Towards a unified European Cybersecurity Skills Framework: Structural insights from expert elicitation and international standards Gaetano Perrone, Nicola d’Ambrosio, Roberto D’Isanto, Massimiliano Rak, Lavinia Russo, Simon Pietro Romano, Mario Varlese Array, 2026 The increasing complexity of cyber threats and the widening skills gap in Europe underscore the urgent need for coherent, interoperable strategies to build the cybersecurity workforce. Although several cybersecurity initiatives and frameworks have been proposed, their heterogeneous structures and modelling choices hinder harmonization across education, training, and labour-market ecosystems. The European Cybersecurity Skills Framework (ECSF) represents a major step toward a common European reference model. However, its adoption raises several challenges related to its internal structure and interoperability with other frameworks. This study analyses the ECSF from a structural perspective, focusing on hierarchical organisation, component granularity, and the relationships among roles, tasks, skills, and knowledge. We employ a structured expert elicitation protocol to carry out a comparative structural analysis of eight cybersecurity skills frameworks, including internationally adopted standards such as NICE, SFIA, ESCO, and CyBOK. Based on this analysis, we identify six structural limitations of the ECSF and propose corresponding enhancement strategies to support its evolution toward a more coherent, expressive, and interoperable European framework. The study was conducted in the context of the AKADIMOS project, which aims to support the development of the European Cybersecurity Skills Academy and contribute to a coordinated effort to bridge the cybersecurity skills gap across the European Union.
SMASH: An SDN-MTD framework for efficient honeypot deployment and insider threat mitigation Nicola d’Ambrosio, Claudio Lista, Gaetano Perrone, Simon Pietro Romano Computer Networks, 2025 Conventional cybersecurity tools, such as firewalls and Intrusion Prevention Systems, have been widely employed to protect against digital threats. However, these approaches reveal their inherent limitations as the complexity and sophistication of cyberattacks increase. Consequently, there is a growing demand for more proactive and adaptive cyber-defense strategies. Deception-based techniques, such as Moving Target Defense (MTD) and honeypots, have emerged as powerful approaches to enhance security by confusing and misleading attackers. Despite their potential, deploying these solutions in large-scale network infrastructures poses significant challenges. Manual configuration of honeypots is time-consuming, resource-intensive, and difficult to scale. Moreover, it is mandatory to ensure that honeypots do not become a pivot for attackers to penetrate the enterprise network infrastructure further. To address these issues, we propose “Sdn-Mtd Automated System with Honeypot integration” (SMASH), a framework that leverages Software Defined Networking (SDN) principles in conjunction with MTD and decoy techniques. Following a Design Science approach, we designed, implemented, and evaluated SMASH to overcome these deployment and management challenges. SMASH not only makes it more difficult for attackers to target the production network infrastructure, but also provides valuable real-time threat intelligence by observing attacker behavior. When an intrusion attempt is detected, MTD techniques redirect the attacker to an isolated subnet dedicated to threat monitoring, preventing access to sensitive systems and data. Furthermore, SMASH introduces a flexible and scalable management system that allows automatic deployment, setup, and real-time monitoring of honeypots. This dynamic adaptability allows organizations to scale their defenses in response to evolving threats, significantly enhancing the security posture of real-world enterprise environments.
SCASS: Breaking into SCADA Systems Security Nicola d’Ambrosio, Giulio Capodagli, Gaetano Perrone, Simon Pietro Romano Computers and Security, 2025 Industrial Controls Systems (ICS) represent a relevant target for attackers. In order to prevent such critical security threats, ICS security assessment activities should be conducted. Conventional vulnerability assessment and penetration testing within ICSs are not practicable due to safety risks and cost constraints. To overcome these challenges, security researchers have developed cybersecurity testbeds. However, these testbeds commonly rely on closed components, cannot be extended, and are very expensive. This research investigates how a modular, open-source framework can enhance the development of robust cybersecurity testbeds and facilitate the implementation of digital twins for securing Industrial Control Systems. We present SCASS, a fully customizable testbed designed to replicate complex SCADA and ICS environments with high fidelity. SCASS addresses the need for accessible, scalable platforms by supporting both physical and virtual components while enabling the evaluation of heterogeneous attack scenarios and security methodologies. By combining advanced attack scenarios with an objective comparative analysis against existing testbeds, SCASS demonstrates its ability to fill critical gaps in the ICS security landscape, fostering collaboration and advancing security assessment methodologies.
