Analysis of the implementation of the combined Suricata intrusion detection system with a machine learning model
Abstract
Relevance. The study presents a comparative analysis of intrusion detection and prevention systems (IDS/IPS) functioning with and without artificial intelligence (AI) integration. Conventional signature-based systems such as Suricata effectively detect known threats but often fail to recognize new or modified attack patterns. Therefore, integrating AI technologies offers a promising way to enhance adaptability and minimize false positives.
Objective. The study aimed to evaluate the efficiency of the open-source Suricata system in two configurations: a standard mode using signature-based detection and a modified version enhanced with a machine learning module. The goal was to determine how AI affects detection accuracy, response time, and alert reliability under various cyberattack scenarios, including DoS and brute-force attempts. The experiment was performed in a virtualized environment consisting of three nodes: Kali Linux as the attacker, Windows 10 as the target, and Suricata as the monitoring system.
Research Methods. Methods of statistical modeling and comparative analysis were applied. In its base form, Suricata relied solely on predefined rules, while in the AI-extended version, an analytical module employing the Random Forest algorithm processed log data to classify network events. The model was trained on labeled datasets containing normal and malicious traffic, using extracted statistical and protocol-level features.
Results. Analysis showed that the baseline Suricata achieved a detection rate of 87–92% and precision of 80–85%, generating excessive alerts during DoS simulations. After AI integration, the number of alerts decreased more than threefold, the detection rate increased to 93–96%, and precision rose to 90–94%. Additionally, the average response time was reduced to 1–1.5 seconds.
Conclusions. Integrating machine learning algorithms into the capabilities of Suricata IDS significantly increased its efficiency, reduced the number of false positives, and improved the system's ability to adapt to new cyber threats. The results confirm that combining a signature approach with AI-based analytics provides a more reliable and intelligent approach to modern network security.
Downloads
References
/References
J. Green Security Architecture: A practical guide to designing proactive and resilient cyber protection. BCS, The Chartered Institute for IT, 2025. 358 p. URL: https://www.perlego.com/book/4905875/security-architecture-a-practical-guide-to-designing-proactive-and-resilient-cyber-protection-pdf [in English]
Wireless Communication Security (Advances in Data Engineering and Machine Learning)/ by Manju Khari (Editor) & more. Wiley-Scrivener, 2023. 288 p. [in English]
Talukder, M.A., Islam, M.M., Uddin, M.A. et al. Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction. J Big Data 11, 33 (2024).DOI: https://doi.org/10.1186/s40537-024-00886-w [in English]
Tymoshchuk, V., Vantsa, V., Karnaukhov, A., Orlovska, A., & Tymoshchuk, D. (2024). Comparative analysis of intrusion detection approaches based on signatures and anomalies. Proceedings of the MCND Conference (November 29, 2024; Zhytomyr, Ukraine), 328–332. URL: https://scholar.google.com/citations?view_op=view_citation&hl=uk&user=sIhfAOgAAAAJ&citation_for_view=sIhfAOgAAAAJ:QIV2ME_5wuYC [in Ukrainian]
Thomas L. Case Enterprise Networks: Infrastructure & Security. Prospect Press, 2025. 558 p. URL:https://books.google.de/books/about/Enterprise_Network_Infrastructure_Securi.html?id=DVMN0AEACAAJ&redir_esc=y [in English]
Joseph Migga Kizza Guide to Computer Network Security. Springer Nature Switzerland AG, 2024. 646 p. URL: https://link.springer.com/book/10.1007/978-3-031-47549-8 [in English]
Tymoshchuk, D., Yasniy, O., Mytnyk, M., Zagorodna, N., Tymoshchuk, V., (2024). Detection and classification of DDoS flooding attacks by machine learning methods. CEUR Workshop Proceedings, 3842, pp. 184 - 195. URL: https://ceur-ws.org/Vol-3842/paper11.pdf [in Ukrainian]
M.H. Bhuyan, D. K. Bhattacharyya, J. K. Kalita Network Traffic Anomaly Detection and Prevention. Springer International Publishing AG, 2017. 263 p. URL: https://www.researchgate.net/publication/321502082_Network_Traffic_Anomaly_Detection_and_Prevention_Concepts_Techniques_and_Tools [in English]
