Cyber Analytics
From passive network discovery to autonomous remediation — a doctoral treatment of the complete operational security pipeline, built around the Breakwater framework.
The course surveys analytical tools for cybersecurity data and emphasizes how data analytics procedures support defensible cybersecurity policy decisions across discovery, diagnostics, vulnerability assessment, risk modeling, simulation, cryptographic readiness, federated intelligence, supply-chain integrity, deception, formal verification, and closed-loop remediation.
Textbook Chapters
Twelve doctoral-level chapters covering the complete operational security pipeline. Each chapter includes figures, code examples, and lab exercises.
Network Discovery and Asset Inventory
ARP harvesting, mDNS/SSDP browsing, fping sweeps, and TCP connect probing to build a complete asset inventory.
Service Enrichment and Device Fingerprinting
nmap service detection, HTTP banner scraping, TLS certificate inspection, JARM fingerprinting, and ONVIF/RTSP probing.
Vulnerability Assessment
CPE construction, NVD API lookups, CVSS scoring, OpenVAS integration, and default credential testing.
Attack Graph Analytics and Risk Scoring
NetworkX-based attack graph construction, Breakwater Risk Score computation, MITRE ATT&CK mapping, and STIX export.
Prescriptive Analytics, Autonomous Penetration Testing
PPO reinforcement-learning agent, rule-based campaign orchestrator, and three safety modes for controlled exploitation.
Simulation Analytics: Digital Twin and Remediation Simulation
SDN-based digital twin creation, Docker environment mirroring, scenario engine, and remediation simulation.
Post-Quantum Cryptographic Readiness
Post-quantum algorithm assessment, harvest-now-decrypt-later risk scoring, and NIST PQC migration planning.
Federated Threat Intelligence Network
SCAFFOLD federated learning for threat intelligence sharing with differential privacy and Byzantine fault tolerance.
Supply Chain Integrity and Counterfeit Detection
SBOM generation and analysis, counterfeit component detection, and EU Cyber Resilience Act compliance.
Active Deception and Threat Hunting
Adaptive honeypots, RL Chameleon engine for dynamic decoy behavior, and MITRE TTP annotation of attacker telemetry.
Formal Protocol Verification
Applied pi calculus modeling, Dolev-Yao attacker model, and automated ProVerif-style verification of security protocols.
Autonomous Remediation and Safety Verification
Plan/approve/execute remediation pipeline, Vault credential rotation, micro-segmentation, and safety guarantees.
PDF Library
Separate print-ready access for the textbook and slides. Textbook pages print cleanly; slide PDF views render the actual visual slide content instead of a title-only outline.