Cybersecurity automation: Federation of semantic modelling, digital twins, and machine reasoning

Author

David Holmes, Edith Cowan UniversityFollow

Author Identifier

David Holmes: http://orcid.org/0000-0002-8644-4387

Date of Award

2025

Document Type

Thesis

Publisher

Edith Cowan University

Degree Name

Doctor of Philosophy

School

School of Science

First Supervisor

Helge Janicke

Second Supervisor

Surya Nepal

Abstract

The increasing complexity and interconnectivity of cyber-physical systems (CPSs) present significant challenges in maintaining cybersecurity resilience. Existing approaches often lack real-time adaptability, scalability, and transparency. This research addresses these limitations by proposing an integrated cybersecurity framework that federates semantic modelling, digital twins (DTs), and rule-based machine reasoning.

The framework uses automated semantic models derived from physical twin metadata, enabling lightweight yet dynamic knowledge representations suitable for resource-constrained environments. A single DT architecture is initially developed to facilitate real-time synchronisation and event monitoring. Building upon this foundation, a dual DT configuration is implemented, separating live telemetry monitoring (Primary DT) from retrospective historical analysis (Secondary DT).

Automated reasoning is realised through a containerised rule engine based on the Rete algorithm. Reasoning rules are grounded in the MITRE ATT&CK framework to enhance explainability and standardisation of threat detection processes. The framework supports both real-time and retrospective security reasoning, leveraging semantic context to detect, infer, and respond to anomalous behaviours within the CPS environment. The integrated system was validated through iterative experimental deployments using a CPS network prototype. Performance benchmarks confirmed the feasibility of maintaining low-latency synchronisation, scalable telemetry processing, and interpretable threat detection even under resource-constrained conditions.

This research contributes to a novel, layered CPS cybersecurity architecture that enhances resilience through real-time semantic synchronisation and hybrid reasoning. The findings address critical gaps identified in the existing literature and offer a basis for future research on scalable, interpretable, and adaptive cybersecurity frameworks for CPS environments.

Related Publications

Holmes, D., Papathanasaki, M., Maglaras, L., Ferrag, M. A., Nepal, S., & Janicke, H. (2021, September). Digital twins and cyber security - solution or challenge? [Paper presentation]. 2021 6th South-East Europe Design Automation, Computer Engineering, Computer Networks and Social Media Conference (SEEDA-CECNSM), Preveza, Greece. https://doi.org/10.1109/SEEDA-CECNSM53056.2021.9566277

https://ro.ecu.edu.au/ecuworkspost2013/11864/

Access Note

Access to this thesis is not available

DOI

10.25958/5tr8-m359

Recommended Citation

Holmes, D. (2025). Cybersecurity automation: Federation of semantic modelling, digital twins, and machine reasoning. Edith Cowan University. https://doi.org/10.25958/5tr8-m359