pith. machine review for the scientific record. sign in

arxiv: 2605.12170 · v1 · submitted 2026-05-12 · 💻 cs.CR

Recognition: 2 theorem links

· Lean Theorem

ACTING: A Platform for Cyber Ranges Federation

Aimilia-Bantounax, Antonis Voulgaridis, Christos Laoudias, Dimitris Kavallieros, Eleni Darra, George Sharkov, Giorgos Rizos, Ilias Koritsas, Joao Camacho, Jose Borges, Konstantinos Votis, Kyriakos Christou, Liliana Medina, Maria K. Michael, Maria Michalopoulou, Matteo Merialdo, Nikolai Stoianov, Pavel Varbanov, Philippos Isaia, Stefanos Vrochidis, Stefano Taggi, Theofanis Eleftheriadis, Tim Gerling, Vasilis Ieropoulos

Authors on Pith no claims yet

Pith reviewed 2026-05-13 04:46 UTC · model grok-4.3

classification 💻 cs.CR
keywords cyber rangesfederationexercise description languageautomated evaluationperformance scoringcyber defense trainingmulti-domain exercisesinteroperability
0
0 comments X

The pith

The ACTING platform introduces EDL-FG to automate deployment and evaluation of cyber defense exercises across federated ranges.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents the ACTING platform as a way to connect separate cyber ranges into a single federated system for complex training. It defines EDL-FG, a structured language that describes both the technical setup of ICT and OT environments and the sequence of events, injects, and interactions in an exercise. The platform then uses this description to automatically deploy scenarios across the connected ranges and to collect data for automated performance evaluation and scoring. The authors show that the same approach supports training scenarios that mix civilian and military contexts. If the approach works at scale, it removes the need for manual setup and assessment in each separate range, making large multidomain exercises more practical.

Core claim

ACTING demonstrates that a formal Exercise Description Language (EDL-FG) can capture the infrastructure requirements and the logical flow of cyber events, allowing the same exercise definition to be deployed automatically on any participating cyber range while coordinated data collection produces automated performance evaluation and scoring. The language and platform are shown to support multi-domain scenarios that combine civilian and military operational contexts, extending the federation model developed in the H2020 ECHO project.

What carries the argument

EDL-FG, the Exercise Description Language - First Generation, a structured language that formally specifies both the technical infrastructure for emulating ICT/OT environments and the scenario logic for events, injects, and participant interactions.

If this is right

  • Exercises can be written once and executed on any participating cyber range without custom reconfiguration.
  • Automated data collection across ranges produces consistent performance evaluation and scoring for all trainees.
  • Multi-domain scenarios that mix civilian and military contexts become feasible within a single federated exercise.
  • The federation model from the H2020 ECHO project can be extended with automated evaluation capabilities.
  • Scalable cyber defense training becomes possible without proportional increases in manual setup and assessment effort.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If EDL-FG proves expressive enough for real operational exercises, it could become the basis for a shared standard that lets any compliant cyber range join a larger training network.
  • The same automated evaluation approach might be adapted to measure effectiveness of defensive tools or red-team tactics rather than only human trainees.
  • Federation of ranges could eventually support continuous, on-demand training rather than scheduled large-scale events.
  • Success would reduce the barrier for smaller organizations to participate in high-fidelity, multidomain exercises.

Load-bearing premise

That a single structured language can describe both the technical infrastructure and the full scenario logic of complex multidomain exercises in enough detail for automated deployment and accurate scoring across different cyber ranges.

What would settle it

A side-by-side comparison in which the same complex multidomain exercise is run once with manual deployment and manual scoring on separate ranges and once using EDL-FG on the federated ACTING platform, checking whether deployment time, scenario fidelity, and trainee performance scores match within acceptable error bounds.

