Search for a command to run...
This study provides a comprehensive analysis of intrusion detection and prevention systems (IDS and IPS), enabling an assessment of their effectiveness in identifying various types of cyberattacks, including those carried out through covert communication channels. Particular attention is given to examining the nature of steganographic channels, which significantly complicate attack detection, as well as the factors that influence their identification, such as network traffic dynamics and attacker behavior patterns. Indicators of compromise generated using artificial intelligence methods based on network traffic analysis are investigated, allowing for improved accuracy and speed in detecting malicious activity. The capabilities of the Splunk Machine platform for building attack detection models and analyzing anomalous behavior in networks are evaluated. Classifiers for developing a machine-learning-based intrusion detection system have been designed. Within the research, a system architecture is proposed, an optimal dataset for model training is selected, class imbalance is mitigated, the most significant features are identified and selected, and feature space reduction is performed to enhance the efficiency and performance of the model. The model has been tuned and tested, and its effectiveness has been assessed based on the obtained results, confirming the practical applicability of the approach for detecting real cyberattacks. The purpose of the study is to explore the potential of applying artificial intelligence to identify vulnerabilities in network infrastructure based on indicators of compromise, taking into account the specifics of covert communication channels, the dynamics of attacker behavior, and the limitations of traditional statistical methods. The results obtained can be used to improve existing cybersecurity systems and to develop effective tools for early detection of complex attacks.