075-0 2023

  3. [3]

    Varghese, S.A., Dehlaghi Ghadim, A., Balador, A., Alimadadi, Z., Papadimi- tratos, P.: Digital twin-based intrusion detection for industrial control systems, 611–617 (2022) https://doi.org/10.1109/PerComWorkshops53856.2022.9767492

    work page doi:10.1109/percomworkshops53856.2022.9767492 2022

  4. [4]

    Proceedings of the ACM Conference on Computer and Communi- cations Security, 36–47 (2018) https://doi.org/10.1145/3264888.3264892

    Eckhart, M., Ekelhart, A.: A specification-based state replication approach for digital twins. Proceedings of the ACM Conference on Computer and Communi- cations Security, 36–47 (2018) https://doi.org/10.1145/3264888.3264892

    work page doi:10.1145/3264888.3264892 2018

  5. [5]

    1109/SEEDA-CECNSM53056.2021.9566277

    Holmes, D., Papathanasaki, M., Maglaras, L., Ferrag, M.A., Nepal, S., Janicke, H.: Digital Twins and Cyber Security - solution or challenge? 6th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference, SEEDA-CECNSM 2021 (2021) https://doi.org/10. 1109/SEEDA-CECNSM53056.2021.9566277

    work page arXiv 2021

  6. [6]

    IEEE Security and Privacy, 1–12 (2023) https://doi.org/10.1109/MSEC.2023.3271225

    Eckhart, M., Ekelhart, A., Allison, D., Almgren, M., Ceesay-Seitz, K., Janicke, H., Nadjm-Tehrani, S., Rashid, A., Yampolskiy, M.: Security-Enhancing Digital Twins: Characteristics, Indicators, and Future Perspectives. IEEE Security and Privacy, 1–12 (2023) https://doi.org/10.1109/MSEC.2023.3271225

    work page doi:10.1109/msec.2023.3271225 2023

  7. [7]

    ACM International Conference Proceeding Series, 1–10 (2022) https://doi.org/10.1145/3538969.3538975 29

    Empl, P., Schlette, D., Zupfer, D., Pernul, G.: SOAR4IoT: Securing IoT Assets with Digital Twins. ACM International Conference Proceeding Series, 1–10 (2022) https://doi.org/10.1145/3538969.3538975 29

    work page doi:10.1145/3538969.3538975 2022

  8. [8]

    In: 2018 IEEE International Conference on Fuzzy Systems

    Sikos, L.F.: Handling uncertainty and vagueness in network knowledge represen- tation for cyberthreat intelligence. In: 2018 IEEE International Conference on Fuzzy Systems. IEEE, New York (2018). https://doi.org/10.1109/FUZZ-IEEE. 2018.8491686

    work page doi:10.1109/fuzz-ieee 2018

  9. [9]

    NIST Cybersecurity White Paper 29, National Institute of Standards and Technology, Gaithersburg, MD, USA (2024)

    National Institute of Standards and Technology (NIST): The NIST cybersecurity framework (CSF) 2.0. NIST Cybersecurity White Paper 29, National Institute of Standards and Technology, Gaithersburg, MD, USA (2024). https://nvlpubs. nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

    work page 2024

  10. [10]

    IFAC-PapersOnLine 51(11), 1016–1022 (2018) https://doi.org/10.1016/j.ifacol.2018.08.474

    Kritzinger, W., Karner, M., Traar, G., Henjes, J., Sihn, W.: Digital Twin in man- ufacturing: A categorical literature review and classification. IFAC-PapersOnLine 51(11), 1016–1022 (2018) https://doi.org/10.1016/j.ifacol.2018.08.474

    work page doi:10.1016/j.ifacol.2018.08.474 2018

  11. [11]

    https://doi.org/10.1016/j

    Talkhestani, B.A., Jazdi, N., Schloegl, W., Weyrich, M.: Consistency check to synchronize the Digital Twin of manufacturing automation based on anchor points. Procedia CIRP72(March), 159–164 (2018) https://doi.org/10.1016/j. procir.2018.03.166

    work page doi:10.1016/j 2018

  12. [12]