A cyber-resilient open architecture for drone control Nicola d’Ambrosio, Gaetano Perrone, Simon Pietro Romano, Alberto Urraro Computers and Security, 2025 Unmanned Aerial Vehicles (UAVs) are becoming important tools in both military and civilian sectors. However, the prevalent use of monolithic architectures in contemporary platforms limits the swift integration of new features and significantly hampers the adaptability of UAVs to an ever-changing operational environment. Furthermore, this constantly evolving landscape highlights the inherent complexity of assessing drone safety and security since this process requires managing multiple and rapidly changing variables. Therefore, it is imperative to adopt an open system approach that relies on microservices and virtualization in order to overcome the limits of traditional drone architectures. This study presents a new method that involves breaking down the UAV monolithic system into a network of separate and virtualized components, each holding a single responsibility and designed according to the Open System Architecture (OSA) principle. Moreover, this work proposes a novel cyber-resilience model to determine cyber threats and assess their impact on the system. This approach leverages NIST 800-53, MITRE ATT&CK, STPA-Sec, and Attack Graph in order to identify the sequence of malicious actions that can lead to a specific hazardous scenario. Lastly, we demonstrate the effectiveness of this novel architectural paradigm by developing a software-in-the-loop simulation testbed for fast prototyping new features and validating the results of the cyber-resilience model.
Sniping at web applications to discover input-handling vulnerabilities Ciro Brandi, Gaetano Perrone, Simon Pietro Romano Journal of Computer Virology and Hacking Techniques, 2024 Web applications play a crucial role in modern businesses, offering various services and often exposing sensitive data that can be enticing to attackers. As a result, there is a growing interest in finding innovative approaches for discovering vulnerabilities in web applications. In the evolving landscape of web security, the realm of fuzz testing has garnered substantial attention for its effectiveness in identifying vulnerabilities. However, existing literature has often underemphasized the nuances of web-centric fuzzing methodologies. This article presents a comprehensive exploration of fuzzing techniques specifically tailored to web applications, addressing the gap in the current research. Our work presents a holistic perspective on web-centric fuzzing, introduces a modular architecture that improves fuzzing effectiveness, demonstrates the reusability of certain fuzzing steps, and offers an open-source software package for the broader security community. By addressing these key contributions, we aim to facilitate advancements in web application security, empower researchers to explore new fuzzing techniques, and ultimately enhance the overall cybersecurity landscape.
Prompt Engineering as Code (PEaC): an approach for building modular, reusable, and portable prompts Gaetano Perrone, Simon Pietro Romano 2024 2nd International Conference on Foundation and Large Language Models Fllm 2024, 2024 Prompt engineering is an emerging skill associated with improving the way we interact with Large Language Models (LLMs). However, natural language lacks key features such as modularity, reusability, and portability, which are essential for creating efficient, scalable prompt systems. In programming, these features are managed through Infrastructure as Code (IaC), where developers use modular code to manage infrastructure. This work aims to show how it is possible to achieve the same objective in the prompt engineering sector, too. Prompt Engineering as Code (PEaC) is a novel approach that organizes prompts through a human-readable data serialization language, in order to realize modular, reusable, and portable prompts. We design a syntax language in which prompts can be assembled as modular components, akin to importing functions or defining reusable variables in conventional programming languages. We assess the methodology by showcasing its implementation to multiple LLM-driven applications and evaluating enhancements in prompt management and adaptability. Preliminary findings suggest that PEaC increases prompt reusability, reduces redundancy, and promotes the adaptability of prompt systems across many applications. This method represents progress in the establishment of standardized and scalable engineered prompts.
Securing Industrial Systems: A Testbed for Cyber-Defense Evaluation and Data Collection Raffaele Cuorvo, Nicola d’Ambrosio, Domenico Iorio, Gaetano Perrone, Simon Pietro Romano Proceedings of the 2024 20th International Conference on Network and Service Management AI Powered Network and Service Management for Tomorrow S Digital World Cnsm 2024, 2024 Over recent years, many Industrial Control System (ICS) components have been exposed to both the Internet and corporate networks to enhance the management of industrial processes. However, this increased exposure has often taken place without adequate consideration for cybersecurity, making industrial networks more vulnerable to cyberattacks. In this context, digital twins have emerged as innovative solutions to evaluate novel cyber-defense strategies that can mitigate threats affecting industrial networks. Unfortunately, to the best of the authors’ knowledge, there is no digital twin that is flexible enough to integrate both physical and virtualized components according to user preferences while simultaneously supporting novel approaches based on the Software-Defined Networking (SDN) paradigm. To address these issues, we developed a flexible hybrid/virtual digital twin that mimics a physical Microgrid testbed known as EPIC. Specifically, our solution leverages vir-tualization and containerization to create a lightweight platform that can include the widest possible range of vulnerabilities. Furthermore, we employ Open vSwitch to implement SDN-based methodologies and integrate physical components into our platform. Lastly, we provide a comprehensive tool that collects all possible logs from the testbed.
