International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 12 Issue: 05 | May 2025
p-ISSN: 2395-0072
www.irjet.net
A REVIEW OF MACHINE LEARNING VS. SIGNATURE-BASED CYBERSECURITY TOOLS: A COMPARATIVE ASSESSMENT OF DARKTRACE AND SNORT FOR NETWORK INTRUSION DETECTION Tarannum Bano1, Deepshikha2 1Master of Technology, Computer Science and Engineering, Lucknow Institute of
Technology, Lucknow, India
2Assistant Professor, Department of Computer Science and Engineering, Lucknow Institute of Technology,
Lucknow, India ---------------------------------------------------------------------***--------------------------------------------------------------------1. INTRODUCTION Abstract - There is need for strong to protect the computer infrastructure. Network Intrusion Detection Systems (NIDS) because of the ever increasing complexity in the cyber attacks. The review article has performed a comparative analysis of two ruling paradigms in intrusion detection domain machine based learning-based (ML)based tools such as Dark Trace and traditional signature based systems such as Snort. The research is important since it highlights prominence of significant trade-offs associated with these approaches by detailing them on the basis of their detection capabilities, adaptability, operational performance and economic benefits. On the other hand, signature-based solutions such as Snort are extremely accurate in the case of known problems and have very low overhead in a processing operation, but the manual updating nature of such a system renders networks vulnerable to attacking as they come. On the other hand, solutions in ML such as Darktrace add more wiggle room in dealing with zero day exploits using behavioural analysis, albeit the high rate of false positives, high spending on resources and low explainability. The analysis establishes the necessity to apply contextual tools like organisational size, threat landscape, and available resources. Other than that, in the paper, there are listed systemic problems like adversarial attacks, skill gaps and dependency on a data base and it proposes the use of hybrid frameworks that advocate for the best of both worlds. The observations have practical implications for practitioners in the field of Cybersecurity and thus offer guidance to the profession, e.g., are XAI (explainable AI, and the joint, sharing of threat intelligence, to encourage adaptive and visible defenses. This review is also an aspect of an outreach concerning searching for approaches of maximizing NIDS amid the changing cyber threats.
1.1 Background The cyber security landscape is witnessing an alarming pace of transformation because malware authors are constantly making their malware new using sophisticated techniques and exploit towards breaching the network environment, which includes zero day exploits and polymorphic malware. In such an availability-critical environment, Network Intrusion Detection Systems (NIDS) play a major role in securing a given infrastructure by examining network traffic for suspicious activities. Signature based detection tools, such as Snort, have been the dominant tool in this field historically, and it relied upon the known pattern of the attack to detect their presence. Yet, the advent of machine learning (ML) driven paradigms such as solutions like Darktrace have heralded change in the form of an alternative that is dynamic. These ML based systems analyze the behavioral anomalies as opposed to static signatures and hence versatile to new and emerging threats. Such a change points to a deep contradiction in cybersecurity: the opposition between the precision of conventional methods and the agility of current methods which are powered by AI.
1.2 Problem Statement Alas, signature-based tools are very proficient at identifying well-known threats, but their work is purely rule-based, and therefore they are powerless in the face of zero-day and APT’s attacks. Inversely, ML-based systems such as Darktrace are faced with hurdles such as high false positives, computational complex predicaments and the “black box nature” of algorithms. The lack of such allcomprehensive comparative studies even adds another dimension of complexity towards decision making of organizations that wish to adopt or move toward these paradigms. An intensive examination of their strengths, constraints, and operational trade-offs is eminently necessary to guide cybersecurity practices in a variety of organizational context.
Key Words: Network Intrusion Detection Systems (NIDS), Machine Learning, Signature-Based Detection, Darktrace, Snort, Cybersecurity, Zero-Day Attacks, Adaptive Security, Hybrid Frameworks.
© 2025, IRJET
|
Impact Factor value: 8.315
|
ISO 9001:2008 Certified Journal
|
Page 1115