Please use this identifier to cite or link to this item:
Title: ELEGANT: Security of Critical Infrastructures With Digital Twins
Authors: Sousa, Bruno 
Arieiro, Miguel 
Pereira, Vasco 
Correia, João 
Lourenço, Nuno 
Cruz, Tiago 
Keywords: Digital Twins; SCADA; pipelines; security; programmable logic controllers; DTaaS
Issue Date: 2021
Project: Experiment Enabling Security with Digital Twin Units (ELEGANT) in the 7th Open Call of the Fed4FIRE 
Horizon 2020 Research and Innovation Program under Agreement 732638 
Swiss State Secretariat for Education, Research and Innovation 
Serial title, monograph or event: IEEE Access
Volume: 9
Abstract: The past years have witnessed an increasing interest and concern regarding the development of security monitoring and management mechanisms for Critical Infrastructures, due to their vital role in ensuring the availability of many essential services. This task is not easy due to the speci c characteristics of such systems, and the natural resistance of Critical Infrastructures operators against actions implying downtime. Digital Twins, as accurate virtual models of physical objects or processes, can provide a faithful environment for security analysis or evaluation of potential mitigation strategies to be deployed in face of speci c situations. Nonetheless, their on-premises deployment can be expensive, implying a signi cant CAPEX whose return will depend on the ability to plan and deploy a suitable support infrastructure, as well as implementing ef cient and scalable data collection and processing mechanisms capable of taking advantage of the acquired resources. This paper presents an off-premises approach to design and deploy Digital Twins to secure critical infrastructures, developed in the scope of the ELEGANT project. Such Digital Twins are built using real-time, high delity replicas of Programming Logic Controllers, coupled with scalable and ef cient data collection processes, supporting the development and validation of Machine Learning models to mitigate security threats like Denial of Service attacks. The validation approach of ELEGANT, which leveraged from the capabilities of the Fed4Fire federated testbeds evaluated the feasibility of using cloudi ed Digital Twins, thus converting a signi cant part of the projected CAPEX for the in-premises model into ondemand, pay-as-you-go OPEX, eventually paving the way for the establishment of a DTaaS (Digital Twin as a Service) paradigm. The achieved results demonstrate that the data pipelines providing support for the ELEGANT Digital Twins have low impact in terms of resource usage in Denial of Service and Distributed Denial of Service attack scenarios, when higher volumes of data are generated.
ISSN: 2169-3536
DOI: 10.1109/ACCESS.2021.3100708
Rights: openAccess
Appears in Collections:I&D CISUC - Artigos em Revistas Internacionais

Files in This Item:
File Description SizeFormat
ELEGANT_Security_of_Critical_Infrastructures_With_Digital_Twins.pdf1.81 MBAdobe PDFView/Open
Show full item record

Google ScholarTM




This item is licensed under a Creative Commons License Creative Commons