This book is based on real-world cybersecurity data collected through Suricata network intrusion detection systems and SSHLab Research monitoring infrastructure.
It focuses on analyzing malicious network traffic observed in live environments, including intrusion attempts, scanning activity, exploit patterns, and protocol-level attack behavior captured at the network layer.
This is not a guide on how to deploy or configure Suricata. Instead, it presents empirical findings derived from real-world network telemetry and attack traffic observed in operational monitoring systems.
The research in this book is based on:
- Network intrusion detection logs generated by Suricata
- Real-world malicious traffic captured at the network layer
- Signature-based and behavioral detection of attack patterns
- Exploitation attempts across multiple protocols and services
- Large-scale scanning and reconnaissance activity observed in internet traffic
- Correlation of attack behavior across distributed monitoring systems
The goal of this book is to provide structured, evidence-based cybersecurity insights derived from real network attack data rather than simulated or lab-based scenarios.
This book is intended for cybersecurity practitioners, SOC analysts, detection engineers, and security researchers working with network security monitoring and threat detection systems
