Los sistemas IDS para mitigar ataques en un entorno simulado.
| dc.contributor.advisor | León Acurio, Joffre Vicente | |
| dc.contributor.author | Ribadeneira Freire, Paul Fernando | |
| dc.date.accessioned | 2025-04-25T19:28:15Z | |
| dc.date.available | 2025-04-25T19:28:15Z | |
| dc.date.issued | 2025 | |
| dc.identifier.uri | http://dspace.utb.edu.ec/handle/49000/17931 | |
| dc.description | The present study aims to evaluate the effectiveness of the intrusion detection systems (IDS) Snort, Suricata and Zeek in identifying and mitigating cyberattacks, with a particular focus on port scanning, within a simulated environment. Port scanning is a common technique used by attackers to identify vulnerable services in a network, making it a critical starting point for more advanced attacks. Through controlled tests, the performance of these tools was compared in terms of detection rate, false positives, high-traffic throughput, and ease of use. The results showed that Suricata was the most effective tool, with a 98% detection rate, thanks to its deep packet inspection (DPI) capability and multi-threaded architecture. Snort achieved a 95% detection rate, being a solid choice for small or medium-sized networks, although its single-threaded architecture limited its performance in high-traffic environments. For its part, Zeek showed a 90% detection rate, standing out more in forensic analysis and detailed log generation than in real-time detection. In addition, optimization strategies were proposed for each tool, such as updating detection rules, integration with SIEM systems, and the use of specialized hardware. This study contributes to the field of cybersecurity by offering practical recommendations for the implementation of IDS in different contexts, especially in virtualized environments, and encourages the adoption of these tools in vulnerable sectors, such as small organizations and individual users. | es_ES |
| dc.description | The present study aims to evaluate the effectiveness of the intrusion detection systems (IDS) Snort, Suricata and Zeek in identifying and mitigating cyberattacks, with a particular focus on port scanning, within a simulated environment. Port scanning is a common technique used by attackers to identify vulnerable services in a network, making it a critical starting point for more advanced attacks. Through controlled tests, the performance of these tools was compared in terms of detection rate, false positives, high-traffic throughput, and ease of use. The results showed that Suricata was the most effective tool, with a 98% detection rate, thanks to its deep packet inspection (DPI) capability and multi-threaded architecture. Snort achieved a 95% detection rate, being a solid choice for small or medium-sized networks, although its single-threaded architecture limited its performance in high-traffic environments. For its part, Zeek showed a 90% detection rate, standing out more in forensic analysis and detailed log generation than in real-time detection. In addition, optimization strategies were proposed for each tool, such as updating detection rules, integration with SIEM systems, and the use of specialized hardware. This study contributes to the field of cybersecurity by offering practical recommendations for the implementation of IDS in different contexts, especially in virtualized environments, and encourages the adoption of these tools in vulnerable sectors, such as small organizations and individual users. | es_ES |
| dc.description.abstract | El presente estudio tiene como objetivo evaluar la efectividad de los sistemas de detección de intrusos (IDS) Snort, Suricata y Zeek en la identificación y mitigación de ciberataques, con un enfoque particular en el escaneo de puertos, dentro de un entorno simulado. El escaneo de puertos es una técnica común utilizada por los atacantes para identificar servicios vulnerables en una red, lo que lo convierte en un punto de partida crítico para ataques más avanzados. A través de pruebas controladas, se comparó el desempeño de estas herramientas en términos de tasa de detección, falsos positivos, rendimiento en alto tráfico y facilidad de uso. Los resultados mostraron que Suricata fue la herramienta más efectiva, con una tasa de detección del 98%, gracias a su capacidad de inspección profunda de paquetes (DPI) y su arquitectura multihilo. Snort alcanzó una tasa de detección del 95%, siendo una opción sólida para redes pequeñas o medianas, aunque su arquitectura monohilo limitó su rendimiento en entornos de alto tráfico. Por su parte, Zeek mostró una tasa de detección del 90%, destacándose más en el análisis forense y la generación de logs detallados que en la detección en tiempo real. Además, se propusieron estrategias de optimización para cada herramienta, como la actualización de reglas de detección, la integración con sistemas SIEM y el uso de hardware especializado. Este estudio contribuye al campo de la ciberseguridad al ofrecer recomendaciones prácticas para la implementación de IDS en diferentes contextos, especialmente en entornos virtualizados, y fomenta la adopción de estas herramientas en sectores vulnerables, como pequeñas organizaciones y usuarios individuales. | es_ES |
| dc.format.extent | 62 p. | es_ES |
| dc.language.iso | es | es_ES |
| dc.publisher | Babahoyo: UTB-FAFI. 2025 | es_ES |
| dc.rights | Attribution-NonCommercial-NoDerivs 3.0 United States | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/3.0/us/ | * |
| dc.subject | Sistemas de Detección de Intrusos (IDS) | es_ES |
| dc.subject | Suricata | es_ES |
| dc.subject | Zeek | es_ES |
| dc.subject | Escaneo de Puertos | es_ES |
| dc.subject | Ciberseguridad | es_ES |
| dc.subject.other | Sistemas de Información | es_ES |
| dc.title | Los sistemas IDS para mitigar ataques en un entorno simulado. | es_ES |
| dc.type | bachelorThesis | es_ES |
Files in this item
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivs 3.0 United States