OTSEC OTSEC
Sign in Enroll
Research project

NeuroTwin — security data, fed into digital twins

An ongoing research project combining deep OT protocol analysis with machine learning, to produce digital twins that are predictive and adaptive — not just reflective.

Bridging the gap

In Operational Technology, the convergence of physical and digital systems is the path to greater efficiency, reliability, and safety in critical infrastructure. NeuroTwin is an effort to push that convergence further: not just analyzing OT network traffic, but using ML to build an innovative digital-twin model.

Traditionally, digital twins have relied on information from ICS/SCADA systems. That approach misses the valuable data sitting inside security OT monitoring tools like Intrusion Detection Systems. Their primary purpose is security, but they also surface operational insights that conventional digital-twin frameworks routinely overlook.

The untapped potential of OT security data

IDS and other security monitoring tools excel at safeguarding network perimeters — but their potential to enrich digital twins with operational data remains largely unrealized. Limitations exist: incomplete visibility, the trade-off between performance and protocol coverage. But the upside outweighs the challenges.

Why OT traffic analysis is hard

Extracting valuable insights from OT traffic has two key challenges. The first is the diversity of OT protocols — open-source libraries provide broad protocol understanding but at the cost of performance and resource efficiency. There's a real trade-off between comprehensiveness and practicality.

The second is real-time, or near real-time, monitoring. Deep protocol analysis can be crucial, but performing it without impacting system responsiveness is a balancing act.

"Slow techniques" for deep extraction

To overcome those constraints, NeuroTwin uses what I call slow techniques for data extraction. In contrast to real-time monitoring's focus on speed, this method prioritizes the depth and detail of protocol information. By meticulously dissecting OT protocols, the project constructs a dataset that feeds machine-learning algorithms with unprecedented granularity.

That rich dataset becomes the foundation for a digital-twin model that does more than mirror the physical system's current state. Powered by ML, the twin becomes predictive and adaptive — offering foresight into potential issues and optimal operational adjustments.

Status

Active research. Findings will be published as articles and folded into the training curriculum where relevant.