A comparative study of traditional and AI-based methods for network intrusion detection

Abstract

Intrusion Detection Systems (IDS) are essential for protecting modern networks against malicious activities. Traditional signature-based IDS, such as Snort, pro-vide reliable and interpretable detection but are limited in identifying novel or evolving attack patterns. In contrast, AI-based intrusion detection techniques employ data-driven models to analyze network traffic behavior, offering improved adaptability at the cost of increased computational complexity and reduced ex-plainability. This thesis presents a comparative evaluation of traditional and AI-based intrusion detection approaches using a controlled and uniform experi-mental framework. A signature-based IDS (Snort) and an AI-based IDS utilizing a random forest algorithm were implemented and evaluated on the CICIDS2017 benchmark da-taset. Both approaches were assessed using identical traffic data, consistent preprocessing, and standardized evaluation metrics, including accuracy, preci-sion, recall, F1-score, and false alarm rate. The results indicate that the traditional IDS achieves high precision and low false-positive rates, while the AI-based IDS demonstrates higher recall and im-proved detection coverage. However, neither approach consistently outperforms the other across all evaluation criteria. The findings highlight complementary strengths and limitations, supporting the conclusion that a hybrid intrusion detec-tion approach combining signature-based and AI-based techniques offers a more practical and effective solution for real-world network security environments.