{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T15:12:24Z","timestamp":1778857944059,"version":"3.51.4"},"reference-count":83,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T00:00:00Z","timestamp":1773014400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T00:00:00Z","timestamp":1773014400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100024102","name":"SINTEF","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100024102","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Autom Softw Eng"],"published-print":{"date-parts":[[2026,9]]},"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The more critical infrastructures (CIs) being digitized, the more vulnerable they are regarding cyber security attacks. Digitisation-leveraging technologies in the Internet of Things (IoT) and Cyber-Physical Systems (CPS) have been largely adopted for CIs, along with the Digital Twin (DT) paradigm. However, the distributed and heterogeneous nature of IoT or CPS poses significant challenges in safeguarding against diverse attack surfaces, including physical devices, network infrastructures, and third-party integration. To tackle these challenges, we propose an AI-driven DT-based security orchestration automation and response framework (SOAR4BC). Gathering system contexts from the DT in combination with security intelligence from the security tools gives us a holistic context for SOAR, which has not been seen in the existing approaches. We leverage this holistic context into the decision-making core, which utilizes advanced algorithms, like deep reinforcement learning, to generate adaptation recommendations based on incident alerts, risk assessments, and system state observations. By rigorously evaluating tampered data and distributed denial of service (DDoS) scenarios, we validate the SOAR4BC framework\u2019s efficacy in handling security incidents leveraging digital twin environments. We further demonstrate real-world applicability through false-data injection and DoS attacks on an operational electric-vehicle charging testbed, confirming the practical effectiveness of SOAR4BC in securing critical infrastructures. Together, these results establish SOAR4BC as a robust and explainable AI-driven SOAR framework that advances the use of digital twins for cybersecurity in IoT and CPS ecosystems, offering actionable contributions for both research and industrial deployment.<\/jats:p>","DOI":"10.1007\/s10515-026-00612-1","type":"journal-article","created":{"date-parts":[[2026,3,9]],"date-time":"2026-03-09T05:16:21Z","timestamp":1773033381000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["AI-driven digital twin-based security orchestration, automation and response for critical infrastructures"],"prefix":"10.1007","volume":"33","author":[{"given":"Phu","family":"Nguyen","sequence":"first","affiliation":[],"role":[{"role":"author","vocab":"crossref"}]},{"given":"Ashish","family":"Rauniyar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocab":"crossref"}]},{"given":"Jone","family":"Bartel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocab":"crossref"}]},{"given":"Jan","family":"Laufer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocab":"crossref"}]},{"given":"Christos","family":"Dalamagkas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocab":"crossref"}]},{"given":"Klaus","family":"Pohl","sequence":"additional","affiliation":[],"role":[{"role":"author","vocab":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,3,9]]},"reference":[{"key":"612_CR1","doi-asserted-by":"crossref","unstructured":"Akazaki, T., Liu, S., Yamagata, Y., Duan, Y., Hao, J.: Falsification of cyber-physical systems using deep reinforcement learning. In: Formal Methods: 22nd International Symposium, FM 2018, Held as Part of the Federated Logic Conference, FloC 2018, Oxford, UK, July 15\u201317, 2018, Proceedings 22, pp. 456\u2013465 (2018). Springer","DOI":"10.1007\/978-3-319-95582-7_27"},{"issue":"3","key":"612_CR2","doi-asserted-by":"publisher","first-page":"1475","DOI":"10.1109\/COMST.2022.3171465","volume":"24","author":"C Alcaraz","year":"2022","unstructured":"Alcaraz, C., Lopez, J.: Digital twin: A comprehensive survey of security threats. IEEE Commun. Surv. & Tutor. 