pith. sign in

arxiv: 2605.11682 · v2 · pith:C4BTEBESnew · submitted 2026-05-12 · 💻 cs.CR

HySecTwin: A Knowledge-Driven Digital Twin Framework Augmented with Hybrid Reasoning for Cyber-Physical Systems

David Holmes , Ahmad Moshin , Surya Nepal , Leslie Sikos , Iqbal Sarker , Helge Yanicke This is my paper

Pith reviewed 2026-05-21 08:29 UTC · model grok-4.3

classification 💻 cs.CR
keywords digital twincyber-physical systemshybrid reasoningcybersecuritysemantic modelingthreat detectionexplainable securityreal-time monitoring
0
0 comments X

The pith

HySecTwin combines semantic modeling with hybrid fuzzy and rule-based reasoning to produce faster, auditable security assessments from live CPS telemetry.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents HySecTwin as a digital twin framework that places automated reasoning at the center of cybersecurity for cyber-physical systems. It converts heterogeneous device telemetry and operational relationships into semantic representations that a reasoning engine can process using both deterministic rules and fuzzy logic. This produces explicit security assessments that remain interpretable and auditable in real time. A sympathetic reader would care because opaque detection methods often obscure decision logic, while this approach aims to deliver both quicker responses and verifiable reasoning without extra computational cost.

Core claim

HySecTwin incorporates semantic modelling to transform heterogeneous CPS telemetry, device attributes, and operational relationships into machine-interpretable representations, combined with an embedded reasoning engine operating over contextualized system states. The framework integrates deterministic rule-based inference with hybrid fuzzy reasoning to generate explicit, interpretable, and auditable security assessments from live device telemetry. Experimental evaluation using a representative CPS testbed and MITRE ATT&CK campaign-inspired attack scenarios demonstrates sub-millisecond twin synchronization latency and up to 21.5% faster threat detection compared with deterministic reasoning.

What carries the argument

The hybrid reasoning engine that blends deterministic rule-based inference with fuzzy reasoning over semantically enriched representations of CPS device states and relationships.

Load-bearing premise

The representative CPS testbed and MITRE ATT&CK-inspired attack scenarios used in the evaluation sufficiently represent real-world cyber-physical system threats and operational conditions.

What would settle it

Running the framework on a live industrial CPS deployment with different device types and attack patterns and observing no improvement in detection speed or loss of explainability would falsify the claimed performance and generalizability gains.

read the original abstract

Existing Digital Twin (DT) approaches often lack semantic reasoning capabilities for effective cybersecurity modelling in Cyber-Physical Systems (CPS). This paper presents HySecTwin, a knowledge-driven digital twin architecture that places automated reasoning at the core of real-time threat detection. HySecTwin incorporates semantic modelling to transform heterogeneous CPS telemetry, device attributes, and operational relationships into machine-interpretable representations, combined with an embedded reasoning engine operating over contextualized system states. Unlike opaque detection methods, the framework integrates deterministic rule-based inference with hybrid fuzzy reasoning to generate explicit, interpretable, and auditable security assessments from live device telemetry. This enables context-aware monitoring of complex CPS environments while preserving transparency and trust. Experimental evaluation using a representative CPS testbed and MITRE ATT\&CK campaign-inspired attack scenarios demonstrates sub-millisecond twin synchronization latency and up to 21.5\% faster threat detection compared with deterministic reasoning alone. The results show that semantic modelling, semantic enrichment, and hybrid reasoning improve explainability and resilience without extra system overhead. HySecTwin provides a lightweight, containerized, and extensible framework for secure-by-design digital twin deployments in mission-critical infrastructures

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper presents HySecTwin, a knowledge-driven digital twin framework for cybersecurity in Cyber-Physical Systems. It transforms heterogeneous CPS telemetry into semantic representations and employs an embedded reasoning engine that combines deterministic rule-based inference with hybrid fuzzy reasoning to produce explicit, interpretable, and auditable security assessments. The framework is positioned as enabling context-aware monitoring while preserving transparency and trust. Experimental evaluation on a representative CPS testbed using MITRE ATT&CK campaign-inspired attack scenarios reports sub-millisecond twin synchronization latency and up to 21.5% faster threat detection relative to deterministic reasoning alone, along with gains in explainability and resilience without added overhead. The architecture is described as lightweight, containerized, and extensible for secure-by-design deployments.