Figures

Figures reproduced from arXiv: 2605.12170 by Aimilia-Bantounax, Antonis Voulgaridis, Christos Laoudias, Dimitris Kavallieros, Eleni Darra, George Sharkov, Giorgos Rizos, Ilias Koritsas, Joao Camacho, Jose Borges, Konstantinos Votis, Kyriakos Christou, Liliana Medina, Maria K. Michael, Maria Michalopoulou, Matteo Merialdo, Nikolai Stoianov, Pavel Varbanov, Philippos Isaia, Stefanos Vrochidis, Stefano Taggi, Theofanis Eleftheriadis, Tim Gerling, Vasilis Ieropoulos.

Figure 1
Figure 1. Figure 1: ACTING High-level Design. enabling both simple and complex service definitions. At its core, the SD uses the concept of a Unit, which represents a basic service building block. A service may include one or more Units, supporting both simple and composite services. The following unit types are currently supported: • Content-based Training: A structured learning module or training program for developing cybe… view at source ↗
Figure 2
Figure 2. Figure 2: Snippet of service configurations required for FPE. [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Visualisation of different metric scores for a trainee [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗
Figure 5
Figure 5. Figure 5: ACT-SC-01 network topology diagram subsequent ransomware attack—the scenario highlights how modern threat actors can exploit vulnerabilities across multiple sectors to produce cascading operational effects. By mapping these events to established cybersecurity frameworks, the scenario provides a comprehensive training environment that enables satellite operators and maritime personnel to detect, respond to,… view at source ↗
Figure 6
Figure 6. Figure 6: ACT-SC-02: Cyber-range environment C. Scenario 3: Military Base Classified Information Theft This fictional training scenario focuses on detecting and containing a simulated targeted breach in a high-security mil￾itary environment. Following an initial foothold, the exercise focuses on identifying anomalous authentication patterns and [PITH_FULL_IMAGE:figures/full_fig_p007_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: ACT-SC-03: Cascading effect for cyber-attack in the [PITH_FULL_IMAGE:figures/full_fig_p008_7.png] view at source ↗
read the original abstract

Cyber Defence (CD) training requires interoperable cyber-range environments capable of supporting complex, multidomain exercises across distributed infrastructures. This paper presents three main contributions addressing this challenge. First, we introduce the Exercise Description Language - First Generation (EDL-FG), a structured language for formally describing cyber-range training services and exercises. EDL-FG captures both the technical infrastructure required to emulate ICT/OT environments and the scenario logic governing cyber events, injects, and participant interactions, enabling interoperable and automated scenario deployment across federated Cyber Ranges (CRs). Second, the ACTING platform introduces automated PE and scoring mechanisms that assess trainee actions during exercises through coordinated data collection and analysis across participating CRs. Third, the platform enables multi-domain cyber training scenarios that combine civilian and military operational contexts. Building upon federation capabilities established under the H2020 ECHO project, ACTING demonstrates how interoperable scenario description and automated evaluation support scalable and realistic CD training.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper presents the ACTING platform for federating cyber ranges to support complex, multidomain cyber defense training. Its three main contributions are: (1) the Exercise Description Language - First Generation (EDL-FG), a structured language claimed to formally capture both ICT/OT infrastructure and scenario logic (events, injects, interactions) for interoperable automated deployment across federated CRs; (2) automated performance evaluation (PE) and scoring via coordinated data collection and analysis; and (3) support for multi-domain (civilian-military) scenarios. The work builds on federation capabilities from the H2020 ECHO project.

