This article provides an introduction to intrusion detection systems, focusing on extending the Snort environment’s functionalities by adding a new heuristic detection algorithm. The algorithm allows to detect selected types of cyberattacks through analysis of received packets and based on a list of malicious Internet Protocol addresses. Furthermore, the algorithm underwent functional verification. The results confirmed that the algorithm successfully detects the packets originating from the provided list and rates them accordingly.