Hacking Goals: A Goal-Centric Attack Classification Framework Francesco Caturano, Gaetano Perrone, Simon Pietro Romano Lecture Notes in Computer Science Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics, 2020
Towards a unified European Cybersecurity Skills Framework: Structural insights from expert elicitation and international standards G Perrone, N d’Ambrosio, R D’Isanto, M Rak, L Russo, SP Romano, ... Array, 100728 , 2026 2026
Cybersecurity ai: Evaluating agentic cybersecurity in attack/defense ctfs F Balassone, V Mayoral-Vilches, S Rass, M Pinzger, G Perrone, ... arXiv preprint arXiv:2510.17521 , 2025 2025 Citations: 6
SMASH: An SDN-MTD framework for efficient honeypot deployment and insider threat mitigation N d’Ambrosio, C Lista, G Perrone, SP Romano Computer Networks 269, 111327 , 2025 2025 Citations: 7
WebAssembly and security: A review G Perrone, SP Romano Computer Science Review 56, 100728 , 2025 2025 Citations: 15
Scass: Breaking into scada systems security N d’Ambrosio, G Capodagli, G Perrone, SP Romano Computers & Security 151, 104315 , 2025 2025 Citations: 10
A cyber-resilient open architecture for drone control N d’Ambrosio, G Perrone, SP Romano, A Urraro Computers & Security 150, 104205 , 2025 2025 Citations: 13
Prompt Engineering as Code (PEaC): an approach for building modular, reusable, and portable prompts G Perrone, SP Romano 2024 2nd International Conference on Foundation and Large Language Models … , 2024 2024 Citations: 4
Sniping at web applications to discover input-handling vulnerabilities: C. Brandi et al. C Brandi, G Perrone, SP Romano Journal of Computer Virology and Hacking Techniques 20 (4), 641-667 , 2024 2024 Citations: 6
Securing industrial systems: A testbed for cyber-defense evaluation and data collection R Cuorvo, N d’Ambrosio, D Iorio, G Perrone, SP Romano 2024 20th International Conference on Network and Service Management (CNSM), 1-7 , 2024 2024 Citations: 3
Unleashing Exploit-Db Data for the Automated Exploitation of Intentionally Vulnerable Docker Containers G Perrone, SP Romano, N d’Ambrosio, V Pacchiano Available at SSRN 4779063 , 2024 2024 Citations: 3
Scass: Breaking into scada systems security G Perrone, N d’Ambrosio, G Capodagli, SP Romano Available at SSRN 4750612 , 2024 2024 Citations: 1
Web Application Penetration Testing Through Rule-Based Inference on Knowledge Graphs F Caturano, E De Martino, G Perrone, SP Romano 2023 International Conference on Electrical, Computer and Energy … , 2023 2023 Citations: 1
A software-defined approach for mitigating insider and external threats via moving target defense N d'Ambrosio, E Melluso, G Perrone, SP Romano 2023 IEEE Conference on Network Function Virtualization and Software Defined … , 2023 2023 Citations: 7
Including insider threats into risk management through Bayesian threat graph networks N d'Ambrosio, G Perrone, SP Romano Computers & Security 133, 103410 , 2023 2023 Citations: 42
Container-based Virtualization for Ethical Hacking with HOUDINI. D Capone, A Delicato, G Perrone, SP Romano ITASEC , 2023 2023
An automated approach to Web Offensive Security N Auricchio, A Cappuccio, F Caturano, G Perrone, SP Romano Computer Communications , 2022 2022 Citations: 26
Reinforced wavsep: a benchmarking platform for web application vulnerability scanners L Urbano, G Perrone, SP Romano 2022 International Conference on Electrical, Computer and Energy … , 2022 2022 Citations: 12
Exploitwp2docker: a platform for automating the generation of vulnerable wordpress environments for cyber ranges F Caturano, N d’Ambrosio, G Perrone, L Previdente, SP Romano 2022 International Conference on Electrical, Computer and Energy … , 2022 2022 Citations: 8
Dockerized Android: a container-based platform to build mobile Android scenarios for Cyber Ranges D Capone, F Caturano, A Delicato, G Perrone, SP Romano 2022 International Conference on Electrical, Computer and Energy … , 2022 2022 Citations: 8
