Review of Approaches to Implementing Intrusion Detection and Prevention Subsystems within a SOC

Authors

  • Ю.С. Корякина Институт машиноведения автоматики и геомеханики НАН КР
  • М.Э. Эсенбекова Институт информационных технологий КГТУ им. И. Раззакова

Keywords:

SOC; IDS; IPS; information security; NIDS; HIDS; NIPS; HIPS; NBA; event correlation; signature analysis; behavioral analysis; automatic attack prevention; SIEM; SOAR.

Abstract

Modern corporate networks face growing threats from cyberattacks, necessitating the use of advanced security technologies. This paper presents an analytical review of methods for implementing intrusion detection and prevention subsystems (IDS/IPS) within Security Operations Centers (SOC).

Theoretical aspects of network- and host-based solutions (NIDS, HIDS, NIPS, HIPS), as well as network behavior analysis (NBA) methods, are discussed. The study analyzes current approaches to integrating technologies such as Suricata, Zeek, and Security Onion, exploring their functionality, operational principles, and comparative effectiveness.

Special attention is given to event correlation, reduction of false positives, interaction with SIEM systems, and the automation of incident response processes. The paper examines the advantages and disadvantages of various technologies and proposes a comprehensive approach to securing corporate networks.

Finally, recommendations are provided for selecting optimal solutions to build a resilient security system capable of effectively countering modern cyber threats.

References

1. https://www.kaspersky.ru/about/press-releases/laboratoriya-kasperskogo-v-pervom-polugodii-2024-goda-zafiksirovan-kratnyj-rost-atak-na-sfery-telekoma-i-stroitelstva (дата обращения 01.15.2025).

2. https://ics-cert.kaspersky.ru/publications/reports/2024/11/08/q2-2024-a-brief-overview-of-the-main-incidents-in-industrial-cybersecurity/ (дата обращения 01.20.2025).

3. https://www.kaspersky.ru/about/press-releases/v-nachale-2024-goda-v-apt-atakah-po-vsemu-miru-chashe-vsego-ispolzovalis-uyazvimosti-v-instrumentah-udalyonnogo-dostupa-i-winrar (дата обращения 01.25.2025).

4. https://stormwall.pro/resources/blog/ddos-2024-godovoj-otchet#:~:text=%D0%92%D1%81%D0%B5%D0%B3%D0%BE%20%D1%81%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D1%8B%20StormWall%20%D0%B2%202024,%D0%BC%D0%BE%D1%89%D0%BD%D0%BE%D1%81%D1%82%D1%8C%20%D0%B0%D1%82%D0%B0%D0%BA%20%D0%B2%D1%8B%D1%80%D0%BE%D1%81%D0%BB%D0%B0%20%D0%BD%D0%B0%2053%25. (дата обращения 01.30.2025).

5. https://www.cloud4y.ru/blog/ips-and-ids-what-is-it/ (дата обращения 02.05.2025).

6. https://cloudnetworks.ru/inf-bezopasnost/ids-ips/#:~:text=%D0%A1%D0%B8%D1%81%D1%82%D0%B5%D0%BC%D0%B0%20%D0%BE%D0%B1%D0%BD%D0%B0%D1%80%D1%83%D0%B6%D0%B5%D0%BD%D0%B8%D1%8F%20%D0%B2%D1%82%D0%BE%D1%80%D0%B6%D0%B5%D0%BD%D0%B8%D0%B9%20(IDS)%20%D0%BF%D1%80%D0%B5%D0%B4%D1%81%D1%82%D0%B0%D0%B2%D0%BB%D1%8F%D0%B5%D1%82,%D0%BF%D1%80%D0%B5%D0%B4%D0%BE%D1%82%D0%B2%D1%80%D0%B0%D1%89%D0%B0%D0%B5%D1%82%20%D1%82%D1%80%D0%B0%D1%84%D0%B8%D0%BA%20%D0%BF%D0%BE%20IP%2D%D0%B0%D0%B4%D1%80%D0%B5%D1%81%D1%83. (дата обращения 02.10.2025).

7. https://habr.com/ru/companies/otus/articles/479584/ (дата обращения 02.15.2025).

8. https://studfile.net/preview/6211055/page:19/#46 (дата обращения 02.20.2025).

9. https://cyberleninka.ru/article/n/metody-obnaruzheniya-anomaliy-i-vtorzheniy/viewer (дата обращения 02.25.2025).

10. https://lib.itsec.ru/articles2/Oborandteh/tehnologii-hips (дата обращения 02.30.2025).

11. https://www.osp.ru/winitpro/2006/04/2578870#:~:text=%D0%A0%D0%B5%D1%88%D0%B5%D0%BD%D0%B8%D1%8F%20NIPS%20%D0%B0%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7%D0%B8%D1%80%D1%83%D1%8E%D1%82%20%D1%82%D1%80%D0%B0%D1%84%D0%B8%D0%BA%2C%20%D0%BF%D1%80%D0%B5%D0%B6%D0%B4%D0%B5,%D0%BC%D0%BE%D0%B3%D1%83%D1%82%20%D1%80%D0%B0%D0%B7%D0%BB%D0%B8%D1%87%D0%B0%D1%82%D1%8C%D1%81%D1%8F%20%D0%BF%D0%BE%20%D1%82%D0%B8%D0%BF%D1%83%20%D0%BF%D1%80%D0%BE%D0%B4%D1%83%D0%BA%D1%82%D0%B0. (дата обращения 03.15.2025).

Downloads

Published

2025-05-11

Issue

No. 1 (2025): Проблемы автоматики и управления

Section

INFORMATION SECURITY

Categories

License

Copyright (c) 2025 Ю.С. Корякина, М.Э. Эсенбекова

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.