INTERACTIVE CYBERSECURITY SIMULATION PLATFORM WITH REAL-TIME INTRUSION DETECTION SYSTEM

INTERACTIVE CYBERSECURITY SIMULATION PLATFORM WITH REAL-TIME INTRUSION DETECTION SYSTEM

Dept. of CSE,

Jayaraj Annapackiam CSI College of Engineering,

Nazareth, India sivanzt78@gmail.com

Dept. of CSE,

Jayaraj Annapackiam, CSI College of Engineering,

Nazareth, India derikson001@gmail.com

Abstract – This paper presents a comprehensive network security simulation platform designed to bridge the gap between theoretical cybersecurity knowledge and practical application. The system integrates a React/Vite frontend with a FastAPI backend and MongoDB database, enabling users to simulate Denial-of-Service (DoS), Port Scanning, Brute Force, and Man-in-the-Middle (MITM) attacks in a controlled educational environment. A machine learning- based Intrusion Detection System (IDS) analyzes simulated network traffic in real-time, achieving 94.6% detection accuracy. The platform supports JWT-based authentication, role-based access control, and real-time visualization through interactive dashboards. Comparative evaluation against established tools Mininet and NS3 demonstrates superior usability, response time (1.2 s average), and integrated detection capability.

1. INTRODUCTION

   1. Overview

      This project is a complete network security simulation platform designed to help users understand, visualize, and analyze different types of cyberattacks and their detection methods in an educational and controlled environment. The platform integrates a React and Vite- based frontend with a FastAPI backend and MongoDB database, forming a full-stack application focused on cybersecurity awareness and training.

      Users may register, log in, and access various modules through an intuitive interface that provides access to dashboards, simulations, and scenario-building tools. The system enables users to engage with realistic simulations such as Denial-of-Service attacks, Port Scanning, Brute Force attempts, and Man-in-the-Middle attacks.

      The backend handles authentication, data storage, and simulation control. It uses JWT-based token authentication and password hashing to maintain user security. MongoDB serves as the database for storing user details, scenarios, and simulation results. The simulation engine leverages libraries such as Scapy and HTTPX for real-time execution of simulated attacks. Additionally, the system includes intrusion detection functionality supported by machine learning models.

   2. Purpose

      The overarching purpose of this project is to develop an interactive cybersecurity simulation framework that serves as a comprehensive educational platform,

      enabling students and security enthusiasts to bridge the gap between theoretical knowledge and practical application. This is achieved by creating a safe, controlled, and visually engaging sandbox environment where users can actively simulate a range of common network-based attacks.

      The project aims to demystify the mechanics of these threats by providing real-time visualizations of their execution and impact, while simultaneously illustrating defensive strategies through an integrated, machine learning-based IDS that analyzes simulated traffic to identify and flag malicious behavior.

   3. Objectives

      The main objectives of this project are to:

      • Develop an interactive learning platform for understanding network attack methods and detection techniques through realistic simulations.

      • Provide a safe environment for practical experimentation, focusing on authentication, data storage, and simulation processes.

      • Emphasize backend efficiency, secure data handling, and educational visualization.

      • Make cybersecurity concepts more understandable and engaging through interactive hands-on tools.

2. RELATED WORK

   This section surveys existing literature on cyberattack simulation, intrusion detection, and educational cybersecurity platforms that inform the design of the proposed system.

   1. Cyberattack Simulation in Industrial and Educational Environments

      Stanculescu et al. [1] demonstrate that industrial power plants face cyber threats that can disrupt control loops and critical operations, noting that existing monitoring systems often fail to detect subtle, staged intrusions. Similarly, Scherb et al. [2] propose a dedicated cyber attack simulation framework for teaching cybersecurity, underscoring the need for simulation-based analysis to understand attack behavior and evaluate mitigation strategies.

   2. Modeling Cyberattack Behavior and Propagation

      Serru et al. [3] propose frameworks for modeling cyberattack propagation and their impact on cyber- physical system safety. Oh et al. [4] employ deep reinforcement learning to enhance cybersecurity through attack simulation, highlighting the growing role of AI in offensive security research. These contributions inform the machine learning component of the proposed IDS module.

