CINECA IRIS Institutional Research Information System

Digital twin technology is revolutionizing cyber-security by providing real-time, data-driven replicas of ICT infrastructures without impacting live production systems. We present NotLine, a non-intrusive, fully automated pipeline platform that builds and updates digital twins through the continuous passive collection of multiprotocol network traffic metadata. NotLine filters and normalizes the data to remove noise and then correlates events to generate a dynamic topology graph. This non-intrusive approach enhances network monitoring and mitigates the risks and overhead associated with active scanning. It also offers superior scalability and enables continuous threat hunting, risk assessment, and accelerated remediation. The resulting digital twin extends traditional static inventories with real-time vulnerability mapping through CVE lookups. It also supports AI -driven adversary simulations based on Monte Carlo methods. Furthermore, we explore how integrating non-intrusive host-level telemetry, threat intelligence feeds, and re-inforcement learning can evolve the digital twin into a self-optimizing cybersecurity guardian. Experiments in production environments demonstrate that passive monitoring over extended periods, spanning multiple days, is essential for accurately capturing daily and weekly usage patterns across diverse protocol families. A quantitative analysis is presented that establishes benchmarks for digital twin fidelity in networked environments.

NotLine: A Non-Intrusive Automated Platform to Build a Digital Twin

Fabrizio Baiardi;Vincenzo Sammartino;Salvatore Ruggieri
2025-01-01

Abstract

Digital twin technology is revolutionizing cyber-security by providing real-time, data-driven replicas of ICT infrastructures without impacting live production systems. We present NotLine, a non-intrusive, fully automated pipeline platform that builds and updates digital twins through the continuous passive collection of multiprotocol network traffic metadata. NotLine filters and normalizes the data to remove noise and then correlates events to generate a dynamic topology graph. This non-intrusive approach enhances network monitoring and mitigates the risks and overhead associated with active scanning. It also offers superior scalability and enables continuous threat hunting, risk assessment, and accelerated remediation. The resulting digital twin extends traditional static inventories with real-time vulnerability mapping through CVE lookups. It also supports AI -driven adversary simulations based on Monte Carlo methods. Furthermore, we explore how integrating non-intrusive host-level telemetry, threat intelligence feeds, and re-inforcement learning can evolve the digital twin into a self-optimizing cybersecurity guardian. Experiments in production environments demonstrate that passive monitoring over extended periods, spanning multiple days, is essential for accurately capturing daily and weekly usage patterns across diverse protocol families. A quantitative analysis is presented that establishes benchmarks for digital twin fidelity in networked environments.
2025
979-8-3315-5860-4
4.1 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
NotLine_A_Non-Intrusive_Automated_Platform_to_Build_a_Digital_Twin.pdf

non disponibili

Tipologia: Versione finale editoriale
Licenza: NON PUBBLICO - accesso privato/ristretto
Dimensione 308.35 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
308.35 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Paper_Costruzione_Twin_Monitoraggio__NotLine_.pdf

accesso aperto

Tipologia: Documento in Post-print
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 249.75 kB
Formato Adobe PDF
Visualizza/Apri
249.75 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11568/1336429
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact