Evaluating Adversary Strategies Through a Security Twin

Adversary simulation using a security twin represents a paradigm shift in proactive cybersecurity, moving beyond static vulnerability scanning to dynamic, behavioral risk assessment. Unlike standard simulations, a security twin ensures fidelity as the twin is synchronized with the live environment. This paper presents a quantitative comparison of four strategies an attacker may use to build intrusions: Greedy Value, Max Probability, Stealth, and Random. The simulations are executed on a security twin of a university network, constructed by the NOTLINE platform. We introduce a novel two-phase Monte Carlo simulation methodology to ensure both the exhaustive discovery of attack paths and the statistical convergence of performance metrics. Our experiments evaluate each strategy under three distinct defensive postures. Results confirm a quantifiable trade-off between the time of an intrusion and detection probability: while aggressive strategies are up to 50% faster, stealth-oriented approaches achieve comparable success rates in high-security environments by evading detection. We further discuss threats to validity related to network scale and modelling abstractions.