Generative AI For Network Attack Modelling And Cyber Defence Improvements

Research led by Harshith Kumar Pedarla demonstrates how Generative Adversarial Networks simulate realistic network attacks to improve intrusion detection. By augmenting synthetic data, the study addressed performance gaps in real-world botnet traffic datasets like CTU-13. This approach allows security teams to model evolving threats and evaluate zero-trust architectures responsibly without exposing production systems to live exploits.

By Sathish Raman

Updated: Wednesday, February 4, 2026, 15:24 [IST]

Add as a preferred source on Google

Cyber threats today look very different from the ones security systems were originally built to handle. Attacks are no longer static or easy to recognize. They adapt, hide within encrypted traffic, unfold across multiple stages, and are often designed to bypass traditional detection techniques. While cloud platforms process massive volumes of network activity every day, much of security testing still depends on replaying historical data or running fixed simulations that fail to capture how real attackers actually behave.

Recent research on Generative AI for Network Attack Simulation takes a different approach to this challenge. Instead of relying on predefined attack patterns or scripted tools, the work explores how generative models can be used to simulate realistic, evolving network attacks. By applying Generative Adversarial Networks (GANs) at the feature level, the research makes it possible to test intrusion detection systems against attack behaviour that more closely mirrors real-world adversaries.

The study evaluates commonly used detection models, including Random Forest and Logistic Regression, across well-known benchmark datasets such as CICIDS2018 and CTU-13. On structured datasets like CICIDS2018, the models performed almost perfectly, achieving near-ideal detection scores. However, performance dropped significantly when the same models were tested on CTU-13, which contains real botnet command-and-control traffic. This contrast highlights a key industry concern: models that appear highly effective on clean or curated data often struggle when exposed to noisy, real-world network conditions.

To address this limitation, the research introduces GAN-based synthetic data augmentation to strengthen underrepresented malicious traffic in the CTU-13 dataset. With this approach, detection performance improved consistently, increasing the F1-score from 0.579 to 0.592 while maintaining stable ROC-AUC values at 0.96. These results show that carefully generated synthetic traffic can help models learn more robust decision boundaries without overfitting or distorting real traffic patterns.

This work was led by Harshith Kumar Pedarla, whose background in designing secure, high-throughput cloud security systems played a direct role in shaping the research. Drawing from hands-on experience with malware detection pipelines, threat intelligence distribution in isolated environments, and machine learning–driven security optimization, he approached attack simulation as an operational necessity rather than a purely academic exercise.

This perspective influenced key design choices, including the emphasis on statistical feature synthesis, classifier stability, and safety-by-design constraints that prevent the generation of executable exploits. Alongside performance improvements, the research places strong emphasis on responsible use. All generated traffic is limited to anonymized statistical features, ensuring that simulations remain non-executable and safe for controlled environments.

This allows organizations to stress-test detection pipelines, train SOC analysts, and evaluate zero-trust architectures without exposing production systems to live threats. The research also builds naturally on Pedarla’s earlier work in cloud threat detection and malware analysis, extending the focus from securing production systems to proactively modelling how adversaries may behave before attacks materialize in real environments.

By moving beyond static replay and toward AI-driven simulation, this work outlines a practical path to more resilient cyber defences. When applied responsibly, Generative AI becomes a defensive instrument, helping security teams prepare for threats that do not yet exist, rather than reacting only to those already understood.