Why Smarter Cybersecurity Starts with Better Data
Published in Social Sciences and Computational Sciences
Why Smarter Cybersecurity Starts with Better Data
Artificial intelligence is transforming cybersecurity, but one question is often overlooked:
How do we train AI to recognize modern cyberattacks?
While many intrusion detection systems achieve impressive results, they are frequently trained on outdated or limited datasets that do not fully reflect today's evolving threat landscape. To defend modern networks, AI must first learn from realistic cyber environments. This challenge inspired our latest research.
Building a Realistic Cyber Range
To address this challenge, we designed an end-to-end threat-hunting framework that integrates realistic attack generation, traffic monitoring, dataset construction, feature engineering, and AI-based intrusion detection within a unified pipeline. Figure 1 summarizes the complete workflow developed in this study.

Figure 1. This overview shows the proposed threat-hunting framework, from creating realistic cyberattacks and collecting traffic to dataset creation, feature engineering, AI model development, and real-time intrusion detection.
Instead of relying solely on existing benchmark datasets, we built a controlled cybersecurity laboratory capable of generating realistic network traffic.
Using platforms such as Kali Linux, Snort, Suricata, Wireshark, pfSense, and OWASP BWA, we created an end-to-end framework that captures the complete threat-hunting process—from attack generation and traffic collection to preprocessing, feature engineering, and intelligent intrusion detection.
More Than Another Dataset
Our framework generated over seven million labeled network packets, including normal traffic and 15 modern attack categories, such as SQL Injection, XSS, DDoS, SYN Flood, Port Scanning, Remote Code Execution, SSH/FTP brute-force attacks, and MITM ARP spoofing. Unlike many existing benchmarks, the data were collected from live attack scenarios within a realistic laboratory environment.
Beyond building the framework, we developed a large-scale multiclass benchmark that better reflects modern cyber threats. As highlighted in Figure 2, the dataset combines realistic attack scenarios, live traffic monitoring, comprehensive labeling, and high-performance AI evaluation, providing a valuable resource for future intrusion detection research.
Figure 2. The proposed LSNM2024 dataset features its size, coverage of modern attacks, realistic traffic generation, real-time monitoring, AI readiness, and benchmark performance for intrusion detection.
Putting AI to the Test
We evaluated several machine learning and deep learning models, including decision trees, random forests, logistic regression, neural networks, and CNNs.
The decision tree achieved the best performance, reaching 99.9% detection accuracy with an extremely low prediction latency of 1.1 μs, demonstrating that high-quality data can be just as important as sophisticated AI models.
Why This Matters
As cyber threats continue to evolve, intelligent security systems require realistic data for training and evaluation. We hope this work provides researchers with a practical framework and a modern benchmark that supports the development of more accurate, scalable, and trustworthy intrusion detection systems.
Final Thoughts
Building stronger AI for cybersecurity starts with building better data. By combining realistic traffic generation, comprehensive attack simulation, and intelligent threat detection within a unified framework, we aim to contribute a valuable resource for the next generation of AI-driven cyber defense.
Published article
End-to-End Threat Hunting with a Novel Multiclass Dataset for Intelligent Intrusion Detection
Journal of Computer Virology and Hacking Techniques, 2026.
https://link.springer.com/article/10.1007/s11416-026-00642-z
Please sign in or register for FREE
If you are a registered user on Research Communities by Springer Nature, please sign in