Significance. If the central claims hold, the work offers a practical contribution to CPS security by prioritizing interpretable hybrid reasoning within digital twins, which could improve auditability and operator trust compared to black-box detection methods. The emphasis on semantic enrichment and the provision of a containerized implementation are strengths that support reproducibility and deployment considerations in mission-critical settings.

major comments (2)
  1. [Evaluation section] Evaluation section: The headline performance claims (sub-millisecond synchronization latency and up to 21.5% faster threat detection) are presented without specification of the exact baselines, number of trials, statistical significance tests, or error bars. This information is required to substantiate the assertion that hybrid reasoning delivers measurable improvements over deterministic reasoning alone.
  2. [Evaluation section] Evaluation section: The testbed and ATT&CK-inspired scenarios are described as representative, yet the manuscript does not detail how they incorporate sensor noise, network jitter, physical-cyber coupling, or stealthy/zero-day threats at scale. Without such characterization, the generalization of the reported detection-speed and explainability benefits to operational CPS environments remains insufficiently supported and is load-bearing for the context-aware monitoring claim.
minor comments (2)
  1. [Abstract] Abstract and §1: The phrase 'up to 21.5% faster' should be accompanied by a brief clarification of whether this represents a peak, average, or scenario-specific value to aid reader interpretation.
  2. [Framework description] Notation throughout: Ensure consistent use of terms such as 'hybrid fuzzy reasoning' versus 'hybrid reasoning' when first introduced to avoid minor ambiguity in the reasoning engine description.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We appreciate the referee's detailed feedback on our manuscript. We have carefully considered the major comments regarding the evaluation section and provide point-by-point responses below, outlining the revisions we intend to make to address these concerns.

read point-by-point responses

  1. Referee: The headline performance claims (sub-millisecond synchronization latency and up to 21.5% faster threat detection) are presented without specification of the exact baselines, number of trials, statistical significance tests, or error bars. This information is required to substantiate the assertion that hybrid reasoning delivers measurable improvements over deterministic reasoning alone.

    Authors: We agree that additional details on the experimental methodology are necessary to fully substantiate the performance claims. In the revised manuscript, we will explicitly state the baselines used for comparison, report the number of experimental trials, include the results of statistical significance tests, and add error bars to the presented latency and detection time results. This revision will be made in the Evaluation section. revision: yes

  2. Referee: The testbed and ATT&CK-inspired scenarios are described as representative, yet the manuscript does not detail how they incorporate sensor noise, network jitter, physical-cyber coupling, or stealthy/zero-day threats at scale. Without such characterization, the generalization of the reported detection-speed and explainability benefits to operational CPS environments remains insufficiently supported and is load-bearing for the context-aware monitoring claim.

    Authors: We acknowledge the referee's point regarding the characterization of the testbed and scenarios. While the current manuscript describes the testbed as representative and the scenarios as inspired by MITRE ATT&CK campaigns, we will expand this description in the revision to include details on how sensor noise and network jitter are modeled in the testbed. We will also elaborate on the physical-cyber coupling aspects and provide a discussion of the limitations with respect to stealthy and zero-day threats at scale, including how the hybrid reasoning approach may offer resilience in such cases based on the semantic modeling. This will better support the generalization claims. revision: partial

Circularity Check

0 steps flagged

No circularity: claims rest on experimental evaluation rather than self-referential definitions or fitted predictions

full rationale

The paper introduces HySecTwin as a semantic modelling and hybrid reasoning framework for CPS digital twins. Performance claims (sub-millisecond synchronization, 21.5% faster detection) are explicitly tied to results from a representative testbed and MITRE ATT&CK-inspired scenarios, not to any internal equations, parameter fits, or self-citations that reduce the outputs to the inputs by construction. No self-definitional steps, ansatzes smuggled via prior work, or uniqueness theorems appear in the provided text. The derivation chain is self-contained through the proposed architecture and external validation.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 1 invented entities

Abstract-only review; no explicit free parameters, axioms, or additional invented entities are described beyond the overall framework name.

invented entities (1)
  • HySecTwin no independent evidence
    purpose: Knowledge-driven digital twin with embedded hybrid reasoning for CPS cybersecurity
    Introduced as the central contribution of the paper.

