Intrusion detection systems (IDS) play an important role as a frontline defense in the ongoing effort to secure our networks. But how can we be sure they are effective? It all comes down to the data they were tested on. The review takes a close look at the research landscape by breaking down studies based on five of the most widely used datasets: NSL‐KDD, CIC‐DDoS2019, UNSW‐NB15, BoT‐IoT, and CICIoT2023. For each one, we started by ranking the most influential studies and then explored all the different algorithms they applied. We sorted these methods into four main buckets: (1) traditional machine learning (ML), (2) deep learning (DL) architectures, (3) ensemble and hybrid models, and (4) techniques for optimization and feature selection. Comparing these strategies across the board revealed some key trade‐offs. While classic ML methods are still strong contenders for their efficiency, DL models are hands‐down better at detecting complex attack patterns. This is especially true when they are paired with ensemble learning or smart feature selection. Still, there are some persistent hurdles. Researchers are still grappling with imbalanced datasets, high computational costs, and the challenge of getting models to recognize completely new types of attacks. In the end, this paper lays out the current trends and shines a light on the research gaps that still need attention. We hope to offer a roadmap for developing the next generation of IDS, ones that can truly hold up in the diverse and constantly evolving networks of today.
Shenbary et al. (Thu,) studied this question.