Los sistemas IDS para mitigar ataques en un entorno simulado.
The present study aims to evaluate the effectiveness of the intrusion detection systems (IDS) Snort, Suricata and Zeek in identifying and mitigating cyberattacks, with a particular focus on port scanning, within a simulated environment. Port scanning is a common technique used by attackers to identi...
Guardat en:
| Autor principal: | |
|---|---|
| Format: | bachelorThesis |
| Publicat: |
2025
|
| Matèries: | |
| Accés en línia: | http://dspace.utb.edu.ec/handle/49000/17931 |
| Etiquetes: |
Afegir etiqueta
Sense etiquetes, Sigues el primer a etiquetar aquest registre!
|
Afegir etiqueta | Sumari: | The present study aims to evaluate the effectiveness of the intrusion detection systems (IDS) Snort, Suricata and Zeek in identifying and mitigating cyberattacks, with a particular focus on port scanning, within a simulated environment. Port scanning is a common technique used by attackers to identify vulnerable services in a network, making it a critical starting point for more advanced attacks. Through controlled tests, the performance of these tools was compared in terms of detection rate, false positives, high-traffic throughput, and ease of use. The results showed that Suricata was the most effective tool, with a 98% detection rate, thanks to its deep packet inspection (DPI) capability and multi-threaded architecture. Snort achieved a 95% detection rate, being a solid choice for small or medium-sized networks, although its single-threaded architecture limited its performance in high-traffic environments. For its part, Zeek showed a 90% detection rate, standing out more in forensic analysis and detailed log generation than in real-time detection. In addition, optimization strategies were proposed for each tool, such as updating detection rules, integration with SIEM systems, and the use of specialized hardware. This study contributes to the field of cybersecurity by offering practical recommendations for the implementation of IDS in different contexts, especially in virtualized environments, and encourages the adoption of these tools in vulnerable sectors, such as small organizations and individual users. |
|---|