pith-pipeline@v0.9.0 · 5748 in / 1130 out tokens · 41759 ms · 2026-05-21T08:29:08.502148+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

54 extracted references · 54 canonical work pages · 1 internal anchor

  1. [1]

    IISE Transactions52(11), 1204–1217 (2020) https://doi.org/10.1080/24725854.2019.1701753

    Gaikwad, A., Yavari, R., Montazeri, M., Cole, K., Bian, L., Rao, P.: Toward the digital twin of additive manufacturing: Integrating thermal simulations, sensing, and analytics to detect process faults. IISE Transactions52(11), 1204–1217 (2020) https://doi.org/10.1080/24725854.2019.1701753

    work page doi:10.1080/24725854.2019.1701753 2020

  2. [2]

    Software and Systems Modeling22(2), 689–707 (2023) https://doi.org/10.1007/s10270-022-01075-0

    Masi, M., Sellitto, G.P., Aranha, H., Pavleska, T.: Securing critical infrastructures with a cybersecurity digital twin. Software and Systems Modeling22(2), 689–707 (2023) https://doi.org/10.1007/s10270-022-01075-0

    work page doi:10.1007/s10270-022-01075-0 2023

  3. [3]

    Varghese, S.A., Dehlaghi Ghadim, A., Balador, A., Alimadadi, Z., Papadimi- tratos, P.: Digital twin-based intrusion detection for industrial control systems, 611–617 (2022) https://doi.org/10.1109/PerComWorkshops53856.2022.9767492

    work page doi:10.1109/percomworkshops53856.2022.9767492 2022

  4. [4]

    Proceedings of the ACM Conference on Computer and Communi- cations Security, 36–47 (2018) https://doi.org/10.1145/3264888.3264892

    Eckhart, M., Ekelhart, A.: A specification-based state replication approach for digital twins. Proceedings of the ACM Conference on Computer and Communi- cations Security, 36–47 (2018) https://doi.org/10.1145/3264888.3264892

    work page doi:10.1145/3264888.3264892 2018

  5. [5]

    1109/SEEDA-CECNSM53056.2021.9566277

    Holmes, D., Papathanasaki, M., Maglaras, L., Ferrag, M.A., Nepal, S., Janicke, H.: Digital Twins and Cyber Security - solution or challenge? 6th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference, SEEDA-CECNSM 2021 (2021) https://doi.org/10. 1109/SEEDA-CECNSM53056.2021.9566277

    work page arXiv 2021

  6. [6]

    IEEE Security and Privacy, 1–12 (2023) https://doi.org/10.1109/MSEC.2023.3271225

    Eckhart, M., Ekelhart, A., Allison, D., Almgren, M., Ceesay-Seitz, K., Janicke, H., Nadjm-Tehrani, S., Rashid, A., Yampolskiy, M.: Security-Enhancing Digital Twins: Characteristics, Indicators, and Future Perspectives. IEEE Security and Privacy, 1–12 (2023) https://doi.org/10.1109/MSEC.2023.3271225

    work page doi:10.1109/msec.2023.3271225 2023

  7. [7]

    ACM International Conference Proceeding Series, 1–10 (2022) https://doi.org/10.1145/3538969.3538975 29

    Empl, P., Schlette, D., Zupfer, D., Pernul, G.: SOAR4IoT: Securing IoT Assets with Digital Twins. ACM International Conference Proceeding Series, 1–10 (2022) https://doi.org/10.1145/3538969.3538975 29

    work page doi:10.1145/3538969.3538975 2022

  8. [8]

    In: 2018 IEEE International Conference on Fuzzy Systems

    Sikos, L.F.: Handling uncertainty and vagueness in network knowledge represen- tation for cyberthreat intelligence. In: 2018 IEEE International Conference on Fuzzy Systems. IEEE, New York (2018). https://doi.org/10.1109/FUZZ-IEEE. 2018.8491686

    work page doi:10.1109/fuzz-ieee 2018

  9. [9]

    NIST Cybersecurity White Paper 29, National Institute of Standards and Technology, Gaithersburg, MD, USA (2024)

    National Institute of Standards and Technology (NIST): The NIST cybersecurity framework (CSF) 2.0. NIST Cybersecurity White Paper 29, National Institute of Standards and Technology, Gaithersburg, MD, USA (2024). https://nvlpubs. nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

    work page 2024

  10. [10]