24(3), 1475\u20131503 (2022)","journal-title":"IEEE Commun. Surv. & Tutor."},{"key":"612_CR3","unstructured":"Ali, T., Kostakos, P.: Huntgpt: Integrating machine learning-based anomaly detection and explainable ai with large language models (llms). arXiv preprint arXiv:2309.16021 (2023)"},{"key":"612_CR4","doi-asserted-by":"crossref","unstructured":"Allison, D., Smith, P., Mclaughlin, K.: Digital twin-enhanced incident response for cyber-physical systems. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2023)","DOI":"10.1145\/3600160.3600195"},{"key":"612_CR5","doi-asserted-by":"publisher","unstructured":"Allison, D., Smith, P., Mclaughlin, K.: Digital twin-enhanced incident response for cyber-physical systems. In: Proceedings of the 18th International Conference on Availability, Reliability and Security. ARES \u201923. Association for Computing Machinery, New York, NY, USA (2023). https:\/\/doi.org\/10.1145\/3600160.3600195","DOI":"10.1145\/3600160.3600195"},{"key":"612_CR6","doi-asserted-by":"crossref","unstructured":"Alskaif, T., Babur, \u00d6., Bordeleau, F., Cleophas, L., Combemale, B., Denil, J., Haugen, \u00d8., Michael, J., Nguyen, P., Seceleanu, T., et al.: Evolution at the core of digital twin engineering (2025)","DOI":"10.1109\/MODELS-C68889.2025.00119"},{"issue":"6","key":"612_CR7","doi-asserted-by":"publisher","first-page":"4004","DOI":"10.1109\/JIOT.2020.3015432","volume":"8","author":"A Alwarafy","year":"2020","unstructured":"Alwarafy, A., Al-Thelaya, K.A., Abdallah, M., Schneider, J., Hamdi, M.: A survey on security and privacy issues in edge-computing-assisted internet of things. IEEE Internet Things J. 8(6), 4004\u20134022 (2020)","journal-title":"IEEE Internet Things J."},{"key":"612_CR8","unstructured":"Anderson, R.L., Harrison, E.K., Collins, M.D., Ramirez, S.J., Yusuff, M.: AI-Driven Orchestration of Multi-Cloud Security Responses (2024)"},{"key":"612_CR9","doi-asserted-by":"crossref","unstructured":"Arulkumaran, K., Deisenroth, M.P., Brundage, M., Bharath, A.A.: A brief survey of deep reinforcement learning. arXiv preprint arXiv:1708.05866 (2017)","DOI":"10.1109\/MSP.2017.2743240"},{"key":"612_CR10","doi-asserted-by":"crossref","unstructured":"Bartwal, U., Mukhopadhyay, S., Negi, R., Shukla, S.: Security orchestration, automation, and response engine for deployment of behavioural honeypots. In: 2022 IEEE Conference on Dependable and Secure Computing (DSC), pp. 1\u20138 (2022)","DOI":"10.1109\/DSC54232.2022.9888808"},{"issue":"2","key":"612_CR11","doi-asserted-by":"publisher","first-page":"65","DOI":"10.3390\/fi16020065","volume":"16","author":"P Bellavista","year":"2024","unstructured":"Bellavista, P., Di Modica, G.: Iotwins: Implementing distributed and hybrid digital twins in industrial manufacturing and facility management settings. Future Int. 16(2), 65 (2024)","journal-title":"Future Int."},{"key":"612_CR12","doi-asserted-by":"publisher","unstructured":"Bharatee, A., Ray, P.K., Subudhi, B., Ghosh, A.: Power management strategies in a hybrid energy storage system integrated ac\/dc microgrid: A review. Energies 15(19) (2022). https:\/\/doi.org\/10.3390\/en15197176","DOI":"10.3390\/en15197176"},{"key":"612_CR13","unstructured":"Carneiro, D., Veloso, P., Guimar\u00e3es, M., Baptista, J., Sousa, M.: A conversational interface for interacting with machine learning models. In: XAILA@ ICAIL. CEUR Workshop Proceedings, vol. 3168. CEUR-WS.org, Aachen, Germany (2021)"},{"key":"612_CR14","doi-asserted-by":"publisher","first-page":"100361","DOI":"10.1016\/j.cosrev.2021.100361","volume":"40","author":"N Chowdhury","year":"2021","unstructured":"Chowdhury, N., Gkioulos, V.: Cyber security training for critical infrastructure protection: A literature review. Comput. Sci. Rev. 40, 100361 (2021)","journal-title":"Comput. Sci. Rev."