An improved core network that includes a network resilience system that can detect network function virtualization (NFV)-implemented nodes that have been compromised and/or that are no longer operational, remove such nodes from the virtual network environment, and restart the removed nodes in a last-known good state is described herein. For example, the network resilience system can use health status messages provided by nodes, intrusion data provided by intrusion detection agents running on nodes, and/or operational data provided by the nodes as applied to machine learning models to identify nodes that may be compromised and/or non-operational. Once identified, the network resilience system can delete these nodes and restart or restore the nodes using the last-known good state.