Skip to main navigation menu Skip to main content Skip to site footer
##common.pageHeaderLogo.altText##

Information technologies and systems

December 13, 2024; Zurich, Switzerland: VII International Scientific and Practical Conference «GRUNDLAGEN DER MODERNEN WISSENSCHAFTLICHEN FORSCHUNG»


SECURITY ONION PLATFORM AS A TOOL FOR DETECTING AND ANALYSING CYBER THREATS


DOI
https://doi.org/10.36074/logos-13.12.2024.048
Published
09.01.2025

Abstract

The article discusses the use of the Security Onion platform for modelling cyber threats and evaluating the effectiveness of intrusion detection systems (IDS). Experiments have been conducted to simulate various types of attacks, such as SYN flood, brute-force, DNS flood, and DNS tunnelling, using Kali Linux tools. The results of attack detection using Suricata IDS are analysed and the data are visualised in Kibana. The results of the study demonstrate the effectiveness of using Security Onion as a comprehensive solution for monitoring, analysing, and responding to cyber threats.

References

  1. Security Onion Documentation (n.d.). https://docs.securityonion.net/en/2.4/about.html#security-onion
  2. What is intrusion detection systems (IDS)? How does it work? | fortinet. (n.d.). Fortinet. https://www.fortinet.com/resources/cyberglossary/intrusion-detection-system
  3. Suricata User Guide — Suricata 8.0.0-dev documentation. (n.d.). Suricata User Guide — Suricata 8.0.0-dev documentation. https://docs.suricata.io/en/latest/
  4. The zeek network security monitor. (n.d.). Zeek. https://zeek.org/
  5. Elastic stack: (ELK) elasticsearch, kibana & logstash. (n.d.). Elastic. https://www.elastic.co/elastic-stack
  6. ТИМОЩУК, Д., & ЯЦКІВ, В. (2024). USING HYPERVISORS TO CREATE A CYBER POLYGON. MEASURING AND COMPUTING DEVICES IN TECHNOLOGICAL PROCESSES, (3), 52-56. https://doi.org/10.31891/2219-9365-2024-79-7
  7. Тимощук, В., Долінський, А., & Тимощук, Д. (2024). ЗАСТОСУВАННЯ ГІПЕРВІЗОРІВ ПЕРШОГО ТИПУ ДЛЯ СТВОРЕННЯ ЗАХИЩЕНОЇ ІТ-ІНФРАСТРУКТУРИ. Матеріали конференцій МЦНД, (24.05. 2024; Запоріжжя, Україна), 145-146. https://doi.org/10.62731/mcnd-24.05.2024.001
  8. ТИМОЩУК Д., ЯЦКІВ В., ТИМОЩУК В., & ЯЦКІВ Н (2024). INTERACTIVE CYBERSECURITY TRAINING SYSTEM BASED ON SIMULATION ENVIRONMENTS. MEASURING AND COMPUTING DEVICES IN TECHNOLOGICAL PROCESSES, (4), 215–220. https://doi.org/10.31891/2219-9365-2024-80-26
  9. Kali docs | kali linux documentation. (n.d.). Kali Linux. https://www.kali.org/docs/
  10. Official ubuntu documentation. (n.d.). Official Ubuntu Documentation. https://help.ubuntu.com/
  11. Іваночко, Н., Тимощук, В., Букатка, С., & Тимощук, Д. (2023). РОЗРОБКА ТА ВПРОВАДЖЕННЯ ЗАХОДІВ ЗАХИСТУ ВІД UDP FLOOD АТАК НА DNS СЕРВЕР. Матеріали конференцій МНЛ, (3 листопада 2023 р., м. Вінниця), 177-178.
  12. Демчук, В., Тимощук, В., & Тимощук, Д. (2023). ЗАСОБИ МІНІМІЗАЦІЇ ВПЛИВУ SYN FLOOD АТАК. Collection of scientific papers «SCIENTIA», (November 24, 2023; Kraków, Poland), 130-130.
  13. Tymoshchuk, D., & Yatskiv, V. (2024). SLOWLORIS DDOS DETECTION AND PREVENTION IN REAL-TIME. Collection of scientific papers «ΛΌГOΣ», (August 16, 2024; Oxford, UK), 171-176. https://doi.org/10.36074/logos-16.08.2024.036
  14. SYN flood attack. Cloudflare. (n. d.) https://www.cloudflare.com/learning/ddos/syn-flood-ddos-attack/
  15. What is a brute force attack? | definition, types & how it works. (n.d.). Fortinet. https://www.fortinet.com/resources/cyberglossary/brute-force-attack
  16. UDP flood attack. Cloudflare. (n.d.). https://www.cloudflare.com/learning/ddos/udp-flood-ddos-attack/