Abstract
This paper presents the results of preparing a virtual bench for modeling and detecting network attacks using a freely distributed intrusion detection system (IDS). The relevance of the work is related to the growing demand for IDS as sources of information security events for security information and event management (SIEM) systems. A comparative analysis of the most popular freely distributed open-source network IDSs was carried out and the choice of the Zeek system for its use in the project was substantiated. The work uses Zeek network logs, which contain important and structured information about the analyzed network traffic. The laboratory bench was built on the basis of a Linux virtual machine and a Mininet network simulator. A graphical representation of the developed virtual stand is proposed. An experimental study of the effectiveness of an intrusion detection system is demonstrated by simulating a network denial of service attack and further analyzing the received network traffic using IDS tools.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.