    In: 2019 IEEE 15th International Conference on Automation Science and Engineering (CASE), pp

    Balta, E.C., Tilbury, D.M., Barton, K.: A digital twin framework for performance monitoring and anomaly detection in fused deposition modeling. In: 2019 IEEE 15th International Conference on Automation Science and Engineering (CASE), pp. 823–829 (2019). https://doi.org/10.1109/COASE.2019.8843166

    work page doi:10.1109/coase.2019.8843166 2019

  13. [13]

    1–6 (2019)

    Kummerow, A., R¨ osch, D., Monsalve, C., Nicolai, S., Bretschneider, P., Brosinsky, C., Westermann, D.: Challenges and opportunities for phasor data based event detection in transmission control centers under cyber security constraints, pp. 1–6 (2019). https://doi.org/10.1109/PTC.2019.8810711

    work page doi:10.1109/ptc.2019.8810711 2019

  14. [14]

    Datta, S.P.A.: Emergence of Digital Twins - Is this the March of reason? Jour- nal of Innovation Management5(3), 14–33 (2017) https://doi.org/10.24840/ 2183-0606 005.003 0003

    work page 2017

  15. [15]

    In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security

    Eckhart, M., Ekelhart, A.: Towards security-aware virtual environments for digital twins. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. CPSS ’18, pp. 61–72. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3198458.3198464

    work page doi:10.1145/3198458.3198464 2018

  16. [16]

    IEEE International Conference on Emerging Technologies and Factory Automation, ETFA2019- September, 1222–1225 (2019) https://doi.org/10.1109/ETFA.2019.8869197

    Eckhart, M., Ekelhart, A., Weippl, E.: Enhancing Cyber Situational Aware- ness for Cyber-Physical Systems through Digital Twins. IEEE International Conference on Emerging Technologies and Factory Automation, ETFA2019- September, 1222–1225 (2019) https://doi.org/10.1109/ETFA.2019.8869197

    work page doi:10.1109/etfa.2019.8869197 2019

  17. [17]

    In: 2018 IEEE Inter- national Conference on Big Data (Big Data), pp

    Kharlamov, E., Martin-Recuerda, F., Perry, B., Cameron, D., Fjellheim, R., Waaler, A.: Towards semantically enhanced digital twins. In: 2018 IEEE Inter- national Conference on Big Data (Big Data), pp. 4189–4193 (2018). https: //doi.org/10.1109/BigData.2018.8622503 30

    work page doi:10.1109/bigdata.2018.8622503 2018

  18. [18]

    Information14(2), 95 (2023) https://doi.org/10.3390/info14020095

    Empl, P., Pernul, G.: Digital-twin-based security analytics for the internet of things. Information14(2), 95 (2023) https://doi.org/10.3390/info14020095

    work page doi:10.3390/info14020095 2023

  19. [19]

    In: 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pp

    Mohsin, A., Janicke, H., Nepal, S., Holmes, D.: Digital Twins and the Future of Their Use Enabling Shift Left and Shift Right Cybersecurity Operations . In: 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pp. 277–286. IEEE Computer Society, Los Alamitos, CA, USA (2023). https://doi.o...

    work page doi:10.1109/tps-isa58951.2023.00042 2023

  20. [20]

    IEEE Transactions on Automation Science and EngineeringPP, 1–18 (2023) https://doi.org/10.1109/TASE.2023.3243147

    Balta, E.C., Pease, M., Moyne, J., Barton, K., Tilbury, D.M.: Digital Twin-Based Cyber-Attack Detection Framework for Cyber-Physical Manufacturing Systems. IEEE Transactions on Automation Science and EngineeringPP, 1–18 (2023) https://doi.org/10.1109/TASE.2023.3243147

    work page doi:10.1109/tase.2023.3243147 2023

  21. [21]

    Transdiscipl

    Grieves, M., Vickers, J.: Digital twin: Mitigating unpredictable, undesir- able emergent behavior in complex systems. Transdiscipl. Perspect. Complex Syst. New Find. Approaches (August), 85–113 (2016) https://doi.org/10.1007/ 978-3-319-38756-7 4

    work page 2016

  22. [22]

