NetSecBed: A Container-Native Testbed for Reproducible Cybersecurity Experimentation

TL;DR

NetSecBed is a container-based testbed enabling reproducible, controlled cybersecurity experiments across multi-protocol environments, supporting continuous dataset generation and traceability.

Contribution

It introduces a novel, extensible framework that automates and standardizes cybersecurity experiments, improving reproducibility and reducing operational bias.

Findings

Supports 60 attack scenarios and 9 target services.

Automates data collection, feature extraction, and dataset consolidation.

Enhances reproducibility and traceability in cybersecurity research.

Abstract

Cybersecurity research increasingly depends on reproducible evidence, such as traffic traces, logs, and labeled datasets, yet most public datasets remain static and offer limited support for controlled re-execution and traceability, especially in heterogeneous multi-protocol environments. This paper presents NetSecBed, a container-native, scenario-oriented testbed for reproducible generation of network traffic evidence and execution artifacts under controlled conditions, particularly suitable for IoT, IIoT, and pervasive multi-protocol environments. The framework integrates 60 attack scenarios, 9 target services, and benign traffic generators as single-purpose containers, enabling plug-and-play extensibility and traceability through declarative specifications. Its pipeline automates parametrized execution, packet capture, log collection, service probing, feature extraction, and dataset consolidation. The main contribution is a repeatable, auditable, and extensible framework for cybersecurity experimentation that reduces operational bias and supports continuous dataset generation.