ThePhish: an Automated Open-Source Phishing Email Analysis Platform. E Galdi, G Perrone, SP Romano ITASEC, 76-101 , 2022 2022 Citations: 5
MOST CITED SCHOLAR PUBLICATIONS
Discovering reflected cross-site scripting vulnerabilities using a multiobjective reinforcement learning environment F Caturano, G Perrone, SP Romano Computers & Security 103, 102204 , 2021 2021 Citations: 52
Including insider threats into risk management through Bayesian threat graph networks N d'Ambrosio, G Perrone, SP Romano Computers & Security 133, 103410 , 2023 2023 Citations: 42
The Docker Security Playground: A hands-on approach to the study of network security G Perrone, SP Romano 2017 Principles, Systems and Applications of IP Telecommunications (IPTComm … , 2017 2017 Citations: 29
An automated approach to Web Offensive Security N Auricchio, A Cappuccio, F Caturano, G Perrone, SP Romano Computer Communications , 2022 2022 Citations: 26
Leveraging AI to optimize website structure discovery during Penetration Testing D Antonelli, R Cascella, G Perrone, SP Romano, A Schiano arXiv preprint arXiv:2101.07223 , 2021 2021 Citations: 19
WebAssembly and security: A review G Perrone, SP Romano Computer Science Review 56, 100728 , 2025 2025 Citations: 15
A cyber-resilient open architecture for drone control N d’Ambrosio, G Perrone, SP Romano, A Urraro Computers & Security 150, 104205 , 2025 2025 Citations: 13
Reinforced wavsep: a benchmarking platform for web application vulnerability scanners L Urbano, G Perrone, SP Romano 2022 International Conference on Electrical, Computer and Energy … , 2022 2022 Citations: 12
Scass: Breaking into scada systems security N d’Ambrosio, G Capodagli, G Perrone, SP Romano Computers & Security 151, 104315 , 2025 2025 Citations: 10
Exploitwp2docker: a platform for automating the generation of vulnerable wordpress environments for cyber ranges F Caturano, N d’Ambrosio, G Perrone, L Previdente, SP Romano 2022 International Conference on Electrical, Computer and Energy … , 2022 2022 Citations: 8
Dockerized Android: a container-based platform to build mobile Android scenarios for Cyber Ranges D Capone, F Caturano, A Delicato, G Perrone, SP Romano 2022 International Conference on Electrical, Computer and Energy … , 2022 2022 Citations: 8
Capturing flags in a dynamically deployed microservices-based heterogeneous environment. F Caturano, G Perrone, SP Romano IPTComm, 1-7 , 2020 2020 Citations: 8
SMASH: An SDN-MTD framework for efficient honeypot deployment and insider threat mitigation N d’Ambrosio, C Lista, G Perrone, SP Romano Computer Networks 269, 111327 , 2025 2025 Citations: 7
A software-defined approach for mitigating insider and external threats via moving target defense N d'Ambrosio, E Melluso, G Perrone, SP Romano 2023 IEEE Conference on Network Function Virtualization and Software Defined … , 2023 2023 Citations: 7
Cybersecurity ai: Evaluating agentic cybersecurity in attack/defense ctfs F Balassone, V Mayoral-Vilches, S Rass, M Pinzger, G Perrone, ... arXiv preprint arXiv:2510.17521 , 2025 2025 Citations: 6
Sniping at web applications to discover input-handling vulnerabilities: C. Brandi et al. C Brandi, G Perrone, SP Romano Journal of Computer Virology and Hacking Techniques 20 (4), 641-667 , 2024 2024 Citations: 6
ThePhish: an Automated Open-Source Phishing Email Analysis Platform. E Galdi, G Perrone, SP Romano ITASEC, 76-101 , 2022 2022 Citations: 5
On-demand Deployment and Orchestration of Cyber Ranges in the Cloud. AP Luise, G Perrone, C Perrotta, SP Romano ITASEC, 80-91 , 2021 2021 Citations: 5
Hacking goals: A goal-centric attack classification framework F Caturano, G Perrone, SP Romano IFIP International Conference on Testing Software and Systems, 296-301 , 2020 2020 Citations: 5
Prompt Engineering as Code (PEaC): an approach for building modular, reusable, and portable prompts G Perrone, SP Romano 2024 2nd International Conference on Foundation and Large Language Models … , 2024 2024 Citations: 4
