Signature-based Intrusion Detection Hardware-Software Complex

• Published in: Information & security Vol. 47; no. 2; pp. 221 - 231
• Main Authors: V. Stetsenko, Inna, Demydenko, Maksym
• Format: Journal Article
• Language: English
• Published: Sofia ProCon Ltd 2020
• Subjects: Cybercrime; Cybersecurity; Firewalls; Internet access; Internet of Things; Intrusion detection systems; Malware; Operating systems; Personal computers; Security systems; Software
• ISSN: 0861-5160; 1314-2119
• DOI: 10.11610/isij.4715

Nowadays hackers are able to find many software vulnerabilities, which can be exploited for malicious purposes such as to destroy the operating system, to steal users' private data, to demand a ransom not to affect the data and retain their validity. The majority of attacks use an Internet connection; therefore, the efforts should be directed to the way in which data packets are transmitted. The hardware-software complex, which is the main subject of the presented research, serves as a firewall for the devices on one subnetwork with access to the Internet, simultaneously analysing and filtering both downstream and upstream traffic at packet level, resolving scumware and securing the perimeter of each device in the subnet. The concept and the architecture of the developed hardware-software complex are described. The implemented complex will not allow malicious traffic to pass through, providing protection of all endpoint devices in a subnetwork. The experimental results of malware detected are presented, and the security related metrics are evaluated.