The article addresses the issue of data protection in information and communication systems amid the growing volume of traffic and the increasing number of cyber threats, necessitating improvements in the effectiveness of intrusion detection and prevention systems. Various types of Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), their advantages, and disadvantages are considered. The methods of threat detection are analyzed, including signature-based methods, anomaly detection methods, and machine learning-based methods. Special attention is paid to methods of attack detection based on traffic content. The effectiveness of various commercial and open-source solutions, such as Snort and Suricata, is compared in terms of their architecture, performance, and accuracy. The main proposal is to enhance the Suricata system with an additional module called the Intelligent Threat Detector (ITD), which is based on machine learning methods. The ITD module is integrated into the main Suricata module and performs deep traffic analysis and anomaly detection. This approach helps reduce the load on the detection system, improving the processing performance of incoming traffic and ensuring a high level of security. The proposed solution provides a multi-level approach to network protection, where initial filtering is carried out by Suricata, and deep analysis is performed by ITD. The system can intercept network packets for information analysis, building processing functions based on selected data to determine the possibility of intrusion. Additionally, the integration of the ITD module allows the system to adapt to new and unknown threats in real time, as the module continuously learns from new data, ensuring continuous improvement in detection accuracy and response to threats. Placing the system behind the firewall helps reduce the load on the detection system, ensuring efficient use of multiprocessor system resources and reducing false positives.
[1] Adeleke O. (2020). Intrusion detection: issues, problems and solutions. In 3rd International Conference on Infдormation and Computer Technologies (ICICT). IEEE. 2020 pp. 397-402, https://doi.org/10.1109/ICICT50521.2020.00070
[2] Advanced Signature-Based Intrusion Detection System *Asma Shaikh1 and Preeti Gupta21aAmity University Maharashtra, Mumbai Maharashtra India, Marathwada MitraMandal College of Engineering, Pune , January 2023, https://doi.org/ 10.1007/978-981-19-1844-5_24
[3] Fosić, I., Žagar, D., Grgić, K. & Križanović, V. 2023. Anomaly detection inNetFlow network traffic using supervised machine learning algorithms. Journal ofIndustrial Information Integration, 33, art.number:100466. https://doi.org/10.1016/j.jii.2023.100466.
[4] Indraneel Mukhopadhyay, Mohuya Chakraborty, Satyajit Chakrabarti, «A Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems», Journal of Information Security, 2011, 2, 28-38, https://doi.org/10.4236/jis.2011.21003
[5] M. Al-Qurishi, M. Alrubaian, S. M. M. Rahman, A. Alamri and M. M. Hassan, "A prediction system of sybil attack in social network using deep-regression model", Future Gener. Comput. Syst., vol. 87, pp. 743-753, Oct. 2018.
[6] Tianyu Gao, Jin Yang, Wenjun Peng, Luyu Jiang, Yihao Sun ,Fangchuan Li “A Content-Based Method for Sybil Detection in Online Social Networks via Deep Learning”, IEEE Access (Volume: 8), Pages: 38753 – 38766, February 24, 2020, https://doi.org/10.1109/ACCESS.2020.2975877
[8] SNORT Users Manual [Електронний ресурс] – Режим доступу до ресурсу:http://manual-snort-org.s3-website-us-east-1.amazonaws.com/
[9] https://docs.suricata.io/en/latest/what-is-suricata.html
[10]Т. Коробейнікова, О. Цар, Аналіз сучасних відкритих систем виявлення та запобігання вторгнень, Міжнародний науковий журнал «Грааль науки», №27, с. 317-325, 2023, https://doi.org/10.36074/grail-of-science.12.05.2023.050
[11]Yu-Xin Ding, Min Xiao, Ai-Wu Liu, Research and implementation on snort-based hybrid intrusion detection system, IEEE publiser, ISBN: 978-1-4244-3702-3, 2009.
[12]Abhishek Mitra, Walid Najjar, Laxmi Bhuyan, Compiling PCRE to FPGA for accelerating SNORT IDS, ANCS '07 Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, Pages 127-136, 2007.
[13]Vasiliadis G., Antonatos S., Polychronakis M., Markatos E. P., Ioannidis S. Gnort: High Perfomance Network Intrusion Detection Using Graphics Processors, Heraklion, Crete, Greece, 2008.