},{"key":"612_CR15","unstructured":"Chu, Z., Wang, Y., Cui, Q., Li, L., Chen, W., Li, S., Qin, Z., Ren, K.: Llm-guided multi-view hypergraph learning for human-centric explainable recommendation. arXiv preprint arXiv:2401.08217 (2024)"},{"key":"612_CR16","unstructured":"Dave, A.J., Nguyen, T.N., Vilim, R.B.: Integrating llms for explainable fault diagnosis in complex systems. arXiv preprint arXiv:2402.06695 (2024)"},{"key":"612_CR17","doi-asserted-by":"crossref","unstructured":"Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 319\u2013340 (1989)","DOI":"10.2307\/249008"},{"issue":"1","key":"612_CR18","doi-asserted-by":"publisher","first-page":"31","DOI":"10.1109\/TEM.2003.822468","volume":"51","author":"FD Davis","year":"2004","unstructured":"Davis, F.D., Venkatesh, V.: Toward preprototype user acceptance testing of new information systems: implications for software project management. IEEE Trans. Eng. Manage. 51(1), 31\u201346 (2004)","journal-title":"IEEE Trans. Eng. Manage."},{"key":"612_CR19","doi-asserted-by":"publisher","unstructured":"Empl, P., Pernul, G.: Digital-twin-based security analytics for the internet of things. Information 14(2) (2023). https:\/\/doi.org\/10.3390\/info14020095","DOI":"10.3390\/info14020095"},{"key":"612_CR20","doi-asserted-by":"crossref","unstructured":"Empl, P., Schlette, D., Zupfer, D., Pernul, G.: Soar4iot: securing iot assets with digital twins. In: Proceedings of the 17th International Conference on Availability, Reliability and Security, pp. 1\u201310 (2022)","DOI":"10.1145\/3538969.3538975"},{"key":"612_CR21","doi-asserted-by":"crossref","unstructured":"Feit, F., Metzger, A., Pohl, K.: Explaining Online Reinforcement Learning Decisions of Self-Adaptive Systems. arxiv:2210.05931 (2022)","DOI":"10.1109\/ACSOS55765.2022.00023"},{"key":"612_CR22","doi-asserted-by":"crossref","unstructured":"Feng, M., Xu, H.: Deep reinforecement learning based optimal defense for cyber-physical system in presence of unknown cyber-attack. In: 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1\u20138 (2017). IEEE","DOI":"10.1109\/SSCI.2017.8285298"},{"key":"612_CR23","doi-asserted-by":"publisher","unstructured":"Ferry, N., Nguyen, P., Song, H., Novac, P.-E., Lavirotte, S., Tigli, J.-Y., Solberg, A.: Genesis: Continuous orchestration and deployment of smart iot systems. In: 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), vol. 1, pp. 870\u2013875 (2019). https:\/\/doi.org\/10.1109\/COMPSAC.2019.00127","DOI":"10.1109\/COMPSAC.2019.00127"},{"key":"612_CR24","doi-asserted-by":"crossref","unstructured":"Ferry, N., Nguyen, P.H., Song, H., Rios, E., Iturbe, E., Martinez, S., Rego, A.: Continuous deployment of trustworthy smart iot systems. J. Object Technol., 19(2) (2020)","DOI":"10.5381\/jot.2020.19.2.a16"},{"key":"612_CR25","doi-asserted-by":"publisher","unstructured":"Ferry, N., Nguyen, P.H.: Towards model-based continuous deployment of secure iot systems. In: 2019 ACM\/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C), pp. 613\u2013618 (2019). https:\/\/doi.org\/10.1109\/MODELS-C.2019.00093","DOI":"10.1109\/MODELS-C.2019.00093"},{"key":"612_CR26","unstructured":"Fischertechnik: Training factory industry 4.0 24V. https:\/\/www.fischertechnik.de\/en\/products\/industry-and-universities\/training-models\/554868-training-factory-industry-4-0-24v.