Enhancing Cyber-Range Realism Through AI-Driven Traffic Generation and User Emulation
Keywords:
Cyber Range; CTGAN; GAN; Network Traffic Synthesis; User Emulation; Hidden Markov Model; MITRE ATT&CK; Reinforcement Learning; Intrusion Detection; Cybersecurity TrainingAbstract
Cyber ranges are controlled environments used to simulate real-world cyber-attack and defence scenarios.
However, many cyber ranges suffer from limited realism due to the lack of authentic network traffic and realistic user
behaviour patterns, which diminishes their value for training and evaluation. This paper presents AI-CyberRange (AICR),
a comprehensive AI-driven platform that integrates a Conditional Tabular GAN (CTGAN) for synthetic multi-protocol
traffic generation, Hidden Markov Model (HMM)-based user behaviour emulation, and a MITRE ATT&CK-aligned
reinforcement-learning adversary simulation within a containerised microservices architecture. Experimental evaluation
confirms that AI-generated traffic achieves a Traffic Realism Score of 91.3% (KL-Divergence analysis), User Behaviour
Fidelity of 89.6% (Behavioural Similarity Index), and IDS Detection Accuracy of 94.7% with a false positive
rate of only 3.2% when evaluated against real enterprise network conditions. Training effectiveness improvements of
42% reduction in Mean Time to Detect and 35% improvement in Mean Time to Respond over static-traffic ranges are
also demonstrated. The containerised architecture successfully supports 100 simultaneous emulated users and 500
concurrent network connections on commodity hardware.
Downloads
Published
Issue
Section
License
Copyright (c) 2026 Authors

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.











