Modern cyber-defense paradigms exhibit a critical epistemological deficit, operating in a reactive posture that is fundamentally outpaced by the operational tempo of automated threats. This research addresses this challenge by proposing a novel, end-to-end framework for proactive cyber resilience. The core problem addressed is the systemic scarcity of timely, contextually relevant data required to model intrusions and, critically, to validate the effectiveness of countermeasures in-silico before live deployment. An architecture is introduced that forges a closed-loop system for autonomous defense evaluation. By integrating a non-intrusively generated Digital Twin of a target infrastructure with an Attacker Twin, the system runs large-scale Monte Carlo simulations to perform a stochastic exploration of the adversarial state-space. The result is a high-fidelity, probabilistic model of the intrusion landscape, termed the Intrusion Graph. The central thesis is that this graph serves not merely as a static analytical instrument, but as the engine for a proactive resilience pipeline. This pipeline transforms cybersecurity from a reactive forensic discipline into a predictive, data-driven science capable of automated hypothesis testing, optimal countermeasure selection, including deception technology, and ultimately autonomous remediation.
A Framework for Proactive Cyber-Resilience
Vincenzo Sammartino
Primo
2025-01-01
Abstract
Modern cyber-defense paradigms exhibit a critical epistemological deficit, operating in a reactive posture that is fundamentally outpaced by the operational tempo of automated threats. This research addresses this challenge by proposing a novel, end-to-end framework for proactive cyber resilience. The core problem addressed is the systemic scarcity of timely, contextually relevant data required to model intrusions and, critically, to validate the effectiveness of countermeasures in-silico before live deployment. An architecture is introduced that forges a closed-loop system for autonomous defense evaluation. By integrating a non-intrusively generated Digital Twin of a target infrastructure with an Attacker Twin, the system runs large-scale Monte Carlo simulations to perform a stochastic exploration of the adversarial state-space. The result is a high-fidelity, probabilistic model of the intrusion landscape, termed the Intrusion Graph. The central thesis is that this graph serves not merely as a static analytical instrument, but as the engine for a proactive resilience pipeline. This pipeline transforms cybersecurity from a reactive forensic discipline into a predictive, data-driven science capable of automated hypothesis testing, optimal countermeasure selection, including deception technology, and ultimately autonomous remediation.| File | Dimensione | Formato | |
|---|---|---|---|
|
Short_Paper_DS_RT__Praga_.pdf
accesso aperto
Tipologia:
Documento in Pre-print
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
168.57 kB
Formato
Adobe PDF
|
168.57 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
