A Study on Zeek IDS Effectiveness for Cybersecurity in Agricultural IoT Networks

Samsul  Huda; Muhammad Bisri Musthafa; S. M.  Shamim; Yasuyuki  Nogami

doi:10.47852/bonviewJCCE52026303

Authors

Samsul Huda Interdisciplinary Education and Research Field, Okayama University, Japan https://orcid.org/0000-0003-1046-0804
Muhammad Bisri Musthafa Graduate School of Environmental, Life, Natural Science and Technology, Okayama University, Japan
S. M. Shamim Graduate School of Environmental, Life, Natural Science and Technology, Okayama University, Japan https://orcid.org/0000-0003-0062-0421
Yasuyuki Nogami Graduate School of Environmental, Life, Natural Science and Technology, Okayama University, Japan

DOI:

https://doi.org/10.47852/bonviewJCCE52026303

Keywords:

agricultural IoT, Zeek IDS, Intrusion detection systems, open-source security tools, Agriculture 4.0, cybersecurity, Raspberry Pi

Abstract

As agriculture moves toward Agriculture 4.0, which uses Internet of Things (IoT) devices to collect data in real time and monitor things from a distance, these networks are becoming increasingly vulnerable to cyberattacks. A common method used to protect against these kinds of threats is the use of intrusion detection systems (IDS). However, the agricultural environment is often changing and has limited resources, which makes cybersecurity challenging. Several available IDS tools are not designed to work properly in places with few resources, intermittent access, and unpredictable network conditions. This paper investigates the performance of Zeek, an open-source IDS, in identifying potential threats in agricultural IoT networks. We performed both offline and real-time experiments: offline analysis used pcap files from the Stratosphere Laboratory dataset, and real-time evaluation involved simulated live attack scenarios, focusing on unauthorized access attempts and distributed denial-of-service (DDoS) attacks. Zeek's performance was assessed based on CPU and memory utilization, as well as quality of service (QoS) metrics. From the experimental results, we found that Zeek was quite effective in protecting agricultural IoT networks against typical threats. Memory usage remained stable around 5% during offline analysis and under 20% during active attacks. However, CPU usage was more volatile, peaking at 120% during DDoS events. In terms of QoS, the system maintained a good throughput (1,375 kbits/s) with minimal packet loss (0.000186%). Among the attack types that we tested, brute force attacks, which represent attempts at unauthorized access, had the strongest effect on network performance, increasing delay to 2.159 ms and jitter to 0.793 ms. It seems clear that a heavier traffic load during such attacks can interfere with QoS. On the basis of our observation, we recommend practical deployment strategies for agricultural IoT systems that take these limitations into consideration, aiming to keep networks both secure and efficient under pressure.

Received: 2 June 2025 | Revised: 2 September 2025 | Accepted: 13 September 2025

Conflicts of Interest

The authors declare that they have no conflicts of interest to this work.

Data Availability Statement

The data that support the findings of this study are openly available in the Stratosphere Laboratory at https://www.stratosphereips.org/datasets-overview, in GitHub at https://github.com/zeek/zeek, https://github.com/vanhauser-thc/thc-hydra, and https://github.com/antirez/hping.

Author Contribution Statement

Samsul Huda: Conceptualization, Formal analysis, Writing – original draft, Writing – review & editing, Visualization, Supervision, Project administration. Muhammad Bisri Musthafa: Conceptualization, Methodology, Software, Validation, Investigation, Resources, Data curation, Writing – review & editing, Visualization. S. M. Shamim: Conceptualization, Methodology, Software, Validation, Investigation, Resources, Data curation, Writing – review & editing, Visualization. Yasuyuki Nogami: Supervision, Funding acquisition.