INTEGRATION OF INTRUSION DETECTION SYSTEMS INTO THE CORPORATE NETWORK STRUCTURE: APPROACHES, CHALLENGES AND EFFICIENCY OF INCIDENT RESPONSE
DOI:
https://doi.org/10.28925/2663-4023.2025.29.889Keywords:
information security, cyber threats, intrusion detection systems, corporate network, incident response, digital forensics, forensic analysis, playbook, SIEM, SQL injection, risk assessment.Abstract
The article presents a comprehensive study of the integration of intrusion detection systems (IDS/IPS) into the structure of a corporate network, taking into account the requirements of modern cybersecurity, current risks and management approaches in accordance with international standards. The current challenges associated with the growth of the complexity of network infrastructures, the development of targeted attacks and increased requirements for the speed of response to information security incidents are considered. A systematic approach is proposed, which involves the phased implementation of IDS/IPS solutions based on a preliminary analysis of the network architecture, asset classification, vulnerability detection and risk assessment. A corporate network threat model is built, which covers the main types of assets (servers, workstations, routers, access points, authentication services) and typical attack vectors (SQL injections, DDoS, phishing, brute force, malware, etc.). Special attention was paid to the implementation of response processes in accordance with the requirements of the ISO/IEC 27001:2017 standard. The study simulated an information security incident in the form of an SQL injection attack on a corporate network web application. The incident was detected using a signature-based NIDS, after which a specialized Playbook was activated, which provided for automated actions to localize the threat, disable suspicious traffic, log events, and inform personnel. Additionally, a forensic analysis was conducted, which allowed reconstructing the attack chronology, identifying weaknesses in the web server configuration, and generating an analytical report for further updating security policies. All actions were consistent with pre-established procedures within the information security management system (ISMS), which confirms the practical applicability and effectiveness of the risk-based approach. The article also proposes an algorithm for integrating IDS/IPS into a corporate network, which includes analyzing the existing architecture, selecting the type of system, configuring threat detection rules, integrating with SIEM systems, and organizing personnel training. It is substantiated that integrating technical protection with management policies and response mechanisms allows for a higher level of adaptability, reducing the time between detection and response, and providing an evidentiary base for further investigations. The conclusions emphasize the advantages of an integrated approach to cyber protection, in particular its ability to scale, adapt to new threats, and contribute to continuous improvement of information security. Directions for future research are proposed, including automation of response using artificial intelligence, implementation of Zero Trust concepts, development of behavioral models of threat analysis, and construction of training cyber polygons to test the effectiveness of playbooks.
Downloads
References
Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., & Smuikys, P. (2020). LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics, 9(5), 800. https://doi.org/10.3390/electronics9050800
Kasongo, S. M., & Sun, Y.(2020). Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset. Journal of Big Data, 7(1).
Osanaiye, O., Cai, H., Choo, K.-K. R., Dehghantanha, A., Xu, Z., &Dlodlo, M. (2016). Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP Journal on Wireless Communications and Networking, 2016(1):1-10.
Shushura, O. M., Asieieva, L. A., Nedashkivskiy, O. L., Havrylko, Y. V., Moroz, Y. O., Smailova, S. S., & Sarsembayev, M. (2022). Simulation of information security risks of availability of project documents based on fuzzy logic. Informatyka, Automatyka,Pomiary wGospodarce iOchronie Środowiska, 12(3), 64–68. https://doi.org/10.35784/iapgos.3033
Завада, А.А., Самчишин, О.В. Охрімчук, В.В. Аналіз сучасних систем виявлення атак і запобігання вторгненням (2012). Інформаційні системи. Збірник наукових праць ЖВІНАУ, 6(12). 97-106.
Кухарська, Н.П., Семенюк, С.А., Полотай О.І. (2025). Ключові аспекти оновленого стандарту ISO/IEC 27002:2022. Сучасний захист інформації. 2. 76-87.
Лук’яненко, Т.Ю., Поночовний, П.М., Легомінова, С.В. (2022). Методика виявлення мережевих вторгнень і ознак комп'ютерних атак на основі емпіричного підходу. Сучасний захист інформації. 2(50). 15-21.
Полотай, О.І. (2023). Використання комп’ютерної криміналістики для забезпечення ефективного розслідування інцидентів інформаційної та кібербезпеки. Вісник ЛДУБЖД : зб. наук. праць. Львів : ЛДУБЖД, 28. 73–80.
Толюпа, С., Плющ, О.Г., Пархоменко, І.І. (2020). Побудова систем виявлення атак в інформаційних мережах на нейромережевих структурах. Кібербезпека: освіта, наука, техніка 2 (10). 169-181.
Чичкарьов, Є., Зінченко, О., Бондарчук, А., Асєєва, Л. (2023). Метод вибору ознак для системи виявлення вторгнень з використанням ансамблевого підходу та нечіткої логіки. Електронне фахове наукове видання «Кібербезпека: освіта, наука, техніка»: 1 (21), 234-251
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Орест Полотай, Тарас Брич, Наталія Кухарська, Валентина Ящук, Артур Ткаченко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
