In an era characterized by rapid technological advancements and increasing digital inter-connectivity, the security and safety of networked systems have become paramount concerns for individuals, organizations, and nations alike. This special topic mainly focuses on security and safety in network simulation and evaluation, underscoring its pivotal role in addressing the multifaceted challenges of cyberspace security. This topic delves into the development and application of cutting-edge simulation and evaluation techniques to detect, analyze, and mitigate potential security threats in cyberspace. By simulating various network scenarios and evaluating the effectiveness of security measures, researchers and practitioners can gain valuable insights into the vulnerabilities and resilience of networked systems. Furthermore, this special topic emphasizes the importance of continuous innovation in security and safety evaluation methodologies, ensuring that they remain responsive to the evolving landscape of cyber threats and the growing complexity of networked environments.

This special topic includes 4 papers, covering important research directions in cybersecurity risk assessment, attack detection and analysis, and network simulation. These papers conduct in-depth research on threat detection and assessment, realistic network simulation, and attack behavior modeling, systematically advancing the theoretical models, operational mechanisms, and practical applications in security and safety for network simulation and evaluation. The detail information is provided as follows:

The paper “RiskTree: Decision trees for asset and process risk assessment quantification in big data platforms [1]” proposes an innovative risk quantification methodology specifically designed for big data platforms. The authors develop a comprehensive framework that combines automated detection of platform configurations, traffic patterns, and vulnerabilities with a customized questionnaire system for asset and process data collection. A key contribution is the integration of knowledge graph technology to structurally analyze collected data, coupled with a random forest algorithm to dynamically compute risk index weights, values, and severity levels. Experimental validation on an educational big data platform confirms that the proposed RiskTree system provides objective risk measurement and superior capability in identifying vulnerabilities compared to conventional methods. The research significantly advances risk management practices for big data infrastructures, offering organizations a powerful tool for proactive security decision-making in data-intensive environments.

The paper “Uncovering multi-step attacks with threat knowledge graph reasoning [2]” presents an innovative framework for detecting sophisticated cyber threats through semantic analysis of interconnected security knowledge bases. The authors construct a Threat Knowledge Graph (TKG) integrating diverse cybersecurity databases including Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK), Common Attack Pattern Enumeration and Classification (CAPEC), Common Weakness Enumeration (CWE), Common Vulnerabilities and Exposures (CVE), and Common Platform Enumeration (CPE), enabling cross-domain analysis of threat relationships. They employ large language models to generate multi-step ATT&CK attack templates, substantially improving the detection of Advanced Persistent Threat (APT) behaviors. Experimental results demonstrate the system’s superior capability in uncovering latent threat relationships and predicting potential attack pathways. The paper provides a powerful tool for proactive defense against evolving APT campaigns, representing a meaningful advancement in cyber threat anticipation.

The paper “K8s-enhanced lightweight simulation method for the Tor network [3]” presents a K8s-enhanced lightweight simulation method for the Tor network, addressing the challenges of conducting de-anonymization attack experiments in a real Tor environment. By leveraging Docker containers and Kubernetes cluster technology, the proposed method achieves a scalable and flexible simulation, capable of emulating up to a thousand Tor relays on just four standard hosts. The simulation environment demonstrates high realism, enabling two de-anonymization attack experiments. Furthermore, the paper explores a hybrid networking approach using multi-granularity relays to optimize the balance between realism and cost, providing a valuable platform for analyzing and mitigating de-anonymization attacks on the Tor network.

The paper “Threat ripple model: A model to characterize business-oriented attacks based on business dependencies [4]” introduces the Threat Ripple Model, which characterizes business-oriented attacks based on business dependencies, departing from traditional infrastructure-focused attack descriptions. Unlike the Cyber Kill Chain model that centers on malicious code execution, this paper considers how adversaries can exploit business interdependencies to disrupt operations. By targeting various support platforms in a business dependency sequence, attackers can paralyze target businesses through threat transmission, a pattern not captured by conventional threat models. The authors construct an integrated architecture and threat model that reflects the ripple effect of threats across interdependent businesses, enabling the assessment of threat events and inference of their effects, as demonstrated through real attack event characterization and financial scenario modeling.

There are yet some open directions and challenges in this field, e.g., integrating AI-based network attack detection within cybersecurity, tackling security issues in big data, cloud computing, and 5G networks, and improving the security of complex network and system simulations. The future research directions include but are not limited to developing advanced methodologies for real-time attack detection and analysis, exploring the security implications of network virtualization, and ensuring the robustness and reliability of network simulation applications in diverse operational environments.

Through this special topic on “Security and Safety in Network Simulation and Evaluation”, we aim to facilitate the exchange of cutting-edge research findings, practical experiences, and innovative solutions in the realm of network security simulation and evaluation. We hope this platform will inspire further exploration and advancements in safeguarding networked systems from evolving cyber threats. Finally, we extend our heartfelt gratitude to all the authors, editors, and referees for their invaluable contributions and unwavering support in making this special topic a success.

References

© The Author(s) 2025. Published by EDP Sciences and China Science Publishing & Media Ltd.