Why Smarter Cybersecurity Starts with Better Data

Modern AI is only as effective as the data it learns from. In our latest research, we built a realistic end-to-end threat-hunting framework and a large-scale multiclass cybersecurity dataset to help train intelligent intrusion detection systems against today's evolving cyber threats.
Like

Share this post

Choose a social network to share with, or copy the URL to share elsewhere

This is a representation of how your post may appear on social media. The actual post will vary between social networks

Explore the Research

Springer Paris
Springer Paris Springer Paris

End-to-end threat hunting with a novel multiclass dataset for intelligent intrusion detection - Journal of Computer Virology and Hacking Techniques

Traditional rule-based intrusion detection systems are increasingly ineffective against modern and rapidly evolving cyber threats, creating the need for intelligent and scalable intrusion detection frameworks supported by realistic datasets. Existing IDS benchmarks often suffer from limitations such as outdated attack scenarios, limited multiclass coverage, and insufficient realism in traffic generation and monitoring environments. Therefore, this paper aims to develop an intelligent end-to-end threat-hunting framework supported by a novel large-scale multiclass intrusion detection dataset generated within a controlled cybersecurity laboratory environment designed to emulate realistic network conditions. The proposed dataset contains more than 7 million labeled network packets, including benign traffic and 15 modern cyberattack categories such as MITM ARP Spoofing, SSH/FTP brute-force attacks, SQL Injection, XSS, Port Scanning, Remote Code Execution, SYN Flood, and multiple DDoS variants. The proposed framework integrates realistic traffic generation, data acquisition, preprocessing, feature engineering, multiclass labeling, and intelligent intrusion detection using several supervised ML and DL models, including Naïve Bayes, Logistic Regression, Random Forest, Decision Trees, Feedforward Neural Networks, Multi-Layer Perceptron, and Convolutional Neural Networks. Traffic generation and monitoring were performed using real-world attacker tools and security platforms, including Kali Linux, Snort, Suricata, Wireshark, pfSense, and OWASP BWA. Experimental results demonstrate that the Decision Tree model achieved the highest overall performance, with detection accuracy reaching 99.9% and prediction latency as low as 1.1 μs. The findings confirm the effectiveness of the proposed framework for scalable real-time intrusion detection and cyber threat analysis. Compared with traditional IDS benchmarks such as NSL-KDD, UNSW-NB15, and CICIDS2017, the proposed dataset provides more realistic multiclass attack generation and live traffic monitoring within a unified experimental environment.

Why Smarter Cybersecurity Starts with Better Data

Artificial intelligence is transforming cybersecurity, but one question is often overlooked:

How do we train AI to recognize modern cyberattacks?

While many intrusion detection systems achieve impressive results, they are frequently trained on outdated or limited datasets that do not fully reflect today's evolving threat landscape. To defend modern networks, AI must first learn from realistic cyber environments. This challenge inspired our latest research.

Building a Realistic Cyber Range

To address this challenge, we designed an end-to-end threat-hunting framework that integrates realistic attack generation, traffic monitoring, dataset construction, feature engineering, and AI-based intrusion detection within a unified pipeline. Figure 1 summarizes the complete workflow developed in this study.

Figure 1. This overview shows the proposed threat-hunting framework, from creating realistic cyberattacks and collecting traffic to dataset creation, feature engineering, AI model development, and real-time intrusion detection.

Instead of relying solely on existing benchmark datasets, we built a controlled cybersecurity laboratory capable of generating realistic network traffic.

Using platforms such as Kali Linux, Snort, Suricata, Wireshark, pfSense, and OWASP BWA, we created an end-to-end framework that captures the complete threat-hunting process—from attack generation and traffic collection to preprocessing, feature engineering, and intelligent intrusion detection.

More Than Another Dataset

Our framework generated over seven million labeled network packets, including normal traffic and 15 modern attack categories, such as SQL Injection, XSS, DDoS, SYN Flood, Port Scanning, Remote Code Execution, SSH/FTP brute-force attacks, and MITM ARP spoofing. Unlike many existing benchmarks, the data were collected from live attack scenarios within a realistic laboratory environment.

Beyond building the framework, we developed a large-scale multiclass benchmark that better reflects modern cyber threats. As highlighted in Figure 2, the dataset combines realistic attack scenarios, live traffic monitoring, comprehensive labeling, and high-performance AI evaluation, providing a valuable resource for future intrusion detection research.

Figure 2. The proposed LSNM2024 dataset features its size, coverage of modern attacks, realistic traffic generation, real-time monitoring, AI readiness, and benchmark performance for intrusion detection.

Putting AI to the Test

We evaluated several machine learning and deep learning models, including decision trees, random forests, logistic regression, neural networks, and CNNs.

The decision tree achieved the best performance, reaching 99.9% detection accuracy with an extremely low prediction latency of 1.1 μs, demonstrating that high-quality data can be just as important as sophisticated AI models.

Why This Matters

As cyber threats continue to evolve, intelligent security systems require realistic data for training and evaluation. We hope this work provides researchers with a practical framework and a modern benchmark that supports the development of more accurate, scalable, and trustworthy intrusion detection systems.

Final Thoughts

Building stronger AI for cybersecurity starts with building better data. By combining realistic traffic generation, comprehensive attack simulation, and intelligent threat detection within a unified framework, we aim to contribute a valuable resource for the next generation of AI-driven cyber defense.

Published article

End-to-End Threat Hunting with a Novel Multiclass Dataset for Intelligent Intrusion Detection

Journal of Computer Virology and Hacking Techniques, 2026.

https://link.springer.com/article/10.1007/s11416-026-00642-z

Please sign in or register for FREE

If you are a registered user on Research Communities by Springer Nature, please sign in

Follow the Topic

Mobile and Network Security
Mathematics and Computing > Computer Science > Data and Information Security > Mobile and Network Security
Data and Information Security
Mathematics and Computing > Computer Science > Data and Information Security
Artificial Intelligence
Mathematics and Computing > Computer Science > Artificial Intelligence
Computer and Information Systems Applications
Mathematics and Computing > Computer Science > Computer and Information Systems Applications
Machine Learning
Mathematics and Computing > Computer Science > Artificial Intelligence > Machine Learning
Cybercrime
Humanities and Social Sciences > Society > Criminology > Cybercrime