Table 4 Events with time logs.
Timestamp | Event | Source IP | Target IP | Description | Response |
|---|---|---|---|---|---|
00:00:00 | Simulation Start | - | - | Initiation of the network simulation. | Logging begins. |
00:02:15 | Reconnaissance Initiated | 192.168.1.100 | 10.0.0.1 | External scanning of the network’s firewall and open ports. | IDS detects scanning activity and alerts the security team. |
00:04:30 | VPN Server Targeting | 192.168.1.100 | 10.0.0.5 | Attempt to breach the VPN server. | The firewall blocks unauthorized access attempts. |
00:07:45 | VPN Breach Successful | 192.168.1.100 | 10.0.0.5 | The VPN server has been compromised, and access has been gained to the internal network. | AI-driven AD flags suspicious activity. |
00:10:00 | Lateral Movement to Corporate Finance Subnet | 10.0.0.5 | 10.1.1.20 | The attacker moves laterally within the network towards the target subnet. | Network segmentation isolates suspicious traffic. |
00:12:30 | Backdoor Established in Corporate Finance Subnet | 10.0.0.5 | 10.1.1.20 | The backdoor was successfully installed on a server within the subnet. | IPS attempts to neutralize the threat. |
00:15:00 | Data Extraction Initiated in Wealth Management Subnet | 10.1.1.20 | 10.2.2.15 | Attempt to extract sensitive data from the target server. | AES-GCM encryption secures the data, preventing exfiltration. |
00:17:00 | Escalation Attempt Detected | 10.1.1.20 | 10.1.1.20 | Unauthorized privilege escalation attempts on a compromised server. | IDS blocks escalation attempts, and the user account is locked. |
00:19:30 | Attack Mitigation | 192.168.1.100 | 10.0.0.1 | Activation of dynamic network defenses against ongoing threats. | AI-E-IPS isolates affected subnets. |
00:25:00 | Post-Attack Monitoring | - | - | Monitoring of residual activities following the attacks. | Continuous logging and analysis of network traffic. |
00:30:00 | Simulation End | - | - | Completion of the simulation run. | Comprehensive review and analysis of logged events. |
