Los sistemas IDS para mitigar ataques en un entorno simulado.
The present study aims to evaluate the effectiveness of the intrusion detection systems (IDS) Snort, Suricata and Zeek in identifying and mitigating cyberattacks, with a particular focus on port scanning, within a simulated environment. Port scanning is a common technique used by attackers to identi...
Uloženo v:
| Hlavní autor: | |
|---|---|
| Médium: | bachelorThesis |
| Vydáno: |
2025
|
| Témata: | |
| On-line přístup: | http://dspace.utb.edu.ec/handle/49000/17931 |
| Tagy: |
Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
|
Přidat tag | _version_ | 1859044668619096064 |
|---|---|
| author | Ribadeneira Freire, Paul Fernando |
| author_facet | Ribadeneira Freire, Paul Fernando |
| author_role | author |
| collection | Repositorio Universidad Técnica de Babahoyo |
| dc.contributor.none.fl_str_mv | León Acurio, Joffre Vicente |
| dc.creator.none.fl_str_mv | Ribadeneira Freire, Paul Fernando |
| dc.date.none.fl_str_mv | 2025-04-25T19:28:15Z 2025-04-25T19:28:15Z 2025 |
| dc.format.none.fl_str_mv | 62 p. application/pdf |
| dc.identifier.none.fl_str_mv | http://dspace.utb.edu.ec/handle/49000/17931 |
| dc.language.none.fl_str_mv | es |
| dc.publisher.none.fl_str_mv | Babahoyo: UTB-FAFI. 2025 |
| dc.rights.none.fl_str_mv | Attribution-NonCommercial-NoDerivs 3.0 United States http://creativecommons.org/licenses/by-nc-nd/3.0/us/ info:eu-repo/semantics/openAccess |
| dc.source.none.fl_str_mv | reponame:Repositorio Universidad Técnica de Babahoyo instname:Universidad Técnica de Babahoyo instacron:UTB |
| dc.subject.none.fl_str_mv | Sistemas de Detección de Intrusos (IDS) Suricata Zeek Escaneo de Puertos Ciberseguridad Sistemas de Información |
| dc.title.none.fl_str_mv | Los sistemas IDS para mitigar ataques en un entorno simulado. |
| dc.type.none.fl_str_mv | info:eu-repo/semantics/publishedVersion info:eu-repo/semantics/bachelorThesis |
| description | The present study aims to evaluate the effectiveness of the intrusion detection systems (IDS) Snort, Suricata and Zeek in identifying and mitigating cyberattacks, with a particular focus on port scanning, within a simulated environment. Port scanning is a common technique used by attackers to identify vulnerable services in a network, making it a critical starting point for more advanced attacks. Through controlled tests, the performance of these tools was compared in terms of detection rate, false positives, high-traffic throughput, and ease of use. The results showed that Suricata was the most effective tool, with a 98% detection rate, thanks to its deep packet inspection (DPI) capability and multi-threaded architecture. Snort achieved a 95% detection rate, being a solid choice for small or medium-sized networks, although its single-threaded architecture limited its performance in high-traffic environments. For its part, Zeek showed a 90% detection rate, standing out more in forensic analysis and detailed log generation than in real-time detection. In addition, optimization strategies were proposed for each tool, such as updating detection rules, integration with SIEM systems, and the use of specialized hardware. This study contributes to the field of cybersecurity by offering practical recommendations for the implementation of IDS in different contexts, especially in virtualized environments, and encourages the adoption of these tools in vulnerable sectors, such as small organizations and individual users. |
| eu_rights_str_mv | openAccess |
| format | bachelorThesis |
| id | UTB_d69cbdcb97bdf78a66f84aab6273d4ed |
| instacron_str | UTB |
| institution | UTB |
| instname_str | Universidad Técnica de Babahoyo |
| language_invalid_str_mv | es |
| network_acronym_str | UTB |
| network_name_str | Repositorio Universidad Técnica de Babahoyo |
| oai_identifier_str | oai:dspace.utb.edu.ec:49000/17931 |
| publishDate | 2025 |
| publisher.none.fl_str_mv | Babahoyo: UTB-FAFI. 2025 |
| reponame_str | Repositorio Universidad Técnica de Babahoyo |
| repository.mail.fl_str_mv | . |
| repository.name.fl_str_mv | Repositorio Universidad Técnica de Babahoyo - Universidad Técnica de Babahoyo |
| repository_id_str | 0 |
| rights_invalid_str_mv | Attribution-NonCommercial-NoDerivs 3.0 United States http://creativecommons.org/licenses/by-nc-nd/3.0/us/ |
| spelling | Los sistemas IDS para mitigar ataques en un entorno simulado.Ribadeneira Freire, Paul FernandoSistemas de Detección de Intrusos (IDS)SuricataZeekEscaneo de PuertosCiberseguridadSistemas de InformaciónThe present study aims to evaluate the effectiveness of the intrusion detection systems (IDS) Snort, Suricata and Zeek in identifying and mitigating cyberattacks, with a particular focus on port scanning, within a simulated environment. Port scanning is a common technique used by attackers to identify vulnerable services in a network, making it a critical starting point for more advanced attacks. Through controlled tests, the performance of these tools was compared in terms of detection rate, false positives, high-traffic throughput, and ease of use. The results showed that Suricata was the most effective tool, with a 98% detection rate, thanks to its deep packet inspection (DPI) capability and multi-threaded architecture. Snort achieved a 95% detection rate, being a solid choice for small or medium-sized networks, although its single-threaded architecture limited its performance in high-traffic environments. For its part, Zeek showed a 