A Comparative Study of AI Models in Open Source IDS IPS

Abstract

The rapid advancement of information technology, along with the continuous growth in the volume and diversity of network traffic, has led to a sharp increase in the number of cyber attackers, making the implementation of in-trusion detection and intrusion prevention systems (IDS/IPS) essential for both public and private sector organizations. However, budget limitations often present a significant obstacle, rendering commercial IDS/IPS solutions inaccessible for many organizations. In response to this issue, this study undertakes a comparative analysis of two open-source systems, namely Snort and Suricata. This research seeks to evaluate their effectiveness in real-world scenarios and provide insights into optimal system configuration. The comparative results are intended to inform system selection decisions and guide practical implementation strategies. Moreover, the research integrates the use of artificial intelligence (AI)-based models to analyze log files generated during system testing. This approach demonstrates significant advantages, including reduced analysis time and improved operational efficiency. This study is expected to provide network security professionals and academic researchers with practical value, empirical evidence, and a solid technical foundation, thereby contributing to the advancement of cybersecurity.