{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:33:30Z","timestamp":1760747610372,"version":"build-2065373602"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032078933","type":"print"},{"value":"9783032078940","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,18]],"date-time":"2025-10-18T00:00:00Z","timestamp":1760745600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-07894-0_22","type":"book-chapter","created":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:02Z","timestamp":1760728022000},"page":"423-442","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Digital Twin for\u00a0Adaptive Adversary Emulation in\u00a0IIoT Control Networks"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-5115-1802","authenticated-orcid":false,"given":"Javier","family":"Parada","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0545-3191","authenticated-orcid":false,"given":"Cristina","family":"Alcaraz","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8066-9991","authenticated-orcid":false,"given":"Javier","family":"Lopez","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8650-4642","authenticated-orcid":false,"given":"Juan","family":"Caubet","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4099-1422","authenticated-orcid":false,"given":"Rodrigo","family":"Rom\u00e1n","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,18]]},"reference":[{"issue":"3","key":"22_CR1","doi-asserted-by":"publisher","first-page":"1475","DOI":"10.1109\/COMST.2022.3171465","volume":"24","author":"C Alcaraz","year":"2022","unstructured":"Alcaraz, C., Lopez, J.: Digital twin: a comprehensive survey of security threats. IEEE Commun. Surv. Tutor. 24(3), 1475\u20131503 (2022)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"22_CR2","unstructured":"Gartner. Gartner Top 10 Strategic Technology Trends for 2025, 2025. https:\/\/www.gartner.com.au\/en\/articles\/top-technology-trends-2025"},{"key":"22_CR3","doi-asserted-by":"publisher","unstructured":"M\u00f6ller, D.P.F.: Cyberattacker profiles, cyberattack models and scenarios, and cybersecurity ontology. In: Guide to Cybersecurity in Digital Transformation. Advances in Information Security, LNCS, vol. 103, pp. 181\u2013229. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-26845-8_4","DOI":"10.1007\/978-3-031-26845-8_4"},{"key":"22_CR4","unstructured":"Skyquest. Critical Infrastructure Protection Market Size, Share, and Growth Analysis, 2024. https:\/\/www.skyquestt.com\/report\/critical-infrastructure-protection-market"},{"key":"22_CR5","unstructured":"Por, L.Y., et al.: A systematic literature review on the methods and challenges in detecting zero-day attacks: insights from the recent crowdstrike incident. IEEE Access (2024)"},{"key":"22_CR6","unstructured":"Paganini, P.: Schneider Electric CACTUS Ransomware Attack, 2021. https:\/\/securityaffairs.com\/158320\/data-breach\/schneider-electric-cactus-ransomware-attack.html"},{"key":"22_CR7","unstructured":"Kaspersky\u00a0ICS CERT. Q2 2024: A Brief Overview of the Main Incidents in Industrial Cybersecurity, 2024. https:\/\/ics-cert.kaspersky.com\/publications\/reports\/2024\/11\/08\/q2-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity\/"},{"key":"22_CR8","unstructured":"Research and Markets. Threat Hunting Market by Component, Threat Type, Deployment Mode, Industry Verticals - Global Forecast 2025\u20132030, 2024. https:\/\/www.researchandmarkets.com"},{"key":"22_CR9","doi-asserted-by":"crossref","unstructured":"Ajmal, A.B., Shah, M.A., Maple, C., Asghar, M.N., Islam, S.U.: Offensive security: Towards proactive threat hunting via adversary emulation. IEEE Access 9, 126023\u2013126033 (2021)","DOI":"10.1109\/ACCESS.2021.3104260"},{"key":"22_CR10","doi-asserted-by":"crossref","unstructured":"Bhattacharya, A., Ramachandran, T., Banik, S., Dowling, C.P., Bopardikar, S.D.: Automated adversary emulation for cyber-physical systems via reinforcement learning. In: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI), pp. 1\u20136. IEEE, 2020","DOI":"10.1109\/ISI49825.2020.9280521"},{"key":"22_CR11","doi-asserted-by":"crossref","unstructured":"Barricelli, B.R., Casiraghi, E., Fogli, D.: A survey on digital twin: definitions, characteristics, applications, and design implications. IEEE Access 7, 167653\u2013167671 (2019)","DOI":"10.1109\/ACCESS.2019.2953499"},{"issue":"11","key":"22_CR12","doi-asserted-by":"publisher","first-page":"1016","DOI":"10.1016\/j.ifacol.2018.08.474","volume":"51","author":"W Kritzinger","year":"2018","unstructured":"Kritzinger, W., Karner, M., Traar, G., Henjes, J., Sihn, W.: Digital twin in manufacturing: a categorical literature review and classification. Ifac-PapersOnline 51(11), 1016\u20131022 (2018)","journal-title":"Ifac-PapersOnline"},{"key":"22_CR13","doi-asserted-by":"crossref","unstructured":"Atalay, M., Angin, P.: A digital twins approach to smart grid security testing and standardization. In: 2020 IEEE International Workshop on Metrology for Industry 4.0 & IoT, pp. 435\u2013440. IEEE, 2020","DOI":"10.1109\/MetroInd4.0IoT48571.2020.9138264"},{"key":"22_CR14","doi-asserted-by":"crossref","unstructured":"Pooyandeh, M., Sohn, I.: A time-stamp attack on digital twin-based lithium-ion battery monitoring for electric vehicles. In: 2024 International Conference on Artificial Intelligence in Information and Communication (ICAIIC), pp. 499\u2013502. IEEE, 2024","DOI":"10.1109\/ICAIIC60209.2024.10463501"},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"de Azambuja, A.J.G., Giese, T., Sch\u00fctzer, K., Anderl, R., Schleich, B., Almeida, V.R.: Digital twins in industry 4.0 \u2013 opportunities and challenges related to cyber security. Procedia CIRP 121, 25\u201330 (2024). 11th CIRP Global Web Conference (CIRPe 2023)","DOI":"10.1016\/j.procir.2023.09.225"},{"key":"22_CR16","doi-asserted-by":"crossref","unstructured":"H\u00f3u, Z., Li, Q., Foo, E., Dong, J. S., De Souza, P.: A digital twin runtime verification framework for protecting satellites systems from cyber attacks. In: 2022 26th International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 117\u2013122. IEEE, 2022","DOI":"10.1109\/ICECCS54210.2022.00022"},{"key":"22_CR17","doi-asserted-by":"crossref","unstructured":"Eckhart, M., Ekelhart, A.: Towards security-aware virtual environments for digital twins. In: Proceedings of the 4th ACM Workshop on Cyber-physical System Security, pp. 61\u201372, 2018","DOI":"10.1145\/3198458.3198464"},{"key":"22_CR18","doi-asserted-by":"crossref","unstructured":"van der Wal, E.W., El-Hajj, M.: Securing networks of iot devices with digital twins and automated adversary emulation. In: 2022 26th International Computer Science and Engineering Conference (ICSEC), pp. 241\u2013246. IEEE, 2022","DOI":"10.1109\/ICSEC56337.2022.10049355"},{"key":"22_CR19","doi-asserted-by":"crossref","unstructured":"Alcaraz, C., Lopez, J.: Protecting digital twin networks for 6g-enabled industry 5.0 ecosystems. IEEE Netw. Mag. 37(2), 302\u2013308 (2023)","DOI":"10.1109\/MNET.004.2200529"},{"key":"22_CR20","doi-asserted-by":"crossref","unstructured":"Shahin, S., Soubra, H.: An iot adversary emulation prototype tool. In: 2022 5th International Conference on Information and Computer Technologies (ICICT), pp. 7\u201312. IEEE, 2022","DOI":"10.1109\/ICICT55905.2022.00009"},{"key":"22_CR21","doi-asserted-by":"crossref","unstructured":"Sheikhi, S., Kostakos, P.: Cyber threat hunting using unsupervised federated learning and adversary emulation. In: 2023 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 315\u2013320. IEEE, 2023","DOI":"10.1109\/CSR57506.2023.10224990"},{"key":"22_CR22","doi-asserted-by":"crossref","unstructured":"Orbinato, V., Feliciano, M. C., Cotroneo, D., Natella, R.: Laccolith: hypervisor-based adversary emulation with anti-detection. IEEE Trans. Dependable Secure Comput. (2024)","DOI":"10.1109\/TDSC.2024.3376129"},{"key":"22_CR23","unstructured":"Kouremetis, M., et al.: Mirage: cyber deception against autonomous cyber attacks in emulation and simulation. Ann. Telecommun. 