Advanced Attack Graph Framework for Operational Technology: Scalable Modeling, Validation, and Risk Mitigation
Authors Alessio Viticchiè, Alberto Salvatore Colletto, Giulio Sunder, Cataldo Basile, Alessandro Aliberti
Operational Technology (OT) systems are essential for industrial processes but increasingly face cyberthreats due to their integration with IT networks. This paper introduces an advanced framework for modeling, analyzing, and mitigating OT cyber risks using logical attack graphs with OT-specific modeling, including protocols, device hierarchies, and multi-layer dependencies.
To enhance scalability, a novel graph pruning algorithm eliminates 81% to 98% of redundant nodes, reducing complexity while preserving critical attack paths. Additionally, an automated validation pipeline bridges theoretical modeling and real-world applicability by refining attack graphs and providing actionable mitigation insights.
The framework's modular and adaptable design ensures it remains effective in evolving OT environments, addressing emerging threats with high resilience. Validation in realistic OT scenarios confirms its scalability and effectiveness, making it a practical, extensible cybersecurity solution for protecting industrial infrastructures and critical processes from advanced cyber risks.
OTattack graphcybersecurityscalabilityrisk mitigation
ASTERIA - Next Generation EU — PNRR M4C2I2.3
Authors
ASTERIA is the new AlphaWaves project developed within the framework of the CIM4.0 initiative, dedicated to the analysis and simulation of intelligent industrial infrastructures. The initiative aims to create an advanced virtual environment for testing network architectures and emerging technologies in the context of Industry 4.0, combining modeling approaches, digital twins, and machine learning. The project enhances AlphaWaves' expertise in integrating heterogeneous data and developing plug-and-play simulation solutions, designed to accelerate the deployment of secure, resilient, and high-performance industrial systems. ASTERIA is envisioned as a digital laboratory for innovation in production processes, supporting both SMEs and large enterprises in their transition toward the factory of the future.
PNRRIndustry 4.0digital twinmachine learningCIM4.0
Model Development and Validation for Classifying Hypoxia in Military Aircrew Using ECG and Skin Temperature
Authors Maarten P.D. Schadd, Jan Ubbo van Baardewijk, Mattia Tachini Bojczuk, Alessandro Aliberti, Fred L. Vuik, Lotte Linssen, Kaj Gijsbertse, Mark M.J. Houben, Mario Arrigoni-Neri, Boris R.M. Kingma, Eugene P. van Someren
Hypoxia occurs when blood or tissues are deprived of adequate oxygen, posing a significant risk to military aircrew operating at high altitudes due to reduced atmospheric pressure. The danger lies in its subtle symptoms—such as impaired judgment—often unnoticed until serious consequences arise. While hypoxia can be detected using direct (e.g., pulse oximetry), indirect (e.g., PPG), or tissue-level (e.g., NIRS) methods, these are often impractical in flight settings due to motion artifacts, low perfusion, or invasiveness. This study aims to develop and internally validate machine learning models to classify hypoxic conditions in military aircrew members using electrocardiogram (ECG) and skin temperature signals, offering a non-invasive and real-time monitoring approach.
hypoxiaECGmachine learningmilitarywearable sensorsclassification
COMPLAI - Next Generation EU — PNRR Partenariato Esteso SERICS - Spoke 3 "Attacks and Defences"
Authors
COMPLAI is the platform developed by AlphaWaves to revolutionize regulatory compliance assessment in Operational Technology (OT) systems. The project integrates Artificial Intelligence (AI) and Explainable AI (XAI) technologies to analyze security and automate the verification of compliance with regulations such as NIS2, DORA, and the Cyber Resilience Act.
Through advanced threat modeling tools and a custom-designed Compliance Scoring engine, COMPLAI enables continuous monitoring of industrial infrastructures, identifying vulnerabilities, misconfigurations, and high-risk behaviors. The platform stands out for its intuitive interface, scalable architecture, and plug-and-play approach, making it seamlessly integrable into real-world production processes without disrupting operations.
PNRROTcomplianceNIS2DORAAIXAISERICS
NLP-based automated scoring of OT misconfigurations via CWE and CVSS mapping
Authors Mario Todaro, Alberto Salvatore Colletto, Alessio Viticchié, Alessandro Aliberti
Misconfigurations within Operational Technology (OT) environments represent a significant source of cyber risk, often resulting in critical disruptions to industrial processes. However, the absence of standardized methodologies for quantifying their impact hinders effective risk assessment and prioritization. This study proposes a novel and fully automated framework that maps misconfigurations to the Common Weakness Enumeration (CWE) taxonomy through semantic similarity techniques, employing state-of-the-art sentence embedding models and cosine similarity metrics.
