<![CDATA[The growing sophistication of cyberattacks has increased the urgency of securing organizational networks, especially those handling sensitive and large-scale data. Traditional intrusion detection systems (IDS) such as Suricata rely on signature-based methods and often fail to detect zero-day or evolving threats. To address this gap, this research proposes a hybrid intrusion detection model that integrates Suricata with machine learning algorithms—Isolation Forest and Random Forest. Suricata performs real-time packet inspection and anomaly filtering, while the machine learning component enhances detection of novel threats and reduces false positives. The methodology involves capturing real-time network traffic, pre-processing data, training models on both CICIDS2017 and simulated attack data, and evaluating performance using accuracy, precision, recall, and F1-score. Experimental results show that the hybrid model achieves high detection accuracy—99.86% on simulated data and 96.33% on the CICIDS2017 dataset. Compared to standalone Suricata, the hybrid model detects more unknown threats and reduces alert fatigue by minimizing false positives. This study contributes a scalable and adaptive IDS framework that combines anomaly- and signature-based detection techniques. The proposed system enhances threat detection capabilities in enterprise-level networks and offers practical implications for intelligent cybersecurity defences. The findings advance research in computer science, particularly in the domains of machine learning applications and network security systems.]]>
Copyrights © 2025