    Eckhart, M., Ekelhart, A.: Digital Twins for Cyber-Physical Systems Security: State of the Art and Outlook, pp. 383–412. Springer, Cham (2019). https://doi. org/10.1007/978-3-030-25312-7 14

    work page doi:10.1007/978-3-030-25312-7 2019

  23. [23]

    The Digital Twin, 677–702 (2023) https://doi.org/10.1007/978-3-031-21343-4 24

    Moser, B.R., Grossmann, W.: Digital Twins of Complex Projects. The Digital Twin, 677–702 (2023) https://doi.org/10.1007/978-3-031-21343-4 24

    work page doi:10.1007/978-3-031-21343-4 2023

  24. [24]

    ICT Express10(4), 935–958 (2024) https://doi.org/10.1016/j.icte.2024.05.007

    Sarker, I.H., Janicke, H., Mohsin, A., Gill, A., Maglaras, L.: Explainable ai for cybersecurity automation, intelligence and trustworthiness in digital twin: Meth- ods, taxonomy, challenges and prospects. ICT Express10(4), 935–958 (2024) https://doi.org/10.1016/j.icte.2024.05.007

    work page doi:10.1016/j.icte.2024.05.007 2024

  25. [25]

    In: Oltra- mari A

    Bromander, S., Jøsang, A., Eian, M.: Semantic cyberthreat modelling. In: Oltra- mari A. Emmons I., C.P.C.G.L.K.B. (ed.) CEUR Workshop Proceedings, vol. 1788, pp. 74–78. Aachen University, Aachen (2016)

    work page 2016

  26. [26]

    In: Sikos, L.F

    Sikos, L.F.: OWL ontologies in cybersecurity: Conceptual modeling of cyber- knowledge. In: Sikos, L.F. (ed.) AI in Cybersecurity, pp. 1–17. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-98842-9 1

    work page doi:10.1007/978-3-319-98842-9 2019

  27. [27]

    Sikos, L.F.: Mastering Structured Data on the Semantic Web, pp. 37–38. Apress, Berkeley (2015). https://doi.org/10.1007/978-1-4842-1049-9

    work page doi:10.1007/978-1-4842-1049-9 2015

  28. [28]

    In: Sikos, L.F., Choo, K.-K.R

    Sikos, L.F.: The formal representation of cyberthreats for automated reason- ing. In: Sikos, L.F., Choo, K.-K.R. (eds.) Data Science in Cybersecurity and Cyberthreat Intelligence, pp. 1–12. Springer, Cham (2020). https://doi.org/10. 1007/978-3-030-38788-4 1 31

    work page 2020

  29. [29]

    Internet of Things and Cyber-Physical Systems3(December 2022), 1–13 (2023) https://doi.org/10.1016/j.iotcps.2022

    Gerodimos, A., Maglaras, L., Ferrag, M.A., Ayres, N., Kantzavelou, I.: IoT: Com- munication protocols and security threats. Internet of Things and Cyber-Physical Systems3(December 2022), 1–13 (2023) https://doi.org/10.1016/j.iotcps.2022. 12.003

    work page doi:10.1016/j.iotcps.2022 2022

  30. [30]

    Eclipse. 2024. Eclipse Ditto. http://https://github.com/eclipse/ditto. Accessed: 10-06-2024

    work page 2024

  31. [31]

    Amazon. 2024. AWS IoT TwinMaker. https://aws.amazon.com/iot-twinmaker/. Accessed: 05-02-2024

    work page 2024

  32. [32]

    Microsoft. 2024. Azure Digital Twin. https://docs.microsoft.com/en-gb/azure/ digital-twins. Accessed: 02-10-2024

    work page 2024

  33. [33]

    Arabian Journal for Science and Engineering48(2), 1075–1095 (2023) https://doi.org/10.1007/s13369-022-07459-0

