The escalating complexity of cyber threats demands a proactive and dynamic security posture, grounded in data-driven intelligence and intelligent automation. Addressing the fundamental asymmetry between adversaries’ speed and human operational limitations requires a paradigm shift. This dissertation explores innovative approaches to cybersecurity, focusing on data-driven detection and mitigation of cyberattacks and the use of intelligent agentic systems to strengthen security operations. The first research axis focuses on detecting and mitigating malicious activity through feature analysis, machine learning, process mining, and ICS honeypots. The second axis explores AI agents to automate security-critical tasks, such as malicious payload classification, generation of Cyber Range scenarios from natural-language specifications, and development of enforceable security policies. A parallel study of LLM security demonstrates how prompt manipulation and inter-agent trust exploitation can subvert agentic pipelines and, in some cases, compromise their hosting environments. The research conducted during the PhD investigates novel data-driven approaches to cyberattack detection and the application of agentic AI in cybersecurity, contributing methodologically to cyber defense and operations while providing a critical analysis of agentic AI systems. It also outlines a responsible and practical roadmap for integrating advanced cybersecurity solutions into future computing environments.
Securing Systems and Data: Attack Detection techniques and Generative AI approaches
Blefari Francesco
2025
Abstract
The escalating complexity of cyber threats demands a proactive and dynamic security posture, grounded in data-driven intelligence and intelligent automation. Addressing the fundamental asymmetry between adversaries’ speed and human operational limitations requires a paradigm shift. This dissertation explores innovative approaches to cybersecurity, focusing on data-driven detection and mitigation of cyberattacks and the use of intelligent agentic systems to strengthen security operations. The first research axis focuses on detecting and mitigating malicious activity through feature analysis, machine learning, process mining, and ICS honeypots. The second axis explores AI agents to automate security-critical tasks, such as malicious payload classification, generation of Cyber Range scenarios from natural-language specifications, and development of enforceable security policies. A parallel study of LLM security demonstrates how prompt manipulation and inter-agent trust exploitation can subvert agentic pipelines and, in some cases, compromise their hosting environments. The research conducted during the PhD investigates novel data-driven approaches to cyberattack detection and the application of agentic AI in cybersecurity, contributing methodologically to cyber defense and operations while providing a critical analysis of agentic AI systems. It also outlines a responsible and practical roadmap for integrating advanced cybersecurity solutions into future computing environments.| File | Dimensione | Formato | |
|---|---|---|---|
|
BLEFARI_PhD_Thesis.pdf
accesso aperto
Descrizione: Versione finale
Tipologia:
Altro materiale allegato
Licenza:
Creative commons
Dimensione
4.77 MB
Formato
Adobe PDF
|
4.77 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
