OVERVIEW OF IDS CAPABILITIES FOR NETWORK TRAFFIC ANALYSIS
DOI:
https://doi.org/10.18372/2310-5461.67.20036Keywords:
iIntrusion detection system, Ids, NIDS, HIDS, cybersecurity, network traffic analysis, threat detection, security monitoringAbstract
Intrusion Detection Systems (IDS) play a key role in modern cybersecurity by detecting and preventing unauthorized access and malicious activities within computer networks. IDS solutions operate at both the network level (NIDS) and the host level (HIDS), analyzing network traffic, event logs, and system behavior to identify potential threats.
This study examines existing IDS technologies, including signature-based, anomaly-based, and hybrid approaches to threat detection. A comparative analysis was conducted on widely used IDS solutions such as Zeek, Snort, Suricata, Security Onion, Wazuh, Cisco Secure IDS, and IBM QRadar.The research underscores the effectiveness of different IDS models in detecting cyber threats while addressing challenges, such as false positives, scalability, and adaptation to emerging attack patterns. It also discusses the importance of integrating IDS with other security measures to enhance threat detection and incident response capabilities.
References
Smys S., Basar A., Wang H. Hybrid intrusion detection system for Internet of Things (IoT). Journal of ISMAC. 2020. Vol. 2, No. 4. P. 190–199. (дата звернення: 09.09.2025).
Kasongo S. M., Sun Y. A deep learning method with wrapper based feature extraction for wireless intrusion detection system. Computers & Security. 2020. Vol. 92. Article ID 101752. https://doi.org/10.1016/j.cose.2020.101752
Alazzam H., Sharieh A., Kannan A. A feature selection algorithm for intrusion detection system based on Pigeon Inspired Optimizer. Expert Systems with Applications. 2020. Vol. 148. Article ID 113249. https://doi.org/10.1016/j.eswa.2020.113249
Ferrag M. A., Maglaras L., Ahmim A., Derdour M., Janicke H. RDTIDS: Rules and Decision Tree-Based Intrusion Detection System for Internet-of-Things Networks. Future Internet. 2020. Vol. 12, No. 3. P. 44. https://doi.org/10.3390/fi12030044
Kumar V., Sinha D., Das A. K., et al. An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset. Cluster Computing. 2020. Vol. 23. P. 1397–1418. https://doi.org/10.1007/s10586-019-03008-x
Jin S., Chung J.-G., Xu Y. Signature-Based Intrusion Detection System (IDS) for In-Vehicle CAN Bus Network. 2021 IEEE International Symposium on Circuits and Systems (ISCAS). 2021. P. 1–5. https://doi.org/10.1109/ISCAS51556.2021.9401087
Cahyo A. N., Sari A. K., Riasetiawan M. Comparison of Hybrid Intrusion Detection System. 2020 12th International Conference on Information Technology and Electrical Engineering (ICITEE). 2020. P. 92–97. https://doi.org/10.1109/ICITEE49829.2020.9271727
Gajjar H., Malek Z. A Survey of Intrusion Detection System (IDS) using Openstack Private Cloud. 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4). 2020. P. 162–168. https://doi.org/10.1109/WorldS450073.2020.9210313
Goyal D., Balamurugan S., Peng S.-L., Verma O. P. Soft Computing-Based Intrusion Detection System With Reduced False Positive Rate. Journal of Intelligent & Fuzzy Systems. 2020. Vol. 39, No. 5. P. 6229–6241. https://doi.org/10.3233/JIFS-189254
Ouiazzane S., Barramou F., Addou M. Towards a Multi-Agent based Network Intrusion Detection System for a Fleet of Drones. International Journal of Advanced Computer Science and Applications (IJACSA). 2020. Vol. 11, No. 10. P. 390–398. http://dx.doi.org/10.14569/IJACSA.2020.0111044
Al S., Dener M. STL-HDL: A new hybrid network intrusion detection system for imbalanced dataset on big data environment. Computers & Security. 2021. Vol. 103. Article ID 102435. https://doi.org/10.1016/j.cose.2021.102435
Черник О. А. Системи виявлення вторгнень // Матеріали міжнародної науково-технічної конференції «Інформаційні моделі, системи та технології» (IMSTT-2023). Тернопіль: ТНТУ, 2023. С. 126. URL: https://elartu.tntu.edu.ua/bitstream/lib/ 44254/2/IMSTT_2023_Chernyk_O_A-Intrusion_detection_systems_126.pdf (дата звернення 13.03.2025)
Столяр А. Л. Аналіз сучасних методів виявлення аномалій в комп'ютерних мережах. 2023, URL: https://doi.org/10.18372/2073-4751.74.17888.
Kumar KN, Sukumaran S. A survey on network intrusion detection system techniques. International Journal of Advanced Technology and Engineering Exploration. 2018. 5(47). 385-393
Zeek. URL: https://github.com/zeek/zeek (дата звернення 13.03.2025)
Snort. URL: https://www.snort.org (дата звернення 13.03.2025)
Suricata URL: https://suricata.io (дата звернення 13.03.2025)
Security Onion URL: https://securityonionsolutions.com/software (дата звернення 13.03.2025)
Wazuh. URL: https://github.com/wazuh/wazuh (дата звернення 13.03.2025)
Intrusion Detection: Cisco IDS Overview. URL: https://www.ciscopress.com/articles/article.asp?p=24696 (дата звернення 13.03.2025)
IBM QRadar URL: https://www.ibm.com/qradar (дата звернення (дата звернення 13.03.2025)
KDD Cup 1999 URL: https://www.kaggle.com/datasets/galaxyh/kdd-cup-1999-data (дата звернення 13.03.2025)
NSL-KDD URL: https://www.kaggle.com/datasets/hassan06/nslkdd (дата звернення 13.03.2025)
CIC-IDS2017: https://www.kaggle.com/datasets/chethuhn/network-intrusion-dataset (дата звернення 13.03.2025)
UNSW-NB15: https://www.kaggle.com/datasets/mrwellsdavid/unsw-nb15 (дата звернення 13.03.2025).
