The organization of security in distributed information and communication systems is often complicated by their scale, topological complexity, and the need to monitor large volumes of traffic. Classical perimeter-based placement of intrusion detection systems can be ineffective under resource constraints. This paper develops a model for the optimal placement of intrusion detection system (IDS) network sensors, functioning as software or hardware agents.The modeling was conducted using metaheuristic optimization algorithms: Tabu Search, Differential Evolution, and Simulated Annealing, which are capable of efficiently performing a global search for solutions and avoiding local extrema traps without the need to calculate the derivatives of the objective function.The research methodology is based on the transition from an isolated evaluation of network nodes to a comprehensive analysis of topological connections. The logical network scheme is modeled as a mathematical graph with 50 nodes, where the edges represent data transmission channels. In the first stage, as a baseline reference model for the initial tuning of the algorithms, it is proposed to evaluate priority using a comprehensive metric of "integral importance," which combines the level of node vulnerability and the criticality of data loss. The study proved that the use of such simplified additive models, which focus exclusively on a local metric without proper consideration of existing network connections, is insufficient for building real-world network security systems. To address this problem, in the second stage of the research, a topological coverage model was applied, which takes into account the graph's adjacency matrix and minimizes the overlap of sensor visibility zones. Optimization based on this topological criterion allowed monitoring coverage of 90.85% of the nodes of the entire investigated network, utilizing a sensor limit of 10% of the total number of nodes.An analysis of the obtained results showed that the Tabu Search algorithm demonstrates the highest efficiency and convergence speed for solving this problem. The practical value of the modeling lies in the creation of automated tools for designing security architecture, allowing for a departure from traditional perimeter defense and enabling the efficient analysis of internal traffic in dynamic infrastructures.
[1]. Beshley, M., Romanchuk, V., Seliuchenko, M. and Masiuk, A. (2015), “Investigation the modified priority queuing method based on virtualized network test bed”, The Experience of Designing and Application of CAD Systems in Microelectronics, Lviv, Ukraine, pp. 1-4. doi: 10.1109/CADSM.2015.7230779
[2]. Beshley, H., Bodnar, S.M., Seliuchenko, M., Beshley, M. and Klymash, M. (2024), “Development of a platform for researching automatic container scaling and load balancing in distributed systems”, Information and communication technologies, electronic engineering, vol. 4, no. 2, pp. 38-48. doi: 10.23939/ictee2024.02.038
[3]. Holdii, A., Shpur, O. and Masiuk, A. (2024), “Development of a cyber threat detection and countermeasure system model with support and updating of attack detection rules”, Information and communication technologies, electronic engineering, vol. 4, no. 2, pp. 60-71. doi: 10.23939/ictee2024.02.060
[4]. Bou Nassif, A., Abu Talib, M., Nasir, Q. and Mohamad Dakalbab, F. (2021), “Machine learning for anomaly detection: a systematic review”, IEEE Access, vol. 9. doi: 10.1109/ACCESS.2021.3083060
[5]. Wang, B., H., Y., Shui, Z., Xin, Q. and Lei, H. (2024), “Predictive optimization of DDoS attack mitigation in distributed systems using machine learning”, Applied and Computational Engineering, vol. 64. doi: 10.54254/2755-2721/64/20241350
[6]. Hassan, I.H., Mohammed, A. and Masama, M.A. (2023), “Metaheuristic algorithms in network intrusion detection”, Comprehensive Metaheuristics, Elsevier, pp. 1-36. doi: 10.1016/B978-0-323-91781-0.00006-5
[7]. Price, K., Storn, R. and Lampinen, J. (2005), Differential Evolution: A Practical Approach to Global Optimization, Springer. doi: 10.1007/3-540-31306-0
[8]. Kirkpatrick, S., Gelatt, C.D. and Vecchi, M.P. (1983), “Optimization by simulated annealing”, Science, vol. 220, no. 4598, pp. 671-680. doi: 10.1126/science.220.4598.671
[9]. Talbi, E.-G. (2009), Metaheuristics: From Design to Implementation, John Wiley & Sons. doi: 10.1002/9780470496916
[10]. Fang, S. and Zhang, X. (2016), “A hybrid algorithm of particle swarm optimization and tabu search for distribution network reconfiguration”, Mathematical Problems in Engineering, vol. 2016, Article ID 7410293. doi: 10.1155/2016/7410293
[11]. Pandey, V.K., Prakash, S., Gupta, T.K. et al. (2025), “Enhancing intrusion detection in wireless sensor networks using a Tabu search based optimized random forest”, Scientific Reports, vol. 15, no. 18634. doi: 10.1038/s41598-025-03498-3
[12]. Hooi, B., Eswaran, D., Song, H.A., Pandey, A., Jereminov, M., Pileggi, L. and Faloutsos, C. (2018), “GridWatch: Sensor placement and anomaly detection in the electrical grid”, Machine Learning and Knowledge Discovery in Databases. ECML PKDD 2018, Springer, Cham, pp. 71-86. doi: 10.1007/978-3-030-10925-7_5