Scientific Journal of KubSAU

This article describes the results of networks anomalies detection system based on modular adaptive approach practical implementation. The list of specific modules used in the practical implementation of IPS, their architecture, algorithms, software, organizational and technical support determined at technical working design based on the results of the audit, evaluation and risk analysis. In the general list of modules (subsystems) we may include: intrusion detection and prevention (IPS / IDS) subsystems; monitoring, data collection, and event correlation, administration and management subsystem and others. We have demonstrated the specificity of formation requirements for the basic mechanisms of the subsystems in terms of development and implementation of specific architecture with some examples, plus practically implemented structure of system modules, as well as organizational and technical support system functioning