    Alnowaiser, K.K., Ahmed, M.A.: Digital Twin: Current Research Trends and Future Directions. Arabian Journal for Science and Engineering48(2), 1075–1095 (2023) https://doi.org/10.1007/s13369-022-07459-0

    work page doi:10.1007/s13369-022-07459-0 2023

  34. [34]

    In: 2020 IEEE International Conference on Consumer Electronics (ICCE), pp

    Muralidharan, S., Yoo, B., Ko, H.: Designing a semantic digital twin model for iot. In: 2020 IEEE International Conference on Consumer Electronics (ICCE), pp. 1–2 (2020). https://doi.org/10.1109/ICCE46568.2020.9043088

    work page doi:10.1109/icce46568.2020.9043088 2020

  35. [35]

    Horrocks, I., Kutz, O., Sattler, U.: The even more irresistible sroiq., vol. 6, pp. 57–67 (2006)

    work page 2006

  36. [36]

    In: 2016 IEEE 8th International Conference on Intelligent Systems (IS), pp

    Liu, H., Gegov, A.: Rule based systems and networks: Deterministic and fuzzy approaches. In: 2016 IEEE 8th International Conference on Intelligent Systems (IS), pp. 316–321 (2016). https://doi.org/10.1109/IS.2016.7737440

    work page doi:10.1109/is.2016.7737440 2016

  37. [37]

    In: International Conference on Web Reasoning and Rule Systems, pp

    Anicic, D., Fodor, P., Rudolph, S., St¨ uhmer, R., Stojanovic, N., Studer, R.: A rule-based language for complex event processing and reasoning. In: International Conference on Web Reasoning and Rule Systems, pp. 42–57 (2010). Springer

    work page 2010

  38. [38]

    Computers & Security114, 102578 (2022) https://doi.org/10.1016/j.cose.2022

    Rashid, M.M., Alazab, M., Anwar, A., Khan, S.: A hybrid machine learning and fuzzy logic-based intrusion detection system for industrial control systems. Computers & Security114, 102578 (2022) https://doi.org/10.1016/j.cose.2022. 102578

    work page doi:10.1016/j.cose.2022 2022

  39. [39]

    Prentice Hall, Upper Saddle River, NJ, USA (1995)

    Klir, G.J., Yuan, B.: Fuzzy Sets and Fuzzy Logic: Theory and Applications. Prentice Hall, Upper Saddle River, NJ, USA (1995)

    work page 1995

  40. [40]

    Expert Systems with Applications182, 115220 (2021) https://doi.org/10.1016/j.eswa.2021.115220

    Wang, J., Zhou, H., Li, P.: Rule-based and fuzzy logic hybrid reasoning for intelli- gent fault diagnosis in complex systems. Expert Systems with Applications182, 115220 (2021) https://doi.org/10.1016/j.eswa.2021.115220

    work page doi:10.1016/j.eswa.2021.115220 2021

  41. [41]

    OASIS Standard

    OASIS: MQTT Version 3.1.1. OASIS Standard. Accessed 2025-08-24 (2014). https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html 32

    work page 2025

  42. [42]

    OASIS Standard

    OASIS: MQTT Version 5.0. OASIS Standard. Accessed 2025-08-24 (2019). https: //docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html

    work page 2025

  43. [43]

    Special Publication 800-82, Revision 2, National Institute of Standards and Technology (NIST) (2015)

    Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ics) secu- rity. Special Publication 800-82, Revision 2, National Institute of Standards and Technology (NIST) (2015). https://doi.org/10.6028/NIST.SP.800-82r2 . Accessed 2025-08-24. https://doi.org/10.6028/NIST.SP.800-82r2

    work page doi:10.6028/nist.sp.800-82r2 2015

  44. [44]

    In: Proceedings of the 1st ACM Symposium on Cloud Computing

    Cooper, B.F., Silberstein, A., Tam, E., Ramakrishnan, R., Sears, R.: Bench- marking cloud serving systems with ycsb. In: Proceedings of the 1st ACM Symposium on Cloud Computing. SoCC ’10, pp. 143–154. Association for Com- puting Machinery, New York, NY, USA (2010). https://doi.org/10.1145/1807128. 1807152

    work page doi:10.1145/1807128 2010

  45. [45]