\u00a0Accessed 16 June 2025"},{"key":"612_CR27","unstructured":"Gao, Y., Sheng, T., Xiang, Y., Xiong, Y., Wang, H., Zhang, J.: Chat-rec: Towards interactive and explainable llms-augmented recommender system. arXiv preprint arXiv:2303.14524 (2023)"},{"key":"612_CR28","doi-asserted-by":"crossref","unstructured":"Ghanadbashi, S., Safavifar, Z., Taebi, F., Golpayegani, F.: Handling uncertainty in self-adaptive systems: an ontology-based reinforcement learning model. J. Reliable Intell. Environ., (2023)","DOI":"10.1007\/s40860-022-00198-x"},{"key":"612_CR29","unstructured":"Ghosh, P., Sadaphal, V.: Jobrecogpt-explainable job recommendations using llms. arXiv preprint arXiv:2309.11805 (2023)"},{"key":"612_CR30","doi-asserted-by":"crossref","unstructured":"Huang, V., Wang, C., Ma, H., Chen, G., Christopher, K.: Cost-aware dynamic multi-workflow scheduling in cloud data center using evolutionary reinforcement learning. In: Service-Oriented Computing - ICSOC 2022, pp. 449\u2013464. Springer, Seville, Spain (2022)","DOI":"10.1007\/978-3-031-20984-0_32"},{"key":"612_CR31","doi-asserted-by":"crossref","unstructured":"Iftikhar, S. et al.: AI-based fog and edge computing: A systematic review, taxonomy and future directions. Internet Things 21 (2023)","DOI":"10.1016\/j.iot.2022.100674"},{"key":"612_CR32","doi-asserted-by":"publisher","DOI":"10.1016\/j.compind.2023.103853","volume":"146","author":"M Isaja","year":"2023","unstructured":"Isaja, M., Nguyen, P., Goknil, A., Sen, S., Husom, E.J., Tverdal, S., Anand, A., Jiang, Y., Pedersen, K.J., Myrseth, P., et al.: A blockchain-based framework for trusted quality data sharing towards zero-defect manufacturing. Comput. Ind. 146, 103853 (2023)","journal-title":"Comput. Ind."},{"key":"612_CR33","doi-asserted-by":"publisher","unstructured":"Islam, C., Babar, M.A., Nepal, S.: A multi-vocal review of security orchestration. ACM Comput. Surv. 52(2) (2019). https:\/\/doi.org\/10.1145\/3305268","DOI":"10.1145\/3305268"},{"key":"612_CR34","doi-asserted-by":"crossref","unstructured":"Islam, C., Babar, M.A., Nepal, S.: Architecture-centric support for integrating security tools in a security orchestration platform. In: Jansen, A., Malavolta, I., Muccini, H., Ozkaya, I., Zimmermann, O. (eds.) Software Architecture, pp. 165\u2013181. Springer, Cham (2020)","DOI":"10.1007\/978-3-030-58923-3_11"},{"key":"612_CR35","doi-asserted-by":"crossref","unstructured":"Islam, C., Babar, M.A., Nepal, S.: Architecture-centric support for integrating security tools in a security orchestration platform. In: Software Architecture: 14th European Conference, ECSA 2020, L\u2019Aquila, Italy, September 14\u201318, 2020, Proceedings 14, pp. 165\u2013181 (2020). Springer","DOI":"10.1007\/978-3-030-58923-3_11"},{"key":"612_CR36","doi-asserted-by":"crossref","unstructured":"Jamil, B., Ijaz, H., Shojafar, M., Munir, K., Buyya, R.: Resource allocation and task scheduling in fog computing and internet of everything environments: A taxonomy, review, and future directions. ACM Comput. Surv. 54(11s) (2022)","DOI":"10.1145\/3513002"},{"key":"612_CR37","doi-asserted-by":"crossref","unstructured":"Jentzsch, S.F., H\u00f6hn, S., Hochgeschwender, N.: Conversational interfaces for explainable ai: a human-centred approach. In: International Workshop on Explainable, Transparent Autonomous Agents and Multi-agent Systems, pp. 77\u201392 (2019). Springer","DOI":"10.1007\/978-3-030-30391-4_5"},{"key":"612_CR38","unstructured":"Jordan, B., Thomson, A.: CACAO Security Playbooks Version 2.0, OASIS Committee Specification 01. https:\/\/docs.oasis-open.org\/cacao\/security-playbooks\/v2.0\/security-playbooks-v2.0.html. Accessed: 15 Jul 2025"},{"issue":"6","key":"612_CR39","doi-asserted-by":"publisher","first-page":"740","DOI":"10.1016\/j.im.2006.05.003","volume":"43","author":"WR King","year":"2006","unstructured":"King, W.R., He, J.: A meta-analysis of the technology acceptance model. Inf. Manag. 43(6), 740\u2013755 (2006)","journal-title":"Inf. Manag."