Abstract
Simulated replays of cyberattacks can ensure the effectiveness of defensive measures taken against the cyberattacks. However, there are no reliable automated techniques to recreate or replay a cyberattack. This disclosure describes techniques to synthetically generate network traffic to recreate, replay, or simulate a cyberattack or other malicious actions on the network. The techniques enable a network administrator to textually describe a malicious scenario, which can be fictitious or can be based on real cyberattacks that occurred in the recent past. A large language model (LLM) is leveraged to generate synthetic traffic that matches the textually described scenario to test and evaluate the robustness of the network. Information relating to the cyberattack can be obtained from incident reports, raw incident logs, network configuration data, user descriptions, etc. Synthetic traffic is grounded in network configuration data, such that it represents feasible and realistic cyberattacks.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Rajagopal, Achuth Narayan and Mohan, Naveena, "Simulating Network Security Incidents Using Large Language Models", Technical Disclosure Commons, (August 20, 2025)
https://www.tdcommons.org/dpubs_series/8495