A Comparative Analysis of Deep Learning and Traditional Machine Learning for Real-Time Network Intrusion Detection

With the escalating complexity of cyber threats and the critical need for real-time network intrusion detection and neutralization, this scoping review comprehensively examines ۱۰۰ relevant articles. Our primary objective was to compare the performance of deep learning (DL) and traditional machine learning (ML) models in real-time network intrusion detection, identifying their respective strengths, limitations, and suitability for practical applications. To achieve this, we employed a structured approach to extract key information, including study characteristics, evaluated models, datasets used, reported performance metrics, and comparative outcomes. Findings indicate that established benchmark datasets such as NSL-KDD, UNSW-NB۱۵, and CIC-IDS۲۰۱۷ were most frequently used. DL models, including CNN-BiLSTM and Deep Neural Networks, consistently demonstrated higher detection accuracy, especially for complex and novel threats; however, this enhanced precision often came with greater computational demands and increased latency. In contrast, traditional ML models like Random Forest and Decision Trees showed higher computational efficiency, making them more suitable for resource-constrained or stringent real-time processing environments, albeit sometimes with slightly lower accuracy. This study also highlights a growing interest in ensemble methods and hybrid ML-DL architectures, which aim to balance accuracy with operational efficiency. A significant challenge identified was the inconsistent and often inadequate reporting of detailed real-time performance metrics across studies, hindering robust quantitative comparisons and informed deployment decisions. Ultimately, this research underscores the continued importance of developing adaptive, efficient, and highly accurate intrusion detection mechanisms to effectively counter evolving cyber threats.