   3. Design and Implementation of Cyberattack Simulators

      Kara et al. [5] describe the design and implementation of a DEVS-based cyber-attack simulator, while Mtukushe et al. [6] provide a comprehensive review of cyberattack implementation, detection, and mitigation methods. These works directly influence the simulation engine architecture of the proposed platform, particularly for attack propagation modeling and risk assessment in cyber-physical environments.

   4. Simulation Approaches for Cybersecurity Research

      Kavak et al. [9] provide a state-of-the-art review of simulation for cybersecurity, noting that cybersecurity simulation platforms vary widely in realism, scalability, and validation methods. Willing et al. [8] study human behavioral responses during hospital cyberattacks, emphasizing that technical recovery plans must also account for behavioral factors. These insights inform the platform's user-centered design approach.

   5. Existing Systems

      The existing system is designed as an educational network security simulator comprising three major functional layers: the user interaction layer (React frontend), the backend service layer (FastAPI), and the database layer (MongoDB). The user interaction layer allows users to sign up, log in, and interact with different simulation pages. The backend processes user requests, executes simulation logic, and manages real-time execution of port scanning, DoS, brute force, and MITM attack models.

   6. Proposed System

   The proposed model is a comprehensive full-stack network security simulation and analysis system combining educational learning with practical experimentation. The frontend is developed using React and Vite, providing a fast, responsive user experience. The backend, built with FastAPI, integrates JWT-based authentication, bcrypt password hashing, and a simulation engine using Scapy and HTTPX. MongoDB stores user credentials, attack results, and scenario configurations.

3. THEORETICAL BACKGROUND

   1. System Architecture Overview

      The Interactive Cybersecurity Simulation Framework enables students and researchers to access a React-based frontend for authentication and scenario building. The frontend communicates via JWT tokens with a FastAPI backend handling routing and security services. The

      backend orchestrates a Python simulation engine executing attacks such as port scanning, DoS, and brute force using Scapy and HTTPX. All simulation data and results are stored in MongoDB collections. The system generates detailed charts, status logs, and security recommendations, completing a full cycle of hands-on cybersecurity training through realistic attack simulations and analysis.

      Fig. 1. Flow diagram of the proposed approach:

   2. System Requirements

   The hardware requirements for this project are moderate, as the system is web-based and can run on standard machines. For optimal performance, especially during machine learning inference and concurrent simulations, the following configuration is recommended: Intel Core i5 or higher processor; NVIDIA GPU with CUDA support (e.g., T4); minimum 8 GB RAM; minimum 512 GB SSD storage.

   Software requirements include: Windows 11 (OS); VS Code and PyCharm (IDE); Python and JavaScript (programming languages); TensorFlow and PyTorch (deep learning frameworks); MongoDB (database); bcrypt, JWT, and Scapy (security libraries); React, Vite, Axios, Chart.js, FastAPI, pymongo, httpx, and Pydantic (application libraries).

4. METHODOLOGY

   1. System Architecture

      This cybersecurity simulation platform employs a structured three-layer architecture built for educational effectiveness and technical robustness. The frontend layer utilizes React with Vite to deliver a responsive and intuitive user interface, featuring key modules including the Dashboard, Scenario Builder, and Attack Lab. This presentation layer communicates via RESTful APIs with the FastAPI backend, which provides high-performance asynchronous processing.

      The backend layer forms the core computational engine, integrating JWT-based authentication for secure access control and a simulation engine leveraging Scapy and HTTPX to execute diverse cyberattacks. Complementing this is a machine learning-powered IDS that analyzes simulated traffic in real-time to identify malicious patterns. All system data flows to the MongoDB database layer, which persistently stores user credentials, network scenario configurations, and comprehensive attack results.

      Fig. 2. System architecture:

   2. Modules

      The cybersecurity framework is organized into six principal modules. Table I summarizes each module, its inputs, and its outputs.

      Table I. Module Process Summary

      Module	Description	Input	Output
      Authentication Module	Manages user login and registration using JWT	User credentials	Token response
      Simulation Module	Handles attack simulations like DoS, Port Scan,	Simulation parameters	Network metrics
      Scenario Management	Allows users to create and Store network	Scenario data	Saved configurat ion
      Intrusion Detection	Detects malicious behavior using ML models	Simulation data	Detection status
      Data Storage Module	Handles insertion and retrieval from MongoDB	Processed data	Stored record
      Visualization Module	Displays results through charts and tables	Attack results	Graphical output

   3. Implementation

   Frontend implementation employs a React-based user interface with responsive dashboard design, authentication components, a Scenario Builder with drag- and-drop workflow creation, and real-time visualization using Chart.js.

