Security operations face increasing complexity due to evolving cyber threats and regulatory compliance requirements. Traditional incident response methods often suffer from delayed triage and limited readiness for compliance audits. This paper presents an AI-driven Digital Twin framework designed to simulate and analyze security threats, enabling faster incident triage and improved compliance readiness. The proposed system leverages serverless data engineering pipelines, real-time streaming analytics, and AI/ML-driven anomaly detection models integrated within a sandboxed Digital Twin environment. By orchestrating telemetry ingestion (e.g., logs, IoT sensor data, and network events) with scalable cloud native services, the framework supports high-frequency threat simulations without impacting production systems. Experimental evaluations using synthetic and public cybersecurity datasets (CICIDS2017, UNSW-NB15) demonstrate up to 40% faster compliance reporting, 35% faster incident triage, and improved anomaly detection accuracy compared to both SIEM and SOAR workflows. Unlike traditional cyber ranges or static compliance tools, this work integrates AI-driven anomaly detection with Digital Twin modeling and serverless pipelines, enabling elastic, real-time what-if threat simulations and automated compliance posture reporting validated against SIEM and SOAR baselines.
Venkatesan et al. (Wed,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: