An Evidence-Based Architecture for Trustworthy Asset Discovery in Cybersecurity-Critical IT Environments

Asset discovery is a fundamental but inherently flawed capability in cybersecurity, as current methodologies frequently confuse preliminary discovery observations with definitive asset inventories, thereby obscuring uncertainty, restricting auditability, and eroding trust in security-critical decision-making. This work addresses the issue of inconsistent asset identification in dynamic IT settings by presenting an evidence-based architectural paradigm that clearly distinguishes observation, identity resolution, and inventory representation. The principal research aim is to develop and authenticate an architecture that maintains discovery evidence, facilitates deterministic, verifiable identity resolution, and supports interpretable inventory derivation. In contrast to state-centric and model-driven methodologies, the proposed architecture enhances (i) traceability through the preservation of time-scoped, method-attributed observations, (ii) identity continuity amidst dynamic conditions such as IP reassignment and infrastructure modifications, and (iii) auditability by facilitating the reconstruction of inventory claims from foundational evidence. An examined proof-of-concept implementation in a controlled yet realistic network environment shows superior identity stability, greater discovery traceability, and retention of historical context relative to traditional inventory models. The results validate the practicality and architectural benefits of the strategy; nevertheless, the evaluation is constrained by a lack of formalised performance indicators and adversarial robustness, which are recognised as priorities for further investigation.