   Backend implementation utilizes the FastAPI framework providing RESTful API endpoints, JWT authentication with bcrypt password hashing, a modular router system handling auth/scenarios/attacks/results, and CORS configuration enabling frontend-backend communication.

   Database implementation uses MongoDB collections for users, scenarios, attack data, and results; optimized indexing on frequently queried fields; and connection pooling for efficient operations.

   The simulation engine integrates Scapy for network packet manipulation and analysis; multiple attack modules including port scanning, DoS, brute force, and MITM; HTTPX for web-based security testing; and asynchronous processing enabling concurrent simulation execution.

   Security implementation includes role-based access control differentiating students and instructors, input validation and sanitization on all API endpoints, rate limiting preventing abuse of simulation services, and secure session management with token expiration policies.

5. EXPERIMENTAL RESULTS & DISCUSSION

   1. Experimental Setup

      The experimental setup for the Interactive Cybersecurity Simulation Framework consists of a React/Vite-based frontend, a FastAPI backend, and MongoDB as the persistent data store. The platform allows students, researchers, and cybersecurity learners to understand both offensive and defensive sides of network operations.

   2. Frontend Environment

      The frontend is developed using React 18+ and Vite 4+, with Tailwind CSS 3+ for styling, Radix UI for accessible components, Axios 1.5+ for HTTP communication, React Router DOM 6+ for routing, JWT for session handling, and Recharts/Chart.js for data visualization.

   3. Backend Environment

      The backend uses FastAPI 0.95+ with Python 3.10+, Uvicorn 0.22+ as the ASGI server, Motor for async MongoDB communication, PyJWT and Bcrypt for authentication, Scapy for network packet generation, HTTPX for HTTP-based attack simulation, and TensorFlow/Pickle for machine learning intrusion detection.

   4. Database Environment

      MongoDB is used for persistent storage across three main collections: users (username, password_hash, token), scenarios (scenario_id, user_id, configuration), and attacks (attack_type, timestamp, metrics, detection_result).

   5. Performance Specifications

      The system is designed to handle multiple user requests efficiently while maintaining secure and responsive interaction. Table II summarizes the expected performance parameters.

      Table II. Performance Parameters

      Parameter	Expected Performance
      Average API Response Time	< 300 ms
      Authentication Verification Time	< 100 ms
      Simulation Execution Time	15 seconds (attack type dependent)
      IDS Detection Processing Time	12 seconds
      Data Storage/Read Time	< 150 ms

   6. Interface Results

      Fig. 3 presents the login interface where users input registered credentials, authenticated through FastAPI's JWT mechanism. Fig. 4 shows the main dashboard ('Security Lab'), the central control panel for creating scenarios, accessing simulations, and analyzing results. Fig. 5 illustrates the Scenario Builder, providing drag- and-drop placement of nodes including Victim Host, Attacker Machine, Server, Router, and IoT Device.

      Fig. 6 depicts the Attack Lab interface where users select scenarios, specify attacker/target nodes, choose attack types, and configure parameters such as duration

      Attack Modules	DoS, Port Scan, Brute Force, MITM	Limited (manual config)	Limited (manual)
      Intrusion Detection	p>ML-based autoencoder & classifier	Not integrated	Not integrated
      User Interface	Web-based (React + Tailwind)	CLI only	Script-driven
      Response Time	1.2 sec average	2.5 sec average	2.8 sec average
      Detection Accuracy	94.60%	N/A	N/A
      Database	MongoDB for scenarios & results	Manual logging	Manual output
      Ease of Use	High (educational)	Moderate	Complex
      Visualization	Real-time interactive dashboard	None	Limited

      The proposed system achieves a 94.6% detection accuracy with an average response time of 1.2 seconds, outperforming both Mininet (2.5 s) and NS3 (2.8 s). The integration of an ML-based IDS and a web-based GUI provides substantial advantages in usability and educational value over command-line-driven alternatives.

