This paper addresses the challenge of quantifying system resilience under cyberattacks by proposing an operation-goal-oriented, interpretable resilience quantification framework. Methodologically, it integrates dynamic resource criticality modeling, multi-objective weighted resilience aggregation, and cross-temporal attack and heterogeneous topology adaptation mechanisms; a reinforcement learning (RL)-based defensive agent is implemented on the CybORG platform. Key contributions include: (1) the first resilience quantification anchored explicitly to security operations objectives, ensuring interpretability; (2) dynamic resilience assessment capability across multi-stage attacks and diverse network topologies; and (3) empirical validation that proactive hardening and rapid recovery constitute two core pathways for enhancing resilience. Experiments demonstrate that the proposed RL policy significantly outperforms heuristic baselines in both mission assurance rate and recovery timeliness.

Cyber resilience is the ability of a system to recover from an attack with minimal impact on system operations. However, characterizing a network's resilience under a cyber attack is challenging, as there are no formal definitions of resilience applicable to diverse network topologies and attack patterns. In this work, we propose a quantifiable formulation of resilience that considers multiple defender operational goals, the criticality of various network resources for daily operations, and provides interpretability to security operators about their system's resilience under attack. We evaluate our approach within the CybORG environment, a reinforcement learning (RL) framework for autonomous cyber defense, analyzing trade-offs between resilience, costs, and prioritization of operational goals. Furthermore, we introduce methods to aggregate resilience metrics across time-variable attack patterns and multiple network topologies, comprehensively characterizing system resilience. Using insights gained from our resilience metrics, we design RL autonomous defensive agents and compare them against several heuristic baselines, showing that proactive network hardening techniques and prompt recovery of compromised machines are critical for effective cyber defenses.