Design and Execution of Cybersecurity Exercises for Realistic Data Collection
16th December 2024 - 1st May 2025
Principal Investigator: Dr Cagatay Yucel, Bournemouth University
Supporting Partners: NVIDIA Belfast & CSIT Queens University Belfast
Project overview
This secondment was hosted by Cyber AI Hub at Centre for Secure Information Technologies (CSIT) (as an NVIDIA Belfast Secondee) at Queen’s University Belfast, with in-person visits taking place from 16–20 December 2024 and 13–15 January 2025, and ongoing collaboration maintained through weekly virtual meetings until the end of April 2025. The primary objective was to design and support Capture-the-Flag (CTF) and hackathon-style events aimed at generating realistic, high-quality datasets for the digital fingerprinting of cyber-attacks. These datasets are intended to advance research in digital forensics and threat detection on NVIDIA GPUs/DPUs.
During the secondment, I contributed to the planning and delivery of cyber range activities that simulated both adversarial and benign behaviours. I carried out technical validation of the CTF infrastructure, replicated attack scenarios, and supported the execution of live events. I also provided specialist knowledge in cybersecurity event organisation and contributed to the design and implementation of an additional hackathon during the placement.
The collaboration will result in the creation of a curated dataset, which is intended to be released as open-source, and will serve as the basis for an academic publication detailing the methodology and research value of such synthetic data in cybersecurity.
Activities
Participated in two in-person visits to NVIDIA Belfast and CIST at QUB (16–20 December 2024 and 13–15 January 2025), with ongoing engagement via weekly virtual meetings.
Contributed to the design and delivery of Capture-the-Flag (CTF).
Conducted technical testing and validation of CTF systems and supporting server infrastructure.
Replicated a range of cyber-attack scenarios to generate high-fidelity attack data.
Supported the execution of a live cybersecurity exercise during organised events on 15/01/2025 at ECIT labs in QUB.
Provided expert input on the organisation and facilitation of cybersecurity events.
Contributed to the planning of an additional hackathon event beyond the initial scope to collect benign data for ML/DL algorithms.
Engaged with the research group on a weekly basis to support the consistency, authenticity, and research relevance of the collected datasets.
Impact
The secondment focused on advancing cybersecurity experimentation through the design and execution of realistic, data-driven Capture-the-Flag (CTF) and hackathon events. I contributed specialist expertise in cybersecurity event orchestration and threat scenario design, directly supporting the development of high-quality experimental setups and data collection processes.
Through close collaboration with the CSIT & CyberAI research group at QUB on their project with NVIDIA Belfast and the secondment provided exposure to hardware related approaches to cybersecurity experimentation at scale.
During this secondment, I gained information on NVIDIA NIM and other emerging architectures relevant to cybersecurity applications. I also explored the Morpheus threat detection framework to understand its pipeline for analysing fast, high-volume datasets and identifying threats in real time. Additionally, I examined the use of Retrieval-Augmented Generation (RAG) architectures in security workflows for processing and interpreting high-volume data.
The resulting dataset will support detection of reconnaissance and weaponisation behaviours at scale and will enable researchers to accelerate digital fingerprinting capabilities on NVIDIA DPUs/GPUs.
Future work
Dataset Finalisation and Open Release: The collected dataset is currently being refined and documented for open-source release. This resource will be made available to the wider research community for use in areas such as threat detection, network fingerprinting, and machine learning for cybersecurity.
Academic Publication: An academic paper is in preparation, detailing the methodology, event design, and value of the dataset for modelling reconnaissance and weaponisation phases of cyber-attacks.
Outcomes/outputs
Successful design and delivery of a cybersecurity event, including Capture-the-Flag (CTF) and planning/designing of a hackathon exercises – emulating and collecting data for both malicious and benign scenarios.
Carried out technical validation and helped deploy infrastructure to enable reliable event-based data generation for cybersecurity scenarios.
Creation of a curated, high-quality dataset capturing a range of cyber behaviours, intended for open-source release.