<p>Insider threats and real-time cyberattacks in Operational Technology (OT) and Information Technology (IT) systems remain inadequately addressed by current detection frameworks that lack simulation, adaptive learning, and auditability. This limitation leaves interconnected systems within the national critical infrastructure (NCI) vulnerable to both internal and external exploits. To bridge this gap, this study proposes a Digital Twin Security Framework Architecture (DTSFA) that integrates Digital Twin simulation, Blockchain, an adaptive classifier, and a novel “Grey Team” concept. The Grey Team supplements the traditional red/blue team methodology by simulating realistic insider attack scenarios, providing deeper insights into complex threat dynamics. The proposed framework enhances training, evaluation, and real-time response to diverse cyber threats. Experimental results demonstrate a 92.14% detection accuracy, a 1.47-s latency, and measurable performance gains, including 14.06% delay reduction and 13.03% improvement in security response time, validating the framework’s ability to strengthen resilience and safeguard critical infrastructure against evolving cyberattacks.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Building resilient national critical infrastructure: A digital twin-based framework for comprehensive insider and external threat detection

  • Radhia Khdhir,
  • Amina Magdich,
  • Mourad Elloumi,
  • Somia Asklany,
  • Rim Hamdaoui,
  • Ghulam Abbas,
  • Ali Elrashidi

摘要

Insider threats and real-time cyberattacks in Operational Technology (OT) and Information Technology (IT) systems remain inadequately addressed by current detection frameworks that lack simulation, adaptive learning, and auditability. This limitation leaves interconnected systems within the national critical infrastructure (NCI) vulnerable to both internal and external exploits. To bridge this gap, this study proposes a Digital Twin Security Framework Architecture (DTSFA) that integrates Digital Twin simulation, Blockchain, an adaptive classifier, and a novel “Grey Team” concept. The Grey Team supplements the traditional red/blue team methodology by simulating realistic insider attack scenarios, providing deeper insights into complex threat dynamics. The proposed framework enhances training, evaluation, and real-time response to diverse cyber threats. Experimental results demonstrate a 92.14% detection accuracy, a 1.47-s latency, and measurable performance gains, including 14.06% delay reduction and 13.03% improvement in security response time, validating the framework’s ability to strengthen resilience and safeguard critical infrastructure against evolving cyberattacks.