Behind the Paper, News and Opinion, Empower Your Research, From the Editors, After the Paper

Why Smarter Cybersecurity Starts with Better Data

Modern AI is only as effective as the data it learns from. In our latest research, we built a realistic end-to-end threat-hunting framework and a large-scale multiclass cybersecurity dataset to help train intelligent intrusion detection systems against today's evolving cyber threats.

Why Smarter Cybersecurity Starts with Better Data

Artificial intelligence is transforming cybersecurity, but one question is often overlooked:

How do we train AI to recognize modern cyberattacks?

While many intrusion detection systems achieve impressive results, they are frequently trained on outdated or limited datasets that do not fully reflect today's evolving threat landscape. To defend modern networks, AI must first learn from realistic cyber environments. This challenge inspired our latest research.

Building a Realistic Cyber Range

To address this challenge, we designed an end-to-end threat-hunting framework that integrates realistic attack generation, traffic monitoring, dataset construction, feature engineering, and AI-based intrusion detection within a unified pipeline. Figure 1 summarizes the complete workflow developed in this study.

Figure 1. This overview shows the proposed threat-hunting framework, from creating realistic cyberattacks and collecting traffic to dataset creation, feature engineering, AI model development, and real-time intrusion detection.

Instead of relying solely on existing benchmark datasets, we built a controlled cybersecurity laboratory capable of generating realistic network traffic.

Using platforms such as Kali Linux, Snort, Suricata, Wireshark, pfSense, and OWASP BWA, we created an end-to-end framework that captures the complete threat-hunting process—from attack generation and traffic collection to preprocessing, feature engineering, and intelligent intrusion detection.

More Than Another Dataset

Our framework generated over seven million labeled network packets, including normal traffic and 15 modern attack categories, such as SQL Injection, XSS, DDoS, SYN Flood, Port Scanning, Remote Code Execution, SSH/FTP brute-force attacks, and MITM ARP spoofing. Unlike many existing benchmarks, the data were collected from live attack scenarios within a realistic laboratory environment.

Beyond building the framework, we developed a large-scale multiclass benchmark that better reflects modern cyber threats. As highlighted in Figure 2, the dataset combines realistic attack scenarios, live traffic monitoring, comprehensive labeling, and high-performance AI evaluation, providing a valuable resource for future intrusion detection research.

Figure 2. The proposed LSNM2024 dataset features its size, coverage of modern attacks, realistic traffic generation, real-time monitoring, AI readiness, and benchmark performance for intrusion detection.

Putting AI to the Test

We evaluated several machine learning and deep learning models, including decision trees, random forests, logistic regression, neural networks, and CNNs.

The decision tree achieved the best performance, reaching 99.9% detection accuracy with an extremely low prediction latency of 1.1 μs, demonstrating that high-quality data can be just as important as sophisticated AI models.

Why This Matters

As cyber threats continue to evolve, intelligent security systems require realistic data for training and evaluation. We hope this work provides researchers with a practical framework and a modern benchmark that supports the development of more accurate, scalable, and trustworthy intrusion detection systems.

Final Thoughts

Building stronger AI for cybersecurity starts with building better data. By combining realistic traffic generation, comprehensive attack simulation, and intelligent threat detection within a unified framework, we aim to contribute a valuable resource for the next generation of AI-driven cyber defense.

Published article

End-to-End Threat Hunting with a Novel Multiclass Dataset for Intelligent Intrusion Detection

Journal of Computer Virology and Hacking Techniques, 2026.

https://link.springer.com/article/10.1007/s11416-026-00642-z