Simulating Web User Behavior Using LLM-Driven Browser Automation for Realistic IDS Dataset Generation

Anna Erdi

Simulating Web User Behavior Using LLM-Driven Browser Automation for Realistic IDS Dataset Generation

Anna Erdi

Publikation: Abschlussarbeit › Masterarbeit

Abstract

Intrusion Detection Systems (IDS) require high-fidelity data reflecting realistic user behavior for effective training and evaluation. Traditional simulation frameworks often rely on static, rule-based models that fail to capture the variability and nuance of human activity. This thesis presents a novel approach to user behavior simulation using Large Language Models (LLMs), specifically GPT-4.1, to dynamically generate browser-based actions within a cybersecurity testbed. A command-line interface (CLI) tool was developed to translate nat-
ural language prompts into structured YAML playbooks, which are executed via a custom Playwright-based Browser Executor in the AttackMate framework. The simulation focused on a Central Alarm System (CAS) operator using ZoneMinder. A Turing-test-inspired qualitative evaluation was conducted with cybersecurity experts to assess the realism of LLM-generated behaviors compared to human-generated ones. Results indicate that LLMs can produce convincingly human-like interactions, demonstrating their potential to enhance IDS dataset generation with greater realism and lower manual effort.

Originalsprache	Englisch
Qualifikation	Master of Science
Gradverleihende Hochschule	University of Applied Sciences Campus Vienna
Betreuer/-in / Berater/-in	Göschka, Karl M., Betreuer:in, Externe Person Skopik, Florian, Betreuer:in
Datum der Bewilligung	31 Mai 2026
Publikationsstatus	Veröffentlicht - Mai 2025

Research Field

Cyber Security

Zugriff auf Dokument

Diese Publikation zitieren

@mastersthesis{ff329a371a0a484782e1d5e1d743b756,

title = "Simulating Web User Behavior Using LLM-Driven Browser Automation for Realistic IDS Dataset Generation",

abstract = "Intrusion Detection Systems (IDS) require high-fidelity data reflecting realistic user behavior for effective training and evaluation. Traditional simulation frameworks often rely on static, rule-based models that fail to capture the variability and nuance of human activity. This thesis presents a novel approach to user behavior simulation using Large Language Models (LLMs), specifically GPT-4.1, to dynamically generate browser-based actions within a cybersecurity testbed. A command-line interface (CLI) tool was developed to translate nat- ural language prompts into structured YAML playbooks, which are executed via a custom Playwright-based Browser Executor in the AttackMate framework. The simulation focused on a Central Alarm System (CAS) operator using ZoneMinder. A Turing-test-inspired qualitative evaluation was conducted with cybersecurity experts to assess the realism of LLM-generated behaviors compared to human-generated ones. Results indicate that LLMs can produce convincingly human-like interactions, demonstrating their potential to enhance IDS dataset generation with greater realism and lower manual effort.",

author = "Anna Erdi",

year = "2025",

month = may,

language = "English",

school = "FH Campus Wien – University of Applied Sciences",

}

TY - THES

T1 - Simulating Web User Behavior Using LLM-Driven Browser Automation for Realistic IDS Dataset Generation

AU - Erdi, Anna

PY - 2025/5

Y1 - 2025/5

N2 - Intrusion Detection Systems (IDS) require high-fidelity data reflecting realistic user behavior for effective training and evaluation. Traditional simulation frameworks often rely on static, rule-based models that fail to capture the variability and nuance of human activity. This thesis presents a novel approach to user behavior simulation using Large Language Models (LLMs), specifically GPT-4.1, to dynamically generate browser-based actions within a cybersecurity testbed. A command-line interface (CLI) tool was developed to translate nat- ural language prompts into structured YAML playbooks, which are executed via a custom Playwright-based Browser Executor in the AttackMate framework. The simulation focused on a Central Alarm System (CAS) operator using ZoneMinder. A Turing-test-inspired qualitative evaluation was conducted with cybersecurity experts to assess the realism of LLM-generated behaviors compared to human-generated ones. Results indicate that LLMs can produce convincingly human-like interactions, demonstrating their potential to enhance IDS dataset generation with greater realism and lower manual effort.

AB - Intrusion Detection Systems (IDS) require high-fidelity data reflecting realistic user behavior for effective training and evaluation. Traditional simulation frameworks often rely on static, rule-based models that fail to capture the variability and nuance of human activity. This thesis presents a novel approach to user behavior simulation using Large Language Models (LLMs), specifically GPT-4.1, to dynamically generate browser-based actions within a cybersecurity testbed. A command-line interface (CLI) tool was developed to translate nat- ural language prompts into structured YAML playbooks, which are executed via a custom Playwright-based Browser Executor in the AttackMate framework. The simulation focused on a Central Alarm System (CAS) operator using ZoneMinder. A Turing-test-inspired qualitative evaluation was conducted with cybersecurity experts to assess the realism of LLM-generated behaviors compared to human-generated ones. Results indicate that LLMs can produce convincingly human-like interactions, demonstrating their potential to enhance IDS dataset generation with greater realism and lower manual effort.

M3 - Master's Thesis

ER -

Simulating Web User Behavior Using LLM-Driven Browser Automation for Realistic IDS Dataset Generation

Abstract

Research Field

Zugriff auf Dokument

Fingerprint

Diese Publikation zitieren