Jessica Heluany, Ahmed Amro, Vasileios Gkioulos, Sokratis Katsikas. Norwegian University of Science and Technology, Norway.

Abstract:

This research delves into the consolidation of Digital Twin and cyber deception technologies and explores their potential synergy for advancing cybersecurity processes. The study begins with a literature survey and market analysis, revealing a scarcity of mature scientific and commercial contributions in this domain. Most discussions remain theoretical, emphasizing the need for further research to address challenges and practically apply these technologies. Promising applications encompass cyber deception, anomaly detection, and threat intelligence, predominantly utilizing digital twin-based honeypots. The paper contributes by proposing a high-level deception framework tailored for Operational Technology (OT) systems, with seven pivotal functions for a deception network, emphasizing the replication of realistic systems, attracting attackers, controlling connections, monitoring activities, and analyzing detected events. Moreover, an evaluation via a SWOT analysis highlights various strengths, weaknesses, threats, and opportunities inherent in this framework identifying potentially innovative directions such as applications of digital twins, and artificial intelligence. Strengths include improved defender control and enhanced security analysis, while challenges revolve around achieving high realism in digital twins and managing restoration complexities. This study sets a roadmap for further exploration into the effective integration of Digital Twin and honeypot technologies in cybersecurity contexts.