    Kritzinger, M

    Kritzinger, W., Karner, M., Traar, G., Henjes, J., Sihn, W.: Digital Twin in man- ufacturing: A categorical literature review and classification. IFAC-PapersOnLine 51(11), 1016–1022 (2018) https://doi.org/10.1016/j.ifacol.2018.08.474

    work page doi:10.1016/j.ifacol.2018.08.474 2018

  11. [11]

    gradient descent

    Talkhestani, B.A., Jazdi, N., Schloegl, W., Weyrich, M.: Consistency check to synchronize the Digital Twin of manufacturing automation based on anchor points. Procedia CIRP72(March), 159–164 (2018) https://doi.org/10.1016/j. procir.2018.03.166

    work page doi:10.1016/j 2018

  12. [12]

    In: 2019 IEEE 15th International Conference on Automation Science and Engineering (CASE), pp

    Balta, E.C., Tilbury, D.M., Barton, K.: A digital twin framework for performance monitoring and anomaly detection in fused deposition modeling. In: 2019 IEEE 15th International Conference on Automation Science and Engineering (CASE), pp. 823–829 (2019). https://doi.org/10.1109/COASE.2019.8843166

    work page doi:10.1109/coase.2019.8843166 2019

  13. [13]

    1–6 (2019)

    Kummerow, A., R¨ osch, D., Monsalve, C., Nicolai, S., Bretschneider, P., Brosinsky, C., Westermann, D.: Challenges and opportunities for phasor data based event detection in transmission control centers under cyber security constraints, pp. 1–6 (2019). https://doi.org/10.1109/PTC.2019.8810711

    work page doi:10.1109/ptc.2019.8810711 2019

  14. [14]

    Datta, S.P.A.: Emergence of Digital Twins - Is this the March of reason? Jour- nal of Innovation Management5(3), 14–33 (2017) https://doi.org/10.24840/ 2183-0606 005.003 0003

    work page 2017

  15. [15]

    In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security

    Eckhart, M., Ekelhart, A.: Towards security-aware virtual environments for digital twins. In: Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. CPSS ’18, pp. 61–72. Association for Computing Machinery, New York, NY, USA (2018). https://doi.org/10.1145/3198458.3198464

    work page doi:10.1145/3198458.3198464 2018

  16. [16]

    IEEE International Conference on Emerging Technologies and Factory Automation, ETFA2019- September, 1222–1225 (2019) https://doi.org/10.1109/ETFA.2019.8869197

    Eckhart, M., Ekelhart, A., Weippl, E.: Enhancing Cyber Situational Aware- ness for Cyber-Physical Systems through Digital Twins. IEEE International Conference on Emerging Technologies and Factory Automation, ETFA2019- September, 1222–1225 (2019) https://doi.org/10.1109/ETFA.2019.8869197

    work page doi:10.1109/etfa.2019.8869197 2019

  17. [17]

    In: 2018 IEEE Inter- national Conference on Big Data (Big Data), pp

    Kharlamov, E., Martin-Recuerda, F., Perry, B., Cameron, D., Fjellheim, R., Waaler, A.: Towards semantically enhanced digital twins. In: 2018 IEEE Inter- national Conference on Big Data (Big Data), pp. 4189–4193 (2018). https: //doi.org/10.1109/BigData.2018.8622503 30

    work page doi:10.1109/bigdata.2018.8622503 2018

  18. [18]

    Information14(2), 95 (2023) https://doi.org/10.3390/info14020095

    Empl, P., Pernul, G.: Digital-twin-based security analytics for the internet of things. Information14(2), 95 (2023) https://doi.org/10.3390/info14020095

    work page doi:10.3390/info14020095 2023

  19. [19]

    In: 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pp

    Mohsin, A., Janicke, H., Nepal, S., Holmes, D.: Digital Twins and the Future of Their Use Enabling Shift Left and Shift Right Cybersecurity Operations . In: 2023 5th IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), pp. 277–286. IEEE Computer Society, Los Alamitos, CA, USA (2023). https://doi.o...

    work page doi:10.1109/tps-isa58951.2023.00042 2023

  20. [20]

    IEEE Transactions on Automation Science and EngineeringPP, 1–18 (2023) https://doi.org/10.1109/TASE.2023.3243147

