College

College of Engineering and Polymer Science

Date of Last Revision

2026-05-07 06:11:17

Major

Computer Information Systems

Honors Course

CIS491

Number of Credits

3

Degree Name

Bachelor of Science in Computer Science

Date of Expected Graduation

Spring 2026

Abstract

A key component of cybersecurity is network intrusion detection, which is used to examine network traffic for any malicious activity. Many organizations deploy intrusion detection systems (IDS) but still face challenges such as validating detections, investigating alerts in a timely manner, and producing clear and repeatable evidence of what has occurred, especially when live traffic capture may be limited to risks, permissions, or privacy concerns. The goal of this project was to use Security Onion, which includes Suricata and Zeek to create and demonstrate a controllable and manageable evidence-based IDS investigation workflow. This project is focused on deploying and validating a Security Onion sensor in a live enterprise environment to support passive network monitoring and evidence-based investigations. The main goal was to use Suricata and Zeek tools built into the Security Onion’s system, as well as packet capture features to build a practical workflow for detecting and investigating suspicious traffic. The project was centered on the sensor side of the platform rather than full manager deployment. The sensor was configured as a virtual machine with separate management and monitoring interfaces so it could receive mirrored traffic without interrupting production systems. The work approach included preparing the virtual sensor environment, verifying interface roles, confirming that the monitoring interface could receive traffic, enabling and tuning Suricata and Zeek, adjusting HOME_NET for the monitored subnet, reviewing retention and storage settings, and validating that alerts, logs, and packet evidence could be produced and examined. Troubleshooting was also a major part of the project, especially when confirming where Suricata event files were written, how data appeared in Hunt, and how alert results should be filtered and interpreted. III The project succeeded in creating a functional Security Onion sensor workflow that was able to process mirrored traffic and generate useful investigation data through Suricata alerts, Zeek logs, and packet evidence. The project proves that a properly deployed virtual Security Onion sensor can improve network visibility and provide a practical, low-cost method for supporting intrusion detection investigations in an enterprise environment. Future improvements could expand traffic coverage and long-term alert retention and evidence management.

Research Sponsor

Nadhem Ebrahim

First Reader

Richard P. Mehok Jr

Second Reader

Stanley Smith

Honors Faculty Advisor

Janet Kropff

Proprietary and/or Confidential Information

No

Community Engaged Scholarship

No

Comments

Cybersecurity Honors Project - Daryna Myroniuk

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.