The framework enables the computation of quantitative risk indicators by linking the identified CWEs to associated Common Vulnerabilities and Exposures (CVEs) and aggregating their Common Vulnerability Scoring System (CVSS) scores. A voting ensemble of pre-trained language models is introduced to enhance robustness and semantic accuracy. Experimental validation demonstrates improved precision over single-model baselines, confirming the efficacy of the proposed approach.
NLPOTCWECVSScybersecuritymisconfigurations
From Fragmented Data to Smart Conversations in Energy Communities: The GAIA Approach to Cross-Domain IoT Integration
Authors Alessio Viticchié, Felice Cetrone, Roberto Puntorieri, Christian Camarda, Leonardo Napoli, Edoardo Patti, Alessandro Aliberti
In modern digital ecosystems, managing heterogeneous data sources is a significant challenge, particularly within Renewable Energy Communities (RECs), where multiple energy vectors, such as electricity, heating, and water, must be integrated seamlessly. The GAIA meta-platform addresses the persistent fragmentation of IoT ecosystems by enabling federated access, semantic harmonization, and cross-domain analytics across heterogeneous data silos.
Designed to support both expert and non-expert users, GAIA combines modular data processing, a Python SDK, and an AI-driven conversational agent (i.e., GAIA Chat) to facilitate intuitive interaction with multi-source datasets.
IoTenergy communitiesGAIALLMcross-domainsemantic harmonization
A Multi-Agent Framework for Natural Language-Driven Network Simulation
Authors Alberto Salvatore Colletto, Paolo Bonelli Bassano, Alessio Viticchié, Alessandro Aliberti
This paper presents a framework that combines large language models (LLMs) with a multi-agent system (MAS) to automate the translation of natural language instructions into executable network simulations. Designed to improve the usability of traditional simulators, the proposed system enables users, regardless of technical background, to interact with Mininet through intuitive language prompts.
The MAS architecture assigns specific tasks to agents, including input parsing, topology analysis, code generation, execution, and result interpretation. A retrieval-augmented generation (RAG) module boosts contextual understanding by accessing authoritative documentation.
LLMmulti-agentnetwork simulationRAGMininetNLP
Leveraging Large Language Models for OT Network Configuration Analysis
Authors Alberto Salvatore Colletto, Mario Todaro, Alessio Viticchié, Alessandro Aliberti
Operational Technology (OT) networks face growing cybersecurity risks, yet applying best practice guidelines remains difficult—particularly in settings with limited cybersecurity expertise. This paper proposes a modular framework combining a Large Language Model (Llama3 8B Instruct), semantic search (FAISS), and structured prompting to assist in the analysis of OT configurations.
The system extracts best practices from authoritative sources, generates standardized JSON templates for data collection, and leverages a chatbot assistant for compliance validation and mitigation guidance. Experimental results show moderate accuracy (60–66.67%), highlighting both the promise and current limitations of LLM-based security tools.
LLMOTcybersecurityFAISSLlama3configuration analysis
AI-driven automation for industrial digitalization: a scalable framework for network discovery and digital twin deployment
Authors Alessio Viticchié, Alberto Salvatore Colletto, Paolo Bonelli Bassano, Roberto Puntorieri, Alessandro Aliberti
The growing complexity of Industrial Control Systems (ICS) and Operational Technology (OT) networks presents significant challenges in network discovery, device classification, and causal process inference. Traditional methodologies, which depend on manual configurations and static rule-based approaches, often prove inadequate in dynamic industrial environments due to their limited scalability and adaptability.
This paper introduces an AI-driven agentic framework designed to automate these critical processes. The proposed system employs autonomous AI agents for real-time network scanning, device identification through communication pattern analysis, and inference of process dependencies.
AIOTICSdigital twinnetwork discoveryagentic AI
Toward Generalizable and Extensible Workflow Automation for Multi-Source Data Processing
Authors Danial Soltanali Khalili, Alessio Viticchié, Felice Cetrone, Edoardo Patti, Alessandro Aliberti
Modern data-driven applications increasingly demand flexible, scalable, and generalizable solutions to manage complex, heterogeneous workflows. Traditional Workflow Management Systems (WMS) often fall short in dynamic, high-throughput contexts due to their reliance on static configurations and limited adaptability.