    Balta, E.C., Pease, M., Moyne, J., Barton, K., Tilbury, D.M.: Digital Twin-Based Cyber-Attack Detection Framework for Cyber-Physical Manufacturing Systems. IEEE Transactions on Automation Science and EngineeringPP, 1–18 (2023) https://doi.org/10.1109/TASE.2023.3243147

    work page doi:10.1109/tase.2023.3243147 2023

  21. [21]

    Transdiscipl

    Grieves, M., Vickers, J.: Digital twin: Mitigating unpredictable, undesir- able emergent behavior in complex systems. Transdiscipl. Perspect. Complex Syst. New Find. Approaches (August), 85–113 (2016) https://doi.org/10.1007/ 978-3-319-38756-7 4

    work page 2016

  22. [22]

    Eckhart, M., Ekelhart, A.: Digital Twins for Cyber-Physical Systems Security: State of the Art and Outlook, pp. 383–412. Springer, Cham (2019). https://doi. org/10.1007/978-3-030-25312-7 14

    work page doi:10.1007/978-3-030-25312-7 2019

  23. [23]

    The Digital Twin, 677–702 (2023) https://doi.org/10.1007/978-3-031-21343-4 24

    Moser, B.R., Grossmann, W.: Digital Twins of Complex Projects. The Digital Twin, 677–702 (2023) https://doi.org/10.1007/978-3-031-21343-4 24

    work page doi:10.1007/978-3-031-21343-4 2023

  24. [24]

    ICT Express10(4), 935–958 (2024) https://doi.org/10.1016/j.icte.2024.05.007

    Sarker, I.H., Janicke, H., Mohsin, A., Gill, A., Maglaras, L.: Explainable ai for cybersecurity automation, intelligence and trustworthiness in digital twin: Meth- ods, taxonomy, challenges and prospects. ICT Express10(4), 935–958 (2024) https://doi.org/10.1016/j.icte.2024.05.007

    work page doi:10.1016/j.icte.2024.05.007 2024

  25. [25]

    In: Oltra- mari A

    Bromander, S., Jøsang, A., Eian, M.: Semantic cyberthreat modelling. In: Oltra- mari A. Emmons I., C.P.C.G.L.K.B. (ed.) CEUR Workshop Proceedings, vol. 1788, pp. 74–78. Aachen University, Aachen (2016)

    work page 2016

  26. [26]

    In: Sikos, L.F

    Sikos, L.F.: OWL ontologies in cybersecurity: Conceptual modeling of cyber- knowledge. In: Sikos, L.F. (ed.) AI in Cybersecurity, pp. 1–17. Springer, Cham (2019). https://doi.org/10.1007/978-3-319-98842-9 1

    work page doi:10.1007/978-3-319-98842-9 2019

  27. [27]

    Sikos, L.F.: Mastering Structured Data on the Semantic Web, pp. 37–38. Apress, Berkeley (2015). https://doi.org/10.1007/978-1-4842-1049-9

    work page doi:10.1007/978-1-4842-1049-9 2015

  28. [28]

    In: Sikos, L.F., Choo, K.-K.R

    Sikos, L.F.: The formal representation of cyberthreats for automated reason- ing. In: Sikos, L.F., Choo, K.-K.R. (eds.) Data Science in Cybersecurity and Cyberthreat Intelligence, pp. 1–12. Springer, Cham (2020). https://doi.org/10. 1007/978-3-030-38788-4 1 31

    work page 2020

  29. [29]

    Internet of Things and Cyber-Physical Systems3(December 2022), 1–13 (2023) https://doi.org/10.1016/j.iotcps.2022

    Gerodimos, A., Maglaras, L., Ferrag, M.A., Ayres, N., Kantzavelou, I.: IoT: Com- munication protocols and security threats. Internet of Things and Cyber-Physical Systems3(December 2022), 1–13 (2023) https://doi.org/10.1016/j.iotcps.2022. 12.003

    work page doi:10.1016/j.iotcps.2022 2022

  30. [30]

    Eclipse. 2024. Eclipse Ditto. http://https://github.com/eclipse/ditto. Accessed: 10-06-2024

    work page 2024

  31. [31]

    Amazon. 2024. AWS IoT TwinMaker. https://aws.amazon.com/iot-twinmaker/. Accessed: 05-02-2024

    work page 2024

  32. [32]

    Microsoft. 2024. Azure Digital Twin. https://docs.microsoft.com/en-gb/azure/ digital-twins. Accessed: 02-10-2024

    work page 2024

  33. [33]

    Arabian Journal for Science and Engineering48(2), 1075–1095 (2023) https://doi.org/10.1007/s13369-022-07459-0

    Alnowaiser, K.K., Ahmed, M.A.: Digital Twin: Current Research Trends and Future Directions. Arabian Journal for Science and Engineering48(2), 1075–1095 (2023) https://doi.org/10.1007/s13369-022-07459-0

    work page doi:10.1007/s13369-022-07459-0 2023

  34. [34]

    In: 2020 IEEE International Conference on Consumer Electronics (ICCE), pp

    Muralidharan, S., Yoo, B., Ko, H.: Designing a semantic digital twin model for iot. In: 2020 IEEE International Conference on Consumer Electronics (ICCE), pp. 1–2 (2020). https://doi.org/10.1109/ICCE46568.2020.9043088

    work page doi:10.1109/icce46568.2020.9043088 2020

  35. [35]

    Horrocks, I., Kutz, O., Sattler, U.: The even more irresistible sroiq., vol. 6, pp. 57–67 (2006)

    work page 2006

  36. [36]

    In: 2016 IEEE 8th International Conference on Intelligent Systems (IS), pp

    Liu, H., Gegov, A.: Rule based systems and networks: Deterministic and fuzzy approaches. In: 2016 IEEE 8th International Conference on Intelligent Systems (IS), pp. 316–321 (2016). https://doi.org/10.1109/IS.2016.7737440

    work page doi:10.1109/is.2016.7737440 2016

  37. [37]

    In: International Conference on Web Reasoning and Rule Systems, pp

    Anicic, D., Fodor, P., Rudolph, S., St¨ uhmer, R., Stojanovic, N., Studer, R.: A rule-based language for complex event processing and reasoning. In: International Conference on Web Reasoning and Rule Systems, pp. 42–57 (2010). Springer

    work page 2010

  38. [38]

    Computers & Security114, 102578 (2022) https://doi.org/10.1016/j.cose.2022

    Rashid, M.M., Alazab, M., Anwar, A., Khan, S.: A hybrid machine learning and fuzzy logic-based intrusion detection system for industrial control systems. Computers & Security114, 102578 (2022) https://doi.org/10.1016/j.cose.2022. 102578

    work page doi:10.1016/j.cose.2022 2022

  39. [39]

    Prentice Hall, Upper Saddle River, NJ, USA (1995)

    Klir, G.J., Yuan, B.: Fuzzy Sets and Fuzzy Logic: Theory and Applications. Prentice Hall, Upper Saddle River, NJ, USA (1995)

    work page 1995

  40. [40]

    Expert Systems with Applications182, 115220 (2021) https://doi.org/10.1016/j.eswa.2021.115220

    Wang, J., Zhou, H., Li, P.: Rule-based and fuzzy logic hybrid reasoning for intelli- gent fault diagnosis in complex systems. Expert Systems with Applications182, 115220 (2021) https://doi.org/10.1016/j.eswa.2021.115220

    work page doi:10.1016/j.eswa.2021.115220 2021

  41. [41]

    OASIS Standard

    OASIS: MQTT Version 3.1.1. OASIS Standard. Accessed 2025-08-24 (2014). https://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html 32

    work page 2025

  42. [42]

    OASIS Standard

    OASIS: MQTT Version 5.0. OASIS Standard. Accessed 2025-08-24 (2019). https: //docs.oasis-open.org/mqtt/mqtt/v5.0/os/mqtt-v5.0-os.html

    work page 2025

  43. [43]

    Special Publication 800-82, Revision 2, National Institute of Standards and Technology (NIST) (2015)

    Stouffer, K., Falco, J., Scarfone, K.: Guide to industrial control systems (ics) secu- rity. Special Publication 800-82, Revision 2, National Institute of Standards and Technology (NIST) (2015). https://doi.org/10.6028/NIST.SP.800-82r2 . Accessed 2025-08-24. https://doi.org/10.6028/NIST.SP.800-82r2

    work page doi:10.6028/nist.sp.800-82r2 2015

  44. [44]

