Building realistic cybersecurity datasets through a edge cloud testbed with cost-aware monitoring

This paper presents a distributed and autonomous experimental infrastructure designed to support the execution of cybersecurity experiments and the generation of flow and cloud monitoring datasets. The proposed system enables the execution of diverse and reproducible security experiments across geographically separated institutions with distinct physical and logical infrastructures. The infrastructure integrates real applications and networks to emulate both benign and malicious traffic, supporting the generation of flow-based and cloud-level datasets under varied monitoring configurations. Through collaborative deployment at two universities in Brazil, the proposed testbed shows its adaptability and scalability across multiple environments. The experimental results demonstrate that monitoring intervals ranging from 5 to 10 s achieve an effective balance between the detection performance of machine learning models for malicious activities in cloud services and the operational costs associated with network and cloud monitoring, maintaining high classification accuracy across diverse attack types. The generated datasets provide a consistent basis for evaluating monitoring strategies and developing data-driven detection models in cloud-native environments.