},{"key":"612_CR40","doi-asserted-by":"crossref","unstructured":"Ku\u017aba, M., Biecek, P.: What would you ask the machine learning model? identification of user needs for model explanations based on human-model conversations. In: Joint European Conference on Machine Learning and Knowledge Discovery in Databases, pp. 447\u2013459 (2020). Springer","DOI":"10.1007\/978-3-030-65965-3_30"},{"key":"612_CR41","doi-asserted-by":"crossref","unstructured":"Laitenberger, O., Dreyer, H.M.: Evaluating the usefulness and the ease of use of a web-based inspection data collection tool. In: Proceedings Fifth International Software Metrics Symposium. Metrics (Cat. No. 98TB100262), pp. 122\u2013132 (1998). IEEE","DOI":"10.1109\/METRIC.1998.731237"},{"key":"612_CR42","doi-asserted-by":"crossref","unstructured":"Liao, Q.V., Gruen, D., Miller, S.: Questioning the ai: informing design practices for explainable ai user experiences. In: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, pp. 1\u201315 (2020)","DOI":"10.1145\/3313831.3376590"},{"key":"612_CR43","doi-asserted-by":"crossref","unstructured":"Ma, W., Xu, H.: Skyline-enhanced deep reinforcement learning approach for energy-efficient and qos-guaranteed multi-cloud service composition. Appl. Sci. 13(11) (2023)","DOI":"10.3390\/app13116826"},{"issue":"2","key":"612_CR44","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1007\/s12559-022-10067-7","volume":"15","author":"L Malandri","year":"2023","unstructured":"Malandri, L., Mercorio, F., Mezzanzanica, M., Nobani, N.: Convxai: a system for multimodal interaction with any black-box explainer. Cogn. Comput. 15(2), 613\u2013644 (2023)","journal-title":"Cogn. Comput."},{"issue":"1","key":"612_CR45","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/s10209-014-0348-1","volume":"14","author":"N Maranguni\u0107","year":"2015","unstructured":"Maranguni\u0107, N., Grani\u0107, A.: Technology acceptance model: a literature review from 1986 to 2013. Univ. Access Inf. Soc. 14(1), 81\u201395 (2015)","journal-title":"Univ. Access Inf. Soc."},{"issue":"2","key":"612_CR46","doi-asserted-by":"publisher","first-page":"63","DOI":"10.63282\/3050-922X.IJERET-V6I2P108","volume":"6","author":"A Mareedu","year":"2025","unstructured":"Mareedu, A.: Autonomous security operations centers (soc): Ai agents for threat triage, response, and orchestration. Int. J. Emerging Res. Eng. Technol. 6(2), 63\u201370 (2025). https:\/\/doi.org\/10.63282\/3050-922X.IJERET-V6I2P108","journal-title":"Int. J. Emerging Res. Eng. Technol."},{"key":"612_CR47","doi-asserted-by":"crossref","unstructured":"Metzger, A., Bartel, J., Laufer, J.: An ai chatbot for explaining deep reinforcement learning decisions of service-oriented systems. In: International Conference on Service-Oriented Computing, pp. 323\u2013338 (2023). Springer","DOI":"10.1007\/978-3-031-48421-6_22"},{"key":"612_CR48","doi-asserted-by":"crossref","unstructured":"Metzger, A., Bartel, J., Laufer, J.: An ai chatbot for\u00c2 explaining deep reinforcement learning decisions of\u00c2 service-oriented systems. In: Monti, F., Rinderle-Ma, S., Ruiz Cort\u00e9s, A., Zheng, Z., Mecella, M. (eds.) Service-Oriented Computing, pp. 323\u2013338. Springer, Cham (2023b)","DOI":"10.1007\/978-3-031-48421-6_22"},{"key":"612_CR49","doi-asserted-by":"crossref","unstructured":"Metzger, A., Cassales Marquezan, C.: Future internet apps: The next wave of adaptive service-oriented systems? In: European Conference on a Service-Based Internet, pp. 230\u2013241 (2011). Springer","DOI":"10.1007\/978-3-642-24755-2_22"},{"key":"612_CR50","unstructured":"Microsoft Security: What is SOAR? https:\/\/www.microsoft.com\/en-us\/security\/business\/security-101\/what-is-soar.