INTRUSION DETECTION–DRIVEN CYBER RESILIENCE ASSESSMENT IN COMPUTER NETWORKS VIA NETWORK TRAFFIC ANALYTICS

Abstract

Cyber resilience has become an increasingly critical requirement for computer networks operating under persistent threats. While Intrusion Detection Systems (IDSs) are ubiquitous in modern infrastructures, their outputs are predominantly utilized for immediate tactical security responses, leaving their potential as dynamic, system-level resilience indicators largely untapped. This paper presents a quantifiable assessment framework that innovatively transforms standard traffic-based IDS outputs into real-time, mathematical cyber resilience metrics. Moving beyond conventional descriptive analysis, the proposed approach formalizes resilience-aware indicators—such as exposure, absorptive capacity, and recovery dynamics—without requiring modifications to existing IDS architectures. The framework is empirically validated using the benchmark CSE-CIC-IDS2018 dataset under persistent disruptive scenarios. Statistical analysis reveals a highly significant correlation (r ≈0.88,p < 0.0001) between the IDS-derived absorptive capacity metric and ground-truth physical network degradation, confirming the operational validity of the proposed constructs. Furthermore, an actionable use case for Network Operations Centers (NOCs) is formulated to demonstrate how these quantifiable metrics can shift security practices from reactive alert handling to strategic, data-driven resilience management. The findings establish a rigorously defined, empirically grounded standard for evaluating cyber resilience using existing network traffic analytics.