Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter


Automated Testbeds for the Evaluation of Intrusion Detection Capabilities

Critical infrastructures have become main targets in geopolitical cyberwarfare as intrusions and other attacks against them are carried out by state actors and criminals almost every day. Effective defense mechanisms are thus crucial, however, their capabilities to detect cyber-attacks strongly depend on the quality of available Indicators-of-Compromise (IoC) as well as detector configurations. Unfortunately, vendors generally design intrusion detection systems towards protection of enterprise IT rather than system environments of critical infrastructures that commonly involve specialized hardware and a significant share of Operational Technology (OT). This causes that the risks of facing undetected attacks on critical infrastructures with large-scale adverse impacts to the population, as well as costly false alarms, remains high.


Consequently, Austrian authorities are currently preparing a national early-warning system for operators of essential services, however, solutions that enable measurement and assessment of detection capabilities of deployed mechanisms, including their respective Indicators-of-Compromise and configurations, for an evidence-based validation, selection, and configuration thereof, are still missing.

TestCat therefore aims to generate flexible test environments that allow objective and replicable evaluations of intrusion detection systems.

Other than existing testbeds that are designed for single-use and quickly become outdated due to their rigid design, TestCat leverages model-driven techniques to automatically produce a large number of diverse test environments that collectively cover a wide area of different application domains. Thereby, TestCat’s testbed generation procedures ensure

  • high flexibility to enable perpetual adaptation for continuously changing system landscapes and attack techniques,
  • sophisticated simulation of user behavior,
  • selection of relevant attack vectors, and
  • an integration interface for OT components.

Ongoing legal advisory for all developments throughout the project runtime ensures that solutions comply with statutory requirements and enables smooth transition to productive operation in real-world applications. SBA investigates how Internet measurements serve this purpose.

Official Project Lead: AIT