Significance. If the EDL-FG language and automation mechanisms are shown to be expressive and functional, the platform could meaningfully advance scalable, realistic CD training by reducing manual configuration overhead in federated environments. The emphasis on formal scenario description and automated evaluation addresses real interoperability challenges in distributed cyber ranges. The extension of ECHO federation is a practical strength, but the current manuscript provides no validation data, examples, or formal specifications, so the significance remains prospective rather than demonstrated.

major comments (2)
  1. [§3] §3 (EDL-FG): The central claim that EDL-FG 'formally describ[es]' both technical infrastructure and scenario logic for automated interoperable deployment is unsupported. No grammar, syntax, semantics, or even a single concrete exercise example is provided, making it impossible to assess whether the language can handle complex multidomain exercises as asserted.
  2. [§4] §4 (Automated PE and Scoring): The description of 'coordinated data collection and analysis across participating CRs' for trainee assessment lacks any architecture details, data schemas, scoring algorithms, or pilot results. This absence is load-bearing because the interoperability and automation claims rest on these mechanisms functioning correctly.
minor comments (2)
  1. [Abstract and §1] The abstract and introduction repeat the three contributions without distinguishing what is novel versus what reuses ECHO federation components; a clearer novelty statement would help.
  2. [References] References to H2020 ECHO deliverables are mentioned but not cited with specific document identifiers or URLs, reducing traceability.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed review of our manuscript describing the ACTING platform. The comments accurately note that the current version presents EDL-FG and the automated performance evaluation mechanisms at a high level without the supporting formal details or examples needed to fully substantiate the claims. We respond to each major comment below and will make substantial revisions to address them.

read point-by-point responses

  1. Referee: [§3] §3 (EDL-FG): The central claim that EDL-FG 'formally describ[es]' both technical infrastructure and scenario logic for automated interoperable deployment is unsupported. No grammar, syntax, semantics, or even a single concrete exercise example is provided, making it impossible to assess whether the language can handle complex multidomain exercises as asserted.

    Authors: We acknowledge that the manuscript introduces EDL-FG primarily through its high-level objectives and capabilities without supplying the formal grammar, syntax, semantics, or a worked example. This omission prevents readers from independently verifying the language's expressiveness for multidomain scenarios. In the revised manuscript we will add a dedicated subsection containing the language's syntax definition, core semantic rules, and at least one complete concrete example of a multidomain exercise (including infrastructure description, event sequence, and injects) to demonstrate automated deployment across federated ranges. revision: yes

  2. Referee: [§4] §4 (Automated PE and Scoring): The description of 'coordinated data collection and analysis across participating CRs' for trainee assessment lacks any architecture details, data schemas, scoring algorithms, or pilot results. This absence is load-bearing because the interoperability and automation claims rest on these mechanisms functioning correctly.

    Authors: We agree that the current description of coordinated data collection and scoring is insufficiently detailed to support the interoperability claims. The revised manuscript will expand Section 4 with (i) an architectural diagram and description of the data-collection coordination layer, (ii) the data schemas exchanged between ranges, (iii) the scoring algorithms and their inputs, and (iv) any available pilot or validation results obtained during the ECHO project integration or subsequent internal testing. revision: yes

Circularity Check

0 steps flagged

No significant circularity; platform description without derivations or self-referential claims

full rationale

The manuscript is a systems/platform paper introducing EDL-FG and automated PE mechanisms. It contains no equations, no fitted parameters, no predictions, and no derivation chain. Claims rest on descriptive architecture and prior H2020 ECHO federation work (external project, not self-citation load-bearing for a mathematical result). No self-definitional loops, no renaming of known results as new derivations, and no uniqueness theorems invoked. The central contribution is an engineering description whose validity is open to empirical validation outside the paper; nothing reduces to its own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the assumption that the new language and platform can achieve interoperability and automation as described, with no free parameters or invented entities beyond the platform itself.

axioms (1)
  • domain assumption Federation capabilities from H2020 ECHO project can be extended for automated evaluation.
    The paper states it builds upon these capabilities.

pith-pipeline@v0.9.0 · 5571 in / 1054 out tokens · 42359 ms · 2026-05-13T04:46:22.650708+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

Reference graph

Works this paper leans on

24 extracted references · 24 canonical work pages

  1. [1]

    Understanding cyber ranges: From hype to reality,

    E. C. S. O. (ECSO), “Understanding cyber ranges: From hype to reality,” European Cyber Security Organisation, Tech. Rep., Mar. 2020

    work page 2020

  2. [2]

