RESEARCH OF TOOLS EFFICIENCY FOR DETECTION AND PREVENTION OF INTRUSIONS ON CORPORATE NETWORKS NODES
DOI:
https://doi.org/10.31891/2219-9365-2023-74-1Keywords:
corporate network, intrusion detection, intrusion detection and prevention effectivenessAbstract
The increase in the number of various methods of intrusions and their implementation in the form of attacks requires the need to improve existing technologies and means of data protection in corporate computer networks. Among the conditions that have a serious impact on the suitability of various methods, it is possible to single out a rapid increase in the volume of traffic and bandwidth of the communication channel. This means that there is a need to find an algorithm that reduces the amount of calculations. The mechanism for detecting intrusions into the system is based on the assumption of stationarity of network traffic, that is, any deviation from the stationary characteristics of network traffic is understood as an attack. It follows that the problem of traffic analysis and detection of intrusions into the corporate network requires further research.
Despite the large number of methods, they all work in real time and are based on signature analysis, which makes them unsuitable for detecting new, previously unknown types of attacks. Most of the free software systems for detecting and preventing attacks available today use signature analysis.
The paper presents the results of research into the effectiveness of systems for detecting intrusions into the corporate network at different traffic intensities and for different types of attacks.
The effectiveness of the most common systems for detecting intrusions into the corporate network was investigated experimentally. The results showed that these systems give a stable result with a small amount of traffic and only for known types of attacks, since they are based on signature analysis. When the amount and intensity of traffic increases, these systems show rather poor results: they have a lot of packet loss and heavily load server resources. In order to increase the reliability of information security of corporate networks, there is a need to improve approaches to attack detection and traffic analysis.
