Cyber Range-Based Network Traffic Analysis for Attack Detection

Syam Sai Siddabhattula (Saint Louis University), Dr. Maria Weber (Saint Louis University)

Cyber attacks on modern networks are becoming increasingly complex, making it difficult for traditional security systems to detect and respond to threats effectively. Many existing solutions rely on predefined rules or signatures, which often fail to identify new or evolving attack patterns. This creates a need for more flexible and adaptive approaches to understanding and mitigating cyber threats. This work proposes the use of a cyber range environment to simulate realistic network attack scenarios and study attacker behavior in a controlled setting. The cyber range will be used to create virtual network infrastructures where different types of attacks, such as intrusion attempts and lateral movement, can be executed safely. During these experiments, network traffic and system logs will be captured and analyzed to identify patterns associated with malicious activity. By examining how attacks propagate through the network, this study aims to gain deeper insights into attacker strategies and network vulnerabilities. The collected data can be used to explore improved methods for detecting anomalies and enhancing existing intrusion detection mechanisms. In addition, the work considers how programmable network techniques could be used to respond dynamically to detected threats. The expected outcome of this research is a better understanding of network-level attack behavior and the development of more effective approaches for detecting and mitigating cyber threats. This work also contributes to cybersecurity education by providing a practical framework for experimentation and analysis using cyber range environments.