    Cyber ranges and testbeds for education, training, and research,

    N. Chouliaras, G. Kittes, I. Kantzavelou, L. Maglaras, G. Pantziou, and M. A. Ferrag, “Cyber ranges and testbeds for education, training, and research,”Applied Sciences, vol. 11, no. 4, 2021

    work page 2021

  3. [3]

    Modelling Attack and Defense Scenarios on Federated Cyber Ranges,

    M. M. Yamin and B. Katt, “Modelling Attack and Defense Scenarios on Federated Cyber Ranges,” inIEEE International Conference on Cyber Security and Resilience (CSR), 2025, pp. 771–776

    work page 2025

  4. [4]

    Navigating cyber range feder- ations: an exploration of current landscape, obstacles, and prospects: C. lal et al

    C. Lal, M. M. Yamin, and G. Spathoulas, “Navigating cyber range feder- ations: an exploration of current landscape, obstacles, and prospects: C. lal et al.”International Journal of Information Security, vol. 25, no. 2, p. 53, 2026

    work page 2026

  5. [5]

    The current state of the art and future of european cyber range ecosystem,

    C. Vir ´ag, J. ˇCegan, T. Lieskovan, and M. Merialdo, “The current state of the art and future of european cyber range ecosystem,” in2021 IEEE International Conference on Cyber Security and Resilience (CSR), 2021, pp. 390–395

    work page 2021

  6. [6]

    Federated cyber range challenges,

    B. Nicod `eme, “Federated cyber range challenges,” Master’s Thesis, Universit´e Libre de Bruxelles, 2020, master in Cybersecurity: Corporate Strategies

    work page 2020

  7. [7]

    Design and imple- mentation of multi-cyber range for cyber training and testing,

    M. Park, H. Lee, Y . Kim, K. Kim, and D. Shin, “Design and imple- mentation of multi-cyber range for cyber training and testing,”Applied Sciences, vol. 12, no. 24, 2022

    work page 2022

  8. [8]

    Echo federated cyber range: Towards next- generation scalable cyber ranges,

    N. Oikonomouet al., “Echo federated cyber range: Towards next- generation scalable cyber ranges,” in2021 IEEE International Confer- ence on Cyber Security and Resilience (CSR), 2021, pp. 403–408

    work page 2021

  9. [9]

    Modeling and executing cyber security exercise scenarios in cyber ranges,

    M. M. Yamin and B. Katt, “Modeling and executing cyber security exercise scenarios in cyber ranges,”Computers & Security, vol. 116, p. 102635, 2022

    work page 2022

  10. [10]

    From Concept to Deployment: An AI Assistant for Generating and Configuring Cyber Range Scenarios,

    G. S. Rizos, N. Kopalidis, N. Mengidis, A. Lalas, and K. V otis, “From Concept to Deployment: An AI Assistant for Generating and Configuring Cyber Range Scenarios,” inIEEE International Conference on Cyber Security and Resilience (CSR), 2025, pp. 777–782

    work page 2025

  11. [11]

    Cyber range design framework for cyber security education and training,

    M. N. Katsantonis, A. Manikas, I. Mavridis, and D. Gritzalis, “Cyber range design framework for cyber security education and training,” International Journal of Information Security, vol. 22, no. 4, pp. 1005– 1027, 2023

    work page 2023

  12. [12]

    Train as you fight: Evaluating authentic cybersecurity training in cyber ranges,

    M. Glas, M. Vielberth, and G. Pernul, “Train as you fight: Evaluating authentic cybersecurity training in cyber ranges,” inCHI conference, 2023, pp. 1–19

    work page 2023

  13. [13]

    A study on designing cyber training and cyber range to effectively respond to cyber threats,