6. CONCLUSION

and port ranges. Fig. 7 shows the attack status log displaying a chronological list of executed simulations including Port Scan, DDoS, and Malware Delivery events.

1. Attack Simulations

The Port Scan simulation (Fig. 8) visually represents how the attacker machine scans a target IP for open ports. Open ports including SSH, HTTP, and DNS are highlighted, demonstrating how reconnaissance attacks collect network information.

The DoS Attack Simulation (Fig. 9) allows users to launch SYN Flood simulations by adjusting intensity, demonstrating how excessive network traffic can overload a target server.

The Brute Force module (Fig. 10) demonstrates automated password guessing, displaying the discovered password and offering insights into password-based vulnerabilities and the need for stronger authentication practices.

The Man-in-the-Middle simulation (Fig. 11) presents the initial stage of MITM interception, illustrating how an attacker positioned between client and server can compromise secure communication channels.

This project successfully delivers an advanced network security simulation platform designed to enhance cybersecurity learning and practical awareness. Through the integration of realistic attack scenarios, users gain hands-on experience with modern threat techniques. The inclusion of machine learning strengthens the system by enabling intelligent, real-time intrusion detection with 94.6% accuracy.

Multi-user features and role-based access support collaborative learning environments, making the platform suitable for both students and instructors. Enhanced analytics provide valuable insights through predictive modeling and trend analysis. Performance optimization ensures faster and smoother simulations, while strong security hardening measures protect the system from vulnerabilities and support safe experimentation.

Overall, the project achieves a reliable, scalable, and educational solution for understanding and mitigating cyber threats. Phase II will extend the platform with advanced attack modules (SQLi, XSS, and phishing), deeper ML integration, mobile responsiveness, and enterprise- grade security hardening, as detailed in Table IV.

TABLE IV. Phase II Schedule

REFERENCES

1. M. Stnculescu, S. Deleanu, P. C. Andrei, and H. Andrei, "A case study of an industrial power plant under cyberattack: Simulation and analysis," Energies, vol. 14, no. 9, p. 2568, 2021.

2. C. Scherb, L. B. Heitz, F. Grimberg, H. Grieder, and M.Maurer, "A cyber attack simulation for teaching cybersecurity," EPiC Series in Computing, vol. 93, pp.129140, 2023.

3. T. Serru, N. Nguyen, M. Batteux, and A. Rauzy, "Modeling cyberattack propagation and impacts on cyber-physical system safety: An experiment," Electronics, vol. 12, no. 1, p. 77, 2022.

4. S. H. Oh, J. Kim, J. H. Nah, and J. Park, "Employing deep reinforcement learning to cyber-attack simulation for enhancing cybersecurity," Electronics, vol. 13, no. 3, p.555, 2024.

5. S. Kara, S. Hizal, and A. Zengin, "Design and implementation of a DEVS-based cyber-attack simulator for cyber security," Int. J. Simulation Modelling, vol. 21, no. 1, pp. 5364, 2022.

6. N. Mtukushe, A. K. Onaolapo, A. Aluko, and D. G. Dorrell, "Review of cyberattack implementation, detection, and mitigation methods in cyber-physical systems," Energies, vol. 16, no. 13, p. 5206, 2023.

7. K. Gupta, S. Sahoo, B. K. Panigrahi, F. Blaabjerg, and P. Popovski, "On the assessment of cyber risks and attack surfaces in a real-time co-simulation cybersecurity testbed for inverter- based microgrids," Energies, vol. 14, no. 16, p. 4941, 2021.

8. M. Willing et al., "Behavioral responses to a cyber attack in a hospital environment," Scientific Repots, vol. 11, no. 1, p. 19352, 2021.

9. H. Kavak, J. J. Padilla, D. Vernon-Bido, S. Y. Diallo, R.Gore, and

   S. Shetty, "Simulation for cybersecurity: State of the art and future directions," J. Cybersecurity, vol. 7, no. 1, p. tyab005, 2021.

10. Ö. Sen, D. van der Velde, S. N. Peters, and M. Henze, "An approach of replicating multi-staged cyber-attacks and countermeasures in a smart grid co-simulation environment," in IET Conf. Proc. CP785, 2021, pp. 16341638.