Enhancing Network Resilience via a Cognitive AI-Driven Cybersecurity Simulation Framework and Adaptive Threat Modelling

Abstract

Cybercrime continues to escalate as a global security concern, encompassing various malicious activities such as phishing, malware propagation, botnet operations, and Denial of Service (DoS) attacks. Among these threats, DoS attacks are especially disruptive, as they overwhelm targeted servers with excessive traffic, resulting in service unavailability for legitimate users. Conventional defense mechanisms, including firewalls and antivirus solutions, offer limited protection and often fail to effectively mitigate large-scale traffic flooding attacks. To overcome these challenges, this study proposes a proactive DoS attack simulation and mitigation framework based on real-time network traffic monitoring and intelligent filtering. The proposed system integrates a network packet monitoring mechanism with a Big Data processing framework utilizing Hadoop MapReduce to analyze incoming traffic efficiently. Each request is evaluated by comparing its size with the server’s processing capacity. Requests that fall within the defined threshold are forwarded to the server, while unusually large or suspicious requests are classified as potential DoS attempts and discarded before reaching the system, thereby safeguarding server performance. The framework consists of three major components: the Server Module, which continuously listens for authenticated upload and download requests; the Network Monitor Module, which employs MapReduce to process and analyze high-volume packet data in parallel; and the User Simulation Module, which generates both normal and malicious traffic to evaluate system robustness. Experimental results demonstrate that legitimate requests are processed successfully, whereas attack-like traffic is effectively detected and blocked. The use of Hadoop MapReduce ensures scalability and high-performance traffic analysis, while a monitoring dashboard provides visual insights into normal and malicious packet activity. The proposed approach effectively mitigates DoS attacks, prevents server disruption, and ensures service availability for legitimate users.