90% detection rate, standing out more in forensic analysis and detailed log generation than in real-time detection. In addition, optimization strategies were proposed for each tool, such as updating detection rules, integration with SIEM systems, and the use of specialized hardware. This study contributes to the field of cybersecurity by offering practical recommendations for the implementation of IDS in different contexts, especially in virtualized environments, and encourages the adoption of these tools in vulnerable sectors, such as small organizations and individual users.The present study aims to evaluate the effectiveness of the intrusion detection systems (IDS) Snort, Suricata and Zeek in identifying and mitigating cyberattacks, with a particular focus on port scanning, within a simulated environment. Port scanning is a common technique used by attackers to identify vulnerable services in a network, making it a critical starting point for more advanced attacks. Through controlled tests, the performance of these tools was compared in terms of detection rate, false positives, high-traffic throughput, and ease of use. The results showed that Suricata was the most effective tool, with a 98% detection rate, thanks to its deep packet inspection (DPI) capability and multi-threaded architecture. Snort achieved a 95% detection rate, being a solid choice for small or medium-sized networks, although its single-threaded architecture limited its performance in high-traffic environments. For its part, Zeek showed a 90% detection rate, standing out more in forensic analysis and detailed log generation than in real-time detection. In addition, optimization strategies were proposed for each tool, such as updating detection rules, integration with SIEM systems, and the use of specialized hardware. This study contributes to the field of cybersecurity by offering practical recommendations for the implementation of IDS in different contexts, especially in virtualized environments, and encourages the adoption of these tools in vulnerable sectors, such as small organizations and individual users.El presente estudio tiene como objetivo evaluar la efectividad de los sistemas de detección de intrusos (IDS) Snort, Suricata y Zeek en la identificación y mitigación de ciberataques, con un enfoque particular en el escaneo de puertos, dentro de un entorno simulado. El escaneo de puertos es una técnica común utilizada por los atacantes para identificar servicios vulnerables en una red, lo que lo convierte en un punto de partida crítico para ataques más avanzados. A través de pruebas controladas, se comparó el desempeño de estas herramientas en términos de tasa de detección, falsos positivos, rendimiento en alto tráfico y facilidad de uso. Los resultados mostraron que Suricata fue la herramienta más efectiva, con una tasa de detección del 98%, gracias a su capacidad de inspección profunda de paquetes (DPI) y su arquitectura multihilo. Snort alcanzó una tasa de detección del 95%, siendo una opción sólida para redes pequeñas o medianas, aunque su arquitectura monohilo limitó su rendimiento en entornos de alto tráfico. Por su parte, Zeek mostró una tasa de detección del 90%, destacándose más en el análisis forense y la generación de logs detallados que en la detección en tiempo real. Además, se propusieron estrategias de optimización para cada herramienta, como la actualización de reglas de detección, la integración con sistemas SIEM y el uso de hardware especializado. Este estudio contribuye al campo de la ciberseguridad al ofrecer recomendaciones prácticas para la implementación de IDS en diferentes contextos, especialmente en entornos virtualizados, y fomenta la adopción de estas herramientas en sectores vulnerables, como pequeñas organizaciones y usuarios individuales.Babahoyo: UTB-FAFI. 2025León Acurio, Joffre Vicente2025-04-25T19:28:15Z2025-04-25T19:28:15Z2025info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/bachelorThesis62 p.application/pdfhttp://dspace.utb.edu.ec/handle/49000/17931esAttribution-NonCommercial-NoDerivs 3.0 United Stateshttp://creativecommons.org/licenses/by-nc-nd/3.0/us/info:eu-repo/semantics/openAccessreponame:Repositorio Universidad Técnica de Babahoyoinstname:Universidad Técnica de Babahoyoinstacron:UTB2025-04-29T08:10:29Zoai:dspace.utb.edu.ec:49000/17931Institucionalhttp://dspace.utb.edu.ec/Universidad públicahttps://utb.edu.ec/http://dspace.utb.edu.ec/oai.Ecuador...opendoar:02026-03-07T22:26:22.858187Repositorio Universidad Técnica de Babahoyo - Universidad Técnica de Babahoyotrue |
| spellingShingle | Los sistemas IDS para mitigar ataques en un entorno simulado. Ribadeneira Freire, Paul Fernando Sistemas de Detección de Intrusos (IDS) Suricata Zeek Escaneo de Puertos Ciberseguridad Sistemas de Información |
| status_str | publishedVersion |
| title | Los sistemas IDS para mitigar ataques en un entorno simulado. |
| title_full | Los sistemas IDS para mitigar ataques en un entorno simulado. |
| title_fullStr | Los sistemas IDS para mitigar ataques en un entorno simulado. |
| title_full_unstemmed | Los sistemas IDS para mitigar ataques en un entorno simulado. |
| title_short | Los sistemas IDS para mitigar ataques en un entorno simulado. |
| title_sort | Los sistemas IDS para mitigar ataques en un entorno simulado. |
| topic | Sistemas de Detección de Intrusos (IDS) Suricata Zeek Escaneo de Puertos Ciberseguridad Sistemas de Información |
| url | http://dspace.utb.edu.ec/handle/49000/17931 |