CSTS: A Canonical Security Telemetry Substrate for AI-Native Cyber Detection
This addresses cross-environment deployment issues in AI-native cyber detection, but appears incremental as it builds on existing abstraction concepts.
The paper tackles the problem of AI-driven cybersecurity systems failing in cross-environment deployment due to fragmented telemetry, and introduces CSTS, an entity-relational abstraction that improves cross-topology transfer and prevents collapse under schema perturbation.
AI-driven cybersecurity systems often fail under cross-environment deployment due to fragmented, event-centric telemetry representations. We introduce the Canonical Security Telemetry Substrate (CSTS), an entity-relational abstraction that enforces identity persistence, typed relationships, and temporal state invariants. Across heterogeneous environments, CSTS improves cross-topology transfer for identity-centric detection and prevents collapse under schema perturbation. For zero-day detection, CSTS isolates semantic orientation instability as a modeling, not schema, phenomenon, clarifying layered portability requirements.