\u00a0Accessed June 16 2025"},{"key":"612_CR51","doi-asserted-by":"crossref","unstructured":"Mo, R., Xu, X., Zhang, X., Qi, L., Liu, Q.: Computation offloading and resource management for energy and cost trade-offs with deep reinforcement learning in mobile edge computing. In: International Conference on Service-Oriented Computing, pp. 563\u2013577 (2021). Springer","DOI":"10.1007\/978-3-030-91431-8_35"},{"issue":"4","key":"612_CR52","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1109\/52.595956","volume":"14","author":"MG Morris","year":"1997","unstructured":"Morris, M.G., Dillon, A.: How user perceptions influence software use. IEEE Softw. 14(4), 58\u201365 (1997)","journal-title":"IEEE Softw."},{"key":"612_CR53","doi-asserted-by":"crossref","unstructured":"Motger, Q., Franch, X., Marco, J.: Software-based dialogue systems: Survey, taxonomy, and challenges. ACM Comput. Surv. 55(5) (2023)","DOI":"10.1145\/3527450"},{"issue":"1","key":"612_CR54","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1049\/iet-sen.2018.5028","volume":"13","author":"L Mutanu","year":"2019","unstructured":"Mutanu, L., Kotonya, G.: State of runtime adaptation in service-oriented systems: what, where, when, how and right. IET Softw. 13(1), 14\u201324 (2019)","journal-title":"IET Softw."},{"key":"612_CR55","doi-asserted-by":"publisher","unstructured":"Neupane, K.,Haddad, R.,Chen, L.: Next generation firewall for network security: A survey. In: SoutheastCon 2018, pp. 1\u20136 (2018). https:\/\/doi.org\/10.1109\/SECON.2018.8478973","DOI":"10.1109\/SECON.2018.8478973"},{"key":"612_CR56","doi-asserted-by":"publisher","unstructured":"Nguyen, P., Dautov, R., Song, H., Rego, A., Iturbe, E., Rios, E., Sagasti, D., Nicolas, G., Vald\u00e9s, V., Mallouli, W., Cavalli, A., Ferry, N.: Towards smarter security orchestration and automatic response for cps and iot. In: 2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), pp. 298\u2013302 (2023). https:\/\/doi.org\/10.1109\/CloudCom59040.2023.00055","DOI":"10.1109\/CloudCom59040.2023.00055"},{"key":"612_CR57","doi-asserted-by":"publisher","unstructured":"Nguyen, M.-T., Lam, A.N., Nguyen, P., Truong, H.-L.: Security orchestration with explainability for digital twins-based smart systems. In: 2024 IEEE 48th Annual Computers, Software, and Applications Conference (COMPSAC), pp. 1194\u20131203 (2024). https:\/\/doi.org\/10.1109\/COMPSAC61105.2024.00159","DOI":"10.1109\/COMPSAC61105.2024.00159"},{"key":"612_CR58","doi-asserted-by":"publisher","unstructured":"Nguyen, M.-D., Mallouli, W., Cavalli, A.R., Oca, E.: Ai4soar: A security intelligence tool for automated incident response. In: Proceedings of the 19th International Conference on Availability, Reliability and Security. ARES \u201924. Association for Computing Machinery, New York, NY, USA (2024). https:\/\/doi.org\/10.1145\/3664476.3670450","DOI":"10.1145\/3664476.3670450"},{"key":"612_CR59","doi-asserted-by":"crossref","unstructured":"Nguyen, P.H., Rauniyar, A., Niemi, T.V.: Digital twin-based security orchestration, automation and response for iot and cps. In: Rey, G., Tigli, J.-Y., Franquet, E. (eds.) Internet of Things, pp. 243\u2013260. Springer, Cham (2025)","DOI":"10.1007\/978-3-031-81900-1_15"},{"key":"612_CR60","unstructured":"Nguyen, V.B., Schl\u00f6tterer, J., Seifert, C.: Explaining machine learning models in natural conversations: Towards a conversational XAI agent. arXiv:2209.02552 (2022)"},{"key":"612_CR61","doi-asserted-by":"publisher","unstructured":"Nguyen, P., Song, H., Dautov, R., Ferry, N., Rego, A., Rios, E., Iturbe, E., Valdes, V., Cavalli, A.R., Mallouli, W.: Knowledge systematization for security orchestration in cps and iot systems. In: 2025 IEEE International Conference on Cyber Security and Resilience (CSR), pp. 672\u2013678 (2025). https:\/\/doi.org\/10.1109\/CSR64739.2025.11130008","DOI":"10.1109\/CSR64739.2025.11130008"},{"issue":"8","key":"612_CR62","doi-asserted-by":"publisher","first-page":"3779","DOI":"10.1109\/TNNLS.2021.3121870","volume":"34","author":"TT Nguyen","year":"2023","unstructured":"Nguyen, T.T., Reddi, V.J.: Deep reinforcement learning for cyber security. IEEE Trans. Neural Netw. Learn. Syst. 34(8), 3779\u20133795 (2023). https:\/\/doi.org\/10.1109\/TNNLS.2021.3121870","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"612_CR63","doi-asserted-by":"publisher","unstructured":"Noshi, A., Blaser, F.: Integrating artificial intelligence and machine learning for advanced cyber security in SOC operations (2024). https:\/\/doi.org\/10.13140\/RG.2.2.21176.05121","DOI":"10.13140\/RG.2.2.21176.05121"},{"key":"612_CR64","doi-asserted-by":"crossref","unstructured":"Pellissier Tanon, T., Weikum, G., Suchanek, F.: Yago 4: A reason-able knowledge base. In: The Semantic Web: 17th International Conference, ESWC 2020, Heraklion, Crete, Greece, May 31-June 4, 2020, Proceedings 17, pp. 583\u2013596 (2020). Springer","DOI":"10.1007\/978-3-030-49461-2_34"},{"issue":"1","key":"612_CR65","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1186\/s42400-021-00104-7","volume":"5","author":"T Rajmohan","year":"2022","unstructured":"Rajmohan, T., Nguyen, P.H., Ferry, N.: A decade of research on patterns and architectures for iot security. Cybersecurity 5(1), 2 (2022)","journal-title":"Cybersecurity"},{"key":"612_CR66","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2022.111290","volume":"188","author":"MR Razian","year":"2022","unstructured":"Razian, M.R., Fathian, M., Bahsoon, R., Toosi, A.N., Buyya, R.: Service composition in dynamic environments: A systematic review and future directions. J. Syst. Softw. 188, 111290 (2022)","journal-title":"J. Syst. Softw."},{"issue":"8","key":"612_CR67","doi-asserted-by":"publisher","first-page":"4060","DOI":"10.3390\/s23084060","volume":"23","author":"H Riggs","year":"2023","unstructured":"Riggs, H., Tufail, S., Parvez, I., Tariq, M., Khan, M.A., Amir, A., Vuda, K.V., Sarwat, A.I.: Impact, vulnerabilities, and mitigation strategies for cyber-secure critical infrastructure. Sensors 23(8), 4060 (2023)","journal-title":"Sensors"},{"key":"612_CR68","doi-asserted-by":"crossref","unstructured":"Rios, E., Iturbe, E., Rego, A., Ferry, N., Tigli, J.-Y., Lavirotte, S., Rocher, G., Nguyen, P., Song, H., Dautov, R., et al.: The dynabic approach to resilience of critical infrastructures. In: Proceedings of the 18th International Conference on Availability, Reliability and Security, pp. 1\u20138 (2023)","DOI":"10.1145\/3600160.3605055"},{"key":"612_CR69","doi-asserted-by":"publisher","unstructured":"Rios, E., Iturbe, E., Rego, A., Ferry, N., Tigli, J.-Y., Lavirotte, S., Rocher, G., Nguyen, P., Song, H., Dautov, R., Mallouli, W., Cavalli, A.R.: The dynabic approach to resilience of critical infrastructures. In: Proceedings of the 18th International Conference on Availability, Reliability and Security. ARES \u201923. Association for Computing Machinery, New York, NY, USA (2023). https:\/\/doi.org\/10.1145\/3600160.3605055","DOI":"10.1145\/3600160.3605055"},{"key":"612_CR70","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1016\/j.comcom.2022.07.007","volume":"193","author":"ZA Sheikh","year":"2022","unstructured":"Sheikh, Z.A., Singh, Y., Singh, P.K., Ghafoor, K.Z.: Intelligent and secure framework for critical infrastructure (cps): Current trends, challenges, and future scope. Comput. Commun. 193, 302\u2013331 (2022)","journal-title":"Comput. Commun."},{"key":"612_CR71","doi-asserted-by":"crossref","unstructured":"Sikos, L.F.: Cybersecurity knowledge graphs. Knowl. Inf. Syst., 1\u201321 (2023)","DOI":"10.1007\/s10115-023-01860-3"},{"key":"612_CR72","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2025.101547","volume":"31","author":"S Suhail","year":"2025","unstructured":"Suhail, S., Iqbal, M., McLaughlin, K., Lee, B., Imtiaz, B.: A framework for enhancing cyber incident response with security-enhancing digital twins in cyber-physical systems. Internet of Things 31, 101547 (2025). https:\/\/doi.org\/10.1016\/j.iot.2025.101547","journal-title":"Internet of Things"},{"key":"612_CR73","unstructured":"Sutton, R.S., Barto, A.G.: Reinforcement learning: An introduction, 1st edn. MIT Press, Cambridge, MA (1998)"},{"key":"612_CR74","unstructured":"Technicaldada: Pentbox. https:\/\/github.com\/technicaldada\/pentbox.