Document Type : Original Article
Authors
1
Department of Cyber Security, Faculty of Computer and Information Sciences, Ain Shams University
2
Faculty of Computer and Information Sciences, Ain Shams University, Cairo, Egypt
3
Department of Information Systems, Faculty of Computer and Information Sciences, Ain Shams University, Cairo, 11566, Egypt
Abstract
The growing complexity and scale of cyberattacks have driven the evolution of Network
Intrusion Detection Systems from traditional signature-based methods to deep learning-driven
approaches capable of detecting novel and adversarial threats. This survey presents a comprehensive analysis of recent advances in flow-based and packet-based NIDS, with a focus on robustness, real-time performance, and adaptability to zero-day and adversarial attacks. State-of-the-art methods have been examined in each category, covering a diverse range of deep learning architectures including Convolutional Neural Networks (CNNs), Long Short-Term Memory (LSTMs), transformers, federated learning frameworks, and adversarial training techniques. The surveyed works are evaluated based on data modality, learning paradigm, deployment setting, detection capability, and resilience against evolving threats. Through structured taxonomy and comparative analysis, Key strengths, limitations, and performance trade-offs between flow-level and packet-level systems have been highlighted. Finally, open research challenges have been identified such as data heterogeneity, explainability, and adversarial robustness, and propose future directions for building adaptive and trustworthy intrusion detection systems suitable for real-world deployment.
Keywords
)
View on SCiNiTO