An optimized learning approach for enhancing the security of digital twin-enabled industrial systems from distributed denial-of-service attacks

Abstract

During the revolution of Industry 4.0, digital twin technology is transforming industrial operations by creating digital models of physical assets, processes, and systems. This innovation enables real-time monitoring, predictive maintenance, and enhanced decision-making capabilities. However, as digital twins become integral to industrial environments, they also introduce new cybersecurity challenges, particularly in the form of distributed denial-of-service (DDoS) attacks, which can disrupt operations and compromise data integrity. This study investigates the resilience of digital twin-based industrial organizations in cyberattack scenarios, specifically focusing on the impacts of DDoS attacks on functional and financial performance. In this paper, a hybrid DDoS attack detection model is introduced, integrating multiple techniques for data preprocessing, feature selection, dimensionality reduction, and classification . To address the class imbalance issue,Synthetic Minority Over-sampling Technique (SMOTE) is applied during preprocessing. Feature selection is performed using filter-based methods, including Information Gain, Gain Ratio, ANOVA F-statistic, Pearson Correlation, and the technique for order preference by similarity to ideal solution (TOPSIS), a multi-criteria decision-making method. To enhance computational efficiency, principal component analysis (PCA) is used for dimensionality reduction, preserving critical information while reducing redundancy. For classification, an extreme learning machine (ELM) is optimized using the particle swarm optimization (PSO) algorithm, improving generalization, preventing overfitting, and ensuring faster convergence. The experiment is conducted using the publicly available CICDDoS2019 dataset in both standalone and cloud-based environments with configurations of vCPU-4, vCPU-8, and vCPU-16. Additionally, a 5-fold stratified cross-validation approach is employed to enhance the model’s generalization performance and ensure robustness across different data distributions. The experimental results indicate that the proposed model achieves a 99.97% detection accuracy and an AUC score of 0.99 in the cloud environment with vCPU-16 and 64GB RAM, outperforming traditional algorithms in DDoS detection. The experimental study finds that increased computational resources improve performance, indicating the model’s adaptability. As digital twins rely on seamless physical-virtual communication, DDoS attacks threaten synchronization, latency, and reliability. The proposed detection approach enhances resilience, minimizes downtime, and preserves process integrity, contributing to secure and robust digital twin architectures in Industry 4.0.