This paper introduces a modular and extensible framework for building dynamic data processing pipelines capable of integrating multiple data sources and evolving analytical tasks. The proposed system employs a three-layer architecture to facilitate pipeline construction, validation, and deployment through reusable components and standardized metadata.
workflow automationIoTGAIAdata pipelinemodular framework
Enhancing OT Threat Modelling: An Effective Rule-Based Approach for Attack Graph Generation
Authors Giulio Sunder, Alberto Salvatore Colletto, Sara Raimondi, Cataldo Basile, Alessio Viticchié, Alessandro Aliberti
In today's data-driven world, the interconnection and automation of daily processes have become essential. As the demand for Internet connectivity grows, so does the need for robust cybersecurity measures. Operational Technology (OT), pivotal in controlling critical infrastructures such as power plants and water distribution systems, remains highly vulnerable.
Many OT systems still rely on 'air gaps' for security, a measure increasingly insufficient as more systems connect to the internet for remote operation and data analysis. This article addresses the critical need for enhanced OT security solutions by introducing a novel tool focused on intelligent systems for the effective detection of cyber-attacks.
The tool automates the creation of attack graphs and extracts attack paths from a JSON file describing the OT network. Leveraging the MulVAL attack graph generation engine, it provides a comprehensive visualization of potential attack vectors, enhancing the capability to identify and mitigate security threats in OT environments.
OTattack graphthreat modellingMulVALcybersecurity
GAIA meta-platform: enabling multi-energy vectors data analysis via IoT federation
Authors A Viticchié, F Cetrone, C Camarda, V Vassallo, L Napoli, E Patti, A Aliberti
Despite of the global environmental crisis with record-high CO2 levels, urgent climate action is imperative. The EU's ambitious emission reduction targets and the goal of climate neutrality by 2050 underline the severity of the situation. The Italy case study encounters challenges aligning with these objectives, necessitating significant emission cuts despite advancements in renewable energy and reduced energy consumption. Renewable Energy Communities (RECs) emerge as vital players, focusing on local production, consumption, and management of electrical energy.
Our research introduces the GAIA federated software metaplatform, addressing the lack of multi-energy vector management by integrating diverse Internet-of-Things (IoT) software infrastructures. It simplifies the development of multi-energy vector services by amalgamating data from federated simple vector IoT infrastructures. GAIA aims to bridge the information gap on resource consumption and interconnections, benefiting RECs citizens and service providers.
IoTenergy communitiesGAIAfederated platformrenewable energy
LORAWINE - NODES Cascade Grant (PNRR, D.D. n.1054 june 23rd 2022)
Authors
LORAWINE – Il Vino Si Fa in Vigna
A IoT platform for precisely tracing the entire production and transformation chain in vine sector.
PNRRNODESIoTagriculturewinetraceability
Comparative analysis of neural networks techniques to forecast Airfare Prices
Authors A Aliberti, Y Xin, A Viticchié, E Macii, E Patti
With the growth of the tourism industry, airplanes have become an affordable choice for medium- and long-distance travels. Accurate forecasting of flight tickets helps the aviation industry to match demand, supply flexibly, and optimize aviation resources. Airline companies use dynamic pricing strategies to determine the price of airline tickets to maximize profits.
Our research work provides a systematic comparison of various traditional machine learning methods (i.e., Ridge Regression, Lasso Regression, K-Nearest Neighbor, Decision Tree, XGBoost, Random Forest) and deep learning methods (e.g., Fully Connected Networks, Convolutional Neural Networks, Transformer) to address the problem of airfare prediction. Moreover, we proposed innovative Bayesian neural networks, which represent the first exploitation attempt of Bayesian Inference for the airfare prediction task.
neural networksairfare predictiondeep learningBayesianforecasting
GAIA - NODES Cascade Grant (PNRR, D.D. n.1054 june 23rd 2022)
Authors
GAIA – Gestione Avanzata dell'Idrico e dell'energia nelle comunità Alpine
A platform for a unified and harmonized access to multi-vector data, enabling AI/ML algorithm development.
The GAIA project aim at standardizing the IoT world, by providing a powerful tool to describe data sources and access them in a unified way, as they are one. The focus is on a meta-language to describe data, access it and use it in advanced data analysis methodologies.
PNRRNODESIoTenergyalpine communitiesAI/ML
PEARL - NODES Cascade Grant (PNRR, D.D. n.1054 june 23rd 2022)
Authors
Cybersecurity solution for distributed smart warehouses.
PNRRNODEScybersecuritysmart warehousedistributed systems