1\u201315 (2024)"},{"key":"22_CR24","unstructured":"II Power Laws. Generating network topologies that obey power laws"},{"issue":"4","key":"22_CR25","doi-asserted-by":"publisher","first-page":"145","DOI":"10.1016\/j.ipl.2006.01.007","volume":"98","author":"J Kneis","year":"2006","unstructured":"Kneis, J., M\u00f6lle, D., Richter, S., Rossmanith, P.: Parameterized power domination complexity. Inf. Process. Lett. 98(4), 145\u2013149 (2006)","journal-title":"Inf. Process. Lett."},{"key":"22_CR26","doi-asserted-by":"publisher","unstructured":"Alcaraz, C., Miciolino, E.E., Wolthusen, S.: Multi-round attacks on structural controllability properties for non-complete random graphs. In: Desmedt, Y. (eds.) Information Security. LNCS, vol. 7807, pp. 140\u2013151. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-27659-5_10","DOI":"10.1007\/978-3-319-27659-5_10"},{"key":"22_CR27","doi-asserted-by":"crossref","unstructured":"Clauset, A., Newman, M.E., Moore, C.: Finding community structure in very large networks. Phys. Rev. E 70(6), 066111 (2004)","DOI":"10.1103\/PhysRevE.70.066111"},{"key":"22_CR28","doi-asserted-by":"crossref","unstructured":"Brands, H.: The New Makers of Modern Strategy: From the Ancient World to the Digital Age. Princeton University Press, Princeton (2023)","DOI":"10.1353\/book.111820"},{"key":"22_CR29","unstructured":"Lyon, G.: Nmap network scanning - port scanning techniques, 2025. https:\/\/nmap.org\/book\/man-port-scanning-techniques.html"},{"key":"22_CR30","unstructured":"The\u00a0MITRE Corporation. Common vulnerabilities and exposures (cve), 2025. https:\/\/www.cve.org\/"},{"key":"22_CR31","unstructured":"VulDB. Vuldb - the vulnerability database, 2025. https:\/\/vuldb.com\/"},{"key":"22_CR32","unstructured":"Offensive Security. Exploit database (exploit-db), 2025. https:\/\/www.exploit-db.com\/"},{"key":"22_CR33","unstructured":"Rapid7. Metasploit framework - penetration testing software, 2025. https:\/\/metasploit.com\/"},{"key":"22_CR34","unstructured":"MITRE Corporation. Mitre att &ck framework, 2025. https:\/\/attack.mitre.org\/"},{"key":"22_CR35","doi-asserted-by":"crossref","unstructured":"Kreps, D.M.: Nash equilibrium. In: Game Theory, pp. 167\u2013177. Springer, 1989","DOI":"10.1007\/978-1-349-20181-5_19"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2025"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-07894-0_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,17]],"date-time":"2025-10-17T19:07:12Z","timestamp":1760728032000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-07894-0_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,18]]},"ISBN":["9783032078933","9783032078940"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-07894-0_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,18]]},"assertion":[{"value":"18 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"The authors have no competing interests to declare that are relevant to the content of this article.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclosure of Interests"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Toulouse","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 September 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 September 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.esorics2025.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}