<![CDATA[Malvertising has emerged as a serious cybersecurity threat, leveraging legitimate advertising networks to deliver malware through drive-by-download techniques without requiring user interaction. Existing standalone network- or host-based detection solutions provide limited protection because they lack integrated visibility and contextual validation across detection layers. However, no existing research has specifically evaluated the integration of Suricata, Wazuh, and VirusTotal for endpoint-focused malvertising detection, creating a critical gap in multi-layer defense strategies. This study proposes a hybrid multilayer architecture combining Suricata as a Network Intrusion Detection System, Wazuh as a Host-based Intrusion Detection and Prevention System, and VirusTotal as an external Cyber Threat Intelligence source to provide correlated threat detection and automated mitigation. The system was evaluated in a controlled virtual laboratory consisting of attacker, victim, and SIEM environments replicating real malvertising scenarios. The results show that the proposed architecture successfully detected malicious payloads and completed an end-to-end detection-to-mitigation cycle in approximately 5-7 seconds while maintaining zero false positives under non-malicious conditions. This research contributes a practical and reproducible architecture for endpoint-based malvertising detection, demonstrating effective multi-layer correlation and rapid autonomous response. The limitation of this study lies in its reliance on signature-based detection and external API communication, which may reduce effectiveness against zero-day threats or offline deployments.]]>
Copyrights © 2026
