Abstract
Intrusion Detection Systems (IDS) are essential in modern cybersecurity, enabling detection and mitigation of evolving network threats. Traditional IDS methods, like signature-based and anomaly-based detection, frequently struggle to identify novel attack patterns and suffer from high false-positive rates. This research compares machine learning (ML) and deep learning (DL) approaches for IDS across three benchmark datasets: UNSW-NB15, CICIDS2017, and NSL-KDD.
We evaluate four ML classifiers (Random Forest, XGBoost, CatBoost, Gradient Boosting) and five DL models (CNN + GRU, CNN + LSTM, Autoencoder hybrids, Transformer-based architectures), assessing performance based on test accuracy from stratified dataset splits.
Our results indicate that the CNN + GRU model consistently achieves the highest overall performance, balancing accuracy and computational efficiency across all datasets. Transformer-based models obtain superior accuracy on the CICIDS2017 dataset but require significantly higher computational resources. XGBoost remains competitive for lighter, structured datasets, offering practical benefits in resource-constrained environments.