Security through Digital Twin-Based Intrusion Detection: A SWaT Dataset Analysis

Abstract

Digital twin, as a virtual replica of physical entity, offer valuable insights into Industrial Control System (ICS) behavior and characteristics. Leveraging the convergence of digital twins and cybersecurity, this research explores its role in securing critical infrastructure, using the Secure Water Treatment (SWaT) system as a case study. Existing intrusion detection systems (IDS) for SWaT encounter challenges related to requiring huge amounts of a dataset for training, being unable to adopt high data dimensionality, and adaptability to emerging threats. To address these issues, a hybrid digital twin model is proposed, combining physics-based models and data-driven approaches. This model facilitates precise attack localization and explainable IDS outcomes. The method exhibits promising capabilities for enhancing critical infrastructure security and adapting to evolving cyber threats. Experimental results demonstrate the ability to detect eight out of nine attack types.