\u00a0Accessed 16 June 2025"},{"key":"612_CR75","unstructured":"Tigli, J.-Y., Lavirotte, S., Rey, G., Hourdin, V., Riveill, M.: Context-aware authorization in highly dynamic environments. arXiv preprint arXiv:1102.5194 (2011)"},{"key":"612_CR76","unstructured":"Vogelsang, K., Steinh\u00fcser, M., Hoppe, U.: A qualitative approach to examine technology acceptance, vol. 1 (2013)"},{"issue":"10","key":"612_CR77","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1145\/2629489","volume":"57","author":"D Vrande\u010di\u0107","year":"2014","unstructured":"Vrande\u010di\u0107, D., Kr\u00f6tzsch, M.: Wikidata: a free collaborative knowledgebase. Commun. ACM 57(10), 78\u201385 (2014)","journal-title":"Commun. ACM"},{"key":"612_CR78","doi-asserted-by":"crossref","unstructured":"Wang, L., Zhang, S., Wang, Y., Lim, E.-P., Wang, Y.: Llm4vis: Explainable visualization recommendation using chatgpt. arXiv preprint arXiv:2310.07652 (2023)","DOI":"10.18653\/v1\/2023.emnlp-industry.64"},{"key":"612_CR79","doi-asserted-by":"crossref","unstructured":"Waszak, M., Lam, A.N., Hoffmann, V., Elves\u00e6ter, B., Mogos, M.F., Roman, D.: Let the asset decide: digital twins with knowledge graphs. In: 2022 IEEE 19th International Conference on Software Architecture Companion (ICSA-C), pp. 35\u201339 (2022). IEEE","DOI":"10.1109\/ICSA-C54293.2022.00014"},{"key":"612_CR80","doi-asserted-by":"crossref","unstructured":"Widyasari, R., Ang, J.W., Nguyen, T.G., Sharma, N., Lo, D.: Demystifying faulty code with llm: Step-by-step reasoning for explainable fault localization. arXiv preprint arXiv:2403.10507 (2024)","DOI":"10.1109\/SANER60148.2024.00064"},{"key":"612_CR81","unstructured":"Wu, X., Zhao, H., Zhu, Y., Shi, Y., Yang, F., Liu, T., Zhai, X., Yao, W., Li, J., Du, M., et al.: Usable xai: 10 strategies towards exploiting explainability in the llm era. arXiv preprint arXiv:2403.08946 (2024)"},{"key":"612_CR82","doi-asserted-by":"crossref","unstructured":"Yu, Z., Zhao, S., Su, T., Liu, W., Liu, X., Wang, G., Wang, Z., Leung, V.C.: Deepscjd: an online deep learning-based model for secure collaborative job dispatching in edge computing. In: International Conference on Service-Oriented Computing, pp. 481\u2013497 (2022). Springer","DOI":"10.1007\/978-3-031-20984-0_34"},{"key":"612_CR83","unstructured":"Zhao, W.X., Zhou, K., Li, J., Tang, T., Wang, X., Hou, Y., Min, Y., Zhang, B., Zhang, J., Dong, Z., et al.: A survey of large language models. arXiv preprint arXiv:2303.18223 (2023)"}],"container-title":["Automated Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-026-00612-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10515-026-00612-1","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10515-026-00612-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T14:30:00Z","timestamp":1778855400000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10515-026-00612-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3,9]]},"references-count":83,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2026,9]]}},"alternative-id":["612"],"URL":"https:\/\/doi.org\/10.1007\/s10515-026-00612-1","relation":{},"ISSN":["0928-8910","1573-7535"],"issn-type":[{"value":"0928-8910","type":"print"},{"value":"1573-7535","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3,9]]},"assertion":[{"value":"21 July 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 February 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"9 March 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}}],"article-number":"61"}}