I am in the middle of an academic investigation into Network-based Intrusion Detection Systems. The goal is to design, implement, and critically evaluate a working NIDS prototype while building a sound, publication-ready write-up of the findings. You will help me refine the detection approach, choose and configure an appropriate open-source engine (Snort, Suricata or Zeek are all options), generate or source representative traffic, and interpret the resulting alerts. Clear explanations of configuration choices, rule logic, and performance metrics must accompany the practical work so the final report reads coherently and meets typical university grading rubrics. Deliverables • Fully commented configuration files and custom rules for the chosen NIDS • A concise test plan outlining traffic scenarios and evaluation metrics (accuracy, false-positive rate, resource impact) • Resulting log files / pcaps with a short Python or Bash script that reproduces key analyses • A structured report (≈10–15 pages) covering methodology, experiment setup, results, discussion, and references in IEEE format Acceptance criteria The prototype must trigger on the agreed attack patterns, the report must include reproducible graphs or tables derived from the provided data set, and the whole package must build or run in a standard Linux environment without undocumented steps. If you have published or prior lab experience with NIDS, traffic generation tools, or statistical evaluation of security controls, that will make collaboration smooth and effective.