Continued time synchronization in the presence of attacks using attack-aware twin

What is claimed is: 1 . An apparatus, comprising: memory to store instructions; and first processing circuitry coupled to the memory, the first processing circuitry to execute the instructions to perform operations for an attack-aware digital twin (AADT), the AADT to simulate operations of a clock manager for a node in a network based on models of the clock manager, the AADT to comprise: a clock manager model to receive time information for a network and generate model clock control information to adjust a clock to a network time for the network, the model clock control information to contain a malicious time sample introduced by a time desynchronization attack in the network; and a model recovery manager to remove the malicious time sample from the model clock control information to adjust the clock to the network time for the network. 2 . The apparatus of claim 1 , comprising a second processing circuitry to execute instructions to perform operations for the clock manager, the clock manager to receive the time information for the network and generate clock control information to adjust the clock to a network time for the network. 3 . The apparatus of claim 2 , comprising: a clock circuitry to manage the clock for the node in the network; and a clock control gate coupled to the clock circuitry, the first processing circuitry, and the second processing circuitry, the clock control gate to control access to the clock of the clock circuitry. 4 . The apparatus of claim 3 , the AADT to comprise a detector to determine the network is operating under attack conditions when an alert message is received from an intrusion detection system (IDS), the detector to send a configuration signal to the clock control gate to configure the clock control gate to pass the model clock control information without the malicious time sample from the AADT to the clock circuitry to adjust the clock to the network time for the network. 5 . The apparatus of claim 3 , the AADT to comprise a detector to determine the network is operating under benign conditions, the detector to send a configuration signal to the clock control gate to configure the clock control gate to pass the clock control information from the clock manager to the clock circuitry to adjust the clock to the network time for the network. 6 . The apparatus of claim 1 , the clock manager model comprising: a protocol computations model to generate a measured offset from the time information; a clock servo model to generate model clock control information to adjust the clock to a network time for the network based on the measured time offset value; and a time synchronization model to generate an expected offset value for the clock based on the model clock control information, the time synchronization model to simulate clock circuitry to manage the clock. 7 . The apparatus of claim 1 , the model recovery manager comprising an attack extractor, the attack extractor to: receive a first expected offset value for the clock based on the model clock control information for a current synchronization cycle; retrieve a second expected offset value for the clock based on model clock control information stored for a previous synchronization cycle; determine a difference value between the first expected offset value and the second expected offset value; and calculate an attack amplitude based on the difference value, the attack amplitude to represent an amount of time offset caused by the time desynchronization attack. 8 . The apparatus of claim 1 , the model recovery manager comprising a sample sanitizer, the sample sanitizer to: identify the malicious time sample in the model clock control information based on an attack amplitude; and remove the malicious time sample from the model clock control information. 9 . The apparatus of claim 1 , the model recovery manager comprising a model rollback controller, the model rollback controller to: roll back state information for the clock manager model to remove the malicious time sample; and roll forward state information for the clock manager model based on the model clock control information without the malicious time sample. 10 . A method, comprising: receiving time information for a network by an attack-aware digital twin (AADT), the AADT to simulate operations of a clock manager for a node in the network based on models of the clock manager; generating model clock control information to adjust a hardware clock to a network time for the network, the model clock control information to contain a malicious time sample introduced by a time desynchronization attack in the network; and removing the malicious time sample from the model clock control information to adjust the hardware clock to the network time for the network. 11 . The method of claim 10 , comprising controlling access to the hardware clock by a clock control gate in response to gate control logic. 12 . The method of claim 11 , comprising: determining the network is operating under attack conditions when an alert message is received from an intrusion detection system (IDS); and sending a configuration signal to the clock control gate to configure the clock control gate to pass the model clock control information without the malicious time sample from the AADT to the hardware clock to adjust the hardware clock to the network time for the network. 13 . The method of claim 11 , comprising: determining the network is operating under benign conditions; and sending a configuration signal to the clock control gate to configure the clock control gate to pass the clock control information from the clock manager to the hardware clock to adjust the hardware clock to the network time for the network. 14 . The method of claim 10 , comprising: generating a measured offset value from the time information using a protocol computations model of a clock manager model for the AADT; generating model clock control information to adjust a hardware clock to a network time for the network based on the measured time offset value using a clock servo model of the clock manager model for the AADT; and generating an expected offset value for the hardware clock based on the model clock control information using a time synchronization model for the clock manager model of the AADT, the time synchronization model to simulate clock circuitry to manage the clock. 15 . The method of claim 10 , comprising: receiving a first expected offset value for the clock based on the model clock control information for a current synchronization cycle by an attack extractor for a model recovery model of the AADT; retrieving a second expected offset value for the clock based on model clock control information stored for a previous synchronization cycle by the attack extractor; determining a difference value between the first expected offset value and the second expected offset value by the attack extractor; and calculating an attack amplitude based on the difference value by the attack extractor, the attack amplitude to represent an amount of time offset caused by the time desynchronization attack. 16 . A non-transitory computer-readable storage medium, the computer-readable storage medium including instructions that when executed by processing circuitry, cause the processing circuitry to: receive time information for a network by an attack-aware digital twin (AADT), the AADT to simulate operations of a clock manager for a node in the network based on physics-aware models; generate model clock control information to adjust a hardware clock to a