Digital-Twin-Based CPS Anomaly Diagnosis and Security Defense Countermeasure Recommendation

Although a cyber-physical system (CPS) enhances the system control flexibility by connecting physical devices to the network, it also increases the possibility of network attacks on the system, which can cause damage to both property and personnel. To achieve CPS security, this article proposes a network security protection method based on a digital twin (DT). By constructing DT models of the CPS physical layer and network layer and collecting real-time data of the system, the system security is improved from several aspects. First, we construct a data-driven behavior model for the CPS physical layer and introduce expert knowledge in order to realize the function of physical layer anomaly diagnosis. Comparisons with related studies show that our method achieves a higher precision, recall rate, and F1 score. Second, we construct an attack graph model for the CPS network layer for CPS network security analysis in order to realize the functions of security risk quantification and security countermeasure recommendation. Finally, we model the interaction between the physical networks and transfer the diagnosis results of the physical layer twin to the network layer twin in order to correct the attack graph. Thus, we achieve an accurate representation of the overall network security situation in real time.