This study addresses the limited semantic reasoning capability of existing digital twin approaches in cyber-physical systems, which hinders explainable, real-time cybersecurity modeling and threat detection. To overcome this, the authors propose a lightweight, knowledge-driven digital twin framework that integrates deterministic rule-based reasoning with fuzzy logic within a hybrid inference engine for the first time. By leveraging semantic modeling, heterogeneous telemetry data and system relationships are transformed into a machine-interpretable knowledge graph. The approach enables highly interpretable, low-latency, context-aware threat detection without imposing additional system overhead. Experimental results on a representative cyber-physical system platform demonstrate sub-millisecond twin synchronization latency, a 21.5% speedup over purely deterministic reasoning, and significant improvements in detection speed, explainability, and system resilience.

Existing Digital Twin (DT) approaches often lack semantic reasoning capabilities for effective cybersecurity modelling in Cyber-Physical Systems (CPS). This paper presents HySecTwin, a knowledge-driven digital twin architecture that places automated reasoning at the core of real-time threat detection. HySecTwin incorporates semantic modelling to transform heterogeneous CPS telemetry, device attributes, and operational relationships into machine-interpretable representations, combined with an embedded reasoning engine operating over contextualized system states. Unlike opaque detection methods, the framework integrates deterministic rule-based inference with hybrid fuzzy reasoning to generate explicit, interpretable, and auditable security assessments from live device telemetry. This enables context-aware monitoring of complex CPS environments while preserving transparency and trust. Experimental evaluation using a representative CPS testbed and MITRE ATT\&CK campaign-inspired attack scenarios demonstrates sub-millisecond twin synchronization latency and up to 21.5\% faster threat detection compared with deterministic reasoning alone. The results show that semantic modelling, semantic enrichment, and hybrid reasoning improve explainability and resilience without extra system overhead. HySecTwin provides a lightweight, containerized, and extensible framework for secure-by-design digital twin deployments in mission-critical infrastructures