• Hybrid digital twins secure IIoT while preserving data privacy • Continual learning adapts models to new threats with low data needs • Hardware-in-the-loop validates detection under realistic conditions • Achieves 97% accuracy with 20 × less training data than full retraining • Scalable framework for resilient anomaly detection in Industry 4.0 The Industrial Internet of Things (IIoT) is increasingly exposed to cyber threats due to its tight integration of operational technology and digital connectivity. Traditional intrusion detection systems (IDSs) often struggle with adaptability, false positives, and operational scalability in dynamic, non-stationary environments. This paper proposes a cyber threat detection framework that integrates hybrid digital twins (DTs) with continual learning to enable reliable and adaptive intrusion detection in realistic IIoT settings. The hybrid DTs act as local mirrors of IIoT devices, preserving sensitive data close to the source while supporting controlled validation of firmware updates and configuration changes. The continual learning mechanism enables the detection model to incrementally adapt to evolving traffic patterns and emerging attacks, mitigating catastrophic forgetting without requiring repeated offline retraining. Experimental validation on benchmark datasets and real IIoT traffic shows that the proposed DT-enabled framework supports stable detection performance over time under bounded memory and incremental update constraints, reflecting realistic deployment conditions. The proposed architecture highlights a practical trade-off between offline optimality and online adaptability, offering a robust, scalable solution for securing IIoT infrastructure that balances continuous operation, reliability, and controlled adaptation.
Piroddi et al. (Sun,) studied this question.