Saturday 01 February 2025
Cybersecurity is a constant battle, with hackers and cyber attackers always looking for new ways to breach security systems and steal sensitive information. To stay ahead of these threats, cybersecurity experts need access to realistic and comprehensive data sets that can be used to train machine learning models and develop more effective detection algorithms.
One way to generate this type of data is through network simulation, which involves creating a virtual environment that mimics real-world networks and simulates various types of malicious activity. This allows researchers to test their detection systems in a controlled setting and see how they perform under different scenarios.
Recently, a team of researchers from the Research Group on Intelligent Engineering and Computing for Advanced Innovation and Development (GECAD) at the Polytechnic of Porto in Portugal has developed a new network simulation solution that uses the Airbus CyberRange platform to generate realistic datasets for Network Intrusion Detection (NID) systems.
The researchers configured a virtual network topology that includes three subnets: Service LAN, User LAN, and SOC LAN. The Service LAN contains various business application services, including an FTP server, a Webserver, and two admin computers running Windows 10 and Ubuntu OS. The User LAN simulates the activity of an enterprise user network, with six hosts running Windows 10 and Ubuntu OS that continuously use the services in the Service LAN.
The researchers then simulated three different attack scenarios: Man-in-the-Middle (MitM), Denial-of-Service (DoS), and Brute-Force (BF). In each scenario, the attackers used different techniques to disrupt the network and gain unauthorized access to sensitive information.
The MitM attack involved the attacker using ARP poisoning to intercept traffic between the Service LAN and User LAN. The DoS attack involved the attacker flooding the network with traffic from multiple hosts, while the BF attack involved the attacker attempting to guess passwords for various services.
By simulating these attacks in a virtual environment, the researchers were able to generate realistic datasets that can be used to train machine learning models and develop more effective detection algorithms. The datasets include information about the types of attacks that occurred, as well as the traffic patterns and protocols used during each attack.
This research has significant implications for cybersecurity experts, who need access to high-quality data sets to stay ahead of emerging threats. By using network simulation to generate realistic datasets, researchers can test their detection systems in a controlled setting and see how they perform under different scenarios.
Cite this article: “Network Simulation Solution Generates Realistic Data Sets for Cybersecurity Research”, The Science Archive, 2025.
Cybersecurity, Network Simulation, Machine Learning, Detection Algorithms, Research Group On Intelligent Engineering And Computing For Advanced Innovation And Development, Airbus Cyberrange, Network Intrusion Detection, Virtual Environment, Man-In-The-Middle Attack, Denial-Of-