Random Forest Algorithm Overview (H. A. Salman, A. Kalakech, & A. Steiti , Trans.). (2024). Babylonian Journal of Machine Learning, 2024, 69-79. DOI: https://doi.org/10.58496/BJML/2024/007 [in English]
Ahmed, U., Nazir, M., Sarwar, A. et al. Signature-based intrusion detection using machine learning and deep learning approaches empowered with fuzzy clustering. Sci Rep 15, 1726 (2025). DOI: https://doi.org/10.1038/s41598-025-85866-7 [in English]
Parag Deoskar and Ajay Kumar Sachan Enhancing intrusion detection systems using hybrid deep learning models. International Journal of Cloud Computing and Database Management 6(1):29-42. DOI: 10.33545/27075907.2025.v6.i1a.82 [in English]
Artificial Intelligence in Malware and Network Intrusion Detection: A Comprehensive Survey of Techniques, Datasets, Challenges, and Future Directions (S. A. H. . Moamin, M. K. . Abdulhameed, R. M. . Al-Amri, A. D. . Radhi, R. K. . Naser, & L. G. . Pheng , Trans.). (2025). Babylonian Journal of Artificial Intelligence, 2025, 77-98. DOI: https://doi.org/10.58496/BJAI/2025/008 [in English]
J. Green. Security Architecture: A Practical Guide to Designing Proactive and Resilient Cyber Protection. BCS, The Chartered Institute for IT, 2025. 358 p. URL: https://www.perlego.com/book/4905875/security-architecture-a-practical-guide-to-designing-proactive-and-resilient-cyber-protection-pdf
Wireless Communication Security (Advances in Data Engineering and Machine Learning) / edited by Manju Khari et al. Wiley-Scrivener, 2023. 288 p. URL: https://dokumen.pub/wireless-communication-security-advances-in-data-engineering-and-machine-learning-9781119777144-1119777143.html
Talukder, M.A., Islam, M.M., Uddin, M.A. et al. Machine learning-based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction. Journal of Big Data, 11, 33 (2024). DOI: https://doi.org/10.1186/s40537-024-00886-w
Тимощук, В., Ванца, В., Карнаухов, А., Орловська, А., Тимощук, Д. (2024). Порівняльний аналіз підходів до виявлення вторгнень, заснованих на сигнатурах та аномаліях. Матеріали конференції MCND (29 листопада 2024 р.; Житомир, Україна), с. 328–332. URL: https://scholar.google.com/citations?view_op=view_citation&hl=uk&user=sIhfAOgAAAAJ&citation_for_view=sIhfAOgAAAAJ:QIV2ME_5wuYC
Thomas L. Case. Enterprise Networks: Infrastructure & Security. Prospect Press, 2025. 558 p. URL:https://books.google.de/books/about/Enterprise_Network_Infrastructure_Securi.html?id=DVMN0AEACAAJ&redir_esc=y
Joseph Migga Kizza. Guide to Computer Network Security. Springer Nature Switzerland AG, 2024. 646 p. URL: https://link.springer.com/book/10.1007/978-3-031-47549-8
Тимощук, Д., Ясний, О., Митник, М., Загородна, Н., Тимощук, В. (2024). Виявлення та класифікація DDoS-атак методами машинного навчання. CEUR Workshop Proceedings, 3842, с. 184–195. URL: https://ceur-ws.org/Vol-3842/paper11.pdf
M.H. Bhuyan, D.K. Bhattacharyya, J.K. Kalita. Network Traffic Anomaly Detection and Prevention: Concepts, Techniques and Tools. Springer International Publishing AG, 2017. 263 p. URL:https://www.researchgate.net/publication/321502082_Network_Traffic_Anomaly_Detection_and_Prevention_Concepts_Techniques_and_Tools
H. A. Salman, A. Kalakech, & A. Steiti. Random Forest Algorithm Overview. Babylonian Journal of Machine Learning, 2024, pp. 69–79. DOI: https://doi.org/10.58496/BJML/2024/007
Ahmed, U., Nazir, M., Sarwar, A. et al. Signature-based intrusion detection using machine learning and deep learning approaches empowered with fuzzy clustering. Scientific Reports, 15, 1726 (2025). DOI: https://doi.org/10.1038/s41598-025-85866-7
Parag Deoskar, Ajay Kumar Sachan. Enhancing intrusion detection systems using hybrid deep learning models. International Journal of Cloud Computing and Database Management, 6(1):29–42. DOI: https://doi.org/10.33545/27075907.2025.v6.i1a.82
S. A. H. Moamin, M. K. Abdulhameed, R. M. Al-Amri, A. D. Radhi, R. K. Naser, & L. G. Pheng. Artificial Intelligence in Malware and Network Intrusion Detection: A Comprehensive Survey of Techniques, Datasets, Challenges, and Future Directions. Babylonian Journal of Artificial Intelligence, 2025, pp. 77–98. DOI: https://doi.org/10.58496/BJAI/2025/008
