Historical data is not always adequate to train AI models to secure ICT infrastructures due to the dynamic risk landscape. This paper introduces a novel methodology that combines AI-driven adversary simulation with digital twin technology to generate synthetic data to train AI models. A security twin extends an infrastructure inventory with information on current vulnerabilities and attacks. By describing threat agents through other twins, we simulate their attack strategies to discover how they exploit the infrastructure’ vulnerabilities and implement their intrusions. A Monte Carlo approach is adopted that runs multiple independent simulations, capturing alternative intrusion scenarios. This method addresses the challenges of data shifts in cybersecurity by producing synthetic data to faithfully describe rapidly evolving environments. This results in more accurate risk management and better resilience. Initial experimental results demonstrate the effectiveness of security twins in assessing and managing the risk due to intrusions. An extension of the digital twin technology to proactive cybersecurity offers significant implications for smart industries, healthcare, and critical infrastructure defence.
AI-enabled Cybersecurity using Synthetic Data
Baiardi, Fabrizio
;Ruggieri, Salvatore
;Sammartino, Vincenzo
2025-01-01
Abstract
Historical data is not always adequate to train AI models to secure ICT infrastructures due to the dynamic risk landscape. This paper introduces a novel methodology that combines AI-driven adversary simulation with digital twin technology to generate synthetic data to train AI models. A security twin extends an infrastructure inventory with information on current vulnerabilities and attacks. By describing threat agents through other twins, we simulate their attack strategies to discover how they exploit the infrastructure’ vulnerabilities and implement their intrusions. A Monte Carlo approach is adopted that runs multiple independent simulations, capturing alternative intrusion scenarios. This method addresses the challenges of data shifts in cybersecurity by producing synthetic data to faithfully describe rapidly evolving environments. This results in more accurate risk management and better resilience. Initial experimental results demonstrate the effectiveness of security twins in assessing and managing the risk due to intrusions. An extension of the digital twin technology to proactive cybersecurity offers significant implications for smart industries, healthcare, and critical infrastructure defence.| File | Dimensione | Formato | |
|---|---|---|---|
|
AI-enabled_Cybersecurity_using_Synthetic_Data.pdf
non disponibili
Tipologia:
Versione finale editoriale
Licenza:
NON PUBBLICO - accesso privato/ristretto
Dimensione
175.37 kB
Formato
Adobe PDF
|
175.37 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
Paper_DIGITA___Washington.pdf
accesso aperto
Tipologia:
Documento in Post-print
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
114.17 kB
Formato
Adobe PDF
|
114.17 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