    Special Publication 800-55, Revision 2, NIST (2023)

    National Institute of Standards and Technology (NIST): Performance measure- ment guide for information security. Special Publication 800-55, Revision 2, NIST (2023). Accessed 2025-08-24. https://csrc.nist.gov/publications/detail/sp/ 800-55/rev-2/final

    work page 2023

  46. [46]

    Feng, Z.W., Xu, J.K., Mayer, W., Huang, W.Y., He, K.Q., Stumptner, M., Grossmann, G., Zhang, H.Y., Ling, L.: Automatic Semantic Modeling for Struc- tural Data Source with the Prior Knowledge From Knowledge Graph. 2021 IEEE 23rd International Conference on High Performance Computing and Communications, 7th International Conference on Data Science and Syste...

    work page arXiv 2021

  47. [47]

    Future Generation Computer Systems56, 11–26 (2016) https://doi.org/10.1016/j.future.2015.09.025

    Fang, D., Liu, X., Romdhani, I., Jamshidi, P., Pahl, C.: An agility-oriented and fuzziness-embedded semantic model for collaborative cloud service search, retrieval and recommendation. Future Generation Computer Systems56, 11–26 (2016) https://doi.org/10.1016/j.future.2015.09.025

    work page doi:10.1016/j.future.2015.09.025 2016

  48. [48]

    Iorga, M., Feldman, L., Barton, R., Martin, M.J.: NIST Special Publication 500- 325 Recommendations of the National Institute of Standards and Technology (March) (2018)

    work page 2018

  49. [49]

    Bento, A., M´ edini, L., Singh, K., Laforest, F.: Do arduinos dream of efficient reasoners? In: The Semantic Web, pp. 289–304. Springer, Cham (2022)

    work page 2022

  50. [50]

    In: 2022 International Conference on Computer Communications and Networks (ICCCN), pp

    Jadidi, Z., Pal, S., K, N.N., Selvakkumar, A., Chang, C.-C., Beheshti, M., Jol- faei, A.: Security of machine learning-based anomaly detection in cyber physical systems. In: 2022 International Conference on Computer Communications and Networks (ICCCN), pp. 1–7 (2022). https://doi.org/10.1109/ICCCN54977.2022. 9868845

    work page doi:10.1109/icccn54977.2022 2022

  51. [51]

    ACM Transactions on Software Engineering and Methodology32(5), 122–112231 (2023) https://doi.org/10.1145/3597507

    Xu, Q., Ali, S., Yue, T.: Digital twin-based anomaly detection with curriculum 33 learning in cyber-physical systems. ACM Transactions on Software Engineering and Methodology32(5), 122–112231 (2023) https://doi.org/10.1145/3597507

    work page doi:10.1145/3597507 2023

  52. [52]

    Systematic Integration of Digital Twins and Constrained LLMs for Interpretable Cyber-Physical Anomaly Detection

    Kampourakis, K.E., Gkioulos, V., Katsikas, S.: Systematic integration of digital twins and constrained llms for interpretable cyber-physical anomaly detection. arXiv preprint arXiv:2604.03790 (2026) arXiv:2604.03790 [cs.CR]

    work page internal anchor Pith review Pith/arXiv arXiv 2026

  53. [53]

    Sensors25(16) (2025) https://doi.org/10.3390/s25164963

    Sayghe, A.: Digital twin-driven intrusion detection for industrial scada: A cyber- physical case study. Sensors25(16) (2025) https://doi.org/10.3390/s25164963

    work page doi:10.3390/s25164963 2025

  54. [54]

    https://arxiv.org/abs/2512.12112 34

    Nandiya, P., Mohsin, A., Ibrahim, A., Sarker, I.H., Janicke, H.: BRIDG-ICS: AI- Grounded Knowledge Graphs for Intelligent Threat Analytics in Industry 5.0 Cyber-Physical Systems (2026). https://arxiv.org/abs/2512.12112 34

    work page arXiv 2026