Efektívne ladenie IDS nástroja Suricata pre detekciu známych hrozieb a jeho rozširovanie o nové detekčné metódy

The thesis deals with implementation of intrusion detection tool Suricata. The thesis describes installation, tool control, signature management and system-wide control. In this thesis we introduce the use of this IDS in so called offline mode when we use an attack detection tool in archived packet flow (PCAP). In this mode, we used the tool to detect attacks in 2 publicly available IDS datasets that are used to train or test IDS tools – CIC IDS 2017 and ISCX2012. In online mode, we tested Suricata, both IDS and IPS, to control real-time traffic coming from and leaving the Departmental Cloud (OpenStack). In this thesis we present the tuning of rules for control of given network traffic. The work also deals with the possibility of managing rules from multiple sets with signatures and lua scripting for detection of complex threats.