    In: Proceedings of the 1st ACM Symposium on Cloud Computing

    Cooper, B.F., Silberstein, A., Tam, E., Ramakrishnan, R., Sears, R.: Bench- marking cloud serving systems with ycsb. In: Proceedings of the 1st ACM Symposium on Cloud Computing. SoCC ’10, pp. 143–154. Association for Com- puting Machinery, New York, NY, USA (2010). https://doi.org/10.1145/1807128. 1807152

    work page doi:10.1145/1807128 2010

  45. [45]

    Special Publication 800-55, Revision 2, NIST (2023)

    National Institute of Standards and Technology (NIST): Performance measure- ment guide for information security. Special Publication 800-55, Revision 2, NIST (2023). Accessed 2025-08-24. https://csrc.nist.gov/publications/detail/sp/ 800-55/rev-2/final

    work page 2023

  46. [46]

    Feng, Z.W., Xu, J.K., Mayer, W., Huang, W.Y., He, K.Q., Stumptner, M., Grossmann, G., Zhang, H.Y., Ling, L.: Automatic Semantic Modeling for Struc- tural Data Source with the Prior Knowledge From Knowledge Graph. 2021 IEEE 23rd International Conference on High Performance Computing and Communications, 7th International Conference on Data Science and Syste...

    work page arXiv 2021

  47. [47]

    Future Generation Computer Systems56, 11–26 (2016) https://doi.org/10.1016/j.future.2015.09.025

    Fang, D., Liu, X., Romdhani, I., Jamshidi, P., Pahl, C.: An agility-oriented and fuzziness-embedded semantic model for collaborative cloud service search, retrieval and recommendation. Future Generation Computer Systems56, 11–26 (2016) https://doi.org/10.1016/j.future.2015.09.025

    work page doi:10.1016/j.future.2015.09.025 2016

  48. [48]

    Iorga, M., Feldman, L., Barton, R., Martin, M.J.: NIST Special Publication 500- 325 Recommendations of the National Institute of Standards and Technology (March) (2018)

    work page 2018

  49. [49]

    Bento, A., M´ edini, L., Singh, K., Laforest, F.: Do arduinos dream of efficient reasoners? In: The Semantic Web, pp. 289–304. Springer, Cham (2022)

    work page 2022

  50. [50]

    In: 2022 International Conference on Computer Communications and Networks (ICCCN), pp

    Jadidi, Z., Pal, S., K, N.N., Selvakkumar, A., Chang, C.-C., Beheshti, M., Jol- faei, A.: Security of machine learning-based anomaly detection in cyber physical systems. In: 2022 International Conference on Computer Communications and Networks (ICCCN), pp. 1–7 (2022). https://doi.org/10.1109/ICCCN54977.2022. 9868845

    work page doi:10.1109/icccn54977.2022 2022

  51. [51]

    ACM Transactions on Software Engineering and Methodology32(5), 122–112231 (2023) https://doi.org/10.1145/3597507

    Xu, Q., Ali, S., Yue, T.: Digital twin-based anomaly detection with curriculum 33 learning in cyber-physical systems. ACM Transactions on Software Engineering and Methodology32(5), 122–112231 (2023) https://doi.org/10.1145/3597507

    work page doi:10.1145/3597507 2023

  52. [52]

    Systematic Integration of Digital Twins and Constrained LLMs for Interpretable Cyber-Physical Anomaly Detection

    Kampourakis, K.E., Gkioulos, V., Katsikas, S.: Systematic integration of digital twins and constrained llms for interpretable cyber-physical anomaly detection. arXiv preprint arXiv:2604.03790 (2026) arXiv:2604.03790 [cs.CR]

    work page internal anchor Pith review Pith/arXiv arXiv 2026

  53. [53]

    Sensors25(16) (2025) https://doi.org/10.3390/s25164963

    Sayghe, A.: Digital twin-driven intrusion detection for industrial scada: A cyber- physical case study. Sensors25(16) (2025) https://doi.org/10.3390/s25164963

    work page doi:10.3390/s25164963 2025

  54. [54]

    https://arxiv.org/abs/2512.12112 34

    Nandiya, P., Mohsin, A., Ibrahim, A., Sarker, I.H., Janicke, H.: BRIDG-ICS: AI- Grounded Knowledge Graphs for Intelligent Threat Analytics in Industry 5.0 Cyber-Physical Systems (2026). https://arxiv.org/abs/2512.12112 34

    work page arXiv 2026