    Y . Shin, H. Kwon, J. Jeong, and D. Shin, “A study on designing cyber training and cyber range to effectively respond to cyber threats,” Electronics, vol. 13, no. 19, 2024

    work page 2024

  14. [14]

    A survey on cyber situation-awareness sys- tems: Framework, techniques, and insights,

    H. Alavizadeh, J. Jang-Jaccard, S. Y . Enoch, H. Al-Sahaf, I. Welch, S. A. Camtepe, and D. D. Kim, “A survey on cyber situation-awareness sys- tems: Framework, techniques, and insights,”ACM Computing Surveys, vol. 55, no. 5, pp. 1–37, 2022

    work page 2022

  15. [15]

    Student assessment in cybersecurity training automated by pattern mining and clustering,

    V . ˇSv´abensk`y, J. Vykopal, P. ˇCeleda, K. Tk ´aˇcik, and D. Popovi ˇc, “Student assessment in cybersecurity training automated by pattern mining and clustering,”Education and information technologies, vol. 27, no. 7, pp. 9231–9262, 2022

    work page 2022

  16. [16]

    Automated feedback for participants of hands-on cybersecurity training,

    V . ˇSv´abensk`y, J. Vykopal, P. ˇCeleda, and J. Dovjak, “Automated feedback for participants of hands-on cybersecurity training,”Education and Information Technologies, vol. 29, no. 9, pp. 11 555–11 584, 2024

    work page 2024

  17. [17]

    Automating the genera- tion of cyber range virtual scenarios with VSDL,

    G. Costa, E. Russo, and A. Armando, “Automating the genera- tion of cyber range virtual scenarios with VSDL,”arXiv preprint arXiv:2001.06681, 2020

    work page arXiv 2001

  18. [18]

    Reference for Cyber Modeling & Simulation Study Group, Cyber Data Exchange Model (DEM) Base Objects, Networks, Effects, & Specifications (BONES),

    “Reference for Cyber Modeling & Simulation Study Group, Cyber Data Exchange Model (DEM) Base Objects, Networks, Effects, & Specifications (BONES),” https://cdn.ymaws.com/www.sisostandards. org/resource/resmgr/reference documents /siso-ref-072-2024.pdf, 2024, sISO-REF-072-2024

    work page 2024

  19. [19]

    MITRE ATT&CK,

    The MITRE Corporation, “MITRE ATT&CK,” https://attack.mitre.org/, accessed: 2026-05-05

    work page 2026

  20. [20]

    MITRE D3FEND,

    “MITRE D3FEND,” https://d3fend.mitre.org/, accessed: 2026-05-05

    work page 2026

  21. [21]

    Common Weakness Enumeration (CWE),

    “Common Weakness Enumeration (CWE),” https://cwe.mitre.org/, ac- cessed: 2026-05-05

    work page 2026

  22. [22]

    IEEE Standard for Modeling and Simu- lation (M&S) High Level Architecture (HLA)–Framework and Rules,

    IEEE Standards Association, “IEEE Standard for Modeling and Simu- lation (M&S) High Level Architecture (HLA)–Framework and Rules,” https://standards.ieee.org/ieee/1516/6687/, 2025, iEEE 1516-2025, ac- cessed: 2026-05-05

    work page 2025

  23. [23]

    TOSCA Simple Profile in Y AML Version 1.3,

    OASIS, “TOSCA Simple Profile in Y AML Version 1.3,” https://docs.oasis-open.org/tosca/TOSCA-Simple-Profile-Y AML/ v1.3/os/TOSCA-Simple-Profile-Y AML-v1.3-os.html, 2020, oASIS Standard, 26 February 2020, accessed: 2026-05-05

    work page 2020

  24. [24]

    NICE: Ad- vancing Cyber Education and Workforce,

    National Institute of Standards and Technology, “NICE: Ad- vancing Cyber Education and Workforce,” https://www.nist.gov/itl/ applied-cybersecurity/nice/about, 2017, accessed: 2026-05-05

    work page 2017